From be746442716c1d2129713334202b36d6034c1c77 Mon Sep 17 00:00:00 2001
From: TidusJar <tidusjar@gmail.com>
Date: Wed, 6 Sep 2017 15:11:13 +0100
Subject: [PATCH] Added a authorization filter so we can see hangfire outisde
 of the local requests

---
 src/Ombi/Startup.cs | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/Ombi/Startup.cs b/src/Ombi/Startup.cs
index 21217cf00..823fffafe 100644
--- a/src/Ombi/Startup.cs
+++ b/src/Ombi/Startup.cs
@@ -5,6 +5,7 @@ using System.Text;
 using AutoMapper;
 using AutoMapper.EquivalencyExpression;
 using Hangfire;
+using Hangfire.Dashboard;
 using Hangfire.MemoryStorage;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -21,6 +22,7 @@ using Microsoft.Extensions.Options;
 using Microsoft.Extensions.PlatformAbstractions;
 using Microsoft.IdentityModel.Tokens;
 using Ombi.Config;
+using Ombi.Core.Claims;
 using Ombi.DependencyInjection;
 using Ombi.Helpers;
 using Ombi.Mapping;
@@ -195,7 +197,10 @@ namespace Ombi
             }
             
             app.UseHangfireServer();
-            app.UseHangfireDashboard();
+            app.UseHangfireDashboard("/hangfire", new DashboardOptions
+            {
+                Authorization = new [] { new HangfireAuthorizationFilter() }
+            }););
 
             app.UseSwaggerUI(c =>
             {
@@ -230,4 +235,15 @@ namespace Ombi
             });
         }
     }
+    
+    public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter
+    {
+        public bool Authorize(DashboardContext context)
+        {
+            var httpContext = context.GetHttpContext();
+
+            // Allow all authenticated users to see the Dashboard (potentially dangerous).
+            return httpContext.User.IsInRole(OmbiRoles.Admin);
+        }
+    }
 }