public AuthorizationApplicationModelProvider(IOptions <AuthorizationOptions> authorizationOptionsAccessor)
{
_authorizationOptions = authorizationOptionsAccessor.Value;
}
public static void ConfigureAuthorizationPolicies(this AuthorizationOptions options)
{
options.AddBSSPolicy(Constants.Auth.CreditorOrginisationType);
options.AddBSSPolicy(Constants.Auth.MoneyAdviserOrginisationType);
}
public AuthorizationPolicies(AuthorizationOptions options)
{
_options = options;
}
/// <summary>
/// Gets all policies.
///
/// IMPORTANT NOTE: Use this method carefully.
/// It relies on reflection to get all policies from a private field of the <paramref name="options"/>.
/// This method may be removed in the future if internals of <see cref="AuthorizationOptions"/> changes.
/// </summary>
/// <param name="options"></param>
/// <returns></returns>
public static List <string> GetPoliciesNames(this AuthorizationOptions options)
{
return(((IDictionary <string, AuthorizationPolicy>)PolicyMapProperty.GetValue(options)).Keys.ToList());
}
public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
{
}
public static AuthorizationOptions AddAppPolicies(this AuthorizationOptions options, string issuer)
{
options.AddPolicy(READ_WEATHER, policy => policy.Requirements.Add(new HasScopeRequirement(READ_WEATHER, issuer)));
return(options);
}
/// <inheritdoc />
public void ConfigureAuthorization(AuthorizationOptions options, IConfiguration configuration)
{
// Empty
}
public static AuthorizationOptions SetupAuthorizationPolicies(this AuthorizationOptions options)
{
//https://docs.asp.net/en/latest/security/authorization/policies.html
// *** comment out default policies which are hard coded in these extension methods, in order to use Dyanamic Authorization Policies managed from the UI
// *** any policies defined here will not be managed by the UI
// *** after login see Administrations > Authorization Policies
//options.AddCloudscribeCoreDefaultPolicies();
//options.AddCloudscribeLoggingDefaultPolicy();
//options.AddCloudscribeCoreSimpleContentIntegrationDefaultPolicies();
//options.AddPolicy(
// "FileManagerPolicy",
// authBuilder =>
// {
// authBuilder.RequireRole("Administrators", "Content Administrators");
// });
//options.AddPolicy(
// "FileManagerDeletePolicy",
// authBuilder =>
// {
// authBuilder.RequireRole("Administrators", "Content Administrators");
// });
//options.AddPolicy(
// "MembershipAdminPolicy",
// authBuilder =>
// {
// authBuilder.RequireRole("Administrators");
// });
//options.AddPolicy(
// "MembershipJoinPolicy",
// authBuilder =>
// {
// authBuilder.RequireAuthenticatedUser();
// });
//options.AddPolicy(
// "StripeAdminPolicy",
// authBuilder =>
// {
// authBuilder.RequireRole("Administrators");
// });
// policies that are hard coded here will not be managed from the UI and for some policies that is what you want
//*** best to declare this policy here and not let it be managed from the UI since it
// enforces only the root site admins can manage, therefore the policy should never be managed per tenant
options.AddPolicy(
"ServerAdminPolicy",
authBuilder =>
{
authBuilder.RequireRole("ServerAdmins");
});
// you could comment this out if you want admins from any site to be able
// to edit globally shared country state data
// by commenting this out the policy could be managed per tenant from the UI
// but it is probably best to only let this be managed from the master tenant
options.AddPolicy(
"CoreDataPolicy",
authBuilder =>
{
authBuilder.RequireRole("ServerAdmins");
});
// probably best and recommended to not let this policy be managed from the UI
// since this policy controls who can manage policies from the UI
options.AddPolicy(
"PolicyManagementPolicy",
authBuilder =>
{
authBuilder.RequireRole("Administrators");
});
return(options);
}
private static void CreatePolicies(AuthorizationOptions options, string backOfficeAuthenticationScheme)
{
options.AddPolicy(AuthorizationPolicies.MediaPermissionByResource, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new MediaPermissionsResourceRequirement());
});
options.AddPolicy(AuthorizationPolicies.MediaPermissionPathById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new MediaPermissionsQueryStringRequirement("id"));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionByResource, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsResourceRequirement());
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionEmptyRecycleBin, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(Constants.System.RecycleBinContent,
ActionDelete.ActionLetter));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionAdministrationById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionRights.ActionLetter));
policy.Requirements.Add(
new ContentPermissionsQueryStringRequirement(ActionRights.ActionLetter, "contentId"));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionProtectById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionProtect.ActionLetter));
policy.Requirements.Add(
new ContentPermissionsQueryStringRequirement(ActionProtect.ActionLetter, "contentId"));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionRollbackById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionRollback.ActionLetter));
policy.Requirements.Add(
new ContentPermissionsQueryStringRequirement(ActionRollback.ActionLetter, "contentId"));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionPublishById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionPublish.ActionLetter));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionBrowseById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionBrowse.ActionLetter));
policy.Requirements.Add(
new ContentPermissionsQueryStringRequirement(ActionBrowse.ActionLetter, "contentId"));
});
options.AddPolicy(AuthorizationPolicies.ContentPermissionDeleteById, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionDelete.ActionLetter));
});
options.AddPolicy(AuthorizationPolicies.BackOfficeAccess, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new BackOfficeRequirement());
});
options.AddPolicy(AuthorizationPolicies.BackOfficeAccessWithoutApproval, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new BackOfficeRequirement(false));
});
options.AddPolicy(AuthorizationPolicies.AdminUserEditsRequireAdmin, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new AdminUsersRequirement());
policy.Requirements.Add(new AdminUsersRequirement("userIds"));
});
options.AddPolicy(AuthorizationPolicies.UserBelongsToUserGroupInRequest, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new UserGroupRequirement());
policy.Requirements.Add(new UserGroupRequirement("userGroupIds"));
});
options.AddPolicy(AuthorizationPolicies.DenyLocalLoginIfConfigured, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new DenyLocalLoginRequirement());
});
options.AddPolicy(AuthorizationPolicies.SectionAccessContent, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(Constants.Applications.Content));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessContentOrMedia, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(
new SectionRequirement(Constants.Applications.Content, Constants.Applications.Media));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessUsers, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(Constants.Applications.Users));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessForTinyMce, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(
Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessMedia, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(Constants.Applications.Media));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessMembers, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(Constants.Applications.Members));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessPackages, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(Constants.Applications.Packages));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessSettings, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(Constants.Applications.Settings));
});
// We will not allow the tree to render unless the user has access to any of the sections that the tree gets rendered
// this is not ideal but until we change permissions to be tree based (not section) there's not much else we can do here.
options.AddPolicy(AuthorizationPolicies.SectionAccessForContentTree, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(
Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Users,
Constants.Applications.Settings, Constants.Applications.Packages, Constants.Applications.Members));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessForMediaTree, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(
Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Users,
Constants.Applications.Settings, Constants.Applications.Packages, Constants.Applications.Members));
});
options.AddPolicy(AuthorizationPolicies.SectionAccessForMemberTree, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(
Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members));
});
// Permission is granted to this policy if the user has access to any of these sections: Content, media, settings, developer, members
options.AddPolicy(AuthorizationPolicies.SectionAccessForDataTypeReading, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new SectionRequirement(
Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
Constants.Applications.Settings, Constants.Applications.Packages));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessDocuments, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Content));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessUsers, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Users));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessPartialViews, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.PartialViews));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessPartialViewMacros, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.PartialViewMacros));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessPackages, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Packages));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessLogs, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.LogViewer));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessDataTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.DataTypes));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessTemplates, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Templates));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessMemberTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.MemberTypes));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessRelationTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.RelationTypes));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessDocumentTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.DocumentTypes));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessMemberGroups, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.MemberGroups));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessMediaTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.MediaTypes));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessMacros, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Macros));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessLanguages, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Languages));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessDictionary, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Dictionary));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessDictionaryOrTemplates, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.Dictionary, Constants.Trees.Templates));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.DocumentTypes, Constants.Trees.Content));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessMediaOrMediaTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.MediaTypes, Constants.Trees.Media));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessMembersOrMemberTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.MemberTypes, Constants.Trees.Members));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessAnySchemaTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(Constants.Trees.DataTypes, Constants.Trees.DocumentTypes,
Constants.Trees.MediaTypes, Constants.Trees.MemberTypes));
});
options.AddPolicy(AuthorizationPolicies.TreeAccessAnyContentOrTypes, policy =>
{
policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
policy.Requirements.Add(new TreeRequirement(
Constants.Trees.DocumentTypes, Constants.Trees.Content,
Constants.Trees.MediaTypes, Constants.Trees.Media,
Constants.Trees.MemberTypes, Constants.Trees.Members));
});
}
public static void AddDefaultBPMNAuthorizationPolicy(this AuthorizationOptions opts)
{
opts.AddPolicy("Authenticated", p => p.RequireAuthenticatedUser());
}
public static void UseErikTheCoderPolicies(this AuthorizationOptions AuthorizationOptions)
{
AuthorizationOptions.AddPolicy(Policy.Admin, Policy.VerifyAdmin);
AuthorizationOptions.AddPolicy(Policy.TheBigLebowski, Policy.VerifyTheBigLebowski);
AuthorizationOptions.AddPolicy(Policy.Everyone, Policy.VerifyEveryone);
}
public static void RegisterPolicies(this AuthorizationOptions opt)
{
opt.AddPolicy("AdminOnly", policy => policy.RequireRole(Roles.Admin));
}
public TokenHandler(AuthorizationOptions options)
{
_options = options;
}
public DefaultActionModelBuilder(IOptions <AuthorizationOptions> authorizationOptions)
{
_authorizationOptions = authorizationOptions?.Options ?? new AuthorizationOptions();
}
public static AuthorizationOptions LoadPolicies(AuthorizationOptions authorizationOptions)
{
#region Qualification-Policy
authorizationOptions.AddPolicy(
PolicyNames.CreatePostQualificationPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CreatePostQualificationRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.AddPreQualificationPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AddPreQualificationRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.QualificationPagingPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new QualificationPagingRequirement());
});
authorizationOptions.AddPolicy(
