public async Task <ActionResult> GetModel([FromForm] int userId)
{
var user = await _context.Users.FirstOrDefaultAsync(user => user.Id == userId);
if (user == null)
{
return(NotFound());
}
var role = await _context.UserRole.FirstOrDefaultAsync(role => role.Id == user.RoleId);
var changeUserPermissionViewModel = new ChangeUserPermissionViewModel
{
UserId = user.Id,
CanPurchaseToStock = role.CanPurchaseToStock,
CanDeleteProducts = role.CanDeleteProducts,
CanSetRoles = role.CanSetRoles,
CanViewStatistics = role.CanViewStatistics,
CanAddComments = role.CanAddComments,
CanAddProducts = role.CanAddProducts,
CanEditProducts = role.CanEditProducts,
CanModerateComments = role.CanModerateComments,
CanViewUsersList = role.CanViewUsersList,
CanManageOrders = role.CanManageOrders
};
return(Ok(changeUserPermissionViewModel));
}
public async Task <IActionResult> Edit([FromForm] ChangeUserPermissionViewModel permissions, int userId)
{
try
{
HttpResponseMessage response = null;
using (var httpClient = new HttpClient())
{
MultipartFormDataContent data = new MultipartFormDataContent();
data.Add(new StringContent(userId.ToString()), "UserId");
data.Add(new StringContent(permissions.CanAddComments.ToString()), "CanAddComments");
data.Add(new StringContent(permissions.CanModerateComments.ToString()), "CanModerateComments");
data.Add(new StringContent(permissions.CanEditProducts.ToString()), "CanEditProducts");
data.Add(new StringContent(permissions.CanPurchaseToStock.ToString()), "CanPurchaseToStock");
data.Add(new StringContent(permissions.CanDeleteProducts.ToString()), "CanDeleteProducts");
data.Add(new StringContent(permissions.CanAddProducts.ToString()), "CanAddProducts");
data.Add(new StringContent(permissions.CanViewStatistics.ToString()), "CanViewStatistics");
data.Add(new StringContent(permissions.CanViewUsersList.ToString()), "CanViewUsersList");
data.Add(new StringContent(permissions.CanSetRoles.ToString()), "CanSetRoles");
data.Add(new StringContent(permissions.CanManageOrders.ToString()), "CanManageOrders");
httpClient.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", TokenKeeper.Token);
response = await httpClient.PutAsync(_apiPathChangePermission, data);
if (response.StatusCode == System.Net.HttpStatusCode.BadRequest)
{
TempData["message"] = $"Ошибка обновления";
return(View(permissions));
}
TempData["message"] = $"Разрешения пользователя обновлены";
if (TokenKeeper.UserId == permissions.UserId)
{
TokenKeeper.Permissions.CanAddComments = permissions.CanAddComments;
TokenKeeper.Permissions.CanModerateComments = permissions.CanModerateComments;
TokenKeeper.Permissions.CanEditProducts = permissions.CanEditProducts;
TokenKeeper.Permissions.CanPurchaseToStock = permissions.CanPurchaseToStock;
TokenKeeper.Permissions.CanDeleteProducts = permissions.CanDeleteProducts;
TokenKeeper.Permissions.CanAddComments = permissions.CanAddComments;
TokenKeeper.Permissions.CanViewStatistics = permissions.CanViewStatistics;
TokenKeeper.Permissions.CanManageOrders = permissions.CanManageOrders;
}
return(RedirectToAction("Index"));
}
}
catch (Exception)
{
throw;
}
}
public async Task UpdateUserRole(ChangeUserPermissionViewModel userRole)
{
var user = await _context.Users.FirstOrDefaultAsync(user => user.Id == userRole.UserId);
var role = await _context.UserRole.FirstOrDefaultAsync(role => role.User.Id == user.Id);
role.CanAddComments = userRole.CanAddComments;
role.CanAddProducts = userRole.CanAddProducts;
role.CanDeleteProducts = userRole.CanDeleteProducts;
role.CanEditProducts = userRole.CanEditProducts;
role.CanModerateComments = userRole.CanModerateComments;
role.CanPurchaseToStock = userRole.CanPurchaseToStock;
role.CanSetRoles = userRole.CanSetRoles;
role.CanViewStatistics = userRole.CanViewStatistics;
role.CanViewUsersList = userRole.CanViewUsersList;
role.CanManageOrders = userRole.CanManageOrders;
_context.Users.Update(user);
await _context.SaveChangesAsync();
}
public async Task <ActionResult> ChangePermission([FromForm] ChangeUserPermissionViewModel filter)
{
var role = await _context.UserRole.FirstOrDefaultAsync(role => role.Id == this.GetUserRole());
if (role?.CanSetRoles == true)
{
try
{
await _userRepository.UpdateUserRole(filter);
}
catch (Exception e)
{
return(BadRequest());
}
return(Ok());
}
return(Forbid());
}