public void AddPermission(PermissionRecord permission, string[] rolesToMap)
        {
            Guard.ArgumentNotNull(() => permission);
            Guard.ArgumentNotNull(() => rolesToMap);

            if (permission.SystemName.IsEmpty())
                return;

            var permissionRecord = _permissionRecords.FirstOrDefault(x => x.SystemName == permission.SystemName);

            if (permissionRecord == null)
            {
                _permissionRecords.Add(permission);

                _ctx.SaveChanges();
            }

            permissionRecord = _permissionRecords.FirstOrDefault(x => x.SystemName == permission.SystemName);

            foreach (var roleName in rolesToMap)
            {
                var role = _customerRoles.FirstOrDefault(x => x.SystemName == roleName);
                if (role != null && !role.PermissionRecords.Any(x => x.SystemName == permission.SystemName))
                {
                    role.PermissionRecords.Add(permissionRecord);
                }
            }

            _ctx.SaveChanges();
        }
        /// <summary>
        /// Authorize permission
        /// </summary>
        /// <param name="permission">Permission record</param>
        /// <param name="customer">Customer</param>
        /// <returns>true - authorized; otherwise, false</returns>
        public virtual bool Authorize(PermissionRecord permission, Customer customer)
        {
            if (permission == null)
                return false;

            if (customer == null)
                return false;

            //old implementation of Authorize method
            //var customerRoles = customer.CustomerRoles.Where(cr => cr.Active);
            //foreach (var role in customerRoles)
            //    foreach (var permission1 in role.PermissionRecords)
            //        if (permission1.SystemName.Equals(permission.SystemName, StringComparison.InvariantCultureIgnoreCase))
            //            return true;

            //return false;

            return Authorize(permission.SystemName, customer);
        }
        /// <summary>
        /// Updates the permission
        /// </summary>
        /// <param name="permission">Permission</param>
        public virtual void UpdatePermissionRecord(PermissionRecord permission)
        {
            if (permission == null)
                throw new ArgumentNullException("permission");

            _permissionRecordRepository.Update(permission);

            _cacheManager.RemoveByPattern(PERMISSIONS_PATTERN_KEY);
        }
 /// <summary>
 /// Authorize permission
 /// </summary>
 /// <param name="permission">Permission record</param>
 /// <returns>true - authorized; otherwise, false</returns>
 public virtual bool Authorize(PermissionRecord permission)
 {
     return Authorize(permission, _workContext.CurrentCustomer);
 }
        /// <summary>
        /// Install permissions
        /// </summary>
        /// <param name="permissionProvider">Permission provider</param>
        public virtual void InstallPermissions(IPermissionProvider permissionProvider)
        {
            using (var scope = new DbContextScope(_permissionRecordRepository.Context, autoDetectChanges: false, autoCommit: false))
            {
                //install new permissions
                var permissions = permissionProvider.GetPermissions();
                foreach (var permission in permissions)
                {
                    var permission1 = GetPermissionRecordBySystemName(permission.SystemName);
                    if (permission1 == null)
                    {
                        //new permission (install it)
                        permission1 = new PermissionRecord()
                        {
                            Name = permission.Name,
                            SystemName = permission.SystemName,
                            Category = permission.Category,
                        };

                        // default customer role mappings
                        var defaultPermissions = permissionProvider.GetDefaultPermissions();
                        foreach (var defaultPermission in defaultPermissions)
                        {
                            var customerRole = _customerService.GetCustomerRoleBySystemName(defaultPermission.CustomerRoleSystemName);
                            if (customerRole == null)
                            {
                                //new role (save it)
                                customerRole = new CustomerRole()
                                {
                                    Name = defaultPermission.CustomerRoleSystemName,
                                    Active = true,
                                    SystemName = defaultPermission.CustomerRoleSystemName
                                };
                                _customerService.InsertCustomerRole(customerRole);
                            }

                            var defaultMappingProvided = (from p in defaultPermission.PermissionRecords
                                                            where p.SystemName == permission1.SystemName
                                                            select p).Any();
                            var mappingExists = (from p in customerRole.PermissionRecords
                                                    where p.SystemName == permission1.SystemName
                                                    select p).Any();
                            if (defaultMappingProvided && !mappingExists)
                            {
                                permission1.CustomerRoles.Add(customerRole);
                            }
                        }

                        //save new permission
                        InsertPermissionRecord(permission1);
                    }
                }

                scope.Commit();
            }
        }