public async Task AddOrUpdateGranularPermission(GranularPermission granularPermission)
{
var idParts = SplitGranularPermissionId(granularPermission.Id);
var user = await _authorizationDbContext.Users
.Include(u => u.UserPermissions)
.ThenInclude(up => up.Permission)
.SingleOrDefaultAsync(u => u.IdentityProvider.Equals(idParts[1], StringComparison.OrdinalIgnoreCase) &&
u.SubjectId.Equals(idParts[0], StringComparison.OrdinalIgnoreCase) &&
!u.IsDeleted);
if (user == null)
{
user = new EntityModels.User
{
IdentityProvider = idParts[1],
SubjectId = idParts[0],
Name = $"{idParts[1]}\\{idParts[0]}"
};
_authorizationDbContext.Users.Add(user);
}
// remove all current permissions first and then replace them with the new set of permissions
var currentUserPermissions = user.UserPermissions.Where(up => !up.IsDeleted);
foreach (var userPermission in currentUserPermissions)
{
userPermission.IsDeleted = true;
}
await _authorizationDbContext.UserPermissions.AddRangeAsync(granularPermission.AdditionalPermissions.Select(
ap => new UserPermission
{
SubjectId = user.SubjectId,
IdentityProvider = user.IdentityProvider,
PermissionId = ap.Id,
PermissionAction = PermissionAction.Allow
}));
await _authorizationDbContext.UserPermissions.AddRangeAsync(granularPermission.DeniedPermissions.Select(
dp => new UserPermission
{
SubjectId = user.SubjectId,
IdentityProvider = user.IdentityProvider,
PermissionId = dp.Id,
PermissionAction = PermissionAction.Deny
}));
await _authorizationDbContext.SaveChangesAsync();
}
public static Domain.Models.User ToModel(this EntityModels.User entity)
{
return(entity == null ? null : Mapper.Map <Domain.Models.User>(entity));
}
public static void ToEntity(this Domain.Models.User model, EntityModels.User entity)
{
Mapper.Map(model, entity);
}
