public ActionResult SaveAdminPrivilege(SelectEntityRolesViewModel model) { PermissionContext db = new PermissionContext(LogggedInUser); if (!((CustomPrincipal)User).IsAdmin) { return(RedirectToAction("Index", "Home")); } if (ModelState.IsValid) { foreach (var ent in model.privileges) { var list = db.AdminPrivileges.FirstOrDefault(q => q.RoleName == model.RoleName && ent.AdminFeature == q.AdminFeature); PermissionAdminPrivilege permission = (list != null ? list : new PermissionAdminPrivilege()); permission.IsAllow = ent.IsAllow; permission.IsEdit = ent.IsEdit; permission.IsAdd = ent.IsAdd; permission.IsDelete = ent.IsDelete; permission.AdminFeature = ent.AdminFeature; permission.RoleName = ent.RoleName; if (list == null) { db.AdminPrivileges.Add(permission); } db.SaveChanges(); } } return(RedirectToAction("Index", new { RoleName = model.RoleName })); // return Json("FROMPAGE", "application/json", System.Text.Encoding.UTF8, JsonRequestBehavior.AllowGet); }
public void AfterSave(T_Facility t_facility) { var roleContext = new ApplicationDbContext(); if (roleContext.Roles.FirstOrDefault(p => p.TenantId == t_facility.Id) == null) { var RoleManager = new RoleManager <ApplicationRole>(new RoleStore <ApplicationRole>(new ApplicationDbContext())); IdentityResult roleResultCanEdit = RoleManager.Create(new ApplicationRole(t_facility.DisplayValue + "-Admin", t_facility.DisplayValue + " Tenant Admin Role", "TenantSpecific", t_facility.Id)); if (roleResultCanEdit.Succeeded) { using (var permissionContextTenantAdmin = new PermissionContext()) { var flag = false; foreach (var ent in permissionContextTenantAdmin.Permissions.Where(p => p.RoleName == "Tenant-Admin-Template")) { Permission permission = new Permission(); permission.CanAdd = ent.CanAdd; permission.CanDelete = ent.CanDelete; permission.CanView = ent.CanView; permission.CanEdit = ent.CanEdit; permission.IsOwner = ent.IsOwner; permission.SelfRegistration = ent.SelfRegistration; permission.EntityName = ent.EntityName; permission.RoleName = t_facility.DisplayValue + "-Admin"; permission.Verbs = ent.Verbs; permission.UserAssociation = ent.UserAssociation; permissionContextTenantAdmin.Permissions.Add(permission); flag = true; } if (flag) { permissionContextTenantAdmin.SaveChanges(); } flag = false; foreach (var ent in permissionContextTenantAdmin.AdminPrivileges.Where(p => p.RoleName == "Tenant-Admin-Template")) { PermissionAdminPrivilege permission = new PermissionAdminPrivilege(); permission.AdminFeature = ent.AdminFeature; permission.IsAdd = ent.IsAdd; permission.IsAllow = ent.IsAllow; permission.IsDelete = ent.IsDelete; permission.IsEdit = ent.IsEdit; permission.RoleName = t_facility.DisplayValue + "-Admin"; permissionContextTenantAdmin.AdminPrivileges.Add(permission); flag = true; } if (flag) { permissionContextTenantAdmin.SaveChanges(); } } } } // Write your logic here }
protected void Application_AuthorizeRequest(Object sender, EventArgs e) { if (User.Identity.IsAuthenticated) { var roles = ((CustomPrincipal)User).GetRoles(); var isAdmin = ((CustomPrincipal)User).IsAdminUser(); List <Permission> permissions = new List <Permission>(); ((CustomPrincipal)User).IsAdmin = isAdmin; List <PermissionAdminPrivilege> adminprivilegeslist = new List <PermissionAdminPrivilege>(); ((CustomPrincipal)User).userroles = roles.ToList(); using (var pc = new PermissionContext()) { // so we only make one database call instead of one per entity? var rolePermissions = pc.Permissions.Where(p => roles.Contains(p.RoleName)).ToList(); var adminprivileges = pc.AdminPrivileges.Where(p => roles.Contains(p.RoleName)).ToList(); foreach (var item in (new AdminFeaturesDictionary()).getDictionary()) { var adminprivilege = new PermissionAdminPrivilege(); var raw = adminprivileges.Where(p => p.AdminFeature == item.Key); adminprivilege.AdminFeature = item.Key; adminprivilege.IsAllow = isAdmin || raw.Any(p => p.IsAllow); adminprivilege.IsAdd = isAdmin || raw.Any(p => p.IsAdd); adminprivilege.IsEdit = isAdmin || raw.Any(p => p.IsEdit); adminprivilege.IsDelete = isAdmin || raw.Any(p => p.IsDelete); adminprivilegeslist.Add(adminprivilege); } ((CustomPrincipal)User).adminprivileges = adminprivilegeslist; foreach (var entity in GeneratorBase.MVC.ModelReflector.Entities) { var calculated = new Permission(); var raw = rolePermissions.Where(p => p.EntityName == entity.Name); calculated.EntityName = entity.Name; calculated.CanEdit = isAdmin || raw.Any(p => p.CanEdit); calculated.CanDelete = isAdmin || raw.Any(p => p.CanDelete); calculated.CanAdd = isAdmin || raw.Any(p => p.CanAdd); calculated.CanView = isAdmin || raw.Any(p => p.CanView); calculated.IsOwner = raw.Any(p => p.IsOwner != null && p.IsOwner.Value); if (!isAdmin) { calculated.SelfRegistration = raw.Any(p => p.SelfRegistration != null && p.SelfRegistration.Value); } else { calculated.SelfRegistration = false; } if (calculated.IsOwner != null && calculated.IsOwner.Value) { calculated.UserAssociation = raw.FirstOrDefault(p => p.IsOwner != null && p.IsOwner.Value).UserAssociation; } else { calculated.UserAssociation = string.Empty; } //code for verb action security var verblist = raw.Select(x => x.Verbs).ToList(); var verbrolecount = verblist.Count(); List <string> allverbs = new List <string>(); foreach (var verb in verblist) { if (verb != null) { allverbs.AddRange(verb.Split(",".ToCharArray()).ToList()); } } var blockedverbs = allverbs.GroupByMany(p => p); if (blockedverbs.Count() > 0) { calculated.Verbs = string.Join(",", blockedverbs.Select(b => b.Key).ToList()); } else { calculated.Verbs = string.Empty; } // //FLS if (!isAdmin) { var listEdit = raw.Where(p => p.CanEdit).Select(p => p.NoEdit == null ? "" : p.NoEdit).ToList(); var listView = raw.Where(p => p.CanView).Select(p => p.NoView == null ? "" : p.NoView).ToList(); var resultEdit = ""; var resultView = ""; if (listView.Count > 0) { HashSet <string> set = new HashSet <string>(listView[0].Split(',')); foreach (var item in listView.Skip(1)) { set.IntersectWith(item.Split(',')); } resultView = string.Join(",", set); } if (listEdit.Count > 0) { HashSet <string> set = new HashSet <string>(listEdit[0].Split(',')); foreach (var item in listEdit.Skip(1)) { set.IntersectWith(item.Split(',')); } resultEdit = string.Join(",", set); } calculated.NoEdit = resultEdit; calculated.NoView = resultView; } // permissions.Add(calculated); } } ((CustomPrincipal)User).permissions = permissions; List <BusinessRule> businessrules = new List <BusinessRule>(); using (var br = new BusinessRuleContext()) { var rolebr = br.BusinessRules.Where(p => p.Roles != null && p.Roles.Length > 0 && !p.Disable && p.AssociatedBusinessRuleTypeID != 5).ToList(); foreach (var rules in rolebr) { //if ((((CustomPrincipal)User).IsInRole(rules.Roles.Split(",".ToCharArray())))) if (((CustomPrincipal)User).IsInRole(rules.Roles.Split(",".ToCharArray()), roles)) { businessrules.Add(rules); } } } ((CustomPrincipal)User).businessrules = businessrules.ToList(); using (var UBS = new UserBasedSecurityContext()) { ((CustomPrincipal)User).userbasedsecurity = UBS.UserBasedSecurities.ToList(); } List <MultiTenantLoginSelected> appsecurityaccess = new List <MultiTenantLoginSelected>(); using (var appsecurity = new ApplicationDbContext(true)) { var app = appsecurity.MultiTenantLoginSelected.Where(p => p.T_User == ((CustomPrincipal)User).Name); foreach (var rules in app) { appsecurityaccess.Add(rules); } //((CustomPrincipal)User).extraMultitenantPriviledges = appsecurity.MultiTenantExtraAccess.Where(p => p.T_User == ((CustomPrincipal)User).Name && p.T_MainEntityID.HasValue).Select(p => p.T_MainEntityID.Value).ToList(); } ((CustomPrincipal)User).MultiTenantLoginSelected = appsecurityaccess.ToList(); } }