Interface IPlatformAdminService
- Namespace
- KadicAuth.Application.PlatformAdmins.Abstractions
- Assembly
- KadicAuth.Application.dll
Application-level entry point for platform-admin membership. Handlers and the admin controller depend on this, not directly on the repository, so the service can layer caching, audit-log coordination and business rules (e.g. self-lockout protection) in one place.
public interface IPlatformAdminServiceMethods
GrantAsync(Guid, Guid, string, CancellationToken)
Grants (or re-grants) platform admin status to targetUserId.
Writes an audit log entry in the same unit of work. Invalidates the cache
entry for the target user so subsequent IsPlatformAdminAsync(Guid, CancellationToken)
calls see the change immediately.
Task GrantAsync(Guid targetUserId, Guid actorUserId, string reason, CancellationToken cancellationToken = default)Parameters
targetUserIdGuidactorUserIdGuidreasonstringcancellationTokenCancellationToken
Returns
- Task
IsPlatformAdminAsync(Guid, CancellationToken)
Short-cached DB check. Hot path for the wizard handlers — invoked on every cross-tenant bypass. Cache duration is intentionally short (seconds, not minutes) so that a revoked platform admin loses their privileges quickly.
Task<bool> IsPlatformAdminAsync(Guid userId, CancellationToken cancellationToken = default)Parameters
userIdGuidcancellationTokenCancellationToken
Returns
- Task<bool>
ListAsync(CancellationToken)
Task<IReadOnlyList<PlatformAdminDto>> ListAsync(CancellationToken cancellationToken = default)Parameters
cancellationTokenCancellationToken
Returns
- Task<IReadOnlyList<PlatformAdminDto>>
RevokeAsync(Guid, Guid, string, CancellationToken)
Revokes platform admin status. Fails (business rule) if the target is the last active admin, to prevent self-lockout of the platform.
Task RevokeAsync(Guid targetUserId, Guid actorUserId, string reason, CancellationToken cancellationToken = default)Parameters
targetUserIdGuidactorUserIdGuidreasonstringcancellationTokenCancellationToken
Returns
- Task