diff --git a/src/Api/Controllers/Business/BookQueryApiController.cs b/src/Api/Controllers/Business/BookQueryApiController.cs
index 6603d65b..ac1630e8 100644
--- a/src/Api/Controllers/Business/BookQueryApiController.cs
+++ b/src/Api/Controllers/Business/BookQueryApiController.cs
@@ -18,7 +18,7 @@ namespace Yavsc.Controllers
using Yavsc.Server.Helpers;
[Produces("application/json")]
- [Route("api/bookquery"), Authorize(Roles = "Performer,Administrator")]
+ [Route("api/bookquery"), Authorize("Performer")]
public class BookQueryApiController : Controller
{
private ApplicationDbContext _context;
diff --git a/src/Api/Controllers/Business/PerformersApiController.cs b/src/Api/Controllers/Business/PerformersApiController.cs
index 15372b95..b552eff3 100644
--- a/src/Api/Controllers/Business/PerformersApiController.cs
+++ b/src/Api/Controllers/Business/PerformersApiController.cs
@@ -28,7 +28,7 @@ namespace Yavsc.Controllers
///
///
///
- [Authorize(Roles="Performer"),HttpGet("{id}")]
+ [Authorize("Performer"),HttpGet("{id}")]
public IActionResult Get(string id)
{
var pfr = dbContext.Performers.Include(
diff --git a/src/Api/Controllers/accounting/ApplicationUserApiController.cs b/src/Api/Controllers/accounting/ApplicationUserApiController.cs
index b7c47221..11c70d60 100644
--- a/src/Api/Controllers/accounting/ApplicationUserApiController.cs
+++ b/src/Api/Controllers/accounting/ApplicationUserApiController.cs
@@ -12,7 +12,7 @@ using Yavsc.Server.Helpers;
namespace Yavsc.Controllers
{
- [Produces("application/json"),Authorize(Roles="Administrator")]
+ [Produces("application/json"),Authorize("AdministratorOnly")]
[Route("api/users")]
public class ApplicationUserApiController : Controller
{
diff --git a/src/Api/Program.cs b/src/Api/Program.cs
index e24380d9..a9d08352 100644
--- a/src/Api/Program.cs
+++ b/src/Api/Program.cs
@@ -13,6 +13,7 @@
using IdentityModel;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
+using Yavsc;
using Yavsc.Helpers;
using Yavsc.Interface;
using Yavsc.Models;
@@ -61,7 +62,7 @@ internal class Program
options.IncludeErrorDetails = true;
options.Authority = "https://localhost:5001";
options.TokenValidationParameters =
- new() { ValidateAudience = false, RoleClaimType = JwtClaimTypes.Role };
+ new() { ValidateAudience = false, RoleClaimType = Constants.RoleClaimType };
options.MapInboundClaims = true;
});
diff --git a/src/Yavsc.Abstract/Constants.cs b/src/Yavsc.Abstract/Constants.cs
index ca641ccc..caa0398c 100644
--- a/src/Yavsc.Abstract/Constants.cs
+++ b/src/Yavsc.Abstract/Constants.cs
@@ -54,5 +54,7 @@ namespace Yavsc
public const string LivePath = "/live/cast";
public const string StreamingPath = "/api/stream/put";
+
+ public static string RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
}
}
diff --git a/src/Yavsc.Server/Services/ProfileService.cs b/src/Yavsc.Server/Services/ProfileService.cs
index c2f7ded7..72a64736 100644
--- a/src/Yavsc.Server/Services/ProfileService.cs
+++ b/src/Yavsc.Server/Services/ProfileService.cs
@@ -43,7 +43,7 @@ namespace Yavsc.Services
claimAdds.Remove("profile");
claimAdds.Add(JwtClaimTypes.Name);
claimAdds.Add(JwtClaimTypes.Email);
- claimAdds.Add(JwtClaimTypes.Role);
+ claimAdds.Add(Constants.RoleClaimType);
}
if (claimAdds.Contains(JwtClaimTypes.Name))
@@ -52,12 +52,12 @@ namespace Yavsc.Services
if (claimAdds.Contains(JwtClaimTypes.Email))
claims.Add(new Claim(JwtClaimTypes.Email, user.Email));
