use AspNetCore Authorize Attribute

DavidEggenberger · Dec 8, 2024 · 55c4bad · 55c4bad
1 parent 02088c9
commit 55c4bad
Show file tree

Hide file tree

Showing 21 changed files with 77 additions and 91 deletions.
diff --git a/...atures/DomainFeatures/StripeSubscriptions/Application/Queries/GetSubscriptionForTenant.cs b/...atures/DomainFeatures/StripeSubscriptions/Application/Queries/GetSubscriptionForTenant.cs
@@ -1,9 +1,7 @@
 using Shared.Features.Messaging.Query;
-using Shared.Kernel.BuildingBlocks.Auth.Attributes;
 
 namespace Modules.Subscriptions.Features.DomainFeatures.StripeSubscriptions.Application.Queries
 {
-    [AuthorizeTenantAdmin]
     public class GetSubscriptionForTenant : Query<StripeSubscription>
     {
         public Guid TenantId { get; set; }

diff --git a/Source/Modules/Subscriptions/Web/Server/Controllers/StripeSessionController.cs b/Source/Modules/Subscriptions/Web/Server/Controllers/StripeSessionController.cs
@@ -1,14 +1,15 @@
 using Microsoft.AspNetCore.Mvc;
-using Shared.Kernel.BuildingBlocks.Auth.Attributes;
 using Modules.Subscriptions.Features.Infrastructure.StripePayments;
 using Shared.Features.Server;
 using Shared.Kernel.DomainKernel;
+using Microsoft.AspNetCore.Authorization;
+using Shared.Kernel.BuildingBlocks.Auth.Constants;
 
 namespace Modules.Subscriptions.Server.Controllers
 {
     [Route("api/[controller]")]
     [ApiController]
-    [AuthorizeTenantAdmin]
+    [Authorize(Policy = PolicyConstants.TenantAdminPolicy)]
     public class StripeSessionController : BaseController
     {
         public StripeSessionController(IServiceProvider serviceProvider) : base(serviceProvider) { }

diff --git a/Source/Modules/Subscriptions/Web/Server/Controllers/StripeSubscriptionsController.cs b/Source/Modules/Subscriptions/Web/Server/Controllers/StripeSubscriptionsController.cs
@@ -1,20 +1,21 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Modules.Subscriptions.Features.DomainFeatures.StripeSubscriptions.Application.Queries;
 using Shared.Features.Server;
-using Shared.Kernel.BuildingBlocks.Auth.Attributes;
+using Shared.Kernel.BuildingBlocks.Auth.Constants;
 
 namespace Modules.Subscriptions.Web.Server.Controllers
 {
     [Route("api/[controller]")]
     [ApiController]
+    [Authorize(Policy = PolicyConstants.TenantAdminPolicy)]
     public class StripeSubscriptionsController : BaseController
     {
         public StripeSubscriptionsController(IServiceProvider serviceProvider) : base(serviceProvider)
         {
         }
 
         [HttpGet]
-        [AuthorizeTenantAdmin]
         public async Task GetSubscription()
         {
             var getSubscriptionForTenant = new GetSubscriptionForTenant

diff --git a/...enantIdentity/Features/DomainFeatures/Tenants/Application/Queries/GetTenantDetailsByID.cs b/...enantIdentity/Features/DomainFeatures/Tenants/Application/Queries/GetTenantDetailsByID.cs
@@ -6,15 +6,15 @@
 
 namespace Modules.TenantIdentity.Features.DomainFeatures.Tenants.Application.Queries
 {
-    public class GetTenantDetailsByID : Query<TenantDetailDTO>
+    public class GetTenantDetailsByID : Query<TenantExtendedDTO>
     {
         public Guid TenantId { get; set; }
     }
-    public class GetTenantDetailsByIDQueryHandler : ServerExecutionBase<TenantIdentityModule>, IQueryHandler<GetTenantDetailsByID, TenantDetailDTO>
+    public class GetTenantDetailsByIDQueryHandler : ServerExecutionBase<TenantIdentityModule>, IQueryHandler<GetTenantDetailsByID, TenantExtendedDTO>
     {
         public GetTenantDetailsByIDQueryHandler(IServiceProvider serviceProvider) : base(serviceProvider) { }
 
