feat: resolve role-based authorization by extracting Roles claim from JWT and storing in state provider
This commit is contained in:
@@ -23,7 +23,8 @@ public record UserProfile(
|
||||
Guid TenantId,
|
||||
SubscriptionPlanDto Plan,
|
||||
int AverageQuizScore,
|
||||
LastReadBookDto? LastReadBook)
|
||||
LastReadBookDto? LastReadBook,
|
||||
string[] Roles)
|
||||
{
|
||||
// Helper properties for UI compatibility
|
||||
public string CurrentPlan => Plan?.Name ?? PlanConstants.DefaultPlanName;
|
||||
@@ -104,11 +105,15 @@ public class IdentityService : IIdentityService
|
||||
var profile = profileResult.Value;
|
||||
await _storageService.SaveSecureString(StorageKeys.UserEmail, profile.Email);
|
||||
await _storageService.SaveSecureString(StorageKeys.UserTenant, profile.TenantId.ToString());
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(profile.Email, profile.TenantId.ToString());
|
||||
|
||||
var rolesStr = string.Join(",", profile.Roles ?? Array.Empty<string>());
|
||||
await _storageService.SaveSecureString(StorageKeys.UserRoles, rolesStr);
|
||||
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(profile.Email, profile.TenantId.ToString(), rolesStr);
|
||||
}
|
||||
else
|
||||
{
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(email, "unknown");
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(email, "unknown", "");
|
||||
}
|
||||
|
||||
return Result.Ok();
|
||||
@@ -132,6 +137,7 @@ public class IdentityService : IIdentityService
|
||||
await _storageService.SaveSecureString(RefreshTokenKey, "");
|
||||
await _storageService.SaveSecureString(StorageKeys.UserEmail, "");
|
||||
await _storageService.SaveSecureString(StorageKeys.UserTenant, "");
|
||||
await _storageService.SaveSecureString(StorageKeys.UserRoles, "");
|
||||
}
|
||||
|
||||
if (OnStateInvalidated != null) await OnStateInvalidated.Invoke();
|
||||
@@ -197,7 +203,11 @@ public class IdentityService : IIdentityService
|
||||
_cachedProfile = profile;
|
||||
await _storageService.SaveSecureString(StorageKeys.UserEmail, profile.Email);
|
||||
await _storageService.SaveSecureString(StorageKeys.UserTenant, profile.TenantId.ToString());
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(profile.Email, profile.TenantId.ToString());
|
||||
|
||||
var rolesStr = string.Join(",", profile.Roles ?? Array.Empty<string>());
|
||||
await _storageService.SaveSecureString(StorageKeys.UserRoles, rolesStr);
|
||||
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(profile.Email, profile.TenantId.ToString(), rolesStr);
|
||||
}
|
||||
return profile;
|
||||
}
|
||||
@@ -246,7 +256,11 @@ public class IdentityService : IIdentityService
|
||||
var profile = profileResult.Value;
|
||||
await _storageService.SaveSecureString(StorageKeys.UserEmail, profile.Email);
|
||||
await _storageService.SaveSecureString(StorageKeys.UserTenant, profile.TenantId.ToString());
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(profile.Email, profile.TenantId.ToString());
|
||||
|
||||
var rolesStr = string.Join(",", profile.Roles ?? Array.Empty<string>());
|
||||
await _storageService.SaveSecureString(StorageKeys.UserRoles, rolesStr);
|
||||
|
||||
(_authStateProvider as NexusAuthenticationStateProvider)?.NotifyUserAuthentication(profile.Email, profile.TenantId.ToString(), rolesStr);
|
||||
}
|
||||
|
||||
return Result.Ok();
|
||||
|
||||
Reference in New Issue
Block a user