Role based access try 2. May Close #113

Identity/Identity.Core/UsersService.cs

@@ -70,9 +70,11 @@ public async Task MakeAdminAsync(string email, string password)
         await _repository.ChangeUserRoleToAdminAsync(email);
     }
 
-    public async Task<Roles> GetUserRole(string email)
+    public async Task<IEnumerable<string>> GetUserRolesAsync(string email)
     {
         var role = await _repository.GetUserRole(email);
-        return role;
+
+        return new List<string> { role.ToString() };
     }
+
 }

Identity/Identity.Data/Migrations/20231214082608_AddedRolesForUsers.cs

@@ -0,0 +1,40 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Identity.Data.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddedRolesForUsers : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "IsAdmin",
+                table: "Users");
+
+            migrationBuilder.AddColumn<int>(
+                name: "Role",
+                table: "Users",
+                type: "integer",
+                nullable: false,
+                defaultValue: 0);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "Role",
+                table: "Users");
+
+            migrationBuilder.AddColumn<bool>(
+                name: "IsAdmin",
+                table: "Users",
+                type: "boolean",
+                nullable: false,
+                defaultValue: false);
+        }
+    }
+}

Identity/Identity.Data/Migrations/IdentityDbContextModelSnapshot.cs

@@ -33,13 +33,13 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .IsRequired()
                         .HasColumnType("text");
 
-                    b.Property<bool>("IsAdmin")
-                        .HasColumnType("boolean");
-
                     b.Property<string>("Name")
                         .IsRequired()
                         .HasColumnType("text");
 
+                    b.Property<int>("Role")
+                        .HasColumnType("integer");
+
                     b.HasKey("Id");
 
                     b.ToTable("Users");

Identity/Identity/EndpointHandlers.cs

@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Identity;
@@ -35,6 +36,8 @@ public static async Task<object> AddUser([FromServices] UsersService service, Us
         return new {Message = "User added successfully."};
     }
 
+
+    [Authorize(Roles = "Admin")]
     public static async Task<object> MakeAdmin([FromServices] UsersService service, string email, string password)
     {
         if (string.IsNullOrEmpty(email))

Identity/Identity/Identity.csproj

@@ -11,7 +11,9 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="7.0.13" />
         <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.*-*" />
+        <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+        <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
         <ProjectReference Include="..\..\AcademicHub.Common\CustomExceptions\CustomExceptions.csproj" />
         <ProjectReference Include="..\Identity.Core\Identity.Core.csproj" />
     </ItemGroup>

Identity/Identity/Program.cs

@@ -1,9 +1,11 @@
+using System.Security.Claims;
 using CustomExceptions;
 using Identity;
 using Microsoft.AspNetCore.Authentication.Google;
 using Identity.Core;
 using Identity.Data;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.EntityFrameworkCore;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -49,11 +51,35 @@
     })
     .AddGoogle(googleOptions =>
     {
-        googleOptions.ClientId = builder.Configuration["Auth:Google:ClientID"]!;
-        googleOptions.ClientSecret = builder.Configuration["Auth:Google:ClientSecret"]!;
+        googleOptions.ClientId = builder.Configuration["Auth:Google:ClientID"];
+        googleOptions.ClientSecret = builder.Configuration["Auth:Google:ClientSecret"];
         googleOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+        googleOptions.Events = new OAuthEvents
+        {
+            OnCreatingTicket = async context =>
+            {
+                // Extract the email from the Principal
+                var emailClaim = context.Principal.FindFirst(ClaimTypes.Email);
+                if (emailClaim == null)
+                {
+                    throw new Exception("Email claim not found");
+                }
+                var email = emailClaim.Value;
+
+                // Rest of your code
+                var userService = context.HttpContext.RequestServices.GetRequiredService<UsersService>();
+                var roles = await userService.GetUserRolesAsync(email);
+
+                var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
+                foreach (var role in roles)
+                {
+                    claimsIdentity?.AddClaim(new Claim(ClaimTypes.Role, role));
+                }
+            }
+        };
     });
 
+
 // Register authorization services
 builder.Services.AddAuthorization();
 

Identity/Identity/appsettings.json

@@ -16,4 +16,6 @@
   "ConnectionStrings": {
     "DefaultConnection": "Host=postgres; Database=Identity; User Id=identityuser; Password=identityuser; Port=5432"
   }
+
+
 }