Dev/rbac without keycloak

Application.Tests.Unit/Articles/CreateArticleCommandHandlerTests.cs

@@ -13,7 +13,7 @@ public class CreateArticleCommandHandlerTests
 {
     private readonly Mock<IApplicationDbContext> _mockDbContext = new();
     private readonly Mock<ISlugHelper> _mockSlugHelper = new();
-    private readonly Mock<ICurrentUserService> _mockCurrentUserService = new();
+    private readonly Mock<IUserContext> _mockUserContext = new();
     private readonly Mock<IValidator<CreateArticleCommand>> _mockValidator = new();
     private readonly CreateArticleCommandHandler _handler;
 
@@ -22,7 +22,7 @@ public CreateArticleCommandHandlerTests()
         _handler = new CreateArticleCommandHandler(
             _mockDbContext.Object,
             _mockSlugHelper.Object,
-            _mockCurrentUserService.Object,
+            _mockUserContext.Object,
             _mockValidator.Object
         );
     }
@@ -134,6 +134,7 @@ public async void Handle_Should_CallSaveChangesAsync_WhenGeneratedIdIsUnique()
         _mockDbContext.Setup(x => x.Articles).Returns(mockArticlesDbSet.Object);
         _mockDbContext.Setup(x => x.Categories).Returns(mockCategoriesDbSet.Object);
         _mockDbContext.Setup(x => x.Revisions).Returns(mockRevisionsDbSet.Object);
+        _mockUserContext.Setup(x => x.UserId).Returns(Guid.Empty);
         _mockSlugHelper.Setup(x => x.GenerateSlug("something extra cool")).Returns("something-extra-cool");
         _mockValidator.Setup(v => v.Validate(It.IsAny<CreateArticleCommand>()))
             .Returns(new ValidationResult());
@@ -163,6 +164,7 @@ public async void Handle_Should_ReturnSuccessResultWithArticleId_WhenGeneratedId
         _mockDbContext.Setup(x => x.Articles).Returns(mockArticlesDbSet.Object);
         _mockDbContext.Setup(x => x.Categories).Returns(mockCategoriesDbSet.Object);
         _mockDbContext.Setup(x => x.Revisions).Returns(mockRevisionsDbSet.Object);
+        _mockUserContext.Setup(x => x.UserId).Returns(Guid.Empty);
         _mockSlugHelper.Setup(x => x.GenerateSlug("something extra cool")).Returns("something-extra-cool");
         _mockValidator.Setup(v => v.Validate(It.IsAny<CreateArticleCommand>()))
             .Returns(new ValidationResult());
@@ -205,8 +207,8 @@ public async void Handle_Should_CreateRevisionWithContent_WhenGeneratedIdIsUniqu
         _mockDbContext.Setup(x => x.Articles).Returns(mockArticlesDbSet.Object);
         _mockDbContext.Setup(x => x.Categories).Returns(mockCategoriesDbSet.Object);
         _mockDbContext.Setup(x => x.Revisions).Returns(mockRevisionsDbSet.Object);
+        _mockUserContext.Setup(x => x.UserId).Returns(Guid.Empty);
         _mockSlugHelper.Setup(x => x.GenerateSlug("something extra cool")).Returns("something-extra-cool");
-        _mockCurrentUserService.Setup(x => x.UserId).Returns("test-user-id");
         _mockValidator.Setup(v => v.Validate(It.IsAny<CreateArticleCommand>()))
             .Returns(new ValidationResult());
         var expectedCategoryIds = new List<string> {"category1", "category2"};
@@ -222,7 +224,7 @@ public async void Handle_Should_CreateRevisionWithContent_WhenGeneratedIdIsUniqu
                     e.ArticleId == result.Value.Id
                     && e.Content == command.Content
                     && e.AuthorsNote == command.AuthorsNote
-                    && e.AuthorId == _mockCurrentUserService.Object.UserId
+                    && e.AuthorId == _mockUserContext.Object.UserId
                     && e.Categories.Select(i => i.Id).OrderBy(i => i).SequenceEqual(expectedCategoryIds)
                 ),
                 It.IsAny<CancellationToken>()

