AspNetRoles ...
This commit is contained in:
Paul Schneider
7
.vscode/tasks.json
vendored
7
.vscode/tasks.json
vendored
@ -8,14 +8,11 @@
|
||||
"type": "process",
|
||||
"args": [
|
||||
"build",
|
||||
"/property:GenerateFullPaths=true",
|
||||
"/consoleloggerparameters:NoSummary;ForceNoAlign",
|
||||
|
||||
"/property:GenerateFullPaths=true"
|
||||
],
|
||||
"group": "build",
|
||||
"isBuildCommand": true,
|
||||
"isTestCommand": false,
|
||||
"problemMatcher": "$msCompile"
|
||||
"isTestCommand": false
|
||||
},
|
||||
{
|
||||
"label": "build-web",
|
||||
|
||||
@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Yavsc.Models;
|
||||
using Yavsc.Models.Chat;
|
||||
using Yavsc.Server.Helpers;
|
||||
|
||||
namespace Yavsc.Controllers
|
||||
{
|
||||
@ -45,7 +46,7 @@ namespace Yavsc.Controllers
|
||||
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (uid != chatRoomAccess.UserId && uid != chatRoomAccess.Room.OwnerId
|
||||
&& ! User.IsInRole(Constants.AdminGroupName))
|
||||
&& ! User.IsInMsRole(Constants.AdminGroupName))
|
||||
|
||||
{
|
||||
ModelState.AddModelError("UserId","get refused");
|
||||
@ -71,7 +72,7 @@ namespace Yavsc.Controllers
|
||||
}
|
||||
var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName );
|
||||
|
||||
if (uid != room.OwnerId && ! User.IsInRole(Constants.AdminGroupName))
|
||||
if (uid != room.OwnerId && ! User.IsInMsRole(Constants.AdminGroupName))
|
||||
{
|
||||
ModelState.AddModelError("ChannelName", "access put refused");
|
||||
return BadRequest(ModelState);
|
||||
@ -109,7 +110,7 @@ namespace Yavsc.Controllers
|
||||
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName );
|
||||
if (room == null || (uid != room.OwnerId && ! User.IsInRole(Constants.AdminGroupName)))
|
||||
if (room == null || (uid != room.OwnerId && ! User.IsInMsRole(Constants.AdminGroupName)))
|
||||
{
|
||||
ModelState.AddModelError("ChannelName", "access post refused");
|
||||
return BadRequest(ModelState);
|
||||
@ -153,7 +154,7 @@ namespace Yavsc.Controllers
|
||||
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName );
|
||||
if (room == null || (uid != room.OwnerId && chatRoomAccess.UserId != uid && ! User.IsInRole(Constants.AdminGroupName)))
|
||||
if (room == null || (uid != room.OwnerId && chatRoomAccess.UserId != uid && ! User.IsInMsRole(Constants.AdminGroupName)))
|
||||
{
|
||||
ModelState.AddModelError("UserId", "access drop refused");
|
||||
return BadRequest(ModelState);
|
||||
|
||||
@ -137,7 +137,7 @@ namespace Yavsc.Controllers
|
||||
|
||||
if (User.GetUserId() != chatRoom.OwnerId )
|
||||
{
|
||||
if (!User.IsInRole(Constants.AdminGroupName))
|
||||
if (!User.IsInMsRole(Constants.AdminGroupName))
|
||||
return BadRequest(new {error = "OwnerId"});
|
||||
}
|
||||
|
||||
|
||||
@ -19,5 +19,10 @@ namespace Yavsc.Server.Helpers
|
||||
return user.Identity.IsAuthenticated;
|
||||
}
|
||||
|
||||
public static bool IsInMsRole(this ClaimsPrincipal user, string roleName)
|
||||
{
|
||||
return user.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", roleName);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -86,7 +86,7 @@ namespace Yavsc
|
||||
var userId = _dbContext.Users.First(u => u.UserName == Context.User.Identity.Name).Id;
|
||||
|
||||
await Clients.Group(ChatHubConstants.HubGroupFollowingPrefix + userId).SendAsync("notifyUser", NotificationTypes.Connected, userName, null);
|
||||
isCop = Context.User.IsInRole(Constants.AdminGroupName) ;
|
||||
isCop = Context.User.IsInMsRole(Constants.AdminGroupName) ;
|
||||
if (isCop)
|
||||
{
|
||||
await Groups.AddToGroupAsync(Context.ConnectionId, ChatHubConstants.HubGroupCops);
|
||||
@ -353,7 +353,7 @@ namespace Yavsc
|
||||
var identityUserName = Context.User.GetUserName();
|
||||
|
||||
if (userName[0] != '?' && Context.User!=null)
|
||||
if (!Context.User.IsInRole(Constants.AdminGroupName))
|
||||
if (!Context.User.IsInMsRole(Constants.AdminGroupName))
|
||||
{
|
||||
|
||||
var bl = _dbContext.BlackListed
|
||||
|
||||
@ -625,7 +625,7 @@ namespace Yavsc.Controllers
|
||||
else _dbContext.Performers.Add(model);
|
||||
_dbContext.SaveChanges(User.GetUserId());
|
||||
// Give this user the Performer role
|
||||
if (!User.IsInRole("Performer"))
|
||||
if (!User.IsInMsRole("Performer"))
|
||||
await _userManager.AddToRoleAsync(user, "Performer");
|
||||
var message = ManageMessageId.SetActivitySuccess;
|
||||
|
||||
|
||||
@ -68,7 +68,7 @@ namespace Yavsc.Controllers
|
||||
if (admins != null && admins.Count > 0)
|
||||
{
|
||||
// All is ok, nothing to do here.
