Added Role Policies

This commit is contained in:
Mia Rose Winter 2024-01-16 13:52:24 +01:00
parent ff6bb53689
commit 424cb19b54
Signed by: miawinter
GPG key ID: 4B6F6A83178F595E
4 changed files with 15 additions and 8 deletions

View file

@ -69,7 +69,7 @@
<NavLink ActiveClass="tab-active" class="tab" href="" Match="NavLinkMatch.All">Home</NavLink> <NavLink ActiveClass="tab-active" class="tab" href="" Match="NavLinkMatch.All">Home</NavLink>
<NavLink ActiveClass="tab-active" class="tab" href="weather">Weather</NavLink> <NavLink ActiveClass="tab-active" class="tab" href="weather">Weather</NavLink>
<NavLink ActiveClass="tab-active" class="tab" href="auth">Auth Required</NavLink> <NavLink ActiveClass="tab-active" class="tab" href="auth">Auth Required</NavLink>
<AuthorizeView> <AuthorizeView Policy="ArticleEditPermissions">
<Authorized> <Authorized>
<NavLink ActiveClass="tab-active" class="tab" href="article/new">New Article</NavLink> <NavLink ActiveClass="tab-active" class="tab" href="article/new">New Article</NavLink>
</Authorized> </Authorized>

View file

@ -7,7 +7,7 @@
@using Microsoft.AspNetCore.Authorization @using Microsoft.AspNetCore.Authorization
@using Microsoft.AspNetCore.Identity @using Microsoft.AspNetCore.Identity
@attribute [Authorize] @attribute [Authorize(Policy = "ArticleEditPermissions")]
@inject IDbContextFactory<ApplicationDbContext> ContextFactory; @inject IDbContextFactory<ApplicationDbContext> ContextFactory;
@inject NavigationManager Navigation @inject NavigationManager Navigation
@inject UserManager<ApplicationUser> UserManager @inject UserManager<ApplicationUser> UserManager

View file

@ -10,7 +10,7 @@
<PageTitle>Wave - @Article.Title</PageTitle> <PageTitle>Wave - @Article.Title</PageTitle>
<h1 class="text-3xl lg:text-5xl font-light">@Article.Title</h1> <h1 class="text-3xl lg:text-5xl font-light">@Article.Title</h1>
<AuthorizeView> <AuthorizeView Policy="ArticleEditPermissions">
<Authorized> <Authorized>
<a class="btn btn-info my-3" href="article/@Article.Id/edit">Edit</a> <a class="btn btn-info my-3" href="article/@Article.Id/edit">Edit</a>
</Authorized> </Authorized>

View file

@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Components.Authorization; using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Components.Forms;
using Microsoft.AspNetCore.Components.Server; using Microsoft.AspNetCore.Components.Server;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
@ -20,13 +21,19 @@
builder.Services.AddScoped<IdentityRedirectManager>(); builder.Services.AddScoped<IdentityRedirectManager>();
builder.Services.AddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>(); builder.Services.AddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();
builder.Services.AddAuthorization(); // Authors: Can create Articles, require them to be reviewed
builder.Services.AddAuthentication(options => // Reviewers: Can review Articles, but cannot create them themselves
{ // Moderators: Can delete Articles / take them Offline
// Admins: Can do anything, and assign roles to other users
builder.Services.AddAuthorizationBuilder()
.AddPolicy("ArticleEditPermissions", p => p.RequireRole("Author", "Admin"))
.AddPolicy("ArticleReviewPermissions", p => p.RequireRole("Reviewer", "Admin"))
.AddPolicy("ArticleDeletePermissions", p => p.RequireRole("Moderator", "Admin"))
.AddPolicy("RoleAssignPermissions", p => p.RequireRole("Admin"));
builder.Services.AddAuthentication(options => {
options.DefaultScheme = IdentityConstants.ApplicationScheme; options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme; options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
}) }).AddIdentityCookies();
.AddIdentityCookies();
#endregion #endregion