/// <summary>
/// Seeding database with admin user and password admin. Also add role 'Admin'
/// </summary>
/// <param name="userService">Service to include user</param>
public static void SeedUsers(IUserService userService)
{
User userAdmin = userService.FindByEmailAsync("*****@*****.**").Result;
if (userAdmin == null)
{
User user = new User
{
UserName = "******",
Email = "*****@*****.**",
FirstName = "system",
LastName = "admin",
IsSuperAdmin = true
};
userService.CreateAsync(user, "@dm1n1stR4tOr").Wait();
}
userAdmin = userService.FindByEmailAsync("*****@*****.**").Result;
if (userAdmin != null)
{
if (!userService.GetRolesAsync(userAdmin).Result.Contains(RoleClaims.ADMIN_GROUP))
{
userService.AddToRoleAsync(userAdmin, RoleClaims.ADMIN_GROUP).Wait();
}
IList <Claim> existingClaims = userService.GetClaimsAsync(userAdmin).Result;
foreach (Claim claim in RoleClaims.GetAllAdminClaims())
{
if (existingClaims.FirstOrDefault(x => claim.Type.Equals(x.Type) && claim.Value.Equals(x.Value)) == null)
{
userService.AddClaimAsync(userAdmin, claim).Wait();
}
}
}
}
public async Task <IdentityResult> CreateWithClaimsAsync(RoleDto role)
{
Role roleToCreate = new Role()
{
Id = 0, Name = role.Name
};
IdentityResult result = await CreateAsync(roleToCreate);
if (result == IdentityResult.Success)
{
Role createdRole = await FindRoleByNameAsync(roleToCreate.Name);
List <Claim> claimsToAdd = new List <Claim>();
foreach (string claimToInsert in role.Claims)
{
foreach (Claim existingClaim in RoleClaims.GetAllClaims())
{
if (existingClaim.Value.Equals(claimToInsert))
{
claimsToAdd.Add(existingClaim);
}
}
}
foreach (Claim newClaim in claimsToAdd)
{
await AddClaimAsync(createdRole, newClaim);
}
}
return(result);
}
/// <summary>
/// Seeds the default data.
/// </summary>
private void Seed()
{
SaveChanges();
// Make sure we have a SysAdmin role
var role = Roles.FirstOrDefault(r => r.Name == "SysAdmin");
if (role == null)
{
role = new Role
{
Id = Guid.NewGuid(),
Name = "SysAdmin",
NormalizedName = "SYSADMIN"
};
Roles.Add(role);
}
// Make sure our SysAdmin role has all of the available claims
//foreach (var claim in Piranha.Security.Permission.All())
foreach (var permission in App.Permissions.GetPermissions())
{
var roleClaim = RoleClaims.FirstOrDefault(c => c.RoleId == role.Id && c.ClaimType == permission.Name && c.ClaimValue == permission.Name);
if (roleClaim == null)
{
RoleClaims.Add(new IdentityRoleClaim <Guid>
{
RoleId = role.Id,
ClaimType = permission.Name,
ClaimValue = permission.Name
});
}
}
SaveChanges();
}
public async Task <IActionResult> AddRole(AddAndEditRoleViewModels addRoleViewModels)
{
var role = Mapper.Map <Role>(addRoleViewModels);
role.RoleClaims = new List <RoleClaims>();
var roleNames = new List <string>();
foreach (var key in Request.Form.Keys)
{
if (key.Contains("Permission.") && Request.Form[key].Contains("on"))
{
roleNames.Add(key.Substring(11));
}
}
List <RoleClaims> roleClaims1 = new List <RoleClaims>();
foreach (var item in roleNames)
{
RoleClaims roleClaims2 = new RoleClaims();
roleClaims2.ClaimType = "RoleClaims";
roleClaims2.ClaimValue = item;
role.RoleClaims.Add(roleClaims2);
}
await _roleSever.AddRole(role);
return(Redirect(nameof(ShowRole)));
}
public async Task <IActionResult> UpdateRole(AddAndEditRoleViewModels role)
{
var role1 = Mapper.Map <Role>(role);
await _roleSever.UpdateRole(role1);
var roleNames = new List <string>();
foreach (var key in Request.Form.Keys)
{
if (key.Contains("Permission.") && Request.Form[key].Contains("on"))
{
roleNames.Add(key.Substring(11));
}
}
var roleClaims = _roleClaimsSever.GetRoleClaims(new List <int>()
{
role1.Id
});
await _roleClaimsSever.Removes(roleClaims);
List <RoleClaims> roleClaims1 = new List <RoleClaims>();
