This week I came cross this question on Episerver World forum https://world.episerver.com/forum/developer-forum/Episerver-Commerce/Thread-Container/2019/5/get-rolepermission-data/ , and while it is not Commerce-related. it is quite interesting to solve. Perhaps this short post will help the original poster, as well future visitors.
As in the thread, I replied the first piece to solve the puzzle:
You can use PermissionTypeRepository to get the registered PermissionTypes, then PermissionRepository to figure out which groups/users have a specific permission
If you want to list permissions granted to a specific role or user, it is just a simple reversion using a dictionary:
var rolePermissionMap = new Dictionary<string, HashSet<PermissionType>>(StringComparer.OrdinalIgnoreCase);
var permissionTypes = _permissionTypeRepository.List();
foreach (var permissionType in permissionTypes)
{
var securityEntities = _permissionRepository.GetPermissions(permissionType);
foreach (var securityEntity in securityEntities)
{
if (rolePermissionMap.ContainsKey(securityEntity.Name))
{
rolePermissionMap[securityEntity.Name].Add(permissionType);
}
else
{
rolePermissionMap[securityEntity.Name] = new HashSet<PermissionType>() { permissionType };
}
}
}As suggested above, we use PermissionTypeRepository to list the registered PermissionType(s) , and then for each PermissionType we get the list of SecurityEntity it is granted for. A SecurityEntity can be an user, a group, or a virtual role, and is identified by the name. For purpose of demonstration, we only use names: For each SecurityEntity granted a permission, we check if it is in our dictionary already, if yes, then add the permission to the list, otherwise add a new entry.
Simple, eh?
Unless if you are assigning/un-assigning permissions a lot, it is probably a good idea to keep this Dictionary in cache for some time, because it is not exactly cheap to build.
