public async Task <ActionResult> EditRole(string id)
{
IdentityRole role = id != null ? await roleManager.FindByIdAsync(id) : null;
if (id == null && !HttpContext.UserHasClaimPermission(PermissionClaims.CreateRoles))
{
return(Forbid());
}
if (id != null && !HttpContext.UserHasClaimPermission(PermissionClaims.EditRoles))
{
return(Forbid());
}
if (string.Equals(role?.Name, AdminRole, StringComparison.OrdinalIgnoreCase))
{
throw new Exception("Cannot edit admin roles");
}
var model = new AdminRoleSave();
model.Id = id;
model.Name = role?.Name;
model.Claims = role != null ? (await roleManager.GetClaimsAsync(role)).Where(x => x.Type == CustomClaimTypes.Permission).Select(x => x.Value) : Enumerable.Empty <string>();
return(View(model));
}
public async Task <ActionResult> EditRole(string id, string name, IEnumerable <string> claims)
{
var role = id != null ? await roleManager.FindByIdAsync(id) : db.Roles.Add(new IdentityRole()).Entity;
claims = claims ?? Enumerable.Empty <string>();
if (id == null && !HttpContext.UserHasClaimPermission(PermissionClaims.CreateRoles))
{
return(Forbid());
}
if (id != null && !HttpContext.UserHasClaimPermission(PermissionClaims.EditRoles))
{
return(Forbid());
}
if (string.Equals(role.Name, AdminRole, StringComparison.OrdinalIgnoreCase))
{
throw new Exception("Cannot edit admin roles");
}
if (!string.Equals(role.Name, AnonymousRole, StringComparison.OrdinalIgnoreCase))
{
role.Name = name;
}
if (ModelState.IsValid)
{
IdentityResult result = IdentityResult.Success;
if (id == null)
{
result = await roleManager.CreateAsync(role);
}
if (result.Succeeded)
{
var currentClaims = await roleManager.GetClaimsAsync(role);
foreach (var removedClaim in currentClaims.Where(x => x.Type == CustomClaimTypes.Permission && claims.Contains(x.Value) == false).ToList())
{
result = await roleManager.RemoveClaimAsync(role, removedClaim);
if (result.Succeeded == false)
{
break;
}
}
if (result.Succeeded)
{
var rolesAdded = new List <string>();
foreach (var addedRole in claims.Except(currentClaims.Where(y => y.Type == CustomClaimTypes.Permission).Select(x => x.Value)).ToList())
{
result = await roleManager.AddClaimAsync(role, new Claim(CustomClaimTypes.Permission, addedRole));
if (result.Succeeded == false)
{
break;
}
}
if (result.Succeeded)
{
db.SaveChanges();
return(RedirectToAction("Roles"));
}
}
}
AddErrors(result);
}
var model = new AdminRoleSave();
model.Id = id;
model.Name = role.Name;
model.Claims = claims;
return(View(model));
}