PolicyNames.PreQualificationApprovalPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PreQualificationApprovalRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.PostQualificationApprovalPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PostQualificationApprovalRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.SendQualificationForApprovePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SendQualificationForApproveRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.ApproveQualificationPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApproveQualificationRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.RejectApproveQualificationPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new RejectApproveQualificationRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.ReopenQualificationPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ReopenQualificationRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.SendQualificationForApproveToCommitteeManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SendQualificationForApproveToCommitteeManagerRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.ApproveQualificationFromCommitteeManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApproveQualificationFromCommitteeManagerRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.RejectApproveQualificationFromCommitteManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new RejectApproveQualificationFromCommitteManagerRequirment());
});
authorizationOptions.AddPolicy(
PolicyNames.ReopenQualificationFromCommitteeSecrtraryPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ReopenQualificationFromCommitteeSecrtraryRequirment());
});
#endregion Qualification-Policy
#region Commmon-Requirements
authorizationOptions.AddPolicy(
RoleNames.AdminAndAccountManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AdminAndAccountManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DataEntry + RoleNames.Auditer,
policeBuilder =>
{
policeBuilder.RequireAuthenticatedUser();
policeBuilder.AddRequirements(new DataEntryAuditorRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DataEntry,
policeBuilder =>
{
policeBuilder.RequireAuthenticatedUser();
policeBuilder.RequireClaim("role", RoleNames.DataEntry)
.AddRequirements(new MonafasatUserGeneralRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.supplier,
policeBuilder =>
{
policeBuilder.RequireAuthenticatedUser();
policeBuilder.RequireClaim("role", RoleNames.supplier)
.AddRequirements(new MonafasatUserAddTenderRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.Auditer,
policeBuilder =>
{
policeBuilder.RequireAuthenticatedUser();
policeBuilder.RequireClaim("role", RoleNames.Auditer);
policeBuilder.AddRequirements(new MonafasatUserUpdateTenderRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersAttachmentsDetailsPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetOfferAttachmentsDetailsRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.GetTendersCheckingStagePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetTendersCheckingStageRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DataEntryPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DataEntryRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AuditerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AuditerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DataEntryAndAuditerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DataEntryAndAuditerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.GetInvitedUnregisteredSuppliersForInvitationAfterTenderApprovementPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetInvitedUnregisteredSuppliersForInvitationAfterTenderApprovementRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersCheckManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersCheckManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AwardingInitialApprovalPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AwardingInitialApprovalRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.QualificationSecretaryAndManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new QualificationSecretaryAndManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersCheckSecretaryPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersCheckSecretaryRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersOppeningManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersOppeningManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersOppeningSecretaryPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersOppeningSecretaryRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersCheckSecretaryAndManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersCheckSecretaryAndManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersOppeningSecretaryAndManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersOppeningSecretaryAndManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.MonafasatAccountManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new MonafasatAccountManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.SupplierPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SupplierRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AdminAndBlackListCommitteePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AdminAndBlackListCommitteeRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AdminBlackListAccountManagerAndCustomerServicePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AdminBlackListAccountManagerAndCustomerServiceRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AdminBlackListAndAccountManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AdminBlackListAndAccountManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.SupplierPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SupplierRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ApplyOffersPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApplayOfferRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OpenOffersReportPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OpenOffersReportRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.SuppliersReportPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SuppliersReportRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AdminAndDataEntryPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AdminAndDataEntryRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.MonafasatAdminPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new MonafasatAdminRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.TechnicalCommitteeUserPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new TechnicalCommitteeRequirement());
});
#endregion
#region Tender-Actions-Requiremnts
authorizationOptions.AddPolicy(
