From 1f8d51c5393ea2f413de4f3e05f77d360d096ff3 Mon Sep 17 00:00:00 2001 From: transtrike Date: Sat, 23 Jan 2021 16:01:05 +0200 Subject: The beginning of role based authorization --- src/DevHive.Web/Controllers/LanguageController.cs | 3 +++ src/DevHive.Web/Controllers/PostController.cs | 2 +- src/DevHive.Web/Controllers/RoleController.cs | 11 +++++++---- src/DevHive.Web/Controllers/TechnologyController.cs | 3 +++ src/DevHive.Web/Controllers/UserController.cs | 7 +------ 5 files changed, 15 insertions(+), 11 deletions(-) (limited to 'src/DevHive.Web/Controllers') diff --git a/src/DevHive.Web/Controllers/LanguageController.cs b/src/DevHive.Web/Controllers/LanguageController.cs index e2d0dec..c0c5fd1 100644 --- a/src/DevHive.Web/Controllers/LanguageController.cs +++ b/src/DevHive.Web/Controllers/LanguageController.cs @@ -4,12 +4,14 @@ using AutoMapper; using DevHive.Services.Interfaces; using DevHive.Services.Models.Language; using DevHive.Web.Models.Language; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] + [Authorize(Policy = "Administrator")] public class LanguageController { private readonly ILanguageService _languageService; @@ -34,6 +36,7 @@ namespace DevHive.Web.Controllers } [HttpGet] + [Authorize(Policy = "User")] public async Task GetById(Guid id) { ReadLanguageServiceModel languageServiceModel = await this._languageService.GetLanguageById(id); diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs index 50923d2..8b7344b 100644 --- a/src/DevHive.Web/Controllers/PostController.cs +++ b/src/DevHive.Web/Controllers/PostController.cs @@ -13,7 +13,6 @@ namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - [Authorize(Roles = "User")] public class PostController { private readonly IPostService _postService; @@ -27,6 +26,7 @@ namespace DevHive.Web.Controllers //Create [HttpPost] + [Authorize(Roles = "User")] public async Task Create([FromBody] CreatePostWebModel createPostModel) { CreatePostServiceModel postServiceModel = diff --git a/src/DevHive.Web/Controllers/RoleController.cs b/src/DevHive.Web/Controllers/RoleController.cs index 227b877..0206542 100644 --- a/src/DevHive.Web/Controllers/RoleController.cs +++ b/src/DevHive.Web/Controllers/RoleController.cs @@ -5,12 +5,12 @@ using AutoMapper; using System; using DevHive.Services.Interfaces; using DevHive.Services.Models.Identity.Role; +using Microsoft.AspNetCore.Authorization; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - //[Authorize(Roles = "Admin")] public class RoleController { private readonly IRoleService _roleService; @@ -23,20 +23,21 @@ namespace DevHive.Web.Controllers } [HttpPost] + [Authorize(Policy = "Administrator")] public async Task Create([FromBody] CreateRoleWebModel createRoleWebModel) { - RoleServiceModel roleServiceModel = - this._roleMapper.Map(createRoleWebModel); + CreateRoleServiceModel roleServiceModel = + this._roleMapper.Map(createRoleWebModel); Guid id = await this._roleService.CreateRole(roleServiceModel); return id == Guid.Empty ? new BadRequestObjectResult($"Could not create role {createRoleWebModel.Name}") : new OkObjectResult(new { Id = id }); - } [HttpGet] + [Authorize(Policy = "User")] public async Task GetById(Guid id) { RoleServiceModel roleServiceModel = await this._roleService.GetRoleById(id); @@ -46,6 +47,7 @@ namespace DevHive.Web.Controllers } [HttpPut] + [Authorize(Policy = "Administrator")] public async Task Update(Guid id, [FromBody] UpdateRoleWebModel updateRoleWebModel) { UpdateRoleServiceModel updateRoleServiceModel = @@ -61,6 +63,7 @@ namespace DevHive.Web.Controllers } [HttpDelete] + [Authorize(Policy = "Administrator")] public async Task Delete(Guid id) { bool result = await this._roleService.DeleteRole(id); diff --git a/src/DevHive.Web/Controllers/TechnologyController.cs b/src/DevHive.Web/Controllers/TechnologyController.cs index ba2ffdc..9c6c094 100644 --- a/src/DevHive.Web/Controllers/TechnologyController.cs +++ b/src/DevHive.Web/Controllers/TechnologyController.cs @@ -4,12 +4,14 @@ using AutoMapper; using DevHive.Services.Interfaces; using DevHive.Services.Models.Technology; using DevHive.Web.Models.Technology; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] + [Authorize(Policy = "Administrator")] public class TechnologyController { private readonly ITechnologyService _technologyService; @@ -34,6 +36,7 @@ namespace DevHive.Web.Controllers } [HttpGet] + [Authorize(Policy = "User")] public async Task GetById(Guid id) { CreateTechnologyServiceModel createTechnologyServiceModel = await this._technologyService.GetTechnologyById(id); diff --git a/src/DevHive.Web/Controllers/UserController.cs b/src/DevHive.Web/Controllers/UserController.cs index fbbbbff..dd94089 100644 --- a/src/DevHive.Web/Controllers/UserController.cs +++ b/src/DevHive.Web/Controllers/UserController.cs @@ -7,15 +7,12 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using DevHive.Common.Models.Identity; using DevHive.Services.Interfaces; -using Microsoft.AspNetCore.JsonPatch; -using DevHive.Common.Models.Misc; -using System.Collections.Generic; namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - [Authorize(Roles = "User")] + [Authorize(Policy = "User")] public class UserController : ControllerBase { private readonly IUserService _userService; @@ -56,7 +53,6 @@ namespace DevHive.Web.Controllers #endregion #region Read - [HttpGet] public async Task GetById(Guid id, [FromHeader] string authorization) { @@ -71,7 +67,6 @@ namespace DevHive.Web.Controllers [HttpGet] [Route("GetUser")] - [AllowAnonymous] public async Task GetUser(string username) { UserServiceModel friendServiceModel = await this._userService.GetUserByUsername(username); -- cgit v1.2.3