From fc65aa74ba3967334f94c538037bf67b2b34cb92 Mon Sep 17 00:00:00 2001 From: Oleksandr Didyk <106967057+oleksandr-didyk@users.noreply.github.com> Date: Mon, 4 Nov 2024 15:03:47 +0100 Subject: [PATCH] Add policy for admin role (#4124) --- .../Maestro.Authentication/AuthenticationConfiguration.cs | 7 +++++++ .../Controllers/StatusController.cs | 2 ++ 2 files changed, 9 insertions(+) diff --git a/src/Maestro/Maestro.Authentication/AuthenticationConfiguration.cs b/src/Maestro/Maestro.Authentication/AuthenticationConfiguration.cs index 5e80786dca..83789763ec 100644 --- a/src/Maestro/Maestro.Authentication/AuthenticationConfiguration.cs +++ b/src/Maestro/Maestro.Authentication/AuthenticationConfiguration.cs @@ -23,6 +23,7 @@ public static class AuthenticationConfiguration { public const string EntraAuthorizationPolicyName = "Entra"; public const string MsftAuthorizationPolicyName = "msft"; + public const string AdminAuthorizationPolicyName = "RequireAdminAccess"; public const string AccountSignInRoute = "/Account/SignIn"; @@ -111,6 +112,12 @@ public static void ConfigureAuthServices(this IServiceCollection services, IConf || context.User.IsInRole(prodconSvcsRole); }); }); + options.AddPolicy(AdminAuthorizationPolicyName, policy => + { + policy.AddAuthenticationSchemes(AuthenticationSchemes); + policy.RequireAuthenticatedUser(); + policy.RequireRole("Admin"); + }); }); services.Configure( diff --git a/src/ProductConstructionService/ProductConstructionService.Api/Controllers/StatusController.cs b/src/ProductConstructionService/ProductConstructionService.Api/Controllers/StatusController.cs index 829fc0dbec..8b287a41dc 100644 --- a/src/ProductConstructionService/ProductConstructionService.Api/Controllers/StatusController.cs +++ b/src/ProductConstructionService/ProductConstructionService.Api/Controllers/StatusController.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Net; +using Maestro.Authentication; using Microsoft.AspNetCore.ApiVersioning; using Microsoft.AspNetCore.ApiVersioning.Swashbuckle; using Microsoft.AspNetCore.Authorization; @@ -12,6 +13,7 @@ namespace ProductConstructionService.Api.Controllers; [Route("status")] [ApiVersion("2020-02-20")] +[Authorize(Policy = AuthenticationConfiguration.AdminAuthorizationPolicyName)] public class StatusController(IReplicaWorkItemProcessorStateCacheFactory replicaWorkItemProcessorStateCacheFactory) : ControllerBase { private readonly IReplicaWorkItemProcessorStateCacheFactory _replicaWorkItemProcessorStateCacheFactory = replicaWorkItemProcessorStateCacheFactory;