public async Task <ActionResult> PermissionsAdd(SecurityPermissionRoleViewModel model, string roleId)
        {
            if (ModelState.IsValid)
            {
                // prevent bypassing security
                if (model.RoleId != roleId || model.PoolId != Client.SecurityPoolId)
                {
                    return(BadRequest("Model is invalid for this route"));
                }

                // checking for null or locked roles
                var role = await _roleManager.GetByIdAsync(roleId);

                if (role == null)
                {
                    return(BadRequest("Invalid or missing role"));
                }

                if (role.IsLocked)
                {
                    return(BadRequest("Cannot edit the permissions of a locked role"));
                }

                IdentityResult result;

                //Get all claims under the permissions group
                var permissions        = _claimsManager.GetAllPermissionForPoolId(model.PoolId);
                var claims             = permissions.FindClaims(model.PermissionTitle).Distinct();
                var roleSelectedClaims = await _roleManager.GetClaimObjectsAsync(role);

                foreach (var securityClaim in claims)
                {
                    var claim = new System.Security.Claims.Claim(securityClaim.Type, securityClaim.Value);

                    //check if claim is in role...
                    if (roleSelectedClaims.Any())
                    {
                        if (roleSelectedClaims.Any(c => c.ClaimType == securityClaim.Type &&
                                                   c.ClaimValue == securityClaim.Value))
                        {
                            continue;
                        }
                    }
                    result = await _roleManager.AddClaimAsync(new Role()
                    {
                        Id = role.Id
                    }, claim);
                }


                return(Ok(model));
            }
            return(BadRequest(ModelState));
        }
        public async Task <ActionResult> PermissionsRemove(SecurityPermissionRoleViewModel model, string roleId)
        {
            if (ModelState.IsValid)
            {
                // prevent bypassing security
                if (model.RoleId != roleId || model.PoolId != Client.SecurityPoolId)
                {
                    return(BadRequest("Model is invalid for this route"));
                }

                // checking for null or locked roles
                var role = await _roleManager.GetByIdAsync(roleId);

                if (role == null)
                {
                    return(BadRequest("Invalid or missing role"));
                }

                if (role.IsLocked)
                {
                    return(BadRequest("Cannot edit the permissions of a locked role"));
                }

                IdentityResult result;

                //Get all claims under the permissions group
                var permissions = _claimsManager.GetAllPermissionForPoolId(model.PoolId);
                var claims      = permissions.FindClaims(model.PermissionTitle).Distinct();

                foreach (var securityClaim in claims)
                {
                    result = await _roleManager.RemoveClaimAsync(securityClaim.Type, securityClaim.Value, model.RoleId);

                    if (!result.Succeeded)
                    {
                        return(ErrorView(result.Errors.ToString()));
                    }
                }

                return(Ok(model));
            }
            return(BadRequest(ModelState));
        }