From df48e8861474dc7461fb2576697cb96c38b15e76 Mon Sep 17 00:00:00 2001
From: Karolis2011 <Karolis2011@users.noreply.github.com>
Date: Tue, 25 Jan 2022 21:11:24 +0200
Subject: [PATCH] Clean up

---
 KTUSAPS/Auth/AdminAuthorizationHandler.cs    |  38 ---
 KTUSAPS/Auth/MyIssueRequirement.cs           |   8 +
 KTUSAPS/Auth/SaPsAuthorizationHandler.cs     | 117 +++++++
 KTUSAPS/ClientApp/src/components/NavMenu.vue |   4 +-
 KTUSAPS/Controllers/GlueController.cs        | 303 -------------------
 KTUSAPS/Controllers/IssuesController.cs      |  33 +-
 KTUSAPS/Models/RequestScope.cs               |   8 +
 KTUSAPS/Startup.cs                           |  12 +-
 8 files changed, 165 insertions(+), 358 deletions(-)
 delete mode 100644 KTUSAPS/Auth/AdminAuthorizationHandler.cs
 create mode 100644 KTUSAPS/Auth/MyIssueRequirement.cs
 create mode 100644 KTUSAPS/Auth/SaPsAuthorizationHandler.cs
 delete mode 100644 KTUSAPS/Controllers/GlueController.cs
 create mode 100644 KTUSAPS/Models/RequestScope.cs

