User roles
This commit is contained in:
@@ -53,10 +53,13 @@ public static class AuthEndpoints
|
||||
new(ClaimTypes.Name, authenticatedUser.Username),
|
||||
new("username", authenticatedUser.Username),
|
||||
new("display_name", authenticatedUser.DisplayName),
|
||||
new("is_admin", authenticatedUser.IsAdmin ? "true" : "false"),
|
||||
new("scope", "openhours:write")
|
||||
};
|
||||
|
||||
foreach (var role in authenticatedUser.Roles)
|
||||
{
|
||||
claims.Add(new Claim(ClaimTypes.Role, role));
|
||||
}
|
||||
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: options.Issuer,
|
||||
audience: options.Audience,
|
||||
@@ -71,7 +74,7 @@ public static class AuthEndpoints
|
||||
AccessToken = tokenValue,
|
||||
Username = authenticatedUser.Username,
|
||||
DisplayName = authenticatedUser.DisplayName,
|
||||
IsAdmin = authenticatedUser.IsAdmin,
|
||||
Roles = authenticatedUser.Roles,
|
||||
TokenType = "Bearer",
|
||||
ExpiresIn = 43200
|
||||
});
|
||||
|
||||
@@ -2,7 +2,7 @@ public static class LokEndpoints
|
||||
{
|
||||
public static void MapLokEndpoints(WebApplication app)
|
||||
{
|
||||
var createLokOpenHoursEndpoint = app.MapPost("/lok/open-hours", async (HttpContext httpContext) =>
|
||||
app.MapPost("/lok/open-hours", async (HttpContext httpContext) =>
|
||||
{
|
||||
var lokService = httpContext.RequestServices.GetRequiredService<LokService>();
|
||||
var openHours = await httpContext.Request.ReadFromJsonAsync<LokOpenHours>();
|
||||
@@ -33,13 +33,9 @@ public static class LokEndpoints
|
||||
await httpContext.Response.WriteAsJsonAsync(createdOpenHours);
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("HasLokRole")
|
||||
.WithName("CreateLokOpenHours");
|
||||
|
||||
if (!app.Environment.IsDevelopment())
|
||||
{
|
||||
createLokOpenHoursEndpoint.RequireAuthorization("OpenHoursWrite");
|
||||
}
|
||||
|
||||
app.MapGet("/lok/open-hours", async (HttpContext httpContext) =>
|
||||
{
|
||||
var lokService = httpContext.RequestServices.GetRequiredService<LokService>();
|
||||
@@ -60,7 +56,7 @@ public static class LokEndpoints
|
||||
.RequireCors("PublicReadCors")
|
||||
.WithName("GetLokOpenHours");
|
||||
|
||||
var deleteLokOpenHoursEndpoint = app.MapDelete("/lok/open-hours/{id:long}", async (HttpContext httpContext, long id) =>
|
||||
app.MapDelete("/lok/open-hours/{id:long}", async (HttpContext httpContext, long id) =>
|
||||
{
|
||||
var lokService = httpContext.RequestServices.GetRequiredService<LokService>();
|
||||
var deleted = await lokService.DeleteOpenHours(id);
|
||||
@@ -78,14 +74,10 @@ public static class LokEndpoints
|
||||
httpContext.Response.StatusCode = StatusCodes.Status204NoContent;
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("HasLokRole")
|
||||
.WithName("DeleteLokOpenHours");
|
||||
|
||||
if (!app.Environment.IsDevelopment())
|
||||
{
|
||||
deleteLokOpenHoursEndpoint.RequireAuthorization("OpenHoursWrite");
|
||||
}
|
||||
|
||||
var updateLokOpenHoursEndpoint = app.MapPut("/lok/open-hours/{id:long}", async (HttpContext httpContext, long id) =>
|
||||
app.MapPut("/lok/open-hours/{id:long}", async (HttpContext httpContext, long id) =>
|
||||
{
|
||||
var lokService = httpContext.RequestServices.GetRequiredService<LokService>();
|
||||
var openHours = await httpContext.Request.ReadFromJsonAsync<LokOpenHours>();
|
||||
@@ -125,14 +117,10 @@ public static class LokEndpoints
|
||||
await httpContext.Response.WriteAsJsonAsync(updatedOpenHours);
