Declarative Authorization, step 3. #20

docs/decisions/0100-authentication.md

@@ -55,7 +55,7 @@ The options are:
 `Custom Implementation`
 
 - Can support many authorization protocols, like: HMAC, Basic, APIKey, Claims, Cookies, etc. as prescribed by 3rd party integrations and web hooks.
-- Can support many authorization assertions, like: Roles (RBAC), FeatureLevel access, etc.
+- Can support many authorization assertions, like: Roles (RBAC), Features access, etc.
 - Can support SSO authentication from 3rd parties, like: Microsoft, Google, Facebook etc.
 - Would not be OIDC authentication compliant at first, but could be made to be OIDC compliant later, by either integrating with an external provider or implementing the endpoints and flows.
 - No additional operational costs, (unlike IdentityServer, Auth0 require etc)

src/ApiHost1/Api/TestingOnly/TestingWebApi.cs

@@ -48,8 +48,8 @@ public async Task<ApiResult<string, GetCallerTestingOnlyResponse>> AuthZByRole(
             { CallerId = _contextFactory.Create().CallerId });
     }
 
-    public async Task<ApiResult<string, GetCallerTestingOnlyResponse>> AuthZByFeatureLevel(
-        AuthorizeByFeatureLevelTestingOnlyRequest request, CancellationToken cancellationToken)
+    public async Task<ApiResult<string, GetCallerTestingOnlyResponse>> AuthZByFeature(
+        AuthorizeByFeatureTestingOnlyRequest request, CancellationToken cancellationToken)
     {
         await Task.CompletedTask;
         return () => new Result<GetCallerTestingOnlyResponse, Error>(new GetCallerTestingOnlyResponse

src/ApiHost1/Properties/launchSettings.json

@@ -27,7 +27,7 @@
         "ASPNETCORE_ENVIRONMENT": "Production"
       }
     },
-    "ApiHandler-SourceGenerator-Development": {
+    "ApiHandler-SourceGenerators-Development-Development": {
       "commandName": "DebugRoslynComponent",
       "targetProject": "../ApiHost1/ApiHost1.csproj"
     }

