From 424cb19b54002f2ff3b045b8a04afd2fdb6fb8b9 Mon Sep 17 00:00:00 2001
From: Mia Winter <mia@miawinter.de>
Date: Tue, 16 Jan 2024 13:52:24 +0100
Subject: [PATCH] Added Role Policies

---
 Wave/Components/Layout/NavMenu.razor      |  2 +-
 Wave/Components/Pages/ArticleEditor.razor |  2 +-
 Wave/Components/Pages/ArticleView.razor   |  2 +-
 Wave/Program.cs                           | 17 ++++++++++++-----
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/Wave/Components/Layout/NavMenu.razor b/Wave/Components/Layout/NavMenu.razor
index 2460ac4..b7104bb 100644
--- a/Wave/Components/Layout/NavMenu.razor
+++ b/Wave/Components/Layout/NavMenu.razor
@@ -69,7 +69,7 @@
             <NavLink ActiveClass="tab-active" class="tab" href="" Match="NavLinkMatch.All">Home</NavLink>
 			<NavLink ActiveClass="tab-active" class="tab" href="weather">Weather</NavLink>
             <NavLink ActiveClass="tab-active" class="tab" href="auth">Auth Required</NavLink>
-            <AuthorizeView>
+            <AuthorizeView Policy="ArticleEditPermissions">
                 <Authorized>
                     <NavLink ActiveClass="tab-active" class="tab" href="article/new">New Article</NavLink>
                 </Authorized>
diff --git a/Wave/Components/Pages/ArticleEditor.razor b/Wave/Components/Pages/ArticleEditor.razor
index 5043241..f23f4fc 100644
--- a/Wave/Components/Pages/ArticleEditor.razor
+++ b/Wave/Components/Pages/ArticleEditor.razor
@@ -7,7 +7,7 @@
 @using Microsoft.AspNetCore.Authorization
 @using Microsoft.AspNetCore.Identity
 
-@attribute [Authorize]
+@attribute [Authorize(Policy = "ArticleEditPermissions")]
 @inject IDbContextFactory<ApplicationDbContext> ContextFactory;
 @inject NavigationManager Navigation
 @inject UserManager<ApplicationUser> UserManager
diff --git a/Wave/Components/Pages/ArticleView.razor b/Wave/Components/Pages/ArticleView.razor
index 31b3914..dffe03e 100644
--- a/Wave/Components/Pages/ArticleView.razor
+++ b/Wave/Components/Pages/ArticleView.razor
@@ -10,7 +10,7 @@
 <PageTitle>Wave - @Article.Title</PageTitle>
 
 <h1 class="text-3xl lg:text-5xl font-light">@Article.Title</h1>
-<AuthorizeView>
+<AuthorizeView Policy="ArticleEditPermissions">
     <Authorized>
         <a class="btn btn-info my-3" href="article/@Article.Id/edit">Edit</a>
     </Authorized>
diff --git a/Wave/Program.cs b/Wave/Program.cs
index e5ff8ad..d6f9417 100644
--- a/Wave/Program.cs
+++ b/Wave/Program.cs
@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.AspNetCore.Components.Forms;
 using Microsoft.AspNetCore.Components.Server;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
@@ -20,13 +21,19 @@
 builder.Services.AddScoped<IdentityRedirectManager>();
 builder.Services.AddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();
 
-builder.Services.AddAuthorization();
-builder.Services.AddAuthentication(options =>
-    {
+// Authors: Can create Articles, require them to be reviewed
+// Reviewers: Can review Articles, but cannot create them themselves
+// Moderators: Can delete Articles / take them Offline
+// Admins: Can do anything, and assign roles to other users
+builder.Services.AddAuthorizationBuilder()
+    .AddPolicy("ArticleEditPermissions", p => p.RequireRole("Author", "Admin"))
+    .AddPolicy("ArticleReviewPermissions", p => p.RequireRole("Reviewer", "Admin"))
+    .AddPolicy("ArticleDeletePermissions", p => p.RequireRole("Moderator", "Admin"))
+    .AddPolicy("RoleAssignPermissions", p => p.RequireRole("Admin"));
+builder.Services.AddAuthentication(options => {
         options.DefaultScheme = IdentityConstants.ApplicationScheme;
         options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
-    })
-    .AddIdentityCookies();
+    }).AddIdentityCookies();
 
 #endregion