public ActionResult Create(CreateRoleViewModel vm) { if (ModelState.IsValid) { var newRole = new Role { Name = vm.Name, Description = vm.Description }; _roleRepository.Create(newRole); _unitOfWork.Commit(); foreach (var permission in vm.PermissionIds) { var rolePermission = new RolePermission { RoleId = newRole.Id, PermissionId = permission }; _rolePermissionRepository.Create(rolePermission); } _unitOfWork.Commit(); return(RedirectToAction("Index")); } ViewBag.RolePermissions = new MultiSelectList(_permissionRepository.GetAll(), "Id", "Title"); return(View(vm)); }
public async Task <IActionResult> UpdateRolePermissionAsync([FromBody] UpdateRolePermissionViewModel model_) { string roleId = (await _roleManager.FindByNameAsync(model_.RoleName)).Id; Enum.TryParse(model_.PermissionValue, true, out Permission permissionEnumValue); if (model_.Extension == Constants.SoftinuxBaseSecurity && permissionEnumValue != Permission.Admin) { if (await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(_roleManager, Storage, model_.RoleName, model_.Extension)) { return(StatusCode((int)HttpStatusCode.BadRequest, "Permission not updated, the role is the last Admin grant to SoftinuxBase.Security extension")); } } IRolePermissionRepository repo = Storage.GetRepository <IRolePermissionRepository>(); repo.Delete(roleId, model_.Extension); var permissionEntity = Storage.GetRepository <IPermissionRepository>().Find(permissionEnumValue); repo.Create(new RolePermission { RoleId = roleId, PermissionId = permissionEntity.Id, Extension = model_.Extension }); await Storage.SaveAsync(); return(StatusCode((int)HttpStatusCode.OK)); }
private async Task SetPermissions(Guid roleId, params Guid[] permIds) { // Add new permissions from list var existingPermissions = (await _rolePermissionRepository.GetByRole(roleId)).ToList(); var permissionsToAdd = permIds.Where(x => existingPermissions.All(p => p.PermissionId != x)).ToList(); var permissionsToRemove = existingPermissions.Where(p => permIds.All(x => x != p.PermissionId)).ToList(); foreach (var permId in permissionsToAdd) { _rolePermissionRepository.Create(new RolePermission { RoleId = roleId, PermissionId = permId }); } // Remove permissions that no longer apply foreach (var perm in permissionsToRemove) { await _rolePermissionRepository.Delete(perm.RoleId, perm.PermissionId); } _rolePermissionsCache.Purge(roleId); await _rolePermissionRepository.SaveChanges(); }
/// <summary> /// First, check that a role with this name doesn't already exist. /// /// Second, save new data into database. /// </summary> /// <param name="storage_">Storage interface provided by services container.</param> /// <param name="roleManager_">Roles manager object.</param> /// <param name="model_">A <see cref="SaveNewRoleAndGrantsViewModel" /> object.</param> /// <returns>Null if success, otherwise error message.</returns> public static async Task <string> CheckAndSaveNewRoleAndGrantsAsync(IStorage storage_, RoleManager <IdentityRole <string> > roleManager_, SaveNewRoleAndGrantsViewModel model_) { if (await UpdateRoleAndGrants.CheckThatRoleOfThisNameExistsAsync(roleManager_, model_.RoleName)) { return("A role with this name already exists"); } if (model_.Extensions == null || !model_.Extensions.Any()) { return("At least one extension must be selected"); } try { // Convert the string to the enum if (Enum.TryParse <Common.Enums.Permission>(model_.PermissionValue, true, out var permissionEnumValue)) { var permissionEntity = storage_.GetRepository <IPermissionRepository>().Find(permissionEnumValue); // Save the Role IdentityRole <string> identityRole = new IdentityRole <string> { // Auto-incremented ID Name = model_.RoleName }; await roleManager_.CreateAsync(identityRole); // Save the role-extension-permission link if (model_.Extensions != null) { IRolePermissionRepository repo = storage_.GetRepository <IRolePermissionRepository>(); foreach (string extension in model_.Extensions) { repo.Create(new RolePermission { RoleId = identityRole.Id, PermissionId = permissionEntity.Id, Extension = extension }); } } } await storage_.SaveAsync(); return(null); } catch (Exception e) { return($"{e.Message} {e.StackTrace}"); } }
