(#290) Authorization Policy Provider

Author: phongnguyend

src/Microservices/Common/ClassifiedAds.Infrastructure/Web/Authorization/Policies/CustomAuthorizationPolicyProvider.cs

@@ -0,0 +1,36 @@
+using ClassifiedAds.Infrastructure.Web.Authorization.Requirements;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+using System;
+using System.Threading.Tasks;
+
+namespace ClassifiedAds.Infrastructure.Web.Authorization.Policies;
+
+internal class CustomAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider
+{
+    public CustomAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options)
+        : base(options)
+    {
+    }
+
+    public override Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
+    {
+        if (policyName.StartsWith("Permission:", StringComparison.InvariantCultureIgnoreCase))
+        {
+            var policyBuilder = new AuthorizationPolicyBuilder();
+
+            policyBuilder.RequireAuthenticatedUser();
+
+            policyBuilder.AddRequirements(new PermissionRequirement
+            {
+                PermissionName = policyName
+            });
+
+            var policy = policyBuilder.Build();
+
+            return Task.FromResult(policy);
+        }
+
+        return base.GetPolicyAsync(policyName);
+    }
+}

src/Microservices/Common/ClassifiedAds.Infrastructure/Web/Authorization/Policies/PolicyServiceCollectionExtensions.cs renamed to src/Microservices/Common/ClassifiedAds.Infrastructure/Web/Authorization/ServiceCollectionExtensions.cs

@@ -1,35 +1,30 @@
-using ClassifiedAds.Infrastructure.Web.Authorization.Requirements;
+using ClassifiedAds.Infrastructure.Web.Authorization.Policies;
+using ClassifiedAds.Infrastructure.Web.Authorization.Requirements;
 using ClassifiedAds.Infrastructure.Web.ClaimsTransformations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Reflection;
 
 namespace Microsoft.Extensions.DependencyInjection;
 
-public static class PolicyServiceCollectionExtensions
+public static class ServiceCollectionExtensions
 {
-    public static IServiceCollection AddAuthorizationPolicies(this IServiceCollection services, Assembly assembly, IEnumerable<string> policies)
+    public static IServiceCollection AddAuthorizationPolicies(this IServiceCollection services, Assembly assembly)
     {
         if (!services.Any(s => s.ServiceType == typeof(IClaimsTransformation) && s.ImplementationType == typeof(CustomClaimsTransformation)))
         {
             services.AddSingleton<IClaimsTransformation, CustomClaimsTransformation>();
         }
 
+        if (!services.Any(s => s.ServiceType == typeof(IAuthorizationPolicyProvider) && s.ImplementationType == typeof(CustomAuthorizationPolicyProvider)))
+        {
+            services.AddSingleton<IAuthorizationPolicyProvider, CustomAuthorizationPolicyProvider>();
+        }
+
         services.Configure<AuthorizationOptions>(options =>
         {
-            foreach (var policyName in policies)
-            {
-                options.AddPolicy(policyName, policy =>
-                {
-                    policy.AddRequirements(new PermissionRequirement
-                    {
-                        PermissionName = policyName
-                    });
-                });
-            }
         });
 
         if (!services.Any(s => s.ServiceType == typeof(IAuthorizationHandler) && s.ImplementationType == typeof(PermissionRequirementHandler)))

src/Microservices/Services.AuditLog/ClassifiedAds.Services.AuditLog.Api/Controllers/AuditLogEntriesController.cs

@@ -27,15 +27,15 @@ public AuditLogEntriesController(Dispatcher dispatcher)
     }
 
     [EnableRateLimiting(RateLimiterPolicyNames.GetAuditLogsPolicy)]
-    [Authorize(AuthorizationPolicyNames.GetAuditLogsPolicy)]
+    [Authorize(Permissions.GetAuditLogs)]
     [HttpGet]
     public async Task<ActionResult<IEnumerable<AuditLogEntryDTO>>> Get()
     {
         var logs = await _dispatcher.DispatchAsync(new GetAuditEntriesQuery { });
         return Ok(logs);
     }
 
-    [Authorize(AuthorizationPolicyNames.GetAuditLogsPolicy)]
+    [Authorize(Permissions.GetAuditLogs)]
     [HttpGet("paged")]
     public async Task<ActionResult<Paged<AuditLogEntryDTO>>> GetPaged(int page, int pageSize)
     {

src/Microservices/Services.AuditLog/ClassifiedAds.Services.AuditLog/Authorization/AuthorizationPolicyNames.cs

@@ -0,0 +1,6 @@
+namespace ClassifiedAds.Services.AuditLog.Authorization;
+
+public static class Permissions
+{
+    public const string GetAuditLogs = "Permission:GetAuditLogs";
+}

src/Microservices/Services.AuditLog/ClassifiedAds.Services.AuditLog/Authorization/Permissions.cs

