Redeon.SuperSiteEngineCore.Web.Eltheon.Core.Features.Permissions

Permission catalogue synchronization feature for Eltheon. It keeps the Identity permission tables aligned with permission definitions contributed by feature packages and hosts.

Permission declaration contracts now live in Redeon.SuperSiteEngineCore.Web.Eltheon.Core.Abstractions. This package owns synchronization, registry behavior, EF integration, optional event publication, and cache invalidation orchestration.

Install

dotnet add package Redeon.SuperSiteEngineCore.Web.Eltheon.Core.Features.Permissions

Capabilities

• PermissionRegistry merges IEltheonPermissionProvider contributions and deduplicates by permission name.
• PermissionSynchronizer inserts missing permissions and applies default Admin/User role grants.
• PermissionSynchronizationHostedService<TContext> runs synchronization during host startup.
• IPermissionDbContext defines the EF Core permission sets needed by synchronization.
• PermissionCacheInvalidationEventProvider reacts to PermissionsChangedEvent and invokes neutral IEltheonPermissionCacheInvalidator implementations.
• Permission metadata and events are contributed without registering the concrete EventBus.

DI Setup

builder.Services.AddSingleton<IEltheonPermissionProvider, PermissionSeedProvider>();
builder.Services.AddPermissionSynchronization<AuthDbContext>();

Requirements:

• The host DbContext must implement IPermissionDbContext.
• The Identity feature provides the concrete Permission, RolePermission, and AuthRole EF models.
• The host may register Events if permission lifecycle events should be published.
• The host may register an IEltheonPermissionCacheInvalidator, for example through the InMemory feature, if permission caches should be cleared on change events.

Declaring Permissions

public sealed class MyFeaturePermissions : IEltheonPermissionProvider
{
    public IEnumerable<EltheonPermissionDefinition> GetPermissions()
    {
        yield return EltheonPermissionDefinitionFactory.Create(
            name: "System.MyFeature.View",
            caption: "View My Feature",
            description: "Allows access to the My Feature admin page",
            categoryKey: "system",
            groupKey: "my-feature",
            defaultAdminGrant: EltheonPermissionGrant.J,
            defaultUserGrant: EltheonPermissionGrant.N);
    }
}

Feature packages should declare typed permissions through Core.Abstractions and should not depend on Permissions just to expose permission definitions.

Events

When IEventBus is available and PermissionEventOptions.EnableEvents is true, synchronization publishes:

• Eltheon.Permissions.PermissionRegistered
• Eltheon.Permissions.RolePermissionAssigned
• Eltheon.Permissions.RolePermissionChanged
• Eltheon.Permissions.RolePermissionRemoved
• Eltheon.Permissions.PermissionsChanged

AddPermissionSynchronization<TContext>() registers metadata for those events with Security scope, Critical durability, InternalOnly visibility, High priority, and audit/security relevance.

Disable permission events:

builder.Services.AddPermissionSynchronization<AuthDbContext>(options =>
{
    options.EnableEvents = false;
});

Dependencies

• Requires Identity for concrete EF permission and role models.
• Uses Core.Abstractions for permission, event, and cache invalidation contracts.
• Does not depend on the concrete Events or InMemory feature packages.

Diagnostics

The hosted service logs inserted permissions at Information level and already-synchronized states at Debug level. Hook Redeon.SuperSiteEngineCore.Web.Eltheon.Core.Features.Permissions in your logging provider to inspect startup synchronization.