Add Admin roles

2025-08-16 06:06:02 +07:00
parent 7923b38a26
commit 4ff2ccdae3
7 changed files with 332 additions and 3 deletions
--- a/src/Managing.Api/Controllers/TradingController.cs
+++ b/src/Managing.Api/Controllers/TradingController.cs
@@ -1,5 +1,6 @@
 using Managing.Application.Abstractions;
 using Managing.Application.Abstractions.Services;
+using Managing.Application.Shared;
 using Managing.Application.Trading.Commands;
 using Managing.Domain.MoneyManagements;
 using Managing.Domain.Trades;
@@ -26,6 +27,8 @@ public class TradingController : BaseController
    private readonly IMoneyManagementService _moneyManagementService;
    private readonly IMediator _mediator;
    private readonly ILogger<TradingController> _logger;
+    private readonly IAdminConfigurationService _adminService;
+    private readonly IAccountService _accountService;

    /// <summary>
    /// Initializes a new instance of the <see cref="TradingController"/> class.
@@ -35,13 +38,16 @@ public class TradingController : BaseController
    /// <param name="closeTradeCommandHandler">Command handler for closing trades.</param>
    /// <param name="tradingService">Service for trading operations.</param>
    /// <param name="mediator">Mediator for handling commands and requests.</param>
+    /// <param name="adminService">Service for checking admin privileges.</param>
+    /// <param name="accountService">Service for account operations.</param>
    public TradingController(
        ILogger<TradingController> logger,
        ICommandHandler<OpenPositionRequest, Position> openTradeCommandHandler,
        ICommandHandler<ClosePositionCommand, Position> closeTradeCommandHandler,
        ITradingService tradingService,
        IMediator mediator, IMoneyManagementService moneyManagementService,
-        IUserService userService) : base(userService)
+        IUserService userService, IAdminConfigurationService adminService,
+        IAccountService accountService) : base(userService)
    {
        _logger = logger;
        _openTradeCommandHandler = openTradeCommandHandler;
@@ -49,6 +55,8 @@ public class TradingController : BaseController
        _tradingService = tradingService;
        _mediator = mediator;
        _moneyManagementService = moneyManagementService;
+        _adminService = adminService;
+        _accountService = accountService;
    }


@@ -149,6 +157,7 @@ public class TradingController : BaseController

    /// <summary>
    /// Initializes a Privy wallet address for the user.
+    /// Only admins can initialize any address, regular users can only initialize their own addresses.
    /// </summary>
    /// <param name="publicAddress">The public address of the Privy wallet to initialize.</param>
    /// <returns>The initialization response containing success status and transaction hashes.</returns>
@@ -162,6 +171,18 @@ public class TradingController : BaseController

        try
        {
+            var user = await GetUser();
+            if (user == null)
+            {
+                return Unauthorized("User not found");
+            }
+
+            // Check if user has permission to initialize this address
+            if (!await CanUserInitializeAddress(user.Name, publicAddress))
+            {
+                return Forbid("You don't have permission to initialize this wallet address. You can only initialize your own wallet addresses.");
+            }
+
            var result = await _tradingService.InitPrivyWallet(publicAddress);
            return Ok(result);
        }
@@ -175,4 +196,42 @@ public class TradingController : BaseController
            });
        }
    }
+
+    /// <summary>
+    /// Checks if the user can initialize the given public address.
+    /// Admins can initialize any address, regular users can only initialize their own addresses.
+    /// </summary>
+    /// <param name="userName">The username to check</param>
+    /// <param name="publicAddress">The public address to initialize</param>
+    /// <returns>True if the user can initialize the address, false otherwise</returns>
+    private async Task<bool> CanUserInitializeAddress(string userName, string publicAddress)
+    {
+        // Admin users can initialize any address
+        if (_adminService.IsUserAdmin(userName))
+        {
+            _logger.LogInformation("Admin user {UserName} initializing address {Address}", userName, publicAddress);
+            return true;
+        }
+
+        try
+        {
+            // Regular users can only initialize their own addresses
+            // Check if the address belongs to one of the user's accounts
+            var account = await _accountService.GetAccountByKey(publicAddress, true, false);
+            
+            if (account?.User?.Name == userName)
+            {
+                _logger.LogInformation("User {UserName} initializing their own address {Address}", userName, publicAddress);
+                return true;
+            }
+            
+            _logger.LogWarning("User {UserName} attempted to initialize address {Address} that doesn't belong to them", userName, publicAddress);
+            return false;
+        }
+        catch (Exception ex)
+        {
+            _logger.LogWarning(ex, "Unable to verify ownership of address {Address} for user {UserName}", publicAddress, userName);
+            return false;
+        }
+    }
 }