-        public async Task<TenantDetailDTO> HandleAsync(GetTenantDetailsByID query, CancellationToken cancellation)
+        public async Task<TenantExtendedDTO> HandleAsync(GetTenantDetailsByID query, CancellationToken cancellation)
         {
             var tenantDetail = await module.TenantIdentityDbContext.Tenants.Where(t => t.TenantId == query.TenantId).SingleAsync();
             return tenantDetail.ToDetailDTO();

diff --git a/Source/Modules/TenantIdentity/Features/DomainFeatures/Tenants/Domain/Tenant.cs b/Source/Modules/TenantIdentity/Features/DomainFeatures/Tenants/Domain/Tenant.cs
@@ -58,7 +58,7 @@ public void ChangeRoleOfTenantMember(Guid userId, TenantRole newRole)
             }
 
             TenantMembership tenantMembership = memberships.Single(m => m.UserId == userId);
-            tenantMembership.Role = newRole;
+            tenantMembership.UpdateRole(newRole);
         }
 
         public void RemoveUser(Guid userId)
@@ -82,7 +82,7 @@ public void InviteUserToRole(string email, TenantRole role)
                 throw new DomainException("");
             }
 
-            invitations.Add(new TenantInvitation { Email = email, Role = role });
+            invitations.Add(TenantInvitation.Create(this, email, role));
         }
 
         public void DeleteTenantMembership(Guid membershipId)
@@ -114,7 +114,7 @@ public void ThrowIfUserCantDeleteTenant()
         }
 
         public TenantDTO ToDTO() => new TenantDTO();
-        public TenantDetailDTO ToDetailDTO() => new TenantDetailDTO();
+        public TenantExtendedDTO ToDetailDTO() => new TenantExtendedDTO();
 
     }
 

diff --git a/Source/Modules/TenantIdentity/Features/DomainFeatures/Tenants/Domain/TenantInvitation.cs b/Source/Modules/TenantIdentity/Features/DomainFeatures/Tenants/Domain/TenantInvitation.cs
@@ -7,9 +7,19 @@ namespace Modules.TenantIdentity.Features.DomainFeatures.Tenants.Domain
 {
     public class TenantInvitation : Entity
     {
-        public Tenant Tenant { get; set; }
-        public string Email { get; set; }
-        public TenantRole Role { get; set; }
+        public Tenant Tenant { get; private set; }
+        public string Email { get; private set; }
+        public TenantRole Role { get; private set; }
+
+        public static TenantInvitation Create(Tenant tenant, string email, TenantRole role)
+        {
+            return new TenantInvitation()
+            {
+                Email = email,
+                Role = role,
+                Tenant = tenant
+            };
+        }
     }
 
     public class TenantInvitationEFConfiguration : IEntityTypeConfiguration<TenantInvitation>

diff --git a/Source/Modules/TenantIdentity/Features/DomainFeatures/Tenants/Domain/TenantMembership.cs b/Source/Modules/TenantIdentity/Features/DomainFeatures/Tenants/Domain/TenantMembership.cs
@@ -15,9 +15,14 @@ public TenantMembership(Guid userId, TenantRole role)
             Role = role;
         }
 
