paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authorizations
Some checks failed
Dotnet build and test / log-the-inputs (push) Failing after 2s
Details
Dotnet build and test / build (push) Failing after 2s
Details

Browse Source
This commit is contained in:
Paul Schneider
2025-08-18 11:27:13 +01:00
parent 541b891c3b
commit 1e568279ad
13 changed files with 34 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/Business/BookQueryApiController.cs
View File

@ -18,7 +18,7 @@ namespace Yavsc.Controllers
using Yavsc.Server.Helpers; using Yavsc.Server.Helpers;
[Produces("application/json")] [Produces("application/json")]
[Route("api/bookquery"), Authorize(Roles = "Performer,Administrator")] [Route("api/bookquery"), Authorize("Performer")]
public class BookQueryApiController : Controller public class BookQueryApiController : Controller
{ {
private ApplicationDbContext _context; private ApplicationDbContext _context;

2
src/Api/Controllers/Business/PerformersApiController.cs
View File

@ -28,7 +28,7 @@ namespace Yavsc.Controllers
/// </summary> /// </summary>
/// <param name="id"></param> /// <param name="id"></param>
/// <returns></returns> /// <returns></returns>
[Authorize(Roles="Performer"),HttpGet("{id}")] [Authorize("Performer"),HttpGet("{id}")]
public IActionResult Get(string id) public IActionResult Get(string id)
{ {
var pfr = dbContext.Performers.Include( var pfr = dbContext.Performers.Include(

2
src/Api/Controllers/accounting/ApplicationUserApiController.cs
View File

@ -12,7 +12,7 @@ using Yavsc.Server.Helpers;
namespace Yavsc.Controllers namespace Yavsc.Controllers
{ {
[Produces("application/json"),Authorize(Roles="Administrator")] [Produces("application/json"),Authorize("AdministratorOnly")]
[Route("api/users")] [Route("api/users")]
public class ApplicationUserApiController : Controller public class ApplicationUserApiController : Controller
{ {

3
src/Api/Program.cs
View File

@ -13,6 +13,7 @@
using IdentityModel; using IdentityModel;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Yavsc;
using Yavsc.Helpers; using Yavsc.Helpers;
using Yavsc.Interface; using Yavsc.Interface;
using Yavsc.Models; using Yavsc.Models;
@ -61,7 +62,7 @@ internal class Program
options.IncludeErrorDetails = true; options.IncludeErrorDetails = true;
options.Authority = "https://localhost:5001"; options.Authority = "https://localhost:5001";
options.TokenValidationParameters = options.TokenValidationParameters =
new() { ValidateAudience = false, RoleClaimType = JwtClaimTypes.Role }; new() { ValidateAudience = false, RoleClaimType = Constants.RoleClaimType };
options.MapInboundClaims = true; options.MapInboundClaims = true;
}); });

2
src/Yavsc.Abstract/Constants.cs
View File

@ -54,5 +54,7 @@ namespace Yavsc
public const string LivePath = "/live/cast"; public const string LivePath = "/live/cast";
public const string StreamingPath = "/api/stream/put"; public const string StreamingPath = "/api/stream/put";
public static string RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
} }
} }

6
src/Yavsc.Server/Services/ProfileService.cs
View File

@ -43,7 +43,7 @@ namespace Yavsc.Services
claimAdds.Remove("profile"); claimAdds.Remove("profile");
claimAdds.Add(JwtClaimTypes.Name); claimAdds.Add(JwtClaimTypes.Name);
claimAdds.Add(JwtClaimTypes.Email); claimAdds.Add(JwtClaimTypes.Email);
claimAdds.Add(JwtClaimTypes.Role); claimAdds.Add(Constants.RoleClaimType);
} }
if (claimAdds.Contains(JwtClaimTypes.Name)) if (claimAdds.Contains(JwtClaimTypes.Name))
@ -52,12 +52,12 @@ namespace Yavsc.Services
if (claimAdds.Contains(JwtClaimTypes.Email)) if (claimAdds.Contains(JwtClaimTypes.Email))
claims.Add(new Claim(JwtClaimTypes.Email, user.Email)); claims.Add(new Claim(JwtClaimTypes.Email, user.Email));
if (claimAdds.Contains(JwtClaimTypes.Role)) if (claimAdds.Contains(Constants.RoleClaimType))
{ {
var roles = await this._userManager.GetRolesAsync(user); var roles = await this._userManager.GetRolesAsync(user);
if (roles.Count()>0) if (roles.Count()>0)
{ {
claims.AddRange(roles.Select(r => new Claim(JwtClaimTypes.Role, r))); claims.AddRange(roles.Select(r => new Claim(Constants.RoleClaimType, r)));
} }
} }
return claims; return claims;

