diff options
| author | transtrike <transtrike@gmail.com> | 2021-01-23 16:01:05 +0200 |
|---|---|---|
| committer | transtrike <transtrike@gmail.com> | 2021-01-23 16:01:05 +0200 |
| commit | 1f8d51c5393ea2f413de4f3e05f77d360d096ff3 (patch) | |
| tree | 529dd85dfcae02a38ff6525c75c17db49f64bd91 | |
| parent | df06bc309d44db352441f42de7d34794a6ee54ba (diff) | |
| download | DevHive-1f8d51c5393ea2f413de4f3e05f77d360d096ff3.tar DevHive-1f8d51c5393ea2f413de4f3e05f77d360d096ff3.tar.gz DevHive-1f8d51c5393ea2f413de4f3e05f77d360d096ff3.zip | |
The beginning of role based authorization
11 files changed, 32 insertions, 18 deletions
diff --git a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs index d6c8511..5f9452f 100644 --- a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs +++ b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs @@ -8,6 +8,7 @@ namespace DevHive.Services.Configurations.Mapping { public RoleMappings() { + CreateMap<CreateRoleServiceModel, Role>(); CreateMap<RoleServiceModel, Role>(); CreateMap<UpdateRoleServiceModel, Role>(); diff --git a/src/DevHive.Services/Interfaces/IRoleService.cs b/src/DevHive.Services/Interfaces/IRoleService.cs index fd661be..3a498d2 100644 --- a/src/DevHive.Services/Interfaces/IRoleService.cs +++ b/src/DevHive.Services/Interfaces/IRoleService.cs @@ -6,7 +6,7 @@ namespace DevHive.Services.Interfaces { public interface IRoleService { - Task<Guid> CreateRole(RoleServiceModel roleServiceModel); + Task<Guid> CreateRole(CreateRoleServiceModel roleServiceModel); Task<RoleServiceModel> GetRoleById(Guid id); diff --git a/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs b/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs index 53bea9e..3bed3fd 100644 --- a/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs +++ b/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs @@ -5,10 +5,6 @@ namespace DevHive.Services.Models.Identity.Role { public class CreateRoleServiceModel { - [NotNull] - [Required] - [MinLength(3)] - [MaxLength(50)] public string Name { get; set; } } } diff --git a/src/DevHive.Services/Services/RoleService.cs b/src/DevHive.Services/Services/RoleService.cs index 896946d..91a8c73 100644 --- a/src/DevHive.Services/Services/RoleService.cs +++ b/src/DevHive.Services/Services/RoleService.cs @@ -20,12 +20,11 @@ namespace DevHive.Services.Services this._roleMapper = mapper; } - public async Task<Guid> CreateRole(RoleServiceModel roleServiceModel) + public async Task<Guid> CreateRole(CreateRoleServiceModel roleServiceModel) { if (await this._roleRepository.DoesNameExist(roleServiceModel.Name)) throw new ArgumentException("Role already exists!"); - Role role = this._roleMapper.Map<Role>(roleServiceModel); bool success = await this._roleRepository.AddAsync(role); diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs index 533f422..cf33644 100644 --- a/src/DevHive.Services/Services/UserService.cs +++ b/src/DevHive.Services/Services/UserService.cs @@ -194,6 +194,8 @@ namespace DevHive.Services.Services return false; /* Check roles */ + if(jwtRoleNames.Contains(Role.AdminRole)) + return true; // Check if jwt contains all user roles (if it doesn't, jwt is either old or tampered with) foreach (var role in user.Roles) diff --git a/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs b/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs index 4831435..6e92a65 100644 --- a/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs +++ b/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs @@ -8,6 +8,8 @@ using Microsoft.AspNetCore.Builder; using System; using Microsoft.AspNetCore.Authentication.JwtBearer; using DevHive.Data; +using Microsoft.AspNetCore.Authorization; +using System.Collections.Generic; namespace DevHive.Web.Configurations.Extensions { @@ -19,6 +21,7 @@ namespace DevHive.Web.Configurations.Extensions options.UseNpgsql(configuration.GetConnectionString("DEV"))); services.AddIdentity<User, Role>() + .AddRoles<Role>() .AddEntityFrameworkStores<DevHiveContext>(); services.Configure<IdentityOptions>(options => @@ -47,6 +50,15 @@ namespace DevHive.Web.Configurations.Extensions options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); options.RequireRole("User"); }); + + options.AddPolicy("Administrator", options => + { + options.RequireAuthenticatedUser(); + options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); + options.RequireRole("Admin"); + }); + + // options.DefaultPolicy = ; }); } diff --git a/src/DevHive.Web/Controllers/LanguageController.cs b/src/DevHive.Web/Controllers/LanguageController.cs index e2d0dec..c0c5fd1 100644 --- a/src/DevHive.Web/Controllers/LanguageController.cs +++ b/src/DevHive.Web/Controllers/LanguageController.cs @@ -4,12 +4,14 @@ using AutoMapper; using DevHive.Services.Interfaces; using DevHive.Services.Models.Language; using