diff --git a/FiMAdminApi.Data/Enums/GlobalRole.cs b/FiMAdminApi.Data/Enums/GlobalPermission.cs similarity index 87% rename from FiMAdminApi.Data/Enums/GlobalRole.cs rename to FiMAdminApi.Data/Enums/GlobalPermission.cs index 0fd34d5..85f8686 100644 --- a/FiMAdminApi.Data/Enums/GlobalRole.cs +++ b/FiMAdminApi.Data/Enums/GlobalPermission.cs @@ -1,7 +1,7 @@ // ReSharper disable InconsistentNaming namespace FiMAdminApi.Data.Enums; -public enum GlobalRole +public enum GlobalPermission { Superuser, Events_Create, diff --git a/FiMAdminApi.Data/Models/User.cs b/FiMAdminApi.Data/Models/User.cs index b090d7a..510f0c8 100644 --- a/FiMAdminApi.Data/Models/User.cs +++ b/FiMAdminApi.Data/Models/User.cs @@ -7,5 +7,5 @@ public class User public Guid? Id { get; set; } public string? Email { get; set; } public string? Name { get; set; } - public List? GlobalRoles { get; set; } + public List? GlobalPermissions { get; set; } } \ No newline at end of file diff --git a/FiMAdminApi/Endpoints/EventsCreateEndpoints.cs b/FiMAdminApi/Endpoints/EventsCreateEndpoints.cs index 617e21a..8a3d778 100644 --- a/FiMAdminApi/Endpoints/EventsCreateEndpoints.cs +++ b/FiMAdminApi/Endpoints/EventsCreateEndpoints.cs @@ -12,7 +12,7 @@ public static WebApplication RegisterEventsCreateEndpoints(this WebApplication a { var eventsCreateGroup = app.MapGroup("/api/v{apiVersion:apiVersion}/users") .WithApiVersionSet(vs).HasApiVersion(1).WithTags("Events - Create") - .RequireAuthorization(nameof(GlobalRole.Events_Create)); + .RequireAuthorization(nameof(GlobalPermission.Events_Create)); eventsCreateGroup.MapPost("sync-source", SyncSource) .WithSummary("Create from Sync Source") diff --git a/FiMAdminApi/Endpoints/UsersEndpoints.cs b/FiMAdminApi/Endpoints/UsersEndpoints.cs index 0d774ec..9accd03 100644 --- a/FiMAdminApi/Endpoints/UsersEndpoints.cs +++ b/FiMAdminApi/Endpoints/UsersEndpoints.cs @@ -21,7 +21,7 @@ public static WebApplication RegisterUsersEndpoints(this WebApplication app, Api { var usersGroup = app.MapGroup("/api/v{apiVersion:apiVersion}/users") .WithApiVersionSet(vs).HasApiVersion(1).WithTags("Users") - .RequireAuthorization(nameof(GlobalRole.Superuser)); + .RequireAuthorization(nameof(GlobalPermission.Superuser)); usersGroup.MapGet("", SearchUsers).WithSummary("Search Users"); usersGroup.MapGet("{id:guid:required}", GetUser).WithSummary("Get User by ID"); @@ -41,14 +41,14 @@ [FromQuery] [Description("A free-text search to filter the returned users")] var selectedUsers = users.Users.Select(u => { - IEnumerable roles = Array.Empty(); - u.AppMetadata.TryGetValue("globalRoles", out var jsonRoles); - if (jsonRoles is JArray rolesArray) + IEnumerable permissions = Array.Empty(); + u.AppMetadata.TryGetValue("globalPermissions", out var jsonPermissions); + if (jsonPermissions is JArray permissionsArray) { - roles = rolesArray.Select(t => + permissions = permissionsArray.Select(t => { var value = t.Value(); - return Enum.TryParse(value, true, out var role) ? role : null; + return Enum.TryParse(value, true, out var permission) ? permission : null; }).Where(r => r is not null).Select(r => r!.Value); } @@ -57,7 +57,7 @@ [FromQuery] [Description("A free-text search to filter the returned users")] Id = Guid.Parse(u.Id!), Email = u.Email, Name = null, - GlobalRoles = roles.ToList() + GlobalPermissions = permissions.ToList() }; }); @@ -101,14 +101,14 @@ [FromRoute] [Description("The user's ID")] return TypedResults.NotFound(); } - IEnumerable roles = Array.Empty(); - user.AppMetadata.TryGetValue("globalRoles", out var jsonRoles); - if (jsonRoles is JArray rolesArray) + IEnumerable