public async Task <IActionResult> Edit(Guid id, [Bind("Name,Description,ValueType,Id,Remark,RowVersion,IsEnable")] PermissionDefinition permissionDefinition)
{
if (id != permissionDefinition.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(permissionDefinition);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!PermissionDefinitionExists(permissionDefinition.Id))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Index)));
}
//ViewData["CreationUserId"] = new SelectList(_context.Users, "Id", "Id", permissionDefinition.CreationUserId);
//ViewData["LastModificationUserId"] = new SelectList(_context.Users, "Id", "Id", permissionDefinition.LastModificationUserId);
return(View(permissionDefinition));
}
public PermissionDefinition CreatePermissionDefinition(string permissionName, string permissionDisplayValue)
{
if(string.IsNullOrEmpty(permissionName))
{
throw new ArgumentNullException("Missing permissionName");
}
if(string.IsNullOrEmpty(permissionDisplayValue))
{
throw new ArgumentNullException("Missing permissionDisplayValue");
}
var existingItem = _documentSession.Query<PermissionDefinition>().FirstOrDefault(i=>i.PermissionName == permissionName);
if(existingItem != null)
{
throw new ArgumentException(string.Format("Permission with name \"{0}\" already exists", permissionName));
}
var item = new PermissionDefinition
{
Id = Guid.NewGuid().ToString(),
PermissionName = permissionName,
PermissionDisplayValue = permissionDisplayValue
};
_documentSession.Store(item);
_documentSession.SaveChanges();
return item;
}
public Response RemovePermissionFromRole(PermissionDefinition permission)
{
return(GetResponse(() =>
{
new EditorService(User).RemovePermissionFromRole(permission);
}));
}
private async Task <Abp.Authorization.Permission> _CreatePermissionAsync(PermissionDefinition permission)
{
Abp.Authorization.Permission newPermission = null;
if (!string.IsNullOrEmpty(permission.Parent))
{
// add new permission to parent
var parent = GetPermission(permission.Parent);
if (parent != null)
{
newPermission = parent.CreateChildPermission(permission.Name,
(permission.DisplayName ?? "").L(),
(permission.Description ?? "").L(),
properties: new Dictionary <string, object>()
{
{ "IsDbPermission", true }
}
);
}
}
else
{
newPermission = CreatePermission(
permission.Name,
(permission.DisplayName ?? "").L(),
(permission.Description ?? "").L(),
properties: new Dictionary <string, object>()
{
{ "IsDbPermission", true }
});
}
return(newPermission);
}
private bool HasPermission(PermissionDefinition permissionDefinition)
{
if (!AbpUser.CurrentUserId.HasValue)
{
return(false);
}
var roleNames = _userRoleManager.GetRolesOfUser(AbpUser.CurrentUserId.Value);
var granted = permissionDefinition.IsGrantedByDefault;
foreach (var roleName in roleNames)
{
var permissionSetting = _roleManager.GetPermissionOrNull(roleName, permissionDefinition.Name);
if (permissionSetting == null)
{
continue;
}
if (permissionSetting.IsGranted)
{
return(true); //Granted if any of role is granted
}
granted = false; //Denied for this role. Set false but check other roles
}
return(granted);
}
public Response UpdatePermission(PermissionDefinition permission)
{
return(GetResponse(() =>
{
new EditorService(User).UpdatePermission(permission);
}));
}
private static void DefineGroupCrud(PermissionDefinition parentPermission, IEnumerable <string> crudNames)
{
foreach (var crudName in crudNames)
{
parentPermission.AddChild(crudName, L($"Permission:{crudName}"), MultiTenancySides.Tenant);
}
}
public Response <PermissionDefinition> AddPermissionToRole(PermissionDefinition permission)
{
return(GetResponse <PermissionDefinition>(() =>
{
return new EditorService(User).AddPermissionToRole(permission);
}));
}
public PermissionDefinition AddPermissionToRole(PermissionDefinition permission)
{
var dalPermission = Mapper.Map <DAL.Models.Permission>(permission);
var newPermission = DbEditorService.AddPermissionToRole(dalPermission, CurrentUser.Login);
return(Mapper.Map <UI.PermissionDefinition>(newPermission));
}
public PermissionValueCheckContext(
[NotNull] PermissionDefinition permission,
