//[Permission(Action = ActionName.CanCreate)] public IHttpActionResult Create([FromBody] AppRoleDto role) { return(CreateResponse(() => { if (!ModelState.IsValid) { return BadRequest(ModelState); } var model = Mapper.Map <AppRoleDto, AppRole>(role); RoleManager.Create(model); //add new permissions for role foreach (var permission in role.Permissions) { _permissionService.Add(new Permission { RoleId = model.Id, FunctionId = permission.FunctionId, CanRead = permission.CanRead, CanUpdate = permission.CanUpdate, CanDelete = permission.CanDelete, CanCreate = permission.CanCreate }); } UnitOfWork.Commit(); return Created(new Uri(Request.RequestUri + "/" + model.Id), role); })); }
//[Permission(Action = ActionName.CanUpdate)] public IHttpActionResult Edit(string id, [FromBody] AppRoleDto role) { return(CreateResponse(() => { if (!ModelState.IsValid) { return BadRequest(ModelState); } var model = RoleManager.FindById(id); if (model == null) { return Content(HttpStatusCode.NotFound, ApiMessage.RoleNotFound); } Mapper.Map(role, model); RoleManager.Update(model); // update permisison for role foreach (var permission in role.Permissions) { var permissionInDb = _permissionService.Get(permission.RoleId, permission.FunctionId); permissionInDb.CanCreate = permission.CanCreate; permissionInDb.CanDelete = permission.CanDelete; permissionInDb.CanRead = permission.CanRead; permissionInDb.CanUpdate = permission.CanUpdate; _permissionService.Update(permissionInDb); } UnitOfWork.Commit(); return StatusCode(HttpStatusCode.NoContent); })); }