Added role based authorization base

2025-12-20 06:51:55 +00:00 · 2025-10-17 18:31:07 +02:00
parent 97e0d2523a
commit 724bb95809
5 changed files with 75 additions and 4 deletions
--- a/src/Controllers/HomeController.cs
+++ b/src/Controllers/HomeController.cs
@@ -113,6 +113,19 @@ public class HomeController : Controller
            [
                new(ClaimTypes.Name, username)
            ];
+            HashSet<string> roles = [];
+            foreach (string groupCn in authenticationResult.UserModel?.Description?.Groups ?? [])
+            {
+                GroupModel group = await _ldap.GetGroupByCnAsync(groupCn, _ldap.GroupsAttributes);
+                foreach (GroupPermission permission in group.Permissions)
+                {
+                    roles.Add(permission.ToString());
+                }
+            }
+            foreach (string role in roles)
+            {
+                claims.Add(new(ClaimTypes.Role, role));            
+            }

            var claimsIdentity = new ClaimsIdentity(
                claims,
--- a/src/Controllers/UsersController.cs
+++ b/src/Controllers/UsersController.cs
@@ -7,6 +7,7 @@ using Berufsschule_HAM.Helpers;
 using System.Security.Cryptography;
 using System.Text;
 using Microsoft.AspNetCore.Authorization;
+using System.Text.Json;

 [Authorize]
 [Route("[controller]")]
@@ -95,9 +96,9 @@ public class UsersController : Controller
            return false;
        }
    }
-    
+
    [HttpPost("Update")]
-    public async Task<bool> Update([FromBody]UsersModifyRequestModel requestModel)
+    public async Task<bool> Update([FromBody] UsersModifyRequestModel requestModel)
    {
        if (requestModel is null)
        {
@@ -145,4 +146,47 @@ public class UsersController : Controller
        }
        return true;
    }
+
+    [HttpPost("AddGroup")]
+    public async Task<bool> AddGroup([FromBody]UsersAddGroupRequestModel requestModel)
+    {
+        try
+        {
+            UserModel userModel = await _ldap.GetUserByUidAsync(requestModel.Uid);
+            userModel.Description ??= new() { Address = new(), BirthDate = "", Workplace = "" };
+            userModel.Description.Groups ??= [];
+            try
+            {
+                GroupModel group = await _ldap.GetGroupByCnAsync(requestModel.GroupUid, _ldap.GroupsAttributes);
+            } catch (Exception)
+            {
+                return false;
+            }
+            userModel.Description.Groups.Add(requestModel.GroupUid);
+            await _ldap.UpdateUser(requestModel.Uid, "description", JsonSerializer.Serialize(userModel.Description));
+            return true;                
+            } catch (Exception ex)
+            {
+                _logger.LogError("Unable to add group {} to user {}: {ex.Message} - {ex.StackTrace}", [requestModel.GroupUid, requestModel.Uid, ex.Message, ex.StackTrace]);
+                return false;
+            }
+    }
+
+    [HttpPost("RemoveGroup")]
+    public async Task<bool> RemoveGroup([FromBody]UsersRemoveGroupRequestModel requestModel)
+    {
+        try
+        {
+            UserModel userModel = await _ldap.GetUserByUidAsync(requestModel.Uid);
+            userModel.Description ??= new() { Address = new(), BirthDate = "", Workplace = "" };
+            userModel.Description.Groups ??= [];
+            userModel.Description.Groups.Remove(requestModel.GroupUid);
+            await _ldap.UpdateUser(requestModel.Uid, "description", JsonSerializer.Serialize(userModel.Description));
+            return true;
+        } catch (Exception ex)
+        {
+            _logger.LogError("Unable to remove group {} from user {}: {ex.Message} - {ex.StackTrace}", [requestModel.GroupUid, requestModel.Uid, ex.Message, ex.StackTrace]);
+            return false;
+        }
+    }
 }
--- a/src/Models/UserModels.cs
+++ b/src/Models/UserModels.cs
@@ -29,6 +29,7 @@ public class UserDescription
    public required string BirthDate { get; set; }
    public required UserAddress Address { get; set; }
    public required string Workplace { get; set; }
+    public List<string>? Groups { get; set; }
 }

 public class UserAddress
@@ -40,8 +41,9 @@ public class UserAddress

 public class UserAuthenticationResult
 {
-    public required bool Success;
+    public required bool Success { get; set; }
    public UserNotAuthenticatedReason AuthenticationState { get; set; } = UserNotAuthenticatedReason.None;
+    public UserModel? UserModel { get; set; }
 }

 public enum UserNotAuthenticatedReason
--- a/src/Models/UsersRequestModels.cs
+++ b/src/Models/UsersRequestModels.cs
@@ -28,4 +28,16 @@ public class UsersDeleteRequestModel(bool successful, string exception = "None")
    public bool Success { get; set; } = successful;

    public string? Exception { get; set; } = exception;
+}
+
+public class UsersAddGroupRequestModel
+{
+    public required string Uid { get; set; }
+    public required string GroupUid { get; set; }
+}
+
+public class UsersRemoveGroupRequestModel
+{
+    public required string Uid { get; set; }
+    public required string GroupUid { get; set; }
 }
--- a/src/Services/LdapService.cs
+++ b/src/Services/LdapService.cs
@@ -297,7 +297,7 @@ public async Task CreateAsset(LdapAttributeSet attributeSet)
                }
                if (CompareStringToSha256(password, user.UserPassword))
                {
-                    return new() { Success = true };
+                    return new() { Success = true, UserModel = user };
                }
                return new() { Success = false, AuthenticationState = UserNotAuthenticatedReason.InvalidCredentials };
            }