Application/Authorization/Abstractions/IPermissionService.cs

@@ -0,0 +1,12 @@
+using Domain.Entities;
+
+namespace Application.Authorization.Abstractions;
+
+public interface IPermissionService
+{
+    Task<bool> HasPermissionAsync(Guid userId, Guid permissionId);
+    Task<bool> HasPermissionAsync(Guid userId, Permission permission);
+    Task<bool> HasAnyPermissionsAsync(Guid userId, IEnumerable<Guid> permissionIds);
+    Task<bool> HasAnyPermissionsAsync(Guid userId, IEnumerable<Permission> permissions);
+    Task<IEnumerable<Permission>> GetPermissionsAsync(Guid userId);
+}

Application/Authorization/Abstractions/IUserContext.cs

@@ -0,0 +1,9 @@
+using Domain.Entities;
+
+namespace Application.Authorization.Abstractions;
+
+public interface IUserContext
+{
+    Guid? UserId { get; }
+    Task<User?> GetCurrentUserAsync();
+}

Application/Authorization/PermissionService.cs

@@ -0,0 +1,46 @@
+using Application.Authorization.Abstractions;
+using Application.Data;
+using Domain.Entities;
+using Microsoft.EntityFrameworkCore;
+
+namespace Application.Authorization;
+
+public class PermissionService : IPermissionService
+{
+    private readonly IApplicationDbContext _dbContext;
+
+    public PermissionService(IApplicationDbContext dbContext)
+    {
+        _dbContext = dbContext;
+    }
+
+    public async Task<IEnumerable<Permission>> GetPermissionsAsync(Guid userId)
+    {
+        return await _dbContext.Users
+            .Where(a => a.Id == userId)
+            .SelectMany(a => a.Roles)
+            .SelectMany(r => r.Permissions)
+            .DistinctBy(p => p.Id)
+            .ToListAsync();
+    }
+
+    public async Task<bool> HasPermissionAsync(Guid userId, Guid permissionId)
+    {
+        return await _dbContext.Users
+            .Where(a => a.Id == userId)
+            .SelectMany(a => a.Roles)
+            .AnyAsync(r => r.Permissions.Any(p => p.Id == permissionId));
+    }
+
+    public async Task<bool> HasPermissionAsync(Guid userId, Permission permission) => await HasPermissionAsync(userId, permission.Id);
+
+    public async Task<bool> HasAnyPermissionsAsync(Guid userId, IEnumerable<Guid> permissionIds)
+    {
+        return await _dbContext.Users
+            .Where(a => a.Id == userId)
+            .SelectMany(a => a.Roles)
+            .AnyAsync(r => r.Permissions.Any(p => permissionIds.Contains(p.Id)));
+    }
+
+    public async Task<bool> HasAnyPermissionsAsync(Guid userId, IEnumerable<Permission> permissions) => await HasAnyPermissionsAsync(userId, permissions.Select(p => p.Id));
+}

Application/Data/IApplicationDbContext.cs

@@ -9,8 +9,10 @@ public interface IApplicationDbContext
     public DbSet<Category> Categories { get; set; }
     public DbSet<Revision> Revisions { get; set; }
     public DbSet<Review> Reviews { get; set; }
-    public DbSet<Author> Authors { get; set; }
+    public DbSet<User> Users { get; set; }
     public DbSet<Navigation> Navigations { get; set; }
+    public DbSet<Role> Roles { get; set; }
+    public DbSet<Permission> Permissions { get; set; }
 
     Task<int> SaveChangesAsync(CancellationToken token = default);
 }

Application/Extensions/ServiceCollectionExt.cs

@@ -1,5 +1,7 @@
 using System.Reflection;
 using Application.Common.Messaging;
+using Application.Authorization;
+using Application.Authorization.Abstractions;
 using Application.Features.Articles.CreateArticle;
 using Application.Features.Articles.DeleteArticle;
 using Application.Features.Articles.EditArticle;
@@ -11,15 +13,15 @@
 using Application.Features.Articles.ReviewRevision;
 using Application.Features.Articles.SearchArticles;
 using Application.Features.Articles.SetRedirect;
-using Application.Features.Authors.CreateAuthor;
-using Application.Features.Authors.EditAuthor;
 using Application.Features.Categories.CreateCategory;
 using Application.Features.Categories.DeleteCategory;
 using Application.Features.Categories.GetCategories;
 using Application.Features.Categories.GetCategoriesTree;
 using Application.Features.Categories.GetCategoryArticles;
 using Application.Features.Navigations.GetNavigationTree;
 using Application.Features.Navigations.UpdateNavigationsTree;
+using Application.Features.Users.GetUser;
+using Application.Features.Users.RenameUser;
 using FluentValidation;
 using Microsoft.Extensions.DependencyInjection;
 using Slugify;
@@ -33,6 +35,8 @@ public static IServiceCollection AddApplicationServices(this IServiceCollection
         services.AddValidatorsFromAssembly(Assembly.GetExecutingAssembly());
         services.AddTransient<ISlugHelper, SlugHelperForNonAsciiLanguages>();
 
