Skip to content

Commit

Permalink
fix: add security policy name and application settings
Browse files Browse the repository at this point in the history
  • Loading branch information
Jan Lesage authored and koenmetsu committed Apr 2, 2024
1 parent bc32d28 commit a6358cf
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 5 deletions.
2 changes: 2 additions & 0 deletions src/AssociationRegistry.Acm.Api/Constants/Security.cs
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@ public static class Security
public static class ClaimTypes
{
public const string Scope = "scope";
public const string ClientId = "client_id";
}

public static class Scopes
{
public const string ACM = "dv_verenigingsregister_hoofdvertegenwoordigers";
public const string Info = "vo_info";
public const string Admin = "dv_verenigingsregister_beheer";
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
namespace AssociationRegistry.Acm.Api.Infrastructure.ConfigurationBindings;

using System;

public class AppSettings
{
private string? _baseUrl;
Expand All @@ -11,6 +13,7 @@ public string BaseUrl
}

public ApiDocsSettings ApiDocs { get; set; } = null!;
public string[] SuperAdminClientIds { get; set; } = Array.Empty<string>();

public class ApiDocsSettings
{
Expand Down
18 changes: 13 additions & 5 deletions src/AssociationRegistry.Acm.Api/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -320,11 +320,19 @@ private static void ConfigureServices(WebApplicationBuilder builder)
.AllowCredentials());
})
.AddControllersAsServices()
.AddAuthorization(
options =>
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireClaim(Security.ClaimTypes.Scope, Security.Scopes.ACM)
.Build())
.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireClaim(Security.ClaimTypes.Scope, Security.Scopes.ACM)
.Build();

options.AddPolicy(
SuperAdminPolicyName,
new AuthorizationPolicyBuilder()
.RequireClaim(Security.ClaimTypes.Scope, Security.Scopes.Admin)
.RequireClaim(Security.ClaimTypes.ClientId, appSettings.SuperAdminClientIds)
.Build());
})
.AddNewtonsoftJson(
opt =>
{
Expand Down

0 comments on commit a6358cf

Please sign in to comment.