Class TenantSuperAdminService
- Namespace
- KadicAuth.Infrastructure.Services
- Assembly
- KadicAuth.Infrastructure.dll
public sealed class TenantSuperAdminService : ITenantSuperAdminService
- Inheritance
-
objectTenantSuperAdminService
- Implements
Constructors
TenantSuperAdminService(ITenantSuperAdminRepository, IMemoryCache, ILogger<TenantSuperAdminService>)
public TenantSuperAdminService(ITenantSuperAdminRepository repository, IMemoryCache cache, ILogger<TenantSuperAdminService> logger)
Parameters
repositoryITenantSuperAdminRepositorycacheIMemoryCacheloggerILogger<TenantSuperAdminService>
Methods
GrantAsync(Guid, Guid, Guid, string, CancellationToken)
Grants (or re-grants) tenant-super-admin status to targetUserId
within tenantId. Writes an audit log entry in the same unit
of work. Invalidates the cache entry for the target user so subsequent
IsTenantSuperAdminAsync(Guid, Guid, CancellationToken) calls see the change immediately.
public Task GrantAsync(Guid targetUserId, Guid tenantId, Guid actorUserId, string reason, CancellationToken cancellationToken = default)
Parameters
targetUserIdGuidtenantIdGuidactorUserIdGuidreasonstringcancellationTokenCancellationToken
Returns
- Task
IsTenantSuperAdminAsync(Guid, Guid, CancellationToken)
Short-cached DB check. Hot path for the permission handler — invoked on every
request by a user carrying the tenant_super_admin JWT claim. Cache
duration is intentionally short (seconds, not minutes) so that a revoked
tenant super admin loses their privileges quickly.
public Task<bool> IsTenantSuperAdminAsync(Guid userId, Guid tenantId, CancellationToken cancellationToken = default)
Parameters
userIdGuidtenantIdGuidcancellationTokenCancellationToken
Returns
- Task<bool>
ListAsync(Guid, CancellationToken)
public Task<IReadOnlyList<TenantSuperAdminDto>> ListAsync(Guid tenantId, CancellationToken cancellationToken = default)
Parameters
tenantIdGuidcancellationTokenCancellationToken
Returns
- Task<IReadOnlyList<TenantSuperAdminDto>>
RevokeAsync(Guid, Guid, Guid, string, CancellationToken)
Revokes tenant-super-admin status. Fails (business rule) if the target is the last active super admin in the tenant, to prevent lockout.
public Task RevokeAsync(Guid targetUserId, Guid tenantId, Guid actorUserId, string reason, CancellationToken cancellationToken = default)
Parameters
targetUserIdGuidtenantIdGuidactorUserIdGuidreasonstringcancellationTokenCancellationToken
Returns
- Task