From 992c58dc5841b96f5f00c15280eefd7620fb484f Mon Sep 17 00:00:00 2001 From: Amichai Mantinband Date: Mon, 4 Mar 2024 20:23:16 +0200 Subject: [PATCH] Seggregate authorizeable interface --- .../Security/Request/IAuthorizeableRequest.cs | 1 - .../Request/IUserAuthorizeableRequest.cs | 6 ++++ .../SetReminder/SetReminderCommand.cs | 2 +- .../Security/PolicyEnforcer/PolicyEnforcer.cs | 14 ++++------ .../PolicyEnforcer/UserPolicyEnforcer.cs | 28 +++++++++++++++++++ 5 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 src/CleanArchitecture.Application/Common/Security/Request/IUserAuthorizeableRequest.cs create mode 100644 src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/UserPolicyEnforcer.cs diff --git a/src/CleanArchitecture.Application/Common/Security/Request/IAuthorizeableRequest.cs b/src/CleanArchitecture.Application/Common/Security/Request/IAuthorizeableRequest.cs index 85831c4..7e8f932 100644 --- a/src/CleanArchitecture.Application/Common/Security/Request/IAuthorizeableRequest.cs +++ b/src/CleanArchitecture.Application/Common/Security/Request/IAuthorizeableRequest.cs @@ -4,5 +4,4 @@ namespace CleanArchitecture.Application.Common.Security.Request; public interface IAuthorizeableRequest : IRequest { - Guid UserId { get; } } \ No newline at end of file diff --git a/src/CleanArchitecture.Application/Common/Security/Request/IUserAuthorizeableRequest.cs b/src/CleanArchitecture.Application/Common/Security/Request/IUserAuthorizeableRequest.cs new file mode 100644 index 0000000..cc294af --- /dev/null +++ b/src/CleanArchitecture.Application/Common/Security/Request/IUserAuthorizeableRequest.cs @@ -0,0 +1,6 @@ +namespace CleanArchitecture.Application.Common.Security.Request; + +public interface IUserAuthorizeableRequest : IAuthorizeableRequest +{ + Guid UserId { get; } +} \ No newline at end of file diff --git a/src/CleanArchitecture.Application/Reminders/Commands/SetReminder/SetReminderCommand.cs b/src/CleanArchitecture.Application/Reminders/Commands/SetReminder/SetReminderCommand.cs index 8bbb088..52b8b96 100644 --- a/src/CleanArchitecture.Application/Reminders/Commands/SetReminder/SetReminderCommand.cs +++ b/src/CleanArchitecture.Application/Reminders/Commands/SetReminder/SetReminderCommand.cs @@ -9,4 +9,4 @@ namespace CleanArchitecture.Application.Reminders.Commands.SetReminder; [Authorize(Permissions = Permission.Reminder.Set, Policies = Policy.SelfOrAdmin)] public record SetReminderCommand(Guid UserId, Guid SubscriptionId, string Text, DateTime DateTime) - : IAuthorizeableRequest>; \ No newline at end of file + : IUserAuthorizeableRequest>; \ No newline at end of file diff --git a/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/PolicyEnforcer.cs b/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/PolicyEnforcer.cs index 5059aa8..d918277 100644 --- a/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/PolicyEnforcer.cs +++ b/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/PolicyEnforcer.cs @@ -14,15 +14,13 @@ public ErrorOr Authorize( CurrentUser currentUser, string policy) { - return policy switch + return request switch { - Policy.SelfOrAdmin => SelfOrAdminPolicy(request, currentUser), - _ => Error.Unexpected(description: "Unknown policy name"), + IUserAuthorizeableRequest userAuthorizeableRequest => UserPolicyEnforcer.Authorize( + userAuthorizeableRequest, + currentUser, + policy), + _ => Result.Success, }; } - - private static ErrorOr SelfOrAdminPolicy(IAuthorizeableRequest request, CurrentUser currentUser) => - request.UserId == currentUser.Id || currentUser.Roles.Contains(Role.Admin) - ? Result.Success - : Error.Unauthorized(description: "Requesting user failed policy requirement"); } \ No newline at end of file diff --git a/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/UserPolicyEnforcer.cs b/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/UserPolicyEnforcer.cs new file mode 100644 index 0000000..8d2284f --- /dev/null +++ b/src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/UserPolicyEnforcer.cs @@ -0,0 +1,28 @@ +using CleanArchitecture.Application.Common.Security.Policies; +using CleanArchitecture.Application.Common.Security.Request; +using CleanArchitecture.Application.Common.Security.Roles; +using CleanArchitecture.Infrastructure.Security.CurrentUserProvider; + +using ErrorOr; + +namespace CleanArchitecture.Infrastructure.Security.PolicyEnforcer; + +public static class UserPolicyEnforcer +{ + public static ErrorOr Authorize( + IUserAuthorizeableRequest request, + CurrentUser currentUser, + string policy) + { + return policy switch + { + Policy.SelfOrAdmin => SelfOrAdminPolicy(request, currentUser), + _ => Error.Unexpected(description: "Unknown policy name"), + }; + } + + private static ErrorOr SelfOrAdminPolicy(IUserAuthorizeableRequest request, CurrentUser currentUser) => + request.UserId == currentUser.Id || currentUser.Roles.Contains(Role.Admin) + ? Result.Success + : Error.Unauthorized(description: "Requesting user failed policy requirement"); +} \ No newline at end of file