[CanBeNull] ClaimsPrincipal principal)
{
Check.NotNull(permission, nameof(permission));
Permission = permission;
Principal = principal;
}
public override IQueryable <AclDataMart> SecureList(DataContext db, IQueryable <AclDataMart> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] { PermissionIdentifiers.DataMart.ManageSecurity }
}
;
return(from q in query join dm in db.Filter(db.DataMarts, identity, permissions) on q.DataMartID equals dm.ID select q);
}
public async Task <Abp.Authorization.Permission> CreatePermissionAsync(PermissionDefinition permission)
{
var newPermission = await _CreatePermissionAsync(permission);
await _permissionDefinitionRepository.InsertOrUpdateAsync(permission);
Permissions.AddAllPermissions();
return(newPermission);
}
protected IContextDefinition RegisterPermission(String permissionCode)
{
var permissionDef = new PermissionDefinition(permissionCode);
if (!_permissions.Contains(permissionDef))
{
_permissions.Add(permissionDef);
}
return(this);
}
private void InternalDeletePermission(PermissionDefinition permission)
{
if (!string.IsNullOrEmpty(permission.Parent))
{
var parent = GetPermissionOrNull(permission.Parent);
parent?.RemoveChildPermission(permission.Name);
}
RemovePermission(permission.Name);
}
private void ReadPermissionsFromManifest(XPathNavigator menuNavigator)
{
var permission = new PermissionDefinition
{
Identifier = Util.ReadElement(menuNavigator, "identifier"),
Key = Util.ReadElement(menuNavigator, "key"),
Name = Util.ReadElement(menuNavigator, "name"),
};
this._permissionDefinitions.Add(permission);
}
protected IContextDefinition RegisterPermission <TIdentity>(String permissionCode)
where TIdentity : IIdentity
{
var permissionDef = new PermissionDefinition(typeof(TIdentity), permissionCode);
if (!_permissions.Contains(permissionDef))
{
_permissions.Add(permissionDef);
}
return(this);
}
public override void Define(IPermissionDefinitionContext context)
{
var salesGroup = context.AddGroup(SalesPermissions.GroupName, L("Permission:Sales"));
// Accounts
PermissionDefinition accountsPermission = salesGroup.AddPermission(SalesPermissions.Accounts, L("Permission:Accounts"), MultiTenancySides.Both);
accountsPermission.AddChild(SalesPermissions.CreateAccounts, L("Permission:Accounts:Create"), MultiTenancySides.Both);
accountsPermission.AddChild(SalesPermissions.EditAccounts, L("Permission:Accounts:Edit"), MultiTenancySides.Both);
accountsPermission.AddChild(SalesPermissions.DeleteAccounts, L("Permission:Accounts:Delete"), MultiTenancySides.Both);
}
public override IQueryable <ProjectEvent> SecureList(DataContext db, IQueryable <ProjectEvent> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.Project.ManageSecurity
}
}
;
return(from e in query join p in db.Filter(db.Projects, identity, permissions) on e.ProjectID equals p.ID select e);
}
public override IQueryable <OrganizationEvent> SecureList(DataContext db, IQueryable <OrganizationEvent> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.Organization.ManageSecurity
}
}
;
return(from q in query join o in db.Filter(db.Organizations, identity, permissions) on q.OrganizationID equals o.ID select q);
}
public override IQueryable <ProjectOrganization> SecureList(DataContext db, IQueryable <ProjectOrganization> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.Project.View
}
}
;
return(from pdm in query join p in db.Filter(db.Projects, identity, permissions) on pdm.ProjectID equals p.ID select pdm);
}
public static async Task <Abp.Authorization.Permission> CreatePermissionAsync(this IShaPermissionManager permissionManager, PermissionDto permission)
{
var dbp = new PermissionDefinition()
{
Name = permission.Name,
DisplayName = permission.DisplayName,
Description = permission.Description,
Parent = permission.ParentName ?? permission.Parent?.Name
};
return(await permissionManager.CreatePermissionAsync(dbp));
}
public static PermissionDefinition RequireFeatures(
[NotNull] this PermissionDefinition permissionDefinition,
bool requiresAll,
params string[] features)
{
Check.NotNull(permissionDefinition, nameof(permissionDefinition));