src/Application.Common.UnitTests/CallerSpec.cs

@@ -20,7 +20,7 @@ public void WhenCreateAsAnonymous_ThenReturnsANewCallForAnonymousCaller()
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeFalse();
         result.Roles.All.Should().BeEmpty();
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Basic.Name);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Basic.Name);
         result.TenantId.Should().BeNull();
         result.CallerId.Should().Be(CallerConstants.AnonymousUserId);
         result.CallId.Should().NotBeNull();
@@ -35,7 +35,7 @@ public void WhenCreateAsAnonymousTenant_ThenReturnsANewCallForAnonymousTenantedC
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeFalse();
         result.Roles.All.Should().BeEmpty();
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Basic.Name);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Basic.Name);
         result.TenantId.Should().Be("atenantid");
         result.CallerId.Should().Be(CallerConstants.AnonymousUserId);
         result.CallId.Should().NotBeNullOrEmpty();
@@ -55,7 +55,7 @@ public void WhenCreateAsCallerFromCall_ThenReturnsACustomCaller()
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeFalse();
         result.Roles.All.Should().BeEmpty();
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Basic.Name);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Basic.Name);
         result.TenantId.Should().BeNull();
         result.CallerId.Should().Be("acallerid");
         result.CallId.Should().Be("acallid");
@@ -69,8 +69,8 @@ public void WhenCreateAsExternalWebHook_ThenReturnsWebhookServiceAccountCaller()
         result.IsServiceAccount.Should().BeTrue();
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeTrue();
-        result.Roles.All.Should().ContainSingle(PlatformRoles.ServiceAccount);
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Basic.Name);
+        result.Roles.All.Should().ContainSingle(rol => rol == PlatformRoles.ServiceAccount);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Basic.Name);
         result.TenantId.Should().BeNull();
         result.CallerId.Should().Be(CallerConstants.ExternalWebhookAccountUserId);
         result.CallId.Should().Be("acallid");
@@ -84,8 +84,8 @@ public void WhenCreateAsMaintenanceWithNoCall_ThenReturnsMaintenanceServiceAccou
         result.IsServiceAccount.Should().BeTrue();
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeTrue();
-        result.Roles.All.Should().ContainSingle(PlatformRoles.ServiceAccount);
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Paid2.Name);
+        result.Roles.All.Should().ContainSingle(rol => rol == PlatformRoles.ServiceAccount);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Paid2.Name);
         result.TenantId.Should().BeNull();
         result.CallerId.Should().Be(CallerConstants.MaintenanceAccountUserId);
         result.CallId.Should().NotBeNullOrEmpty();
@@ -99,8 +99,8 @@ public void WhenCreateAsMaintenance_ThenReturnsMaintenanceServiceAccountWithAllF
         result.IsServiceAccount.Should().BeTrue();
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeTrue();
-        result.Roles.All.Should().ContainSingle(PlatformRoles.ServiceAccount);
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Paid2.Name);
+        result.Roles.All.Should().ContainSingle(rol => rol == PlatformRoles.ServiceAccount);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Paid2.Name);
         result.TenantId.Should().BeNull();
         result.CallerId.Should().Be(CallerConstants.MaintenanceAccountUserId);
         result.CallId.Should().Be("acallid");
@@ -114,8 +114,8 @@ public void WhenCreateAsMaintenanceTenant_ThenReturnsMaintenanceServiceAccountWi
         result.IsServiceAccount.Should().BeTrue();
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeTrue();
-        result.Roles.All.Should().ContainSingle(PlatformRoles.ServiceAccount);
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Paid2.Name);
+        result.Roles.All.Should().ContainSingle(rol => rol == PlatformRoles.ServiceAccount);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Paid2.Name);
         result.TenantId.Should().Be("atenantid");
         result.CallerId.Should().Be(CallerConstants.MaintenanceAccountUserId);
         result.CallId.Should().NotBeNullOrEmpty();
@@ -129,8 +129,8 @@ public void WhenCreateAsServiceClient_ThenReturnsServiceClientCaller()
         result.IsServiceAccount.Should().BeTrue();
         result.Authorization.Should().BeNone();
         result.IsAuthenticated.Should().BeTrue();
-        result.Roles.All.Should().ContainSingle(PlatformRoles.ServiceAccount);
-        result.FeatureLevels.All.Should().ContainSingle(PlatformFeatureLevels.Paid2.Name);
+        result.Roles.All.Should().ContainSingle(rol => rol == PlatformRoles.ServiceAccount);
+        result.Features.All.Should().ContainSingle(PlatformFeatures.Paid2.Name);
         result.TenantId.Should().BeNull();
         result.CallerId.Should().Be(CallerConstants.ServiceClientAccountUserId);
         result.CallId.Should().NotBeNullOrEmpty();

src/Application.Common/Caller.cs

@@ -100,12 +100,12 @@ public AnonymousCaller(string? tenantId = null)
         {
             TenantId = tenantId;
             Roles = new ICallerContext.CallerRoles();
-            FeatureLevels = new ICallerContext.CallerFeatureLevels(new[] { PlatformFeatureLevels.Basic }, null);
+            Features = new ICallerContext.CallerFeatures(new[] { PlatformFeatures.Basic }, null);
         }
 
         public ICallerContext.CallerRoles Roles { get; }
 
-        public ICallerContext.CallerFeatureLevels FeatureLevels { get; }
+        public ICallerContext.CallerFeatures Features { get; }
 
         public Optional<ICallerContext.CallerAuthorization> Authorization =>
             Optional<ICallerContext.CallerAuthorization>.None;
@@ -131,14 +131,14 @@ public MaintenanceAccountCaller(string? callId = null, string? tenantId = null)
             CallId = callId ?? GenerateCallId();
             TenantId = tenantId;
             Roles = new ICallerContext.CallerRoles(new[] { PlatformRoles.ServiceAccount }, null);
-            FeatureLevels =
-                new ICallerContext.CallerFeatureLevels(
-                    new[] { PlatformFeatureLevels.Paid2 }, null);
+            Features =
+                new ICallerContext.CallerFeatures(
+                    new[] { PlatformFeatures.Paid2 }, null);
         }
 