diff --git a/KTUSAPS/Auth/AdminAuthorizationHandler.cs b/KTUSAPS/Auth/AdminAuthorizationHandler.cs
deleted file mode 100644
index a3b7002..0000000
--- a/KTUSAPS/Auth/AdminAuthorizationHandler.cs
+++ /dev/null
@@ -1,38 +0,0 @@
-using KTUSAPS.Data;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.Extensions.DependencyInjection;
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-
-namespace KTUSAPS.Auth
-{
-    public class AdminAuthorizationHandler : AuthorizationHandler<AdminRequirement>
-    {
-        private readonly IServiceProvider serviceProvider;
-        public AdminAuthorizationHandler(IServiceProvider serviceProvider)
-        {
-            this.serviceProvider = serviceProvider;
-        }
-
-        protected async override Task HandleRequirementAsync(AuthorizationHandlerContext context, AdminRequirement requirement)
-        {
-            var idclaim = context.User.Claims.Where(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier").FirstOrDefault();
-            if(idclaim == default)
-            {
-                context.Fail();
-                return;
-            }
-            using var scope = serviceProvider.CreateScope();
-            var dataContext = scope.ServiceProvider.GetRequiredService<SAPSDataContext>();
-            var admin = await dataContext.Admins.Where(a => a.UserId == idclaim.Value).FirstOrDefaultAsync();
-            if (admin != default)
-            {
-                context.Succeed(requirement);
-                return;
-            }
-            context.Fail();
-        }
-    }
-}
diff --git a/KTUSAPS/Auth/MyIssueRequirement.cs b/KTUSAPS/Auth/MyIssueRequirement.cs
new file mode 100644
index 0000000..fc1c027
--- /dev/null
+++ b/KTUSAPS/Auth/MyIssueRequirement.cs
@@ -0,0 +1,8 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace KTUSAPS.Auth
+{
+    public class MyIssueRequirement : IAuthorizationRequirement
+    {
+    }
+}
diff --git a/KTUSAPS/Auth/SaPsAuthorizationHandler.cs b/KTUSAPS/Auth/SaPsAuthorizationHandler.cs
new file mode 100644
index 0000000..809deda
--- /dev/null
+++ b/KTUSAPS/Auth/SaPsAuthorizationHandler.cs
@@ -0,0 +1,117 @@
+using KTUSAPS.Data;
+using KTUSAPS.Data.Model;
+using KTUSAPS.Extensions;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace KTUSAPS.Auth
+{
+    public class SaPsAuthorizationHandler : IAuthorizationHandler
+    {
+        private readonly IServiceProvider serviceProvider;
+        public SaPsAuthorizationHandler(IServiceProvider serviceProvider)
+        {
+            this.serviceProvider = serviceProvider;
+        }
+
+        public async Task HandleAsync(AuthorizationHandlerContext context)
+        {
+            var cache = new AuthProcessingCache(context.User, serviceProvider);
+            foreach (var requirement in context.Requirements)
+            {
+                if (requirement is AdminRequirement adminRequirement)
+                    await HandleRequirementAsync(context, adminRequirement, cache);
+                if (requirement is MyIssueRequirement myIssueRequirement)
+                    await HandleRequirementAsync(context, myIssueRequirement, cache);
+            }
+        }
+
+        private async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyIssueRequirement myIssueRequirement, AuthProcessingCache cache)
+        {
+            if(context.Resource is not Issue issue)
+                throw new Exception($"'{nameof(MyIssueRequirement)}' must be issued with resource of type '{nameof(Issue)}'");
+            
+            if(issue.UserID == context.User.GetUserId())
+            {
+                context.Succeed(myIssueRequirement);
+                return;
+            }
+
+            if(await cache.DetermineIsAdminAsync())
+            {
+                context.Succeed(myIssueRequirement);
+                return;
+            }
+        }
+
+        private async Task HandleRequirementAsync(AuthorizationHandlerContext context, AdminRequirement adminRequirement, AuthProcessingCache cache)
+        {
+            if(await cache.DetermineIsAdminAsync())
+            {
+                context.Succeed(adminRequirement);
+                return;
+            }
+            context.Fail();
+        }
+
+
+        private class AuthProcessingCache
+        {
+            private readonly ClaimsPrincipal _user;
+            private readonly IServiceProvider _serviceProvider;
+
+            private bool? isAdmin;
+            public bool IsAdmin => determineIsAdminCached();
+
+            public AuthProcessingCache(ClaimsPrincipal user, IServiceProvider serviceProvider) {
+                _user = user;
+                _serviceProvider = serviceProvider;
+            }
+
+            private bool determineIsAdminCached()
+            {
+                if (isAdmin == null)
+                    isAdmin = determineIsAdmin();
+                return isAdmin.Value;
+            }
+
+            private bool determineIsAdmin()
+            {
+                var objectId = _user.GetObjectId();
+                if (objectId == default)
+                    return false;
+                using var scope = _serviceProvider.CreateScope();
+                var dataContext = scope.ServiceProvider.GetRequiredService<SAPSDataContext>();
+                var admin = dataContext.Admins.Where(a => a.UserId == objectId).FirstOrDefault();
+                if (admin != default)
+                    return true;
+                return false;
+            }
+
+            private async ValueTask<bool> determineIsAdminAsync()
+            {
+                var idclaim = _user.Claims.Where(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier").FirstOrDefault();
+                if (idclaim == default)
+                    return false;
+                using var scope = _serviceProvider.CreateScope();
+                var dataContext = scope.ServiceProvider.GetRequiredService<SAPSDataContext>();