-        public Guid UserId { get; set; }
-        public Tenant Tenant { get; set; }
-        public TenantRole Role { get; set; }
+        public Guid UserId { get; private set; }
+        public Tenant Tenant { get; private set; }
+        public TenantRole Role { get; private set; }
+
+        public void UpdateRole(TenantRole role)
+        {
+            Role = role;
+        }
 
         public TenantMembershipDTO ToDTO()
         {

diff --git a/...s/Application/Queries/GetClaimsForUser.cs → ...tion/Queries/GetClaimsForExecutingUser.cs b/...s/Application/Queries/GetClaimsForUser.cs → ...tion/Queries/GetClaimsForExecutingUser.cs
@@ -6,18 +6,17 @@
 
 namespace Modules.TenantIdentity.Features.DomainFeatures.Users.Application.Queries
 {
-    public class GetClaimsForUser : Query<IEnumerable<Claim>>
+    public class GetClaimsForExecutingUser : Query<IEnumerable<Claim>>
     {
-        public Guid UserId { get; set; }
     }
 
-    public class ClaimsForUserQueryHandler : ServerExecutionBase<TenantIdentityModule>, IQueryHandler<GetClaimsForUser, IEnumerable<Claim>>
+    public class ClaimsForUserQueryHandler : ServerExecutionBase<TenantIdentityModule>, IQueryHandler<GetClaimsForExecutingUser, IEnumerable<Claim>>
     {
         public ClaimsForUserQueryHandler(IServiceProvider serviceProvider) : base(serviceProvider) { }
 
-        public async Task<IEnumerable<Claim>> HandleAsync(GetClaimsForUser query, CancellationToken cancellation)
+        public async Task<IEnumerable<Claim>> HandleAsync(GetClaimsForExecutingUser query, CancellationToken cancellation)
         {
-            var user = await module.TenantIdentityDbContext.GetUserByIdAsync(query.UserId);
+            var user = await module.TenantIdentityDbContext.GetUserByIdAsync(query.ExecutingUserId);
 
             List<Claim> claims = new List<Claim>
             {

diff --git a/.../Users/Application/Queries/GetUserById.cs → ...s/Application/Queries/GetExecutingUser.cs b/.../Users/Application/Queries/GetUserById.cs → ...s/Application/Queries/GetExecutingUser.cs
@@ -4,14 +4,14 @@
 
 namespace Modules.TenantIdentity.Features.DomainFeatures.Users.Application.Queries
 {
-    public class GetUserById : Query<ApplicationUser>
+    public class GetExecutingUser : Query<ApplicationUser>
     {
     }
-    public class GetUserByIdHandler : ServerExecutionBase<TenantIdentityModule>, IQueryHandler<GetUserById, ApplicationUser>
+    public class GetUserByIdHandler : ServerExecutionBase<TenantIdentityModule>, IQueryHandler<GetExecutingUser, ApplicationUser>
     {
         public GetUserByIdHandler(IServiceProvider serviceProvider) : base(serviceProvider) { }
 
-        public async Task<ApplicationUser> HandleAsync(GetUserById query, CancellationToken cancellation)
+        public async Task<ApplicationUser> HandleAsync(GetExecutingUser query, CancellationToken cancellation)
         {
             return await module.TenantIdentityDbContext.GetUserByIdAsync(query.ExecutingUserId);
         }

diff --git a/Source/Modules/TenantIdentity/Features/Infrastructure/UserClaimsPrincipalFactory.cs b/Source/Modules/TenantIdentity/Features/Infrastructure/UserClaimsPrincipalFactory.cs
@@ -13,7 +13,7 @@ public ContextUserClaimsPrincipalFactory(IServiceProvider serviceProvider) : bas
 
         public async Task<ClaimsPrincipal> CreateAsync(TUser user)
         {
-            var claimsForUser = await queryDispatcher.DispatchAsync<GetClaimsForUser, IEnumerable<Claim>>(new GetClaimsForUser { UserId = user.Id });
+            var claimsForUser = await queryDispatcher.DispatchAsync<GetClaimsForExecutingUser, IEnumerable<Claim>>(new GetClaimsForExecutingUser { ExecutingUserId = user.Id });
 
