/// <summary>
/// Creates a new Role.
/// </summary>
public async Task <Role> AddRole(Role role)
{
//validate permissions and remove them from the domain model and add them explicitly
var allowPermissionsToAdd = role.Permissions.Distinct().ToList();
var denyPermissionsToAdd = role.DeniedPermissions.Distinct().ToList();
role.Permissions = new List <Permission>();
role.DeniedPermissions = new List <Permission>();
try
{
var allowPermissions = await ValidatePermissionList(allowPermissionsToAdd.Select(p => p.Id), role.Name,
role.Grain, role.SecurableItem, Enumerable.Empty <Permission>());
var denyPermissions = await ValidatePermissionList(denyPermissionsToAdd.Select(p => p.Id), role.Name,
role.Grain, role.SecurableItem, Enumerable.Empty <Permission>());
var newRole = await _roleStore.Add(role);
await _roleStore.AddPermissionsToRole(newRole, allowPermissions, denyPermissions);
return(newRole);
}
catch (AlreadyExistsException <Permission> e)
{
throw new BadRequestException <Permission>(e.Message);
}
catch (IncompatiblePermissionException e)
{
throw new BadRequestException <Permission>(e.Message);
}
}
