Permission for ReadWrite

OluwatobiAwe · OluwatobiAwe · commit ebca4fefe83f · 2025-05-22T12:39:18.000+01:00
diff --git a/OpenAPI/LearningHub.Nhs.OpenApi/Authentication/ReadWriteHandler.cs b/OpenAPI/LearningHub.Nhs.OpenApi/Authentication/ReadWriteHandler.cs
@@ -0,0 +1,43 @@
+﻿namespace LearningHub.NHS.OpenAPI.Authentication
+{
+    using System.Threading.Tasks;
+    using Microsoft.AspNetCore.Authorization;
+    using Microsoft.AspNetCore.Http;
+
+    /// <summary>
+    /// Provide Authentication policy for Auth Service.
+    /// </summary>
+    public class ReadWriteHandler : AuthorizationHandler<ReadWriteRequirement>
+    {
+        /// <summary>
+        /// The context accessor.
+        /// </summary>
+        private readonly IHttpContextAccessor contextAccessor;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ReadWriteHandler"/> class.
+        /// Provide Authentication policy for Auth Service.
+        /// </summary>
+        /// <param name="contextAccessor">The context Accessor.</param>
+        public ReadWriteHandler(IHttpContextAccessor contextAccessor)
+        {
+            this.contextAccessor = contextAccessor;
+        }
+
+        /// <summary>
+        /// Handle Authentication policy Requirement.
+        /// </summary>
+        /// <param name="context">The context.</param>
+        /// <param name="requirement">The requirement.</param>
+        /// <returns>A <see cref="Task"/> representing the asynchronous operation.</returns>
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ReadWriteRequirement requirement)
+        {
+            if (requirement.HasReadWriteRole(context.User))
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/OpenAPI/LearningHub.Nhs.OpenApi/Authentication/ReadWriteRequirement.cs b/OpenAPI/LearningHub.Nhs.OpenApi/Authentication/ReadWriteRequirement.cs
@@ -0,0 +1,47 @@
+﻿namespace LearningHub.NHS.OpenAPI.Authentication
+{
+    using System.Collections.Generic;
+    using System.Security.Claims;
+
+    using Microsoft.AspNetCore.Authorization;
+
+    /// <summary>
+    /// Provide Authentication policy for Auth Service.
+    /// </summary>
+    public class ReadWriteRequirement : IAuthorizationRequirement
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ReadWriteRequirement"/> class.
+        /// Provide Authentication policy for Auth Service.
+        /// </summary>
+        public ReadWriteRequirement()
+        {
+        }
+
+        /// <summary>
+        /// The can read write.
+        /// </summary>
+        /// <param name="user">The user.</param>
+        /// <returns>The <see cref="bool"/>.</returns>
+        public bool HasReadWriteRole(ClaimsPrincipal user)
+        {
+            bool retVal = false;
+            foreach (var role in ReadWriteRoles())
+            {
+                if (user.IsInRole(role))
+                {
+                    retVal = true;
+                    break;
+                }
+            }
+
+            return retVal;
+        }
+
+        /// <summary>
+        /// The read write roles.
+        /// </summary>
+        /// <returns>The Read Write Roles.</returns>
+        private List<string> ReadWriteRoles() => new List<string>() { "Administrator", "BlueUser" };
+    }
+}
diff --git a/OpenAPI/LearningHub.Nhs.OpenApi/Startup.cs b/OpenAPI/LearningHub.Nhs.OpenApi/Startup.cs
@@ -29,6 +29,8 @@ namespace LearningHub.NHS.OpenAPI
     using Microsoft.Extensions.Hosting;
     using Microsoft.IdentityModel.Tokens;
     using Microsoft.OpenApi.Models;
+    using Microsoft.AspNetCore.Authorization;
+    using LearningHub.NHS.OpenAPI.Authentication;
 
     /// <summary>
     /// The Startup class.
@@ -73,6 +75,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             services.AddCustomMiddleware();
+            services.AddSingleton<IAuthorizationHandler, ReadWriteHandler>();
 
             services.AddRepositories(this.Configuration);
             services.AddServices();
@@ -81,8 +84,11 @@ public void ConfigureServices(IServiceCollection services)
                 options =>
                     options.UseSqlServer(this.Configuration.GetConnectionString("LearningHub")));
             services.AddApplicationInsightsTelemetry();
-            services.AddControllers(options => options.Filters.Add(new HttpResponseExceptionFilter()));
-            services.AddControllers(opt => { opt.Filters.Add(new AuthorizeFilter()); })
+            services.AddControllers(options =>
+            {
+                options.Filters.Add(new HttpResponseExceptionFilter());
+                options.Filters.Add(new AuthorizeFilter());
+            })
             .AddJsonOptions(options =>
             {
                 options.JsonSerializerOptions.ReferenceHandler = System.Text.Json.Serialization.ReferenceHandler.IgnoreCycles;
@@ -147,6 +153,13 @@ public void ConfigureServices(IServiceCollection services)
                     });
                 });
 
+            services.AddAuthorization(options =>
+            {
+                options.AddPolicy(
+                    "ReadWrite",
+                    policy => policy.Requirements.Add(new ReadWriteRequirement()));
+            });
+
             var environment = this.Configuration.GetValue<EnvironmentEnum>("Environment");
             var envPrefix = environment.GetAbbreviation();
             if (environment == EnvironmentEnum.Local)
