diff --git a/Azaion.Api/Program.cs b/Azaion.Api/Program.cs index 038ff94..66c109f 100644 --- a/Azaion.Api/Program.cs +++ b/Azaion.Api/Program.cs @@ -35,8 +35,22 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) }; }); -var apiAdminPolicy = new AuthorizationPolicyBuilder().RequireRole(RoleEnum.ApiAdmin.ToString()).Build(); -builder.Services.AddAuthorization(o => o.AddPolicy("apiAdminPolicy", apiAdminPolicy)); +#region Policies + +var apiAdminPolicy = new AuthorizationPolicyBuilder() + .RequireRole(RoleEnum.ApiAdmin.ToString()).Build(); + +var apiUploaderPolicy = new AuthorizationPolicyBuilder() + .RequireRole(RoleEnum.ResourceUploader.ToString(), RoleEnum.ApiAdmin.ToString()).Build(); + +builder.Services.AddAuthorization(o => +{ + o.AddPolicy(nameof(apiAdminPolicy), apiAdminPolicy); + o.AddPolicy(nameof(apiUploaderPolicy), apiUploaderPolicy); +}); + +#endregion Policies + builder.Services.AddHttpContextAccessor(); @@ -101,7 +115,7 @@ app.MapPost("/login", app.MapPost("/users", async (RegisterUserRequest registerUserRequest, IUserService userService, CancellationToken cancellationToken) => await userService.RegisterUser(registerUserRequest, cancellationToken)) - //.RequireAuthorization(apiAdminPolicy) + .RequireAuthorization(apiAdminPolicy) .WithOpenApi(op => new(op){ Summary = "Creates a new user"}); app.MapGet("/users", @@ -114,7 +128,7 @@ app.MapPost("/resources", async (IFormFile data, IResourcesService resourceService, CancellationToken cancellationToken) => await resourceService.SaveResource(data, cancellationToken)) .Accepts("multipart/form-data") - .RequireAuthorization(apiAdminPolicy) + .RequireAuthorization(apiUploaderPolicy) .DisableAntiforgery(); app.MapPost("/resources/get", //Need to have POST method for secure password diff --git a/Azaion.Common/Entities/RoleEnum.cs b/Azaion.Common/Entities/RoleEnum.cs index ec9ce7b..6573da8 100644 --- a/Azaion.Common/Entities/RoleEnum.cs +++ b/Azaion.Common/Entities/RoleEnum.cs @@ -7,5 +7,6 @@ public enum RoleEnum Validator = 20, CompanionPC = 30, Admin = 40, + ResourceUploader = 50, ApiAdmin = 1000 } diff --git a/env/02 db-scripts/02_structure.sql b/env/02 db-scripts/02_structure.sql index 1b78e4f..586a74e 100644 --- a/env/02 db-scripts/02_structure.sql +++ b/env/02 db-scripts/02_structure.sql @@ -12,11 +12,18 @@ create table users grant select, insert, update, delete on public.users to azaion_admin; grant select on table public.users to azaion_reader; -INSERT INTO public.users - (id, email, password_hash, hardware, hardware_hash, role) +INSERT INTO public.users (id, email, password_hash, hardware, hardware_hash, role) VALUES ('d90a36ca-e237-4fbd-9c7c-127040ac8556', 'admin@azaion.com', '282wqVHZU0liTxphiGkKIaJtUA1W6rILdvfEOx8Ez350x0XLbgNtrSUYCK1r/ajq', null, null, 'ApiAdmin'); + +INSERT INTO public.users (id, email, password_hash, hardware, hardware_hash, role) +VALUES ('48adb269-ecd5-4197-a9d1-cd36254cf104', + 'uploader@azaion.com', + '2zHX1eSnbdCirc+KRNepcr5g4ZFQhhrII0FggYyMezQzxD+gBxwISCZ48fe1wxAk', + null, + null, + 'ResourceUploader');