         public ICallerContext.CallerRoles Roles { get; }
 
-        public ICallerContext.CallerFeatureLevels FeatureLevels { get; }
+        public ICallerContext.CallerFeatures Features { get; }
 
         public Optional<ICallerContext.CallerAuthorization> Authorization =>
             Optional<ICallerContext.CallerAuthorization>.None;
@@ -161,8 +161,8 @@ private sealed class ServiceClientAccountCaller : ICallerContext
     {
         public ICallerContext.CallerRoles Roles { get; } = new(new[] { PlatformRoles.ServiceAccount }, null);
 
-        public ICallerContext.CallerFeatureLevels FeatureLevels { get; } = new(
-            new[] { PlatformFeatureLevels.Paid2 }, null);
+        public ICallerContext.CallerFeatures Features { get; } = new(
+            new[] { PlatformFeatures.Paid2 }, null);
 
         public Optional<ICallerContext.CallerAuthorization> Authorization =>
             Optional<ICallerContext.CallerAuthorization>.None;
@@ -187,12 +187,12 @@ public ExternalWebHookAccountCaller(string? callId = null)
         {
             CallId = callId ?? GenerateCallId();
             Roles = new ICallerContext.CallerRoles(new[] { PlatformRoles.ServiceAccount }, null);
-            FeatureLevels = new ICallerContext.CallerFeatureLevels(new[] { PlatformFeatureLevels.Basic }, null);
+            Features = new ICallerContext.CallerFeatures(new[] { PlatformFeatures.Basic }, null);
         }
 
         public ICallerContext.CallerRoles Roles { get; }
 
-        public ICallerContext.CallerFeatureLevels FeatureLevels { get; }
+        public ICallerContext.CallerFeatures Features { get; }
 
         public Optional<ICallerContext.CallerAuthorization> Authorization =>
             Optional<ICallerContext.CallerAuthorization>.None;
@@ -219,12 +219,12 @@ public CustomCaller(ICallContext call)
             CallId = call.CallId;
             TenantId = call.TenantId;
             Roles = new ICallerContext.CallerRoles();
-            FeatureLevels = new ICallerContext.CallerFeatureLevels(new[] { PlatformFeatureLevels.Basic }, null);
+            Features = new ICallerContext.CallerFeatures(new[] { PlatformFeatures.Basic }, null);
         }
 
         public ICallerContext.CallerRoles Roles { get; }
 
-        public ICallerContext.CallerFeatureLevels FeatureLevels { get; }
+        public ICallerContext.CallerFeatures Features { get; }
 
         public Optional<ICallerContext.CallerAuthorization> Authorization =>
             Optional<ICallerContext.CallerAuthorization>.None;

src/Application.Interfaces/ICallerContext.RolesAndFeatures.cs

@@ -12,41 +12,41 @@ public class CallerRoles
     {
         public CallerRoles()
         {
-            All = Array.Empty<string>();
-            Platform = Array.Empty<string>();
-            Organization = Array.Empty<string>();
+            All = Array.Empty<RoleLevel>();
+            Platform = Array.Empty<RoleLevel>();
+            Organization = Array.Empty<RoleLevel>();
         }
 
-        public CallerRoles(string[]? platform, string[]? member)
+        public CallerRoles(RoleLevel[]? platform, RoleLevel[]? member)
         {
-            Platform = platform ?? Array.Empty<string>();
-            Organization = member ?? Array.Empty<string>();
+            Platform = platform ?? Array.Empty<RoleLevel>();
+            Organization = member ?? Array.Empty<RoleLevel>();
             All = Platform
                 .Concat(Organization)
                 .Distinct()
                 .ToArray();
         }
 
-        public string[] All { get; }
+        public RoleLevel[] All { get; }
 
-        public string[] Organization { get; }
+        public RoleLevel[] Organization { get; }
 
