public async Task <(bool IsDone, string Message)> UpdateAsync(Guid userId, UpdatePoliciesModel model)
{
try
{
var user = await _context.Users.FindAsync(userId);
var userAccess = await GetUserAccessAsync(user.Id, model.ProjectId);
if (!userAccess[UserAction.CHANGE_SECURITY])
{
return(IsDone : false, Message : "You don't have rights");
}
foreach (var projectUser in model.Users)
{
var uId = _context.Users.SingleOrDefault(u => u.Email == projectUser.Email).Id;
foreach (var action in projectUser.Actions)
{
var oldPolicy = _context.ProjectSecurityPolicies
.SingleOrDefault(x => x.UserId == uId && x.Action == (int)action.Action && x.ProjectSettingsId == model.ProjectId);
if (oldPolicy != null)
{
_context.Remove(oldPolicy);
await _context.SaveChangesAsync();
}
var policy = new ProjectSecurityPolicy
{
Action = (int)action.Action,
IsAllowed = action.Allowed,
UserId = uId,
ProjectSettingsId = model.ProjectId
};
await _context.ProjectSecurityPolicies.AddAsync(policy);
}
}
await _context.SaveChangesAsync();
return(IsDone : true, Message : "Success");
}
catch (Exception e)
{
_logger.LogError("SecurityService, UpdateAsync", e);
}
return(IsDone : false, Message : "Could not update security settings");
}
public async Task <IActionResult> UpdateAccessSettings([FromBody] UpdatePoliciesModel model)
{
var(IsDone, Message) = await _securityService.UpdateAsync(this.UserId(), model);
return(IsDone ? (IActionResult)Ok(Message) : BadRequest(Message));
}
