Authorization
There two approaches (you can use both):
- You can add your own interceptor
- You can setup global authorization
For example, user might have role Admin for attachments:
Inteceptor
internal class AuthorizationInterceptor : ClippoInterceptor<Attachment>
{
private readonly IRoleService _roleService;
public AuthorizationInterceptor(IRoleService roleService)
{
_roleService = roleService;
}
public override async Task<CodedResult<Attachment[]>> OnStoreAsync(
IEnumerable<StoreClipArgs> args,
INext<IEnumerable<StoreClipArgs>, CodedResult<Attachment[]>> next)
{
var isAdmin = await _roleService.HasAdminRole();
if (!isAdmin) {
return CodedResults.Of<Attachment[]>().Failed("NOT_ADMIN");
}
return await base.OnStoreAsync(args, next);
}
}
And register it:
return services.AddClippo<Attachment>(x =>
{
x
...
.Interceptors
.Add<AuthorizationInterceptor>();
});
Controller level
const POLICY_NAME = "my_policy";
services
.AddControllers()
// ....
.AddClippoJson()
.AddClippoController<Attachment>(x => x
.UsePolicy(JwtBearerDefaults.AuthenticationScheme, POLICY_NAME))
.Services
// ...
.AddAuthorization(auth =>
{
auth.AddPolicy(POLICY_NAME, options => options
.RequireAuthenticatedUser()
.RequireRole("ADMIN"));
});