private async Task <dynamic> GetUserPermissions(dynamic param)
{
var userPermissionRequest = this.Bind <UserInfoRequest>();
var isGrainEmpty = string.IsNullOrEmpty(userPermissionRequest.Grain);
await SetDefaultRequest(userPermissionRequest);
CheckReadAccess();
// cast is required due to dynamic inputs - otherwise the compiler thinks the return type is a dynamic
var groups = await _userService.GetGroupsForUser(param.subjectId, param.identityProvider, true) as IEnumerable <Group>;
var permissionResolutionResult = await _permissionResolverService.Resolve(new PermissionResolutionRequest
{
SubjectId = param.subjectId,
IdentityProvider = param.identityProvider,
Grain = userPermissionRequest.Grain,
SecurableItem = userPermissionRequest.SecurableItem,
IncludeSharedPermissions = isGrainEmpty,
UserGroups = groups
});
return(permissionResolutionResult.AllowedPermissions
.Concat(permissionResolutionResult.DeniedPermissions)
.Select(p => p.ToResolvedPermissionApiModel()));
}
private async Task <dynamic> GetUserPermissions(dynamic param)
{
var userPermissionRequest = this.Bind <UserInfoRequest>();
var isGrainEmpty = string.IsNullOrEmpty(userPermissionRequest.Grain);
await SetDefaultRequest(userPermissionRequest);
CheckReadAccess();
var permissionResolutionResult = await _permissionResolverService.Resolve(new PermissionResolutionRequest
{
SubjectId = param.subjectId,
IdentityProvider = param.identityProvider,
Grain = userPermissionRequest.Grain,
SecurableItem = userPermissionRequest.SecurableItem,
IncludeSharedPermissions = isGrainEmpty,
UserGroups = await _userService.GetGroupsForUser(param.subjectId, param.identityProvider)
});
return(permissionResolutionResult.AllowedPermissions
.Concat(permissionResolutionResult.DeniedPermissions)
.Select(p => p.ToResolvedPermissionApiModel()));
}
private async Task<IEnumerable<string>> GetPermissions<T>(FabricModule<T> module, string grain, string securableItemName)
{
var permissionResolutionResult = await _permissionResolverService.Resolve(new PermissionResolutionRequest
{
SubjectId = module.SubjectId,
IdentityProvider = module.IdentityProvider,
Grain = grain,
SecurableItem = securableItemName,
UserGroups = await GetGroupsForAuthenticatedUser(module.SubjectId, module.IdentityProvider, module.Context.CurrentUser)
});
var permissions = permissionResolutionResult.AllowedPermissions
.Except(permissionResolutionResult.DeniedPermissions)
.Select(p => p.ToString());
return permissions;
}