isEnrollmentAuthorizedForOperation method

Future<bool> isEnrollmentAuthorizedForOperation(String key, VerbBuilder verbBuilder)

Implementation

Future<bool> isEnrollmentAuthorizedForOperation(
    String key, VerbBuilder verbBuilder) async {
  // Do whatever you want with "local" keys
  if (key.startsWith('local:')) {
    return true;
  }
  // if there is no enrollment, return true
  enrollment ??= await _getEnrollmentDetails();
  if (_atClient.enrollmentId == null ||
      enrollment == null ||
      _shouldSkipKeyFromEnrollmentAuthorization(key)) {
    _logger.finest('Skipping enrollment authorization check for key: $key');
    return true;
  }
  final enrollNamespaces = enrollment!.namespace;
  var keyNamespace = AtKey.fromString(key).namespace;
  _logger.finest(
      'Checking for enrollment authorization for key: $key with enrollmentId : ${_atClient.enrollmentId} for namespace: $keyNamespace');
  // * denotes access to all namespaces.
  final access = enrollNamespaces!.containsKey('*')
      ? enrollNamespaces['*']
      : enrollNamespaces[keyNamespace];

  if (access == null) {
    _logger.finer(
        'Access permissions not found for the enrollment id: ${_atClient.enrollmentId}. Not authorized for the operation');
    return false;
  }
  if (keyNamespace == null && enrollNamespaces.containsKey('*')) {
    _logger.finer(
        'Access permissions for the the enrollment id: ${_atClient.enrollmentId} : $access for namespace: $keyNamespace');
    if (_isReadAllowed(verbBuilder, access) ||
        _isWriteAllowed(verbBuilder, access)) {
      _logger.finest(
          'Enrollment id: ${_atClient.enrollmentId} : $access for namespace: $keyNamespace is authorized to perform operation');
      return true;
    }
    _logger.finest(
        'Enrollment id: ${_atClient.enrollmentId} : $access for namespace: $keyNamespace is not authorized to perform operation');
    return false;
  }
  return _isReadAllowed(verbBuilder, access) ||
      _isWriteAllowed(verbBuilder, access);
}