Table of Contents

Class ResourceAuthorizationBehavior<TMessage, TResource, TResponse>

Namespace
Trellis.Mediator
Assembly
Trellis.Mediator.dll

Pipeline behavior that loads a resource and performs resource-based authorization before the handler runs. Registered as scoped so the injected IServiceProvider is the request-scoped provider, allowing correct resolution of scoped dependencies.

public sealed class ResourceAuthorizationBehavior<TMessage, TResource, TResponse> : IPipelineBehavior<TMessage, TResponse> where TMessage : IAuthorizeResource<TResource>, IMessage where TResponse : IResult, IFailureFactory<TResponse>

Type Parameters

TMessage

The message type, constrained to IAuthorizeResource<TResource>.

TResource

The resource type loaded for authorization.

TResponse

The response type, constrained to IResult and IFailureFactory<TSelf>.

Inheritance
ResourceAuthorizationBehavior<TMessage, TResource, TResponse>
Implements
IPipelineBehavior<TMessage, TResponse>
Inherited Members
Extension Methods

Remarks

This behavior cannot be registered as an open generic because it has 3 type parameters while Mediator.IPipelineBehavior<TMessage, TResponse> has 2. Register per-command via AddResourceAuthorization<TMessage, TResource, TResponse>(IServiceCollection).

The behavior is registered as scoped (not singleton) because it resolves IResourceLoader<TMessage, TResource> from the injected IServiceProvider. A singleton would receive the root provider, causing InvalidOperationException when ASP.NET Core's scope validation is enabled (default in Development).

Pipeline execution order for a command implementing both IAuthorize and IAuthorizeResource<TResource>:

  1. AuthorizationBehavior — checks static permissions
  2. ResourceAuthorizationBehavior — loads resource, checks ownership
  3. ValidationBehavior — validates command properties
  4. Handler — pure business logic

Constructors

ResourceAuthorizationBehavior(IActorProvider, IServiceProvider)

Pipeline behavior that loads a resource and performs resource-based authorization before the handler runs. Registered as scoped so the injected IServiceProvider is the request-scoped provider, allowing correct resolution of scoped dependencies.

public ResourceAuthorizationBehavior(IActorProvider actorProvider, IServiceProvider serviceProvider)

Parameters

actorProvider IActorProvider
serviceProvider IServiceProvider

Remarks

This behavior cannot be registered as an open generic because it has 3 type parameters while Mediator.IPipelineBehavior<TMessage, TResponse> has 2. Register per-command via AddResourceAuthorization<TMessage, TResource, TResponse>(IServiceCollection).

The behavior is registered as scoped (not singleton) because it resolves IResourceLoader<TMessage, TResource> from the injected IServiceProvider. A singleton would receive the root provider, causing InvalidOperationException when ASP.NET Core's scope validation is enabled (default in Development).

Pipeline execution order for a command implementing both IAuthorize and IAuthorizeResource<TResource>:

  1. AuthorizationBehavior — checks static permissions
  2. ResourceAuthorizationBehavior — loads resource, checks ownership
  3. ValidationBehavior — validates command properties
  4. Handler — pure business logic

Methods

Handle(TMessage, MessageHandlerDelegate<TMessage, TResponse>, CancellationToken) 

public ValueTask<TResponse> Handle(TMessage message, MessageHandlerDelegate<TMessage, TResponse> next, CancellationToken cancellationToken)

Parameters

message TMessage
next MessageHandlerDelegate<TMessage, TResponse>
cancellationToken CancellationToken

Returns

ValueTask<TResponse>
Edit this page