Add Admin roles

2025-08-16 06:06:02 +07:00
parent 7923b38a26
commit 4ff2ccdae3
7 changed files with 332 additions and 3 deletions
--- a/src/Managing.Api/Controllers/BotController.cs
+++ b/src/Managing.Api/Controllers/BotController.cs
@@ -4,6 +4,7 @@ using Managing.Application.Abstractions;
 using Managing.Application.Abstractions.Services;
 using Managing.Application.Hubs;
 using Managing.Application.ManageBot.Commands;
+using Managing.Application.Shared;
 using Managing.Common;
 using Managing.Core;
 using Managing.Domain.Accounts;
@@ -40,6 +41,7 @@ public class BotController : BaseController
    private readonly IAccountService _accountService;
    private readonly IMoneyManagementService _moneyManagementService;
    private readonly IServiceScopeFactory _scopeFactory;
+    private readonly IAdminConfigurationService _adminService;

    /// <summary>
    /// Initializes a new instance of the <see cref="BotController"/> class.
@@ -56,7 +58,7 @@ public class BotController : BaseController
    public BotController(ILogger<BotController> logger, IMediator mediator, IHubContext<BotHub> hubContext,
        IBacktester backtester, IBotService botService, IUserService userService,
        IAccountService accountService, IMoneyManagementService moneyManagementService,
-        IServiceScopeFactory scopeFactory) : base(userService)
+        IServiceScopeFactory scopeFactory, IAdminConfigurationService adminService) : base(userService)
    {
        _logger = logger;
        _mediator = mediator;
@@ -66,6 +68,7 @@ public class BotController : BaseController
        _accountService = accountService;
        _moneyManagementService = moneyManagementService;
        _scopeFactory = scopeFactory;
+        _adminService = adminService;
    }

    /// <summary>
@@ -73,7 +76,7 @@ public class BotController : BaseController
    /// </summary>
    /// <param name="identifier">The identifier of the bot to check</param>
    /// <param name="accountName">Optional account name to check when creating a new bot</param>
-    /// <returns>True if the user owns the account, False otherwise</returns>
+    /// <returns>True if the user owns the account or is admin, False otherwise</returns>
    private async Task<bool> UserOwnsBotAccount(Guid identifier, string accountName = null)
    {
        try
@@ -82,6 +85,9 @@ public class BotController : BaseController
            if (user == null)
                return false;

+            // Admin users can access all bots
+            if (_adminService.IsUserAdmin(user.Name))
+                return true;

            if (identifier != default)
            {
--- a/src/Managing.Api/Controllers/TradingController.cs
+++ b/src/Managing.Api/Controllers/TradingController.cs
@@ -1,5 +1,6 @@
 using Managing.Application.Abstractions;
 using Managing.Application.Abstractions.Services;
+using Managing.Application.Shared;
 using Managing.Application.Trading.Commands;
 using Managing.Domain.MoneyManagements;
 using Managing.Domain.Trades;
@@ -26,6 +27,8 @@ public class TradingController : BaseController
    private readonly IMoneyManagementService _moneyManagementService;
    private readonly IMediator _mediator;
    private readonly ILogger<TradingController> _logger;
+    private readonly IAdminConfigurationService _adminService;
+    private readonly IAccountService _accountService;

    /// <summary>
    /// Initializes a new instance of the <see cref="TradingController"/> class.
@@ -35,13 +38,16 @@ public class TradingController : BaseController
    /// <param name="closeTradeCommandHandler">Command handler for closing trades.</param>
    /// <param name="tradingService">Service for trading operations.</param>
    /// <param name="mediator">Mediator for handling commands and requests.</param>
+    /// <param name="adminService">Service for checking admin privileges.</param>
+    /// <param name="accountService">Service for account operations.</param>
    public TradingController(
        ILogger<TradingController> logger,
        ICommandHandler<OpenPositionRequest, Position> openTradeCommandHandler,
        ICommandHandler<ClosePositionCommand, Position> closeTradeCommandHandler,
        ITradingService tradingService,
        IMediator mediator, IMoneyManagementService moneyManagementService,
-        IUserService userService) : base(userService)
+        IUserService userService, IAdminConfigurationService adminService,
+        IAccountService accountService) : base(userService)
    {
        _logger = logger;
        _openTradeCommandHandler = openTradeCommandHandler;
@@ -49,6 +55,8 @@ public class TradingController : BaseController
        _tradingService = tradingService;
        _mediator = mediator;
        _moneyManagementService = moneyManagementService;
+        _adminService = adminService;
+        _accountService = accountService;
    }


@@ -149,6 +157,7 @@ public class TradingController : BaseController

    /// <summary>
    /// Initializes a Privy wallet address for the user.
+    /// Only admins can initialize any address, regular users can only initialize their own addresses.
    /// </summary>
    /// <param name="publicAddress">The public address of the Privy wallet to initialize.</param>
    /// <returns>The initialization response containing success status and transaction hashes.</returns>
@@ -162,6 +171,18 @@ public class TradingController : BaseController

        try
        {
+            var user = await GetUser();
+            if (user == null)
+            {
+                return Unauthorized("User not found");
+            }
+
+            // Check if user has permission to initialize this address
+            if (!await CanUserInitializeAddress(user.Name, publicAddress))
+            {
+                return Forbid("You don't have permission to initialize this wallet address. You can only initialize your own wallet addresses.");
+            }
+
            var result = await _tradingService.InitPrivyWallet(publicAddress);
            return Ok(result);
        }
@@ -175,4 +196,42 @@ public class TradingController : BaseController
            });
        }
    }
+
+    /// <summary>
+    /// Checks if the user can initialize the given public address.
+    /// Admins can initialize any address, regular users can only initialize their own addresses.
+    /// </summary>
+    /// <param name="userName">The username to check</param>
+    /// <param name="publicAddress">The public address to initialize</param>
+    /// <returns>True if the user can initialize the address, false otherwise</returns>
+    private async Task<bool> CanUserInitializeAddress(string userName, string publicAddress)
+    {
+        // Admin users can initialize any address
+        if (_adminService.IsUserAdmin(userName))
+        {
+            _logger.LogInformation("Admin user {UserName} initializing address {Address}", userName, publicAddress);
+            return true;
+        }
+
+        try
+        {
+            // Regular users can only initialize their own addresses
+            // Check if the address belongs to one of the user's accounts
+            var account = await _accountService.GetAccountByKey(publicAddress, true, false);
+            
+            if (account?.User?.Name == userName)
+            {
+                _logger.LogInformation("User {UserName} initializing their own address {Address}", userName, publicAddress);
+                return true;
+            }
+            
+            _logger.LogWarning("User {UserName} attempted to initialize address {Address} that doesn't belong to them", userName, publicAddress);
+            return false;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogWarning(ex, "Unable to verify ownership of address {Address} for user {UserName}", publicAddress, userName);
+            return false;
+        }
+    }
 }