From 9f40a671f333864482a9a851e1dfc3f3aed22e0b Mon Sep 17 00:00:00 2001 From: James Gunn Date: Wed, 16 Aug 2023 11:50:44 +0100 Subject: [PATCH] Use incremental consent for User.ReadBasic.All --- .../Pages/Users/AddUser/Confirm.cshtml.cs | 2 ++ .../Pages/Users/AddUser/Index.cshtml.cs | 2 ++ .../src/TeachingRecordSystem.SupportUi/Program.cs | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Confirm.cshtml.cs b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Confirm.cshtml.cs index f5c9b583b..9f588cbfd 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Confirm.cshtml.cs +++ b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Confirm.cshtml.cs @@ -2,12 +2,14 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.Identity.Web; using TeachingRecordSystem.Core.DataStore.Postgres; using TeachingRecordSystem.Core.Events; using TeachingRecordSystem.SupportUi.Services.AzureActiveDirectory; namespace TeachingRecordSystem.SupportUi.Pages.Users.AddUser; +[AuthorizeForScopes(Scopes = new[] { "User.ReadBasic.All" })] public class ConfirmModel : PageModel { private readonly TrsDbContext _dbContext; diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Index.cshtml.cs b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Index.cshtml.cs index 96778c32c..f03539dfe 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Index.cshtml.cs +++ b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Index.cshtml.cs @@ -2,11 +2,13 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.Identity.Web; using TeachingRecordSystem.SupportUi.Services.AzureActiveDirectory; namespace TeachingRecordSystem.SupportUi.Pages.Users.AddUser; [Authorize(Roles = UserRoles.Administrator)] +[AuthorizeForScopes(Scopes = new[] { "User.ReadBasic.All" })] public class IndexModel : PageModel { private readonly IAadUserService _userService; diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Program.cs b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Program.cs index f2001cc96..611a29c0f 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Program.cs +++ b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Program.cs @@ -70,7 +70,7 @@ if (!builder.Environment.IsUnitTests() && !builder.Environment.IsEndToEndTests()) { - var graphApiScopes = new[] { "User.Read", "User.ReadBasic.All" }; + var graphApiScopes = new[] { "User.Read" }; builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration, "AzureAd")