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("HasLokRole")
|
||||
.WithName("UpdateLokOpenHours");
|
||||
|
||||
if (!app.Environment.IsDevelopment())
|
||||
{
|
||||
updateLokOpenHoursEndpoint.RequireAuthorization("OpenHoursWrite");
|
||||
}
|
||||
|
||||
var setActiveLokOpenHoursEndpoint = app.MapPut("/lok/open-hours/{id:long}/active", async (HttpContext httpContext, long id) =>
|
||||
app.MapPut("/lok/open-hours/{id:long}/active", async (HttpContext httpContext, long id) =>
|
||||
{
|
||||
var lokService = httpContext.RequestServices.GetRequiredService<LokService>();
|
||||
var activated = await lokService.SetActiveOpenHours(id);
|
||||
@@ -154,11 +142,7 @@ public static class LokEndpoints
|
||||
});
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("HasLokRole")
|
||||
.WithName("SetActiveLokOpenHours");
|
||||
|
||||
if (!app.Environment.IsDevelopment())
|
||||
{
|
||||
setActiveLokOpenHoursEndpoint.RequireAuthorization("OpenHoursWrite");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -11,7 +11,7 @@ public static class UserEndpoints
|
||||
await httpContext.Response.WriteAsJsonAsync(users);
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("AdminOnly")
|
||||
.RequireAuthorization("HasAdminRole")
|
||||
.WithName("GetUsers");
|
||||
|
||||
app.MapPost("/users", async (HttpContext httpContext) =>
|
||||
@@ -56,7 +56,7 @@ public static class UserEndpoints
|
||||
}
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("AdminOnly")
|
||||
.RequireAuthorization("HasAdminRole")
|
||||
.WithName("CreateUser");
|
||||
|
||||
app.MapPut("/users/{username}", async (HttpContext httpContext, string username) =>
|
||||
@@ -97,9 +97,9 @@ public static class UserEndpoints
|
||||
return;
|
||||
}
|
||||
|
||||
var adminCount = await userService.GetAdminCount();
|
||||
var adminCount = await userService.GetUsersWithRoleCount(AppRoles.Admin);
|
||||
|
||||
if (existingUser.IsAdmin && !request.IsAdmin && adminCount <= 1)
|
||||
if (existingUser.Roles.Contains(AppRoles.Admin) && !request.Roles.Contains(AppRoles.Admin) && adminCount <= 1)
|
||||
{
|
||||
httpContext.Response.StatusCode = StatusCodes.Status400BadRequest;
|
||||
await httpContext.Response.WriteAsJsonAsync(new
|
||||
@@ -124,7 +124,7 @@ public static class UserEndpoints
|
||||
await httpContext.Response.WriteAsJsonAsync(updatedUser);
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("AdminOnly")
|
||||
.RequireAuthorization("HasAdminRole")
|
||||
.WithName("UpdateUser");
|
||||
|
||||
app.MapDelete("/users/{username}", async (HttpContext httpContext, string username) =>
|
||||
@@ -154,8 +154,8 @@ public static class UserEndpoints
|
||||
return;
|
||||
}
|
||||
|
||||
var adminCount = await userService.GetAdminCount();
|
||||
if (existingUser.IsAdmin && adminCount <= 1)
|
||||
var adminCount = await userService.GetUsersWithRoleCount(AppRoles.Admin);
|
||||
if (existingUser.Roles.Contains(AppRoles.Admin) && adminCount <= 1)
|
||||
{
|
||||
httpContext.Response.StatusCode = StatusCodes.Status400BadRequest;
|
||||
await httpContext.Response.WriteAsJsonAsync(new
|
||||
@@ -180,7 +180,7 @@ public static class UserEndpoints
|
||||
httpContext.Response.StatusCode = StatusCodes.Status204NoContent;
|
||||
})
|
||||
.RequireCors("FrontendWriteCors")
|
||||
.RequireAuthorization("AdminOnly")
|
||||
.RequireAuthorization("HasAdminRole")
|
||||
.WithName("DeleteUser");
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user