Bulk roles/permissions.

Author: eben-roux

README.md

@@ -5,30 +5,3 @@ An Identity and Access Management (IAM) platform.
 # Documentation
 
 Please visit the [Shuttle.Access documentation](https://www.pendel.co.za/shuttle-access/home.html) for more information
-
-- move "allow identity/password" setting to back-end
-- add description to identity (for OID scenarios)
-- logging of tokens as option
-- configuration.json:
-
-```json
-{
-    "Roles": [
-        {
-            "Name": "Admin",
-            "Description": "Administrator role",
-            "Permissions": [
-                "system://name/permission-a"
-            ]
-        },
-        {
-            "Name": "User",
-            "Description": "User role"
-        }
-    ],
-    "Permissions": [
-        "system://name/permission-a",
-        "system://name/permission-b",
-    ]
-}
-```

Shuttle.Access.Application/.package/package.nuspec

@@ -17,6 +17,7 @@
     <tags>iam identity authorization authentication security permissions</tags>
     <dependencies>
             <dependency id="Microsoft.CSharp" version="4.7.0" />
+      <dependency id="Shuttle.Access" version="7.3.0" />
       <dependency id="Shuttle.Core.Contract" version="20.0.1" />
       <dependency id="Shuttle.Core.Mediator" version="20.0.0" />
       <dependency id="Shuttle.Esb" version="20.0.0" />

Shuttle.Access.Application/ConfigureApplicationParticipant.cs

@@ -84,10 +84,7 @@ public async Task ProcessMessageAsync(IParticipantContext<ConfigureApplication>
         {
             _logger.LogDebug("[role/registration] : name = 'Administrator'");
 
-            var registerRoleMessage = new RequestResponseMessage<RegisterRole, RoleRegistered>(new()
-            {
-                Name = "Administrator"
-            });
+            var registerRoleMessage = new RequestResponseMessage<RegisterRole, RoleRegistered>(new("Administrator"));
 
             await _mediator.SendAsync(registerRoleMessage);
 

Shuttle.Access.Application/Messages/RegisterRole.cs

@@ -0,0 +1,40 @@
+using System.Collections.Generic;
+using Shuttle.Core.Contract;
+
+namespace Shuttle.Access.Application;
+
+public class RegisterRole
+{
+    private readonly List<string> _permissions = [];
+
+    public string Name { get; }
+    public bool HasMissingPermissions { get; private set; }
+    
+    public RegisterRole(string name)
+    {
+        Name = Guard.AgainstEmpty(name);
+    }
+
+    public RegisterRole AddPermissions(IEnumerable<string> permissions)
+    {
+        Guard.AgainstNull(permissions);
+
+        foreach (var permission in permissions)
+        {
+            if (!_permissions.Contains(permission))
+            {
+                _permissions.Add(permission);
+            }
+        }
+
+        return this;
+    }
+
+    public IEnumerable<string> GetPermissions() => _permissions.AsReadOnly();
+
+    public RegisterRole MissingPermissions()
+    {
+        HasMissingPermissions = true;
+        return this;
+    }
+}

Shuttle.Access.Application/RegisterRoleParticipant.cs

@@ -1,5 +1,8 @@
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
+using Shuttle.Access.DataAccess;
 using Shuttle.Access.Messages.v1;
 using Shuttle.Core.Contract;
 using Shuttle.Core.Mediator;
@@ -10,13 +13,15 @@ namespace Shuttle.Access.Application;
 
 public class RegisterRoleParticipant : IParticipant<RequestResponseMessage<RegisterRole, RoleRegistered>>
 {
+    private readonly IPermissionQuery _permissionQuery;
     private readonly IEventStore _eventStore;
     private readonly IIdKeyRepository _idKeyRepository;
 
-    public RegisterRoleParticipant(IEventStore eventStore, IIdKeyRepository idKeyRepository)
+    public RegisterRoleParticipant(IEventStore eventStore, IIdKeyRepository idKeyRepository, IPermissionQuery permissionQuery)
     {
         _eventStore = Guard.AgainstNull(eventStore);
         _idKeyRepository = Guard.AgainstNull(idKeyRepository);
+        _permissionQuery = Guard.AgainstNull(permissionQuery);
     }
 
     public async Task ProcessMessageAsync(IParticipantContext<RequestResponseMessage<RegisterRole, RoleRegistered>> context)
@@ -25,6 +30,24 @@ public async Task ProcessMessageAsync(IParticipantContext<RequestResponseMessage
 
         var message = context.Message.Request;
 