+                var admin = await dataContext.Admins.Where(a => a.UserId == idclaim.Value).FirstOrDefaultAsync();
+                if (admin != default)
+                    return true;
+                return false;
+            }
+
+            public async ValueTask<bool> DetermineIsAdminAsync()
+            {
+                if (isAdmin == null)
+                    isAdmin = await determineIsAdminAsync();
+                return isAdmin.Value;
+            }
+        }
+    }
+}
diff --git a/KTUSAPS/ClientApp/src/components/NavMenu.vue b/KTUSAPS/ClientApp/src/components/NavMenu.vue
index 5f22888..d9df1ed 100644
--- a/KTUSAPS/ClientApp/src/components/NavMenu.vue
+++ b/KTUSAPS/ClientApp/src/components/NavMenu.vue
@@ -47,9 +47,9 @@
                 >Pateiktos problemos</router-link
               >
             </li>
-            <!-- <li class="nav-item">
+            <li v-if="$root.isLocal" class="nav-item">
               <a href="/swagger" class="nav-link">Swagger UI</a>
-            </li> -->
+            </li>
           </ul>
           <div class="navbar-nav">
             <template v-if="$store.state.msalAuth.isLoggedIn">
diff --git a/KTUSAPS/Controllers/GlueController.cs b/KTUSAPS/Controllers/GlueController.cs
deleted file mode 100644
index 321c08f..0000000
--- a/KTUSAPS/Controllers/GlueController.cs
+++ /dev/null
@@ -1,303 +0,0 @@
-using KTUSAPS.Data.Model;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.EntityFrameworkCore;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using System.Linq;
-using Microsoft.AspNetCore.Mvc.Infrastructure;
-
-namespace KTUSAPS.Controllers
-{
-    [Route("api")]
-    [ApiController]
-    [Produces("application/json")]
-    public class GlueController : ControllerBase
-    {
-        private readonly Data.SAPSDataContext dataContext;
-        private readonly IssuesController issuesController;
-        private readonly PublishedProblemsController publishedProblemsController;
-        private readonly PublishedFeedbacksController publishedFeedbacksController;
-
-        public GlueController(Data.SAPSDataContext dataContext, IssuesController issuesController, PublishedProblemsController publishedProblemsController, PublishedFeedbacksController publishedFeedbacksController)
-        {
-            this.dataContext = dataContext;
-            this.issuesController = issuesController;
-            this.publishedProblemsController = publishedProblemsController;
-            this.publishedFeedbacksController = publishedFeedbacksController;
-        }
-
-
-        [HttpGet("IssueTypes/{typeId}/Issues")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<IEnumerable<Issue>>> GetIssueTypeIssuesAsync(int typeId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            return Ok(issueType.Issues);
-        }
-
-        [HttpPost("IssueTypes/{typeId}/Issues")]
-        [ProducesResponseType(StatusCodes.Status201Created)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public async Task<ActionResult<Issue>> CreateIssueTypeIssueAsync(int typeId, [FromBody] Issue issueToCreate)
-        {
-            var issueType = await dataContext.IssueTypes.FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            issueToCreate.IssueTypeId = issueType.Id;
-            var createResult = await issuesController.CreateIssueAsync(issueToCreate);
-            if(createResult.Result is CreatedAtActionResult actionResult && actionResult.Value is Issue createdIssue)
-                return CreatedAtAction(nameof(GetIssueTypeIssueAsync), new { typeId = typeId, issueId = createdIssue.Id }, createdIssue);
-            return createResult;
-        }
-
-        [HttpGet("IssueTypes/{typeId}/Issues/{issueId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<Issue>> GetIssueTypeIssueAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-
-            return Ok(issue);
-        }
-
-        [HttpPatch("IssueTypes/{typeId}/Issues/{issueId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<Issue>> UpdateIssueTypeIssueAsync(int typeId, int issueId, [FromBody] Issue issue)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var dbIssue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (dbIssue == null)
-                return NotFound();
-            return await issuesController.UpdateIssueAsync(dbIssue.Id, issue);
-        }
-
-        [HttpDelete("IssueTypes/{typeId}/Issues/{issueId}")]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<IActionResult> DeleteIssueTypeIssueAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            return await issuesController.DeleteIssueAsync(issue.Id);
-        }
-
-        [HttpGet("IssueTypes/{typeId}/Issues/{issueId}/Problem")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<PublishedProblem>> GetIssueTypeIssueProblemAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem == null)
-                return NotFound();
-
-            return Ok(issue.Problem);
-        }
-
-        [HttpPost("IssueTypes/{typeId}/Issues/{issueId}/Problem")]
-        [ProducesResponseType(StatusCodes.Status201Created)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(StatusCodes.Status409Conflict)]
-        public async Task<ActionResult<PublishedProblem>> CreateIssueTypeIssueProblemAsync(int typeId, int issueId, [FromBody] PublishedProblem publishedProblem)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem != null)
-                return Conflict();
-            publishedProblem.IssueId = issue.Id;
-            var createResult = await publishedProblemsController.CreatePublishedProblem(publishedProblem);
-            if (createResult.Result is CreatedAtActionResult actionResult && actionResult.Value is PublishedProblem createdProblem)
-                return CreatedAtAction(nameof(GetIssueTypeIssueProblemAsync), new { typeId = typeId, issueId = issue.Id }, createdProblem);
-            return createResult;
-        }
-