Check.NotNullOrEmpty(features, nameof(features));
return(permissionDefinition.AddStateProviders(
new RequireFeaturesPermissionStateProvider(requiresAll, features)
));
}
public override IQueryable <AclRequestType> SecureList(DataContext db, IQueryable <AclRequestType> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.RequestTypes.ManageSecurity, PermissionIdentifiers.RequestTypes.View
}
}
;
return(from q in query join r in db.Filter(db.RequestTypes, identity, permissions) on q.RequestTypeID equals r.ID select q);
}
public override IQueryable <Group> SecureList(DataContext db, IQueryable <Group> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.Group.View
}
}
;
return(db.Filter(query, identity, permissions));
}
public static PermissionDefinition RequireGlobalFeatures(
[NotNull] this PermissionDefinition permissionDefinition,
bool requiresAll,
params Type[] globalFeatures)
{
Check.NotNull(permissionDefinition, nameof(permissionDefinition));
Check.NotNullOrEmpty(globalFeatures, nameof(globalFeatures));
return(permissionDefinition.AddStateProviders(
new RequireGlobalFeaturesPermissionStateProvider(requiresAll, globalFeatures)
));
}
public async Task <IActionResult> Create([Bind("Name,Description,ValueType,Remark,IsEnable,IsDeleted")] PermissionDefinition permissionDefinition)
{
if (ModelState.IsValid)
{
permissionDefinition.CreatorId = int.Parse(User.GetSubjectId());
_permissionDbContext.Add(permissionDefinition);
await _permissionDbContext.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
//ViewData["CreatorId"] = new SelectList(_context.Users, "Id", "Id", permissionDefinition.CreatorId);
//ViewData["LastModificationUserId"] = new SelectList(_context.Users, "Id", "Id", permissionDefinition.LastModificationUserId);
return(View(permissionDefinition));
}
public override IQueryable <Document> SecureList(DataContext db, IQueryable <Document> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.Request.ViewResults,
PermissionIdentifiers.Request.ViewIndividualResults
}
}
;
return(query.Where(d =>
db.Filter(db.Requests, identity, permissions).Any(r => r.ID == d.ItemID)
//Add other ors here.
));
}
public override IQueryable <User> SecureList(DataContext db, IQueryable <User> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.User.View
}
}
;
var result1 = db.Users.Where(u => u.ID == identity.ID);
var result2 = db.Filter(query, identity, permissions);
return(result1.Concat(result2).Distinct());
}
protected virtual void AddPermissionToDictionaryRecursively(
Dictionary <string, PermissionDefinition> permissions,
PermissionDefinition permission)
{
if (permissions.ContainsKey(permission.Name))
{
throw new AbpException("Duplicate permission name: " + permission.Name);
}
permissions[permission.Name] = permission;
foreach (var child in permission.Children)
{
AddPermissionToDictionaryRecursively(permissions, child);
}
}
public override IQueryable <Comment> SecureList(DataContext db, IQueryable <Comment> query, ApiIdentity identity, params PermissionDefinition[] permissions)
{
if (permissions == null || permissions.Length == 0)
{
permissions = new PermissionDefinition[] {
PermissionIdentifiers.ProjectRequestTypeWorkflowActivities.ViewComments,
PermissionIdentifiers.ProjectRequestTypeWorkflowActivities.AddComments
}
}
;
return(query.Where(q =>
db.Filter(db.WorkflowActivities, identity, permissions)
.Any(c => c.ID == db.Actions.Where(t => t.ID == q.ItemID).Select(t => t.WorkflowActivityID).FirstOrDefault())
//Add other ors here.
));
}
public async Task <PermissionWithGrantedProviders> GetInternalAsync(PermissionDefinition permissionDefinition, string providerName, string providerKey)
{
var result = new PermissionWithGrantedProviders(permissionDefinition.Name, false);
foreach (var provider in ManagementProviders)
{
var providerResult = await provider.CheckAsync(permissionDefinition.Name, providerName, providerKey);
if (providerResult.IsGranted)
{
result.IsGranted = true;
result.Providers.Add(new PermissionValueProviderInfo(provider.Name, providerResult.ProviderKey));
}
}
return(result);
}
