Class PlatformAdminAwarePermissionService
- Namespace
- KadicAuth.Infrastructure.Services
- Assembly
- KadicAuth.Infrastructure.dll
Decorator over the base KadicErp.Core.Abstractions.Authorization.IPermissionService implementation
(KadicErp.Core.Authentication.Services.PermissionService) that short
circuits for active platform admins and tenant super admins.
Why a decorator instead of modifying the base class: KadicErp.Core.Authentication
would have to reference KadicAuth.Application to see
IPlatformAdminService, which creates a dependency cycle
(KadicAuth.Application → KadicErp.Core.Authentication → KadicAuth.Application).
This lives in KadicAuth.Infrastructure which already references
both projects, so we get the behavior we need without touching the core
auth services layer.
Wire-up: register this as the KadicErp.Core.Abstractions.Authorization.IPermissionService implementation
in every API host (KadicAuth.Api, KadicErp.WebApi, KadicErp.Notifications.Api),
AND also register the base KadicErp.Core.Authentication.Services.PermissionService
so the decorator has a concrete dependency to delegate to. See the DI
helper AddPlatformAdminAwarePermissions() below.
public sealed class PlatformAdminAwarePermissionService : IPermissionService
- Inheritance
-
objectPlatformAdminAwarePermissionService
- Implements
-
IPermissionService
Constructors
PlatformAdminAwarePermissionService(IPermissionService, ICurrentUser, IPlatformAdminService, ITenantSuperAdminService, IPermissionRepository)
public PlatformAdminAwarePermissionService(IPermissionService inner, ICurrentUser currentUser, IPlatformAdminService platformAdminService, ITenantSuperAdminService tenantSuperAdminService, IPermissionRepository permissionRepository)
Parameters
innerIPermissionServicecurrentUserICurrentUserplatformAdminServiceIPlatformAdminServicetenantSuperAdminServiceITenantSuperAdminServicepermissionRepositoryIPermissionRepository
Methods
GetUserPermissionsAsync(CancellationToken)
Gets all permission codes for the current user based on their roles
public Task<IReadOnlyCollection<string>> GetUserPermissionsAsync(CancellationToken cancellationToken = default)
Parameters
cancellationTokenCancellationToken
Returns
- Task<IReadOnlyCollection<string>>
HasPermissionAsync(string, CancellationToken)
Checks if the current user has a specific permission
public Task<bool> HasPermissionAsync(string permissionCode, CancellationToken cancellationToken = default)
Parameters
permissionCodestringcancellationTokenCancellationToken
Returns
- Task<bool>
InvalidateCache(Guid, Guid, Guid)
Delegates cache invalidation to the inner service. The elevated all-permissions cache is scope-local (per-request), so there is nothing extra to clear here.
public void InvalidateCache(Guid userId, Guid tenantId, Guid branchId)
Parameters
userIdGuidtenantIdGuidbranchIdGuid