-        [HttpDelete("IssueTypes/{typeId}/Issues/{issueId}/Problem")]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<IActionResult> DeleteIssueTypeIssueProblemAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem == null)
-                return NotFound();
-
-            dataContext.PublishedProblems.Remove(issue.Problem);
-            await dataContext.SaveChangesAsync();
-            return NoContent();
-        }
-
-
-        [HttpGet("IssueTypes/{typeId}/Issues/{issueId}/Feedback")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<PublishedProblem>> GetIssueTypeIssueFeedbackAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Feedback).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Feedback == null)
-                return NotFound();
-
-            return Ok(issue.Feedback);
-        }
-
-        [HttpPost("IssueTypes/{typeId}/Issues/{issueId}/Feedback")]
-        [ProducesResponseType(StatusCodes.Status201Created)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(StatusCodes.Status409Conflict)]
-        public async Task<ActionResult<PublishedFeedback>> CreateIssueTypeIssueFeedbackAsync(int typeId, int issueId, PublishedFeedback publishedFeedback)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Feedback).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Feedback != null)
-                return Conflict();
-
-            publishedFeedback.IssueId = issue.Id;
-            var createResult = await publishedFeedbacksController.PostPublishedFeedback(publishedFeedback);
-            if (createResult.Result is CreatedAtActionResult actionResult && actionResult.Value is PublishedFeedback createdFeedback)
-                return CreatedAtAction(nameof(GetIssueTypeIssueFeedbackAsync), new { typeId = typeId, issueId = issue.Id }, createdFeedback);
-            return createResult;
-        }
-
-        [HttpDelete("IssueTypes/{typeId}/Issues/{issueId}/Feedback")]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<IActionResult> DeleteIssueTypeIssueFeedbackAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Feedback == null)
-                return NotFound();
-
-            dataContext.PublishedFeedbacks.Remove(issue.Feedback);
-            await dataContext.SaveChangesAsync();
-            return NoContent();
-        }
-
-        [HttpGet("IssueTypes/{typeId}/Issues/{issueId}/Problem/Votes")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<IEnumerable<Vote>>> GetIssueTypeIssueProblemVotesAsync(int typeId, int issueId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).ThenInclude(p => p.Votes).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem == null)
-                return NotFound();
-
-            return Ok(issue.Problem.Votes);
-        }
-
-        [HttpPost("IssueTypes/{typeId}/Issues/{issueId}/Problem/Votes")]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        [ProducesResponseType(StatusCodes.Status201Created)]
-        public async Task<ActionResult<Vote>> CreateIssueTypeIssueProblemVotesAsync(int typeId, int issueId, Vote vote)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).ThenInclude(p => p.Votes).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem == null)
-                return NotFound();
-
-            // TODO: Get user id from auth claims
-            if (vote.UserId == default)
-                return BadRequest("Please provide user id");
-
-            vote.Problem = issue.Problem;
-            dataContext.Votes.Add(vote);
-            await dataContext.SaveChangesAsync();
-
-            return CreatedAtAction(nameof(GetIssueTypeIssueProblemVoteAsync), new { typeId = typeId, issueId = issue.Id, userId = vote.UserId }, vote);
-        }
-
-        [HttpGet("IssueTypes/{typeId}/Issues/{issueId}/Problem/Votes/{userId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<Vote>> GetIssueTypeIssueProblemVoteAsync(int typeId, int issueId, string userId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).ThenInclude(p => p.Votes).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem == null)
-                return NotFound();
-            var vote = issue.Problem.Votes.FirstOrDefault(v => v.UserId == userId);
-            if(vote == default)
-                return NotFound();
-
-            return Ok(vote);
-        }
-
-        [HttpDelete("IssueTypes/{typeId}/Issues/{issueId}/Problem/Votes/{userId}")]
-        [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<Vote>> DeleteIssueTypeIssueProblemVoteAsync(int typeId, int issueId, string userId)
-        {
-            var issueType = await dataContext.IssueTypes.Include(t => t.Issues).ThenInclude(i => i.Problem).ThenInclude(p => p.Votes).FirstOrDefaultAsync(t => t.Id == typeId);
-            if (issueType == default)
-                return NotFound();
-            var issue = issueType.Issues.FirstOrDefault(i => i.Id == issueId);
-            if (issue == null)
-                return NotFound();
-            if (issue.Problem == null)
-                return NotFound();
-            var vote = issue.Problem.Votes.FirstOrDefault(v => v.UserId == userId);
-            if (vote == default)
-                return NotFound();
-
-            dataContext.Votes.Remove(vote);
-            await dataContext.SaveChangesAsync();
-
-            return NoContent();
-        }
-    }
-}
diff --git a/KTUSAPS/Controllers/IssuesController.cs b/KTUSAPS/Controllers/IssuesController.cs
index 4c2246e..db2a9b8 100644
--- a/KTUSAPS/Controllers/IssuesController.cs
+++ b/KTUSAPS/Controllers/IssuesController.cs
@@ -1,9 +1,12 @@
-using KTUSAPS.Data.Model;
+using KTUSAPS.Auth;
+using KTUSAPS.Data.Model;
 using KTUSAPS.Extensions;
+using KTUSAPS.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
@@ -15,19 +18,29 @@ namespace KTUSAPS.Controllers
     public class IssuesController : ControllerBase
     {
         private readonly Data.SAPSDataContext dataContext;
+        private readonly IAuthorizationService _authorizationService;
 