             var claimsIdentity = new ClaimsIdentity(
                 claims: claimsForUser, 

diff --git a/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantDTO.cs b/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantDTO.cs
@@ -1,7 +1,11 @@
-namespace Modules.TenantIdentity.Shared.DTOs.Tenant
+using Shared.Kernel.DomainKernel;
+using System.Collections.Generic;
+
+namespace Modules.TenantIdentity.Shared.DTOs.Tenant
 {
     public class TenantDTO
     {
+        public SubscriptionPlanType SubscriptionPlanType { get; set; }
         public string Name { get; set; }
     }
 }
diff --git a/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantDetailDTO.cs b/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantDetailDTO.cs
diff --git a/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantExtendedDTO.cs b/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantExtendedDTO.cs
@@ -0,0 +1,10 @@
+using System.Collections.Generic;
+
+namespace Modules.TenantIdentity.Shared.DTOs.Tenant
+{
+    public class TenantExtendedDTO : TenantDTO
+    {
+        public List<TenantMembershipDTO> Memberships { get; set; }
+        public List<TenantInvitationDTO> Invitations { get; set; }
+    }
+}
diff --git a/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantInvitationDTO.cs b/Source/Modules/TenantIdentity/Shared/DTOs/Tenant/TenantInvitationDTO.cs
@@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Modules.TenantIdentity.Shared.DTOs.Tenant
+{
+    public class TenantInvitationDTO
+    {
+    }
+}
diff --git a/Source/Modules/TenantIdentity/Shared/Properties/launchSettings.json b/Source/Modules/TenantIdentity/Shared/Properties/launchSettings.json
diff --git a/...ules/TenantIdentity/Web/Server/Controllers/Infrastructure/IdentityOperationsController.cs b/...ules/TenantIdentity/Web/Server/Controllers/Infrastructure/IdentityOperationsController.cs
@@ -45,7 +45,7 @@ public ActionResult<BFFUserInfoDTO> GetClaimsOfCurrentUser()
         [HttpGet("selectTenant/{TenantId}")]
         public async Task<ActionResult> SelectTenant([FromRoute] Guid tenantId, [FromQuery] string redirectUri)
         {
-            var user = await queryDispatcher.DispatchAsync<GetUserById, ApplicationUser>(new GetUserById { ExecutingUserId = executionContext.UserId });
+            var user = await queryDispatcher.DispatchAsync<GetExecutingUser, ApplicationUser>(new GetExecutingUser { ExecutingUserId = executionContext.UserId });
 
             var tenantMembershipsOfUserQuery = new GetAllTenantMembershipsOfUser() { ExecutingUserId = user.Id };
             var tenantMemberships = await queryDispatcher.DispatchAsync<GetAllTenantMembershipsOfUser, List<TenantMembershipDTO>>(tenantMembershipsOfUserQuery);

diff --git a/Source/Modules/TenantIdentity/Web/Server/Controllers/TenantsController.cs b/Source/Modules/TenantIdentity/Web/Server/Controllers/TenantsController.cs
@@ -1,7 +1,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
-using Shared.Kernel.BuildingBlocks.Auth.Attributes;
 using System.Threading.Tasks;
 using System.Collections.Generic;
 using System;
@@ -17,7 +16,7 @@
 namespace Modules.TenantIdentity.Web.Server.Controllers
 {
     [Route("api/[controller]")]
-    [Authorize(AuthenticationSchemes = AuthConstant.ApplicationAuthenticationScheme)]
+    [Authorize(Policy = PolicyConstants.TenantAdminPolicy)]
     [ApiController]
     public class TenantsController : BaseController
     {
@@ -29,7 +28,6 @@ public TenantsController(SignInManager<ApplicationUser> signInManager, IServiceP
         }
 