foreach (var item in roleNames)
{
RoleClaims roleClaims2 = new RoleClaims();
roleClaims2.RoleId = role1.Id;
roleClaims2.ClaimType = "RoleClaims";
roleClaims2.ClaimValue = item;
roleClaims1.Add(roleClaims2);
}
await _roleClaimsSever.AddRoleClaims(roleClaims1);
return(Redirect(nameof(ShowRole)));
}
/// <summary>
/// Erzeugen aller standart rollen (Admin und Datenschutzbeauftragter mit den jeweiligen rechten)
/// </summary>
/// <param name="roleService">rollen service</param>
public static void SeedRoles(IRoleService roleService)
{
foreach (string roleToCreate in RoleClaims.DEFAULT_GROUPS)
{
Role role = roleService.FindRoleByNameAsync(roleToCreate).Result;
if (role == null)
{
roleService.CreateAsync(new Role()
{
Name = roleToCreate
}).Wait();
}
role = roleService.FindRoleByNameAsync(roleToCreate).Result;
if (role != null)
{
IList <Claim> existingClaims = roleService.GetClaimsAsync(role).Result;
List <Claim> claimsToCheck = new List <Claim>();
if (role.Name.Equals(RoleClaims.ADMIN_GROUP))
{
claimsToCheck = RoleClaims.GetAllAdminClaims();
}
else if (role.Name.Equals(RoleClaims.DATA_SECURITY_ENGINEER_GROUP))
{
claimsToCheck = RoleClaims.GetAllDsgvoClaims();
}
foreach (Claim claim in claimsToCheck)
{
if (existingClaims.FirstOrDefault(x => x.Type.Equals(claim.Type) && x.Value.Equals(claim.Value)) == null)
{
roleService.AddClaimAsync(role, claim).Wait();
}
}
}
}
}
public virtual async Task <IList <Claim> > GetClaimsAsync(IdentityRoleNav <TKey> role, CancellationToken cancellationToken = default)
{
ThrowIfDisposed();
if (role == null)
{
throw new ArgumentNullException(nameof(role));
}
return(await RoleClaims.Where(rc => rc.RoleId.Equals(role.Id)).Select(c => new Claim(c.ClaimType, c.ClaimValue)).ToListAsync(cancellationToken));
}
public override async Task AddClaimAsync(IdentityRole <TKey> role, Claim claim, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
role.ThrowIfNull(nameof(role));
claim.ThrowIfNull(nameof(claim));
RoleClaims ??= (await RoleClaimsTable.GetClaimsAsync(role.Id)).ToList();
RoleClaims.Add(CreateRoleClaim(role, claim));
}
public async override Task <IList <Claim> > GetClaimsAsync(Role role, CancellationToken cancellationToken = default(CancellationToken))
{
ThrowIfDisposed();
if (role == null)
{
throw new ArgumentNullException(nameof(role));
}
return(await RoleClaims.Where(rc => rc.RoleId == role.Id).Select(c => new Claim(c.ClaimType, c.ClaimValue)).ToListAsync(cancellationToken));
}
public async Task <IActionResult> GetAllClaims(long id)
{
List <string> list = new List <string>();
foreach (Claim claim in await Task.FromResult(RoleClaims.GetAllClaims()))
{
list.Add(claim.Value);
}
return(Ok(list));
}
public async Task <IdentityResult> RemoveClaimAsync(Role role, Claim claim)
{
if ((role.Id == 1 && RoleClaims.GetAllAdminClaims().FirstOrDefault(x => x.Type.Equals(claim.Type)) != null &&
RoleClaims.GetAllAdminClaims().FirstOrDefault(x => x.Value.Equals(claim.Value)) != null) ||
role.Id == 2 && RoleClaims.GetAllDsgvoClaims().FirstOrDefault(x => x.Type.Equals(claim.Type)) != null &&
RoleClaims.GetAllDsgvoClaims().FirstOrDefault(x => x.Value.Equals(claim.Value)) != null)
{
return(IdentityResult.Success);
}
return(await manager.RemoveClaimAsync(role, claim));
}
public async virtual Task RemoveClaimAsync(Role role, Claim claim, CancellationToken cancellationToken = default)
{
ThrowIfDisposed();
role.CheakArgument();
claim.CheakArgument();
var claims = await RoleClaims.Where(rc => rc.RoleId.Equals(role.Id) && rc.ClaimValue == claim.Value && rc.ClaimType == claim.Type).ToListAsync(cancellationToken);
foreach (var c in claims)
{
RoleClaims.Remove(c);
}
}
/// <summary>
/// Adds the <paramref name="claim"/> given to the specified <paramref name="role"/>.
