mirror of https://github.com/Squidex/squidex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.5 KiB
40 lines
1.5 KiB
// ==========================================================================
|
|
// Squidex Headless CMS
|
|
// ==========================================================================
|
|
// Copyright (c) Squidex UG (haftungsbeschraenkt)
|
|
// All rights reserved. Licensed under the MIT license.
|
|
// ==========================================================================
|
|
|
|
using System.Security.Claims;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.Options;
|
|
using Squidex.Infrastructure.Security;
|
|
using Squidex.Shared;
|
|
using Squidex.Shared.Identity;
|
|
|
|
namespace Squidex.Domain.Users;
|
|
|
|
public sealed class UserClaimsPrincipalFactoryWithEmail(UserManager<IdentityUser> userManager, RoleManager<IdentityRole> roleManager, IOptions<IdentityOptions> optionsAccessor) : UserClaimsPrincipalFactory<IdentityUser, IdentityRole>(userManager, roleManager, optionsAccessor)
|
|
{
|
|
private const string AdministratorRole = "ADMINISTRATOR";
|
|
|
|
public override async Task<ClaimsPrincipal> CreateAsync(IdentityUser user)
|
|
{
|
|
var userPrincipal = await base.CreateAsync(user);
|
|
var userIdentity = userPrincipal.Identities.First();
|
|
|
|
var email = await UserManager.GetEmailAsync(user);
|
|
|
|
if (email != null)
|
|
{
|
|
userIdentity.AddClaim(new Claim(OpenIdClaims.Email, email));
|
|
}
|
|
|
|
if (await UserManager.IsInRoleAsync(user, AdministratorRole))
|
|
{
|
|
userIdentity.AddClaim(new Claim(SquidexClaimTypes.Permissions, PermissionIds.Admin));
|
|
}
|
|
|
|
return userPrincipal;
|
|
}
|
|
}
|
|
|