4
src/Yavsc/Controllers/Accounting/AccountController.cs
View File

@ -403,7 +403,7 @@ namespace Yavsc.Controllers
} }
[Authorize(Roles = Constants.AdminGroupName)] [Authorize("AdministratorOnly")]
public IActionResult Index() public IActionResult Index()
{ {
IViewComponentHelper h; IViewComponentHelper h;
@ -411,7 +411,7 @@ namespace Yavsc.Controllers
return View(); return View();
} }
[Authorize(Roles = Constants.AdminGroupName)] [Authorize("AdministratorOnly")]
[Route("Account/UserList/{pageNum}/{len?}")] [Route("Account/UserList/{pageNum}/{len?}")]
public async Task<IActionResult> UserList(int pageNum, int pageLen = defaultLen) public async Task<IActionResult> UserList(int pageNum, int pageLen = defaultLen)
{ {

2
src/Yavsc/Controllers/Administration/AdministrationController.cs
View File

@ -93,7 +93,7 @@ namespace Yavsc.Controllers
return Ok(new { message = "you owned it." }); return Ok(new { message = "you owned it." });
} }
[Authorize(Roles = Constants.AdminGroupName)] [Authorize("AdministratorOnly")]
[Produces("application/json")] [Produces("application/json")]
public async Task<IActionResult> Index() public async Task<IActionResult> Index()
{ {

4
src/Yavsc/Controllers/Administration/DatabaseController.cs
View File

@ -25,13 +25,13 @@ namespace Yavsc.Controllers
public IActionResult GetBlog() public IActionResult GetBlog()
{ {
var data = applicationDbContext.BlogSpot.ToArray(); var data = applicationDbContext.BlogSpot.ToArray();
return Ok(JsonConvert.SerializeObject(data, Formatting.None)); return Ok(data);
} }
public IActionResult GetUsers() public IActionResult GetUsers()
{ {
var data = applicationDbContext.Users.ToArray(); var data = applicationDbContext.Users.ToArray();
return Ok(JsonConvert.SerializeObject(data, Formatting.None)); return Ok(data);
} }
public IActionResult ImportUsers(String usersJson) public IActionResult ImportUsers(String usersJson)

14
src/Yavsc/Controllers/Contracting/ActivityController.cs
View File

@ -50,9 +50,8 @@ namespace Yavsc.Controllers
private List<SelectListItem> GetEligibleParent(string code) private List<SelectListItem> GetEligibleParent(string code)
{ {
// eligibles are those // eligibles are those
// who are not in descendants // who are not in descendence
//
var acts = _context.Activities.Where( var acts = _context.Activities.Where(
a => a.Code != code a => a.Code != code
).Select(a => new SelectListItem ).Select(a => new SelectListItem
@ -68,13 +67,13 @@ namespace Yavsc.Controllers
var pi = acts.FirstOrDefault(i => i.Value == existing.ParentCode); var pi = acts.FirstOrDefault(i => i.Value == existing.ParentCode);
if (pi!=null) pi.Selected = true; if (pi!=null) pi.Selected = true;
else nullItem.Selected = true; else nullItem.Selected = true;
RecFilterChild(acts, existing); RecursivelyFilterChild(acts, existing);
return acts; return acts;
} }
/// <summary> /// <summary>
/// Filters a activity selection list /// Filters a activity selection list
/// in order to exculde any descendant /// in order to exclude any descendant
/// from the eligible list at the <c>Parent</c> property. /// from the eligible list at the <c>Parent</c> property.
/// WARN! results in a infinite loop when /// WARN! results in a infinite loop when
/// data is corrupted and there is a circularity /// data is corrupted and there is a circularity
@ -82,22 +81,19 @@ namespace Yavsc.Controllers
/// </summary> /// </summary>
/// <param name="list"></param> /// <param name="list"></param>
/// <param name="activity"></param> /// <param name="activity"></param>
private static void RecFilterChild(List<SelectListItem> list, Activity activity) private static void RecursivelyFilterChild(List<SelectListItem> list, Activity activity)
{ {
if (activity == null) return; if (activity == null) return;
if (activity.Children == null) return; if (activity.Children == null) return;
if (list.Count == 0) return; if (list.Count == 0) return;
foreach (var child in activity.Children) foreach (var child in activity.Children)
{ {
RecFilterChild(list, child); RecursivelyFilterChild(list, child);
var rem = list.FirstOrDefault(i => i.Value == child.Code); var rem = list.FirstOrDefault(i => i.Value == child.Code);
if (rem != null) list.Remove(rem); if (rem != null) list.Remove(rem);
} }
} }
// GET: Activity/Details/5 // GET: Activity/Details/5
public IActionResult Details(string id) public IActionResult Details(string id)
{ {

