public IActionResult Grant(GrantViewModel vm)
{
var aluno = _bancoContexto.Usuario.FirstOrDefault(u => u.RM == vm.RM);
if (aluno == default(Usuario))
{
return(NotFound(new { message = "Aluno não encontrado" }));
}
_bancoContexto.Status.ToList().FindAll(s => s.Usuario == aluno).ForEach(s => {
if (s.DataFim > vm.DataInicio)
{
s.DataFim = vm.DataInicio.AddDays(-1);
}
});
var situacao = new Status();
situacao.DataFim = vm.DataFim;
situacao.DataInicio = vm.DataInicio;
situacao.Descricao = vm.Descricao;
situacao.Usuario = aluno;
_bancoContexto.Status.Add(situacao);
_bancoContexto.SaveChanges();
return(Ok(new { message = "Status modificado com sucesso!" }));
}
private async Task <GrantsViewModel> BuildViewModelAsync()
{
var grants = await _interaction.GetAllUserConsentsAsync();
var list = new List <GrantViewModel>();
foreach (var grant in grants)
{
var client = await _clients.FindClientByIdAsync(grant.ClientId);
if (client != null)
{
var resources = await _resources.FindResourcesByScopeAsync(grant.Scopes);
var item = new GrantViewModel()
{
ClientId = client.ClientId,
ClientName = client.ClientName ?? client.ClientId,
ClientLogoUrl = client.LogoUri,
ClientUrl = client.ClientUri,
Created = grant.CreationTime,
Expires = grant.Expiration,
IdentityGrantNames = resources.IdentityResources.Select(x => x.DisplayName ?? x.Name).ToArray(),
ApiGrantNames = resources.ApiResources.Select(x => x.DisplayName ?? x.Name).ToArray()
};
list.Add(item);
}
}
return(new GrantsViewModel
{
Grants = list
});
}
protected internal virtual async Task <GrantsViewModel> CreateGrantsViewModelAsync()
{
var model = new GrantsViewModel();
var grants = await this.Facade.Interaction.GetAllUserGrantsAsync();
foreach (var grant in grants)
{
var client = await this.Facade.ClientStore.FindClientByIdAsync(grant.ClientId);
if (client == null)
{
continue;
}
var resources = await this.ResourceStore.FindResourcesByScopeAsync(grant.Scopes);
var item = new GrantViewModel()
{
Client = client,
Created = grant.CreationTime,
Description = grant.Description,
Expiration = grant.Expiration,
};
item.ApiScopes.Add(resources.ApiScopes.ToArray());
item.IdentityResources.Add(resources.IdentityResources.ToArray());
model.Grants.Add(item);
}
return(model);
}
public IActionResult EditGroup(GrantViewModel model, string rolename)
{
var old_layers = GetLayers(rolename).OrderBy(r => r.Table_schema).ThenBy(r => r.Table_name).ToList();
var old_dicts = GetDicts(rolename).OrderBy(r => r.Table_schema).ThenBy(r => r.Table_name).ToList();
var layers = new List <Grant>();
if (model.LayersList != null)
{
layers = model.LayersList.OrderBy(r => r.Table_schema).ThenBy(r => r.Table_name).ToList();
}
var layerGranters = CompareGrants(old_layers, layers);
var dicts = new List <Grant>();
if (model.DictsList != null)
{
dicts = model.DictsList.OrderBy(r => r.Table_schema).ThenBy(r => r.Table_name).ToList();
}
var dictGranters = CompareGrants(old_dicts, dicts);
try
{
if (layerGranters?.Count() > 0)
{
foreach (var gran in layerGranters)
{
_service.GrantTableToRole(gran.TableSchema, gran.TableName, rolename,
gran.IsSelect, gran.IsUpdate, gran.IsInsert, gran.IsDelete,
gran.selChanged, gran.updChanged, gran.insChanged, gran.delChanged);
}
}
if (dictGranters?.Count() > 0)
{
foreach (var gran in dictGranters)
{
_service.GrantTableToRole(gran.TableSchema, gran.TableName, rolename,
gran.IsSelect, gran.IsUpdate, gran.IsInsert, gran.IsDelete,
gran.selChanged, gran.updChanged, gran.insChanged, gran.delChanged);
}
}
if (layerGranters?.Count() > 0 || dictGranters?.Count() > 0)
{
TempData["message"] = $"Сохранено.";
}
}
catch (Exception e)
{
TempData["error"] = $"Warning. {e.Message}";
}
return(RedirectToAction("Index"));
}
/// <summary>
/// Read all grants:
///
/// - to have a global view of permissions granting:
///
/// -- for a role or a user, what kind of permission is granted, for every extensions.
