/// <summary>
/// Save the permissions submitted by the security access screen
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public SecurityAccessMaintenanceSavePermissionsResponse SavePermissions(
SecurityAccessMaintenanceSavePermissionsRequest request)
{
//
//Validation
//
if (request == null || request.SecuritySecurableId == null)
{
return(new SecurityAccessMaintenanceSavePermissionsResponse()
{
IsSuccessful = false,
Message = "An invalid request or SecuritySecurableId was passed into SavePermissions."
});
}
//
//Get the security securable
//
var securitySecurable = _repository.GetAll <SecuritySecurable>()
.FirstOrDefault(p => p.SecuritySecurableId == request.SecuritySecurableId);
//
//Get the security action records for this securable
//
var securitySecurableActions = _repository.GetAll <SecuritySecurableAction>(p => p.SecurityAction).Where(p => p.SecuritySecurableId == request.SecuritySecurableId).ToList();
//
//Get the security access records for this securable
//
var securityAccesses = _repository.GetAll <SecurityAccess>().Where(p => p.SecuritySecurableId == request.SecuritySecurableId).ToList();
//
//Update the permissions
//
int numPermissionsUpdated = 0;
foreach (var permissionToSave in request.PermissionsToSave)
{
//
//Get the security securable action associated with the permission we are saving
//
var securitySecurableAction = securitySecurableActions.FirstOrDefault(p => p.SecuritySecurableActionId == permissionToSave.SecuritySecurableActionId);
//
//Get the security access record associated with this permission.
//This may return null if the record doesnt exist.
//
var securityAccess =
securityAccesses.FirstOrDefault(
p => p.SecurityActionId == securitySecurableAction.SecurityAction.SecurityActionId &&
p.SecurityRoleId == permissionToSave.SecurityRoleId &&
p.SecuritySecurableId == request.SecuritySecurableId);
//
//Bad permission value specified, throw an error
//
if (String.IsNullOrWhiteSpace(permissionToSave.PermissionValue))
{
return(new SecurityAccessMaintenanceSavePermissionsResponse()
{
IsSuccessful = false,
Message = String.Format("An invalid permission value was specified to save. The value was empty.")
});
}
//
//If this is an inherited permission, then delete the security access record if it exists.
//
else if (permissionToSave.PermissionValue.ToLower() == "inherited")
{
if (securityAccess != null)
{
_repository.Delete(securityAccess);
numPermissionsUpdated++;
}
}
//
//If the security access record exists and we are changing its value to allowed
//
else if (securityAccess != null && permissionToSave.PermissionValue.ToLower() == "allowed")
{
//If it is currently NOT allowed we need to change the value
if (!securityAccess.Allowed)
{
securityAccess.Allowed = true;
numPermissionsUpdated++;
}
}
//
//If the security access record exists and we are changing its value to not allowed
//
else if (securityAccess != null && permissionToSave.PermissionValue.ToLower() == "notallowed")
{
//If it is currently allowed we need to change the value
if (securityAccess.Allowed)
{
securityAccess.Allowed = false;
numPermissionsUpdated++;
}
}
//
//If the security access record doesnt exist then we create it
//
else if (securityAccess == null &&
(permissionToSave.PermissionValue.ToLower() == "allowed" || permissionToSave.PermissionValue.ToLower() == "notallowed"))
{
securityAccess = new SecurityAccess()
{
SecuritySecurableId = securitySecurable.SecuritySecurableId,
SecurityActionId = securitySecurableAction.SecurityActionId,
SecurityRoleId = permissionToSave.SecurityRoleId,
Allowed = (permissionToSave.PermissionValue.ToLower() == "allowed" ? true : false)
};
_repository.Add(securityAccess);
numPermissionsUpdated++;
}
//
//If we got here then an error occurred
//
else
{
return(new SecurityAccessMaintenanceSavePermissionsResponse()
{
IsSuccessful = false,
Message = String.Format("An invalid permission value of {0} was specified to save.", permissionToSave.PermissionValue)
});
}
}
_repository.Commit();
//
//Successful save
//
return(new SecurityAccessMaintenanceSavePermissionsResponse()
{
IsSuccessful = true,
NumPermissionsUpdated = numPermissionsUpdated,
Message = String.Format("{0} permission(s) were updated.", numPermissionsUpdated)
});
}
public virtual ActionResult GetEffectivePermissionsForSecurable(GetEffectivePermissionsForSecurableViewModel model)
{
//
//Populate the role selection lists
//
PopulateDropDownLists(model);
//
//Save any permission changes that came in
//
if (model.SubmitAction == SubmitActions.Save.ToString() &&
model.SecurityAccessSettings != null &&
model.SecurityAccessSettings.Count > 0)
{
var permissionsToSave = new List <PermissionToSave>();
//
//The permissions get submitted in a dictionary.
//The key is security securable action ID + "~" + security role Id
//The value is Allowed, NotAllowed, or Inherited
//
foreach (var key in model.SecurityAccessSettings.Keys)
{
//
//Break the key into its components: securitySecurableActionId and roleId
//Create the record of the permission to save for the service layer
//
var value = model.SecurityAccessSettings[key];
var keyElements = key.Split('~');
if (keyElements != null && keyElements.Count() == 2)
{
var securitySecurableActionId = int.Parse(keyElements[0]);
var roleId = int.Parse(keyElements[1]);
var permissionToSave = new PermissionToSave()
{
SecurityRoleId = roleId,
SecuritySecurableActionId = securitySecurableActionId,
PermissionValue = value
};
permissionsToSave.Add(permissionToSave);
}
}
//
//Call the service layer to persist the permissions
//
var saveRequest = new SecurityAccessMaintenanceSavePermissionsRequest()
{
SecuritySecurableId = model.SecuritySecurableId,
PermissionsToSave = permissionsToSave
};
var saveResponse = _service.SavePermissions(saveRequest);
if (!saveResponse.IsSuccessful)
{
ModelState.AddModelError("", saveResponse.Message);
}
else if (saveResponse.NumPermissionsUpdated > 0)
{
AddToastMessage(new ToastMessage()
{
Message = saveResponse.Message,
Type = ToastMessage.ToastType.Success,
AutoHide = true,
Position = ToastMessage.ToastPosition.TopCenter
});
}
}
//
//Call the service to get the effective permissions for the selected roles
//
var request = new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest()
{
SecuritySecurableId = model.SecuritySecurableId,
SelectedRoleIds = model.SelectedRoleIds
};
var response = _service.GetEffectivePermissionsForSecurable(request);
if (response.IsSuccessful)
{
model.EffectivePermissionsForSecurable = response;
model.IsSuccessful = true;
}
else
{
model.Message = response.Message;
model.IsSuccessful = false;
}
return(PartialView("_EffectivePermissionsPartial", model));
}
