Added permission checks to all controllers. Added role permission loading. Added frontend permission checks. Implemented user logout in admin panel.

2026-01-16 13:07:19 +01:00
parent bee381702b
commit a28b8aca7a
24 changed files with 401 additions and 62 deletions
--- a/Moonlight.Frontend/Implementations/PermissionPolicyProvider.cs
+++ b/Moonlight.Frontend/Implementations/PermissionPolicyProvider.cs
@@ -0,0 +1,42 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+using Moonlight.Shared;
+
+namespace Moonlight.Frontend.Implementations;
+
+public class PermissionPolicyProvider : IAuthorizationPolicyProvider
+{
+    private readonly DefaultAuthorizationPolicyProvider FallbackProvider;
+    
+    public PermissionPolicyProvider(IOptions<AuthorizationOptions> options)
+    {
+        FallbackProvider = new DefaultAuthorizationPolicyProvider(options);
+    }
+    
+    public async Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)
+    {
+        if (!policyName.StartsWith(Permissions.Prefix, StringComparison.OrdinalIgnoreCase))
+            return await FallbackProvider.GetPolicyAsync(policyName);
+        
+        var policy = new AuthorizationPolicyBuilder();
+        policy.AddRequirements(new PermissionRequirement(policyName));
+
+        return policy.Build();
+    }
+
+    public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+        => FallbackProvider.GetDefaultPolicyAsync();
+
+    public Task<AuthorizationPolicy?> GetFallbackPolicyAsync()
+        => FallbackProvider.GetFallbackPolicyAsync();
+}
+
+public class PermissionRequirement : IAuthorizationRequirement
+{
+    public string Identifier { get; }
+    
+    public PermissionRequirement(string identifier)
+    {
+        Identifier = identifier;
+    }
+}