feat: authorization

Gzozo · Gzozo · commit 49367d43ae1b · 2024-11-04T00:28:57.000+01:00
diff --git a/grade-management-new/GradeManagement.Client/Layout/NavMenu.razor b/grade-management-new/GradeManagement.Client/Layout/NavMenu.razor
@@ -1,14 +1,18 @@
-﻿
+﻿@using GradeManagement.Client.Policies
 <MudNavMenu>
     <MudNavLink Href="/" Match="NavLinkMatch.All">Dashboard</MudNavLink>
-            <MudNavGroup Title="Data" Expanded="true">
-                <MudNavLink Href="/courses" Match="NavLinkMatch.Prefix">Courses</MudNavLink>
-                <MudNavLink Href="/semesters" Match="NavLinkMatch.Prefix">Semesters</MudNavLink>
-                <MudNavLink Href="/languages" Match="NavLinkMatch.Prefix">Languages</MudNavLink>
-                <MudNavLink Href="/teachers" Match="NavLinkMatch.Prefix">Teachers</MudNavLink>
-            </MudNavGroup>
-            <MudNavGroup Title="Admin" Expanded="false">
-                <MudNavLink Href="/subjects" Match="NavLinkMatch.Prefix">Subjects</MudNavLink>
-                <MudNavLink Href="/students" Match="NavLinkMatch.Prefix">Students</MudNavLink>
-            </MudNavGroup>
+    <AuthorizeView Policy="@Policy.RequireTeacher">
+        <MudNavGroup Title="Data" Expanded="true">
+            <MudNavLink Href="/courses" Match="NavLinkMatch.Prefix">Courses</MudNavLink>
+            <MudNavLink Href="/semesters" Match="NavLinkMatch.Prefix">Semesters</MudNavLink>
+            <MudNavLink Href="/languages" Match="NavLinkMatch.Prefix">Languages</MudNavLink>
+            <MudNavLink Href="/teachers" Match="NavLinkMatch.Prefix">Teachers</MudNavLink>
+        </MudNavGroup>
+    </AuthorizeView>
+    <AuthorizeView Policy="@Policy.RequireAdmin">
+        <MudNavGroup Title="Admin" Expanded="false">
+            <MudNavLink Href="/subjects" Match="NavLinkMatch.Prefix">Subjects</MudNavLink>
+            <MudNavLink Href="/students" Match="NavLinkMatch.Prefix">Students</MudNavLink>
+        </MudNavGroup>
+    </AuthorizeView>
 </MudNavMenu>
diff --git a/grade-management-new/GradeManagement.Client/Pages/Courses.razor b/grade-management-new/GradeManagement.Client/Pages/Courses.razor
@@ -10,6 +10,8 @@
 @inject SubjectClient SubjectClient
 @inject NavigationManager NavigationManager
 
+@attribute [Authorize(Policy = Policy.RequireAdmin)]
+
 
 <style>
     .clickable-rows .mud-table-body .mud-table-row {
diff --git a/grade-management-new/GradeManagement.Client/Pages/CreationWizard.razor b/grade-management-new/GradeManagement.Client/Pages/CreationWizard.razor
@@ -8,6 +8,7 @@
 @inject SemesterClient SemesterClient
 @inject CourseClient CourseClient
 @inject NavigationManager NavigationManager
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
 
 @using GradeManagement.Client.Components.NewDialogs
 @using MudExtensions
diff --git a/grade-management-new/GradeManagement.Client/Pages/Languages.razor b/grade-management-new/GradeManagement.Client/Pages/Languages.razor
@@ -5,6 +5,7 @@
 @inject IDialogService DialogService
 @inject CrudSnackbarService SnackbarService
 @inject LanguageClient LanguageClient
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
 
 <PageTitle>Languages</PageTitle>
 
diff --git a/grade-management-new/GradeManagement.Client/Pages/Semesters.razor b/grade-management-new/GradeManagement.Client/Pages/Semesters.razor
@@ -5,6 +5,7 @@
 @inject IDialogService DialogService
 @inject CrudSnackbarService SnackbarService
 @inject SemesterClient SemesterClient
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
 
 <PageTitle>Semesters</PageTitle>
 
diff --git a/grade-management-new/GradeManagement.Client/Pages/SingleCourse.razor b/grade-management-new/GradeManagement.Client/Pages/SingleCourse.razor
@@ -1,5 +1,4 @@
 ﻿@page "/courses/{Id:int}"
-@using System.Net
 @using GradeManagement.Client.Components.NewDialogs
 @layout AuthenticatedLayout
 
@@ -8,6 +7,7 @@
 @inject CourseClient CourseClient
 @inject ExerciseClient ExerciseClient
 @inject GroupClient GroupClient
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
 
 <LoadingComponent LongTask="@_loading" @ref="loadingRef">
     <PageTitle>Course @_course.Name</PageTitle>
diff --git a/grade-management-new/GradeManagement.Client/Pages/Students.razor b/grade-management-new/GradeManagement.Client/Pages/Students.razor
@@ -7,6 +7,7 @@
 @inject CrudSnackbarService SnackbarService
 @inject SubjectService SubjectService
 @inject StudentClient StudentClient
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
 
