Update RBAC

CustomPolicy/RoleModulePolicy.cs

@@ -5,6 +5,8 @@ using PSTW_CentralSystem.Models;
 using Newtonsoft.Json;
 using System.Text.Json;
 using System.Data;
+using Microsoft.EntityFrameworkCore;
+using System.Reflection;
 
 namespace PSTW_CentralSystem.CustomPolicy
 {
@@ -32,7 +34,7 @@ namespace PSTW_CentralSystem.CustomPolicy
             var userRole = await _userManager.GetRolesAsync(currentUser ?? new UserModel());
             var moduleName = _httpContextAccessor.HttpContext?.GetRouteData().Values["controller"]?.ToString();
             var pageName = _httpContextAccessor.HttpContext?.GetRouteData().Values["action"]?.ToString();
-            var registeredModule = _authDBContext.ModuleSettings.FirstOrDefault(x => x.ModuleName == moduleName);
+            var registeredModule = await _authDBContext.ModuleSettings.Where(x => x.ModuleName == moduleName).ToListAsync();
 
             if (checkIfSuperAdmin())
             {
@@ -83,16 +85,22 @@ namespace PSTW_CentralSystem.CustomPolicy
 
             void checkModuleActiveOrNot()
             {
-                if (registeredModule.ModuleStatus == 0)
+                foreach (var module in registeredModule)
+                {
+                    if (module.ModuleStatus == 0)
                     {
                         context.Fail();
                         return;
                     }
                 }
+            }
 
             void checkModuleHaveRoleOrNot()
             {
-                var allowedUserTypes = registeredModule?.AllowedUserType ?? "";
+                bool isModuleHaveRole = false;
+                foreach (var module in registeredModule)
+                {
+                    var allowedUserTypes = module?.AllowedUserType ?? "";
                     if (allowedUserTypes == "Public" || userRole.Any(role => allowedUserTypes.Contains(role)))
                     {
                         context.Succeed(requirement);
@@ -100,13 +108,23 @@ namespace PSTW_CentralSystem.CustomPolicy
                     }
                     else if (currentUser != null && allowedUserTypes == "Registered User")
                     {
-                    checkMethodAndRole();
+                        isModuleHaveRole = true;
                     }
                     else
+                    {
+                        isModuleHaveRole = false;
+                    }
+                }
+
+                if (!isModuleHaveRole)
                 {
                     context.Fail();
                     return;
                 }
+                else
+                {
+                    checkMethodAndRole();
+                }
             }
 
             void checkMethodAndRole()