/// </summary>
/// <param name="role">The role to add the claim to.</param>
/// <param name="claim">The claim to add to the role.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> used to propagate notifications that the operation should be canceled.</param>
/// <returns>The <see cref="Task"/> that represents the asynchronous operation.</returns>
public virtual Task AddClaimAsync(Role role, Claim claim, CancellationToken cancellationToken = default(CancellationToken))
{
ThrowIfDisposed();
if (role == null)
{
throw new ArgumentNullException(nameof(role));
}
if (claim == null)
{
throw new ArgumentNullException(nameof(claim));
}
RoleClaims.Add(CreateRoleClaim(role, claim));
return(Task.FromResult(false));
}
public override async Task RemoveClaimAsync(IdentityRole <TKey> role, Claim claim, CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
role.ThrowIfNull(nameof(role));
claim.ThrowIfNull(nameof(claim));
RoleClaims ??= (await RoleClaimsTable.GetClaimsAsync(role.Id)).ToList();
var roleClaims = RoleClaims.Where(x => x.RoleId.Equals(role.Id) && x.ClaimType == claim.Type && x.ClaimValue == claim.Value);
foreach (var roleCalim in roleClaims)
{
RoleClaims.Remove(roleCalim);
}
}
public async Task <IActionResult> Login([FromBody] CredentialsDto credentials)
{
var user = await _userService.FindByNameAsync(credentials.UserNameOrEmail);
if (user == null)
{
user = await _userService.FindByEmailAsync(credentials.UserNameOrEmail);
if (user == null)
{
return(BadRequest("Login fehlgeschlagen!"));
}
}
user.LastLoginDate = DateTime.Now;
await _userService.UpdateUserAsync(user);
await userLoginService.CreateAsync(new UserLogin()
{
DateTimeOfLastLogin = DateTime.Now, UserId = user.Id
});
if (user.UserLockEnabled)
{
return(BadRequest("Benutzer ist gesperrt! Bitte den Administrator kontaktieren"));
}
var signInAsync = await _signInService.CheckPasswordSignInAsync(user, credentials.Password);
if (signInAsync.Succeeded)
{
var userDto = _mapper.Map <UserDto>(user);
var roles = await _userService.GetRolesAsync(user);
List <Claim> claims;
if (!user.IsSuperAdmin)
{
claims = await GetAllClaimsOfUser(roles);
}
else
{
claims = RoleClaims.GetAllClaims();
}
userDto.AccessToken = _signInService.CreateToken(user, roles, claims);
return(Ok(userDto));
}
return(BadRequest("Login fehlgeschlagen!"));
}
public IEnumerable <RoleClaims> GetAllRoleClaims()
{
var roleClaims = (from role in _context.Roles
join claim in _context.RoleClaims on role.Id equals claim.RoleId into RoleClaims
from rc in RoleClaims.DefaultIfEmpty()
select new { Role = role, RoleClaims = rc }
).ToLookup(x => x.Role)
.Select(x => new { Role = x.Key, Claims = x.Select(c => c.RoleClaims).Where(c => c != null).ToList() });
var convertedRoleClaims = roleClaims.Select(x =>
new RoleClaims {
Role = _mapper.Map <Role>(x.Role), Claims = x.Claims != null ? x.Claims.Select(c => c.ClaimValue) : new List <string>()
});
return(convertedRoleClaims);
}
public IEnumerable <Claim> GetClaimsForUser(Guid userId)
{
var user = Users.Get(userId);
if (user == null)
{
throw new ArgumentException(nameof(userId) + "does not belong to any user");
}
var roleId = user.RoleId;
if (!roleId.HasValue)
{
throw new ArgumentException("user with given " + nameof(userId) + " does not belong to any role, and therefore has no claims.");
}
var claims = RoleClaims.GetClaimsForRole(roleId.Value);
return(claims);
}
/// <summary>
/// Removes the <paramref name="claim"/> given from the specified <paramref name="role"/>.
