From 1f8d51c5393ea2f413de4f3e05f77d360d096ff3 Mon Sep 17 00:00:00 2001
From: transtrike <transtrike@gmail.com>
Date: Sat, 23 Jan 2021 16:01:05 +0200
Subject: The beginning of role based authorization

---
 src/DevHive.Services/Configurations/Mapping/RoleMapings.cs   |  1 +
 src/DevHive.Services/Interfaces/IRoleService.cs              |  2 +-
 .../Models/Identity/Role/CreateRoleServiceModel.cs           |  4 ----
 src/DevHive.Services/Services/RoleService.cs                 |  3 +--
 src/DevHive.Services/Services/UserService.cs                 |  2 ++
 .../Configurations/Extensions/ConfigureDatabase.cs           | 12 ++++++++++++
 src/DevHive.Web/Controllers/LanguageController.cs            |  3 +++
 src/DevHive.Web/Controllers/PostController.cs                |  2 +-
 src/DevHive.Web/Controllers/RoleController.cs                | 11 +++++++----
 src/DevHive.Web/Controllers/TechnologyController.cs          |  3 +++
 src/DevHive.Web/Controllers/UserController.cs                |  7 +------
 11 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
index d6c8511..5f9452f 100644
--- a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
+++ b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
@@ -8,6 +8,7 @@ namespace DevHive.Services.Configurations.Mapping
 	{
 		public RoleMappings()
 		{
+			CreateMap<CreateRoleServiceModel, Role>();
 			CreateMap<RoleServiceModel, Role>();
 			CreateMap<UpdateRoleServiceModel, Role>();
 
diff --git a/src/DevHive.Services/Interfaces/IRoleService.cs b/src/DevHive.Services/Interfaces/IRoleService.cs
index fd661be..3a498d2 100644
--- a/src/DevHive.Services/Interfaces/IRoleService.cs
+++ b/src/DevHive.Services/Interfaces/IRoleService.cs
@@ -6,7 +6,7 @@ namespace DevHive.Services.Interfaces
 {
     public interface IRoleService
 	{
-		Task<Guid> CreateRole(RoleServiceModel roleServiceModel);
+		Task<Guid> CreateRole(CreateRoleServiceModel roleServiceModel);
 
 		Task<RoleServiceModel> GetRoleById(Guid id);
 
diff --git a/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs b/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs
index 53bea9e..3bed3fd 100644
--- a/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs
+++ b/src/DevHive.Services/Models/Identity/Role/CreateRoleServiceModel.cs
@@ -5,10 +5,6 @@ namespace DevHive.Services.Models.Identity.Role
 {
 	public class CreateRoleServiceModel
 	{
-		[NotNull]
-		[Required]
-		[MinLength(3)]
-		[MaxLength(50)]
 		public string Name { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Services/RoleService.cs b/src/DevHive.Services/Services/RoleService.cs
index 896946d..91a8c73 100644
--- a/src/DevHive.Services/Services/RoleService.cs
+++ b/src/DevHive.Services/Services/RoleService.cs
@@ -20,12 +20,11 @@ namespace DevHive.Services.Services
 			this._roleMapper = mapper;
 		}
 
-		public async Task<Guid> CreateRole(RoleServiceModel roleServiceModel)
+		public async Task<Guid> CreateRole(CreateRoleServiceModel roleServiceModel)
 		{
 			if (await this._roleRepository.DoesNameExist(roleServiceModel.Name))
 				throw new ArgumentException("Role already exists!");
 
-
 			Role role = this._roleMapper.Map<Role>(roleServiceModel);
 			bool success = await this._roleRepository.AddAsync(role);
 
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index 533f422..cf33644 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -194,6 +194,8 @@ namespace DevHive.Services.Services
 					return false;
 
 			/* Check roles */
+			if(jwtRoleNames.Contains(Role.AdminRole))
+				return true;
 