RoleNames.GetFinancialYearPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetFinancialYearRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.TenderRevisionsPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new TenderRevisionsRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.QualificationExtendDateApprovementPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new QualificationExtendDateApprovementRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.GetRelatedTendersByActivitiesPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetRelatedTendersByActivitiesRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.CountAndCloseAppliedOffersPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CountAndCloseAppliedOffersRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersReportPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OffersReportRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AwardingReportPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AwardingReportRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OpenTenderDetailsPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new OpenTenderDetailsRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.GetFavouriteSuppliersByListIdPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetFavouriteSuppliersByListIdRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.CreateCancelTenderRequestPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CreateCancelTenderRequestRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ApproveOrRejectTenderCancelRequestPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApproveOrRejectTenderCancelRequestRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.CancelTenderPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CancelTenderRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.SupplierExtendOfferDatesPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SupplierExtendOfferDatesRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ApproveSupplierExtendOfferDatesPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApproveSupplierExtendOfferDatesRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DetailsPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DetailsRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.JoiningRequestDetailsPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new JoiningRequestDetailsRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.UpdateInvitationStatusPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new UpdateInvitationStatusRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.CreateVerificationCodePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CreateVerificationCodeRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.GetTenderByEnquiryIdPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetTenderByEnquiryIdRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.GetTenderOffersByIdPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetTenderOffersByIdRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DataEntryAndSupplierPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DataEntryAndSupplierRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DataEntryAndAuditerAndSupplierPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DataEntryAndAuditerAndSupplierRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.IndexPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new IndexRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.EditAddedValuePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new EditAddedValueRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ViewAddedValuePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ViewAddedValueRequirement());
});
#endregion
#region Dashboard
authorizationOptions.AddPolicy(
RoleNames.DashboardPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DashboardRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DashboardRejectedTendersPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DashboardRejectedTendersRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.DashboardProcessNeedsActionPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DashboardProcessNeedsActionRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AuditerAndTechnicalPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AuditerAndTechnicalRequirement());
});
#endregion
#region Enquieries
authorizationOptions.AddPolicy(
RoleNames.SupplierEnquiriesOnTenderPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new SupplierEnquiriesOnTenderRequirement());
});
#endregion
#region Unit
authorizationOptions.AddPolicy(
RoleNames.UnitManagerUserPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new UnitManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.UnitSpecialistLevel1Policy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new UnitSpecialistLevel1Requirement());
});
authorizationOptions.AddPolicy(
RoleNames.UnitSpecialistLevel2Policy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new UnitSpecialistLevel2Requirement());
});
authorizationOptions.AddPolicy(
RoleNames.UnitSpecialistsAndManagerUserPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new UnitSpecialistsAndManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.UnitSpecialistLevel2AndUnitManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new UnitSpecialistLevel2AndUnitManagerRequirement());
});
#endregion
#region DirecrPurchase
authorizationOptions.AddPolicy(
RoleNames.OffersPurchaseManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DirectPurchaseManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersPurchaseSecretaryPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DirectPurchaseSecretaryRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.OffersPurchaseSecretaryAndManagerPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new DirectPurchaseSecretaryAndManagerRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ApproveExtendOffersRequestPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApproveExtendOffersRequestRequirement());
});
#endregion
#region Checking Requirement
authorizationOptions.AddPolicy(
RoleNames.CheckTenderOffersPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CheckTenderOffersRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ReOpenTendeFinancialCheckingPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ReOpenTendeFinancialCheckingRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.EndOpenFinantialOffersStagePolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new EndOpenFinantialOffersStageRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.AddFinantialCheckingResultPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new AddFinantialCheckingResultRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.ApproveTenderAwardPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApproveTenderAwardRequirement());
});
#endregion
#region PrePlanning
authorizationOptions.AddPolicy(
RoleNames.PrePlanningIndexPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PrePlanningIndexRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.PrePlanningAuditingPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PrePlanningAuditingRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.PrePlanningCreationPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PrePlanningCreationRequirement());
});
authorizationOptions.AddPolicy(
RoleNames.PlaintRequestDataPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PlaintRequesData());
});
authorizationOptions.AddPolicy(
RoleNames.CheckPlaintDataPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new CheckPlaintData());
});
authorizationOptions.AddPolicy(
RoleNames.ApprovePlaintDataPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ApprovePlaintData());
});
authorizationOptions.AddPolicy(
RoleNames.EscalatedTendersIndexPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new EscalatedTendersIndex());
});
#endregion
#region Reports
authorizationOptions.AddPolicy(
RoleNames.ReportsPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ReportsRequirement());
});
#endregion
#region VRO
authorizationOptions.AddPolicy(
RoleNames.VROOpenAndCheckingViewPolicy,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new VROOpenAndCheckingRequirement());
});
#endregion VRO
// Mandatory List Requirements.