+        services.AddScoped<IPermissionService, PermissionService>();
+
         services.AddScoped<ICommandHandler<CreateArticleCommand, CreateArticleResponse>, CreateArticleCommandHandler>();
         services.AddScoped<ICommandHandler<DeleteArticleCommand, DeleteArticleResponse>, DeleteArticleCommandHandler>();
         services.AddScoped<ICommandHandler<EditArticleCommand, EditArticleResponse>, EditArticleCommandHandler>();
@@ -45,8 +49,8 @@ public static IServiceCollection AddApplicationServices(this IServiceCollection
         services.AddScoped<IQueryHandler<SearchArticlesQuery, SearchArticlesResponse>, SearchArticlesQueryHandler>();
         services.AddScoped<ICommandHandler<SetRedirectCommand, SetRedirectResponse>, SetRedirectCommandHandler>();
 
-        services.AddScoped<ICommandHandler<CreateAuthorCommand, CreateAuthorResponse>, CreateAuthorCommandHandler>();
-        services.AddScoped<ICommandHandler<EditAuthorCommand, EditAuthorResponse>, EditAuthorCommandHandler>();
+        services.AddScoped<ICommandHandler<RenameUserCommand, RenameUserResponse>, RenameUserCommandHandler>();
+        services.AddScoped<IQueryHandler<GetUserQuery, GetUserResponse>, GetUserQueryHandler>();
 
         services.AddScoped<ICommandHandler<CreateCategoryCommand, CreateCategoryResponse>, CreateCategoryCommandHandler>();
         services.AddScoped<ICommandHandler<DeleteCategoryCommand, DeleteCategoryResponse>, DeleteCategoryCommandHandler>();

Application/Features/Articles/CreateArticle/CreateArticleCommandHandler.cs

@@ -13,7 +13,7 @@ namespace Application.Features.Articles.CreateArticle;
 public class CreateArticleCommandHandler(
     IApplicationDbContext dbContext,
     ISlugHelper slugHelper,
-    ICurrentUserService identityService,
+    IUserContext userContext,
     IValidator<CreateArticleCommand> validator
 ) : ICommandHandler<CreateArticleCommand, CreateArticleResponse>
 {
@@ -47,7 +47,7 @@ public async Task<ErrorOr<CreateArticleResponse>> HandleAsync(CreateArticleComma
             Id = default!,
             ArticleId = id,
             Article = default!,
-            AuthorId = identityService.UserId!,
+            AuthorId = userContext.UserId!.Value,
             Author = default!,
             AuthorsNote = command.AuthorsNote,
             Content = command.Content,

Application/Features/Articles/EditArticle/EditArticleCommandHandler.cs

@@ -11,7 +11,7 @@ namespace Application.Features.Articles.EditArticle;
 
 public class EditArticleCommandHandler(
     IApplicationDbContext dbContext,
-    ICurrentUserService identityService,
+    IUserContext userContext,
     IValidator<EditArticleCommand> validator
 ) : ICommandHandler<EditArticleCommand, EditArticleResponse>
 {
@@ -38,7 +38,7 @@ public async Task<ErrorOr<EditArticleResponse>> HandleAsync(EditArticleCommand r
             Id = default!,
             ArticleId = article.Id,
             Article = default!,
-            AuthorId = identityService.UserId!,
+            AuthorId = userContext.UserId!.Value,
             Author = default!,
             AuthorsNote = request.AuthorsNote,
             Content = request.Content,