 			// Check if jwt contains all user roles (if it doesn't, jwt is either old or tampered with)
 			foreach (var role in user.Roles)
diff --git a/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs b/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs
index 4831435..6e92a65 100644
--- a/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs
+++ b/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs
@@ -8,6 +8,8 @@ using Microsoft.AspNetCore.Builder;
 using System;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using DevHive.Data;
+using Microsoft.AspNetCore.Authorization;
+using System.Collections.Generic;
 
 namespace DevHive.Web.Configurations.Extensions
 {
@@ -19,6 +21,7 @@ namespace DevHive.Web.Configurations.Extensions
 				options.UseNpgsql(configuration.GetConnectionString("DEV")));
 
 			services.AddIdentity<User, Role>()
+				.AddRoles<Role>()
 				.AddEntityFrameworkStores<DevHiveContext>();
 
 			services.Configure<IdentityOptions>(options =>
@@ -47,6 +50,15 @@ namespace DevHive.Web.Configurations.Extensions
 					options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
 					options.RequireRole("User");
 				});
+
+				options.AddPolicy("Administrator", options =>
+				{
+					options.RequireAuthenticatedUser();
+					options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
+					options.RequireRole("Admin");
+				});
+
+				// options.DefaultPolicy = ;
 			});
 		}
 
diff --git a/src/DevHive.Web/Controllers/LanguageController.cs b/src/DevHive.Web/Controllers/LanguageController.cs
index e2d0dec..c0c5fd1 100644
--- a/src/DevHive.Web/Controllers/LanguageController.cs
+++ b/src/DevHive.Web/Controllers/LanguageController.cs
@@ -4,12 +4,14 @@ using AutoMapper;
 using DevHive.Services.Interfaces;
 using DevHive.Services.Models.Language;
 using DevHive.Web.Models.Language;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DevHive.Web.Controllers
 {
 	[ApiController]
 	[Route("/api/[controller]")]
+	[Authorize(Policy = "Administrator")]
 	public class LanguageController
 	{
 		private readonly ILanguageService _languageService;
@@ -34,6 +36,7 @@ namespace DevHive.Web.Controllers
 		}
 
 		[HttpGet]
+		[Authorize(Policy = "User")]
 		public async Task<IActionResult> GetById(Guid id)
 		{
 			ReadLanguageServiceModel languageServiceModel = await this._languageService.GetLanguageById(id);
diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs
index 50923d2..8b7344b 100644
--- a/src/DevHive.Web/Controllers/PostController.cs
+++ b/src/DevHive.Web/Controllers/PostController.cs
@@ -13,7 +13,6 @@ namespace DevHive.Web.Controllers
 {
 	[ApiController]
 	[Route("/api/[controller]")]
-	[Authorize(Roles = "User")]
 	public class PostController
 	{
 		private readonly IPostService _postService;
@@ -27,6 +26,7 @@ namespace DevHive.Web.Controllers
 
 		//Create
 		[HttpPost]
+		[Authorize(Roles = "User")]
 		public async Task<IActionResult> Create([FromBody] CreatePostWebModel createPostModel)
 		{
 			CreatePostServiceModel postServiceModel =
diff --git a/src/DevHive.Web/Controllers/RoleController.cs b/src/DevHive.Web/Controllers/RoleController.cs
index 227b877..0206542 100644
--- a/src/DevHive.Web/Controllers/RoleController.cs
+++ b/src/DevHive.Web/Controllers/RoleController.cs
@@ -5,12 +5,12 @@ using AutoMapper;
 using System;
 using DevHive.Services.Interfaces;
 using DevHive.Services.Models.Identity.Role;
+using Microsoft.AspNetCore.Authorization;
 
 namespace DevHive.Web.Controllers
 {
 	[ApiController]
 	[Route("/api/[controller]")]
-	//[Authorize(Roles = "Admin")]
 	public class RoleController
 	{
 		private readonly IRoleService _roleService;
@@ -23,20 +23,21 @@ namespace DevHive.Web.Controllers
 		}
 
