private async Task <List <Permission> > ValidatePermissionList(IEnumerable <Guid> permissionIds, string roleName, string grain, string securableItem, IEnumerable <Permission> existingPermissions)
{
var permissionsToAdd = new List <Permission>();
var permissions = existingPermissions.ToList();
foreach (var permissionId in permissionIds)
{
if (permissions.Any(p => p.Id == permissionId))
{
throw new AlreadyExistsException <Permission>(
$"Permission {permissionId} already exists for role {roleName}. Please provide a new permission id.");
}
var permission = await _permissionStore.Get(permissionId);
if (!(permission.Grain == grain && permission.SecurableItem == securableItem))
{
throw new IncompatiblePermissionException(
$"Permission with id {permission.Id} has the wrong grain and/or securableItem.");
}
permissionsToAdd.Add(permission);
}
return(permissionsToAdd);
}
/// <summary>
/// Adds permissions to a Role.
/// </summary>
public async Task <Role> AddPermissionsToRole(Role role, Guid[] permissionIds)
{
var permissionsToAdd = new List <Permission>();
foreach (var permissionId in permissionIds)
{
var permission = await _permissionStore.Get(permissionId);
if (permission.Grain == role.Grain && permission.SecurableItem == role.SecurableItem && role.Permissions.All(p => p.Id != permission.Id))
{
permissionsToAdd.Add(permission);
}
else
{
throw new IncompatiblePermissionException($"Permission with id {permission.Id} has the wrong grain, securableItem, or is already present on the role");
}
}
foreach (var permission in permissionsToAdd)
{
role.Permissions.Add(permission);
}
await _roleStore.Update(role);
return(role);
}
/// <summary>
/// Get a single permission by Id.
/// </summary>
public async Task <Permission> GetPermission(Guid permissionId)
{
return(await _permissionStore.Get(permissionId));
}