- if (claimAdds.Contains(JwtClaimTypes.Role))
+ if (claimAdds.Contains(Constants.RoleClaimType))
{
var roles = await this._userManager.GetRolesAsync(user);
if (roles.Count()>0)
{
- claims.AddRange(roles.Select(r => new Claim(JwtClaimTypes.Role, r)));
+ claims.AddRange(roles.Select(r => new Claim(Constants.RoleClaimType, r)));
}
}
return claims;
diff --git a/src/Yavsc/Controllers/Accounting/AccountController.cs b/src/Yavsc/Controllers/Accounting/AccountController.cs
index e5f0ec78..eae468ea 100644
--- a/src/Yavsc/Controllers/Accounting/AccountController.cs
+++ b/src/Yavsc/Controllers/Accounting/AccountController.cs
@@ -403,7 +403,7 @@ namespace Yavsc.Controllers
}
- [Authorize(Roles = Constants.AdminGroupName)]
+ [Authorize("AdministratorOnly")]
public IActionResult Index()
{
IViewComponentHelper h;
@@ -411,7 +411,7 @@ namespace Yavsc.Controllers
return View();
}
- [Authorize(Roles = Constants.AdminGroupName)]
+ [Authorize("AdministratorOnly")]
[Route("Account/UserList/{pageNum}/{len?}")]
public async Task UserList(int pageNum, int pageLen = defaultLen)
{
diff --git a/src/Yavsc/Controllers/Administration/AdministrationController.cs b/src/Yavsc/Controllers/Administration/AdministrationController.cs
index c770ed05..3979dae5 100644
--- a/src/Yavsc/Controllers/Administration/AdministrationController.cs
+++ b/src/Yavsc/Controllers/Administration/AdministrationController.cs
@@ -93,7 +93,7 @@ namespace Yavsc.Controllers
return Ok(new { message = "you owned it." });
}
- [Authorize(Roles = Constants.AdminGroupName)]
+ [Authorize("AdministratorOnly")]
[Produces("application/json")]
public async Task Index()
{
diff --git a/src/Yavsc/Controllers/Administration/DatabaseController.cs b/src/Yavsc/Controllers/Administration/DatabaseController.cs
index 2474b708..f78c8f51 100644
--- a/src/Yavsc/Controllers/Administration/DatabaseController.cs
+++ b/src/Yavsc/Controllers/Administration/DatabaseController.cs
@@ -25,13 +25,13 @@ namespace Yavsc.Controllers
public IActionResult GetBlog()
{
var data = applicationDbContext.BlogSpot.ToArray();
- return Ok(JsonConvert.SerializeObject(data, Formatting.None));
+ return Ok(data);
}
public IActionResult GetUsers()
{
var data = applicationDbContext.Users.ToArray();
- return Ok(JsonConvert.SerializeObject(data, Formatting.None));
+ return Ok(data);
}
public IActionResult ImportUsers(String usersJson)
diff --git a/src/Yavsc/Controllers/Contracting/ActivityController.cs b/src/Yavsc/Controllers/Contracting/ActivityController.cs
index a147b5a5..1a177fcd 100644
--- a/src/Yavsc/Controllers/Contracting/ActivityController.cs
+++ b/src/Yavsc/Controllers/Contracting/ActivityController.cs
@@ -50,9 +50,8 @@ namespace Yavsc.Controllers
private List GetEligibleParent(string code)
{
// eligibles are those
- // who are not in descendants
+ // who are not in descendence
- //
var acts = _context.Activities.Where(
a => a.Code != code
).Select(a => new SelectListItem
@@ -68,13 +67,13 @@ namespace Yavsc.Controllers
var pi = acts.FirstOrDefault(i => i.Value == existing.ParentCode);
if (pi!=null) pi.Selected = true;
else nullItem.Selected = true;
- RecFilterChild(acts, existing);
+ RecursivelyFilterChild(acts, existing);
return acts;
}
///
/// Filters a activity selection list
- /// in order to exculde any descendant
+ /// in order to exclude any descendant
/// from the eligible list at the Parent property.
