Esempio n. 1
0
        public ActionResult EditPermissions(ProjectRolesViewModel model)
        {
            if (!ModelState.IsValid)
                return View(model);

            Project project = db.Projects
                .Include(p => p.Authorizations)
                .First(p => p.Id == model.Id);

            var currentUserId = User.Identity.GetUserId();

            var auths = project.Authorizations
                .Where(auth => auth.User_ID == currentUserId);
            if (!auths.Any(auth => auth.Permission == Permission.Administrator))
            {
                return new HttpStatusCodeResult(HttpStatusCode.Forbidden,
                    "You do not have sufficient permissions for that resource.");
            }

            foreach(var userRoleModel in model.UserRoles)
            {
                foreach(var permModel in userRoleModel.Permissions)
                {
                    var projAuth = new ProjectAuthorization()
                        {
                            User_ID = userRoleModel.UserId,
                            Permission = permModel.Permission,
                            Project_ID = model.Id.Value
                        };
                    if (permModel.Removed)
                    {
                        projAuth = project.Authorizations.FirstOrDefault(
                            existingAuth =>
                                    existingAuth.User_ID == projAuth.User_ID
                                &&  existingAuth.Permission == projAuth.Permission);
                        project.Authorizations.Remove(projAuth);
                    }
                    else if (permModel.Added)
                    {
                        project.Authorizations.Add(projAuth);
                    }
                }
            }

            db.SaveChanges();

            // Before redirecting to project, make sure the user didn't
            //   remove all permissions from himself.
            if (model.UserRoles.Any(userRole =>
                        userRole.UserId == currentUserId
                    &&  userRole.Permissions.Any(perm => perm.Selected)))
            {
                return RedirectToAction("Details", new { id = model.Id });
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }
Esempio n. 2
0
        // GET: /Projects/UserList/{id}
        public ActionResult UserList(int? id)
        {
            if (id == null)
                return new HttpStatusCodeResult(HttpStatusCode.BadRequest);

            Project project = db.Projects
                    .Include(p => p.Authorizations)
                    .First(p => p.Id == id);

            var currentUserId = User.Identity.GetUserId();

            var auths = project.Authorizations
                .Where(auth => auth.User_ID == currentUserId);
            if (!auths.Any())
            {
                return new HttpStatusCodeResult(HttpStatusCode.Forbidden,
                    "You do not have sufficient permissions for that resource.");
            }

            var model = new ProjectRolesViewModel
                {
                    Id = project.Id,
                    Name = project.Name
                };
            model.Id = project.Id;
            model.Name = project.Name;

            var ownerModel = new UserPermissionsViewModel
                {
                    isOwner = true,
                    UserId = project.Owner.Id,
                    UserName = project.Owner.UserName
                };
            model.UserRoles.Add(ownerModel);

            foreach (var roleGroup in project.Authorizations
                                        .GroupBy(auth => auth.User_ID))
            {
                var firstRole = roleGroup.FirstOrDefault();
                UserPermissionsViewModel roleModel = null;

                if (firstRole.User_ID == ownerModel.UserId)
                {
                    roleModel = ownerModel;
                }
                else
                {
                    roleModel = new UserPermissionsViewModel
                        {
                            UserId = firstRole.User_ID,
                            UserName = firstRole.User.UserName
                        };
                    model.UserRoles.Add(roleModel);
                }

                foreach (var role in roleGroup.Select(auth => auth.Permission))
                {
                    roleModel.Permissions.Add(new PermissionViewModel
                        {
                            Permission = role,
                            PrevSelected = true, Selected = true
                        });
                }
            }

            return View(model);
        }
Esempio n. 3
0
        // GET: /Projects/EditPermissions/{id}
        public ActionResult EditPermissions(int? id)
        {
            if (id == null)
                return new HttpStatusCodeResult(HttpStatusCode.BadRequest);

            Project project = db.Projects
                    .Include(p => p.Authorizations)
                    .First(p => p.Id == id);

            var currentUserId = User.Identity.GetUserId();

            var auths = project.Authorizations
                .Where(auth => auth.User_ID == currentUserId);
            if (!auths.Any(auth => auth.Permission == Permission.Administrator))
            {
                return new HttpStatusCodeResult(HttpStatusCode.Forbidden,
                    "You do not have sufficient permissions for that resource.");
            }

            var model = new ProjectRolesViewModel
                { Id = project.Id, Name = project.Name };

            var ownerModel = new UserPermissionsViewModel
                {
                    isOwner = true,
                    UserId = project.Owner.Id,
                    UserName = project.Owner.UserName
                };
            model.UserRoles.Add(ownerModel);

            foreach (var roleGroup in project.Authorizations
                                        .GroupBy(auth => auth.User_ID))
            {
                var firstRole = roleGroup.FirstOrDefault();
                UserPermissionsViewModel roleModel = null;

                if (firstRole.User_ID == ownerModel.UserId)
                {
                    roleModel = ownerModel;
                }
                else
                {
                    roleModel = new UserPermissionsViewModel
                        {
                            UserId = firstRole.User_ID,
                            UserName = firstRole.User.UserName
                        };
                    model.UserRoles.Add(roleModel);
                }

                roleModel.UserId = firstRole.User_ID;
                roleModel.UserName = firstRole.User.UserName;
                foreach(var roleObj in System.Enum.GetValues(typeof(Permission)))
                {
                    bool selected = roleGroup.Any(auth =>
                        auth.Permission == (Permission)roleObj);
                    roleModel.Permissions.Add(new PermissionViewModel
                        {
                            Permission = (Permission) roleObj,
                            PrevSelected = selected, Selected = selected
                        });
                }
            }

            // If the owner has no permissions, we need to manually fill out
            //   an empty permissions list since it wasn't handled above.
            if(!ownerModel.Permissions.Any())
            {
                foreach (var roleObj in System.Enum.GetValues(typeof(Permission)))
                {
                    ownerModel.Permissions.Add(new PermissionViewModel
                        {
                            Permission = (Permission) roleObj,
                            PrevSelected = false, Selected = false
                        });
                }
            }

            return View(model);
        }