updated application to check for contextual permissions

2024-12-21 16:55:20 +01:00
parent ba46147a74
commit 59c452ff73
13 changed files with 58 additions and 21 deletions
--- a/testing/HopFrame.Testing.Api/Controllers/TestController.cs
+++ b/testing/HopFrame.Testing.Api/Controllers/TestController.cs
@@ -1,5 +1,7 @@
 using HopFrame.Api.Logic;
+using HopFrame.Api.Models;
 using HopFrame.Database.Models;
+using HopFrame.Database.Repositories;
 using HopFrame.Security.Authorization;
 using HopFrame.Security.Claims;
 using HopFrame.Testing.Api.Models;
@@ -10,11 +12,11 @@ namespace HopFrame.Testing.Api.Controllers;

 [ApiController]
 [Route("test")]
-public class TestController(ITokenContext userContext, DatabaseContext context) : ControllerBase {
+public class TestController(ITokenContext userContext, DatabaseContext context, ITokenRepository tokens, IPermissionRepository permissions) : ControllerBase {

    [HttpGet("permissions"), Authorized]
-    public ActionResult<IList<Permission>> Permissions() {
-        return new ActionResult<IList<Permission>>(userContext.User.Permissions);
+    public ActionResult<IList<string>> Permissions() {
+        return new ActionResult<IList<string>>(userContext.ContextualPermissions);
    }

    [HttpGet("generate")]
@@ -50,5 +52,19 @@ public class TestController(ITokenContext userContext, DatabaseContext context)
    public async Task<ActionResult<IList<Address>>> GetAddresses() {
        return LogicResult<IList<Address>>.Ok(await context.Addresses.Include(e => e.Employee).ToListAsync());
    }
+
+    [HttpGet("token"), Authorized]
+    public async Task<ActionResult<SingleValueResult<string>>> GetApiToken() {
+        var token = await tokens.CreateApiToken(userContext.User, DateTime.MaxValue);
+        await permissions.AddPermission(token, "hopframe.admin");
+        await permissions.AddPermission(token, "hopframe.admin.users.read");
+        return LogicResult<SingleValueResult<string>>.Ok(token.TokenId.ToString());
+    }
+
+    [HttpDelete("token/{tokenId}")]
+    public async Task DeleteToken(string tokenId) {
+        var token = await tokens.GetToken(tokenId);
+        await tokens.DeleteToken(token);
+    }
    
 }
--- a/testing/HopFrame.Testing.Api/Program.cs
+++ b/testing/HopFrame.Testing.Api/Program.cs
@@ -18,7 +18,7 @@ builder.Services.AddSwaggerGen(c => {
    c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme {
        Description = @"JWT Authorization header using the Bearer scheme. \r\n\r\n 
                      Enter 'Bearer' [space] and then your token in the text input below.",
-        Name = "Authorization",
+        Name = "Token",
        In = ParameterLocation.Header,
        Type = SecuritySchemeType.ApiKey,
        Scheme = "Bearer"