public void Delete(Permission item, CategoryPermissionService categoryPermissionService)
{
var catPermForRoles = categoryPermissionService.GetByPermission(item.Id);
foreach (var categoryPermissionForRole in catPermForRoles)
{
categoryPermissionService.Delete(categoryPermissionForRole);
}
ContextPerRequest.Db.Permission.Remove(item);
}
/// <summary>
/// Add a new post
/// </summary>
/// <param name="postContent"> </param>
/// <param name="topic"> </param>
/// <param name="user"></param>
/// <param name="permissionService"></param>
/// <param name="categoryPermissionService"></param>
/// <param name="memberPointsService"></param>
/// <param name="permissions"> </param>
/// <param name="memberService"></param>
/// <returns>True if post added</returns>
public Post AddNewPost(string postContent, Topic topic, Member user, PermissionService permissionService, MemberService memberService,
CategoryPermissionService categoryPermissionService, MemberPointsService memberPointsService, out PermissionSet permissions)
{
// Get the permissions for the category that this topic is in
permissions = permissionService.GetPermissions(topic.Category, user.Groups.FirstOrDefault(), memberService, categoryPermissionService);
// Check this users role has permission to create a post
if (permissions[AppConstants.PermissionDenyAccess].IsTicked || permissions[AppConstants.PermissionReadOnly].IsTicked)
{
// Throw exception so Ajax caller picks it up
throw new ApplicationException(AppHelpers.Lang("Errors.NoPermission"));
}
// Has permission so create the post
var newPost = new Post
{
PostContent = postContent,
Member = user,
MemberId = user.Id,
Topic = topic,
IpAddress = AppHelpers.GetUsersIpAddress(),
DateCreated = DateTime.UtcNow,
DateEdited = DateTime.UtcNow
};
newPost = SanitizePost(newPost);
var category = topic.Category;
if (category.ModerateAllPostsInThisCategory == true)
{
newPost.Pending = true;
}
// create the post
Add(newPost);
// Update the users points score and post count for posting
memberPointsService.Add(new MemberPoints
{
Points = Dialogue.Settings().PointsAddedPerNewPost,
MemberId = user.Id,
RelatedPostId = newPost.Id
});
// add the last post to the topic
topic.LastPost = newPost;
// Add post to members count
memberService.AddPostCount(user);
return(newPost);
}
public List <Category> GetAllowedCategories(IMemberGroup role, string actionType, PermissionService permissionService, MemberService memberService, CategoryPermissionService categoryPermissionService)
{
var cacheKey = string.Concat("GetAllowedCategoriesCode-", role.Id, "-", actionType);
return((List <Category>)ApplicationContext.Current.ApplicationCache.RequestCache.GetCacheItem(cacheKey, () =>
{
var filteredCats = new List <Category>();
var allCats = GetAll();
foreach (var category in allCats)
{
var permissionSet = permissionService.GetPermissions(category, role, memberService, categoryPermissionService);
if (!permissionSet[actionType].IsTicked)
{
// TODO Only add it category is NOT locked
filteredCats.Add(category);
}
}
return filteredCats;
}));
}
public List <Category> GetAllowedCategories(IMemberGroup role, PermissionService permissionService, MemberService memberService, CategoryPermissionService categoryPermissionService)
{
return(GetAllowedCategories(role, AppConstants.PermissionDenyAccess, permissionService, memberService, categoryPermissionService));
}
/// <summary>
/// The allowed Categories of a member
/// </summary>
/// <param name="memberGroup"></param>
/// <param name="permissionService"></param>
/// <param name="memberService"></param>
/// <param name="categoryPermissionService"></param>
/// <returns></returns>
public List <Category> AllowedCreateCategories(IMemberGroup memberGroup, PermissionService permissionService, MemberService memberService, CategoryPermissionService categoryPermissionService)
{
var allowedAccessCategories = GetAllowedCategories(memberGroup, permissionService, memberService, categoryPermissionService);
var allowedCreateTopicCategories = GetAllowedCategories(memberGroup, AppConstants.PermissionCreateTopics, permissionService, memberService, categoryPermissionService);
var allowedCreateTopicCategoryIds = allowedCreateTopicCategories.Select(x => x.Id);
if (allowedAccessCategories.Any())
{
allowedAccessCategories.RemoveAll(x => allowedCreateTopicCategoryIds.Contains(x.Id));
allowedAccessCategories.RemoveAll(x => memberGroup.Name != AppConstants.AdminRoleName && x.LockCategory);
