/// <summary> /// This is called if the Permissions that a user needs calculating. /// It looks at what permissions the user has, and then filters out any permissions /// they aren't allowed because they haven't get access to the module that permission is linked to. /// </summary> /// <param name="userId"></param> /// <returns>a string containing the packed permissions</returns> public async Task <string> ComputeUserPermissionsAsync(string userId) { // This gets all the permissions, with a distinct to remove duplicates var permissionsForUser = (await _repository.GetUsersToRoleByIdAsync(userId)) .Select(x => x.Role.PermissionsInRole) .ToList() //Because the permissions are packed we have to put these parts of the query after the ToListAsync() .SelectMany(x => x).Distinct(); //we get the modules this user is allowed to see PaidForModule userModules = (await _repository.GetModuleForUserAsync(userId))?.AllowedModules ?? PaidForModule.None; //Now we remove permissions that are linked to modules that the user has no access to var filteredPermissions = from permission in permissionsForUser let moduleAttr = typeof(Permission).GetMember(permission.ToString())[0] .GetCustomAttribute <LinkedToModuleAttribute>() where moduleAttr == null || userModules.HasFlag(moduleAttr.PaidForModule) select permission; return(filteredPermissions.PackPermissionsIntoString()); }
public LinkedToModuleAttribute(PaidForModule paidForModule) { PaidForModule = paidForModule; }
} //needed by EF Core /// <summary> /// This links modules to a user /// </summary> /// <param name="userId"></param> /// <param name="allowedPaidForModules"></param> public ModulesForUser(string userId, PaidForModule allowedPaidForModules) { UserId = userId ?? throw new ArgumentNullException(nameof(userId)); AllowedModules = allowedPaidForModules; }