|
||||
if (User.IsInRole(Constants.AdminGroupName))
|
||||
if (User.IsInMsRole(Constants.AdminGroupName))
|
||||
{
|
||||
|
||||
return Ok(new { message = "you already got it." });
|
||||
|
||||
@ -8,6 +8,7 @@ using Microsoft.Extensions.Localization;
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.AspNetCore.Mvc.Rendering;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Yavsc.Server.Helpers;
|
||||
|
||||
namespace Yavsc.Controllers
|
||||
{
|
||||
@ -58,8 +59,8 @@ namespace Yavsc.Controllers
|
||||
}
|
||||
private async Task SetupView(Announce announce)
|
||||
{
|
||||
ViewBag.IsAdmin = User.IsInRole(Constants.AdminGroupName);
|
||||
ViewBag.IsPerformer = User.IsInRole(Constants.PerformerGroupName);
|
||||
ViewBag.IsAdmin = User.IsInMsRole(Constants.AdminGroupName);
|
||||
ViewBag.IsPerformer = User.IsInMsRole(Constants.PerformerGroupName);
|
||||
ViewBag.AllowEdit = announce==null || announce.Id<=0 || !_authorizationService.AuthorizeAsync(User,announce,new EditPermission()).IsFaulted;
|
||||
List<SelectListItem> dl = new List<SelectListItem>();
|
||||
var rnames = System.Enum.GetNames(typeof(Reason));
|
||||
@ -78,7 +79,6 @@ namespace Yavsc.Controllers
|
||||
[ValidateAntiForgeryToken]
|
||||
public async Task<IActionResult> Create(Announce announce)
|
||||
{
|
||||
await SetupView(announce);
|
||||
if (ModelState.IsValid)
|
||||
{
|
||||
// Only allow admin to create corporate annonces
|
||||
@ -99,6 +99,7 @@ namespace Yavsc.Controllers
|
||||
await _context.SaveChangesAsync();
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
await SetupView(announce);
|
||||
return View(announce);
|
||||
}
|
||||
|
||||
|
||||
@ -74,7 +74,7 @@ namespace Yavsc.Controllers
|
||||
{
|
||||
var blog = await blogSpotService.Details(User, id.Value);
|
||||
ViewData["apicmtctlr"] = "/api/blogcomments";
|
||||
ViewData["moderatoFlag"] = User.IsInRole(Constants.BlogModeratorGroupName);
|
||||
ViewData["moderatoFlag"] = User.IsInMsRole(Constants.BlogModeratorGroupName);
|
||||
|
||||
return View(blog);
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ namespace Yavsc.Controllers
|
||||
public IActionResult Create(UserActivity userActivity)
|
||||
{
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (!User.IsInRole("Administrator"))
|
||||
if (!User.IsInMsRole("Administrator"))
|
||||
if (uid != userActivity.UserId)
|
||||
ModelState.AddModelError("User","You're not admin.");
|
||||
if (userActivity.UserId == null) userActivity.UserId = uid;
|
||||
@ -133,7 +133,7 @@ namespace Yavsc.Controllers
|
||||
[ValidateAntiForgeryToken]
|
||||
public IActionResult Edit(UserActivity userActivity)
|
||||
{
|
||||
if (!User.IsInRole("Administrator"))
|
||||
if (!User.IsInMsRole("Administrator"))
|
||||
if (User.GetUserId() != userActivity.UserId)
|
||||
ModelState.AddModelError("User","You're not admin.");
|
||||
if (ModelState.IsValid)
|
||||
@ -162,7 +162,7 @@ namespace Yavsc.Controllers
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
if (!User.IsInRole("Administrator"))
|
||||
if (!User.IsInMsRole("Administrator"))
|
||||
if (User.GetUserId() != userActivity.UserId)
|
||||
ModelState.AddModelError("User","You're not admin.");
|
||||
return View(userActivity);
|
||||
@ -175,7 +175,7 @@ namespace Yavsc.Controllers
|
||||
{
|
||||
if (!ModelState.IsValid)
|
||||
return new BadRequestObjectResult(ModelState);
|
||||
if (!User.IsInRole("Administrator"))
|
||||
if (!User.IsInMsRole("Administrator"))
|
||||
if (User.GetUserId() != userActivity.UserId) {
|
||||
ModelState.AddModelError("User","You're not admin.");
|
||||
return RedirectToAction("Index");
