public async Task <IActionResult> SavePermission([FromBody] SavePermissionRequest data) { var hasPermission = await _authorizationService.AuthorizeAsync(User, "FUNCTION", Operations.Create); if (hasPermission.Succeeded == false) { return(new BadRequestObjectResult(CommonConstants.Forbidden)); } if (ModelState.IsValid) { _permissionService.DeleteAll(data.FunctionId); foreach (var permissionVm in data.Permissions) { permissionVm.FunctionId = data.FunctionId; Permission permissionDb = new Permission(); permissionDb.UpdatePermission(permissionVm); _permissionService.AddDb(permissionDb); } List <FunctionViewModel> childFunctions = _functionService.GetAllWithParentId(data.FunctionId); if (childFunctions.Count() > 0) { foreach (var childFunction in childFunctions) { _permissionService.DeleteAll(childFunction.Id); foreach (var permissionVm in data.Permissions) { permissionVm.FunctionId = childFunction.Id; Permission permissionDb = new Permission(); permissionDb.UpdatePermission(permissionVm); _permissionService.AddDb(permissionDb); } } } _permissionService.SaveChanges(); return(new OkObjectResult("Success")); } return(new BadRequestObjectResult(ModelState)); }