public virtual ActionResult GetEffectivePermissionsForSecurable(int?securitySecurableId, List <int> selectedRoleIds = null)
{
//
//Create empty view model
//
var model = new GetEffectivePermissionsForSecurableViewModel()
{
SecuritySecurableId = securitySecurableId,
SelectedRoleIds = selectedRoleIds
};
//
//Populate the role selection lists
//
PopulateDropDownLists(model);
//
//Call the service to get the effective permissions for the selected roles
//
var request = new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest()
{
SecuritySecurableId = securitySecurableId,
SelectedRoleIds = model.SelectedRoleIds
};
var response = _service.GetEffectivePermissionsForSecurable(request);
if (response.IsSuccessful)
{
model.EffectivePermissionsForSecurable = response;
model.IsSuccessful = true;
}
else
{
model.Message = response.Message;
model.IsSuccessful = false;
}
return(PartialView("_EffectivePermissionsPartial", model));
}
/// <summary>
/// Get the effective permissions for all of the roles for a securable.
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse GetEffectivePermissionsForSecurable(
SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest request)
{
//
//Validation
//
if (request == null || request.SecuritySecurableId == null)
{
return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse()
{
IsSuccessful = true,
Message = "Unable to get the effective permissions for securable. The request object must contain a valid security securable ID."
});
}
var securitySecurable =
_repository.GetAll <SecuritySecurable>()
.FirstOrDefault(p => p.SecuritySecurableId == request.SecuritySecurableId);
if (securitySecurable == null)
{
return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse()
{
IsSuccessful = true,
Message = String.Format("Unable to get the effective permissions for securable. The security securable record at ID {0} could not be found.", request.SecuritySecurableId)
});
}
//
//Get all of the actions available on this securable
//
var securitySecurableActions = _repository.GetAll <SecuritySecurableAction>(p => p.SecurityAction, p => p.SecuritySecurable).Where(p => p.SecuritySecurableId == request.SecuritySecurableId).OrderBy(p => p.SecurityAction.Name).ToList();
//
//Get all of the roles, and for each role determine its effective permissions on the securable
//
var effectivePermissionsForRoleList = new List <EffectivePermissionsForRoleModel>();
var rolesQueryable = _repository.GetAll <SecurityRole>().Where(p => p.Active == true);
//Limit the roles to only those selected by the form.
if (request.SelectedRoleIds != null && request.SelectedRoleIds.Count > 0)
{
rolesQueryable = rolesQueryable.Where(p => request.SelectedRoleIds.Contains(p.SecurityRoleId));
}
var roles = rolesQueryable.OrderBy(p => p.Name).ToList();
foreach (var role in roles)
{
//
//For each action, determine the roles and their permission to do that action on the securable
//
var effectivePermissionsList = new List <EffectivePermissionModel>();
foreach (var securitySecurableAction in securitySecurableActions)
{
var securityResult = GetSecurityResult(role, securitySecurable, securitySecurableAction.SecurityAction);
//
//Determine if the security was inherited. If it came from a securable that is not
//equal to the securable we are checking permissions for, then it was inherited.
//
bool isInheritedSecurity = false;
SecuritySecurable securitySecurableInheritedFrom = null;
if (securityResult != null && securityResult.SecuritySecurable != null)
{
isInheritedSecurity = (securityResult.SecuritySecurable.SecuritySecurableId !=
securitySecurable.SecuritySecurableId);
if (isInheritedSecurity)
{
securitySecurableInheritedFrom = securityResult.SecuritySecurable;
}
}
//
//Create the effective permission model for the securable describing the permissions the
//role has on the securable.
//
var effectivePermissionModel = new EffectivePermissionModel()
{
SecuritySecurableAction = securitySecurableAction,
Allowed = securityResult.Allowed,
Inherited = isInheritedSecurity,
SecuritySecurableInheritedFrom = securitySecurableInheritedFrom,
Message = securityResult.Message
};
effectivePermissionsList.Add(effectivePermissionModel);
}
//
//Add the model to the list of effective permissions for the role/securable
//
var effectivePermissionsForRoleModel = new EffectivePermissionsForRoleModel()
{
SecurityRole = role,
EffectivePermissions = effectivePermissionsList
};
effectivePermissionsForRoleList.Add(effectivePermissionsForRoleModel);
}
//
//Return the effective permissions list
//
return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse()
{
IsSuccessful = true,
SecuritySecurable = securitySecurable,
EffectivePermissionsForRoles = effectivePermissionsForRoleList
});
}
public virtual ActionResult GetEffectivePermissionsForSecurable(GetEffectivePermissionsForSecurableViewModel model)
{
//
//Populate the role selection lists
//
PopulateDropDownLists(model);
//
//Save any permission changes that came in
//
if (model.SubmitAction == SubmitActions.Save.ToString() &&
model.SecurityAccessSettings != null &&
model.SecurityAccessSettings.Count > 0)
{
var permissionsToSave = new List <PermissionToSave>();
//
//The permissions get submitted in a dictionary.
//The key is security securable action ID + "~" + security role Id
//The value is Allowed, NotAllowed, or Inherited
//
foreach (var key in model.SecurityAccessSettings.Keys)
{
//
//Break the key into its components: securitySecurableActionId and roleId
//Create the record of the permission to save for the service layer
//
var value = model.SecurityAccessSettings[key];
var keyElements = key.Split('~');
if (keyElements != null && keyElements.Count() == 2)
{
var securitySecurableActionId = int.Parse(keyElements[0]);
var roleId = int.Parse(keyElements[1]);
var permissionToSave = new PermissionToSave()
{
SecurityRoleId = roleId,
SecuritySecurableActionId = securitySecurableActionId,
PermissionValue = value
};
permissionsToSave.Add(permissionToSave);
}
}
//
//Call the service layer to persist the permissions
//
var saveRequest = new SecurityAccessMaintenanceSavePermissionsRequest()
{
SecuritySecurableId = model.SecuritySecurableId,
PermissionsToSave = permissionsToSave
};
var saveResponse = _service.SavePermissions(saveRequest);
if (!saveResponse.IsSuccessful)
{
ModelState.AddModelError("", saveResponse.Message);
}
else if (saveResponse.NumPermissionsUpdated > 0)
{
AddToastMessage(new ToastMessage()
{
Message = saveResponse.Message,
Type = ToastMessage.ToastType.Success,
AutoHide = true,
Position = ToastMessage.ToastPosition.TopCenter
});
}
}
//
//Call the service to get the effective permissions for the selected roles
//
var request = new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest()
{
SecuritySecurableId = model.SecuritySecurableId,
SelectedRoleIds = model.SelectedRoleIds
};
var response = _service.GetEffectivePermissionsForSecurable(request);
if (response.IsSuccessful)
{
model.EffectivePermissionsForSecurable = response;
model.IsSuccessful = true;
}
else
{
model.Message = response.Message;
model.IsSuccessful = false;
}
return(PartialView("_EffectivePermissionsPartial", model));
}
