Added Role Policies

2024-01-16 13:52:24 +01:00 · 2024-01-16 13:52:24 +01:00 · 424cb19b54
parent ff6bb53689
commit 424cb19b54
4 changed files with 15 additions and 8 deletions
--- a/Wave/Components/Layout/NavMenu.razor
+++ b/Wave/Components/Layout/NavMenu.razor
@ -69,7 +69,7 @@
            <NavLink ActiveClass="tab-active" class="tab" href="" Match="NavLinkMatch.All">Home</NavLink>
 			<NavLink ActiveClass="tab-active" class="tab" href="weather">Weather</NavLink>
            <NavLink ActiveClass="tab-active" class="tab" href="auth">Auth Required</NavLink>
-            <AuthorizeView>
+            <AuthorizeView Policy="ArticleEditPermissions">
                <Authorized>
                    <NavLink ActiveClass="tab-active" class="tab" href="article/new">New Article</NavLink>
                </Authorized>
--- a/Wave/Components/Pages/ArticleEditor.razor
+++ b/Wave/Components/Pages/ArticleEditor.razor
@ -7,7 +7,7 @@
@using Microsoft.AspNetCore.Authorization
@using Microsoft.AspNetCore.Identity
-@attribute [Authorize]
+@attribute [Authorize(Policy = "ArticleEditPermissions")]
@inject IDbContextFactory<ApplicationDbContext> ContextFactory;
@inject NavigationManager Navigation
@inject UserManager<ApplicationUser> UserManager
--- a/Wave/Components/Pages/ArticleView.razor
+++ b/Wave/Components/Pages/ArticleView.razor
@ -10,7 +10,7 @@
 <PageTitle>Wave - @Article.Title</PageTitle>
 <h1 class="text-3xl lg:text-5xl font-light">@Article.Title</h1>
-<AuthorizeView>
+<AuthorizeView Policy="ArticleEditPermissions">
    <Authorized>
        <a class="btn btn-info my-3" href="article/@Article.Id/edit">Edit</a>
    </Authorized>
--- a/Wave/Program.cs
+++ b/Wave/Program.cs
@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Forms;
 using Microsoft.AspNetCore.Components.Server;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
@ -20,13 +21,19 @@
 builder.Services.AddScoped<IdentityRedirectManager>();
 builder.Services.AddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();
-builder.Services.AddAuthorization();
+// Authors: Can create Articles, require them to be reviewed
-builder.Services.AddAuthentication(options =>
+// Reviewers: Can review Articles, but cannot create them themselves
-    {
+// Moderators: Can delete Articles / take them Offline
 // Admins: Can do anything, and assign roles to other users
 builder.Services.AddAuthorizationBuilder()
    .AddPolicy("ArticleEditPermissions", p => p.RequireRole("Author", "Admin"))
    .AddPolicy("ArticleReviewPermissions", p => p.RequireRole("Reviewer", "Admin"))
    .AddPolicy("ArticleDeletePermissions", p => p.RequireRole("Moderator", "Admin"))
    .AddPolicy("RoleAssignPermissions", p => p.RequireRole("Admin"));
 builder.Services.AddAuthentication(options => {
        options.DefaultScheme = IdentityConstants.ApplicationScheme;
        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
-    })
+    }).AddIdentityCookies();
    .AddIdentityCookies();
 #endregion