/// <summary> /// Prohibits a permission for a user if it's granted. /// </summary> /// <param name="user">User</param> /// <param name="permission">Permission</param> public virtual async Task ProhibitPermissionAsync(TUser user, Permission permission) { await UserPermissionStore.RemovePermissionAsync(user, new PermissionGrantInfo(permission.Name, true)); if (!await IsGrantedAsync(user.Id, permission)) { return; } await UserPermissionStore.AddPermissionAsync(user, new PermissionGrantInfo(permission.Name, false)); }
/// <summary> /// Check whether a user is granted for a permission. /// </summary> /// <param name="user">User</param> /// <param name="permission">Permission</param> public virtual async Task <bool> IsGrantedAsync(TUser user, Permission permission) { //Check for multi-tenancy side if (!permission.MultiTenancySides.HasFlag(AbpSession.MultiTenancySide)) { return(false); } //Check for user-specific value if (await UserPermissionStore.HasPermissionAsync(user, new PermissionGrantInfo(permission.Name, true))) { return(true); } if (await UserPermissionStore.HasPermissionAsync(user, new PermissionGrantInfo(permission.Name, false))) { return(false); } //Check for roles var roleNames = await GetRolesAsync(user.Id); if (!roleNames.Any()) { return(permission.IsGrantedByDefault); } foreach (var roleName in roleNames) { if (await RoleManager.HasPermissionAsync(roleName, permission.Name)) { return(true); } } return(false); }
/// <summary> /// Resets all permission settings for a user. /// It removes all permission settings for the user. /// User will have permissions according to his roles. /// This method does not prohibit all permissions. /// For that, use <see cref="ProhibitAllPermissionsAsync"/>. /// </summary> /// <param name="user">User</param> public async Task ResetAllPermissionsAsync(TUser user) { await UserPermissionStore.RemoveAllPermissionSettingsAsync(user); }
/// <summary> /// Resets all permission settings for a user. /// It removes all permission settings for the user. /// User will have permissions according to his roles. /// This method does not prohibit all permissions. /// For that, use <see cref="ProhibitAllPermissionsAsync"/>. /// </summary> /// <param name="user">User</param> public void ResetAllPermissions(TUser user) { UserPermissionStore.RemoveAllPermissionSettings(user); }