Fix - Correction de l'authorization

sheaft-app · Nov 30, 2020 · b004d8c · b004d8c
1 parent 7437555
commit b004d8c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/Sheaft.Web.Jobs/MyAuthorizationFilter.cs b/Sheaft.Web.Jobs/MyAuthorizationFilter.cs
@@ -13,7 +13,7 @@ public bool Authorize(DashboardContext context)
             var httpContext = context.GetHttpContext();
 
             // Allow all authenticated users to see the Dashboard (potentially dangerous).
-            return httpContext.User.Identity.IsAuthenticated;
+            return httpContext.User.Identity.IsAuthenticated && (httpContext.User.IsInRole("ADMIN") || httpContext.User.IsInRole("SUPPORT"));
         }
     }
 }
diff --git a/Sheaft.Web.Jobs/Startup.cs b/Sheaft.Web.Jobs/Startup.cs
@@ -8,6 +8,7 @@
 using Amazon.SimpleEmail;
 using AutoMapper;
 using Hangfire;
+using Hangfire.Dashboard;
 using Hangfire.SqlServer;
 using IdentityModel;
 using MangoPay.SDK;
@@ -311,6 +312,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptions
                 endpoints.MapHangfireDashboard("", new DashboardOptions
                 {
                     AppPath = Configuration.GetValue<string>("Portal:Url"),
+                    Authorization = new List<IDashboardAuthorizationFilter> { new MyAuthorizationFilter() }
                 });
                 endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");
             });