Application/Features/Articles/GetArticle/GetArticleQueryHandler.cs

@@ -5,6 +5,7 @@
 using Application.Common.Utils;
 using Application.Data;
 using Domain.Entities;
+using Domain.Rbac;
 using ErrorOr;
 using FluentValidation;
 using Microsoft.EntityFrameworkCore;
@@ -13,7 +14,8 @@
 
 public class GetArticleQueryHandler(
     IApplicationDbContext dbContext,
-    IIdentityService identityService,
+    IUserContext userContext,
+    IPermissionService permissionService,
     IValidator<GetArticleQuery> validator,
     ICacheService cacheService
 ) : IQueryHandler<GetArticleQuery, GetArticleResponse>
@@ -40,7 +42,7 @@
         var article = await dbContext.Articles
             .Include(e => e.CurrentRevision)
             .Include(e => e.RedirectArticle)
             .ThenInclude(e => e.CurrentRevision)
             .AsNoTracking()
             .FirstOrDefaultAsync(e => e.Id == id, token);
 
@@ -66,13 +68,14 @@
 
     private async Task<ErrorOr<GetArticleResponse>> GetByRevisionId(Guid id, CancellationToken token)
     {
-        var isInRole = await identityService.IsInRoleAsync(AuthorizationConstants.Roles.Editor) ||
-                       await identityService.IsInRoleAsync(AuthorizationConstants.Roles.Admin);
+        var canSeePendingRevisions =
+            await permissionService.HasPermissionAsync(userContext.UserId!.Value, Permissions.ArticleSeePendingRevisions);
+
         var revision = await dbContext.Revisions
             .Include(e => e.LatestReview)
             .Include(e => e.Article)
             .AsNoTracking()
-            .FirstOrDefaultAsync(e => e.Id == id && (isInRole || e.LatestReview != null), token);
+            .FirstOrDefaultAsync(e => e.Id == id && (canSeePendingRevisions || e.LatestReview != null), token);
 
         if (revision == null) return Errors.Revision.NotFound;
 

Application/Features/Articles/GetArticle/GetArticleResponse.cs

@@ -14,7 +14,7 @@ public record GetArticleResponse(
     List<GetArticleResponse.Category> Categories
 )
 {
-    public record Author(string Id, string Name);
+    public record Author(Guid Id, string Name);
 
     public record Category(string Id, string Name);
 }

Application/Features/Articles/GetPendingRevisions/GetPendingRevisionsResponse.cs

@@ -11,5 +11,5 @@ public record Element(
         DateTime Timestamp
     );
 
-    public record Author(string Id, string Name);
+    public record Author(Guid Id, string Name);
 }

Application/Features/Articles/GetRevisionHistory/GetRevisionHistoryResponse.cs

@@ -12,7 +12,7 @@ public record Element(
         Review? LatestReview
     );
 
-    public record Author(string Id, string Name);
+    public record Author(Guid Id, string Name);
 
     public record Review(
         Guid Id,

Application/Features/Articles/GetRevisionReviewHistory/GetRevisionReviewHistoryResponse.cs

@@ -12,5 +12,5 @@ public record Element(
         DateTime Timestamp
     );
 
-    public record Reviewer(string Id, string Name);
+    public record Reviewer(Guid Id, string Name);
 }

Application/Features/Articles/ReviewRevision/ReviewRevisionCommandHandler.cs

@@ -13,7 +13,7 @@
 
 public class ReviewRevisionCommandHandler(
     IApplicationDbContext dbContext,
-    ICurrentUserService identityService,
+    IUserContext userContext,
     ICacheService cacheService,
     IValidator<ReviewRevisionCommand> validator
 ) : ICommandHandler<ReviewRevisionCommand, ReviewRevisionResponse>
@@ -30,7 +30,7 @@
         var revision = await dbContext.Revisions
             .Include(e => e.Article)
             .ThenInclude(e => e.CurrentRevision)
             .ThenInclude(e => e.Categories)
             .Include(e => e.Categories)
             .Include(e => e.LatestReview)
             .FirstOrDefaultAsync(e => e.Id == command.RevisionId, token);
@@ -42,7 +42,7 @@
         var review = new Review
         {
             Id = default!,
-            ReviewerId = identityService.UserId!,
+            ReviewerId = userContext.UserId!.Value,
             Reviewer = default!,
             Status = command.Status,
             Message = command.Review,