|
||||
|
||||
@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Mvc.Rendering;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Yavsc.Models;
|
||||
using Yavsc.Models.Musical;
|
||||
using Yavsc.Server.Helpers;
|
||||
|
||||
namespace Yavsc.Controllers
|
||||
{
|
||||
@ -60,7 +61,7 @@ namespace Yavsc.Controllers
|
||||
ViewBag.YetAvailableInstruments = _context.Instrument.Select(k=>new SelectListItem
|
||||
{ Text = k.Name, Value = k.Id.ToString(), Disabled = actual.Contains(k.Id) });
|
||||
|
||||
if (User.IsInRole("Administrator"))
|
||||
if (User.IsInMsRole("Administrator"))
|
||||
ViewBag.OwnerIds = new SelectList(_context.Performers, "PerformerId", "Profile");
|
||||
return View();
|
||||
}
|
||||
|
||||
@ -64,7 +64,7 @@ namespace Yavsc.Controllers
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (ModelState.IsValid)
|
||||
{
|
||||
if (model.UserId != uid) if (!User.IsInRole(Constants.AdminGroupName))
|
||||
if (model.UserId != uid) if (!User.IsInMsRole(Constants.AdminGroupName))
|
||||
return new ChallengeResult();
|
||||
|
||||
_context.Instrumentation.Add(model);
|
||||
@ -82,7 +82,7 @@ namespace Yavsc.Controllers
|
||||
{
|
||||
return NotFound();
|
||||
}
|
||||
if (id != uid) if (!User.IsInRole(Constants.AdminGroupName))
|
||||
if (id != uid) if (!User.IsInMsRole(Constants.AdminGroupName))
|
||||
return new ChallengeResult();
|
||||
Instrumentation musicianSettings = await _context.Instrumentation.SingleAsync(m => m.UserId == id);
|
||||
if (musicianSettings == null)
|
||||
@ -98,7 +98,7 @@ namespace Yavsc.Controllers
|
||||
public async Task<IActionResult> Edit(Instrumentation musicianSettings)
|
||||
{
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (musicianSettings.UserId != uid) if (!User.IsInRole(Constants.AdminGroupName))
|
||||
if (musicianSettings.UserId != uid) if (!User.IsInMsRole(Constants.AdminGroupName))
|
||||
return new ChallengeResult();
|
||||
if (ModelState.IsValid)
|
||||
{
|
||||
@ -124,7 +124,7 @@ namespace Yavsc.Controllers
|
||||
return NotFound();
|
||||
}
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (musicianSettings.UserId != uid) if (!User.IsInRole(Constants.AdminGroupName))
|
||||
if (musicianSettings.UserId != uid) if (!User.IsInMsRole(Constants.AdminGroupName))
|
||||
return new ChallengeResult();
|
||||
return View(musicianSettings);
|
||||
}
|
||||
@ -137,7 +137,7 @@ namespace Yavsc.Controllers
|
||||
Instrumentation musicianSettings = await _context.Instrumentation.SingleAsync(m => m.UserId == id);
|
||||
|
||||
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||
if (musicianSettings.UserId != uid) if (!User.IsInRole(Constants.AdminGroupName))
|
||||
if (musicianSettings.UserId != uid) if (!User.IsInMsRole(Constants.AdminGroupName))
|
||||
return new ChallengeResult();
|
||||
|
||||
|
||||
|
||||
@ -27,6 +27,7 @@ using Microsoft.IdentityModel.Tokens;
|
||||
using Microsoft.IdentityModel.Protocols.Configuration;
|
||||
using IdentityModel;
|
||||
using Yavsc.Interfaces;
|
||||
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
|
||||
|
||||
namespace Yavsc.Extensions;
|
||||
|
||||
@ -48,8 +49,9 @@ public static class HostingExtensions
|
||||
_ = services.AddSingleton<IConnexionManager, HubConnectionManager>();
|
||||
_ = services.AddSingleton<ILiveProcessor, LiveProcessor>();
|
||||
_ = services.AddTransient<IFileSystemAuthManager, FileSystemAuthManager>();
|
||||
|
||||
AddIdentityDBAndStores(builder).AddDefaultTokenProviders();
|
||||
|
||||
AddIdentityDBAndStores(builder)
|
||||
.AddDefaultTokenProviders();
|
||||
AddIdentityServer(builder);
