Table of Contents

Class PlatformAdminAwarePermissionService

Namespace
KadicAuth.Infrastructure.Services
Assembly
KadicAuth.Infrastructure.dll

Decorator over the base KadicErp.Core.Abstractions.Authorization.IPermissionService implementation (KadicErp.Core.Authentication.Services.PermissionService) that short circuits for active platform admins and tenant super admins.

Why a decorator instead of modifying the base class: KadicErp.Core.Authentication would have to reference KadicAuth.Application to see IPlatformAdminService, which creates a dependency cycle (KadicAuth.Application → KadicErp.Core.Authentication → KadicAuth.Application). This lives in KadicAuth.Infrastructure which already references both projects, so we get the behavior we need without touching the core auth services layer.

Wire-up: register this as the KadicErp.Core.Abstractions.Authorization.IPermissionService implementation in every API host (KadicAuth.Api, KadicErp.WebApi, KadicErp.Notifications.Api), AND also register the base KadicErp.Core.Authentication.Services.PermissionService so the decorator has a concrete dependency to delegate to. See the DI helper AddPlatformAdminAwarePermissions() below.

public sealed class PlatformAdminAwarePermissionService : IPermissionService
Inheritance
object
PlatformAdminAwarePermissionService
Implements
IPermissionService

Constructors

PlatformAdminAwarePermissionService(IPermissionService, ICurrentUser, IPlatformAdminService, ITenantSuperAdminService, IPermissionRepository)

public PlatformAdminAwarePermissionService(IPermissionService inner, ICurrentUser currentUser, IPlatformAdminService platformAdminService, ITenantSuperAdminService tenantSuperAdminService, IPermissionRepository permissionRepository)

Parameters

inner IPermissionService
currentUser ICurrentUser
platformAdminService IPlatformAdminService
tenantSuperAdminService ITenantSuperAdminService
permissionRepository IPermissionRepository

Methods

GetUserPermissionsAsync(CancellationToken)

Gets all permission codes for the current user based on their roles

public Task<IReadOnlyCollection<string>> GetUserPermissionsAsync(CancellationToken cancellationToken = default)

Parameters

cancellationToken CancellationToken

Returns

Task<IReadOnlyCollection<string>>

HasPermissionAsync(string, CancellationToken)

Checks if the current user has a specific permission

public Task<bool> HasPermissionAsync(string permissionCode, CancellationToken cancellationToken = default)

Parameters

permissionCode string
cancellationToken CancellationToken

Returns

Task<bool>

InvalidateCache(Guid, Guid, Guid)

Delegates cache invalidation to the inner service. The elevated all-permissions cache is scope-local (per-request), so there is nothing extra to clear here.

public void InvalidateCache(Guid userId, Guid tenantId, Guid branchId)

Parameters

userId Guid
tenantId Guid
branchId Guid