/// </summary>
/// <param name="role">The role to remove the claim from.</param>
/// <param name="claim">The claim to remove from the role.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> used to propagate notifications that the operation should be canceled.</param>
/// <returns>The <see cref="Task"/> that represents the asynchronous operation.</returns>
public async virtual Task RemoveClaimAsync(Role role, Claim claim, CancellationToken cancellationToken = default(CancellationToken))
{
ThrowIfDisposed();
if (role == null)
{
throw new ArgumentNullException(nameof(role));
}
if (claim == null)
{
throw new ArgumentNullException(nameof(claim));
}
var claims = await RoleClaims.Where(rc => rc.RoleId.Equals(role.Id) && rc.ClaimValue == claim.Value && rc.ClaimType == claim.Type).ToListAsync(cancellationToken);
foreach (var c in claims)
{
RoleClaims.Remove(c);
}
}
public virtual async Task RemoveClaimAsync(IdentityRoleNav <TKey> role, Claim claim, CancellationToken cancellationToken = default)
{
ThrowIfDisposed();
if (role == null)
{
throw new ArgumentNullException(nameof(role));
}
if (claim == null)
{
throw new ArgumentNullException(nameof(claim));
}
var claims = await RoleClaims.Where(rc => rc.RoleId.Equals(role.Id) && rc.ClaimValue == claim.Value && rc.ClaimType == claim.Type).ToListAsync(cancellationToken);
foreach (var c in claims)
{
RoleClaims.DataContext.Delete(c);
}
}
private async Task <IdentityResult> UpdateClaimsAsync(LondonTravelUser user, ExternalLoginInfo info)
{
bool commitUpdate = false;
if (user.RoleClaims == null)
{
user.RoleClaims = new List <LondonTravelRole>();
commitUpdate = true;
}
foreach (var claim in info.Principal.Claims)
{
bool hasClaim = user?.RoleClaims
.Where((p) => p.ClaimType == claim.Type)
.Where((p) => p.Issuer == claim.Issuer)
.Where((p) => p.Value == claim.Value)
.Where((p) => p.ValueType == claim.ValueType)
.Any() == true;
if (!hasClaim)
{
user !.RoleClaims.Add(LondonTravelRole.FromClaim(claim));
commitUpdate = true;
}
}
if (commitUpdate)
{
var result = await _userManager.UpdateAsync(user);
if (result.Succeeded)
{
_telemetry.TrackClaimsUpdated(user.Id !);
}
return(result);
}
else
{
return(IdentityResult.Success);
}
}
public RoleClaims GetRoleClaims(string roleId)
{
var roleClaims = (from role in _context.Roles
join claim in _context.RoleClaims on role.Id equals claim.RoleId into RoleClaims
from rc in RoleClaims.DefaultIfEmpty()
select new
{
Role = role,
RoleClaims = rc
}).ToLookup(x => x.Role)
.Select(x => new { Role = x.Key, Claims = x.Select(x => x.RoleClaims).Where(c => c != null).ToList() })
.FirstOrDefault(x => x.Role.Id == roleId);
var model = new RoleClaims();
model.Role = _mapper.Map <Role>(roleClaims.Role);
model.Claims = roleClaims.Claims != null?roleClaims.Claims.Select(x => x.ClaimValue) : new List <string>();
return(model);
}
public virtual async Task <IdentityResult> AddClaimAsync(IdentityRole role, Claim claim, CancellationToken cancellationToken = default)
{
ThrowIfDisposed();
role.CheakArgument();
claim.CheakArgument();
var f2 = await DbEntitySet.AnyAsync(d => d.Id.Equals(role.Id));
if (f2)
{
var flag = await RoleClaims.AnyAsync(a => a.ClaimType.Equals(claim.Type) &&
a.ClaimValue.Equals(claim.Value) && a.RoleId.Equals(role.Id));
if (!flag)
{
RoleClaims.Add(CreateRoleClaim(role, claim));
return(await SaveChangesAsync(cancellationToken));
}
}
return(IdentityResult.Failed("已经存在该权限"));
}
public async virtual Task <IdentityResult> RemoveClaimAsync(IdentityRole role, Claim claim, CancellationToken cancellationToken = default)
