Authorizations

src/Api/Controllers/Business/BookQueryApiController.cs

@@ -18,7 +18,7 @@ namespace Yavsc.Controllers
     using Yavsc.Server.Helpers;
 
     [Produces("application/json")]
-    [Route("api/bookquery"), Authorize(Roles = "Performer,Administrator")]
+    [Route("api/bookquery"), Authorize("Performer")]
     public class BookQueryApiController : Controller
     {
         private ApplicationDbContext _context;

src/Api/Controllers/Business/PerformersApiController.cs

@@ -28,7 +28,7 @@ namespace Yavsc.Controllers
         /// </summary>
         /// <param name="id"></param>
         /// <returns></returns>
-        [Authorize(Roles="Performer"),HttpGet("{id}")]
+        [Authorize("Performer"),HttpGet("{id}")]
         public IActionResult Get(string id)
         {
             var pfr = dbContext.Performers.Include(

src/Api/Controllers/accounting/ApplicationUserApiController.cs

@@ -12,7 +12,7 @@ using Yavsc.Server.Helpers;
 
 namespace Yavsc.Controllers
 {
-    [Produces("application/json"),Authorize(Roles="Administrator")]
+    [Produces("application/json"),Authorize("AdministratorOnly")]
     [Route("api/users")]
     public class ApplicationUserApiController : Controller
     {

src/Api/Program.cs

@@ -13,6 +13,7 @@
 using IdentityModel;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using Yavsc;
 using Yavsc.Helpers;
 using Yavsc.Interface;
 using Yavsc.Models;
@@ -61,7 +62,7 @@ internal class Program
                      options.IncludeErrorDetails = true;
                      options.Authority = "https://localhost:5001";
                      options.TokenValidationParameters =
-                         new() { ValidateAudience = false, RoleClaimType = JwtClaimTypes.Role };
+                         new() { ValidateAudience = false, RoleClaimType = Constants.RoleClaimType };
                      options.MapInboundClaims = true;
                  });
 

src/Yavsc.Abstract/Constants.cs

@@ -54,5 +54,7 @@ namespace Yavsc
         public const string LivePath = "/live/cast";
 
         public const string StreamingPath = "/api/stream/put";
+
+        public static string RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
     }
 }

src/Yavsc.Server/Services/ProfileService.cs

@@ -43,7 +43,7 @@ namespace Yavsc.Services
                 claimAdds.Remove("profile");
                 claimAdds.Add(JwtClaimTypes.Name);
                 claimAdds.Add(JwtClaimTypes.Email);
-                claimAdds.Add(JwtClaimTypes.Role);
+                claimAdds.Add(Constants.RoleClaimType);
             }
 
             if (claimAdds.Contains(JwtClaimTypes.Name))
@@ -52,12 +52,12 @@ namespace Yavsc.Services
             if (claimAdds.Contains(JwtClaimTypes.Email))
                 claims.Add(new Claim(JwtClaimTypes.Email, user.Email));
             
-            if (claimAdds.Contains(JwtClaimTypes.Role))
+            if (claimAdds.Contains(Constants.RoleClaimType))
             {
                 var roles = await this._userManager.GetRolesAsync(user);
                 if (roles.Count()>0)
                 {
-                    claims.AddRange(roles.Select(r => new Claim(JwtClaimTypes.Role, r)));
+                    claims.AddRange(roles.Select(r => new Claim(Constants.RoleClaimType, r)));
                 }
             }
             return claims;

src/Yavsc/Controllers/Accounting/AccountController.cs

@@ -403,7 +403,7 @@ namespace Yavsc.Controllers
         }
 
 
-        [Authorize(Roles = Constants.AdminGroupName)]
+        [Authorize("AdministratorOnly")]
         public IActionResult Index()
         {
             IViewComponentHelper h;
@@ -411,7 +411,7 @@ namespace Yavsc.Controllers
             return View();
         }
 
-        [Authorize(Roles = Constants.AdminGroupName)]
+        [Authorize("AdministratorOnly")]
         [Route("Account/UserList/{pageNum}/{len?}")]
         public async Task<IActionResult> UserList(int pageNum, int pageLen = defaultLen)
         {

src/Yavsc/Controllers/Administration/AdministrationController.cs

@@ -93,7 +93,7 @@ namespace Yavsc.Controllers
             return Ok(new { message = "you owned it." });
         }
 
-        [Authorize(Roles = Constants.AdminGroupName)]
+        [Authorize("AdministratorOnly")]
         [Produces("application/json")]
         public async Task<IActionResult> Index()
         {

src/Yavsc/Controllers/Administration/DatabaseController.cs

@@ -25,13 +25,13 @@ namespace Yavsc.Controllers
         public IActionResult GetBlog()
         {
             var data = applicationDbContext.BlogSpot.ToArray();
-            return Ok(JsonConvert.SerializeObject(data, Formatting.None));
+            return Ok(data);
         }
 
         public IActionResult GetUsers()
         {
             var data = applicationDbContext.Users.ToArray();
-            return Ok(JsonConvert.SerializeObject(data, Formatting.None));
+            return Ok(data);
         }
 
         public IActionResult ImportUsers(String usersJson)

src/Yavsc/Controllers/Contracting/ActivityController.cs

@@ -50,9 +50,8 @@ namespace Yavsc.Controllers
         private List<SelectListItem> GetEligibleParent(string code)
         {
             // eligibles are those
-            // who are not in descendants
+            // who are not in descendence
 