@@ -1,7 +1,6 @@
 using ClassifiedAds.Domain.Infrastructure.MessageBrokers;
 using ClassifiedAds.Domain.Repositories;
 using ClassifiedAds.Infrastructure.HostedServices;
-using ClassifiedAds.Services.AuditLog.Authorization;
 using ClassifiedAds.Services.AuditLog.ConfigurationOptions;
 using ClassifiedAds.Services.AuditLog.DTOs;
 using ClassifiedAds.Services.AuditLog.Entities;
@@ -31,7 +30,7 @@ public static IServiceCollection AddAuditLogModule(this IServiceCollection servi
 
         services.AddMessageHandlers(Assembly.GetExecutingAssembly());
 
-        services.AddAuthorizationPolicies(Assembly.GetExecutingAssembly(), AuthorizationPolicyNames.GetPolicyNames());
+        services.AddAuthorizationPolicies(Assembly.GetExecutingAssembly());
 
         services.AddTransient<IMessageBus, MessageBus>()
                 .AddMessageBusReceiver<AuditLogAggregationConsumer, AuditLogCreatedEvent>(appSettings.MessageBroker);

src/Microservices/Services.AuditLog/ClassifiedAds.Services.AuditLog/ServiceCollectionExtensions.cs

@@ -0,0 +1,10 @@
+namespace ClassifiedAds.Services.Configuration.Authorization;
+
+public static class Permissions
+{
+    public const string GetConfigurationEntries = "Permission:GetConfigurationEntries";
+    public const string GetConfigurationEntry = "Permission:GetConfigurationEntry";
+    public const string AddConfigurationEntry = "Permission:AddConfigurationEntry";
+    public const string UpdateConfigurationEntry = "Permission:UpdateConfigurationEntry";
+    public const string DeleteConfigurationEntry = "Permission:DeleteConfigurationEntry";
+}

src/Microservices/Services.Configuration/ClassifiedAds.Services.Configuration.Api/Authorization/AuthorizationPolicyNames.cs

@@ -46,7 +46,7 @@ public ConfigurationEntriesController(Dispatcher dispatcher,
         _configurationEntriesExcelReader = configurationEntriesExcelReader;
     }
 
-    [Authorize(AuthorizationPolicyNames.GetConfigurationEntriesPolicy)]
+    [Authorize(Permissions.GetConfigurationEntries)]
     [HttpGet]
     public async Task<ActionResult<IEnumerable<ConfigurationEntryModel>>> Get()
     {
@@ -55,7 +55,7 @@ public async Task<ActionResult<IEnumerable<ConfigurationEntryModel>>> Get()
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.GetConfigurationEntryPolicy)]
+    [Authorize(Permissions.GetConfigurationEntry)]
     [HttpGet("{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -66,7 +66,7 @@ public async Task<ActionResult<ConfigurationEntryModel>> Get(Guid id)
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.AddConfigurationEntryPolicy)]
+    [Authorize(Permissions.AddConfigurationEntry)]
     [HttpPost]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status201Created)]
@@ -86,7 +86,7 @@ public async Task<ActionResult<ConfigurationEntryModel>> Post([FromBody] Configu
         return Created($"/api/ConfigurationEntries/{model.Id}", model);
     }
 
-    [Authorize(AuthorizationPolicyNames.UpdateConfigurationEntryPolicy)]
+    [Authorize(Permissions.UpdateConfigurationEntry)]
     [HttpPut("{id}")]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status200OK)]
@@ -114,7 +114,7 @@ public async Task<ActionResult> Put(Guid id, [FromBody] ConfigurationEntryModel
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.DeleteConfigurationEntryPolicy)]
+    [Authorize(Permissions.DeleteConfigurationEntry)]
     [HttpDelete("{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]

src/Microservices/Services.Configuration/ClassifiedAds.Services.Configuration.Api/Authorization/Permissions.cs

@@ -1,6 +1,5 @@
 using ClassifiedAds.CrossCuttingConcerns.Excel;
 using ClassifiedAds.Domain.Repositories;
-using ClassifiedAds.Services.Configuration.Authorization;
 using ClassifiedAds.Services.Configuration.ConfigurationOptions;
 using ClassifiedAds.Services.Configuration.Entities;
 using ClassifiedAds.Services.Configuration.Excel;
@@ -30,7 +29,7 @@ public static IServiceCollection AddConfigurationModule(this IServiceCollection
 
         services.AddMessageHandlers(Assembly.GetExecutingAssembly());
 
