homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rework policies to use permissions over roles
Some checks failed
Build and Deploy API / build-and-deploy (push) Failing after 7s
Details
Build and Deploy Frontend / build-and-deploy (push) Successful in 6s
Details

Browse Source
This commit is contained in:
Blitblank
2026-04-22 19:34:55 -05:00
parent 1a0bf385b6
commit 152db3d99f
6 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/Program.cs
View File

@@ -49,11 +49,9 @@ builder.Services.AddAuthentication(options => {
builder.Services.AddAuthorization(options => {
options.AddPolicy("SensitiveDataRead", policy =>
policy.RequireRole("admin", "superuser"));
policy.RequireClaim("permission", Permission.SensitiveData_Read));
options.AddPolicy("SensitiveDataModify", policy =>
policy.RequireRole("superuser"));
// TODO: policies are read at runtime. define policy names in a central place and distribute the symbol
policy.RequireClaim("permission", Permission.SensitiveData_Modify));
});