feature/93-endpoint-access

Streetcode/Services/Streetcode.Auth/Streetcode.Auth.Api/Extensions/AuthExtensions.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Tokens;
 using Streetcode.Auth.Common.Configurations;
 using System.Text;
@@ -41,6 +42,8 @@ public static IServiceCollection AddJwtAuthentication(this IServiceCollection se
                         ValidIssuer = jwtSettings.Issuer,
                         ValidAudience = jwtSettings.Audience,
                         IssuerSigningKey = new SymmetricSecurityKey(keyBytes),
+
+                        RoleClaimType = ClaimTypes.Role,
 
                         ClockSkew = TimeSpan.Zero
                     };

Streetcode/Services/Streetcode.Auth/Streetcode.Auth.Infrastructure/Services/Token/TokenService.cs

@@ -57,6 +57,7 @@ public async Task<Result<TokenResponseDto>> GenerateTokensAsync(User user, Cance
             await _refreshTokenRepository.AddAsync(refreshTokenEntity, cancellationToken);
 
             var changesSaved = await _refreshTokenRepository.SaveChangesAsync(cancellationToken) > 0;
+
             if (changesSaved)
             {
                 var tokenResponseDto = new TokenResponseDto

Streetcode/Streetcode.WebApi/Controllers/AdditionalContent/CoordinateController.cs

@@ -6,6 +6,7 @@
 using Streetcode.BLL.MediatR.AdditionalContent.Coordinate.Delete;
 using Streetcode.BLL.MediatR.AdditionalContent.Coordinate.GetByStreetcodeId;
 using Streetcode.BLL.MediatR.AdditionalContent.Coordinate.Update;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.AdditionalContent;
 
@@ -18,21 +19,21 @@ public async Task<IActionResult> GetByStreetcodeId([FromRoute] int streetcodeId)
     }
 
     [HttpPost]
-    [Authorize(Roles = "Admin")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromBody] StreetcodeCoordinateDto dto)
     {
         return HandleResult(await Mediator.Send(new CreateCoordinateCommand(dto)));
     }
 
     [HttpPut]
-    [Authorize(Roles = "Admin")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Update([FromBody] StreetcodeCoordinateDto dto)
     {
         return HandleResult(await Mediator.Send(new UpdateCoordinateCommand(dto)));
     }
 
     [HttpDelete("{id:int}")]
-    [Authorize(Roles = "Admin")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Delete([FromRoute] int id)
     {
         return HandleResult(await Mediator.Send(new DeleteCoordinateCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Email/EmailController.cs

@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Email;
 using Streetcode.BLL.MediatR.Email;
@@ -7,6 +8,7 @@ namespace Streetcode.WebApi.Controllers.Email
   public class EmailController : BaseApiController
   {
     [HttpPost]
+    [Authorize]
     public async Task<IActionResult> Send([FromBody] EmailDto email)
     {
       return HandleResult(await Mediator.Send(new SendEmailCommand(email)));

Streetcode/Streetcode.WebApi/Controllers/Media/AudioController.cs

@@ -1,11 +1,13 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Media.Audio;
 using Streetcode.BLL.MediatR.Media.Audio.Create;
 using Streetcode.BLL.MediatR.Media.Audio.Delete;
 using Streetcode.BLL.MediatR.Media.Audio.GetAll;
 using Streetcode.BLL.MediatR.Media.Audio.GetBaseAudio;
 using Streetcode.BLL.MediatR.Media.Audio.GetById;
 using Streetcode.BLL.MediatR.Media.Audio.GetByStreetcodeId;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Media;
 
@@ -36,12 +38,14 @@ public async Task<IActionResult> GetBaseAudio([FromRoute] int id)
     }
 
     [HttpPost]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromBody] AudioFileBaseCreateDto audio)
     {
         return HandleResult(await Mediator.Send(new CreateAudioCommand(audio)));
     }
 
     [HttpDelete("{id:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Delete([FromRoute] int id)
     {
         return HandleResult(await Mediator.Send(new DeleteAudioCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Media/Images/ImageController.cs

@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Media.Images;
 using Streetcode.BLL.MediatR.Media.Image.GetAll;
@@ -6,6 +7,7 @@
 using Streetcode.BLL.MediatR.Media.Image.GetByStreetcodeId;
 using Streetcode.BLL.MediatR.Media.Image.Create;
 using Streetcode.BLL.MediatR.Media.Image.Delete;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Media.Images;
 
@@ -30,12 +32,14 @@ public async Task<IActionResult> GetById([FromRoute] int id)
     }
 
     [HttpPost]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromBody] ImageFileBaseCreateDto image)
     {
         return HandleResult(await Mediator.Send(new CreateImageCommand(image)));
     }
 
     [HttpDelete("{id:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Delete([FromRoute] int id)
     {
         return HandleResult(await Mediator.Send(new DeleteImageCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Newss/NewssController.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.News;
 using Streetcode.BLL.MediatR.Newss.Create;
 using Streetcode.BLL.MediatR.Newss.Delete;
@@ -8,6 +9,7 @@
 using Streetcode.BLL.MediatR.Newss.GetNewsAndLinksByUrl;
 using Streetcode.BLL.MediatR.Newss.SortedByDateTime;
 using Streetcode.BLL.MediatR.Newss.Update;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Newss;
 
