public List <Guid> Authorized(string objectTypeName, params Guid[] objectId)
{
List <Guid> result = new List <Guid>();
if (objectId.IsEmpty())
{
return(result);
}
int objectTypeCode = ModuleCollection.GetIdentity(objectTypeName);
var resourceOwner = _resourceOwnerService.FindByName(objectTypeName);
if (resourceOwner == null || resourceOwner.StateCode == Core.RecordState.Disabled)
{
return(result);
}
var userInRole = _appContext.GetFeature <ICurrentUser>().Roles.Select(f => f.RoleId).ToArray();
if (userInRole.NotEmpty())
{
var roaList = _roleObjectAccessRepository.Query(x => x.RoleId.In(userInRole) && x.ObjectTypeCode == objectTypeCode && x.ObjectId.In(objectId));
result = objectId.ToList();
result.RemoveAll(x => !roaList.Exists(r => r.ObjectId == x));
return(result);
}
return(result);
}
public IActionResult SaveRolePermissions([FromBody] EditRolePermissionsModel model)
{
var resourceOwner = _resourceOwnerService.FindByName(model.ResourceName);
if (resourceOwner == null)
{
return(NotFound());
}
var Role = _roleService.FindById(model.RoleId);
if (Role.Name.IsCaseInsensitiveEqual(RoleDefaults.ADMINISTRATOR))
{
return(JError(T["notallow_edit"]));
}
if (ModelState.IsValid)
{
_roleObjectAccessService.DeleteByRole(model.RoleId, resourceOwner.ModuleName);
if (model.ObjectId.NotEmpty())
{
List <RoleObjectAccess> roleObjectAccess = new List <RoleObjectAccess>();
var objectTypeCode = Module.Core.ModuleCollection.GetIdentity(resourceOwner.ModuleName);
int i = 0;
foreach (var item in model.ObjectId)
{
var roa = new RoleObjectAccess
{
RoleObjectAccessId = Guid.NewGuid(),
RoleId = model.RoleId,
ObjectId = item,
ObjectTypeCode = objectTypeCode
};
if (model.Mask == null)
{
roa.AccessRightsMask = 1;
}
else if (model.Mask != null && model.Mask[i] > 0)
{
roa.AccessRightsMask = (int)model.Mask[i];
}
if (roa.AccessRightsMask > 0 && !roleObjectAccess.Exists(x => x.ObjectId == item && x.ObjectTypeCode == objectTypeCode))
{
roleObjectAccess.Add(roa);
}
i++;
}
if (roleObjectAccess.NotEmpty())
{
_roleObjectAccessService.CreateMany(roleObjectAccess);
}
}
return(SaveSuccess());
}
return(SaveFailure(GetModelErrors()));
}
public IActionResult EditRoleFieldPermissions(Guid roleId)
{
if (roleId.IsEmpty())
{
return(NotFound());
}
var resourceOwner = _resourceOwnerService.FindByName(AttributeDefaults.ModuleName);
if (resourceOwner == null)
{
return(NotFound());
}
EditRolePermissionsModel model = new EditRolePermissionsModel
{
ResourceName = AttributeDefaults.ModuleName,
ResourceOwnerDescriptor = resourceOwner,
Role = _roleService.FindById(roleId),
RoleId = roleId,
RoleObjectAccess = _roleObjectAccessService.QueryRolePermissions(roleId, DataAuthorizationDefaults.ModuleName)
};
return(DynamicResult(model, $"~/Views/Security/{WebContext.ActionName}.cshtml"));
}
public IActionResult PrivilegeResources(string resourceName)
{
if (resourceName.IsEmpty())
{
return(NotFound());
}
var resourceOwner = _resourceOwnerService.FindByName(resourceName);
if (resourceOwner == null)
{
return(NotFound());
}
PrivilegeResourceModel model = new PrivilegeResourceModel
{
ResourceName = resourceName
,
ResourceOwnerDescriptor = resourceOwner
};
return(View(model));
}