#region Mandatory-List
authorizationOptions.AddPolicy(PolicyNames.AddMandatoryListPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetAnnouncementDetailsRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.ViewMandatoryListPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ViewMandatoryListRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.EditMandatoryListPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new EditMandatoryListRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.MandatoryListApprovalPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new MandatoryListApprovalRequirement());
});
#endregion Mandatory-List
#region Announcement
authorizationOptions.AddPolicy(RoleNames.GetAnnouncementDetailsPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetAnnouncementDetailsRequirement());
});
authorizationOptions.AddPolicy(RoleNames.GetUnderOperationAgencyAnnouncementPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetUnderOperationAgencyAnnouncementRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.CreateAnnouncementPolicy, p =>
{
p.RequireAuthenticatedUser();
p.AddRequirements(new CreateAnnouncementRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.SendAnnouncementForApprovalPolicy, p =>
{
p.RequireAuthenticatedUser();
p.AddRequirements(new SendAnnouncementForApprovalRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.ApproveAnnouncementPolicy, p =>
{
p.RequireAuthenticatedUser();
p.AddRequirements(new ApproveAnnouncementRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.RejectApproveAnnouncementPolicy, p =>
{
p.RequireAuthenticatedUser();
p.AddRequirements(new RejectApproveAnnouncementRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.ReopenAnnouncementPolicy, p =>
{
p.RequireAuthenticatedUser();
p.AddRequirements(new ReopenAnnouncementRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.DeleteAnnouncementPolicy, p =>
{
p.RequireAuthenticatedUser();
p.AddRequirements(new DeleteAnnouncementRequirement());
});
authorizationOptions.AddPolicy(RoleNames.GetAllAgencyAnnouncementPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetAllAgencyAnnouncementRequirement());
});
#endregion
#region AnnouncementSupplierTemplate
authorizationOptions.AddPolicy(RoleNames.GetAnnouncementSupplierTemplatePolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetAnnouncementSupplierTemplateRequirement());
});
authorizationOptions.AddPolicy(PolicyNames.GetAllAnnouncementSupplierTemplatesForSupplierPolicy, policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new GetAllAnnouncementSupplierTemplatesForSupplierRequirements());
});
#endregion AnnouncementSupplierTemplate
return(authorizationOptions);
}
public static void AddPolicies(AuthorizationOptions config)
{
AddPolicy(config, Manager);
AddPolicy(config, Customer);
}
public static void AddRequiredScopePolicy(this AuthorizationOptions authorizationOptions, string name, string scope)
{
authorizationOptions.AddPolicy(name, policy => policy.Requirements.Add(new RequireScope(scope)));
}
public static void AddPolicy(AuthorizationOptions config, string Role)
{
config.AddPolicy(Manager, new AuthorizationPolicyBuilder().RequireAuthenticatedUser().RequireRole(Role).Build());
}
static IServiceCollection AddAuthorizationServices(this IServiceCollection services, AuthorizationOptions opts)
{
switch (opts.Mechanism)
{
case AuthorizationMechanism.Saml2:
services.AddSingleton <IFederatedEntitlementProvider, SAML2EntitlementProvider>();
break;
case AuthorizationMechanism.ActiveDirectory:
services.AddSingleton <IMembershipProvider, ActiveDirectoryMembershipProvider>();
services.AddScoped <IFederatedEntitlementProvider, ActiveDirectoryEntitlementProvider>();
break;
case AuthorizationMechanism.Unsecured:
services.AddSingleton <IFederatedEntitlementProvider, UnsecureEntitlementProvider>();
break;
}
return(services);
}
private static void CustomAuthorizationOptionsSetupAction(AuthorizationOptions authorizationOptions)
{
authorizationOptions.DefaultPolicy = defaultPolicy;
}
private static void AddPolicies(AuthorizationOptions options)
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
}
public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
{
authorizationOptions.AddUmaSecurityPolicy();
}
public AuthorizationPolicyProvider(IOptions <AuthorizationOptions> options, IConfiguration configuration) : base(options)
{
_configuration = configuration;
_options = options.Value;
}
public async Task ConfigurePoliciesAsync(AuthorizationOptions options)
{
var allTasks = _policyProviders.Select(f => f.ConfigurePoliciesAsync(options));
await Task.WhenAll(allTasks);
}
/// <summary>
/// Adds the authentication policies.
