public ActionResult AddPermissions(int id, int convention_id, UserRole role)
{
var us = new UserService((ClaimsIdentity)User.Identity, db);
var user = us.GetUser();
if (user.isSuperAdmin || user.AppUserPermissions.Any(p => p.Convention.Id == convention_id && p.UserRole == UserRole.Admin))
{
var permUser = db.AppUsers.Find(id);
var con = db.Conventions.Find(convention_id);
if (db.AppUserPermissions.Where(a => a.UserRole == role && a.AppUser.Id == id && a.Convention.Id == convention_id).ToList().Count == 0)
{
var perm = new AppUserPermission()
{
AppUser = permUser, Convention = con, UserRole = role
};
db.AppUserPermissions.Add(perm);
db.SaveChanges();
}
}
return(RedirectToAction("Details", new { id }));
}
public ActionResult EditUserPermission(int id, EditAppUserPermissionViewModel model)
{ //Clave del resource
using (var context = new AppSecurityContext())
{
var actionRepository = new ActionRepository(context);
var resourceRepository = new ResourceRepository(context);
var permissionRepository = new PermissionRepository(context);
var userPermissionRository = new UserPermissionRepository(context);
try
{
var userPermision = userPermissionRository.GetAll().Where(x => x.Id == id).FirstOrDefault();
var actions = actionRepository.GetAll();
var resource = resourceRepository.Find(userPermision.Permission.ResourceKey);
var permissions = userPermissionRository.GetAll()
.Where(x => x.Permission.ResourceKey == resource.Key)
.Where(x => x.UserId == userPermision.UserId);
var actionKeys = permissions.Select(x => x.Permission.ActionKey).ToArray();
model.AvailableActions = mapper.Map <ICollection <AppActionViewModel> >(actions);
//Se eliminan los permisos anteriores
foreach (var perm in permissions)
{
userPermissionRository.Delete(perm);
}
if (model.SelectedActions != null)
{
//Se agregan los nuevos
var permissionForInsert = permissionRepository
.GetAll()
.Where(x => x.ResourceKey == resource.Key)
.Where(x => model.SelectedActions.Contains(x.ActionKey));
foreach (var p in permissionForInsert)
{
var permission = new AppUserPermission();
permission.UserId = userPermision.UserId;
permission.PermissionId = p.Id;
userPermissionRository.Insert(permission);
}
model.SelectedActions = actionKeys;
model.ResourceKey = resource.Key;
model.ResourceName = resource.Name;
}
context.SaveChanges();
return(RedirectToAction("UserPermission", new { id = model.User.Id }));
}
catch (Exception ex)
{
ViewBag.Error = ex.Message;
if (ex.InnerException != null)
{
ViewBag.Error += ex.InnerException.Message;
}
return(View(model));
}
}
}
public IHttpActionResult HasPermission(AppUserPermission permission)
{
var result = userService.HasPermission(permission);
return(Ok(result));
}