|
||||
|
||||
services.AddSignalR(o =>
|
||||
@ -107,7 +109,9 @@ public static class HostingExtensions
|
||||
|
||||
|
||||
AddAuthentication(builder);
|
||||
// accepts any access token issued by identity server
|
||||
|
||||
services.AddTransient<RoleManager<IdentityRole>>();
|
||||
services.AddTransient<IRoleStore<IdentityRole>, RoleStore<IdentityRole, ApplicationDbContext>>();
|
||||
|
||||
return builder.Build();
|
||||
}
|
||||
@ -118,13 +122,15 @@ public static class HostingExtensions
|
||||
services.AddDbContext<ApplicationDbContext>(options =>
|
||||
options.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection")));
|
||||
|
||||
return services.AddIdentity<ApplicationUser, IdentityRole>(
|
||||
return services.AddIdentity<ApplicationUser,IdentityRole>(
|
||||
options =>
|
||||
{
|
||||
options.SignIn.RequireConfirmedAccount = true;
|
||||
options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.PreferredUserName;
|
||||
options.ClaimsIdentity.RoleClaimType = JwtClaimTypes.Role;
|
||||
}
|
||||
)
|
||||
.AddEntityFrameworkStores<ApplicationDbContext>();
|
||||
.AddEntityFrameworkStores<ApplicationDbContext>();
|
||||
|
||||
}
|
||||
|
||||
@ -226,13 +232,16 @@ public static class HostingExtensions
|
||||
|
||||
// see https://IdentityServer8.readthedocs.io/en/latest/topics/resources.html
|
||||
options.EmitStaticAudienceClaim = true;
|
||||
|
||||
})
|
||||
.AddInMemoryIdentityResources(Config.IdentityResources)
|
||||
.AddInMemoryClients(Config.TestingClients)
|
||||
.AddClientStore<ClientStore>()
|
||||
.AddInMemoryApiScopes(Config.TestingApiScopes)
|
||||
.AddAspNetIdentity<ApplicationUser>()
|
||||
;
|
||||
.AddAspNetIdentity<ApplicationUser>();
|
||||
|
||||
|
||||
|
||||
if (builder.Environment.IsDevelopment())
|
||||
{
|
||||
identityServerBuilder.AddDeveloperSigningCredential();
|
||||
|
||||
@ -35,7 +35,7 @@ public class PermissionHandler : IAuthorizationHandler
|
||||
{
|
||||
context.Succeed(requirement);
|
||||
}
|
||||
else if (context.User.IsInRole("Administrator"))
|
||||
else if (context.User.IsInMsRole("Administrator"))
|
||||
{
|
||||
context.Succeed(requirement);
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
<div class="form-horizontal">
|
||||
<h4>Announce</h4>
|
||||
<hr />
|
||||
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
|
||||
<div asp-validation-summary="All" class="text-danger"></div>
|
||||
|
||||
<div class="form-group">
|
||||
<label asp-for="For" class="col-md-2 control-label"></label>
|
||||
|
||||
@ -14,13 +14,14 @@
|
||||
<li><a class="dropdown-item" asp-controller="Feature" asp-action="Index">Features</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
@if (User.IsInRole(Constants.AdminGroupName)) {
|
||||
@if (User.IsInMsRole(Constants.AdminGroupName)) {
|
||||
<li class="nav-item dropdown">
|
||||
<a class="nav-link dropdown-toggle" href="#" id="dropdown05" data-bs-toggle="dropdown" aria-expanded="false">
|
||||
Administration
|
||||
</a>
|
||||
<ul class="dropdown-menu" aria-labelledby="dropdown05">
|
||||
<li><a class="dropdown-item" asp-controller="Administration" asp-action="Index">Index</a></li>
|
||||
<li><a class="dropdown-item" asp-controller="Announces" asp-action="Index">Announces</a></li>
|
||||
<li><a class="dropdown-item" asp-controller="Activity" asp-action="Index">Activités</a></li>
|
||||
<li><a class="dropdown-item" asp-controller="CommandForms" asp-action="Index">Formulaires</a></li>
|
||||
<li><a class="dropdown-item" asp-controller="Notifications" asp-action="Index">Notifications</a></li>
|
||||
|
||||
Reference in New Issue
Block a user