user access module with latest dev branch changes

DamageAssesmentApi/DamageAssesment.Api.Surveys/Controllers/SurveysController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Surveys.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace DamageAssesment.Api.Surveys.Controllers
@@ -15,6 +16,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// GET request for retrieving surveys.
         /// </summary>
+        [Authorize(Roles ="admin,survey,user,report")]
         [Route("surveys")]
         [Route("surveys/{language:alpha}")]
         [HttpGet]
@@ -31,6 +33,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// GET request for retrieving surveys by ID.
         /// </summary>
+        [Authorize(Roles = "admin,survey,user,report")]
         [Route("surveys/{id:int}")]
         [Route("surveys/{id:int}/{language:alpha}")]
         [HttpGet]
@@ -46,6 +49,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// POST request for creating a new survey.
         /// </summary>
+        [Authorize(Roles = "admin,survey,user,report")]
         [HttpPost("surveys")]
         public async Task<ActionResult> PostSurveysAsync(Models.Survey survey)
         {
@@ -59,6 +63,8 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// PUT request for updating an existing survey (surveyId,Updated Survey data).
         /// </summary>
+
+        [Authorize(Roles = "admin,survey")]
         [HttpPut("surveys/{id}")]
         public async Task<ActionResult> PutSurveysAsync(int id, Models.Survey survey)
         {
@@ -76,6 +82,7 @@ namespace DamageAssesment.Api.Surveys.Controllers
         /// <summary>
         /// DELETE request for deleting a survey by ID.
         /// </summary>
+        [Authorize(Roles = "admin,survey")]
         [HttpDelete("surveys/{id}")]
         public async Task<ActionResult> DeleteSurveysAsync(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Surveys/Program.cs

@@ -6,6 +6,7 @@ using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
 using System.Text;
 using System.Reflection;
+using Microsoft.OpenApi.Models;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -34,14 +35,44 @@ builder.Services.AddControllers();
 builder.Services.AddScoped<ISurveyProvider, SurveysProvider>();
 builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
 builder.Services.AddEndpointsApiExplorer();
-//builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
+
 builder.Services.AddDbContext<SurveysDbContext>(option =>
 {
     option.UseInMemoryDatabase("Surveys");