/// </summary>
/// <param name="roleManager_">Role manager instance.</param>
/// <param name="storage_">Storage interface provided by services container.</param>
/// <param name="roleNameByRoleId_">Dictionary of all roles with id.</param>
/// <returns>Return a GrantViewModel model object.</returns>
public static GrantViewModel ReadAll(RoleManager <IdentityRole <string> > roleManager_, IStorage storage_, Dictionary <string, string> roleNameByRoleId_)
{
GrantViewModel model = new GrantViewModel();
// 1. Get all scopes from available extensions, create initial dictionaries
foreach (IExtensionMetadata extensionMetadata in ExtensionManager.GetInstances <IExtensionMetadata>())
{
model.PermissionsByRoleAndExtension.Add(extensionMetadata.Name, new Dictionary <string, List <global::SoftinuxBase.Security.Common.Enums.Permission> >());
}
// 2. Read data from RolePermission table
// Names of roles that have permissions attributed
HashSet <string> rolesWithPerms = new HashSet <string>();
// Read role/permission/extension settings
List <RolePermission> allRp = storage_.GetRepository <IRolePermissionRepository>().AllRolesWithPermissions().ToList();
foreach (RolePermission rp in allRp)
{
if (!model.PermissionsByRoleAndExtension.ContainsKey(rp.Extension))
{
// A database record related to a not loaded extension (scope). Ignore this.
continue;
}
string roleName = roleNameByRoleId_.ContainsKey(rp.RoleId) ? roleNameByRoleId_[rp.RoleId] : null;
if (!model.PermissionsByRoleAndExtension[rp.Extension].ContainsKey(roleName))
{
model.PermissionsByRoleAndExtension[rp.Extension].Add(roleName, new List <global::SoftinuxBase.Security.Common.Enums.Permission>());
}
// Format the list of Permission enum values according to DB enum value
model.PermissionsByRoleAndExtension[rp.Extension][roleName] = PermissionHelper.GetLowerOrEqual(PermissionHelper.FromName(rp.Permission.Name));
rolesWithPerms.Add(roleName);
}
// 3. Also read roles for which no permissions were set
IList <string> roleNames = roleManager_.Roles.Select(r_ => r_.Name).ToList();
foreach (string role in roleNames)
{
if (rolesWithPerms.Contains(role))
{
continue;
}
foreach (string scope in model.PermissionsByRoleAndExtension.Keys)
{
model.PermissionsByRoleAndExtension[scope].Add(role, new List <global::SoftinuxBase.Security.Common.Enums.Permission>());
}
}
return(model);
}
public Task <IViewComponentResult> InvokeAsync()
{
// Create a dictionary with all roles for injecting as json into grant permission page
Dictionary <string, IdentityRole <string> > rolesList = new Dictionary <string, IdentityRole <string> >();
// Create a dictionary with role id and name, since we will use role name in GrantViewModel
// and we have role id in RolePermission table.