permissions = Array.Empty(); + user.AppMetadata.TryGetValue("globalPermissions", out var jsonPermissions); + if (jsonPermissions is JArray permissionsArray) { - roles = rolesArray.Select(t => + permissions = permissionsArray.Select(t => { var value = t.Value(); - return Enum.TryParse(value, true, out var role) ? role : null; + return Enum.TryParse(value, true, out var permission) ? permission : null; }).Where(r => r is not null).Select(r => r!.Value); } @@ -117,7 +117,7 @@ [FromRoute] [Description("The user's ID")] Id = Guid.Parse(user.Id!), Email = user.Email, Name = null, - GlobalRoles = roles.ToList() + GlobalPermissions = permissions.ToList() }; var profile = await dbContext.Profiles.SingleOrDefaultAsync(p => p.Id == userModel.Id); @@ -137,20 +137,20 @@ [FromRoute] [Description("The user's ID")] private static async Task UpdateUser( [FromRoute] Guid id, - [FromBody] UpdateRolesRequest request, + [FromBody] UpdateUserRequest request, [FromServices] DataContext dbContext, [FromServices] IGotrueAdminClient adminClient) { var update = new FixedAdminUserAttributes(); - if (request.NewRoles is not null) + if (request.NewPermissions is not null) { update.AppMetadata = new Dictionary { - { "globalRoles", request.NewRoles.Select(s => s.ToString()) } + { "globalPermissions", request.NewPermissions.Select(s => s.ToString()) } }; // This handles a special case, we want superusers to have access to literally everything - update.Role = request.NewRoles.Contains(GlobalRole.Superuser) ? "service_role" : "authenticated"; + update.Role = request.NewPermissions.Contains(GlobalPermission.Superuser) ? "service_role" : "authenticated"; } if (request.Name is not null) @@ -180,10 +180,10 @@ private static async Task UpdateUser( return TypedResults.Ok(); } - public class UpdateRolesRequest + public class UpdateUserRequest { public string? Name { get; set; } - public IEnumerable? NewRoles { get; set; } + public IEnumerable? NewPermissions { get; set; } } /// diff --git a/FiMAdminApi/Program.cs b/FiMAdminApi/Program.cs index 129a452..69928bd 100644 --- a/FiMAdminApi/Program.cs +++ b/FiMAdminApi/Program.cs @@ -53,11 +53,11 @@ .AddScheme(JwtBearerDefaults.AuthenticationScheme, _ => { }); builder.Services.AddAuthorization(opt => { - foreach (var role in Enum.GetNames()) + foreach (var permission in Enum.GetNames()) { - opt.AddPolicy(role, pol => pol + opt.AddPolicy(permission, pol => pol .RequireAuthenticatedUser() - .RequireClaim("globalRole", role, GlobalRole.Superuser.ToString())); + .RequireClaim("globalPermission", permission, GlobalPermission.Superuser.ToString())); } }); diff --git a/FiMAdminApi/SupabaseJwtHandler.cs b/FiMAdminApi/SupabaseJwtHandler.cs index c7bd682..5473d3d 100644 --- a/FiMAdminApi/SupabaseJwtHandler.cs +++ b/FiMAdminApi/SupabaseJwtHandler.cs @@ -61,14 +61,13 @@ private ClaimsPrincipal GetClaims(User user) { var claimsIdentity = new ClaimsIdentity(new [] { - //new Claim("globalRoles", JsonSerializer.Serialize(user.AppMetadata["globalRoles"])), new Claim("email", user.Email ?? "(no email)"), new Claim("id", user.Id ?? throw new InvalidOperationException("User ID was null")) }, "Token"); - if (user.AppMetadata["globalRoles"] is JArray roles) + if (user.AppMetadata["globalPermissions"] is JArray permissions) { - claimsIdentity.AddClaims(roles.Select(r => r.Value()).Where(r => r != null) - .Select(r => new Claim("globalRole", r!))); + claimsIdentity.AddClaims(permissions.Select(r => r.Value()).Where(r => r != null) + .Select(r => new Claim("globalPermission", r!))); } var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);