public bool CheckPermission(PermissionRequestModel model)
{
var resource = _resourceRepository.GetAllIgnoreFilter().AsNoTracking()
.FirstOrDefault(x => x.Route.ToLower() == model.Route.ToLower());
if (resource == null)
{
return(false);
}
if (resource.IsPublic)
{
return(true);
}
User user = UserManager.FindById(AppSession.UserId);
bool isPermitted = false;
foreach (var role in user.Roles)
{
model.RoleId = role.RoleId;
model.ResourceId = resource.Id;
var permission = _repository.FirstOrDefault(x => x.RoleId == model.RoleId && x.ResourceId == model.ResourceId);
if (permission != null)
{
isPermitted = true;
}
}
return(isPermitted);
}
public async Task <PermissionDto> Update(int id, PermissionRequestModel model)
{
var permission = await _db.Permissions.FindAsync(id);
permission.Name = model.Name;
permission.Description = model.Description;
permission.Action = model.Action;
permission.Entity = model.Entity;
_db.Permissions.Update(permission);
await _db.SaveChangesAsync();
return(await GetById(permission.Id));
}
public bool AddPermission(PermissionRequestModel request)
{
PermissionViewModel existPermission = _permissionService.GetAll().FirstOrDefault(x => x.Name == request.Name);
if (existPermission != null)
{
return(false);
}
Permission newPermission = new Permission();
newPermission.Resource = request.Name;
return(_permissionService.Add(newPermission));
}
public async Task <PermissionDto> Create(PermissionRequestModel model)
{
var permission = new Data.Models.Permission
{
Name = model.Name,
Description = model.Description,
Action = model.Action,
Entity = model.Entity
};
_db.Permissions.Add(permission);
await _db.SaveChangesAsync();
return(await GetById(permission.Id));
}
public async Task <ActionResult <Permission> > Create(PermissionRequestModel model)
{
var hasPermission = !_repository
.HasPermission(await _userRepository.GetById(User.GetId()), Entities.Permission, Actions.Create);
if (hasPermission)
{
return(Unauthorized(new { Message = "You are not authorized to perform this action" }));
}
var permission = await _repository.Create(model);
return(permission != null
? Created(nameof(Create), permission)
: StatusCode(StatusCodes.Status500InternalServerError, null));
}
public async Task <ActionResult <PermissionDto> > Update(int id, PermissionRequestModel model)
{
var permission = await _repository.GetById(id);
if (permission == null)
{
return(NotFound(PermissionNotFound));
}
var hasPermission = !_repository
.HasPermission(await _userRepository.GetById(User.GetId()), Entities.Permission, Actions.Update);
if (hasPermission)
{
return(Unauthorized(new { Message = "You are not authorized to perform this action" }));
}
var result = await _repository.Update(permission.Id, model);
return(result != null
? Accepted(nameof(Update), result)
: StatusCode(StatusCodes.Status500InternalServerError, null));
}
public IHttpActionResult CheckPermission(PermissionRequestModel model)
{
bool isPermitted = _service.CheckPermission(model);
return(Ok(isPermitted));
}
