Some refactorings.

7 years ago · 7a3dfaf31a
6 changed files with 18 additions and 22 deletions
--- a/src/Squidex.Domain.Apps.Core.Model/Permissions.cs
+++ b/src/Squidex.Domain.Apps.Core.Model/Permissions.cs
@ -12,8 +12,6 @@ namespace Squidex.Domain.Apps.Core
 {
    public sealed class Permissions
    {
-        public const string ClaimType = "Permission";
-
        public const string All = "squidex.*";

        public const string Admin = "squidex.admin*";
--- a/src/Squidex.Shared/Identity/SquidexClaimTypes.cs
+++ b/src/Squidex.Shared/Identity/SquidexClaimTypes.cs
@ -19,6 +19,8 @@ namespace Squidex.Shared.Identity

        public static readonly string SquidexHidden = "urn:squidex:hidden";

+        public static readonly string Permission = "urn:squidex:permission";
+
        public static readonly string Prefix = "urn:squidex:";
    }
 }
--- a/src/Squidex.Shared/Identity/SquidexRoles.cs
+++ b/src/Squidex.Shared/Identity/SquidexRoles.cs
@ -10,13 +10,5 @@ namespace Squidex.Shared.Identity
    public static class SquidexRoles
    {
        public static readonly string Administrator = "ADMINISTRATOR";
-
-        public static readonly string AppOwner = "app:owner";
-
-        public static readonly string AppEditor = "app:editor";
-
-        public static readonly string AppReader = "app:reader";
-
-        public static readonly string AppDeveloper = "app:dev";
    }
 }
--- a/src/Squidex/Pipeline/ApiPermissionAttribute.cs
+++ b/src/Squidex/Pipeline/ApiPermissionAttribute.cs
@ -12,6 +12,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Squidex.Infrastructure.Security;
+using Squidex.Shared.Identity;

 namespace Squidex.Pipeline
 {
@ -38,13 +39,13 @@ namespace Squidex.Pipeline
                }

                var set = new PermissionSet(
-                    context.HttpContext.User.FindAll("Permission")
+                    context.HttpContext.User.FindAll(SquidexClaimTypes.Permission)
                        .Select(x => x.Value)
                        .Select(x => new Permission(x)));

                if (!set.GivesPermissionTo(new Permission(id)))
                {
-                    // context.Result = new StatusCodeResult(403);
+                    context.Result = new StatusCodeResult(403);
                }
            }

--- a/src/Squidex/Pipeline/AppResolverFilter.cs
+++ b/src/Squidex/Pipeline/AppResolverFilter.cs
@ -10,10 +10,12 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
+using Squidex.Domain.Apps.Core;
 using Squidex.Domain.Apps.Core.Apps;
 using Squidex.Domain.Apps.Entities;
 using Squidex.Domain.Apps.Entities.Apps;
 using Squidex.Infrastructure.Security;
+using Squidex.Shared.Identity;

 namespace Squidex.Pipeline
 {
@ -38,6 +40,15 @@ namespace Squidex.Pipeline

        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
+            var user = context.HttpContext.User;
+
+            var identity = user.Identities.First();
+
+            if (string.Equals(identity.FindFirst(identity.RoleClaimType)?.Value, SquidexRoles.Administrator))
+            {
+                identity.AddClaim(new Claim(SquidexClaimTypes.Permission, Permissions.Admin));
+            }
+
            var appName = context.RouteData.Values["app"]?.ToString();

            if (!string.IsNullOrWhiteSpace(appName))
@ -50,8 +61,6 @@ namespace Squidex.Pipeline
                    return;
                }

-                var user = context.HttpContext.User;
-
                var permissions =
                    FindByOpenIdSubject(app, user) ??
                    FindByOpenIdClient(app, user);
@ -62,11 +71,9 @@ namespace Squidex.Pipeline
                    return;
                }

-                var identity = user.Identities.First();
-
                foreach (var permission in permissions)
                {
-                    identity.AddClaim(new Claim("Permission", permission.Id));
+                    identity.AddClaim(new Claim(SquidexClaimTypes.Permission, permission.Id));
                }

                context.HttpContext.Features.Set<IAppFeature>(new AppFeature(app));
--- a/src/Squidex/Pipeline/Swagger/SwaggerHelper.cs
+++ b/src/Squidex/Pipeline/Swagger/SwaggerHelper.cs
@ -93,11 +93,7 @@ namespace Squidex.Pipeline.Swagger
                    Flow = SwaggerOAuth2Flow.Application,
                    Scopes = new Dictionary<string, string>
                    {
-                        { Constants.ApiScope, "Read and write access to the API" },
-                        { SquidexRoles.AppOwner, "App contributor with Owner permission." },
-                        { SquidexRoles.AppEditor, "Client (writer) or App contributor with Editor permission." },
-                        { SquidexRoles.AppReader, "Client (readonly) or App contributor with Editor permission." },
-                        { SquidexRoles.AppDeveloper, "App contributor with Developer permission." }
+                        { Constants.ApiScope, "Read and write access to the API" }
                    },
                    Description = securityText
                };