[HttpGet] // TODO change to POST public async Task <IActionResult> UpdateRolePermission(string roleName_, string permissionId_, string scope_) { string roleId = (await _roleManager.FindByNameAsync(roleName_)).Id; IRolePermissionRepository repo = Storage.GetRepository <IRolePermissionRepository>(); repo.Delete(roleId, scope_); if (!string.IsNullOrEmpty(permissionId_.ToLowerInvariant())) { repo.Create(new RolePermission { RoleId = roleId, PermissionId = permissionId_.UppercaseFirst(), Scope = scope_ }); } Storage.Save(); return(new JsonResult(true)); }
/// <summary> /// First, check that a role with this name doesn't already exist. /// Second, save new data into database. /// </summary> /// <param name="model_">Model with role name and grant data (extensions and permission level)</param> /// <param name="roleManager_"></param> /// <param name="storage_"></param> /// <returns>Not null when something failed, else null when save went ok</returns> public static async Task <string> CheckAndSaveNewRoleAndGrants(SaveNewRoleAndGrantsViewModel model_, RoleManager <IdentityRole <string> > roleManager_, IStorage storage_) { if (await UpdateRole.CheckThatRoleOfThisNameExists(roleManager_, model_.RoleName)) { return("A role with this name already exists"); } try { // Convert the string to the enum var permissionEnum = Enum.Parse <Security.Common.Enums.Permission>(model_.Permission, true); // Save the Role IdentityRole <string> identityRole = new IdentityRole <string> { // Auto-incremented ID Name = model_.RoleName }; await roleManager_.CreateAsync(identityRole); // Save the role-extension-permission link if (model_.Extensions != null) { IRolePermissionRepository repo = storage_.GetRepository <IRolePermissionRepository>(); foreach (string extension in model_.Extensions) { repo.Create(new RolePermission { RoleId = identityRole.Id, PermissionId = permissionEnum.ToString(), Scope = extension }); } } storage_.Save(); return(null); } catch (Exception e) { return($"{e.Message} {e.StackTrace}"); } }
public ActionResult Update(RoleModel vm) { ApiResult <Role> apiResult; if (ModelState.IsValid) { if (vm.Id > 0) { apiResult = TryExecute(() => { var selectedRole = _roleRepository.Get(vm.Id); selectedRole.Name = vm.Name; selectedRole.Description = vm.Description; // Clean up all Permissions var permissions = _rolePermissionRepository.GetAllBy(r => r.RoleId == vm.Id).ToList(); foreach (var permission in permissions) { _rolePermissionRepository.Delete(permission); } _unitOfWork.Commit(); foreach (var permission in vm.PermissionIds) { var rolePermission = new RolePermission { RoleId = vm.Id, PermissionId = permission }; _rolePermissionRepository.Create(rolePermission); } _roleRepository.Update(selectedRole); _unitOfWork.Commit(); return(selectedRole); }, "Role updated sucessfully"); } else { apiResult = TryExecute(() => { var newRole = new Role { Name = vm.Name, Description = vm.Description }; _roleRepository.Create(newRole); _unitOfWork.Commit(); foreach (var permission in vm.PermissionIds) { var rolePermission = new RolePermission { RoleId = newRole.Id, PermissionId = permission }; _rolePermissionRepository.Create(rolePermission); } _unitOfWork.Commit(); return(newRole); }, "Role created sucessfully"); } } else { apiResult = ApiResultFromModelErrors <Role>(); } return(Json(apiResult, JsonRequestBehavior.AllowGet)); }