Added role based authorization base

2025-12-20 06:51:55 +00:00 · 2025-10-17 18:31:07 +02:00
parent 97e0d2523a
commit 724bb95809
5 changed files with 75 additions and 4 deletions
--- a/src/Controllers/HomeController.cs
+++ b/src/Controllers/HomeController.cs
@@ -113,6 +113,19 @@ public class HomeController : Controller
            [
                new(ClaimTypes.Name, username)
            ];
+            HashSet<string> roles = [];
+            foreach (string groupCn in authenticationResult.UserModel?.Description?.Groups ?? [])
+            {
+                GroupModel group = await _ldap.GetGroupByCnAsync(groupCn, _ldap.GroupsAttributes);
+                foreach (GroupPermission permission in group.Permissions)
+                {
+                    roles.Add(permission.ToString());
+                }
+            }
+            foreach (string role in roles)
+            {
+                claims.Add(new(ClaimTypes.Role, role));            
+            }

            var claimsIdentity = new ClaimsIdentity(
                claims,
--- a/src/Controllers/UsersController.cs
+++ b/src/Controllers/UsersController.cs
@@ -7,6 +7,7 @@ using Berufsschule_HAM.Helpers;
 using System.Security.Cryptography;
 using System.Text;
 using Microsoft.AspNetCore.Authorization;
+using System.Text.Json;

 [Authorize]
 [Route("[controller]")]
@@ -95,9 +96,9 @@ public class UsersController : Controller
            return false;
        }
    }
-    
+
    [HttpPost("Update")]
-    public async Task<bool> Update([FromBody]UsersModifyRequestModel requestModel)
+    public async Task<bool> Update([FromBody] UsersModifyRequestModel requestModel)
    {
        if (requestModel is null)
        {
@@ -145,4 +146,47 @@ public class UsersController : Controller
        }
        return true;
    }
+
+    [HttpPost("AddGroup")]
+    public async Task<bool> AddGroup([FromBody]UsersAddGroupRequestModel requestModel)
+    {
+        try
+        {
+            UserModel userModel = await _ldap.GetUserByUidAsync(requestModel.Uid);
+            userModel.Description ??= new() { Address = new(), BirthDate = "", Workplace = "" };
+            userModel.Description.Groups ??= [];
+            try
+            {
+                GroupModel group = await _ldap.GetGroupByCnAsync(requestModel.GroupUid, _ldap.GroupsAttributes);
+            } catch (Exception)
+            {
+                return false;
+            }
+            userModel.Description.Groups.Add(requestModel.GroupUid);
+            await _ldap.UpdateUser(requestModel.Uid, "description", JsonSerializer.Serialize(userModel.Description));
+            return true;                
+            } catch (Exception ex)
+            {
+                _logger.LogError("Unable to add group {} to user {}: {ex.Message} - {ex.StackTrace}", [requestModel.GroupUid, requestModel.Uid, ex.Message, ex.StackTrace]);
+                return false;
+            }
+    }
+
+    [HttpPost("RemoveGroup")]
+    public async Task<bool> RemoveGroup([FromBody]UsersRemoveGroupRequestModel requestModel)
+    {
+        try
+        {
+            UserModel userModel = await _ldap.GetUserByUidAsync(requestModel.Uid);
+            userModel.Description ??= new() { Address = new(), BirthDate = "", Workplace = "" };
+            userModel.Description.Groups ??= [];
+            userModel.Description.Groups.Remove(requestModel.GroupUid);
+            await _ldap.UpdateUser(requestModel.Uid, "description", JsonSerializer.Serialize(userModel.Description));
+            return true;
+        } catch (Exception ex)
+        {
+            _logger.LogError("Unable to remove group {} from user {}: {ex.Message} - {ex.StackTrace}", [requestModel.GroupUid, requestModel.Uid, ex.Message, ex.StackTrace]);
+            return false;
+        }
+    }
 }