Make DynamicAuthorizationFilter generic to pass IdentityDbContext.

Author: mo-esmp

src/DynamicAuthorization.Mvc.Core/DynamicAuthorization.Mvc.Core.csproj

@@ -1,22 +1,29 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;netcoreapp3.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;netcoreapp3.0;netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
 
-  <PropertyGroup Condition=" '$(TargetFramework)' == 'netstandard2.0'">
+  <PropertyGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
     <DefineConstants>NETCORE2;NETSTANDARD;NETSTANDARD2_0</DefineConstants>
   </PropertyGroup>
 
-  <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp3'">
+  <PropertyGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
     <DefineConstants>NETCORE3;NETSTANDARD;NETSTANDARD2_1</DefineConstants>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.0'">
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.0.0" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0'">
-    <PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.2.0" />
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.0" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
+    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.2.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="2.2.0" />
   </ItemGroup>
 </Project>

src/DynamicAuthorization.Mvc.Core/Extensions/ServiceCollectionExtensions.cs

@@ -1,5 +1,6 @@
 using DynamicAuthorization.Mvc.Core.Builder;
 using DynamicAuthorization.Mvc.Core.Models;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
 using System;
@@ -8,7 +9,26 @@ namespace DynamicAuthorization.Mvc.Core.Extensions
 {
     public static class ServiceCollectionExtensions
     {
-        public static IDynamicAuthorizationBuilder AddDynamicAuthorization(this IServiceCollection services, Action<DynamicAuthorizationOptions> options)
+        //public static IDynamicAuthorizationBuilder AddDynamicAuthorization(this IServiceCollection services, Action<DynamicAuthorizationOptions> options)
+        //{
+        //    var dynamicAuthorizationOptions = new DynamicAuthorizationOptions();
+        //    options.Invoke(dynamicAuthorizationOptions);
+        //    services.AddSingleton(dynamicAuthorizationOptions);
+
+        //    services.AddSingleton<IMvcControllerDiscovery, MvcControllerDiscovery>();
+
+        //    services.Configure<MvcOptions>(mvcOptions =>
+        //    {
+        //        mvcOptions.Filters.Add(typeof(DynamicAuthorizationFilter));
+        //    });
+
+        //    IDynamicAuthorizationBuilder builder = new DynamicAuthorizationBuilder(services);
+
+        //    return builder;
+        //}
+
+        public static IDynamicAuthorizationBuilder AddDynamicAuthorization<TDbContext>(this IServiceCollection services, Action<DynamicAuthorizationOptions> options)
+            where TDbContext : IdentityDbContext
         {
             var dynamicAuthorizationOptions = new DynamicAuthorizationOptions();
             options.Invoke(dynamicAuthorizationOptions);
@@ -18,7 +38,7 @@ public static IDynamicAuthorizationBuilder AddDynamicAuthorization(this IService
 
             services.Configure<MvcOptions>(mvcOptions =>
             {
-                mvcOptions.Filters.Add(typeof(DynamicAuthorizationFilter));
+                mvcOptions.Filters.Add(typeof(DynamicAuthorizationFilter<TDbContext>));
             });
 
             IDynamicAuthorizationBuilder builder = new DynamicAuthorizationBuilder(services);

src/DynamicAuthorization.Mvc.Core/Filters/DynamicAuthorizationFilter.cs

@@ -1,25 +1,34 @@
 using DynamicAuthorization.Mvc.Core.Models;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.Mvc.Controllers;
 using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.EntityFrameworkCore;
 using System;
 using System.Linq;
 using System.Reflection;
 using System.Threading.Tasks;
 
 namespace DynamicAuthorization.Mvc.Core
 {
-    public class DynamicAuthorizationFilter : IAuthorizationFilter, IAsyncAuthorizationFilter
+    public class DynamicAuthorizationFilter<TDbContext> : IAuthorizationFilter, IAsyncAuthorizationFilter
+        where TDbContext : IdentityDbContext
     {
         private readonly DynamicAuthorizationOptions _authorizationOptions;
+        private readonly TDbContext _identityDbContext;
         private readonly IRoleAccessStore _roleAccessStore;
 
-        public DynamicAuthorizationFilter(DynamicAuthorizationOptions authorizationOptions, IRoleAccessStore roleAccessStore)
+        public DynamicAuthorizationFilter(
+            DynamicAuthorizationOptions authorizationOptions,
+            TDbContext identityDbContext,
+            IRoleAccessStore roleAccessStore
+        )
         {
             _authorizationOptions = authorizationOptions;
             _roleAccessStore = roleAccessStore;
+            _identityDbContext = identityDbContext;
         }
 
         public void OnAuthorization(AuthorizationFilterContext context)
@@ -43,8 +52,15 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
                 return;
 
             var actionId = GetActionId(context);
-
-            if (await _roleAccessStore.HasAccessToActionAsync(userName, actionId))
+            var roles = await (
+                from user in _identityDbContext.Users
+                join userRole in _identityDbContext.UserRoles on user.Id equals userRole.UserId
+                join role in _identityDbContext.Roles on userRole.RoleId equals role.Id
+                where user.UserName == userName
+                select role.Id
+            ).ToArrayAsync();
+
+            if (await _roleAccessStore.HasAccessToActionAsync(actionId, roles))
                 return;
 
             context.Result = new ForbidResult();
@@ -54,7 +70,10 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
 
         private static bool IsProtectedAction(AuthorizationFilterContext context)
         {
-            var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
+            var controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
+            if(controllerActionDescriptor == null)
+                return false;
+
             var controllerTypeInfo = controllerActionDescriptor.ControllerTypeInfo;
 
             var anonymousAttribute = controllerTypeInfo.GetCustomAttribute<AllowAnonymousAttribute>();
@@ -84,7 +103,10 @@ private bool IsProtectedAction(AuthorizationFilterContext context)
             if (context.Filters.Any(item => item is IAllowAnonymousFilter))
                 return false;
 
-            var controllerActionDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
+            var controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
+            if (controllerActionDescriptor == null)
+                return false;
+
             var controllerTypeInfo = controllerActionDescriptor.ControllerTypeInfo;
             var actionMethodInfo = controllerActionDescriptor.MethodInfo;
 

src/DynamicAuthorization.Mvc.Core/MvcControllerDiscovery.cs

@@ -27,8 +27,8 @@ public IEnumerable<MvcControllerInfo> GetControllers()
             _mvcControllers = new List<MvcControllerInfo>();
             var items = _actionDescriptorCollectionProvider
                 .ActionDescriptors.Items
-                .Where(descriptor => descriptor.GetType() == typeof(ControllerActionDescriptor))
-                .Select(descriptor => (ControllerActionDescriptor)descriptor)
+                .OfType<ControllerActionDescriptor>()
+                .Select(descriptor => descriptor)
                 .GroupBy(descriptor => descriptor.ControllerTypeInfo.FullName)
                 .ToList();