CustomPolicy/RoleModulePolicy_Backup.cs

@@ -0,0 +1,146 @@
+//using Microsoft.AspNetCore.Authorization;
+//using Microsoft.AspNetCore.Identity;
+//using PSTW_CentralSystem.DBContext;
+//using PSTW_CentralSystem.Models;
+//using Newtonsoft.Json;
+//using System.Text.Json;
+//using System.Data;
+
+//namespace PSTW_CentralSystem.CustomPolicy
+//{
+//    public class RoleModulePolicy : IAuthorizationRequirement
+//    {
+
+//    }
+//    public class RoleModuleHandler : AuthorizationHandler<RoleModulePolicy>
+//    {
+//        private readonly CentralSystemContext _authDBContext;
+//        private readonly UserManager<UserModel> _userManager;
+//        private readonly RoleManager<RoleModel> _roleManager;
+//        private readonly IHttpContextAccessor _httpContextAccessor;
+//        public RoleModuleHandler( CentralSystemContext authDBContext, UserManager<UserModel> userManager, RoleManager<RoleModel> roleManager, IHttpContextAccessor httpContextAccessor)
+//        { 
+//            _authDBContext = authDBContext;
+//            _userManager = userManager;
+//            _roleManager = roleManager;
+//            _httpContextAccessor = httpContextAccessor;
+//        }
+//        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, RoleModulePolicy requirement)
+//        {
+//            // Get the current user
+//            var currentUser = await _userManager.GetUserAsync(context.User);
+//            var userRole = await _userManager.GetRolesAsync(currentUser ?? new UserModel());
+//            var moduleName = _httpContextAccessor.HttpContext?.GetRouteData().Values["controller"]?.ToString();
+//            var pageName = _httpContextAccessor.HttpContext?.GetRouteData().Values["action"]?.ToString();
+//            var registeredModule = _authDBContext.ModuleSettings.FirstOrDefault(x => x.ModuleName == moduleName);
+
+//            if (checkIfSuperAdmin())
+//            {
+//                context.Succeed(requirement);
+//                return;
+//            }
+//            else { 
+//                checkModuleExistOrNot();
+//                checkModuleHaveRoleOrNot();
+//            }
+
+//            bool checkIfSuperAdmin()
+//            {
+//                var superAdminRole = _authDBContext.Roles.Where(r => r.Name == "SuperAdmin").FirstOrDefault();
+//                var sysAdminRole = _authDBContext.Roles.Where(r => r.Name == "SystemAdmin").FirstOrDefault();
+//                if (userRole.ToString() != null && userRole.Contains("SuperAdmin") && superAdminRole?.Id == 1)
+//                {
+//                    return true;
+//                }
+//                else if (userRole.ToString() != null && userRole.Contains("SystemAdmin") && sysAdminRole?.Id == 2)
+//                {
+//                    return true;
+//                }
+//                else
+//                {
+//                    return false;
+//                }
+//            }
+
+//            void checkModuleExistOrNot()
+//            {
+
+//                if ( moduleName == "Admin")
+//                {
+//                    context.Fail();
+//                    return;
+//                }
+//                else if (registeredModule == null)
+//                {
+//                    context.Fail();
+//                    return;
+//                }
+//                else 
+//                { 
+//                    checkModuleActiveOrNot();
+//                }
+//            }
+
+//            void checkModuleActiveOrNot()
+//            {
+//                if (registeredModule.ModuleStatus == 0)
+//                {
+//                    context.Fail();
+//                    return;
+//                }
+//            }
+
+//            void checkModuleHaveRoleOrNot()
+//            {
+//                var allowedUserTypes = registeredModule?.AllowedUserType ?? "";
+//                if (allowedUserTypes == "Public" || userRole.Any(role => allowedUserTypes.Contains(role)))
+//                {
+//                    context.Succeed(requirement);
+//                    return;
+//                }
+//                else if (currentUser != null && allowedUserTypes == "Registered User" )
+//                {
+//                    checkMethodAndRole();
+//                }
+//                else
+//                {
+//                    context.Fail();
+//                    return;
+//                }
+//            }
+
+//            void checkMethodAndRole()
+//            {
+
+//                // Load all ModuleSettings and process them in memory
+//                var moduleSettings = _authDBContext.ModuleSettings.AsEnumerable();
+
+//                // Check if the method exists in the module settings
+//                var isMethodExist = moduleSettings.FirstOrDefault(m => m.MethodAllowedUserType?.Any(mt => mt.MethodName == pageName) == true);
+
+
+//                if (isMethodExist != null) // Check if the method exists which means method is registered
+//                {
+//                    var registeredMethod = moduleSettings.Where(m => m.MethodAllowedUserType != null && m.MethodAllowedUserType.Any(mt => mt.MethodName == pageName)).FirstOrDefault();
+//                    var allowedUserTypes = registeredMethod?.MethodAllowedUserType?.Where(mt => mt.MethodName == pageName).Select(mt => mt.AllowedUserTypesArray).FirstOrDefault() ?? Array.Empty<string>();
+//                    if (userRole.Any(role => allowedUserTypes.Contains(role)) || allowedUserTypes.Contains("All")) // Check if the user role is allowed, allowing only registered user to access.
+//                    {
+//                        context.Succeed(requirement);
+//                        return;
+//                    }
+//                    else
+//                    {
+//                        context.Fail();
+//                        return;
+//                    }
+//                }
+//                else  // No method is registered to allow all method to be accessed
+//                { 
+//                    context.Succeed(requirement);
+//                    return;
+//                }
+//            }
+//        }
+
+//    }
+//}

appsettings.json

@@ -3,7 +3,7 @@
     //"DefaultConnection": "Server=localhost;uid=root;Password='';Database=web_interface;"
     //"DefaultConnection": "server=175.136.244.102;user id=root;password=tw_mysql_root;port=3306;database=web_interface"
     //"CentralConnnection": "Server=192.168.12.12;Port=3306;uid=installer;password='pstw_mysql_installer';database=pstw_cs;", //DB_dev Local connection
-    "CentralConnnection": "Server=219.92.7.60;Port=3307;uid=installer;password='pstw_mysql_installer';database=pstw_cs;" //DB_dev Public connection
+    "CentralConnnection": "Server=219.92.7.60;Port=3307;uid=installer;password='pstw_mysql_installer';database=pstw_cs_prod;" //DB_dev Public connection
     //"InventoryConnection": "Server=219.92.7.60;Port=3307;uid=installer;password='pstw_mysql_installer';database=pstw_cs_inventory;" //DB_dev connection
     //"DefaultConnection": "Server=219.92.7.60;Port=3307;uid=intern;password='intern_mysql_acct';database=web_interface;"//DB_dev connection
   },