/// <summary> /// Save the permissions submitted by the security access screen /// </summary> /// <param name="request"></param> /// <returns></returns> public SecurityAccessMaintenanceSavePermissionsResponse SavePermissions( SecurityAccessMaintenanceSavePermissionsRequest request) { // //Validation // if (request == null || request.SecuritySecurableId == null) { return(new SecurityAccessMaintenanceSavePermissionsResponse() { IsSuccessful = false, Message = "An invalid request or SecuritySecurableId was passed into SavePermissions." }); } // //Get the security securable // var securitySecurable = _repository.GetAll <SecuritySecurable>() .FirstOrDefault(p => p.SecuritySecurableId == request.SecuritySecurableId); // //Get the security action records for this securable // var securitySecurableActions = _repository.GetAll <SecuritySecurableAction>(p => p.SecurityAction).Where(p => p.SecuritySecurableId == request.SecuritySecurableId).ToList(); // //Get the security access records for this securable // var securityAccesses = _repository.GetAll <SecurityAccess>().Where(p => p.SecuritySecurableId == request.SecuritySecurableId).ToList(); // //Update the permissions // int numPermissionsUpdated = 0; foreach (var permissionToSave in request.PermissionsToSave) { // //Get the security securable action associated with the permission we are saving // var securitySecurableAction = securitySecurableActions.FirstOrDefault(p => p.SecuritySecurableActionId == permissionToSave.SecuritySecurableActionId); // //Get the security access record associated with this permission. //This may return null if the record doesnt exist. // var securityAccess = securityAccesses.FirstOrDefault( p => p.SecurityActionId == securitySecurableAction.SecurityAction.SecurityActionId && p.SecurityRoleId == permissionToSave.SecurityRoleId && p.SecuritySecurableId == request.SecuritySecurableId); // //Bad permission value specified, throw an error // if (String.IsNullOrWhiteSpace(permissionToSave.PermissionValue)) { return(new SecurityAccessMaintenanceSavePermissionsResponse() { IsSuccessful = false, Message = String.Format("An invalid permission value was specified to save. The value was empty.") }); } // //If this is an inherited permission, then delete the security access record if it exists. // else if (permissionToSave.PermissionValue.ToLower() == "inherited") { if (securityAccess != null) { _repository.Delete(securityAccess); numPermissionsUpdated++; } } // //If the security access record exists and we are changing its value to allowed // else if (securityAccess != null && permissionToSave.PermissionValue.ToLower() == "allowed") { //If it is currently NOT allowed we need to change the value if (!securityAccess.Allowed) { securityAccess.Allowed = true; numPermissionsUpdated++; } } // //If the security access record exists and we are changing its value to not allowed // else if (securityAccess != null && permissionToSave.PermissionValue.ToLower() == "notallowed") { //If it is currently allowed we need to change the value if (securityAccess.Allowed) { securityAccess.Allowed = false; numPermissionsUpdated++; } } // //If the security access record doesnt exist then we create it // else if (securityAccess == null && (permissionToSave.PermissionValue.ToLower() == "allowed" || permissionToSave.PermissionValue.ToLower() == "notallowed")) { securityAccess = new SecurityAccess() { SecuritySecurableId = securitySecurable.SecuritySecurableId, SecurityActionId = securitySecurableAction.SecurityActionId, SecurityRoleId = permissionToSave.SecurityRoleId, Allowed = (permissionToSave.PermissionValue.ToLower() == "allowed" ? true : false) }; _repository.Add(securityAccess); numPermissionsUpdated++; } // //If we got here then an error occurred // else { return(new SecurityAccessMaintenanceSavePermissionsResponse() { IsSuccessful = false, Message = String.Format("An invalid permission value of {0} was specified to save.", permissionToSave.PermissionValue) }); } } _repository.Commit(); // //Successful save // return(new SecurityAccessMaintenanceSavePermissionsResponse() { IsSuccessful = true, NumPermissionsUpdated = numPermissionsUpdated, Message = String.Format("{0} permission(s) were updated.", numPermissionsUpdated) }); }
public virtual ActionResult GetEffectivePermissionsForSecurable(GetEffectivePermissionsForSecurableViewModel model) { // //Populate the role selection lists // PopulateDropDownLists(model); // //Save any permission changes that came in // if (model.SubmitAction == SubmitActions.Save.ToString() && model.SecurityAccessSettings != null && model.SecurityAccessSettings.Count > 0) { var permissionsToSave = new List <PermissionToSave>(); // //The permissions get submitted in a dictionary. //The key is security securable action ID + "~" + security role Id //The value is Allowed, NotAllowed, or Inherited // foreach (var key in model.SecurityAccessSettings.Keys) { // //Break the key into its components: securitySecurableActionId and roleId //Create the record of the permission to save for the service layer // var value = model.SecurityAccessSettings[key]; var keyElements = key.Split('~'); if (keyElements != null && keyElements.Count() == 2) { var securitySecurableActionId = int.Parse(keyElements[0]); var roleId = int.Parse(keyElements[1]); var permissionToSave = new PermissionToSave() { SecurityRoleId = roleId, SecuritySecurableActionId = securitySecurableActionId, PermissionValue = value }; permissionsToSave.Add(permissionToSave); } } // //Call the service layer to persist the permissions // var saveRequest = new SecurityAccessMaintenanceSavePermissionsRequest() { SecuritySecurableId = model.SecuritySecurableId, PermissionsToSave = permissionsToSave }; var saveResponse = _service.SavePermissions(saveRequest); if (!saveResponse.IsSuccessful) { ModelState.AddModelError("", saveResponse.Message); } else if (saveResponse.NumPermissionsUpdated > 0) { AddToastMessage(new ToastMessage() { Message = saveResponse.Message, Type = ToastMessage.ToastType.Success, AutoHide = true, Position = ToastMessage.ToastPosition.TopCenter }); } } // //Call the service to get the effective permissions for the selected roles // var request = new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest() { SecuritySecurableId = model.SecuritySecurableId, SelectedRoleIds = model.SelectedRoleIds }; var response = _service.GetEffectivePermissionsForSecurable(request); if (response.IsSuccessful) { model.EffectivePermissionsForSecurable = response; model.IsSuccessful = true; } else { model.Message = response.Message; model.IsSuccessful = false; } return(PartialView("_EffectivePermissionsPartial", model)); }