public ActionResult SaveAdminPrivilege(SelectEntityRolesViewModel model)
{
PermissionContext db = new PermissionContext(LogggedInUser);
if (!((CustomPrincipal)User).IsAdmin)
{
return(RedirectToAction("Index", "Home"));
}
if (ModelState.IsValid)
{
foreach (var ent in model.privileges)
{
var list = db.AdminPrivileges.FirstOrDefault(q => q.RoleName == model.RoleName && ent.AdminFeature == q.AdminFeature);
PermissionAdminPrivilege permission = (list != null ? list : new PermissionAdminPrivilege());
permission.IsAllow = ent.IsAllow;
permission.IsEdit = ent.IsEdit;
permission.IsAdd = ent.IsAdd;
permission.IsDelete = ent.IsDelete;
permission.AdminFeature = ent.AdminFeature;
permission.RoleName = ent.RoleName;
if (list == null)
{
db.AdminPrivileges.Add(permission);
}
db.SaveChanges();
}
}
return(RedirectToAction("Index", new { RoleName = model.RoleName }));
// return Json("FROMPAGE", "application/json", System.Text.Encoding.UTF8, JsonRequestBehavior.AllowGet);
}
public void AfterSave(T_Facility t_facility)
{
var roleContext = new ApplicationDbContext();
if (roleContext.Roles.FirstOrDefault(p => p.TenantId == t_facility.Id) == null)
{
var RoleManager = new RoleManager <ApplicationRole>(new RoleStore <ApplicationRole>(new ApplicationDbContext()));
IdentityResult roleResultCanEdit = RoleManager.Create(new ApplicationRole(t_facility.DisplayValue + "-Admin", t_facility.DisplayValue + " Tenant Admin Role", "TenantSpecific", t_facility.Id));
if (roleResultCanEdit.Succeeded)
{
using (var permissionContextTenantAdmin = new PermissionContext())
{
var flag = false;
foreach (var ent in permissionContextTenantAdmin.Permissions.Where(p => p.RoleName == "Tenant-Admin-Template"))
{
Permission permission = new Permission();
permission.CanAdd = ent.CanAdd;
permission.CanDelete = ent.CanDelete;
permission.CanView = ent.CanView;
permission.CanEdit = ent.CanEdit;
permission.IsOwner = ent.IsOwner;
permission.SelfRegistration = ent.SelfRegistration;
permission.EntityName = ent.EntityName;
permission.RoleName = t_facility.DisplayValue + "-Admin";
permission.Verbs = ent.Verbs;
permission.UserAssociation = ent.UserAssociation;
permissionContextTenantAdmin.Permissions.Add(permission);
flag = true;
}
if (flag)
{
permissionContextTenantAdmin.SaveChanges();
}
flag = false;
foreach (var ent in permissionContextTenantAdmin.AdminPrivileges.Where(p => p.RoleName == "Tenant-Admin-Template"))
{
PermissionAdminPrivilege permission = new PermissionAdminPrivilege();
permission.AdminFeature = ent.AdminFeature;
permission.IsAdd = ent.IsAdd;
permission.IsAllow = ent.IsAllow;
permission.IsDelete = ent.IsDelete;
permission.IsEdit = ent.IsEdit;
permission.RoleName = t_facility.DisplayValue + "-Admin";
permissionContextTenantAdmin.AdminPrivileges.Add(permission);
flag = true;
}
if (flag)
{
permissionContextTenantAdmin.SaveChanges();
}
}
}
}
// Write your logic here
}
protected void Application_AuthorizeRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
var roles = ((CustomPrincipal)User).GetRoles();
var isAdmin = ((CustomPrincipal)User).IsAdminUser();
List <Permission> permissions = new List <Permission>();
((CustomPrincipal)User).IsAdmin = isAdmin;
List <PermissionAdminPrivilege> adminprivilegeslist = new List <PermissionAdminPrivilege>();
((CustomPrincipal)User).userroles = roles.ToList();
using (var pc = new PermissionContext())
{
// so we only make one database call instead of one per entity?
