How to manage roles ?

Role operations

• Create/Update/Delete roles
• Create role profile attributes
• Get role profile values
• Save/Update role profile values
• Get roles
• Find roles by various parameters
• Grant/Revoke a role to/from user
• Grant/revoke permissions to/from role
• Grant/revoke permissionsets to/from role

Add following namespaces in your code

using Novalys.VisualGuard.Security;
using Novalys.VisualGuard.Security.Common;
using Novalys.VisualGuard.Security.CommonProfileAttribute;
using Novalys.VisualGuard.Security.Database;
using Novalys.VisualGuard.Security.Membership;
using Novalys.VisualGuard.Security.UserProfile;
using System;
using System.Collections.Generic;

Define VisualGuard runtime

VGSecurityRuntime runtime = VGSecurityManager.Runtime;

Create/Update/Delete VGRole

//Create / Update / Delete role

var currentApp = runtime.Application.GetCurrentApplication();

//Creates a new role in current application
var roleHR = runtime.Roles.CreateRole("Role_HROperations", "Role HR operations", currentApp);
var roleEmp = runtime.Roles.CreateRole("Role_EmployeeOperations", "Role Employee Operations", currentApp);

//creates a new shared role (shared between multiple applications)
var sharedRole = runtime.Roles.CreateSharedRole("SharedRole", "This is shared Role");

roleHR.Comment = "This role is responsible for HR operations ";           

//update role
runtime.Roles.UpdateRole(roleHR);

//delete role
runtime.Roles.DeleteRole(roleEmp, true);

Create role profile attributes

//Create role profile attributes 
//various datatypes supported - few examples
var attr_A = runtime.Roles.CreateProfileAttribute("AttrA", VGCommonProfileDataType.String);
var attr_B = runtime.Roles.CreateProfileAttribute("AttrB", VGCommonProfileDataType.Boolean);
var attr_C = runtime.Roles.CreateProfileAttribute("AttrC", VGCommonProfileDataType.DateTime);
var attr_D = runtime.Roles.CreateProfileAttribute("AttrD", VGCommonProfileDataType.Integer);

Get role profile values.

string attrA = roleHR.GetValue<string>("AttrA");
bool attrB = roleHR.GetValue<bool>("AttrB");
DateTime attrC = roleHR.GetValue<DateTime>("AttrC");
int attrD = roleHR.GetValue<int>("AttrD");

Save/Update role profile values

roleHR.SetValue<string>(attr_A.Id, "Some information");
roleHR.SetValue<bool>(attr_B.Id, true);
roleHR.SetValue<DateTime>(attr_C.Id, DateTime.Now.Date);
roleHR.SetValue<int>(attr_D.Id, 100);

runtime.Roles.UpdateRole(roleHR);

Get roles from storage depending on rights of the user

//Get all roles (all application's roles)
VGRoleCollection roles = runtime.Roles.GetAllRolesAsCollection();

//get all shared roles
VGRoleCollection sharedroles = runtime.Roles.GetAllSharedRolesAsCollection();

//get all roles of current application
//var currentApp = runtime.Application.GetCurrentApplication();
var currentAppRoles = runtime.Roles.GetAllRolesAsCollection(currentApp);

//get all roles for particular user
var tempJsmithUser = runtime.Membership.GetUser("jsmith");
var userRoles = runtime.Roles.GetAllRolesForUser(tempJsmithUser);

Find roles(by rolename, role profile values)

//find roles by name
var findRoles = runtime.Roles.FindRolesByName("Role_HROperations", currentApp.Id);

//find roles by profile attribute
var findRolesCollection = runtime.Roles.FindRolesByProfileAttributeValue(attr_A.Id, "Some information");
findRolesCollection = runtime.Roles.FindRolesByProfileAttributeValue(attr_B.Id, true);
findRolesCollection = runtime.Roles.FindRolesByProfileAttributeValue(attr_C.Id, DateTime.Now.Date);
findRolesCollection = runtime.Roles.FindRolesByProfileAttributeValue(attr_D.Id, 100);

Grant/Revoke a role to/from user

//Grant a role to user
tempJsmithUser = runtime.Membership.GetUser("jsmith");
runtime.Roles.AddUserToRole(tempJsmithUser, roleHR);

//revoke a role from user
runtime.Roles.RemoveUserFromRole(tempJsmithUser, roleHR);

Grant/revoke permissions to/from role

//grant permission to role
runtime.Roles.GrantPermissionToRole(roleHR, perm_CanManageEmployeeProfile);
runtime.Roles.GrantPermissionToRole(roleHR, perm_CanManageLeavePolicy);

//revoke permission from role
runtime.Roles.RevokePermissionFromRole(roleHR, perm_CanManageLeavePolicy);

Grant/revoke permissionsets to/from role

//grant ps to role
runtime.PermissionSets.GrantPermissionSetToRole(roleHR, ps_HR);

//revoke ps from role
runtime.PermissionSets.RevokePermissionSetToRole(roleHR, ps_HR);