public async Task <ActionResult> PermissionsAdd(SecurityPermissionRoleViewModel model, string roleId)
{
if (ModelState.IsValid)
{
// prevent bypassing security
if (model.RoleId != roleId || model.PoolId != Client.SecurityPoolId)
{
return(BadRequest("Model is invalid for this route"));
}
// checking for null or locked roles
var role = await _roleManager.GetByIdAsync(roleId);
if (role == null)
{
return(BadRequest("Invalid or missing role"));
}
if (role.IsLocked)
{
return(BadRequest("Cannot edit the permissions of a locked role"));
}
IdentityResult result;
//Get all claims under the permissions group
var permissions = _claimsManager.GetAllPermissionForPoolId(model.PoolId);
var claims = permissions.FindClaims(model.PermissionTitle).Distinct();
var roleSelectedClaims = await _roleManager.GetClaimObjectsAsync(role);
foreach (var securityClaim in claims)
{
var claim = new System.Security.Claims.Claim(securityClaim.Type, securityClaim.Value);
//check if claim is in role...
if (roleSelectedClaims.Any())
{
if (roleSelectedClaims.Any(c => c.ClaimType == securityClaim.Type &&
c.ClaimValue == securityClaim.Value))
{
continue;
}
}
result = await _roleManager.AddClaimAsync(new Role()
{
Id = role.Id
}, claim);
}
return(Ok(model));
}
return(BadRequest(ModelState));
}
public async Task <ActionResult> Permissions(SecurityUserPermissionsViewModel model, string userId)
{
if (ModelState.IsValid)
{
// prevent bypassing security
if (model.UserId != userId || model.PoolId != Client.SecurityPoolId)
{
return(BadRequest("Model is invalid for this route"));
}
IdentityResult result;
//to avoid removing claims in other groups we first tackle the groups not selected or ones deselected, remove those claims first.
//then add claims from selected permissions group. Performing 2 loops will take care of that.
// I wish there was a better way....
//Get all permissions/claims under the Pool id in context
var poolPermissions = _claimsManager.GetAllPermissionForPoolId(model.PoolId);
var poolPermissionClaims = GetAllClaimsFromPermissions(poolPermissions);
//easiest way so far...
//loop to start removing all claims that whether selected or deselected. This will clear the role claims for this group and let use start adding new ones.
foreach (var poolPermissionClaim in poolPermissionClaims)
{
result = await _userManager.RemoveClaimAsync(poolPermissionClaim.Type, poolPermissionClaim.Value, model.UserId);
//if (!result.Succeeded)
// return ErrorView(result.Errors.ToString());
}
//Start Adding permission groups claims that were selected.
foreach (var selectedPermission in model.SelectedPermissionGroups)
{
//get specific claims for this selected permissionGroup (to be added)
var claimsForSelectedPermission = poolPermissions.FindClaims(selectedPermission).Distinct();
//start adding each claim for this permission to the role, if not already there.
foreach (var securityClaim in claimsForSelectedPermission)
{
//find that Claim doesnt exist in this role first. If it does then skip, if doesn't then add.
if (_userManager.QueryUserClaims().FirstOrDefault(x => x.UserId == model.UserId &&
x.ClaimType == securityClaim.Type &&
x.ClaimValue == securityClaim.Value) == null)
{
var claim = new System.Security.Claims.Claim(securityClaim.Type, securityClaim.Value);
result = await _userManager.AddClaimAsync(userId, claim);
}
}
}
return(Ok());
}
return(BadRequest(ModelState));
}
public async Task <IViewComponentResult> InvokeAsync(string siteId, string userId)
{
var site = await _siteManager.GetByIdAsync(siteId);
var userCurrentClaims = await _userManager.GetClaimObjectsAsync(userId);
var permissionGroups = _claimsManager.GetAllPermissionForPoolId(site.SecurityPoolId);
ViewData["SelectedClaims"] = userCurrentClaims;
ViewData["PermissionGroups"] = ToKendoTreeViewModel(permissionGroups.ToList(), userCurrentClaims);
// TODO - Ensure user's directory is mapped to this site's security pool
ViewData["siteId"] = siteId;
ViewData["PoolId"] = site.SecurityPoolId;
ViewData["UserId"] = userId;
return(View());
}
public async Task <IViewComponentResult> InvokeAsync(string clientId = "", string roleId = "")
{
var client = await _clientManager.GetByIdAsync(clientId);
var role = await _roleManager.GetByIdAsync(roleId);
var poolId = client.SecurityPoolId;
var roleSelectedClaims = await _roleManager.GetClaimObjectsAsync(role);
var permissionGroups = _claimsManager.GetAllPermissionForPoolId(poolId);
ViewData["SelectedClaims"] = roleSelectedClaims;
ViewData["PermissionGroups"] = ToKendoTreeViewModel(permissionGroups.ToList(), roleSelectedClaims);
var model = new List <PoolRoleClaimViewModel>();
ViewData["ClientId"] = clientId;
ViewData["PoolId"] = poolId;
ViewData["RoleId"] = roleId;
ViewData["IsLocked"] = role.IsLocked;
return(View(model));
}
public async Task <IViewComponentResult> InvokeAsync(string poolId = "", string roleId = "")
{
if (string.IsNullOrEmpty(poolId) || string.IsNullOrEmpty(roleId))
{
return(new ViewComponentPlaceholder());
}
//var poolClaims = _claimsManager.GetAllClaimsForPoolId(poolId);
var role = await _roleManager.GetByIdAsync(roleId);
var roleSelectedClaims = await _roleManager.GetClaimObjectsAsync(role);
var permissionGroups = _claimsManager.GetAllPermissionForPoolId(poolId);
//ViewData["ClaimList"] = poolClaims;
ViewData["SelectedClaims"] = roleSelectedClaims;
ViewData["PermissionGroups"] = ToKendoTreeViewModel(permissionGroups.ToList(), roleSelectedClaims);
var model = new List <PoolRoleClaimViewModel>();
ViewData["PoolId"] = poolId;
ViewData["RoleId"] = roleId;
return(View(model));
}