HAM/Berufsschule_HAM
1
0
Fork 1
mirror of https://github.com/LD-Reborn/Berufsschule_HAM.git synced 2025-12-20 06:51:55 +00:00
Code Issues Packages Projects 1 Releases Wiki Activity

Added role based authorization base

Browse Source
This commit is contained in:
LD-Reborn
2025-10-17 18:31:07 +02:00
parent 97e0d2523a
commit 724bb95809
5 changed files with 75 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Controllers/HomeController.cs
View File

@@ -113,6 +113,19 @@ public class HomeController : Controller
[ [
new(ClaimTypes.Name, username) new(ClaimTypes.Name, username)
]; ];
HashSet<string> roles = [];
foreach (string groupCn in authenticationResult.UserModel?.Description?.Groups ?? [])
{
GroupModel group = await _ldap.GetGroupByCnAsync(groupCn, _ldap.GroupsAttributes);
foreach (GroupPermission permission in group.Permissions)
{
roles.Add(permission.ToString());
}
}
foreach (string role in roles)
{
claims.Add(new(ClaimTypes.Role, role));
}
var claimsIdentity = new ClaimsIdentity( var claimsIdentity = new ClaimsIdentity(
claims, claims,

48
src/Controllers/UsersController.cs
View File

@@ -7,6 +7,7 @@ using Berufsschule_HAM.Helpers;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using System.Text.Json;
[Authorize] [Authorize]
[Route("[controller]")] [Route("[controller]")]
@@ -95,9 +96,9 @@ public class UsersController : Controller
return false; return false;
} }
} }
[HttpPost("Update")] [HttpPost("Update")]
public async Task<bool> Update([FromBody]UsersModifyRequestModel requestModel) public async Task<bool> Update([FromBody] UsersModifyRequestModel requestModel)
{ {
if (requestModel is null) if (requestModel is null)
{ {
@@ -145,4 +146,47 @@ public class UsersController : Controller
} }
return true; return true;
} }
[HttpPost("AddGroup")]
public async Task<bool> AddGroup([FromBody]UsersAddGroupRequestModel requestModel)
{
try
{
UserModel userModel = await _ldap.GetUserByUidAsync(requestModel.Uid);
userModel.Description ??= new() { Address = new(), BirthDate = "", Workplace = "" };
userModel.Description.Groups ??= [];
try
{
GroupModel group = await _ldap.GetGroupByCnAsync(requestModel.GroupUid, _ldap.GroupsAttributes);
} catch (Exception)
{
return false;
}
userModel.Description.Groups.Add(requestModel.GroupUid);
await _ldap.UpdateUser(requestModel.Uid, "description", JsonSerializer.Serialize(userModel.Description));
return true;
} catch (Exception ex)
{
_logger.LogError("Unable to add group {} to user {}: {ex.Message} - {ex.StackTrace}", [requestModel.GroupUid, requestModel.Uid, ex.Message, ex.StackTrace]);
return false;
}
}
[HttpPost("RemoveGroup")]
public async Task<bool> RemoveGroup([FromBody]UsersRemoveGroupRequestModel requestModel)
{
try
{
UserModel userModel = await _ldap.GetUserByUidAsync(requestModel.Uid);
userModel.Description ??= new() { Address = new(), BirthDate = "", Workplace = "" };
userModel.Description.Groups ??= [];
userModel.Description.Groups.Remove(requestModel.GroupUid);
await _ldap.UpdateUser(requestModel.Uid, "description", JsonSerializer.Serialize(userModel.Description));
return true;
} catch (Exception ex)
{
_logger.LogError("Unable to remove group {} from user {}: {ex.Message} - {ex.StackTrace}", [requestModel.GroupUid, requestModel.Uid, ex.Message, ex.StackTrace]);
return false;
}
}
} }

4
src/Models/UserModels.cs
View File

@@ -29,6 +29,7 @@ public class UserDescription
public required string BirthDate { get; set; } public required string BirthDate { get; set; }
public required UserAddress Address { get; set; } public required UserAddress Address { get; set; }
public required string Workplace { get; set; } public required string Workplace { get; set; }
public List<string>? Groups { get; set; }
} }
public class UserAddress public class UserAddress
@@ -40,8 +41,9 @@ public class UserAddress
public class UserAuthenticationResult public class UserAuthenticationResult
{ {
public required bool Success; public required bool Success { get; set; }
public UserNotAuthenticatedReason AuthenticationState { get; set; } = UserNotAuthenticatedReason.None; public UserNotAuthenticatedReason AuthenticationState { get; set; } = UserNotAuthenticatedReason.None;
public UserModel? UserModel { get; set; }
} }
public enum UserNotAuthenticatedReason public enum UserNotAuthenticatedReason

12
src/Models/UsersRequestModels.cs
View File

@@ -28,4 +28,16 @@ public class UsersDeleteRequestModel(bool successful, string exception = "None")
public bool Success { get; set; } = successful; public bool Success { get; set; } = successful;
public string? Exception { get; set; } = exception; public string? Exception { get; set; } = exception;
}
public class UsersAddGroupRequestModel
{
public required string Uid { get; set; }
public required string GroupUid { get; set; }
}
public class UsersRemoveGroupRequestModel
{
public required string Uid { get; set; }
public required string GroupUid { get; set; }
} }

2
src/Services/LdapService.cs
View File

@@ -297,7 +297,7 @@ public async Task CreateAsset(LdapAttributeSet attributeSet)
} }
if (CompareStringToSha256(password, user.UserPassword)) if (CompareStringToSha256(password, user.UserPassword))
{ {
return new() { Success = true }; return new() { Success = true, UserModel = user };
} }
return new() { Success = false, AuthenticationState = UserNotAuthenticatedReason.InvalidCredentials }; return new() { Success = false, AuthenticationState = UserNotAuthenticatedReason.InvalidCredentials };
} }