Interface IAuthorizeResource<TResource>
- Namespace
- Trellis.Authorization
- Assembly
- Trellis.Authorization.dll
Declares resource-based authorization that requires a loaded resource. Implemented by the command/query. The pipeline loads the resource via IResourceLoader<TMessage, TResource> and passes it to this method.
public interface IAuthorizeResource<in TResource>
Type Parameters
TResourceThe type of the resource that must be loaded before authorization can be evaluated.
- Extension Methods
Examples
public sealed record CancelOrderCommand(OrderId Id) : IAuthorizeResource<Order>
{
public IResult Authorize(Actor actor, Order resource) =>
Result.Ensure(
resource.OwnerId == actor.UserId,
new Error.Forbidden("order_not_owned"));
}
Remarks
This interface receives the loaded resource — enabling ownership checks, tenant isolation, and other data-dependent authorization rules.
The resource is loaded by an IResourceLoader<TMessage, TResource> registered in DI. If loading fails (e.g., resource not found), the pipeline short-circuits with the loader's error before Authorize(Actor, TResource) is called.
Use Ensure(bool, Error) as the canonical guard inside Authorize(Actor, TResource)
rather than hand-written if/return blocks or ad-hoc ternaries — Ensure participates
in tracing and reads as a single declarative line.
Methods
Authorize(Actor, TResource)
Determines whether the actor is authorized to perform this operation against the given resource.
IResult Authorize(Actor actor, TResource resource)
Parameters
actorActorThe current authenticated actor.
resourceTResourceThe loaded resource to authorize against.
Returns
- IResult
A success result to proceed, or a failure result (typically Error.Forbidden) to short-circuit the pipeline.