Interface ITenantSuperAdminService
- Assembly
- KadicAuth.Application.dll
Application-level entry point for tenant-super-admin membership. Handlers and the controller depend on this, not directly on the repository, so the service can layer caching, audit-log coordination and business rules (e.g. last-admin protection) in one place.
public interface ITenantSuperAdminService
Methods
GrantAsync(Guid, Guid, Guid, string, CancellationToken)
Grants (or re-grants) tenant-super-admin status to targetUserId
within tenantId. Writes an audit log entry in the same unit
of work. Invalidates the cache entry for the target user so subsequent
IsTenantSuperAdminAsync(Guid, Guid, CancellationToken) calls see the change immediately.
Task GrantAsync(Guid targetUserId, Guid tenantId, Guid actorUserId, string reason, CancellationToken cancellationToken = default)
Parameters
targetUserIdGuidtenantIdGuidactorUserIdGuidreasonstringcancellationTokenCancellationToken
Returns
- Task
IsTenantSuperAdminAsync(Guid, Guid, CancellationToken)
Short-cached DB check. Hot path for the permission handler — invoked on every
request by a user carrying the tenant_super_admin JWT claim. Cache
duration is intentionally short (seconds, not minutes) so that a revoked
tenant super admin loses their privileges quickly.
Task<bool> IsTenantSuperAdminAsync(Guid userId, Guid tenantId, CancellationToken cancellationToken = default)
Parameters
userIdGuidtenantIdGuidcancellationTokenCancellationToken
Returns
- Task<bool>
ListAsync(Guid, CancellationToken)
Task<IReadOnlyList<TenantSuperAdminDto>> ListAsync(Guid tenantId, CancellationToken cancellationToken = default)
Parameters
tenantIdGuidcancellationTokenCancellationToken
Returns
- Task<IReadOnlyList<TenantSuperAdminDto>>
RevokeAsync(Guid, Guid, Guid, string, CancellationToken)
Revokes tenant-super-admin status. Fails (business rule) if the target is the last active super admin in the tenant, to prevent lockout.
Task RevokeAsync(Guid targetUserId, Guid tenantId, Guid actorUserId, string reason, CancellationToken cancellationToken = default)
Parameters
targetUserIdGuidtenantIdGuidactorUserIdGuidreasonstringcancellationTokenCancellationToken
Returns
- Task