/** * From the point of view of the UI there are three hierarchical levels: Admin, Association Manager, and Read-only. * * This is implemented by use of roles on Asp.Net Core's. However, roles on Asp.Net are not hierarchical. * * Hierarchy is achieved by adding to an account all roles which are equal or less priviledged than its UI role. * * For example: if an account is set to bui an admin by the UI, this account shall have the roles: admin, manager, and read only. */ private static YearApPermissionLevels[] GetAspNetRolesForUiRole(YearApPermissionLevels permission) { switch (permission) { case YearApPermissionLevels.Admin: return(new YearApPermissionLevels[] { YearApPermissionLevels.Admin, YearApPermissionLevels.Editor, YearApPermissionLevels.ReadOnly }); case YearApPermissionLevels.Editor: return(new YearApPermissionLevels[] { YearApPermissionLevels.Editor, YearApPermissionLevels.ReadOnly }); case YearApPermissionLevels.ReadOnly: return(new YearApPermissionLevels[] { YearApPermissionLevels.ReadOnly }); default: throw new ArgumentException($"Invalid permission {permission}"); } }
private bool AddAspNetRoleToUser(YearApPermissionLevels role, ApplicationUser user) { var roleName = role.ToString(); if (_userManager.IsInRoleAsync(user, roleName).Result) { _logger.LogWarning("User already in role {}", roleName); return(false); } return(_userManager.AddToRoleAsync(user, roleName).Result.Succeeded); }
private bool CreateRole(YearApPermissionLevels role) { var roleName = role.ToString(); if (_roleManager.RoleExistsAsync(roleName).Result) { _logger.LogWarning("Role {} already exists", roleName); return(false); } return(_roleManager.CreateAsync(new IdentityRole(roleName)).Result.Succeeded); }
private void ThereIsUserWithRole(string userEmail, YearApPermissionLevels role) { using (var scope = WebHost.Services.CreateScope()) { var services = scope.ServiceProvider; manager = services.GetService <IAccountManagementService>(); manager.CreateUser(userEmail); var accountInfo = manager.GetAccountInfoByEmail(userEmail); manager.SetUserRole(userEmail, new SingleAccountEdit() { Permission = role, VersionStamp = accountInfo.LastUpdate }); } }
private bool RemoveRoleFromUser(YearApPermissionLevels role, ApplicationUser user) { var roleName = role.ToString(); if (!_userManager.IsInRoleAsync(user, roleName).Result) { _logger.LogWarning("User not in role {}", roleName); return(false); } if (role == YearApPermissionLevels.Admin) { if (_userManager.GetUsersInRoleAsync(role.ToString()).Result.Count() == 1) { throw new InvalidOperationException("There must be at least one admin user!"); } } return(_userManager.RemoveFromRoleAsync(user, roleName).Result.Succeeded); }