using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Options; using Nuuru.Server.Models; using System.Security.Claims; namespace Nuuru.Server.Auth { public class AppClaimsPrincipalFactory : UserClaimsPrincipalFactory { private readonly RoleManager _roleManager; private readonly UserManager _userManager; public AppClaimsPrincipalFactory( UserManager userManager, RoleManager roleManager, IOptions optionsAccessor) : base(userManager, roleManager, optionsAccessor) { _roleManager = roleManager; _userManager = userManager; } protected override async Task GenerateClaimsAsync(ApplicationUser user) { var identity = await base.GenerateClaimsAsync(user); // Remove any permission claims that base added so we can rebuild the effective set foreach (var c in identity.FindAll(Permissions.ClaimType).ToList()) identity.RemoveClaim(c); // Get role claims var roleClaims = new List(); var roles = await _userManager.GetRolesAsync(user); foreach (var roleName in roles) { var role = await _roleManager.FindByNameAsync(roleName); if (role is null) continue; var claims = await _roleManager.GetClaimsAsync(role); roleClaims.AddRange(claims); } // Get user claims var userClaims = await _userManager.GetClaimsAsync(user); // Compute effective permissions using utility var effectivePermissions = PermissionCalculator.ComputeEffectivePermissionsFromClaims( roleClaims, userClaims); foreach (var perm in effectivePermissions) identity.AddClaim(new Claim(Permissions.ClaimType, perm)); return identity; } } }