-            //
             var acts = _context.Activities.Where(
                 a => a.Code != code
             ).Select(a => new SelectListItem
@@ -68,13 +67,13 @@ namespace Yavsc.Controllers
             var pi = acts.FirstOrDefault(i => i.Value == existing.ParentCode);
             if (pi!=null) pi.Selected = true; 
             else nullItem.Selected = true;
-            RecFilterChild(acts, existing); 
+            RecursivelyFilterChild(acts, existing); 
             return acts;
         }
 
         /// <summary>
         /// Filters a activity selection list
-        /// in order to exculde any descendant 
+        /// in order to exclude any descendant 
         /// from the eligible list at the <c>Parent</c> property.
         /// WARN! results in a infinite loop when
         /// data is corrupted and there is a circularity
@@ -82,22 +81,19 @@ namespace Yavsc.Controllers
         /// </summary>
         /// <param name="list"></param>
         /// <param name="activity"></param>
-        private static void RecFilterChild(List<SelectListItem> list, Activity activity)
+        private static void RecursivelyFilterChild(List<SelectListItem> list, Activity activity)
         {
             if (activity == null) return;
             if (activity.Children == null) return;
             if (list.Count == 0) return;
             foreach (var child in activity.Children)
             {
-                RecFilterChild(list, child);
+                RecursivelyFilterChild(list, child);
                 var rem = list.FirstOrDefault(i => i.Value == child.Code);
                 if (rem != null) list.Remove(rem);
             }
         }
 
-      
-
-
         // GET: Activity/Details/5
         public IActionResult Details(string id)
         {

src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs

@@ -7,7 +7,7 @@ using Yavsc.Server.Helpers;
 
 namespace Yavsc.Controllers
 {
-    [Authorize(Roles="Administrator")]
+    [Authorize("AdministratorOnly")]
     public class SIRENExceptionsController : Controller
     {
         private readonly ApplicationDbContext _context;

src/Yavsc/Controllers/Haircut/BrusherProfileController.cs

@@ -5,7 +5,7 @@ using Yavsc.Controllers.Generic;
 
 namespace Yavsc.Controllers
 {
-    [Authorize(Roles="Performer")]
+    [Authorize("Performer")]
     public class BrusherProfileController : SettingsController<BrusherProfile>
     {
         public BrusherProfileController(ApplicationDbContext context) : base(context)

src/Yavsc/Extensions/HostingExtensions.cs

@@ -128,11 +128,10 @@ public static class HostingExtensions
             {
                 options.SignIn.RequireConfirmedAccount = true;
                 options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.PreferredUserName;
-                options.ClaimsIdentity.RoleClaimType = JwtClaimTypes.Role;
+                options.ClaimsIdentity.RoleClaimType = Constants.RoleClaimType;
             }
         )
         .AddEntityFrameworkStores<ApplicationDbContext>();
-
     }
 
     private static void AddYavscPolicies(IServiceCollection services)
@@ -144,17 +143,20 @@ public static class HostingExtensions
                 policy.RequireAuthenticatedUser()
                 .RequireClaim("scope", "scope2");
             });
+            
             options.AddPolicy("Performer", policy =>
             {
                 policy
                     .RequireAuthenticatedUser()
-                    .RequireClaim(JwtClaimTypes.Role, "Performer");
+                    .RequireClaim(Constants.RoleClaimType,
+                    new string[] {Constants.PerformerGroupName, Constants.AdminGroupName})
+                    ;
             });
             options.AddPolicy("AdministratorOnly", policy =>
             {
                 _ = policy
                     .RequireAuthenticatedUser()
-                    .RequireClaim(JwtClaimTypes.Role, Constants.AdminGroupName);
+                    .RequireClaim(Constants.RoleClaimType, Constants.AdminGroupName);
             });
 
             options.AddPolicy("FrontOffice", policy => policy.RequireRole(Constants.FrontOfficeGroupName));
@@ -241,7 +243,12 @@ public static class HostingExtensions
             .AddInMemoryApiScopes(Config.TestingApiScopes)
             .AddAspNetIdentity<ApplicationUser>();
 
-
+        builder.Services.Configure<IdentityOptions>(options =>
+        {
+            options.ClaimsIdentity.UserIdClaimType = JwtClaimTypes.Subject;
+            options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.Name;
+            options.ClaimsIdentity.RoleClaimType = Constants.RoleClaimType;
+        });
 
         if (builder.Environment.IsDevelopment())
         {