Merge pull request #183 from crupest/auth

Refactor auth module to enable more flexiable permission control.

1 files changed, 35 insertions, 0 deletions

diff --git a/BackEnd/Timeline/Auth/PermissionPolicyProvider.cs b/BackEnd/Timeline/Auth/PermissionPolicyProvider.cs
new file mode 100644
index 00000000..12a4fcd5
--- /dev/null
+++ b/BackEnd/Timeline/Auth/PermissionPolicyProvider.cs
@@ -0,0 +1,35 @@
+using Microsoft.AspNetCore.Authorization;

+using Microsoft.AspNetCore.Authorization.Infrastructure;

+using System;

+using System.Threading.Tasks;

+

+namespace Timeline.Auth

+{

+    public class PermissionPolicyProvider : IAuthorizationPolicyProvider

+    {

+        public const string PolicyPrefix = "Permission-";

+

+        public Task<AuthorizationPolicy> GetDefaultPolicyAsync()

+        {

+            return Task.FromResult(new AuthorizationPolicyBuilder(AuthenticationConstants.Scheme).RequireAuthenticatedUser().Build());

+        }

+

+        public Task<AuthorizationPolicy?> GetFallbackPolicyAsync()

+        {

+            return Task.FromResult<AuthorizationPolicy?>(null);

+        }

+

+        public Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)

+        {

+            if (policyName.StartsWith(PolicyPrefix, StringComparison.OrdinalIgnoreCase))

+            {

+                var permissions = policyName[PolicyPrefix.Length..].Split(',');

+

+                var policy = new AuthorizationPolicyBuilder(AuthenticationConstants.Scheme);

+                policy.AddRequirements(new ClaimsAuthorizationRequirement(AuthenticationConstants.PermissionClaimName, permissions));

+                return Task.FromResult<AuthorizationPolicy?>(policy.Build());

+            }

+            return Task.FromResult<AuthorizationPolicy?>(null);

+        }

+    }

+}