Connected.Framework/Connected.Security/Authorization/Middleware/UserAuthorizationMiddleware.cs

using Connected.Middleware;
using Connected.Security.Identity;
using Connected.Security.Permissions;
using System.Collections.Immutable;

namespace Connected.Security.Authorization.Middleware;

internal class UserAuthorizationMiddleware : MiddlewareComponent, IAuthorizationMiddleware
{
	public UserAuthorizationMiddleware(IUserService userService)
	{
		UserService = userService;
	}

	public string Id => "Users";

	public IUserService UserService { get; }

	public Task<AuthorizationProviderResult> Authorize(IPermission permission, AuthorizationArgs args, Dictionary<string, object> state)
	{
		if (!string.Equals(args.User.ToString(), permission.Evidence, StringComparison.OrdinalIgnoreCase))
			return Task.FromResult(AuthorizationProviderResult.NotHandled);

		switch (permission.Value)
		{
			case PermissionValue.NotSet:
				return Task.FromResult(AuthorizationProviderResult.NotHandled);
			case PermissionValue.Allow:
				return Task.FromResult(AuthorizationProviderResult.Success);
			case PermissionValue.Deny:
				return Task.FromResult(AuthorizationProviderResult.Fail);
			default:
				throw new NotSupportedException();
		}
	}

	public Task<AuthorizationProviderResult> PreAuthorize(AuthorizationArgs args, Dictionary<string, object> state)
	{
		return Task.FromResult(AuthorizationProviderResult.NotHandled);
	}

	public async Task<ImmutableList<IPermissionSchemaDescriptor>> QueryDescriptors()
	{
		var users = await UserService.Query();
		var r = new List<IPermissionSchemaDescriptor>();

		foreach (var i in users)
		{
			r.Add(new PermissionSchemaDescriptor
			{
				Id = i.Id.ToString(),
				Title = i.DisplayName(),
				Description = i.Email
				/*
				 * TODO: handle avatar
				 */

			});
		}

		return r.ToImmutableList();
	}
}