         [HttpGet("{tenantId}")]
-        [AuthorizeTenantAdmin]
         public async Task<ActionResult<TenantDTO>> GetTenant([FromRoute] Guid tenantId)
         {
             var tenant = await queryDispatcher.DispatchAsync<GetTenantByID, TenantDTO>(new GetTenantByID { TenantId = tenantId });
@@ -38,9 +36,9 @@ public async Task<ActionResult<TenantDTO>> GetTenant([FromRoute] Guid tenantId)
         }
 
         [HttpGet("{tenantId}/details")]
-        public async Task<ActionResult<TenantDetailDTO>> GetTenantDetail([FromRoute] Guid tenantId)
+        public async Task<ActionResult<TenantExtendedDTO>> GetTenantDetail([FromRoute] Guid tenantId)
         {
-            TenantDetailDTO tenantDetail = await queryDispatcher.DispatchAsync<GetTenantDetailsByID, TenantDetailDTO>(new GetTenantDetailsByID { TenantId = tenantId });
+            TenantExtendedDTO tenantDetail = await queryDispatcher.DispatchAsync<GetTenantDetailsByID, TenantExtendedDTO>(new GetTenantDetailsByID { TenantId = tenantId });
 
             return Ok(tenantDetail);
         }
@@ -66,7 +64,7 @@ public async Task<ActionResult<TenantDTO>> CreateTenant(CreateTenantDTO createTe
             };
             var createdTenant = await commandDispatcher.DispatchAsync<CreateTenantWithAdmin, TenantDTO>(createTenant);
 
-            var user = await queryDispatcher.DispatchAsync<GetUserById, ApplicationUser>(new GetUserById { ExecutingUserId = executionContext.UserId });
+            var user = await queryDispatcher.DispatchAsync<GetExecutingUser, ApplicationUser>(new GetExecutingUser { ExecutingUserId = executionContext.UserId });
             await signInManager.RefreshSignInAsync(user);
 
             return CreatedAtAction(nameof(CreateTenant), createdTenant);

diff --git a/Source/Shared/Features/Messaging/Queries/QueryDispatcher.cs b/Source/Shared/Features/Messaging/Queries/QueryDispatcher.cs
@@ -1,6 +1,6 @@
-using Microsoft.Extensions.DependencyInjection;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
 using Shared.Kernel.BuildingBlocks;
-using Shared.Kernel.BuildingBlocks.Auth.Attributes;
 
 namespace Shared.Features.Messaging.Query
 {
@@ -16,10 +16,7 @@ public QueryDispatcher(IServiceProvider serviceProvider)
         public Task<TQueryResult> DispatchAsync<TQuery, TQueryResult>(TQuery query, CancellationToken cancellation = default) where TQuery : Query<TQueryResult>
         {
             var handler = serviceProvider.GetRequiredService<IQueryHandler<TQuery, TQueryResult>>();
-            var executionContext = serviceProvider.GetRequiredService<IExecutionContext>();
-
-            var authorizationAttribute = Attribute.GetCustomAttributes(typeof(TQuery)).First(a => a is AuthorizationAttribute) as AuthorizationAttribute;
-
+            var executionContext = serviceProvider.GetRequiredService<IExecutionContext>();            
 
             return handler.HandleAsync(query, cancellation);
         }

diff --git a/Source/Shared/Kernel/BuildingBlocks/Auth/Attributes/AuthorizationAttribute.cs b/Source/Shared/Kernel/BuildingBlocks/Auth/Attributes/AuthorizationAttribute.cs
diff --git a/Source/Shared/Kernel/BuildingBlocks/Auth/Attributes/AuthorizeTenantAdminAttribute.cs b/Source/Shared/Kernel/BuildingBlocks/Auth/Attributes/AuthorizeTenantAdminAttribute.cs
diff --git a/Source/Shared/Kernel/BuildingBlocks/Auth/Attributes/AuthorizeTenantUserAttribute.cs b/Source/Shared/Kernel/BuildingBlocks/Auth/Attributes/AuthorizeTenantUserAttribute.cs