/// <summary>
/// Update permissions associated with a role
/// </summary>
/// <remarks>Updates the permissions for a role</remarks>
/// <param name="id">id of Role to update</param>
/// <param name="items"></param>
/// <response code="200">OK</response>
/// <response code="404">Role not found</response>
public virtual IActionResult RolesIdPermissionsPutAsync(int id, PermissionViewModel[] items)
{
using (IDbContextTransaction txn = _context.BeginTransaction())
{
Role role = _context.Roles
.Where(x => x.Id == id)
.Include(x => x.RolePermissions)
.ThenInclude(rolePerm => rolePerm.Permission)
.FirstOrDefault();
if (role == null)
{
// record not found
return(new ObjectResult(new HetsResponse("HETS-01", ErrorViewModel.GetDescription("HETS-01", _configuration))));
}
List <Permission> allPermissions = _context.Permissions.ToList();
List <int?> permissionIds = items.Select(x => x.Id).ToList();
List <int> existingPermissionIds = role.RolePermissions.Select(x => x.Permission.Id).ToList();
List <int?> permissionIdsToAdd = permissionIds.Where(x => !existingPermissionIds.Contains((int)x)).ToList();
// Permissions to add
foreach (int?permissionId in permissionIdsToAdd)
{
Permission permToAdd = allPermissions.FirstOrDefault(x => x.Id == permissionId);
if (permToAdd == null)
{
throw new ArgumentException(string.Format("Invalid Permission Code {0}", permissionId));
}
role.AddPermission(permToAdd);
}
// Permissions to remove
List <RolePermission> permissionsToRemove = role.RolePermissions.Where(x => x.Permission != null && !permissionIds.Contains(x.Permission.Id)).ToList();
foreach (RolePermission perm in permissionsToRemove)
{
role.RemovePermission(perm.Permission);
_context.RolePermissions.Remove(perm);
}
_context.Roles.Update(role);
_context.SaveChanges();
txn.Commit();
IEnumerable <Permission> dbPermissions = role.RolePermissions.Select(x => x.Permission);
// create DTO with serializable response
List <PermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList();
return(new ObjectResult(new HetsResponse(result)));
}
}
/// <summary>
///
/// </summary>
/// <remarks>Updates the permissions for a role</remarks>
/// <param name="id">id of Role to update</param>
/// <param name="items"></param>
/// <response code="200">OK</response>
/// <response code="404">Role not found</response>
public virtual IActionResult RolesIdPermissionsPutAsync(int id, PermissionViewModel[] items)
{
using (var txn = _context.BeginTransaction())
{
// Eager loading of related data
var role = _context.Roles
.Where(x => x.Id == id)
.Include(x => x.RolePermissions)
.ThenInclude(rolePerm => rolePerm.Permission)
.FirstOrDefault();
if (role == null)
{
// Not Found
return(new StatusCodeResult(404));
}
var allPermissions = _context.Permissions.ToList();
var permissionIds = items.Select(x => x.Id).ToList();
var existingPermissionIds = role.RolePermissions.Select(x => x.Permission.Id).ToList();
var permissionIdsToAdd = permissionIds.Where(x => !existingPermissionIds.Contains((int)x)).ToList();
// Permissions to add
foreach (var permissionId in permissionIdsToAdd)
{
var permToAdd = allPermissions.FirstOrDefault(x => x.Id == permissionId);
if (permToAdd == null)
{
// TODO throw new BusinessLayerException(string.Format("Invalid Permission Code {0}", code));
}
role.AddPermission(permToAdd);
}
// Permissions to remove
List <RolePermission> permissionsToRemove = role.RolePermissions.Where(x => x.Permission != null && !permissionIds.Contains(x.Permission.Id)).ToList();
foreach (RolePermission perm in permissionsToRemove)
{
role.RemovePermission(perm.Permission);
_context.RolePermissions.Remove(perm);
}
_context.Roles.Update(role);
_context.SaveChanges();
txn.Commit();
var dbPermissions = role.RolePermissions.Select(x => x.Permission);
// Create DTO with serializable response
var result = dbPermissions.Select(x => x.ToViewModel()).ToList();
return(new ObjectResult(result));
}
}
/// <summary>
/// Update permission for a role
/// </summary>
/// <remarks>Adds permissions to a role</remarks>
/// <param name="id">id of Role to update</param>
/// <param name="item"></param>
/// <response code="200">OK</response>
public virtual IActionResult RolesIdPermissionsPostAsync(int id, PermissionViewModel item)
{
using (IDbContextTransaction txn = _context.BeginTransaction())
{
Role role = _context.Roles
.Where(x => x.Id == id)
.Include(x => x.RolePermissions)
.ThenInclude(rolePerm => rolePerm.Permission)
.FirstOrDefault();
if (role == null)
{
// record not found
return(new ObjectResult(new HetsResponse("HETS-01", ErrorViewModel.GetDescription("HETS-01", _configuration))));
}
List <Permission> allPermissions = _context.Permissions.ToList();
List <string> existingPermissionCodes = role.RolePermissions.Select(x => x.Permission.Code).ToList();
if (!existingPermissionCodes.Contains(item.Code))
{
Permission permToAdd = allPermissions.FirstOrDefault(x => x.Code == item.Code);
if (permToAdd == null)
{
throw new ArgumentException(string.Format("Invalid Permission Code {0}", item.Code));
}
role.AddPermission(permToAdd);
}
_context.Roles.Update(role);
_context.SaveChanges();
txn.Commit();
List <RolePermission> dbPermissions = _context.RolePermissions.ToList();
// Create DTO with serializable response
List <RolePermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList();
return(new ObjectResult(new HetsResponse(result)));
}
}