-        public IssuesController(Data.SAPSDataContext dataContext)
+        public IssuesController(Data.SAPSDataContext dataContext, IAuthorizationService authorizationService)
         {
             this.dataContext = dataContext;
+            _authorizationService = authorizationService;
         }
 
 
         [HttpGet]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize("admin")]
-        public async Task<ActionResult<IEnumerable<Issue>>> GetIssues()
+        [Authorize]
+        public async Task<ActionResult<IEnumerable<Issue>>> GetIssues([FromQuery] RequestScope requestScope = RequestScope.All)
         {
-            return await dataContext.Issues.ToListAsync();
+            if (requestScope == RequestScope.All)
+            {
+                var authorizationResult = await _authorizationService.AuthorizeAsync(User, "admin");
+                if (!authorizationResult.Succeeded)
+                    return Forbid();
+                return await dataContext.Issues.ToListAsync();
+            } else if (requestScope == RequestScope.My)
+                return await dataContext.Issues.Where(i => i.UserID == User.GetUserId()).ToListAsync();
+            throw new NotImplementedException();
         }
 
         [HttpPost]
@@ -59,13 +72,17 @@ namespace KTUSAPS.Controllers
         [HttpGet("{id}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [Authorize("admin")]
-        public ActionResult<Issue> GetIssue(int id)
+        [Authorize]
+        public async Task<ActionResult<Issue>> GetIssue(int id)
         {
             var issue = dataContext.Issues.AsQueryable().Where(i => i.Id == id).FirstOrDefault();
             if(issue == default)
                 return NotFound();
-            return Ok(issue);
+
+            var authorizationResult = await _authorizationService.AuthorizeAsync(User, issue, new MyIssueRequirement());
+            if(authorizationResult.Succeeded)
+                return Ok(issue);
+            return Forbid();
         }
 
         [HttpPatch("{id}")]
diff --git a/KTUSAPS/Models/RequestScope.cs b/KTUSAPS/Models/RequestScope.cs
new file mode 100644
index 0000000..d4d346f
--- /dev/null
+++ b/KTUSAPS/Models/RequestScope.cs
@@ -0,0 +1,8 @@
+namespace KTUSAPS.Models
+{
+    public enum RequestScope
+    {
+        All,
+        My,
+    }
+}
\ No newline at end of file
diff --git a/KTUSAPS/Startup.cs b/KTUSAPS/Startup.cs
index 71690b6..6f1f1b8 100644
--- a/KTUSAPS/Startup.cs
+++ b/KTUSAPS/Startup.cs
@@ -45,21 +45,19 @@ namespace KTUSAPS
 
             services.AddAuthorization((configure) =>
             {
-                var adminPolicy = new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
+                configure.DefaultPolicy = new AuthorizationPolicyBuilder()
                     .RequireAuthenticatedUser()
+                    .Build();
+                configure.AddPolicy("admin", new AuthorizationPolicyBuilder(configure.DefaultPolicy)
                     .AddRequirements(new AdminRequirement())
-                    .Build();
-                configure.AddPolicy("admin", adminPolicy);
-                configure.DefaultPolicy = new Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder()
-                    .RequireAuthenticatedUser()
-                    .Build();
+                    .Build());
             });
 
             var connectionString = Configuration.GetConnectionString("Main");
             services.AddDbContext<Data.SAPSDataContext>((options) => options.UseMySql(connectionString, ServerVersion.AutoDetect(connectionString)));
             services.AddHostedService<DatabaseInitializationService>();
 
-            services.AddSingleton<IAuthorizationHandler, AdminAuthorizationHandler>();
+            services.AddSingleton<IAuthorizationHandler, SaPsAuthorizationHandler>();
 
             services.AddSwaggerGen(options =>
             {