 		[HttpPost]
+		[Authorize(Policy = "Administrator")]
 		public async Task<IActionResult> Create([FromBody] CreateRoleWebModel createRoleWebModel)
 		{
-			RoleServiceModel roleServiceModel =
-				this._roleMapper.Map<RoleServiceModel>(createRoleWebModel);
+			CreateRoleServiceModel roleServiceModel =
+				this._roleMapper.Map<CreateRoleServiceModel>(createRoleWebModel);
 
 			Guid id = await this._roleService.CreateRole(roleServiceModel);
 
 			return id == Guid.Empty ?
 				new BadRequestObjectResult($"Could not create role {createRoleWebModel.Name}") :
 				new OkObjectResult(new { Id = id });
-
 		}
 
 		[HttpGet]
+		[Authorize(Policy = "User")]
 		public async Task<IActionResult> GetById(Guid id)
 		{
 			RoleServiceModel roleServiceModel = await this._roleService.GetRoleById(id);
@@ -46,6 +47,7 @@ namespace DevHive.Web.Controllers
 		}
 
 		[HttpPut]
+		[Authorize(Policy = "Administrator")]
 		public async Task<IActionResult> Update(Guid id, [FromBody] UpdateRoleWebModel updateRoleWebModel)
 		{
 			UpdateRoleServiceModel updateRoleServiceModel =
@@ -61,6 +63,7 @@ namespace DevHive.Web.Controllers
 		}
 
 		[HttpDelete]
+		[Authorize(Policy = "Administrator")]
 		public async Task<IActionResult> Delete(Guid id)
 		{
 			bool result = await this._roleService.DeleteRole(id);
diff --git a/src/DevHive.Web/Controllers/TechnologyController.cs b/src/DevHive.Web/Controllers/TechnologyController.cs
index ba2ffdc..9c6c094 100644
--- a/src/DevHive.Web/Controllers/TechnologyController.cs
+++ b/src/DevHive.Web/Controllers/TechnologyController.cs
@@ -4,12 +4,14 @@ using AutoMapper;
 using DevHive.Services.Interfaces;
 using DevHive.Services.Models.Technology;
 using DevHive.Web.Models.Technology;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DevHive.Web.Controllers
 {
 	[ApiController]
 	[Route("/api/[controller]")]
+	[Authorize(Policy = "Administrator")]
 	public class TechnologyController
 	{
 		private readonly ITechnologyService _technologyService;
@@ -34,6 +36,7 @@ namespace DevHive.Web.Controllers
 		}
 
 		[HttpGet]
+		[Authorize(Policy = "User")]
 		public async Task<IActionResult> GetById(Guid id)
 		{
 			CreateTechnologyServiceModel createTechnologyServiceModel = await this._technologyService.GetTechnologyById(id);
diff --git a/src/DevHive.Web/Controllers/UserController.cs b/src/DevHive.Web/Controllers/UserController.cs
index fbbbbff..dd94089 100644
--- a/src/DevHive.Web/Controllers/UserController.cs
+++ b/src/DevHive.Web/Controllers/UserController.cs
@@ -7,15 +7,12 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using DevHive.Common.Models.Identity;
 using DevHive.Services.Interfaces;
-using Microsoft.AspNetCore.JsonPatch;
-using DevHive.Common.Models.Misc;
-using System.Collections.Generic;
 
 namespace DevHive.Web.Controllers
 {
 	[ApiController]
 	[Route("/api/[controller]")]
-	[Authorize(Roles = "User")]
+	[Authorize(Policy = "User")]
 	public class UserController : ControllerBase
 	{
 		private readonly IUserService _userService;
@@ -56,7 +53,6 @@ namespace DevHive.Web.Controllers
 		#endregion
 
 		#region Read
-
 		[HttpGet]
 		public async Task<IActionResult> GetById(Guid id, [FromHeader] string authorization)
 		{
@@ -71,7 +67,6 @@ namespace DevHive.Web.Controllers
 
 		[HttpGet]
 		[Route("GetUser")]
-		[AllowAnonymous]
 		public async Task<IActionResult> GetUser(string username)
 		{
 			UserServiceModel friendServiceModel = await this._userService.GetUserByUsername(username);
-- 
cgit v1.2.3