diff --git a/Wave/Components/Layout/NavMenu.razor b/Wave/Components/Layout/NavMenu.razor
index 2460ac4..b7104bb 100644
--- a/Wave/Components/Layout/NavMenu.razor
+++ b/Wave/Components/Layout/NavMenu.razor
@@ -69,7 +69,7 @@
Home
Weather
Auth Required
-
+
New Article
diff --git a/Wave/Components/Pages/ArticleEditor.razor b/Wave/Components/Pages/ArticleEditor.razor
index 5043241..f23f4fc 100644
--- a/Wave/Components/Pages/ArticleEditor.razor
+++ b/Wave/Components/Pages/ArticleEditor.razor
@@ -7,7 +7,7 @@
@using Microsoft.AspNetCore.Authorization
@using Microsoft.AspNetCore.Identity
-@attribute [Authorize]
+@attribute [Authorize(Policy = "ArticleEditPermissions")]
@inject IDbContextFactory ContextFactory;
@inject NavigationManager Navigation
@inject UserManager UserManager
diff --git a/Wave/Components/Pages/ArticleView.razor b/Wave/Components/Pages/ArticleView.razor
index 31b3914..dffe03e 100644
--- a/Wave/Components/Pages/ArticleView.razor
+++ b/Wave/Components/Pages/ArticleView.razor
@@ -10,7 +10,7 @@
Wave - @Article.Title
@Article.Title
-
+
Edit
diff --git a/Wave/Program.cs b/Wave/Program.cs
index e5ff8ad..d6f9417 100644
--- a/Wave/Program.cs
+++ b/Wave/Program.cs
@@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.AspNetCore.Components.Forms;
using Microsoft.AspNetCore.Components.Server;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
@@ -20,13 +21,19 @@
builder.Services.AddScoped();
builder.Services.AddScoped();
-builder.Services.AddAuthorization();
-builder.Services.AddAuthentication(options =>
- {
+// Authors: Can create Articles, require them to be reviewed
+// Reviewers: Can review Articles, but cannot create them themselves
+// Moderators: Can delete Articles / take them Offline
+// Admins: Can do anything, and assign roles to other users
+builder.Services.AddAuthorizationBuilder()
+ .AddPolicy("ArticleEditPermissions", p => p.RequireRole("Author", "Admin"))
+ .AddPolicy("ArticleReviewPermissions", p => p.RequireRole("Reviewer", "Admin"))
+ .AddPolicy("ArticleDeletePermissions", p => p.RequireRole("Moderator", "Admin"))
+ .AddPolicy("RoleAssignPermissions", p => p.RequireRole("Admin"));
+builder.Services.AddAuthentication(options => {
options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
- })
- .AddIdentityCookies();
+ }).AddIdentityCookies();
#endregion