-        services.AddAuthorizationPolicies(Assembly.GetExecutingAssembly(), AuthorizationPolicyNames.GetPolicyNames());
+        services.AddAuthorizationPolicies(Assembly.GetExecutingAssembly());
 
         services.AddScoped<IExcelReader<ImportConfigurationEntriesFromExcel>, ImportConfigurationEntriesFromExcelHandler>();
         services.AddScoped<IExcelWriter<ExportConfigurationEntriesToExcel>, ExportConfigurationEntriesToExcelHandler>();

src/Microservices/Services.Configuration/ClassifiedAds.Services.Configuration.Api/Controllers/ConfigurationEntriesController.cs

@@ -27,7 +27,7 @@ public RolesController(Dispatcher dispatcher, ILogger<RolesController> logger)
         _dispatcher = dispatcher;
     }
 
-    [Authorize(AuthorizationPolicyNames.GetRolesPolicy)]
+    [Authorize(Permissions.GetRoles)]
     [HttpGet]
     public async Task<ActionResult<IEnumerable<Role>>> Get()
     {
@@ -36,7 +36,7 @@ public async Task<ActionResult<IEnumerable<Role>>> Get()
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.GetRolePolicy)]
+    [Authorize(Permissions.GetRole)]
     [HttpGet("{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -47,7 +47,7 @@ public async Task<ActionResult<Role>> Get(Guid id)
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.AddRolePolicy)]
+    [Authorize(Permissions.AddRole)]
     [HttpPost]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status201Created)]
@@ -66,7 +66,7 @@ public async Task<ActionResult<Role>> Post([FromBody] RoleModel model)
         return Created($"/api/roles/{model.Id}", model);
     }
 
-    [Authorize(AuthorizationPolicyNames.UpdateRolePolicy)]
+    [Authorize(Permissions.UpdateRole)]
     [HttpPut("{id}")]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status200OK)]
@@ -85,7 +85,7 @@ public async Task<ActionResult> Put(Guid id, [FromBody] RoleModel model)
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.DeleteRolePolicy)]
+    [Authorize(Permissions.DeleteRole)]
     [HttpDelete("{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]

src/Microservices/Services.Configuration/ClassifiedAds.Services.Configuration.Api/ServiceCollectionExtensions.cs

@@ -39,7 +39,7 @@ public UsersController(Dispatcher dispatcher,
         _configuration = configuration;
     }
 
-    [Authorize(AuthorizationPolicyNames.GetUsersPolicy)]
+    [Authorize(Permissions.GetUsers)]
     [HttpGet]
     public async Task<ActionResult<IEnumerable<User>>> Get()
     {
@@ -48,7 +48,7 @@ public async Task<ActionResult<IEnumerable<User>>> Get()
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.GetUserPolicy)]
+    [Authorize(Permissions.GetUser)]
     [HttpGet("{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -59,7 +59,7 @@ public async Task<ActionResult<User>> Get(Guid id)
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.AddUserPolicy)]
+    [Authorize(Permissions.AddUser)]
     [HttpPost]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status201Created)]
@@ -86,7 +86,7 @@ public async Task<ActionResult<User>> Post([FromBody] UserModel model)
         return Created($"/api/users/{model.Id}", model);
     }
 
-    [Authorize(AuthorizationPolicyNames.UpdateUserPolicy)]
+    [Authorize(Permissions.UpdateUser)]
     [HttpPut("{id}")]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status200OK)]
@@ -113,7 +113,7 @@ public async Task<ActionResult> Put(Guid id, [FromBody] UserModel model)
         return Ok(model);
     }
 
-    [Authorize(AuthorizationPolicyNames.SetPasswordPolicy)]
+    [Authorize(Permissions.SetPassword)]
     [HttpPut("{id}/password")]
     [Consumes("application/json")]
     [ProducesResponseType(StatusCodes.Status200OK)]
@@ -133,7 +133,7 @@ public async Task<ActionResult> SetPassword(Guid id, [FromBody] SetPasswordModel
         return BadRequest(rs.Errors);
     }
 
-    [Authorize(AuthorizationPolicyNames.DeleteUserPolicy)]
+    [Authorize(Permissions.DeleteUser)]
     [HttpDelete("{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -145,7 +145,7 @@ public async Task<ActionResult> Delete(Guid id)
         return Ok();
     }
 
-    [Authorize(AuthorizationPolicyNames.SendResetPasswordEmailPolicy)]
+    [Authorize(Permissions.SendResetPasswordEmail)]
     [HttpPost("{id}/passwordresetemail")]
     public async Task<ActionResult> SendResetPasswordEmail(Guid id)
     {
@@ -175,7 +175,7 @@ await _dispatcher.DispatchAsync(new AddEmailMessageCommand
         return Ok();
     }
 
-    [Authorize(AuthorizationPolicyNames.SendConfirmationEmailAddressEmailPolicy)]
+    [Authorize(Permissions.SendConfirmationEmailAddressEmail)]
     [HttpPost("{id}/emailaddressconfirmation")]
     public async Task<ActionResult> SendConfirmationEmailAddressEmail(Guid id)
     {