private IActionResult SaveUserPermission(string permissionId_, Security.Data.Entities.User user_, string scope_ = null)
{
if (!string.IsNullOrWhiteSpace(permissionId_) && user_ != null)
{
Security.Data.Entities.UserPermission userPermission = new Security.Data.Entities.UserPermission()
{
UserId = user_.Id,
PermissionId = permissionId_
};
if (!string.IsNullOrWhiteSpace(scope_))
{
userPermission.Scope = scope_;
}
_storage.GetRepository <IUserPermissionRepository>().Create(userPermission);
}
try
{
_storage.Save();
_logger.LogInformation($"\"Saving user-permission {permissionId_} ok.\"");
return(Ok("Saving user-permission ok."));
}
catch (Exception e)
{
_logger.LogCritical("\"Error saving user-permission (@userPermission): {@message}, \n\rInnerException: {@innerException} \n\rStackTrace: {@stackTrace} \"", permissionId_, e.Message, e.InnerException, e.StackTrace);
return(StatusCode(StatusCodes.Status500InternalServerError, $"Cannot save user-permission. Error: {e.Message}"));
}
}
public async Task <IActionResult> CreateUser()
{
// Get the list of the role from the enum
Role[] roles = (Role[])Enum.GetValues(typeof(Role));
foreach (var r in roles)
{
// create an identity role object out of the enum value
IdentityRole <string> identityRole = new IdentityRole <string>
{
// Automatic ID
Name = r.GetRoleName()
};
_createdRoles.Add(identityRole);
if (!await _roleManager.RoleExistsAsync(identityRole.Name))
{
var result = await _roleManager.CreateAsync(identityRole);
//return 500 if fail
if (!result.Succeeded)
{
_logger.LogCritical("\"(CreateAsync) Error creating role: { @Name }\"", identityRole.Name);
return(StatusCode(StatusCodes.Status500InternalServerError));
}
}
}
// our default user
Security.Data.Entities.User johnUser = new Security.Data.Entities.User {
FirstName = "John",
LastName = "Doe",
Email = "*****@*****.**",
UserName = "******",
LockoutEnabled = false
};
// second user
Security.Data.Entities.User janeUser = new Security.Data.Entities.User {
FirstName = "Jane",
LastName = "Fonda",
Email = "*****@*****.**",
UserName = "******",
LockoutEnabled = false
};
// third user
Security.Data.Entities.User paulUser = new Security.Data.Entities.User {
FirstName = "Paul",
LastName = "Keller",
Email = "*****@*****.**",
UserName = "******",
LockoutEnabled = false
};
bool firstUser = true;
foreach (var user in new[] { johnUser, janeUser, paulUser })
{
// add the user to the database if it doesn't already exist
if (await _userManager.FindByEmailAsync(user.Email) == null)
{
// WARNING: Do Not check in credentials of any kind into source control
var result = await _userManager.CreateAsync(user, password : "******");
if (!result.Succeeded) //return 500 if it fails
{
_logger.LogCritical("\"(CreateAsync) Error creating user: { @userEmail }\"", user.Email);
return(StatusCode(StatusCodes.Status500InternalServerError));
}
// Assign roles to user. John has Admin role, Jane and Paul have User role
result = await _userManager.AddToRolesAsync(user, new[] { firstUser ? "Administrator" : "User" });
if (!result.Succeeded) // return 500 if fails
{
_logger.LogCritical("\"(AddToRolesAsync) Error adding user to role, user: { @userEmail }, role: Administrator\"", user.Email);
return(StatusCode(StatusCodes.Status500InternalServerError));
}
}
firstUser = false;
}
// Save PERMISSIONS
var saveResult = SavePermissions();
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
// Save USER-PERMISSION
// John (admin user): Admin (globally)
saveResult = SaveUserPermission(Permission.Admin.ToString(), johnUser);
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
// Paul : Admin (Chinook)
saveResult = SaveUserPermission(Permission.Admin.ToString(), paulUser, "Chinook");
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
// Save ROLE-PERMISSION
var adminRoleId = _createdRoles.FirstOrDefault(r => r.Name == Role.Administrator.ToString()).Id;
var userRoleId = _createdRoles.FirstOrDefault(r => r.Name == Role.User.ToString()).Id;
var anonymousRoleId = _createdRoles.FirstOrDefault(r => r.Name == Role.Anonymous.ToString()).Id;
// 1. Admin role: admin (globally)
saveResult = SaveRolePermission(adminRoleId, Permission.Admin.ToString());
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
// 2. Admin role: admin (Chinook)
saveResult = SaveRolePermission(adminRoleId, Permission.Admin.ToString(), "Chinook");
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
// 3. User role: write (globally)
saveResult = SaveRolePermission(userRoleId, Permission.Write.ToString());
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
// 4. Anonymous role: read (globally)
saveResult = SaveRolePermission(anonymousRoleId, Permission.Read.ToString());
if (saveResult.GetType() != typeof(OkObjectResult)) // return 500 if fails
{
return(saveResult);
}
return(Ok("User Creation Ok."));
}
