separate Uploader role

2026-04-23 00:26:33 +00:00 · 2024-11-25 14:43:52 +02:00
parent f5e466108a
commit 08187495af
3 changed files with 28 additions and 6 deletions
@@ -35,8 +35,22 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        };
    });

-var apiAdminPolicy = new AuthorizationPolicyBuilder().RequireRole(RoleEnum.ApiAdmin.ToString()).Build();
-builder.Services.AddAuthorization(o => o.AddPolicy("apiAdminPolicy", apiAdminPolicy));
+#region Policies
+
+var apiAdminPolicy = new AuthorizationPolicyBuilder()
+    .RequireRole(RoleEnum.ApiAdmin.ToString()).Build();
+
+var apiUploaderPolicy = new AuthorizationPolicyBuilder()
+    .RequireRole(RoleEnum.ResourceUploader.ToString(), RoleEnum.ApiAdmin.ToString()).Build();
+
+builder.Services.AddAuthorization(o =>
+{
+    o.AddPolicy(nameof(apiAdminPolicy), apiAdminPolicy);
+    o.AddPolicy(nameof(apiUploaderPolicy), apiUploaderPolicy);
+});
+
+#endregion Policies
+

 builder.Services.AddHttpContextAccessor();

@@ -101,7 +115,7 @@ app.MapPost("/login",
 app.MapPost("/users",
    async (RegisterUserRequest registerUserRequest, IUserService userService, CancellationToken cancellationToken)
        => await userService.RegisterUser(registerUserRequest, cancellationToken))
-    //.RequireAuthorization(apiAdminPolicy)
+    .RequireAuthorization(apiAdminPolicy)
    .WithOpenApi(op => new(op){ Summary = "Creates a new user"});

 app.MapGet("/users",
@@ -114,7 +128,7 @@ app.MapPost("/resources",
        async (IFormFile data, IResourcesService resourceService, CancellationToken cancellationToken)
            => await resourceService.SaveResource(data, cancellationToken))
    .Accepts<IFormFile>("multipart/form-data")
-    .RequireAuthorization(apiAdminPolicy)
+    .RequireAuthorization(apiUploaderPolicy)
    .DisableAntiforgery();

 app.MapPost("/resources/get", //Need to have POST method for secure password
@@ -7,5 +7,6 @@ public enum RoleEnum
    Validator = 20,
    CompanionPC = 30,
    Admin = 40,
+    ResourceUploader = 50,
    ApiAdmin = 1000
 }
@@ -12,11 +12,18 @@ create table users
 grant select, insert, update, delete on public.users to azaion_admin;
 grant select on table public.users to azaion_reader;

-INSERT INTO public.users
-    (id, email, password_hash, hardware, hardware_hash, role)
+INSERT INTO public.users (id, email, password_hash, hardware, hardware_hash, role)
 VALUES ('d90a36ca-e237-4fbd-9c7c-127040ac8556',
        'admin@azaion.com',
        '282wqVHZU0liTxphiGkKIaJtUA1W6rILdvfEOx8Ez350x0XLbgNtrSUYCK1r/ajq',
        null,
        null,
        'ApiAdmin');
+
+INSERT INTO public.users (id, email, password_hash, hardware, hardware_hash, role)
+VALUES ('48adb269-ecd5-4197-a9d1-cd36254cf104',
+        'uploader@azaion.com',
+        '2zHX1eSnbdCirc+KRNepcr5g4ZFQhhrII0FggYyMezQzxD+gBxwISCZ48fe1wxAk',
+        null,
+        null,
+        'ResourceUploader');