ChilliCream · michaelstaib · Dec 19, 2019 · Dec 19, 2019 · Dec 19, 2019
diff --git a/src/Server/AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Server/AspNetCore.Authorization/AuthorizeAttribute.cs
@@ -0,0 +1,71 @@
+using System;
+using System.Reflection;
+using HotChocolate.Types;
+using HotChocolate.Types.Descriptors;
+
+#if !ASPNETCLASSIC
+using System.Collections.ObjectModel;
+#endif
+
+#if ASPNETCLASSIC
+namespace HotChocolate.AspNetClassic.Authorization
+#else
+namespace HotChocolate.AspNetCore.Authorization
+#endif
+{
+    [AttributeUsage(
+        AttributeTargets.Class
+        | AttributeTargets.Struct
+        | AttributeTargets.Property
+        | AttributeTargets.Method,
+        Inherited = true,
+        AllowMultiple = true)]
+    public sealed class AuthorizeAttribute : DescriptorAttribute
+    {
+        public string Policy { get; set; }
+
+        public string[] Roles { get; set; }
+
+        protected override void TryConfigure(
+            IDescriptorContext context,
+            IDescriptor descriptor,
+            ICustomAttributeProvider element)
+        {
+            if (descriptor is IObjectTypeDescriptor type)
+            {
+                type.Directive(CreateDirective());
+            }
+            else if (descriptor is IObjectFieldDescriptor field)
+            {
+                field.Directive(CreateDirective());
+            }
+        }
+
+        private AuthorizeDirective CreateDirective()
+        {
+#if ASPNETCLASSIC
+            if (Roles is { })
+            {
+                return new AuthorizeDirective(Roles);
+            }
+            else
+            {
+                return new AuthorizeDirective();
+            }
+#else
+            if (Policy is { })
+            {
+                return new AuthorizeDirective(Policy);
+            }
+            else if(Roles is { })
+            {
+                return new AuthorizeDirective(Roles);
+            }
+            else
+            {
+                return new AuthorizeDirective();
+            }
+#endif
+        }
+    }
+}
diff --git a/src/Server/AspNetCore.Authorization/AuthorizeDirective.cs b/src/Server/AspNetCore.Authorization/AuthorizeDirective.cs
@@ -1,8 +1,11 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Reflection;
 using System.Runtime.Serialization;
 using HotChocolate.Language;
+using HotChocolate.Types;
+using HotChocolate.Types.Descriptors;
 
 #if !ASPNETCLASSIC
 using System.Collections.ObjectModel;

diff --git a/src/Server/AspNetCore.Tests/Authorization/AuthorizationTestData.cs b/src/Server/AspNetCore.Tests/Authorization/AuthorizationTestData.cs
@@ -1,6 +1,5 @@
 using System.Collections;
 using System.Collections.Generic;
-using HotChocolate.Execution;
 using HotChocolate.Resolvers;
 
 namespace HotChocolate.AspNetCore.Authorization
@@ -54,4 +53,43 @@ public IEnumerator<object[]> GetEnumerator()
 
         IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
     }
+
+    public class AuthorizationAttributeTestData
+        : IEnumerable<object[]>
+    {
+        public class Query
+        {
+            [Authorize]
+            public string GetDefault() => "foo";
+
+            [Authorize(Policy = "HasAgeDefined")]
+            public string GetAge() => "foo";
+
+            [Authorize(Roles = new[] { "a" })]
+            public string GetRoles() => "foo";
+
+            [Authorize(Roles = new[] { "a", "b" })]
+            [GraphQLName("roles_ab")]
+            public string GetRolesAb() => "foo";
+
+            [Authorize(Policy = "a")]
+            [Authorize(Policy = "b")]
+            public string GetPiped() => "foo";
+        }
+
+        private ISchema CreateSchema()
+        {
+            return SchemaBuilder.New()
+                .AddQueryType<Query>()
+                .AddAuthorizeDirectiveType()
+                .Create();
+        }
+
+        public IEnumerator<object[]> GetEnumerator()
+        {
+            yield return new object[] { CreateSchema() };
+        }
+
+        IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
+    }
 }
diff --git a/src/Server/AspNetCore.Tests/Authorization/AuthorizationTests.cs b/src/Server/AspNetCore.Tests/Authorization/AuthorizationTests.cs
@@ -25,6 +25,7 @@ public AuthorizationTests(TestServerFactory serverFactory)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public void AuthorizeDirective_Defined(ISchema schema)
         {
             // arrange
@@ -36,6 +37,7 @@ public void AuthorizeDirective_Defined(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task DefaultPolicy_NotFound(ISchema schema)
         {
             // arrange
@@ -74,7 +76,8 @@ public async Task DefaultPolicy_NotFound(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
-        public async Task NoAuthServices_Autheticated_True(
+        [ClassData(typeof(AuthorizationAttributeTestData))]
+        public async Task NoAuthServices_Authenticated_True(
             ISchema schema)
         {
             // arrange
@@ -108,7 +111,8 @@ public async Task NoAuthServices_Autheticated_True(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
-        public async Task NoAuthServices_Autheticated_False(
+        [ClassData(typeof(AuthorizationAttributeTestData))]
+        public async Task NoAuthServices_Authenticated_False(
             ISchema schema)
         {
             // arrange
@@ -142,6 +146,7 @@ public async Task NoAuthServices_Autheticated_False(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Policy_NotFound(ISchema schema)
         {
             // arrange
@@ -183,6 +188,7 @@ public async Task Policy_NotFound(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Policy_NotAuthorized(ISchema schema)
         {
             // arrange
@@ -224,6 +230,7 @@ public async Task Policy_NotAuthorized(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Policy_Resources_Is_IResolverContext(ISchema schema)
         {
             // arrange
@@ -264,6 +271,7 @@ public async Task Policy_Resources_Is_IResolverContext(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Policy_Authorized(ISchema schema)
         {
             // arrange
@@ -308,6 +316,7 @@ public async Task Policy_Authorized(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Roles_UserHasNoRoles_NotAuthorized(
             ISchema schema)
         {
@@ -342,6 +351,7 @@ public async Task Roles_UserHasNoRoles_NotAuthorized(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Roles_UserHasDifferentRoles_NotAuthorized(
             ISchema schema)
         {
@@ -379,6 +389,7 @@ public async Task Roles_UserHasDifferentRoles_NotAuthorized(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Roles_UserHasNoneOfTheRoles_NotAuthorized(
             ISchema schema)
         {
@@ -416,6 +427,7 @@ public async Task Roles_UserHasNoneOfTheRoles_NotAuthorized(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Roles_UserHasAllOfTheRoles_Authorized(
             ISchema schema)
         {
@@ -456,6 +468,7 @@ public async Task Roles_UserHasAllOfTheRoles_Authorized(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Roles_UserHasOneOfTheRoles_Authorized(
             ISchema schema)
         {
@@ -493,6 +506,7 @@ public async Task Roles_UserHasOneOfTheRoles_Authorized(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task Roles_Authorized(ISchema schema)
         {
             // arrange
@@ -529,6 +543,7 @@ public async Task Roles_Authorized(ISchema schema)
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task PipedAuthorizeDirectives_Authorized(
             ISchema schema)
         {
@@ -582,6 +597,7 @@ public async Task PipedAuthorizeDirectives_Authorized(
 
         [Theory]
         [ClassData(typeof(AuthorizationTestData))]
+        [ClassData(typeof(AuthorizationAttributeTestData))]
         public async Task PipedAuthorizeDirectives_SecondFails_NotAuthorized(
             ISchema schema)
         {

diff --git a/...ts.NoAuthServices_Autheticated_False.snap → ...s.NoAuthServices_Authenticated_False.snap b/...ts.NoAuthServices_Autheticated_False.snap → ...s.NoAuthServices_Authenticated_False.snap
diff --git a/...sts.NoAuthServices_Autheticated_True.snap → ...ts.NoAuthServices_Authenticated_True.snap b/...sts.NoAuthServices_Autheticated_True.snap → ...ts.NoAuthServices_Authenticated_True.snap