{
ThrowIfDisposed();
role.CheakArgument();
claim.CheakArgument();
var rolecasims = RoleClaims.Where(rc =>
rc.RoleId.Equals(role.Id) &&
rc.ClaimValue == claim.Value &&
rc.ClaimType == claim.Type).Select(s => new IdentityRole()
{
Id = s.Id, EditedTime = s.EditedTime
});
AutoSaveChanges = false;
foreach (var item in rolecasims)
{
item.IsDeleted = true;
var delte = await DeleteAsync(item, default);
}
AutoSaveChanges = true;
return(await SaveChangesAsync(cancellationToken));
}
private UserRolesClaims GetProfile(BlogUser user)
{
var profile = new UserRolesClaims();
var userRoles = _context.UserRoles.Where(x => x.UserId == user.Id).Select(x => x.RoleId);
var roles = (from role in _context.Roles
where userRoles.Contains(role.Id)
join claim in _context.RoleClaims on role.Id equals claim.RoleId into RoleClaims
from rc in RoleClaims.DefaultIfEmpty()
select new
{
Role = role,
Claims = rc
}).ToLookup(x => x.Role)
.Select(x => new { Role = x.Key, Claims = x.Select(c => c.Claims).Where(c => c != null).ToList() });
var userClaims = _context.UserClaims.Where(x => x.UserId == user.Id);
var groupUserEmails = _context.Users.Where(x =>
user.SupervisorId == null ?
x.SupervisorId == user.Id :
(x.SupervisorId == user.SupervisorId || x.Id == user.SupervisorId) && x.Id != user.Id).Select(x => x.Email);
var roleClaims = new List <RoleClaims>();
foreach (var r in roles)
{
var roleClaim = new RoleClaims();
roleClaim.Role = _mapper.Map <Role>(r.Role);
roleClaim.Claims = r.Claims.Select(x => x.ClaimValue);
roleClaims.Add(roleClaim);
}
profile.User = _mapper.Map <User>(user);
profile.UserClaims = _mapper.Map <IEnumerable <UserClaim> >(userClaims);
profile.Roles = roleClaims;
profile.GroupEmails = groupUserEmails;
return(profile);
}
public async Task <IdentityResult> UpdateRoleWithClaimsAsync(RoleDto role)
{
Role roleToUpdate = await FindRoleByIdAsync(role.Id);
if (roleToUpdate == null)
{
return(IdentityResult.Failed(new IdentityError()
{
Code = "301", Description = "Role not found!"
}));
}
if (!roleToUpdate.Name.Equals(role.Name) && role.Id > 2)
{
if (!await CheckIfRoleNameAlreadyExistsAsync(role.Name))
{
roleToUpdate.Name = role.Name;
await UpdateAsync(roleToUpdate);
}
}
List <Claim> claimsToDelete = new List <Claim>();
IList <Claim> existingClaims = await GetClaimsAsync(roleToUpdate);
foreach (Claim existingClaim in existingClaims)
{
if (role.Claims.FirstOrDefault(x => x.Equals(existingClaim.Value)) == null)
{
claimsToDelete.Add(existingClaim);
}
}
foreach (Claim claimToDelete in claimsToDelete)
{
await RemoveClaimAsync(roleToUpdate, claimToDelete);
}
List <Claim> claimsToAdd = new List <Claim>();
bool error = false;
foreach (string claimToAdd in role.Claims)
{
if (existingClaims.FirstOrDefault(x => x.Value.Equals(claimToAdd)) == null)
{
Claim existingClaimToAdd = RoleClaims.GetAllClaims().FirstOrDefault(x => x.Value.Equals(claimToAdd));
if (existingClaimToAdd != null)
{
claimsToAdd.Add(existingClaimToAdd);
}
else
{
error = true;
}
}
}
foreach (Claim claimToAdd in claimsToAdd)
{
await AddClaimAsync(roleToUpdate, claimToAdd);
}
if (!error)
{
return(IdentityResult.Success);
}
else
{
return(IdentityResult.Failed(new IdentityError()
{
Code = "201", Description = "Claim not found!"
}));
}
}
public async virtual Task <IList <Claim> > GetClaimsAsync(Role role, CancellationToken cancellationToken = default)
{
ThrowIfDisposed();
role.CheakArgument();
return(await RoleClaims.Where(rc => rc.RoleId.Equals(role.Id)).Select(c => new Claim(c.ClaimType, c.ClaimValue)).ToListAsync(cancellationToken));
}
