public IHttpActionResult UpdatePermission([FromUri] PermissionType type, DTO.AccountPermission accountPermission)
{
try
{
accountApp.UpdatePermission(accountPermission, type, base.ClientId, base.AccountCode);
return(Ok());
}
catch (ArgumentException ex)
{
return(BadRequest(ex));
}
catch (Exception ex)
{
return(InternalServerError(ex));
}
}
public void UpdatePermission(DTO.AccountPermission accountPermission, PermissionType type, Guid clientId, Guid currentAccount)
{
using (var transaction = Connection.BeginTransaction())
{
try
{
var applicationStore = applicationStoreRepository.GetByClientId(clientId);
var storeCode = applicationStore.GetStoreCodeByAuthType(accountPermission.StoreCode);
if (!currentAccount.IsEmpty())
{
Account accountCurrent = accPermissionService.Get(currentAccount, applicationStore);
if (accountCurrent.IsNull())
{
throw new ArgumentException("Você não possui permissão para executar essa ação");
}
}
else if (!applicationStore.Store.IsMain)
{
throw new ArgumentException("Você não possui permissão para executar essa ação");
}
Account account;
Role role;
foreach (var accountCode in accountPermission.AccountCodes)
{
account = accountRepository.Get(accountCode, false, includeRole: true, includeBlacklist: true, includeApplication: true);
if (account.IsNull())
{
throw new ArgumentException("Usuário não encontrado");
}
if (account.BlacklistCollection.Count > 0)
{
throw new ArgumentException("Usuário na blacklist");
}
bool hasPendingChanges = false;
if (type == PermissionType.Add)
{
accountPermission.Applications.ForEach(applicationName =>
{
role = roleRepository.GetByApplication(applicationName, storeCode);
if (role.IsNull())
{
throw new ArgumentException("Não será possível atribuir a permissão");
}
var exist = role.AccountRoles.Any(a => a.Status && a.AccountCode == account.Code && account.AccountRoles.Any(r => r.RoleCode == a.RoleCode));
if (!exist)
{
account.ConnectRole(role);
hasPendingChanges = true;
}
});
}
else if (type == PermissionType.Remove)
{
accountPermission.Applications.ForEach(applicationName =>
{
var accountRole = account.AccountRoles
.Where(x => x.Status &&
x.Role.Permissions.Any(a => a.Resource.Application.Name.ToLower() == applicationName.ToLower() &&
x.Role.StoreCode == storeCode)).FirstOrDefault();
if (!accountRole.IsNull())
{
accountRole.Status = false;
accountRole.UpdateDate = DateTime.Now;
account.AccountRoles.Append(accountRole);
hasPendingChanges = true;
}
});
}
if (hasPendingChanges)
{
accountService.Update(account);
}
}
}
catch
{
transaction.Rollback();
throw;
}
}
}