Namespace KadicAuth.Application.Permissions.Seeding

Classes

PermissionAutoSeedHostedService

Runs once at application startup and seeds every permission declared in KadicErp.Core.Abstractions.Authorization.Permissions that is not yet in the database. New permissions are automatically assigned to all active roles (and tenant roles, except platform-scoped codes) by the existing SeedPermissionsCommand handler.

The seeder is idempotent. Existing permissions are skipped. It groups entries by module so that a missing module (unmapped / not yet provisioned in Auth.Modules) does not abort the whole sweep.

Controlled by Permissions:AutoSeedOnStartup (default: true). Set to false in appsettings to disable (e.g. read-only envs).

PermissionReflectionScanner

Walks the KadicErp.Core.Abstractions.Authorization.Permissions static class by reflection and converts every nested submodule / constant into a PermissionSeedEntry.

Convention: - Top-level nested class (e.g. Permissions.RentACar) = module. - Second-level nested class (e.g. Permissions.RentACar.RentalTypes) = submodule. - public const string members inside a submodule class = permission codes.

The ModuleKeyMap resolves top-level class names to the ModuleKey stored in Auth.Modules. Classes not in the map are skipped silently so this seeder can roll out gradually without needing every historical module mapped on day one.