/// <summary> /// Grants a permission to a user given the model. /// </summary> /// <param name="revokedPermission">The model containing the revoked permission.</param> /// <returns>The task.</returns> public async Task RevokePermissionAsync(IRevokedPermissionBindingModel revokedPermission) { var grantorUserId = GetGrantorPrincipalId(); var permission = revokedPermission.ToRevokedPermission(grantorUserId); throwIfGrantorAndGranteePrincipalIdEqual(permission.GranteePrincipalId, grantorUserId); await principalService.RevokePermissionAsync(permission); await ClearUserCacheAsync(permission.GranteePrincipalId); }
/// <summary> /// Handles the given model from a client via the given controller. /// </summary> /// <param name="model">The permission model.</param> /// <param name="controller">The controller that is handling the client request.</param> /// <returns>The result the controller should return.</returns> public async Task <IHttpActionResult> HandleRevokedPermissionBindingModelAsync(IRevokedPermissionBindingModel model, ApiController controller) { if (controller.ModelState.IsValid) { await RevokePermissionAsync(model); await SaveChangesAsync(); return(new OkResult(controller)); } else { return(new InvalidModelStateResult(controller.ModelState, controller)); } }