tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

RBAC updates to support aggregated role bindings (#870) 

* RBAC updates to support aggregated role bindings when using the OidcRoleMapping with an external identity provider.

* Fixed braces to match existing styling.

* Simplified role mapping predicate.

Co-authored-by: John Fredrickson <john.fredrickson@arinet.com>
pull/872/head
jrlost 4 years ago
committed by GitHub
parent
ecfe98b077
commit
335db844a3
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      backend/src/Squidex/Config/Authentication/OidcHandler.cs

8
backend/src/Squidex/Config/Authentication/OidcHandler.cs
View File

@ -26,16 +26,16 @@ namespace Squidex.Config.Authentication
if (!string.IsNullOrWhiteSpace(options.OidcRoleClaimType) && options.OidcRoleMapping?.Count >= 0) if (!string.IsNullOrWhiteSpace(options.OidcRoleClaimType) && options.OidcRoleMapping?.Count >= 0)
{ {
var role = identity.FindFirst(x => x.Type == options.OidcRoleClaimType)?.Value; var permissions = options.OidcRoleMapping
.Where(r => identity.HasClaim(options.OidcRoleClaimType, r.Key))
.SelectMany(r => r.Value)
.Distinct();
if (!string.IsNullOrWhiteSpace(role) && options.OidcRoleMapping.TryGetValue(role, out var permissions) && permissions != null)
{
foreach (var permission in permissions) foreach (var permission in permissions)
{ {
identity.AddClaim(new Claim(SquidexClaimTypes.Permissions, permission)); identity.AddClaim(new Claim(SquidexClaimTypes.Permissions, permission));
} }
} }
}
return base.TokenValidated(context); return base.TokenValidated(context);
} }

Write Preview
Loading…
Cancel
Save