@@ -44,18 +46,21 @@ public async Task<IActionResult> SortedByDateTime()
 	}
 
 	[HttpPost]
+	[Authorize(Roles = nameof(UserRole.Administrator))]
 	public async Task<IActionResult> Create([FromBody] NewsDto news)
 	{
 		return HandleResult(await Mediator.Send(new CreateNewsCommand(news)));
 	}
 
 	[HttpPut]
+	[Authorize(Roles = nameof(UserRole.Administrator))]
 	public async Task<IActionResult> Update([FromBody] NewsDto news)
 	{
 		return HandleResult(await Mediator.Send(new UpdateNewsCommand(news)));
 	}
 
 	[HttpDelete("{id:int}")]
+	[Authorize(Roles = nameof(UserRole.Administrator))]
 	public async Task<IActionResult> Delete([FromRoute] int id)
 	{
 		return HandleResult(await Mediator.Send(new DeleteNewsCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Partners/PartnersController.cs

@@ -1,10 +1,12 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Partners;
 using Streetcode.BLL.MediatR.Partners.Create;
 using Streetcode.BLL.MediatR.Partners.GetAll;
 using Streetcode.BLL.MediatR.Partners.GetAllPartnerShort;
 using Streetcode.BLL.MediatR.Partners.GetById;
 using Streetcode.BLL.MediatR.Partners.GetByStreetcodeId;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Partners;
 
@@ -35,18 +37,21 @@ public async Task<IActionResult> GetByStreetcodeId([FromRoute] int streetcodeId)
     }
 
     [HttpPost]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromBody] CreatePartnerDto partner)
     {
         return HandleResult(await Mediator.Send(new CreatePartnerCommand(partner)));
     }
 
     [HttpPut]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Update([FromBody] CreatePartnerDto partner)
     {
         return HandleResult(await Mediator.Send(new BLL.MediatR.Partners.Update.UpdatePartnerCommand(partner)));
     }
 
     [HttpDelete("{id:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Delete([FromRoute] int id)
     {
         return HandleResult(await Mediator.Send(new BLL.MediatR.Partners.Delete.DeletePartnerCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Payment/PaymentController.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Payment;
 using Streetcode.BLL.MediatR.Payment;
 
@@ -7,6 +8,7 @@ namespace Streetcode.WebApi.Controllers.Payment
     public class PaymentController : BaseApiController
     {
         [HttpPost]
+        [Authorize]
         public async Task<IActionResult> CreateInvoice([FromBody] PaymentDto payment)
         {
             return HandleResult(await Mediator.Send(new CreateInvoiceCommand(payment)));

Streetcode/Streetcode.WebApi/Controllers/Streetcode/CommentsController.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Streetcode.Comments;
 using Streetcode.BLL.MediatR.Streetcode.Comments.Create;
 using Streetcode.BLL.MediatR.Streetcode.Comments.Delete;
@@ -7,6 +8,7 @@
 
 namespace Streetcode.WebApi.Controllers.Streetcode
 {
+    [Authorize]
     public class CommentsController : BaseApiController
     {
         [HttpGet("{streetcodeId:int}")]

Streetcode/Streetcode.WebApi/Controllers/Streetcode/RelatedFigureController.cs

@@ -1,8 +1,10 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.MediatR.Streetcode.RelatedFigure.Create;
 using Streetcode.BLL.MediatR.Streetcode.RelatedFigure.Delete;
 using Streetcode.BLL.MediatR.Streetcode.RelatedFigure.GetByStreetcodeId;
 using Streetcode.BLL.MediatR.Streetcode.RelatedFigure.GetByTagId;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Streetcode;
 
@@ -21,12 +23,14 @@ public async Task<IActionResult> GetByTagId([FromRoute] int tagId)
     }
 
     [HttpPost("{ObserverId:int}&{TargetId:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromRoute] int ObserverId, int TargetId)
     {
         return HandleResult(await Mediator.Send(new CreateRelatedFigureCommand(ObserverId, TargetId)));
     }
 
     [HttpDelete("{ObserverId:int}&{TargetId:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Delete([FromRoute] int ObserverId, int TargetId)
     {
         return HandleResult(await Mediator.Send(new DeleteRelatedFigureCommand(ObserverId, TargetId)));

Streetcode/Streetcode.WebApi/Controllers/Streetcode/StreetcodeController.cs

@@ -1,4 +1,5 @@
 using System.Text.Json;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.AdditionalContent.Filter;
 using Streetcode.BLL.DTO.Streetcode;
@@ -15,6 +16,7 @@
 using Streetcode.BLL.MediatR.Streetcode.Streetcode.GetCount;
 using Streetcode.BLL.MediatR.Streetcode.Streetcode.GetShortById;
 using Streetcode.BLL.MediatR.Streetcode.Streetcode.Update;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Streetcode;
 
