public Response CreatePermission([FromBody] PermissionModel permissionModel) { Response reqResponse = new Response(); if (permissionModel.username != "root") { reqResponse.SetResponse(401, "Not Authorized", "You are not authorized to create a permission!", null); goto Finish; } int userId = _userService.GetUser(permissionModel.username, permissionModel.password); if (userId == -1) { reqResponse.SetResponse(401, "Not Authorized", "Invalid credentials inserted!", null); goto Finish; } if (_permissionService.ExistsPermission(permissionModel.permissionName)) { reqResponse.SetResponse(500, "Already Existing", "Permission '" + permissionModel.permissionName + "' already exists in the system.", null); goto Finish; } _permissionService.CreatePermission(permissionModel.permissionName, permissionModel.rights); reqResponse = new Response(); Finish: return(reqResponse); }
public Response AddPermissionToRole([FromBody] PermissionModel permissionModel) { Response reqResponse = new Response(); if (permissionModel.username != "root") { reqResponse.SetResponse(401, "Not Authorized", "You are not authorized to add a user to a role!", null); goto Finish; } int userId = _userService.GetUser(permissionModel.username, permissionModel.password); if (userId == -1) { reqResponse.SetResponse(401, "Not Authorized", "Invalid credentials inserted!", null); goto Finish; } if (!_roleService.ExistsRole(permissionModel.roleName)) { reqResponse.SetResponse(500, "Not Existing", "Role '" + permissionModel.roleName + "' does not exist in the system.", null); goto Finish; } if (!_permissionService.ExistsPermission(permissionModel.permissionName)) { reqResponse.SetResponse(500, "Not Existing", "User '" + permissionModel.permissionName + "' does not exist in the system.", null); goto Finish; } if (_roleService.ExistsPermissionInRole(permissionModel.roleName, permissionModel.permissionName)) { reqResponse.SetResponse(500, "Already existing", "Permission '" + permissionModel.permissionName + "' is already assigned to role '" + permissionModel.roleName + "'.", null); goto Finish; } _permissionService.AssignPermissionToRole(permissionModel.permissionName, permissionModel.roleName); reqResponse = new Response(); Finish: return(reqResponse); }
public Response AssignPermission([FromBody] ResourceModel resourceModel) { Response reqResponse = new Response(); int userId = _userService.GetUser(resourceModel.username, resourceModel.password); if (userId == -1) { reqResponse.SetResponse(401, "Not Authorized", "Invalid credentials inserted!", null); goto Finish; } ResourcePathModel resourceInfo = new ResourcePathModel(resourceModel.resourceName); if (!_resourceService.IsUserOwner(resourceInfo.fullResourcePath, userId)) { reqResponse.SetResponse(401, "Not Authorized", "You are not allowed to change the permissions of the selected resource.", null); goto Finish; } if (!_resourceService.ResourceExists(resourceModel.resourceName)) { reqResponse.SetResponse(404, "Not Existing", resourceModel.resourceName + " does not exist in the current filesystem.", null); goto Finish; } if (!_permissionService.ExistsPermission(resourceModel.permissionName)) { reqResponse.SetResponse(500, "Not Existing", "Permission '" + resourceModel.permissionName + "' does not exist in the system.", null); goto Finish; } _permissionService.AssignPermissionToResource(resourceModel.permissionName, resourceModel.resourceName); reqResponse = new Response(); Finish: return(reqResponse); }