Table of Contents

Class PlatformAdminRepository

Namespace
KadicAuth.Infrastructure.Repositories
Assembly
KadicAuth.Infrastructure.dll
public sealed class PlatformAdminRepository : IPlatformAdminRepository
Inheritance
object
PlatformAdminRepository
Implements

Constructors

PlatformAdminRepository(AuthDbContext)

public PlatformAdminRepository(AuthDbContext context)

Parameters

context AuthDbContext

Methods

AddAsync(PlatformAdmin, CancellationToken)

public Task AddAsync(PlatformAdmin platformAdmin, CancellationToken cancellationToken = default)

Parameters

platformAdmin PlatformAdmin
cancellationToken CancellationToken

Returns

Task

AddAuditLogAsync(PlatformAdminAuditLogEntry, CancellationToken)

public Task AddAuditLogAsync(PlatformAdminAuditLogEntry entry, CancellationToken cancellationToken = default)

Parameters

entry PlatformAdminAuditLogEntry
cancellationToken CancellationToken

Returns

Task

CountActiveAsync(CancellationToken)

Count of currently-active platform admins. Used by the controller to prevent a platform-admin from revoking themselves when they are the last one standing.

public Task<int> CountActiveAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task<int>

GetAllActiveAsync(CancellationToken)

Returns all currently-active platform admins. Used only at startup for the integrity scan — not on the hot authentication path.

public Task<IReadOnlyList<PlatformAdmin>> GetAllActiveAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task<IReadOnlyList<PlatformAdmin>>

GetByUserIdAsync(Guid, CancellationToken)

public Task<PlatformAdmin?> GetByUserIdAsync(Guid userId, CancellationToken cancellationToken = default)

Parameters

userId Guid
cancellationToken CancellationToken

Returns

Task<PlatformAdmin>

HasAuditLogEntryAsync(Guid, CancellationToken)

Security cross-check: returns true only if the audit log contains at least one 'Granted' or 'ReGranted' entry for the given user. A row in PlatformAdmins without a matching audit entry is a sign of direct database manipulation.

public Task<bool> HasAuditLogEntryAsync(Guid userId, CancellationToken cancellationToken = default)

Parameters

userId Guid
cancellationToken CancellationToken

Returns

Task<bool>

IsActiveAsync(Guid, CancellationToken)

Hot-path lookup: is the given user currently an ACTIVE platform admin? Must be a short, indexed query — it is invoked on every cross-tenant check in the patched handlers.

public Task<bool> IsActiveAsync(Guid userId, CancellationToken cancellationToken = default)

Parameters

userId Guid
cancellationToken CancellationToken

Returns

Task<bool>

ListAsync(CancellationToken)

public Task<IReadOnlyList<PlatformAdminDto>> ListAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task<IReadOnlyList<PlatformAdminDto>>

SaveChangesAsync(CancellationToken)

public Task SaveChangesAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task

UpdateAsync(PlatformAdmin, CancellationToken)

public Task UpdateAsync(PlatformAdmin platformAdmin, CancellationToken cancellationToken = default)

Parameters

platformAdmin PlatformAdmin
cancellationToken CancellationToken

Returns

Task