@@ -75,25 +77,29 @@ public async Task<IActionResult> GetById([FromRoute] int id)
     }
 
     [HttpPost]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromBody] JsonElement streetcodeDTO)
     {
         return HandleResult(await Mediator.Send(new CreateStreetcodeCommand(streetcodeDTO)));
     }
 
     [HttpPut("{id:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Update(int id, [FromBody] JsonElement streetcodeDTO)
     {
         var command = new UpdateStreetcodeCommand(id, streetcodeDTO);
         return HandleResult(await Mediator.Send(command));
     }
 
     [HttpDelete("{id:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> SoftDelete([FromRoute] int id)
     {
         return HandleResult(await Mediator.Send(new DeleteSoftStreetcodeCommand(id)));
     }
 
     [HttpDelete("{id:int}")]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> DeleteFull([FromRoute] int id)
     {
         return HandleResult(await Mediator.Send(new DeleteFullStreetcodeCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Streetcode/TextContent/FactController.cs

@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Streetcode.TextContent.Fact;
 using Streetcode.BLL.MediatR.Streetcode.Fact.Create;
@@ -6,6 +7,7 @@
 using Streetcode.BLL.MediatR.Streetcode.Fact.GetById;
 using Streetcode.BLL.MediatR.Streetcode.Fact.GetByStreetcodeId;
 using Streetcode.BLL.MediatR.Streetcode.Fact.Update;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Streetcode.TextContent
 {
@@ -30,18 +32,21 @@ public async Task<IActionResult> GetByStreetcodeId([FromRoute] int streetcodeId)
         }
 
         [HttpPost]
+        [Authorize(Roles = nameof(UserRole.Administrator))]
         public async Task<IActionResult> Create([FromBody] CreateFactDto fact)
         {
             return HandleResult(await Mediator.Send(new CreateFactCommand(fact)));
         }
 
         [HttpPut]
+        [Authorize(Roles = nameof(UserRole.Administrator))]
         public async Task<IActionResult> Update([FromBody] UpdateFactDto fact)
         {
             return HandleResult(await Mediator.Send(new UpdateFactCommand(fact)));
         }
 
         [HttpDelete("{id:int}")]
+        [Authorize(Roles = nameof(UserRole.Administrator))]
         public async Task<IActionResult> Delete([FromRoute] int id)
         {
             return HandleResult(await Mediator.Send(new DeleteFactCommand(id)));

Streetcode/Streetcode.WebApi/Controllers/Streetcode/TextContent/RelatedTermController.cs

@@ -1,9 +1,11 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Streetcode.TextContent;
 using Streetcode.BLL.MediatR.Streetcode.RelatedTerm.Create;
 using Streetcode.BLL.MediatR.Streetcode.RelatedTerm.Delete;
 using Streetcode.BLL.MediatR.Streetcode.RelatedTerm.GetAllByTermId;
 using Streetcode.BLL.MediatR.Streetcode.RelatedTerm.Update;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Streetcode.TextContent
 {
@@ -16,18 +18,21 @@ public async Task<IActionResult> GetByTermId([FromRoute] int id)
         }
 
         [HttpPost]
+        [Authorize(Roles = nameof(UserRole.Administrator))]
         public async Task<IActionResult> Create([FromBody] RelatedTermDto relatedTerm)
         {
             return HandleResult(await Mediator.Send(new CreateRelatedTermCommand(relatedTerm)));
         }
 
         [HttpPut("{id:int}")]
+        [Authorize(Roles = nameof(UserRole.Administrator))]
         public async Task<IActionResult> Update([FromRoute] int id, [FromBody] RelatedTermDto relatedTerm)
         {
             return HandleResult(await Mediator.Send(new UpdateRelatedTermCommand(id, relatedTerm)));
         }
 
         [HttpDelete("{word}/{termId:int}")]
+        [Authorize(Roles = nameof(UserRole.Administrator))]
         public async Task<IActionResult> Delete([FromRoute] string word, [FromRoute] int termId)
         {
             return HandleResult(await Mediator.Send(new DeleteRelatedTermCommand(word, termId)));

Streetcode/Streetcode.WebApi/Controllers/Streetcode/TextContent/TermController.cs

@@ -1,8 +1,10 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Streetcode.BLL.DTO.Streetcode.TextContent;
 using Streetcode.BLL.MediatR.Streetcode.Term.Create;
 using Streetcode.BLL.MediatR.Streetcode.Term.GetAll;
 using Streetcode.BLL.MediatR.Streetcode.Term.GetById;
+using Streetcode.DAL.Enums;
 
 namespace Streetcode.WebApi.Controllers.Streetcode.TextContent;
 
@@ -21,6 +23,7 @@ public async Task<IActionResult> GetById([FromRoute] int id)
     }
 
     [HttpPost]
+    [Authorize(Roles = nameof(UserRole.Administrator))]
     public async Task<IActionResult> Create([FromBody] TermDto term)
     {
         return HandleResult(await Mediator.Send(new CreateTermCommand(term)));