 <PageTitle>Students</PageTitle>
 
diff --git a/grade-management-new/GradeManagement.Client/Pages/Subjects.razor b/grade-management-new/GradeManagement.Client/Pages/Subjects.razor
@@ -6,6 +6,8 @@
 @inject SubjectService SubjectService
 @inject SubjectClient SubjectClient
 
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
+
 <PageTitle>Subjects</PageTitle>
 
 <MudText Typo="Typo.h4" Class="mt-4">Subjects</MudText>
diff --git a/grade-management-new/GradeManagement.Client/Pages/Teachers.razor b/grade-management-new/GradeManagement.Client/Pages/Teachers.razor
@@ -8,6 +8,7 @@
 @inject SubjectService SubjectService
 @inject SubjectClient SubjectClient
 @inject UserClient UserClient
+@attribute [Authorize(Policy = Policy.RequireTeacher)]
 
 <PageTitle>Teachers</PageTitle>
 
diff --git a/grade-management-new/GradeManagement.Client/Policies/AdminAuthorizationHandler.cs b/grade-management-new/GradeManagement.Client/Policies/AdminAuthorizationHandler.cs
@@ -0,0 +1,20 @@
+﻿using GradeManagement.Client.Network;
+
+using Microsoft.AspNetCore.Authorization;
+
+namespace GradeManagement.Client.Policies;
+
+public class UserTypeAuthorizationHandler(UserClient userClient) : AuthorizationHandler<UserTypeRequirement>
+{
+    protected override async Task HandleRequirementAsync(
+        AuthorizationHandlerContext context,
+        UserTypeRequirement requirement)
+    {
+        var user = await userClient.GetCurrentUserAsync();
+
+        if (requirement.Type.Contains(user.Type))
+        {
+            context.Succeed(requirement);
+        }
+    }
+}
diff --git a/grade-management-new/GradeManagement.Client/Policies/Policy.cs b/grade-management-new/GradeManagement.Client/Policies/Policy.cs
@@ -0,0 +1,7 @@
+﻿namespace GradeManagement.Client.Policies;
+
+public static class Policy
+{
+    public const string RequireAdmin = "RequireAdmin";
+    public const string RequireTeacher = "RequireTeacher";
+}
diff --git a/grade-management-new/GradeManagement.Client/Policies/UserTypeRequirement.cs b/grade-management-new/GradeManagement.Client/Policies/UserTypeRequirement.cs
@@ -0,0 +1,10 @@
+﻿using GradeManagement.Client.Network;
+
+using Microsoft.AspNetCore.Authorization;
+
+namespace GradeManagement.Client.Policies;
+
+public class UserTypeRequirement(UserType[] type) : IAuthorizationRequirement
+{
+    public UserType[] Type { get; } = type;
+}
diff --git a/grade-management-new/GradeManagement.Client/Program.cs b/grade-management-new/GradeManagement.Client/Program.cs
@@ -1,4 +1,5 @@
 using GradeManagement.Client.Network;
+using GradeManagement.Client.Policies;
 using GradeManagement.Client.Services;
 
 using Microsoft.AspNetCore.Authorization;
@@ -52,7 +53,8 @@ public static async Task Main(string[] args)
             builder.Services.AddSingleton<SelectedSubjectService>();
             builder.Services.AddSingleton<CurrentUserService>();
 
-            builder.Services.AddTransient(sp => new SubjectHeaderHandler(sp.GetRequiredService<SelectedSubjectService>()));
+            builder.Services.AddTransient(sp =>
+                new SubjectHeaderHandler(sp.GetRequiredService<SelectedSubjectService>()));
 
             // Registering HttpClient that uses our custom handler
             builder.Services.AddHttpClient(ServerApi,
@@ -84,6 +86,16 @@ public static async Task Main(string[] args)
             builder.Services.AddScoped<DashboardClient>(sp =>
                 new DashboardClient(sp.GetRequiredService<IHttpClientFactory>().CreateClient(ServerApi)));
 
+            builder.Services.AddAuthorizationCore(options =>
+            {
+                options.AddPolicy(Policy.RequireAdmin, policy =>
+                    policy.Requirements.Add(new UserTypeRequirement([UserType.Admin])));
+                options.AddPolicy(Policy.RequireTeacher, policy =>
+                    policy.Requirements.Add(new UserTypeRequirement([UserType.Teacher, UserType.Admin])));
+            });
+
+            builder.Services.AddScoped<IAuthorizationHandler, UserTypeAuthorizationHandler>();
+
 
             builder.Services.AddMudServices();
             builder.Services.AddMudExtensions();
diff --git a/grade-management-new/GradeManagement.Client/_Imports.razor b/grade-management-new/GradeManagement.Client/_Imports.razor
@@ -14,3 +14,6 @@
 @using GradeManagement.Client.Services;
 @using Microsoft.AspNetCore.Components.Authorization
 @using Network
+
+@using GradeManagement.Client.Policies
+@using Microsoft.AspNetCore.Authorization