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
foreach (var role in _roleManager.Roles)
{
roleNameByRoleId.Add(role.Id, role.Name);
rolesList.Add(role.Id, role);
}
ViewBag.RolesList = rolesList;
GrantViewModel model = ReadGrants.ReadAll(_roleManager, Storage, roleNameByRoleId);
return(Task.FromResult <IViewComponentResult>(View("_List_Roles_Extensions", model)));
}
public ActionResult Edit([Bind(Include = "GrantID,GrantStatusID,Name,Description,Start,End")] GrantViewModel grantViewModel)
{
if (ModelState.IsValid)
{
Grant model = dbGrants.Grants.Find(grantViewModel.GrantID);
model.Name = grantViewModel.Name;
model.GrantStatusID = grantViewModel.GrantStatusID;
model.Description = grantViewModel.Description;
model.Start = grantViewModel.Start;
model.End = grantViewModel.End;
model.DateModified = DateTime.Now;
model.UserModifiedID = Guid.Parse(User.Identity.GetUserId());
dbGrants.Entry(model).State = EntityState.Modified;
dbGrants.SaveChanges();
return(RedirectToAction("Index"));
}
PopulateGrantStatusDropDownList(grantViewModel.GrantStatusID);
return(View(grantViewModel));
}
public IActionResult EditGroup(string userid, string rolename, bool ispart)
{
GrantViewModel model = new GrantViewModel();
model.UserList = GetUsers(userid).ToList();
model.LayersList = GetLayers(rolename).ToList();
model.DictsList = GetDicts(rolename).ToList();
ViewBag.Title = "Редактирование группы";
ViewBag.Rolename = rolename;
ViewBag.Userid = userid;
//if (_device.Type.ToString().ToLower() == "desktop")
// return PartialView(model);
//else
// return View("EditGroupMobile", model);
if (ispart)
{
return(PartialView("EditGroupPart", model));
}
else
{
return(PartialView(model));
}
}
public async Task ReadAllAsync()
{
var repo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
var permRepo = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
try
{
// Arrange
// 1. Create base roles
await CreateBaseRolesIfNeededAsync();
// 2. Create "Special User" role
await CreateRoleIfNotExistingAsync("Special User");
// 3. Read roles to get their IDs
var adminRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Administrator.GetRoleName());
var userRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.User.GetRoleName());
var anonymousRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Anonymous.GetRoleName());
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
// 4. Read permissions to get their IDs
var adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;
var writePermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Write.GetPermissionName())?.Id;
var readPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Read.GetPermissionName())?.Id;
var neverPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Never.GetPermissionName())?.Id;
Assert.NotNull(adminPermissionId);
Assert.NotNull(writePermissionId);
Assert.NotNull(readPermissionId);
Assert.NotNull(neverPermissionId);
// 5. Create role-extension links
// Cleanup first
repo.DeleteAll();
await DatabaseFixture.Storage.SaveAsync();
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Extension = Constants.SoftinuxBaseSecurity, PermissionId = adminPermissionId
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Extension = Constants.SoftinuxBaseSecurity, PermissionId = readPermissionId
});
repo.Create(new RolePermission
{
RoleId = anonymousRole.Id,
Extension = Constants.SoftinuxBaseSecurity,
PermissionId = neverPermissionId
});
repo.Create(new RolePermission
{
RoleId = specialUserRole.Id,
Extension = Constants.SoftinuxBaseSecurity,
PermissionId = writePermissionId
});
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Extension = "Chinook", PermissionId = adminPermissionId
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Extension = "Chinook", PermissionId = writePermissionId
});
await DatabaseFixture.Storage.SaveAsync();
// 6. Build the dictionary that is used by the tool and created in GrantPermissionsController
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
roleNameByRoleId.Add(adminRole.Id, adminRole.Name);
roleNameByRoleId.Add(userRole.Id, userRole.Name);
roleNameByRoleId.Add(anonymousRole.Id, anonymousRole.Name);
roleNameByRoleId.Add(specialUserRole.Id, specialUserRole.Name);
// Execute
GrantViewModel model = ReadGrants.ReadAll(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleNameByRoleId);
// Assert
// 1. Number of keys: extensions
Assert.Equal(ExtensionManager.GetInstances <IExtensionMetadata>().Count(), model.PermissionsByRoleAndExtension.Keys.Count);
// 2. Number of roles for "Security" extension
Assert.True(model.PermissionsByRoleAndExtension.ContainsKey(Constants.SoftinuxBaseSecurity));
// We may have additional linked roles left by other tests...
