/// <summary>
/// This toggles whether the <see cref="Permissions.Cache2"/> permission is in the <see cref="CacheRoleName"/>.
/// This causes the <see cref="ExtraAuthorizeDbContext"/> to update the TimeStore with the time this change happens.
/// Then the <see cref="CodeCalledInStartup.AuthCookieValidate"/> will compare the users lastUpdated time which will
/// cause a recalc of the logged-in user's permission claim.
/// </summary>
public void ToggleCacheRole()
{
var hasCache2Permission = _context.Find <RoleToPermissions>(CacheRoleName)
.PermissionsInRole.Any(x => x == Permissions.Cache2);
var updatedPermissions = new List <Permissions> {
Permissions.Cache1
};
if (!hasCache2Permission)
{
updatedPermissions.Add(Permissions.Cache2);
}
var authUserHelper = new ExtraAuthUsersSetup(_context);
authUserHelper.UpdateRole(CacheRoleName, $"Has {updatedPermissions.Count} permissions.", updatedPermissions);
_context.SaveChanges();
}
private static void CheckAddRoles(IWebHostEnvironment env, IServiceProvider services)
{
var pathRolesData = Path.GetFullPath(Path.Combine(env.WebRootPath, SeedDataDir, RolesFilename));
var context = services.GetRequiredService <ExtraAuthorizeDbContext>();
var extraService = new ExtraAuthUsersSetup(context);
var lines = File.ReadAllLines(pathRolesData);
foreach (var line in lines)
{
var colonIndex = line.IndexOf(':');
var roleName = line.Substring(0, colonIndex);
var permissions = line.Substring(colonIndex + 1).Split(',')
.Select(x => Enum.Parse(typeof(Permissions), x.Trim(), true))
.Cast <Permissions>().ToList();
extraService.AddUpdateRoleToPermissions(roleName, roleName, permissions);
}
context.SaveChanges();
}
/// <summary>
/// This ensures there is a SuperAdmin user in the system.
/// It gets the SuperAdmin's email and password from the "SuperAdmin" section of the appsettings.json file
/// NOTE: for security reasons I only allows one user with the RoleName of <see cref="SuperAdminRoleName"/>
/// </summary>
/// <param name="serviceProvider"></param>
/// <returns></returns>
public static async Task CheckAddSuperAdminAsync(this IServiceProvider serviceProvider)
{
using (var scope = serviceProvider.CreateScope())
{
var services = scope.ServiceProvider;
var extraContext = services.GetRequiredService <ExtraAuthorizeDbContext>();
if (extraContext.UserToRoles.Any(x => x.RoleName == SuperAdminRoleName))
{
//For security reasons there can only be one user with the SuperAdminRoleName
return;
}
var userManager = services.GetRequiredService <UserManager <IdentityUser> >();
var config = services.GetRequiredService <IConfiguration>();
var superSection = config.GetSection("SuperAdmin");
if (superSection == null)
{
return;
}
var userEmail = superSection["Email"];
var userPassword = superSection["Password"];
var superUser = await userManager.CheckAddNewUserAsync(userEmail, userPassword);
using (var context = services.GetRequiredService <ExtraAuthorizeDbContext>())
{
var extraService = new ExtraAuthUsersSetup(context);
extraService.AddUpdateRoleToPermissions(SuperAdminRoleName, "SuperAdmin Role", new List <Permissions> {
Permissions.AccessAll
});
extraService.CheckAddRoleToUser(superUser.Id, SuperAdminRoleName);
context.SaveChanges();
}
}
}
public DemoUsersSetup(IServiceProvider services)
{
_userManager = services.GetRequiredService <UserManager <IdentityUser> >();
_extraContext = services.GetRequiredService <ExtraAuthorizeDbContext>();
_extraService = new ExtraAuthUsersSetup(_extraContext);
}
