Webiant Logo Webiant Logo
  1. No results found.

    Try your search with a different keyword or use * as a wildcard.

SecurityController.cs

using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Nop.Core;
using Nop.Core.Domain.Security;
using Nop.Services.Customers;
using Nop.Services.Localization;
using Nop.Services.Messages;
using Nop.Services.Security;
using Nop.Web.Areas.Admin.Factories;
using Nop.Web.Areas.Admin.Models.Security;
using ILogger = Nop.Services.Logging.ILogger;

namespace Nop.Web.Areas.Admin.Controllers;

public partial class SecurityController : BaseAdminController
{
    #region Fields

    protected readonly ICustomerService _customerService;
    protected readonly ILocalizationService _localizationService;
    protected readonly ILogger _logger;
    protected readonly INotificationService _notificationService;
    protected readonly IPermissionService _permissionService;
    protected readonly ISecurityModelFactory _securityModelFactory;
    protected readonly IWorkContext _workContext;
    private static readonly char[] _separator = [','];

    #endregion

    #region Ctor

    public SecurityController(ICustomerService customerService,
        ILocalizationService localizationService,
        ILogger logger,
        INotificationService notificationService,
        IPermissionService permissionService,
        ISecurityModelFactory securityModelFactory,
        IWorkContext workContext)
    {
        _customerService = customerService;
        _localizationService = localizationService;
        _logger = logger;
        _notificationService = notificationService;
        _permissionService = permissionService;
        _securityModelFactory = securityModelFactory;
        _workContext = workContext;
    }

    #endregion

    #region Methods

    public virtual async Task AccessDenied(string pageUrl)
    {
        var currentCustomer = await _workContext.GetCurrentCustomerAsync();
        if (currentCustomer == null || await _customerService.IsGuestAsync(currentCustomer))
        {
            await _logger.InformationAsync($"Access denied to anonymous request on {pageUrl}");
            return View();
        }

        await _logger.InformationAsync($"Access denied to user #{currentCustomer.Email} '{currentCustomer.Email}' on {pageUrl}");

        return View();
    }

    public virtual async Task Permissions()
    {
        if (!await _permissionService.AuthorizeAsync(StandardPermissionProvider.ManageAcl))
            return AccessDeniedView();

        //prepare model
        var model = await _securityModelFactory.PreparePermissionMappingModelAsync(new PermissionMappingModel());

        return View(model);
    }

    [HttpPost, ActionName("Permissions")]
    public virtual async Task PermissionsSave(PermissionMappingModel model, IFormCollection form)
    {
        if (!await _permissionService.AuthorizeAsync(StandardPermissionProvider.ManageAcl))
            return AccessDeniedView();

        var permissionRecords = await _permissionService.GetAllPermissionRecordsAsync();
        var customerRoles = await _customerService.GetAllCustomerRolesAsync(true);

        foreach (var cr in customerRoles)
        {
            var formKey = "allow_" + cr.Id;
            var permissionRecordSystemNamesToRestrict = !StringValues.IsNullOrEmpty(form[formKey])
                ? form[formKey].ToString().Split(_separator, StringSplitOptions.RemoveEmptyEntries).ToList()
                : new List();

            foreach (var pr in permissionRecords)
            {
                var allow = permissionRecordSystemNamesToRestrict.Contains(pr.SystemName);

                if (allow == await _permissionService.AuthorizeAsync(pr.SystemName, cr.Id))
                    continue;

                if (allow)
                {
                    await _permissionService.InsertPermissionRecordCustomerRoleMappingAsync(new PermissionRecordCustomerRoleMapping { PermissionRecordId = pr.Id, CustomerRoleId = cr.Id });
                }
                else
                {
                    await _permissionService.DeletePermissionRecordCustomerRoleMappingAsync(pr.Id, cr.Id);
                }

                await _permissionService.UpdatePermissionRecordAsync(pr);
            }
        }

        _notificationService.SuccessNotification(await _localizationService.GetResourceAsync("Admin.Configuration.ACL.Updated"));

        return RedirectToAction("Permissions");
    }

    #endregion
}