Add UserRole handling

2025-06-10 22:10:16 +03:00
parent beaacffb9a
commit a25459d2cb
15 changed files with 92 additions and 143 deletions
--- a/src/Imprink.WebApi/Controllers/Users/UserRoleController.cs
+++ b/src/Imprink.WebApi/Controllers/Users/UserRoleController.cs
@@ -1,6 +1,7 @@
 using System.Security.Claims;
 using Imprink.Application.Users;
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

 namespace Imprink.WebApi.Controllers.Users;
@@ -9,7 +10,7 @@ namespace Imprink.WebApi.Controllers.Users;
 [Route("/api/users/roles")]
 public class UserRoleController(IMediator mediator) : ControllerBase
 {
-    //[Authorize]
+    [Authorize]
    [HttpGet("me")]
    public async Task<IActionResult> GetMyRoles()
    {
@@ -20,4 +21,16 @@ public class UserRoleController(IMediator mediator) : ControllerBase
        
        return Ok(myRoles);
    }
+    
+    [Authorize(Roles = "Admin")]
+    [HttpPost("set")]
+    public async Task<IActionResult> SetUserRole(SetUserRoleCommand command)
+    {
+        var userRole = await mediator.Send(command);
+        
+        if (userRole == null)
+            return BadRequest();
+        
+        return Ok(userRole);
+    }
 }
--- a/src/Imprink.WebApi/Startup.cs
+++ b/src/Imprink.WebApi/Startup.cs
@@ -5,6 +5,7 @@ using Imprink.Application.Products.Create;
 using Imprink.Application.Validation.Models;
 using Imprink.Domain.Repositories;
 using Imprink.Domain.Repositories.Products;
+using Imprink.Domain.Repositories.Users;
 using Imprink.Infrastructure;
 using Imprink.Infrastructure.Database;
 using Imprink.Infrastructure.Repositories.Products;
@@ -74,6 +75,7 @@ public static class Startup

                    foreach (var role in roles) identity!.AddClaim(new Claim(ClaimTypes.Role, role));
                    identity!.AddClaim(new Claim(ClaimTypes.Role, "User"));
+                    
                    return Task.CompletedTask;
                }
            };
@@ -99,8 +101,9 @@ public static class Startup
                Description = "JWT Authorization header using the Bearer scheme.",
                Name = "Authorization",
                In = ParameterLocation.Header,
-                Type = SecuritySchemeType.ApiKey,
-                Scheme = "Bearer"
+                Type = SecuritySchemeType.Http,
+                Scheme = "Bearer",
+                BearerFormat = "JWT"
            });
            
            options.AddSecurityRequirement(new OpenApiSecurityRequirement
@@ -112,12 +115,9 @@ public static class Startup
                        {
                            Type = ReferenceType.SecurityScheme,
                            Id = "Bearer"
-                        },
-                        Scheme = "Bearer",
-                        Name = "Bearer",
-                        In = ParameterLocation.Header
+                        }
                    },
-                    new List<string>()
+                    []
                }
            });
        });