(#342) oranizations: create suborganization add permissions check

SaintAngeLs · Aug 3, 2024 · a95f1ac · a95f1ac
1 parent 46414c5
commit a95f1ac
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/...ace.Services.Organizations.Application/Commands/Handlers/CreateOrganizationRoleHandler.cs b/...ace.Services.Organizations.Application/Commands/Handlers/CreateOrganizationRoleHandler.cs
@@ -42,10 +42,8 @@ public async Task HandleAsync(CreateOrganizationRole command, CancellationToken
                 throw new UnauthorizedAccessException("User is not a member of the organization.");
             }
 
-            // Retrieve the user's role with permissions from the roles repository
             var role = await _organizationRolesRepository.GetRoleByNameAsync(organization.Id, user.Role.Name);
 
-            // Check if the role has the necessary permission to create roles
             if (role == null || !(role.Permissions.ContainsKey(Permission.EditPermissions) && role.Permissions[Permission.EditPermissions])
                             && !(role.Permissions.ContainsKey(Permission.AssignRoles) && role.Permissions[Permission.AssignRoles]))
             {
@@ -68,7 +66,6 @@ public async Task HandleAsync(CreateOrganizationRole command, CancellationToken
             var newRole = new Role(command.RoleName, "Default role description", permissions);
             organization.AddRole(newRole);
 
-            // Corrected the method call by passing both organizationId and role
             await _organizationRolesRepository.AddRoleAsync(command.OrganizationId, newRole);
             await _organizationRepository.UpdateAsync(organization);
         }

diff --git a/...pace.Services.Organizations.Application/Commands/Handlers/CreateSubOrganizationHandler.cs b/...pace.Services.Organizations.Application/Commands/Handlers/CreateSubOrganizationHandler.cs
@@ -13,12 +13,18 @@ namespace MiniSpace.Services.Organizations.Application.Commands.Handlers
     public class CreateSubOrganizationHandler : ICommandHandler<CreateSubOrganization>
     {
         private readonly IOrganizationRepository _organizationRepository;
+        private readonly IOrganizationRolesRepository _organizationRolesRepository;
         private readonly IAppContext _appContext;
         private readonly IMessageBroker _messageBroker;
 
-        public CreateSubOrganizationHandler(IOrganizationRepository organizationRepository, IAppContext appContext, IMessageBroker messageBroker)
+        public CreateSubOrganizationHandler(
+            IOrganizationRepository organizationRepository, 
+            IOrganizationRolesRepository organizationRolesRepository,
+            IAppContext appContext, 
+            IMessageBroker messageBroker)
         {
             _organizationRepository = organizationRepository;
+            _organizationRolesRepository = organizationRolesRepository;
             _appContext = appContext;
             _messageBroker = messageBroker;
         }
@@ -43,6 +49,19 @@ public async Task HandleAsync(CreateSubOrganization command, CancellationToken c
                 throw new ParentOrganizationNotFoundException(command.ParentId);
             }
 
+            var user = await _organizationRepository.GetMemberAsync(root.Id, identity.Id);
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException("User is not a member of the organization.");
+            }
+
+            var role = await _organizationRolesRepository.GetRoleByNameAsync(root.Id, user.Role.Name);
+
+            if (role == null || !(role.Permissions.ContainsKey(Permission.CreateSubGroups) && role.Permissions[Permission.CreateSubGroups]))
+            {
+                throw new UnauthorizedAccessException("User does not have permission to create sub-organizations.");
+            }
+
             if (string.IsNullOrWhiteSpace(command.Name))
             {
                 throw new InvalidOrganizationNameException(command.Name);