From e2cab45690d066d8921b3d9ac3c3f15541fdb5d9 Mon Sep 17 00:00:00 2001 From: Maciej Maciejewski Date: Sat, 26 Oct 2024 21:17:52 +0200 Subject: [PATCH] autoryzacja --- Controllers/ExpenseController.cs | 7 +++++++ Controllers/ProductController.cs | 6 +++++- Controllers/ReportController.cs | 9 +++++++++ Controllers/TransactionController.cs | 7 +++++++ Controllers/UserController.cs | 26 +++++++++++++++++++------- 5 files changed, 47 insertions(+), 8 deletions(-) diff --git a/Controllers/ExpenseController.cs b/Controllers/ExpenseController.cs index f182ea3..ae9a342 100644 --- a/Controllers/ExpenseController.cs +++ b/Controllers/ExpenseController.cs @@ -17,11 +17,13 @@ using FirmTracker_Server.nHibernate.Expenses; using FirmTracker_Server.nHibernate.Products; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace FirmTracker_Server.Controllers { [Route("api/[controller]")] [ApiController] + [Authorize] public class ExpensesController : ControllerBase { private readonly ExpenseCRUD _expenseCrud; @@ -34,6 +36,7 @@ namespace FirmTracker_Server.Controllers [HttpPost] [ProducesResponseType(201)] // Created [ProducesResponseType(400)] // Bad Request + [Authorize(Roles = Roles.Admin)] public IActionResult CreateExpense([FromBody] Expense expense) { try { @@ -59,6 +62,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("{id}")] [ProducesResponseType(200)] // Created [ProducesResponseType(404)] // Bad Request + [Authorize(Roles = Roles.Admin)] public IActionResult GetExpense(int id) { var expense = _expenseCrud.GetExpense(id); @@ -73,6 +77,7 @@ namespace FirmTracker_Server.Controllers [HttpPut("{id}")] [ProducesResponseType(204)] [ProducesResponseType(400)] + [Authorize(Roles = Roles.Admin)] public IActionResult UpdateExpense(int id, [FromBody] Expense expense) { try @@ -103,6 +108,7 @@ namespace FirmTracker_Server.Controllers [HttpDelete("{id}")] [ProducesResponseType(204)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult DeleteExpense(int id) { try @@ -123,6 +129,7 @@ namespace FirmTracker_Server.Controllers [HttpGet] [ProducesResponseType(200)] [ProducesResponseType(400)] + [Authorize(Roles = Roles.Admin)] public IActionResult GetAllExpenses() { try diff --git a/Controllers/ProductController.cs b/Controllers/ProductController.cs index e44a3ca..11cc479 100644 --- a/Controllers/ProductController.cs +++ b/Controllers/ProductController.cs @@ -42,7 +42,7 @@ namespace FirmTracker_Server.Controllers [HttpPost] [ProducesResponseType(200)] // Created [ProducesResponseType(400)] // Bad Request - [Authorize(Roles = Roles.User)] + [Authorize(Roles = Roles.Admin)] public IActionResult CreateProduct([FromBody] Product product) { try @@ -81,6 +81,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("{id}")] [ProducesResponseType(200)] // Created [ProducesResponseType(400)] // Bad Request + [Authorize(Roles=Roles.Admin+","+Roles.User)] public IActionResult GetProduct(int id) { var product = _productCrud.GetProduct(id); @@ -92,6 +93,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("name/{name}")] [ProducesResponseType(200)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult GetProductByName(string name) { var product = _productCrud.GetProductByName(name); @@ -104,6 +106,7 @@ namespace FirmTracker_Server.Controllers [HttpPut("{id}")] [ProducesResponseType(200)] // Created [ProducesResponseType(400)] // Bad Request + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult UpdateProduct(int id, [FromBody] Product product) { try @@ -145,6 +148,7 @@ namespace FirmTracker_Server.Controllers [HttpDelete("{id}")] [ProducesResponseType(200)] // Created [ProducesResponseType(400)] // Bad Request + [Authorize(Roles = Roles.Admin)] public IActionResult DeleteProduct(int id) { try diff --git a/Controllers/ReportController.cs b/Controllers/ReportController.cs index dabcd8e..5695d2b 100644 --- a/Controllers/ReportController.cs +++ b/Controllers/ReportController.cs @@ -24,12 +24,14 @@ using FirmTracker_Server.nHibernate.Expenses; using FirmTracker_Server.nHibernate.Products; using FirmTracker_Server.nHibernate; using NHibernate.Linq; +using Microsoft.AspNetCore.Authorization; namespace FirmTracker_Server.Controllers { [Route("api/[controller]")] [ApiController] + [Authorize] public class ReportController : ControllerBase { private readonly ReportCRUD _reportCRUD; @@ -43,6 +45,7 @@ namespace FirmTracker_Server.Controllers [HttpPost] [ProducesResponseType(201)] //Created [ProducesResponseType(400)] //Bad request + [Authorize(Roles = Roles.Admin)] public IActionResult CreateReport([FromBody] Report.DateRangeDto dateRange) { try @@ -118,6 +121,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("{id}")] [ProducesResponseType(200)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult GetReport(int id) { var report = _reportCRUD.GetReport(id); @@ -136,6 +140,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("{id}/transactions")] [ProducesResponseType(200)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult GetReportTransactions(int id) { var transactions = _reportCRUD.GetReportTransactions(id); @@ -149,6 +154,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("{id}/expenses")] [ProducesResponseType(200)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult GetReportExpenses(int id) { var expenses = _reportCRUD.GetReportExpenses(id); @@ -163,6 +169,7 @@ namespace FirmTracker_Server.Controllers [HttpGet] [ProducesResponseType(200)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult GetAllReports() { var reports = _reportCRUD.GetAllReports(); @@ -176,6 +183,7 @@ namespace FirmTracker_Server.Controllers [ProducesResponseType(204)] [ProducesResponseType(400)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult UpdateReport(int id, [FromBody] Report.DateRangeDto dateRange) { try @@ -244,6 +252,7 @@ namespace FirmTracker_Server.Controllers [HttpDelete("{id}")] [ProducesResponseType(204)] [ProducesResponseType(404)] + [Authorize(Roles = Roles.Admin)] public IActionResult DeleteReport(int id) { try diff --git a/Controllers/TransactionController.cs b/Controllers/TransactionController.cs index 20b556e..276a50a 100644 --- a/Controllers/TransactionController.cs +++ b/Controllers/TransactionController.cs @@ -24,11 +24,13 @@ using System.Transactions; using FirmTracker_Server.nHibernate.Products; using FirmTracker_Server.nHibernate; using Microsoft.AspNetCore.Http.HttpResults; +using Microsoft.AspNetCore.Authorization; namespace FirmTracker_Server.Controllers { [Route("api/[controller]")] [ApiController] + [Authorize] public class TransactionController : ControllerBase { private readonly TransactionCRUD _transactionCRUD; @@ -48,6 +50,7 @@ namespace FirmTracker_Server.Controllers [HttpPost] [ProducesResponseType(StatusCodes.Status201Created)] [ProducesResponseType(StatusCodes.Status400BadRequest)] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult CreateTransaction([FromBody] nHibernate.Transactions.Transaction transaction) { try @@ -106,6 +109,7 @@ namespace FirmTracker_Server.Controllers [HttpGet("{id}")] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status404NotFound)] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult GetTransaction(int id) { var transaction = _transactionCRUD.GetTransaction(id); @@ -118,6 +122,7 @@ namespace FirmTracker_Server.Controllers [HttpPut("{id}")] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status400BadRequest)] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult UpdateTransaction(int id, [FromBody] nHibernate.Transactions.Transaction transaction) { if (id != transaction.Id) @@ -160,6 +165,7 @@ namespace FirmTracker_Server.Controllers [HttpDelete("{id}")] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status404NotFound)] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult DeleteTransaction(int id) { try @@ -182,6 +188,7 @@ namespace FirmTracker_Server.Controllers [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status404NotFound)] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] public IActionResult GetAllTransactions() { var transactions = _transactionCRUD.GetAllTransactions(); diff --git a/Controllers/UserController.cs b/Controllers/UserController.cs index 4175696..77e437a 100644 --- a/Controllers/UserController.cs +++ b/Controllers/UserController.cs @@ -4,6 +4,7 @@ using FirmTracker_Server; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using FirmTracker_Server.Entities; +using System.Security.Claims; namespace FirmTracker_Server.Controllers { @@ -38,13 +39,24 @@ namespace FirmTracker_Server.Controllers var token = UserService.CreateTokenJwt(dto); return Ok(token); } - // New method to get all users - /* [HttpGet("all")] - [AllowAnonymous] - public ActionResult> GetAllUsers() + [HttpGet("role")] + [Authorize(Roles = Roles.Admin + "," + Roles.User)] + public ActionResult GetUserRole() { - var users = UserService.GetAllUsers(); - return Ok(users); - }*/ + var roleClaim = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value; + if (roleClaim == null) + { + return NotFound("Role not found for the logged-in user."); + } + return Ok(roleClaim); + } + // New method to get all users + /* [HttpGet("all")] + [AllowAnonymous] + public ActionResult> GetAllUsers() + { + var users = UserService.GetAllUsers(); + return Ok(users); + }*/ } }