Assistant of doctor can query/modify children assigned to said doctor

CoviDok/BLL/User/Handlers/IChildHandler.cs

@@ -14,5 +14,6 @@ namespace CoviDok.BLL.User.Managers
         public Task UpdateChild(int id, Child newData);
         public Task<int> AddChild(Child newChild);
         public List<Child> GetChildren(int parentId);
+        public bool IsAuthorized(Session s, Child c);
     }
 }

CoviDok/BLL/User/Managers/ChildManager.cs

@@ -18,7 +18,7 @@ namespace CoviDok.Data.MySQL
         {
             Child child = await handler.GetChild(id);
             if (child == null) throw new KeyNotFoundException();
-            if (child.DoctorId == s.Id || child.ParentId == s.Id)
+            if (handler.IsAuthorized(s, child))
             {
                 return child.ToPublic();
             }
@@ -43,7 +43,7 @@ namespace CoviDok.Data.MySQL
 
             Child child = await handler.GetChild(id);
             if (child == null) throw new KeyNotFoundException();
-            if (child.ParentId == s.Id || child.DoctorId == s.Id)
+            if (handler.IsAuthorized(s, child))
             {
                 child.UpdateSelf(newData);
                 await handler.UpdateChild(id, child);

CoviDok/Data/MySQL/MySqlChildHandler.cs

@@ -1,4 +1,5 @@
 using CoviDok.BLL;
+using CoviDok.BLL.Sessions;
 using CoviDok.BLL.User.Managers;
 using CoviDok.Data.Model;
 using System;
@@ -35,5 +36,14 @@ namespace CoviDok.Data.MySQL
             PropertyCopier<Child>.Copy(newData, child);
             await context.SaveChangesAsync();
         }
+
+        public bool IsAuthorized(Session s, Child c)
+        {
+            if (s.Id == c.DoctorId || s.Id == c.ParentId) return true;
+            // Ha van olyan Asszisztens, akinek;
+            //     - a dokija egyezik az ügy dokijával
+            //     - azonosítója a bejelentezett user azonosítója
+            return (context.Assistants.Any(a => a.Id == s.Id && a.DoctorId == c.DoctorId));
+        }
     }
 }