Joseph Doherty
cafb7d2006
- WP-2: SecurityRepository + CentralUiRepository with audit log queries - WP-3: AuditService with transactional guarantee (same SaveChangesAsync) - WP-4: Optimistic concurrency tests (deployment records vs template last-write-wins) - WP-5: Seed data (SCADA-Admins → Admin role mapping) - WP-6: LdapAuthService (direct bind, TLS enforcement, group query) - WP-7: JwtTokenService (HMAC-SHA256, 15-min refresh, 30-min idle timeout) - WP-8: RoleMapper (LDAP groups → roles with site-scoped deployment) - WP-9: Authorization policies (Admin/Design/Deployment + site scope handler) - WP-10: Shared Data Protection keys via EF Core 141 tests pass, zero warnings.
31 lines
1.0 KiB
C#
31 lines
1.0 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
namespace ScadaLink.Security;
|
|
|
|
public static class AuthorizationPolicies
|
|
{
|
|
public const string RequireAdmin = "RequireAdmin";
|
|
public const string RequireDesign = "RequireDesign";
|
|
public const string RequireDeployment = "RequireDeployment";
|
|
|
|
public static IServiceCollection AddScadaLinkAuthorization(this IServiceCollection services)
|
|
{
|
|
services.AddAuthorization(options =>
|
|
{
|
|
options.AddPolicy(RequireAdmin, policy =>
|
|
policy.RequireClaim(JwtTokenService.RoleClaimType, "Admin"));
|
|
|
|
options.AddPolicy(RequireDesign, policy =>
|
|
policy.RequireClaim(JwtTokenService.RoleClaimType, "Design"));
|
|
|
|
options.AddPolicy(RequireDeployment, policy =>
|
|
policy.RequireClaim(JwtTokenService.RoleClaimType, "Deployment"));
|
|
});
|
|
|
|
services.AddSingleton<IAuthorizationHandler, SiteScopeAuthorizationHandler>();
|
|
|
|
return services;
|
|
}
|
|
}
|