Files

48 lines
1.5 KiB
C#

using Microsoft.AspNetCore.Authorization;
namespace TrafagSalesExporter.Security;
public static class SecurityPolicyFactory
{
public static AuthorizationPolicy BuildAccessPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
{
if (!settings.Enabled)
{
return new AuthorizationPolicyBuilder()
.RequireAssertion(_ => true)
.Build();
}
var builder = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser();
if (!useDevelopmentAuthentication &&
settings.AccessGroups.Count > 0)
{
builder.RequireAssertion(context =>
settings.AccessGroups.Any(group => context.User.IsInRole(group)));
}
return builder.Build();
}
public static AuthorizationPolicy BuildAdminPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
{
if (!settings.Enabled)
{
return new AuthorizationPolicyBuilder()
.RequireAssertion(_ => true)
.Build();
}
var builder = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser();
builder.RequireAssertion(context =>
useDevelopmentAuthentication && context.User.HasClaim(DevelopmentAuthenticationHandler.AdminClaimType, "true") ||
settings.AdminGroups.Any(group => context.User.IsInRole(group)));
return builder.Build();
}
}