public async Task <IActionResult> AddSecurity(SecurityDTO SecurityDTO) { var response = await _Security.AddAsync(SecurityDTO); return(Ok(response)); }
public SecurityModule(ILoggerService logger, ISecurityService service, ISecurityService securityService) { _logger = logger; _service = service; _securityService = securityService; if (Debugger.IsAttached) { this.RequiresApiAuthentication(); } else { this.RequiresAuthentication(); } Get["/web/security"] = _ => { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; return(View["Security.cshtml", new SecurityResponseModel(_service.GetAll())]); }; Get["/api/securities"] = _ => { try { if (string.IsNullOrWhiteSpace(Context.Request.Headers.Authorization)) { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; } var securities = _service.GetAll(); List <object> result = new List <object>(); foreach (var security in securities) { List <object> radios = new List <object>(); foreach (var radio in security.RadiosWithAccess) { dynamic radioWithAccess = new { alias = radio.RadioAlias, guid = radio.RadioGuid, access = radio.HasAccess }; radios.Add(radioWithAccess); } List <object> reports = new List <object>(); foreach (var report in security.ReportsWithAccess) { dynamic reportWithAccess = new { name = report.ReportName, access = report.HasAccess }; reports.Add(reportWithAccess); } List <object> properties = new List <object>(); foreach (var property in security.Properties) { dynamic propertyWithAccess = new { group = property.Group.ToString(), name = property.Name }; properties.Add(propertyWithAccess); } dynamic resultAccessGroup = new { guid = security.Guid, name = security.Name, accessAllRadios = security.AccessAllRadios, radiosWithAccess = radios, accessAllReports = security.AccessAllReports, reportsWithAccess = reports, properties = properties }; result.Add(resultAccessGroup); } return(Response.AsJson(result)); } catch (Exception e) { _logger.LogError(e); return(new Response { StatusCode = HttpStatusCode.InternalServerError, ReasonPhrase = WebResources.Error_FailureObtainingSecurities }); } }; Get["/api/reports"] = (_) => { if (Context.Request.Headers.Authorization == null) { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; } var reports = _service.GetAllReports(); List <object> result = new List <object>(); foreach (var report in reports.OrderBy(item => item.Description)) { result.Add(new { name = report.ReportName, description = report.Description }); } return(Response.AsJson(result)); }; Get["/api/security-properties"] = (_) => { try { if (Context.Request.Headers.Authorization == null) { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; } var properties = _service.GetAllProperties(); var result = new List <object>(); foreach (var property in properties.OrderBy(x => x.Description)) { result.Add(new { group = property.Group.ToString(), name = property.Name, description = property.Description }); } return(Response.AsJson(result)); } catch (Exception e) { _logger.LogError(e); return(new Response { StatusCode = HttpStatusCode.InternalServerError, ReasonPhrase = Resources.WebResources.Error_FailureObtainingSecurityProperties }); } }; Post["/api/securities/add", true] = async(_, __) => { try { if (Context.Request.Headers.Authorization == null) { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; } var model = this.Bind <SecurityModel>(x => x.Guid); var result = this.Validate(model); if (result.IsValid) { await _service.AddAsync(SecurityModelToDbSecurityModel(model)); return(Response.AsJson(model, HttpStatusCode.OK)); } else { return(Negotiate.WithAllowedMediaRange("application/json").WithModel(result).WithStatusCode(HttpStatusCode.BadRequest).WithReasonPhrase(WebResources.Error_FailureValidatingItem)); } } catch (Exception e) { _logger.LogError(e); return(new Response { StatusCode = HttpStatusCode.InternalServerError, ReasonPhrase = Resources.WebResources.Error_FailureSavingSecurity }); } }; Post["/api/securities/update", true] = async(_, __) => { try { if (Context.Request.Headers.Authorization == null) { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; } var model = this.Bind <SecurityModel>(); var result = this.Validate(model); if (result.IsValid) { await _service.UpdateAsync(SecurityModelToDbSecurityModel(model)).ConfigureAwait(false); return(Response.AsJson(new object(), HttpStatusCode.OK)); } else { return(Negotiate.WithAllowedMediaRange("application/json").WithModel(result).WithStatusCode(HttpStatusCode.BadRequest).WithReasonPhrase(WebResources.Error_FailureValidatingItem)); } } catch (Exception e) { _logger.LogError(e); return(new Response { StatusCode = HttpStatusCode.InternalServerError, ReasonPhrase = Resources.WebResources.Error_FailureSavingSecurity }); } }; Post["/api/securities/delete", true] = async(_, __) => { try { if (Context.Request.Headers.Authorization == null) { var access = _securityService.CheckUserAccess(((UserIdentity)Context.CurrentUser).Guid, "ChangeSystemSecurity"); if (!access) { return new Response { StatusCode = HttpStatusCode.Forbidden, ReasonPhrase = WebResources.Error_PermissionDenied } } ; } foreach (var record in this.Bind <IEnumerable <SecurityModel> >()) { var result = this.Validate(record); if (result.IsValid) { await _service.DeleteAsync(SecurityModelToDbSecurityModel(record)); } else { return(Negotiate.WithModel(result).WithStatusCode(HttpStatusCode.BadRequest)); } } return(Response.AsJson(new object(), HttpStatusCode.OK)); } catch (Exception e) { _logger.LogError(e); return(new Response { StatusCode = HttpStatusCode.InternalServerError, ReasonPhrase = WebResources.Error_FailureDeletingSecurity }); } }; } private dbModels.SecurityModel SecurityModelToDbSecurityModel(SecurityModel model) { var result = new dbModels.SecurityModel(model.Guid, model.Name, model.AccessAllRadios, model.AccessAllReports); foreach (var radio in model.RadiosWithAccess) { result.RadiosWithAccess.Add(new dbModels.SecurityRadioModel() { HasAccess = true, RadioGuid = radio.Guid, RadioAlias = radio.Alias }); } foreach (var report in model.ReportsWithAccess) { result.ReportsWithAccess.Add(new dbModels.SecurityReportModel() { ReportName = report.Name, HasAccess = report.Access }); } foreach (var property in model.Properties) { dbModels.SecurityPropertyGroup group; Enum.TryParse(property.Group, true, out group); result.Properties.Add(new dbModels.SecurityPropertyModel() { Group = group, Name = property.Name }); } return(result); } }