public ViewResult Change(string sectionId, string pageId, string userName, PermissionType permission, bool overwrite = false)
{
CmsUser currentUser = SecurityHelper.CurrentCmsUser(db);
if (currentUser.RoleId < RoleType.Super)
{
throw new Exception("Access Denided.");
}
//user
if (string.IsNullOrEmpty(userName))
{
ViewBag.Message = "User Name is Required";
return(View("error"));
}
userName = userName.ToLower();
CmsUser user = db.Set <CmsUser>().SingleOrDefault(e => e.AdName == userName);
if (user == null && permission != PermissionType.Denied)
{
//new user
user = new CmsUser();
user.AdName = userName;
user.UserName = HtmlHelpers.FormatName(null, userName).ToString();
user.RoleId = RoleType.Normal;
db.Set <CmsUser>().Add(user);
db.SaveChanges();
}
else if (user != null)
{
if (permission == PermissionType.Denied)
{
//remove users
ClearPermissions(user);
db.Set <CmsUser>().Remove(user);
db.SaveChanges();
}
else
{
if (string.IsNullOrEmpty(pageId))
{
//navi
int sid = Convert.ToInt32(sectionId);
//handle overwrite
NaviNode currentNode = db.Set <NaviNode>().Single(e => e.Id == sid);
if (overwrite == true)
{
ClearPermissions(user);
}
NaviPermission np = db.Set <NaviPermission>().SingleOrDefault(e => e.Section.Id == sid && e.User.Id == user.Id);
//new navi permission
if (np == null)
{
np = new NaviPermission();
np.User = user;
np.AccessMode = permission;
np.Section = db.Set <NaviNode>().Single(e => e.Id == sid);
db.Set <NaviPermission>().Add(np);
}
//modify
else if (np != null)
{
if (permission != np.AccessMode)
{
np.AccessMode = permission;
((DbContext)db).Entry(np).State = EntityState.Modified;
}
}
db.SaveChanges();
}
else
{
//page
int pid = Convert.ToInt32(pageId);
PagePermission pp = db.Set <PagePermission>().SingleOrDefault(e => e.Page.Id == pid && e.User.Id == user.Id);
//new page permission
if (pp == null)
{
pp = new PagePermission();
pp.User = user;
pp.AccessMode = permission;
pp.Page = db.Set <CmsPage>().Single(e => e.Id == pid);
db.Set <PagePermission>().Add(pp);
}
//modify
else if (pp != null)
{
if (permission != pp.AccessMode)
{
pp.AccessMode = permission;
((DbContext)db).Entry(pp).State = EntityState.Modified;
}
}
db.SaveChanges();
}
}
}
ViewBag.RoleId = SecurityHelper.CurrentCmsUserRole(db);
return(View("PermissionGranted"));
}