+        var permissionIds = new List<Guid>();
+
+        foreach (var permission in message.GetPermissions())
+        {
+            var permissionId = (await _permissionQuery.SearchAsync(new DataAccess.Permission.Specification().AddName(permission))).FirstOrDefault()?.Id;
+
+            if (permissionId.HasValue)
+            {
+                permissionIds.Add(permissionId.Value);
+            }
+            else
+            {
+
+                message.MissingPermissions();
+                return;
+            }
+        }
+
         var key = Role.Key(message.Name);
 
         if (await _idKeyRepository.ContainsAsync(key))
@@ -41,6 +64,14 @@ public async Task ProcessMessageAsync(IParticipantContext<RequestResponseMessage
 
         stream.Add(role.Register(message.Name));
 
+        foreach (var permissionId in permissionIds)
+        {
+            if (!role.HasPermission(permissionId))
+            {
+                stream.Add(role.AddPermission(permissionId));
+            }
+        }
+
         context.Message.WithResponse(new()
         {
             Id = id,

Shuttle.Access.Application/Shuttle.Access.Application.csproj

@@ -16,17 +16,14 @@
 
 	<ItemGroup>
 		<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
+		<PackageReference Include="Shuttle.Access" Version="7.3.0" />
 		<PackageReference Include="Shuttle.Core.Contract" Version="20.0.1" />
 		<PackageReference Include="Shuttle.Core.Mediator" Version="20.0.0" />
 		<PackageReference Include="Shuttle.Esb" Version="20.0.0" />
 		<PackageReference Include="Shuttle.Recall" Version="20.0.0" />
 		<PackageReference Include="Shuttle.Recall.Sql.Storage" Version="20.0.0" />
 	</ItemGroup>
 
-	<ItemGroup>
-	  <ProjectReference Include="..\Shuttle.Access\Shuttle.Access.csproj" />
-	</ItemGroup>
-
 	<ItemGroup>
 	  <Compile Update="Resources.Designer.cs">
 	    <DesignTime>True</DesignTime>

Shuttle.Access.AspNetCore/.package/package.nuspec

@@ -17,7 +17,7 @@
     <tags>iam middleware authorization permissions</tags>
     <dependencies>
             <dependency id="Microsoft.IdentityModel.JsonWebTokens" version="8.7.0" />
-      <dependency id="Shuttle.Access" version="7.2.3" />
+      <dependency id="Shuttle.Access" version="7.3.0" />
       <dependency id="Shuttle.Core.Contract" version="20.0.1" />
     </dependencies>
   </metadata>

Shuttle.Access.AspNetCore/Authentication/RoutingAuthenticationHandler.cs

@@ -2,15 +2,20 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Shuttle.Core.Contract;
 
 namespace Shuttle.Access.AspNetCore.Authentication;
 
 public class RoutingAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 {
+    private readonly ILogger _logger;
+    private readonly AccessOptions _accessOptions;
     public const string AuthenticationScheme = "Routing";
 
-    public RoutingAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder) : base(options, logger, encoder)
+    public RoutingAuthenticationHandler(IOptions<AccessOptions> accessOptions, IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder) : base(options, logger, encoder)
     {
+        _accessOptions = Guard.AgainstNull(Guard.AgainstNull(accessOptions).Value);
+        _logger = logger.CreateLogger(GetType());
     }
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()

Shuttle.Access.Messages/v1/RegisterIdentity.cs

@@ -1,6 +1,4 @@
-using System;
-
-namespace Shuttle.Access.Messages.v1;
+namespace Shuttle.Access.Messages.v1;
 
 public class RegisterIdentity
 {

Shuttle.Access.Messages/v1/RegisterRole.cs

@@ -1,6 +1,10 @@
-namespace Shuttle.Access.Messages.v1;
+using System.Collections.Generic;
+
+namespace Shuttle.Access.Messages.v1;
 
 public class RegisterRole
 {
     public string Name { get; set; } = default!;
+    public List<string> Permissions { get; set; } = [];
+    public int WaitCount { get; set; }
 }