/// </summary>
/// <param name="options">The options.</param>
/// <param name="administratorRoleDefinition"></param>
/// <param name="authenticationSchemes">The authentication schemes.</param>
/// <returns></returns>
/// <exception cref="ArgumentNullException">options</exception>
public static AuthorizationOptions AddAuthPolicies(
this AuthorizationOptions options,
(string roleName, string roleClaim) administratorRoleDefinition,
public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
{
authorizationOptions.AddParameterAuthPolicy();
}
public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
{
var opts = GetOptions(options);
authorizationOptions.AddOpenIdSecurityPolicy(opts.Authenticate.CookieName);
}
static IServiceCollection ConfigureAuthorizationOptions(this IServiceCollection services, IConfiguration config)
{
var sp = services.BuildServiceProvider();
var log = sp.GetRequiredService <ILogger <Startup> >();
var authentication = sp.GetRequiredService <IOptions <AuthenticationOptions> >().Value;
var authorization = new AuthorizationOptions().WithMechanism(config.GetValue <string>(Config.Authorization.Mechanism));
services.Configure <AuthorizationOptions>(opts =>
{
opts.Mechanism = authorization.Mechanism;
});
switch (authorization.Mechanism)
{
case AuthorizationMechanism.Unsecured:
if (!authentication.IsUnsecured)
{
throw new LeafConfigurationException($"{AuthorizationOptions.Unsecured} authorization mechanism is only supported if {Config.Authentication.Mechanism} is also {AuthenticationOptions.Unsecured}");
}
log.LogCritical("UNSECURED authorization detected, Leaf is not secured by authorization!");
break;
case AuthorizationMechanism.Saml2:
if (!authentication.IsSaml2)
{
throw new LeafConfigurationException($"{AuthorizationOptions.Saml2} authorization mechanism is only supported if {Config.Authentication.Mechanism} is also {AuthenticationOptions.Saml2}");
}
if (!config.TryBind <SAML2AuthorizationOptions>(Config.Authorization.Saml2, out var saml2))
{
throw new LeafConfigurationException($"SAML2 authorization mechanism is missing a complete SAML2 configuration object");
}
Config.ThrowIfInvalid(saml2);
services.Configure <SAML2AuthorizationOptions>(opts =>
{
opts.RolesMapping = saml2.RolesMapping;
opts.HeadersMapping = saml2.HeadersMapping;
});
break;
case AuthorizationMechanism.ActiveDirectory:
if (authentication.IsUnsecured)
{
throw new LeafConfigurationException($"ActiveDirectory authorization mechanism is not compatible with Unsecured authentication");
}
if (!config.TryBind <ActiveDirectoryAuthorizationOptions>(Config.Authorization.ActiveDirectory, out var ad))
{
throw new LeafConfigurationException($"ActiveDirectory authorization mechanism is missing an ActiveDirectory configuration section");
}
Config.ThrowIfInvalid(ad);
services.Configure <ActiveDirectoryAuthorizationOptions>(opts =>
{
opts.DomainConnection = ad.DomainConnection;
opts.RolesMapping = ad.RolesMapping;
});
break;
}
return(services);
}
public AuthorizationPolicyProvider(IOptions <AuthorizationOptions> options) : base(options)
{
_options = options.Value;
}
public UserCommandHandlerBase(Func <UserManager <ApplicationUser> > userManager, IOptions <AuthorizationOptions> securityOptions)
{
_userManagerFactory = userManager;
_securityOptions = securityOptions.Value;
}
