/**
* From the point of view of the UI there are three hierarchical levels: Admin, Association Manager, and Read-only.
*
* This is implemented by use of roles on Asp.Net Core's. However, roles on Asp.Net are not hierarchical.
*
* Hierarchy is achieved by adding to an account all roles which are equal or less priviledged than its UI role.
*
* For example: if an account is set to bui an admin by the UI, this account shall have the roles: admin, manager, and read only.
*/
private static YearApPermissionLevels[] GetAspNetRolesForUiRole(YearApPermissionLevels permission)
{
switch (permission)
{
case YearApPermissionLevels.Admin:
return(new YearApPermissionLevels[] {
YearApPermissionLevels.Admin,
YearApPermissionLevels.Editor,
YearApPermissionLevels.ReadOnly
});
case YearApPermissionLevels.Editor:
return(new YearApPermissionLevels[] {
YearApPermissionLevels.Editor,
YearApPermissionLevels.ReadOnly
});
case YearApPermissionLevels.ReadOnly:
return(new YearApPermissionLevels[] {
YearApPermissionLevels.ReadOnly
});
default:
throw new ArgumentException($"Invalid permission {permission}");
}
}
private bool AddAspNetRoleToUser(YearApPermissionLevels role, ApplicationUser user)
{
var roleName = role.ToString();
if (_userManager.IsInRoleAsync(user, roleName).Result)
{
_logger.LogWarning("User already in role {}", roleName);
return(false);
}
return(_userManager.AddToRoleAsync(user, roleName).Result.Succeeded);
}
private bool CreateRole(YearApPermissionLevels role)
{
var roleName = role.ToString();
if (_roleManager.RoleExistsAsync(roleName).Result)
{
_logger.LogWarning("Role {} already exists", roleName);
return(false);
}
return(_roleManager.CreateAsync(new IdentityRole(roleName)).Result.Succeeded);
}
private void ThereIsUserWithRole(string userEmail, YearApPermissionLevels role)
{
using (var scope = WebHost.Services.CreateScope()) {
var services = scope.ServiceProvider;
manager = services.GetService <IAccountManagementService>();
manager.CreateUser(userEmail);
var accountInfo = manager.GetAccountInfoByEmail(userEmail);
manager.SetUserRole(userEmail, new SingleAccountEdit()
{
Permission = role, VersionStamp = accountInfo.LastUpdate
});
}
}
private bool RemoveRoleFromUser(YearApPermissionLevels role, ApplicationUser user)
{
var roleName = role.ToString();
if (!_userManager.IsInRoleAsync(user, roleName).Result)
{
_logger.LogWarning("User not in role {}", roleName);
return(false);
}
if (role == YearApPermissionLevels.Admin)
{
if (_userManager.GetUsersInRoleAsync(role.ToString()).Result.Count() == 1)
{
throw new InvalidOperationException("There must be at least one admin user!");
}
}
return(_userManager.RemoveFromRoleAsync(user, roleName).Result.Succeeded);
}
