public async Task <(bool IsDone, string Message)> UpdateAsync(Guid userId, UpdatePoliciesModel model) { try { var user = await _context.Users.FindAsync(userId); var userAccess = await GetUserAccessAsync(user.Id, model.ProjectId); if (!userAccess[UserAction.CHANGE_SECURITY]) { return(IsDone : false, Message : "You don't have rights"); } foreach (var projectUser in model.Users) { var uId = _context.Users.SingleOrDefault(u => u.Email == projectUser.Email).Id; foreach (var action in projectUser.Actions) { var oldPolicy = _context.ProjectSecurityPolicies .SingleOrDefault(x => x.UserId == uId && x.Action == (int)action.Action && x.ProjectSettingsId == model.ProjectId); if (oldPolicy != null) { _context.Remove(oldPolicy); await _context.SaveChangesAsync(); } var policy = new ProjectSecurityPolicy { Action = (int)action.Action, IsAllowed = action.Allowed, UserId = uId, ProjectSettingsId = model.ProjectId }; await _context.ProjectSecurityPolicies.AddAsync(policy); } } await _context.SaveChangesAsync(); return(IsDone : true, Message : "Success"); } catch (Exception e) { _logger.LogError("SecurityService, UpdateAsync", e); } return(IsDone : false, Message : "Could not update security settings"); }
public async Task <IActionResult> UpdateAccessSettings([FromBody] UpdatePoliciesModel model) { var(IsDone, Message) = await _securityService.UpdateAsync(this.UserId(), model); return(IsDone ? (IActionResult)Ok(Message) : BadRequest(Message)); }