feat: add MemberId to the query

ksavosteev · ksavosteev · commit a0696f0057da · 2026-03-11T15:02:38.000+02:00
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Authorization/ProfileAuthorizationHandler.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Authorization/ProfileAuthorizationHandler.cs
@@ -12,6 +12,7 @@
 using VirtoCommerce.ProfileExperienceApiModule.Data.Aggregates.Organization;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Aggregates.Vendor;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Commands;
+using VirtoCommerce.ProfileExperienceApiModule.Data.Queries;
 
 namespace VirtoCommerce.ProfileExperienceApiModule.Data.Authorization
 {
@@ -96,21 +97,12 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
                     }
                     result = allowDelete;
                     break;
+                case MemberAddressesQuery addressesQuery when currentContact != null:
+                    result = addressesQuery.MemberId == currentContact.Id; // if member is not set the query handler will work with the currentContact
+                    result = result || await HasSameOrganizationOrCurrentMemberAsync(addressesQuery.MemberId, userManager, currentMember, currentContact);
+                    break;
                 case MemberCommand memberCommand:
-                    result = memberCommand.MemberId == currentMember?.Id;
-                    if (!result && currentContact != null)
-                    {
-                        var memberId = memberCommand.MemberId;
-                        var member = await _memberService.GetByIdAsync(memberId);
-                        if (member.MemberType.EqualsIgnoreCase("Organization") && currentContact.Organizations.Any(x => x.EqualsIgnoreCase(member.Id)))
-                        {
-                            result = true;
-                        }
-                        else
-                        {
-                            result = await HasSameOrganizationAsync(currentContact, memberId, userManager);
-                        }
-                    }
+                    result = await HasSameOrganizationOrCurrentMemberAsync(memberCommand.MemberId, userManager, currentMember, currentContact);
                     break;
                 case UpdateContactCommand updateContactCommand when currentContact != null:
                     result = updateContactCommand.Id == currentContact.Id;
@@ -189,6 +181,25 @@ private static string GetCurrentUserId(AuthorizationHandlerContext context)
             return context.User.GetUserId();
         }
 
+        private async Task<bool> HasSameOrganizationOrCurrentMemberAsync(string memberId, UserManager<ApplicationUser> userManager, Member currentMember, Contact currentContact)
+        {
+            var result = memberId == currentMember?.Id;
+            if (!result && currentContact != null)
+            {
+                var member = await _memberService.GetByIdAsync(memberId);
+                if (member.MemberType.EqualsIgnoreCase("Organization") && currentContact.Organizations.Any(x => x.EqualsIgnoreCase(member.Id)))
+                {
+                    result = true;
+                }
+                else
+                {
+                    result = await HasSameOrganizationAsync(currentContact, memberId, userManager);
+                }
+            }
+
+            return result;
+        }
+
         private async Task<bool> HasSameOrganizationAsync(Contact currentContact, string contactId, UserManager<ApplicationUser> userManager)
         {
             if (currentContact is null)
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQuery.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQuery.cs
@@ -11,6 +11,8 @@ public class MemberAddressesQuery : SearchQuery<MemberAddressSearchResult>
 {
     public string UserId { get; set; }
 
+    public string MemberId { get; set; }
+
     public IList<string> CountryCodes { get; set; }
 
     public IList<string> RegionIds { get; set; }
@@ -25,6 +27,7 @@ public override IEnumerable<QueryArgument> GetArguments()
             yield return argument;
         }
 
+        yield return Argument<StringGraphType>(nameof(MemberId));
         yield return Argument<ListGraphType<StringGraphType>>(nameof(CountryCodes));
         yield return Argument<ListGraphType<StringGraphType>>(nameof(RegionIds));
         yield return Argument<ListGraphType<StringGraphType>>(nameof(Cities));
@@ -36,6 +39,7 @@ public override void Map(IResolveFieldContext context)
 
         UserId = context.GetCurrentUserId();
 
+        MemberId = context.GetArgument<string>(nameof(MemberId));
         CountryCodes = context.GetArgument<List<string>>(nameof(CountryCodes));
         RegionIds = context.GetArgument<List<string>>(nameof(RegionIds));
         Cities = context.GetArgument<List<string>>(nameof(Cities));
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs
@@ -1,7 +1,10 @@
+using System.Threading.Tasks;
+using GraphQL;
 using MediatR;
 using Microsoft.AspNetCore.Authorization;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Models;
 using VirtoCommerce.ProfileExperienceApiModule.Data.Schemas;
+using VirtoCommerce.ProfileExperienceApiModule.Data.Services;
 using VirtoCommerce.Xapi.Core.BaseQueries;
 
 namespace VirtoCommerce.ProfileExperienceApiModule.Data.Queries;
@@ -10,8 +13,17 @@ public class MemberAddressesQueryBuilder : SearchQueryBuilder<MemberAddressesQue
 {
     protected override string Name => "memberAddresses";
 
-    public MemberAddressesQueryBuilder(IMediator mediator, IAuthorizationService authorizationService)
+    private readonly IProfileAuthorizationService _profileAuthorizationService;
+
+    public MemberAddressesQueryBuilder(IMediator mediator, IAuthorizationService authorizationService, IProfileAuthorizationService profileAuthorizationService)
         : base(mediator, authorizationService)
     {
+        _profileAuthorizationService = profileAuthorizationService;
+    }
+
+    protected override async Task BeforeMediatorSend(IResolveFieldContext<object> context, MemberAddressesQuery request)
+    {
+        await base.BeforeMediatorSend(context, request);
+        await _profileAuthorizationService.CheckAuthAsync(context, request);
     }
 }
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryHandler.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryHandler.cs
@@ -25,12 +25,18 @@ public async Task<MemberAddressSearchResult> Handle(MemberAddressesQuery request
     {
         var result = new MemberAddressSearchResult();
 
-        using var userManager = _userManagerFactory();
-        var user = await userManager.FindByIdAsync(request.UserId);
+        var memberId = request.MemberId;
 
-        if (user != null && !user.MemberId.IsNullOrEmpty())
+        if (memberId.IsNullOrEmpty())
         {
-            var criteria = GetAddressSearchCriteria(request, user.MemberId);
+            using var userManager = _userManagerFactory();
+            var user = await userManager.FindByIdAsync(request.UserId);
+            memberId = user?.MemberId;
+        }
+
+        if (!memberId.IsNullOrEmpty())
+        {
+            var criteria = GetAddressSearchCriteria(request, memberId);
             result = await _memberAddressService.SearchMemberAddressesAsync(criteria);
         }
 