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].Keys.Count >= 4);
// 3. Admin role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(adminRole.Name));
// Admin -> Admin, Write, Read, Never
Assert.Equal(4, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name].Count);
Assert.Contains(Permission.Admin, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
// 4. Special User role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(specialUserRole.Name));
// Write -> Write, Read, Never
Assert.Equal(3, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name].Count);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name]);
// 5. User role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(userRole.Name));
// Read -> Read, Never
Assert.Equal(2, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][userRole.Name].Count);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][userRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][userRole.Name]);
// 6. Anonymous role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(anonymousRole.Name));
// Never -> Never
Assert.Single(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][anonymousRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][anonymousRole.Name]);
// 7. Number of roles for Chinook extension
// When the dll doesn't exist on disk, this is our case, no permissions should be found
Assert.False(model.PermissionsByRoleAndExtension.ContainsKey("Chinook"));
// No need to check the details for this extension
// 8. SoftinuxBase.SeedDatabase extension was found
Assert.True(model.PermissionsByRoleAndExtension.ContainsKey("SoftinuxBase.SeedDatabase"));
}
finally
{
// Cleanup created data
repo.DeleteAll();
await DatabaseFixture.Storage.SaveAsync();
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
await DatabaseFixture.RoleManager.DeleteAsync(specialUserRole);
}
}
public async void Test()
{
var repo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
try
{
// Arrange
// 1. Create base roles
await CreateBaseRolesIfNeeded();
// 2. Create "Special User" role
await CreateRoleIfNotExisting("Special User");
// 3. Read roles to get their IDs
var adminRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Administrator.GetRoleName());
var userRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.User.GetRoleName());
var anonymousRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Anonymous.GetRoleName());
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
// 4. Create role-extension links
// Cleanup first
repo.DeleteAll();
DatabaseFixture.Storage.Save();
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Scope = "Security", PermissionId = Permission.Admin.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Scope = "Security", PermissionId = Permission.Read.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = anonymousRole.Id, Scope = "Security", PermissionId = Permission.Never.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = specialUserRole.Id, Scope = "Security", PermissionId = Permission.Write.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Scope = "Chinook", PermissionId = Permission.Admin.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Scope = "Chinook", PermissionId = Permission.Write.GetPermissionName()
});
DatabaseFixture.Storage.Save();
// 5. Build the dictionary that is used by the tool and created in GrantPermissionsController
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
roleNameByRoleId.Add(adminRole.Id, adminRole.Name);
roleNameByRoleId.Add(userRole.Id, userRole.Name);
roleNameByRoleId.Add(anonymousRole.Id, anonymousRole.Name);
roleNameByRoleId.Add(specialUserRole.Id, specialUserRole.Name);
// Execute
GrantViewModel model = ReadGrants.ReadAll(DatabaseFixture.RoleManager, DatabaseFixture.Storage,
roleNameByRoleId);
// Assert
// 1. Number of keys: extensions
Assert.Equal(ExtensionManager.GetInstances <IExtensionMetadata>().Count(), model.PermissionsByRoleAndScope.Keys.Count);
// 2. Number of roles for "Security" extension
Assert.True((model.PermissionsByRoleAndScope.ContainsKey("Security")));
Assert.Equal(4, model.PermissionsByRoleAndScope["Security"].Keys.Count);
// 3. Admin role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(adminRole.Name));
// Admin -> Admin, Write, Read, Never
Assert.Equal(4, model.PermissionsByRoleAndScope["Security"][adminRole.Name].Count);
Assert.Contains(Permission.Admin, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
// 4. Special User role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(specialUserRole.Name));
// Write -> Write, Read, Never
Assert.Equal(3, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name].Count);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name]);
// 5. User role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(userRole.Name));
// Read -> Read, Never
Assert.Equal(2, model.PermissionsByRoleAndScope["Security"][userRole.Name].Count);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndScope["Security"][userRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][userRole.Name]);
// 6. Anonymous role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(anonymousRole.Name));
// Never -> Never
Assert.Single(model.PermissionsByRoleAndScope["Security"][anonymousRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][anonymousRole.Name]);
// 7. Number of roles for Chinook extension
Assert.True((model.PermissionsByRoleAndScope.ContainsKey("Chinook")));
Assert.Equal(2, model.PermissionsByRoleAndScope["Chinook"].Keys.Count);
// No need to check the details for this extension
// 8. SeedDatabase extension was found, no permissions should be found
Assert.True((model.PermissionsByRoleAndScope.ContainsKey("SeedDatabase")));
Assert.Equal(0, model.PermissionsByRoleAndScope["SeedDatabase"].Keys.Count);
}
finally
{
// Cleanup created data
repo.DeleteAll();
DatabaseFixture.Storage.Save();
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
await DatabaseFixture.RoleManager.DeleteAsync(specialUserRole);
}
}
//
// GET: /Admin/Grants/Details/5
public ActionResult Details(Guid id)
{
var grant = _svc.GetGrantDetailById(id);
var vm = new GrantViewModel(grant);
return View(vm);
}