DevHive.Web.Models.Language; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] + [Authorize(Policy = "Administrator")] public class LanguageController { private readonly ILanguageService _languageService; @@ -34,6 +36,7 @@ namespace DevHive.Web.Controllers } [HttpGet] + [Authorize(Policy = "User")] public async Task<IActionResult> GetById(Guid id) { ReadLanguageServiceModel languageServiceModel = await this._languageService.GetLanguageById(id); diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs index 50923d2..8b7344b 100644 --- a/src/DevHive.Web/Controllers/PostController.cs +++ b/src/DevHive.Web/Controllers/PostController.cs @@ -13,7 +13,6 @@ namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - [Authorize(Roles = "User")] public class PostController { private readonly IPostService _postService; @@ -27,6 +26,7 @@ namespace DevHive.Web.Controllers //Create [HttpPost] + [Authorize(Roles = "User")] public async Task<IActionResult> Create([FromBody] CreatePostWebModel createPostModel) { CreatePostServiceModel postServiceModel = diff --git a/src/DevHive.Web/Controllers/RoleController.cs b/src/DevHive.Web/Controllers/RoleController.cs index 227b877..0206542 100644 --- a/src/DevHive.Web/Controllers/RoleController.cs +++ b/src/DevHive.Web/Controllers/RoleController.cs @@ -5,12 +5,12 @@ using AutoMapper; using System; using DevHive.Services.Interfaces; using DevHive.Services.Models.Identity.Role; +using Microsoft.AspNetCore.Authorization; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - //[Authorize(Roles = "Admin")] public class RoleController { private readonly IRoleService _roleService; @@ -23,20 +23,21 @@ namespace DevHive.Web.Controllers } [HttpPost] + [Authorize(Policy = "Administrator")] public async Task<IActionResult> Create([FromBody] CreateRoleWebModel createRoleWebModel) { - RoleServiceModel roleServiceModel = - this._roleMapper.Map<RoleServiceModel>(createRoleWebModel); + CreateRoleServiceModel roleServiceModel = + this._roleMapper.Map<CreateRoleServiceModel>(createRoleWebModel); Guid id = await this._roleService.CreateRole(roleServiceModel); return id == Guid.Empty ? new BadRequestObjectResult($"Could not create role {createRoleWebModel.Name}") : new OkObjectResult(new { Id = id }); - } [HttpGet] + [Authorize(Policy = "User")] public async Task<IActionResult> GetById(Guid id) { RoleServiceModel roleServiceModel = await this._roleService.GetRoleById(id); @@ -46,6 +47,7 @@ namespace DevHive.Web.Controllers } [HttpPut] + [Authorize(Policy = "Administrator")] public async Task<IActionResult> Update(Guid id, [FromBody] UpdateRoleWebModel updateRoleWebModel) { UpdateRoleServiceModel updateRoleServiceModel = @@ -61,6 +63,7 @@ namespace DevHive.Web.Controllers } [HttpDelete] + [Authorize(Policy = "Administrator")] public async Task<IActionResult> Delete(Guid id) { bool result = await this._roleService.DeleteRole(id); diff --git a/src/DevHive.Web/Controllers/TechnologyController.cs b/src/DevHive.Web/Controllers/TechnologyController.cs index ba2ffdc..9c6c094 100644 --- a/src/DevHive.Web/Controllers/TechnologyController.cs +++ b/src/DevHive.Web/Controllers/TechnologyController.cs @@ -4,12 +4,14 @@ using AutoMapper; using DevHive.Services.Interfaces; using DevHive.Services.Models.Technology; using DevHive.Web.Models.Technology; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] + [Authorize(Policy = "Administrator")] public class TechnologyController { private readonly ITechnologyService _technologyService; @@ -34,6 +36,7 @@ namespace DevHive.Web.Controllers } [HttpGet] + [Authorize(Policy = "User")] public async Task<IActionResult> GetById(Guid id) { CreateTechnologyServiceModel createTechnologyServiceModel = await this._technologyService.GetTechnologyById(id); diff --git a/src/DevHive.Web/Controllers/UserController.cs b/src/DevHive.Web/Controllers/UserController.cs index fbbbbff..dd94089 100644 --- a/src/DevHive.Web/Controllers/UserController.cs +++ b/src/DevHive.Web/Controllers/UserController.cs @@ -7,15 +7,12 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using DevHive.Common.Models.Identity; using DevHive.Services.Interfaces; -using Microsoft.AspNetCore.JsonPatch; -using DevHive.Common.Models.Misc; -using System.Collections.Generic; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - [Authorize(Roles = "User")] + [Authorize(Policy = "User")] public class UserController : ControllerBase { private readonly IUserService _userService; @@ -56,7 +53,6 @@ namespace DevHive.Web.Controllers #endregion #region Read - [HttpGet] public async Task<IActionResult> GetById(Guid id, [FromHeader] string authorization) { @@ -71,7 +67,6 @@ namespace DevHive.Web.Controllers [HttpGet] [Route("GetUser")] - [AllowAnonymous] public async Task<IActionResult> GetUser(string username) { UserServiceModel friendServiceModel = await this._userService.GetUserByUsername(username); |