/// WARN! results in a infinite loop when
/// data is corrupted and there is a circularity
@@ -82,22 +81,19 @@ namespace Yavsc.Controllers
///
///
///
- private static void RecFilterChild(List list, Activity activity)
+ private static void RecursivelyFilterChild(List list, Activity activity)
{
if (activity == null) return;
if (activity.Children == null) return;
if (list.Count == 0) return;
foreach (var child in activity.Children)
{
- RecFilterChild(list, child);
+ RecursivelyFilterChild(list, child);
var rem = list.FirstOrDefault(i => i.Value == child.Code);
if (rem != null) list.Remove(rem);
}
}
-
-
-
// GET: Activity/Details/5
public IActionResult Details(string id)
{
diff --git a/src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs b/src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs
index 4d485558..baa7f060 100644
--- a/src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs
+++ b/src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs
@@ -7,7 +7,7 @@ using Yavsc.Server.Helpers;
namespace Yavsc.Controllers
{
- [Authorize(Roles="Administrator")]
+ [Authorize("AdministratorOnly")]
public class SIRENExceptionsController : Controller
{
private readonly ApplicationDbContext _context;
diff --git a/src/Yavsc/Controllers/Haircut/BrusherProfileController.cs b/src/Yavsc/Controllers/Haircut/BrusherProfileController.cs
index f63ac742..2cecc788 100644
--- a/src/Yavsc/Controllers/Haircut/BrusherProfileController.cs
+++ b/src/Yavsc/Controllers/Haircut/BrusherProfileController.cs
@@ -5,7 +5,7 @@ using Yavsc.Controllers.Generic;
namespace Yavsc.Controllers
{
- [Authorize(Roles="Performer")]
+ [Authorize("Performer")]
public class BrusherProfileController : SettingsController
{
public BrusherProfileController(ApplicationDbContext context) : base(context)
diff --git a/src/Yavsc/Extensions/HostingExtensions.cs b/src/Yavsc/Extensions/HostingExtensions.cs
index c5a69cdb..3e87fbe7 100644
--- a/src/Yavsc/Extensions/HostingExtensions.cs
+++ b/src/Yavsc/Extensions/HostingExtensions.cs
@@ -128,11 +128,10 @@ public static class HostingExtensions
{
options.SignIn.RequireConfirmedAccount = true;
options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.PreferredUserName;
- options.ClaimsIdentity.RoleClaimType = JwtClaimTypes.Role;
+ options.ClaimsIdentity.RoleClaimType = Constants.RoleClaimType;
}
)
.AddEntityFrameworkStores();
-
}
private static void AddYavscPolicies(IServiceCollection services)
@@ -144,17 +143,20 @@ public static class HostingExtensions
policy.RequireAuthenticatedUser()
.RequireClaim("scope", "scope2");
});
+
options.AddPolicy("Performer", policy =>
{
policy
.RequireAuthenticatedUser()
- .RequireClaim(JwtClaimTypes.Role, "Performer");
+ .RequireClaim(Constants.RoleClaimType,
+ new string[] {Constants.PerformerGroupName, Constants.AdminGroupName})
+ ;
});
options.AddPolicy("AdministratorOnly", policy =>
{
_ = policy
.RequireAuthenticatedUser()
- .RequireClaim(JwtClaimTypes.Role, Constants.AdminGroupName);
+ .RequireClaim(Constants.RoleClaimType, Constants.AdminGroupName);
});
options.AddPolicy("FrontOffice", policy => policy.RequireRole(Constants.FrontOfficeGroupName));
@@ -241,7 +243,12 @@ public static class HostingExtensions
.AddInMemoryApiScopes(Config.TestingApiScopes)
.AddAspNetIdentity();
-
+ builder.Services.Configure(options =>
+ {
+ options.ClaimsIdentity.UserIdClaimType = JwtClaimTypes.Subject;
+ options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.Name;
+ options.ClaimsIdentity.RoleClaimType = Constants.RoleClaimType;
+ });
if (builder.Environment.IsDevelopment())
{