feat: add role management and dynamic permissions #224
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| public async Task<List<string>> GetUserPermission(string userId) | ||
| { | ||
| var userRoles = await _userRoleRepository.QueryAsync(x => x.UserId == userId); | ||
| if (userRoles.Any(x=>x.Role == Role.SuperAdmin)) | ||
| var roleIds = userRoles.Select(x => x.RoleId).Distinct().ToList(); | ||
| if (!roleIds.Any()) | ||
| { | ||
| return Template_SuperAdminPermissions; | ||
| return new List<string>(); | ||
| } | ||
|
|
There was a problem hiding this comment.
PermissionService.GetUserPermission now derives permissions solely from RoleId, but existing agc_user_role rows created before this change only populate the old role column (now LegacyRoleValue). When GetUserPermission is invoked before any migration runs, the roleIds list is empty and the method returns an empty permission set, causing every authorization check (e.g. PermissionCheckAttribute) to reject requests for users with still-legacy rows until they happen to go through UserService.GetUserRolesAsync. The permission service should map legacy values or trigger the migration itself so upgraded deployments do not lock out users with existing tokens.
Useful? React with 👍 / 👎.
1 participant
Summary
Testing
https://chatgpt.com/codex/tasks/task_b_68f65e375a808329b216387d873bdfe3