diff options
Diffstat (limited to 'BackEnd/Timeline/Auth/PermissionPolicyProvider.cs')
| -rw-r--r-- | BackEnd/Timeline/Auth/PermissionPolicyProvider.cs | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/BackEnd/Timeline/Auth/PermissionPolicyProvider.cs b/BackEnd/Timeline/Auth/PermissionPolicyProvider.cs new file mode 100644 index 00000000..12a4fcd5 --- /dev/null +++ b/BackEnd/Timeline/Auth/PermissionPolicyProvider.cs @@ -0,0 +1,35 @@ +using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+using System;
+using System.Threading.Tasks;
+
+namespace Timeline.Auth
+{
+ public class PermissionPolicyProvider : IAuthorizationPolicyProvider
+ {
+ public const string PolicyPrefix = "Permission-";
+
+ public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+ {
+ return Task.FromResult(new AuthorizationPolicyBuilder(AuthenticationConstants.Scheme).RequireAuthenticatedUser().Build());
+ }
+
+ public Task<AuthorizationPolicy?> GetFallbackPolicyAsync()
+ {
+ return Task.FromResult<AuthorizationPolicy?>(null);
+ }
+
+ public Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)
+ {
+ if (policyName.StartsWith(PolicyPrefix, StringComparison.OrdinalIgnoreCase))
+ {
+ var permissions = policyName[PolicyPrefix.Length..].Split(',');
+
+ var policy = new AuthorizationPolicyBuilder(AuthenticationConstants.Scheme);
+ policy.AddRequirements(new ClaimsAuthorizationRequirement(AuthenticationConstants.PermissionClaimName, permissions));
+ return Task.FromResult<AuthorizationPolicy?>(policy.Build());
+ }
+ return Task.FromResult<AuthorizationPolicy?>(null);
+ }
+ }
+}
|