2
src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs
View File

@ -7,7 +7,7 @@ using Yavsc.Server.Helpers;
namespace Yavsc.Controllers namespace Yavsc.Controllers
{ {
[Authorize(Roles="Administrator")] [Authorize("AdministratorOnly")]
public class SIRENExceptionsController : Controller public class SIRENExceptionsController : Controller
{ {
private readonly ApplicationDbContext _context; private readonly ApplicationDbContext _context;

2
src/Yavsc/Controllers/Haircut/BrusherProfileController.cs
View File

@ -5,7 +5,7 @@ using Yavsc.Controllers.Generic;
namespace Yavsc.Controllers namespace Yavsc.Controllers
{ {
[Authorize(Roles="Performer")] [Authorize("Performer")]
public class BrusherProfileController : SettingsController<BrusherProfile> public class BrusherProfileController : SettingsController<BrusherProfile>
{ {
public BrusherProfileController(ApplicationDbContext context) : base(context) public BrusherProfileController(ApplicationDbContext context) : base(context)

17
src/Yavsc/Extensions/HostingExtensions.cs
View File

@ -128,11 +128,10 @@ public static class HostingExtensions
{ {
options.SignIn.RequireConfirmedAccount = true; options.SignIn.RequireConfirmedAccount = true;
options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.PreferredUserName; options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.PreferredUserName;
options.ClaimsIdentity.RoleClaimType = JwtClaimTypes.Role; options.ClaimsIdentity.RoleClaimType = Constants.RoleClaimType;
} }
) )
.AddEntityFrameworkStores<ApplicationDbContext>(); .AddEntityFrameworkStores<ApplicationDbContext>();
} }
private static void AddYavscPolicies(IServiceCollection services) private static void AddYavscPolicies(IServiceCollection services)
@ -144,17 +143,20 @@ public static class HostingExtensions
policy.RequireAuthenticatedUser() policy.RequireAuthenticatedUser()
.RequireClaim("scope", "scope2"); .RequireClaim("scope", "scope2");
}); });
options.AddPolicy("Performer", policy => options.AddPolicy("Performer", policy =>
{ {
policy policy
.RequireAuthenticatedUser() .RequireAuthenticatedUser()
.RequireClaim(JwtClaimTypes.Role, "Performer"); .RequireClaim(Constants.RoleClaimType,
new string[] {Constants.PerformerGroupName, Constants.AdminGroupName})
;
}); });
options.AddPolicy("AdministratorOnly", policy => options.AddPolicy("AdministratorOnly", policy =>
{ {
_ = policy _ = policy
.RequireAuthenticatedUser() .RequireAuthenticatedUser()
.RequireClaim(JwtClaimTypes.Role, Constants.AdminGroupName); .RequireClaim(Constants.RoleClaimType, Constants.AdminGroupName);
}); });
options.AddPolicy("FrontOffice", policy => policy.RequireRole(Constants.FrontOfficeGroupName)); options.AddPolicy("FrontOffice", policy => policy.RequireRole(Constants.FrontOfficeGroupName));
@ -241,7 +243,12 @@ public static class HostingExtensions
.AddInMemoryApiScopes(Config.TestingApiScopes) .AddInMemoryApiScopes(Config.TestingApiScopes)
.AddAspNetIdentity<ApplicationUser>(); .AddAspNetIdentity<ApplicationUser>();
builder.Services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserIdClaimType = JwtClaimTypes.Subject;
options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.Name;
options.ClaimsIdentity.RoleClaimType = Constants.RoleClaimType;
});
if (builder.Environment.IsDevelopment()) if (builder.Environment.IsDevelopment())
{ {