}
return(allowedAccessCategories);
}
/// <summary>
/// Returns permission set based on category and role
/// </summary>
/// <param name="category"></param>
/// <param name="memberGroup"></param>
/// <param name="memberService"></param>
/// <param name="categoryPermissionService"></param>
/// <returns></returns>
public PermissionSet GetPermissions(Category category, IMemberGroup memberGroup, MemberService memberService, CategoryPermissionService categoryPermissionService)
{
if (memberGroup == null)
{
// This can only happen if the user has deleted a group, and not reassigned them
// so in this occasion we just set them to a guest until the admin assigns them a new group
memberGroup = memberService.GetGroupByName(AppConstants.GuestRoleName);
}
// Pass the role in to see select which permissions to apply
// Going to cache this per request, just to help with performance
var objectContextKey = string.Concat("GetPermissions", "-", category.Id, "-", memberGroup.Id);
if (!HttpContext.Current.Items.Contains(objectContextKey))
{
switch (memberGroup.Name)
{
case AppConstants.AdminRoleName:
_permissions = GetAdminPermissions(category, memberGroup);
break;
case AppConstants.GuestRoleName:
_permissions = GetGuestPermissions(category, memberGroup, categoryPermissionService);
break;
default:
_permissions = GetOtherPermissions(category, memberGroup, categoryPermissionService);
break;
}
HttpContext.Current.Items.Add(objectContextKey, _permissions);
}
return(HttpContext.Current.Items[objectContextKey] as PermissionSet);
}
/// <summary>
/// Get permissions for roles other than those specially treated in this class
/// </summary>
/// <param name="category"></param>
/// <param name="memberGroup"></param>
/// <param name="categoryPermissionService"></param>
/// <returns></returns>
private PermissionSet GetOtherPermissions(Category category, IMemberGroup memberGroup, CategoryPermissionService categoryPermissionService)
{
// Get all permissions
var permissionList = GetAll();
// Get the known permissions for this role and category
var categoryRow = categoryPermissionService.GetCategoryRow(memberGroup.Id, category.Id);
//var categoryRowPermissions = categoryRow.ToDictionary(catRow => catRow.Permission);
// Load up the results with the permisions for this role / cartegory. A null entry for a permissions results in a new
// record with a false value
var permissions = new List <CategoryPermission>();
foreach (var permission in permissionList)
{
permissions.Add(categoryRow.ContainsKey(permission)
? categoryRow[permission]
: new CategoryPermission {
Category = category, MemberGroup = memberGroup, IsTicked = false, Permission = permission
});
}
var permissionSet = new PermissionSet(permissions);
return(permissionSet);
}
/// <summary>
/// Guest = Not logged in, so only need to check the access permission
/// </summary>
/// <param name="category"></param>
/// <param name="memberGroup"></param>
/// <param name="categoryPermissionService"></param>
private PermissionSet GetGuestPermissions(Category category, IMemberGroup memberGroup, CategoryPermissionService categoryPermissionService)
{
// Get all the permissions
var permissionList = GetAll();
// Make a CategoryPermissionForRole for each permission that exists,
// but only set the read-only permission to true for this role / category. All others false
var permissions = permissionList.Select(permission => new CategoryPermission
{
Category = category,
IsTicked = permission.Name == AppConstants.PermissionReadOnly,
MemberGroup = memberGroup,
Permission = permission
}).ToList();
// Deny Access may have been set (or left null) for guest for the category, so need to read for it
var denyAccessPermission = categoryPermissionService.GetByRole(memberGroup.Id)
.FirstOrDefault(x => x.CategoryId == category.Id &&
x.Permission.Name == AppConstants.PermissionDenyAccess &&
x.MemberGroupId == memberGroup.Id);
// Set the Deny Access value in the results. If it's null for this role/category, record it as false in the results
var categoryPermissionForRole = permissions.FirstOrDefault(x => x.Permission.Name == AppConstants.PermissionDenyAccess);
if (categoryPermissionForRole != null)
{
categoryPermissionForRole.IsTicked = denyAccessPermission != null && denyAccessPermission.IsTicked;
}
var permissionSet = new PermissionSet(permissions);
return(permissionSet);
}