var rolePermissions = pc.Permissions.Where(p => roles.Contains(p.RoleName)).ToList();
var adminprivileges = pc.AdminPrivileges.Where(p => roles.Contains(p.RoleName)).ToList();
foreach (var item in (new AdminFeaturesDictionary()).getDictionary())
{
var adminprivilege = new PermissionAdminPrivilege();
var raw = adminprivileges.Where(p => p.AdminFeature == item.Key);
adminprivilege.AdminFeature = item.Key;
adminprivilege.IsAllow = isAdmin || raw.Any(p => p.IsAllow);
adminprivilege.IsAdd = isAdmin || raw.Any(p => p.IsAdd);
adminprivilege.IsEdit = isAdmin || raw.Any(p => p.IsEdit);
adminprivilege.IsDelete = isAdmin || raw.Any(p => p.IsDelete);
adminprivilegeslist.Add(adminprivilege);
}
((CustomPrincipal)User).adminprivileges = adminprivilegeslist;
foreach (var entity in GeneratorBase.MVC.ModelReflector.Entities)
{
var calculated = new Permission();
var raw = rolePermissions.Where(p => p.EntityName == entity.Name);
calculated.EntityName = entity.Name;
calculated.CanEdit = isAdmin || raw.Any(p => p.CanEdit);
calculated.CanDelete = isAdmin || raw.Any(p => p.CanDelete);
calculated.CanAdd = isAdmin || raw.Any(p => p.CanAdd);
calculated.CanView = isAdmin || raw.Any(p => p.CanView);
calculated.IsOwner = raw.Any(p => p.IsOwner != null && p.IsOwner.Value);
if (!isAdmin)
{
calculated.SelfRegistration = raw.Any(p => p.SelfRegistration != null && p.SelfRegistration.Value);
}
else
{
calculated.SelfRegistration = false;
}
if (calculated.IsOwner != null && calculated.IsOwner.Value)
{
calculated.UserAssociation = raw.FirstOrDefault(p => p.IsOwner != null && p.IsOwner.Value).UserAssociation;
}
else
{
calculated.UserAssociation = string.Empty;
}
//code for verb action security
var verblist = raw.Select(x => x.Verbs).ToList();
var verbrolecount = verblist.Count();
List <string> allverbs = new List <string>();
foreach (var verb in verblist)
{
if (verb != null)
{
allverbs.AddRange(verb.Split(",".ToCharArray()).ToList());
}
}
var blockedverbs = allverbs.GroupByMany(p => p);
if (blockedverbs.Count() > 0)
{
calculated.Verbs = string.Join(",", blockedverbs.Select(b => b.Key).ToList());
}
else
{
calculated.Verbs = string.Empty;
}
//
//FLS
if (!isAdmin)
{
var listEdit = raw.Where(p => p.CanEdit).Select(p => p.NoEdit == null ? "" : p.NoEdit).ToList();
var listView = raw.Where(p => p.CanView).Select(p => p.NoView == null ? "" : p.NoView).ToList();
var resultEdit = "";
var resultView = "";
if (listView.Count > 0)
{
HashSet <string> set = new HashSet <string>(listView[0].Split(','));
foreach (var item in listView.Skip(1))
{
set.IntersectWith(item.Split(','));
}
resultView = string.Join(",", set);
}
if (listEdit.Count > 0)
{
HashSet <string> set = new HashSet <string>(listEdit[0].Split(','));
foreach (var item in listEdit.Skip(1))
{
set.IntersectWith(item.Split(','));
}
resultEdit = string.Join(",", set);
}
calculated.NoEdit = resultEdit;
calculated.NoView = resultView;
}
//
permissions.Add(calculated);
}
}
((CustomPrincipal)User).permissions = permissions;
List <BusinessRule> businessrules = new List <BusinessRule>();
using (var br = new BusinessRuleContext())
{
var rolebr = br.BusinessRules.Where(p => p.Roles != null && p.Roles.Length > 0 && !p.Disable && p.AssociatedBusinessRuleTypeID != 5).ToList();
foreach (var rules in rolebr)
{
//if ((((CustomPrincipal)User).IsInRole(rules.Roles.Split(",".ToCharArray()))))
if (((CustomPrincipal)User).IsInRole(rules.Roles.Split(",".ToCharArray()), roles))
{
businessrules.Add(rules);
}
}
}
((CustomPrincipal)User).businessrules = businessrules.ToList();
using (var UBS = new UserBasedSecurityContext())
{
((CustomPrincipal)User).userbasedsecurity = UBS.UserBasedSecurities.ToList();
}
List <MultiTenantLoginSelected> appsecurityaccess = new List <MultiTenantLoginSelected>();
using (var appsecurity = new ApplicationDbContext(true))
{
var app = appsecurity.MultiTenantLoginSelected.Where(p => p.T_User == ((CustomPrincipal)User).Name);
foreach (var rules in app)
{
appsecurityaccess.Add(rules);
}
//((CustomPrincipal)User).extraMultitenantPriviledges = appsecurity.MultiTenantExtraAccess.Where(p => p.T_User == ((CustomPrincipal)User).Name && p.T_MainEntityID.HasValue).Select(p => p.T_MainEntityID.Value).ToList();
}
((CustomPrincipal)User).MultiTenantLoginSelected = appsecurityaccess.ToList();
}
}
