48 lines
1.5 KiB
C#
48 lines
1.5 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
|
|
namespace TrafagSalesExporter.Security;
|
|
|
|
public static class SecurityPolicyFactory
|
|
{
|
|
public static AuthorizationPolicy BuildAccessPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
|
|
{
|
|
if (!settings.Enabled)
|
|
{
|
|
return new AuthorizationPolicyBuilder()
|
|
.RequireAssertion(_ => true)
|
|
.Build();
|
|
}
|
|
|
|
var builder = new AuthorizationPolicyBuilder()
|
|
.RequireAuthenticatedUser();
|
|
|
|
if (!useDevelopmentAuthentication &&
|
|
settings.AccessGroups.Count > 0)
|
|
{
|
|
builder.RequireAssertion(context =>
|
|
settings.AccessGroups.Any(group => context.User.IsInRole(group)));
|
|
}
|
|
|
|
return builder.Build();
|
|
}
|
|
|
|
public static AuthorizationPolicy BuildAdminPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
|
|
{
|
|
if (!settings.Enabled)
|
|
{
|
|
return new AuthorizationPolicyBuilder()
|
|
.RequireAssertion(_ => true)
|
|
.Build();
|
|
}
|
|
|
|
var builder = new AuthorizationPolicyBuilder()
|
|
.RequireAuthenticatedUser();
|
|
|
|
builder.RequireAssertion(context =>
|
|
useDevelopmentAuthentication && context.User.HasClaim(DevelopmentAuthenticationHandler.AdminClaimType, "true") ||
|
|
settings.AdminGroups.Any(group => context.User.IsInRole(group)));
|
|
|
|
return builder.Build();
|
|
}
|
|
}
|