feat: Implement user permission checks and manual payment functionalities

- Added CheckUserPermissionQuery and CheckUserPermissionQueryHandler for permission validation. - Introduced GetUserRolesQuery and GetUserRolesQueryHandler to retrieve user roles. - Created IPermissionService interface and its implementation in PermissionService. - Defined permission and role constants in PermissionDefinitions. - Developed SetDefaultVatPercentageCommand and its handler for VAT configuration. - Implemented GetCurrentVatPercentageQuery and handler to fetch current VAT settings. - Added manual payment commands: CreateManualPayment, ApproveManualPayment, and RejectManualPayment with respective handlers and validators. - Created GetManualPaymentsQuery and handler for retrieving manual payment records. - Integrated gRPC services for manual payments with appropriate permission checks. - Established Protobuf definitions for manual payment operations and metadata.
2025-12-05 17:27:38 +03:30
parent 67b43fea7a
commit 4aa9f28f6e
51 changed files with 1294 additions and 107 deletions
--- a/src/BackOffice.BFF.Infrastructure/Services/PermissionService.cs
+++ b/src/BackOffice.BFF.Infrastructure/Services/PermissionService.cs
@@ -0,0 +1,66 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading;
+using System.Threading.Tasks;
+using BackOffice.BFF.Application.Common.Interfaces;
+using BackOffice.BFF.Application.Common.Models;
+using Microsoft.AspNetCore.Http;
+
+namespace BackOffice.BFF.Infrastructure.Services;
+
+public class PermissionService : IPermissionService
+{
+    private readonly IHttpContextAccessor _httpContextAccessor;
+
+    public PermissionService(IHttpContextAccessor httpContextAccessor)
+    {
+        _httpContextAccessor = httpContextAccessor;
+    }
+
+    public Task<IReadOnlyList<string>> GetUserRolesAsync(CancellationToken cancellationToken)
+    {
+        var httpContext = _httpContextAccessor.HttpContext;
+        var user = httpContext?.User;
+
+        if (user?.Identity is not { IsAuthenticated: true })
+        {
+            return Task.FromResult<IReadOnlyList<string>>(Array.Empty<string>());
+        }
+
+        var roles = user.Claims
+            .Where(c => c.Type == ClaimTypes.Role || string.Equals(c.Type, "role", StringComparison.OrdinalIgnoreCase))
+            .Select(c => c.Value)
+            .Where(v => !string.IsNullOrWhiteSpace(v))
+            .Distinct(StringComparer.OrdinalIgnoreCase)
+            .ToList();
+
+        return Task.FromResult<IReadOnlyList<string>>(roles);
+    }
+
+    public async Task<bool> HasPermissionAsync(string permission, CancellationToken cancellationToken)
+    {
+        if (string.IsNullOrWhiteSpace(permission))
+        {
+            return true;
+        }
+
+        var roles = await GetUserRolesAsync(cancellationToken);
+        if (roles.Count == 0)
+        {
+            return false;
+        }
+
+        foreach (var role in roles)
+        {
+            if (RolePermissionConfig.HasPermission(role, permission))
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}
+