/// <summary>
/// Read all grants: to have a global view of permissions granting: for a role or a user, what kind of permission is granted, for every scope (extension).
/// </summary>
/// <returns></returns>
public static GrantViewModel ReadAll(RoleManager <IdentityRole <string> > roleManager_, IStorage storage_, Dictionary <string, string> roleNameByRoleId_)
{
GrantViewModel model = new GrantViewModel();
// 1. Get all scopes from available extensions, create initial dictionaries
foreach (IExtensionMetadata extensionMetadata in ExtensionManager.GetInstances <IExtensionMetadata>())
{
model.PermissionsByRoleAndScope.Add(extensionMetadata.GetScope(), new Dictionary <string, List <Common.Enums.Permission> >());
}
// 2. Read data from RolePermission table
// Names of roles that have permissions attributed
HashSet <string> rolesWithPerms = new HashSet <string>();
// Read role/permission/extension settings
List <RolePermission> allRp = storage_.GetRepository <IRolePermissionRepository>().All();
foreach (RolePermission rp in allRp)
{
if (!model.PermissionsByRoleAndScope.ContainsKey(rp.Scope))
{
// A database record related to a not loaded extension (scope). Ignore this.
continue;
}
string roleName = roleNameByRoleId_.ContainsKey(rp.RoleId) ? roleNameByRoleId_[rp.RoleId] : null;
if (!model.PermissionsByRoleAndScope[rp.Scope].ContainsKey(roleName))
{
model.PermissionsByRoleAndScope[rp.Scope].Add(roleName, new List <Common.Enums.Permission>());
}
// Format the list of Permission enum values according to DB enum value
model.PermissionsByRoleAndScope[rp.Scope][roleName] = PermissionHelper.GetLowerOrEqual(PermissionHelper.FromId(rp.PermissionId));
rolesWithPerms.Add(roleName);
}
// 3. Also read roles for which no permissions were set
IList <string> roleNames = roleManager_.Roles.Select(r_ => r_.Name).ToList();
foreach (string role in roleNames)
{
if (rolesWithPerms.Contains(role))
{
continue;
}
foreach (string scope in model.PermissionsByRoleAndScope.Keys)
{
model.PermissionsByRoleAndScope[scope].Add(role, new List <Common.Enums.Permission>());
}
}
return(model);
}
/// <summary>
/// Every permission with its scope, linked to user and user's roles.
/// </summary>
/// <param name="userId_"></param>
/// <returns>List of key/value : permission and scope</returns>
public HashSet <KeyValuePair <Common.Enums.Permission, string> > AllForUser(string userId_)
{
IEnumerable <KeyValuePair <Common.Enums.Permission, string> > permissionsOfRoles = from p in storageContext.Set <Permission>()
join rp in storageContext.Set <RolePermission>() on p.Id equals rp.PermissionId
join r in storageContext.Set <IdentityRole <string> >() on rp.RoleId equals r.Id
join ur in storageContext.Set <IdentityUserRole <string> >() on r.Id equals ur.RoleId
where ur.UserId == userId_
select new KeyValuePair <Common.Enums.Permission, string>(PermissionHelper.FromId(p.Id), rp.Scope);
IEnumerable <KeyValuePair <Common.Enums.Permission, string> > permissionsOfUser = from p in storageContext.Set <Permission>()
join up in storageContext.Set <UserPermission>() on p.Id equals up.PermissionId
where up.UserId == userId_
select new KeyValuePair <Common.Enums.Permission, string>(PermissionHelper.FromId(p.Id), up.Scope);
HashSet <KeyValuePair <Common.Enums.Permission, string> > allPermissions = new HashSet <KeyValuePair <Common.Enums.Permission, string> >();
foreach (KeyValuePair <Common.Enums.Permission, string> p in permissionsOfRoles)
{
allPermissions.Add(p);
}
foreach (KeyValuePair <Common.Enums.Permission, string> p in permissionsOfUser)
{
allPermissions.Add(p);
}
return(allPermissions);
}