-        public string[] Platform { get; }
+        public RoleLevel[] Platform { get; }
     }
 
     /// <summary>
-    ///     Defines the sets of features that a caller can have
+    ///     Defines the authorization features that a caller can have
     /// </summary>
-    public class CallerFeatureLevels
+    public class CallerFeatures
     {
-        public CallerFeatureLevels()
+        public CallerFeatures()
         {
             All = Array.Empty<FeatureLevel>();
             Platform = Array.Empty<FeatureLevel>();
             Organization = Array.Empty<FeatureLevel>();
         }
 
-        public CallerFeatureLevels(FeatureLevel[]? platform, FeatureLevel[]? member)
+        public CallerFeatures(FeatureLevel[]? platform, FeatureLevel[]? member)
         {
             Platform = platform ?? Array.Empty<FeatureLevel>();
             Organization = member ?? Array.Empty<FeatureLevel>();

src/Application.Interfaces/ICallerContext.cs

@@ -33,9 +33,9 @@ public enum AuthorizationMethod
     string CallId { get; }
 
     /// <summary>
-    ///     The feature sets belonging to the caller
+    ///     The authorization features belonging to the caller
     /// </summary>
-    CallerFeatureLevels FeatureLevels { get; }
+    CallerFeatures Features { get; }
 
     /// <summary>
     ///     Whether the called is authenticated or not

src/Application.Resources.Shared/EndUser.cs

@@ -8,7 +8,7 @@ public class EndUser : IIdentifiableResource
 
     public EndUserClassification Classification { get; set; }
 
-    public List<string> FeatureLevels { get; set; } = new();
+    public List<string> Features { get; set; } = new();
 
     public List<string> Roles { get; set; } = new();
 

src/Common/Common.csproj

@@ -3,6 +3,7 @@
     <PropertyGroup>
         <TargetFramework>net7.0</TargetFramework>
         <IsPlatformProject>true</IsPlatformProject>
+        <DefineConstants>COMMON_PROJECT</DefineConstants>
     </PropertyGroup>
 
     <ItemGroup>

src/Common/Extensions/CollectionExtensions.cs

@@ -1,11 +1,17 @@
+#if COMMON_PROJECT
 using System.Text;
 using JetBrains.Annotations;
+#endif
 
 namespace Common.Extensions;
 
+#if COMMON_PROJECT
 [UsedImplicitly]
+#endif
+
 public static class CollectionExtensions
 {
+#if COMMON_PROJECT || GENERATORS_WEB_API_PROJECT
     /// <summary>
     ///     Whether the <see cref="target" /> string exists in the <see cref="collection" />
     /// </summary>
@@ -18,15 +24,17 @@ public static bool ContainsIgnoreCase(this IEnumerable<string> collection, strin
 
         return collection.Any(item => item.EqualsIgnoreCase(target));
     }
-
+#endif
+#if COMMON_PROJECT
     /// <summary>
     ///     Returns the first item in the collection
     /// </summary>
     public static TResult First<TResult>(this IReadOnlyList<TResult> list)
     {
         return list[0];
     }
-
+#endif
+#if COMMON_PROJECT || GENERATORS_WEB_API_PROJECT
     /// <summary>
     ///     Whether the collection contains any items
     /// </summary>
@@ -36,8 +44,11 @@ public static bool HasAny<T>(this IEnumerable<T>? collection)
         {
             return false;
         }
-
+#if COMMON_PROJECT
         return !collection.HasNone();
+#elif GENERATORS_WEB_API_PROJECT
+        return !collection!.HasNone();
+#endif
     }
 
     /// <summary>
@@ -47,7 +58,8 @@ public static bool HasNone<T>(this IEnumerable<T> collection)
     {
         return !collection.Any();
     }
-
+#endif
+#if COMMON_PROJECT
     /// <summary>
     ///     Joins all values separated by the <see cref="separator" />
     /// </summary>
@@ -82,4 +94,5 @@ public static bool NotContainsIgnoreCase(this IEnumerable<string> collection, st
     {
         return !collection.ContainsIgnoreCase(target);
     }
+#endif
 }