public bool CheckPermission(PermissionRequestModel model) { var resource = _resourceRepository.GetAllIgnoreFilter().AsNoTracking() .FirstOrDefault(x => x.Route.ToLower() == model.Route.ToLower()); if (resource == null) { return(false); } if (resource.IsPublic) { return(true); } User user = UserManager.FindById(AppSession.UserId); bool isPermitted = false; foreach (var role in user.Roles) { model.RoleId = role.RoleId; model.ResourceId = resource.Id; var permission = _repository.FirstOrDefault(x => x.RoleId == model.RoleId && x.ResourceId == model.ResourceId); if (permission != null) { isPermitted = true; } } return(isPermitted); }
public async Task <PermissionDto> Update(int id, PermissionRequestModel model) { var permission = await _db.Permissions.FindAsync(id); permission.Name = model.Name; permission.Description = model.Description; permission.Action = model.Action; permission.Entity = model.Entity; _db.Permissions.Update(permission); await _db.SaveChangesAsync(); return(await GetById(permission.Id)); }
public bool AddPermission(PermissionRequestModel request) { PermissionViewModel existPermission = _permissionService.GetAll().FirstOrDefault(x => x.Name == request.Name); if (existPermission != null) { return(false); } Permission newPermission = new Permission(); newPermission.Resource = request.Name; return(_permissionService.Add(newPermission)); }
public async Task <PermissionDto> Create(PermissionRequestModel model) { var permission = new Data.Models.Permission { Name = model.Name, Description = model.Description, Action = model.Action, Entity = model.Entity }; _db.Permissions.Add(permission); await _db.SaveChangesAsync(); return(await GetById(permission.Id)); }
public async Task <ActionResult <Permission> > Create(PermissionRequestModel model) { var hasPermission = !_repository .HasPermission(await _userRepository.GetById(User.GetId()), Entities.Permission, Actions.Create); if (hasPermission) { return(Unauthorized(new { Message = "You are not authorized to perform this action" })); } var permission = await _repository.Create(model); return(permission != null ? Created(nameof(Create), permission) : StatusCode(StatusCodes.Status500InternalServerError, null)); }
public async Task <ActionResult <PermissionDto> > Update(int id, PermissionRequestModel model) { var permission = await _repository.GetById(id); if (permission == null) { return(NotFound(PermissionNotFound)); } var hasPermission = !_repository .HasPermission(await _userRepository.GetById(User.GetId()), Entities.Permission, Actions.Update); if (hasPermission) { return(Unauthorized(new { Message = "You are not authorized to perform this action" })); } var result = await _repository.Update(permission.Id, model); return(result != null ? Accepted(nameof(Update), result) : StatusCode(StatusCodes.Status500InternalServerError, null)); }
public IHttpActionResult CheckPermission(PermissionRequestModel model) { bool isPermitted = _service.CheckPermission(model); return(Ok(isPermitted)); }