Merge pull request #13 from webexpress-framework/copilot/develop-identity-model

Implement complete identity model with default group, standard policies, and enhanced interfaces

Author: ReneSchwarzer

src/WebExpress.WebCore.Test/Manager/UnitTestIdentityManager.cs

@@ -207,5 +207,73 @@ public void GetCurrentIdentity(string identityName, string password)
 
             Assert.Equal(identity, res);
         }
+
+        /// <summary>
+        /// Test that the AllGroup is not null and has the expected default properties.
+        /// </summary>
+        [Fact]
+        public void AllGroupExists()
+        {
+            // arrange
+            var componentHub = UnitTestFixture.CreateAndRegisterComponentHubMock();
+            var identityManager = componentHub.IdentityManager;
+
+            // act & assert
+            Assert.NotNull(identityManager.AllGroup);
+            Assert.Equal("All", identityManager.AllGroup.Name);
+            Assert.Equal(Guid.Empty, identityManager.AllGroup.Id);
+        }
+
+        /// <summary>
+        /// Test that the AllGroup has the PublicAccess policy.
+        /// </summary>
+        [Fact]
+        public void AllGroupHasPublicAccessPolicy()
+        {
+            // arrange
+            var componentHub = UnitTestFixture.CreateAndRegisterComponentHubMock();
+            var identityManager = componentHub.IdentityManager;
+
+            // act
+            var policies = identityManager.AllGroup.Policies;
+
+            // assert
+            Assert.Contains(typeof(PublicAccess).FullName.ToLower(), policies);
+        }
+
+        /// <summary>
+        /// Test that the IIdentityGroup interface has the Id and Name properties.
+        /// </summary>
+        [Fact]
+        public void IIdentityGroupHasIdAndName()
+        {
+            // arrange
+            var group = MockIdentityFactory.GetIdentityGroup("Admins");
+
+            // act & assert
+            Assert.NotNull(group);
+            Assert.IsAssignableFrom<IIdentityGroup>(group);
+            Assert.NotEqual(Guid.Empty, group.Id);
+            Assert.Equal("Admins", group.Name);
+        }
+
+        /// <summary>
+        /// Test that the AllGroup has the expected name and contains the PublicAccess policy.
+        /// </summary>
+        [Fact]
+        public void AllGroupHasExpectedProperties()
+        {
+            // arrange
+            var componentHub = UnitTestFixture.CreateAndRegisterComponentHubMock();
+            var identityManager = componentHub.IdentityManager as IdentityManager;
+
+            // act
+            var allGroup = identityManager.AllGroup;
+
+            // assert
+            Assert.NotNull(allGroup);
+            Assert.Equal("All", allGroup.Name);
+            Assert.Contains(typeof(PublicAccess).FullName.ToLower(), allGroup.Policies);
+        }
     }
 }

src/WebExpress.WebCore/Internationalization/de

@@ -165,6 +165,12 @@ identitymanager.registerpermission=Die Berechtigung '{0}' wurde der Anwendung '{
 identitymanager.duplicatepermission=Die Berechtigung '{0}' wurde bereits in der Anwendung '{1}' registriert.
 identitymanager.registerpolicy=Die Policy '{0}' wurde der Anwendung '{1}' zugewiesen und im Identitymanager registriert.
 identitymanager.duplicatepolicy=Die Policy '{0}' wurde bereits in der Anwendung '{1}' registriert.
+identitymanager.policy.publicaccess.name=Öffentlicher Zugang
+identitymanager.policy.publicaccess.description=Policy für den Zugriff auf öffentliche Ressourcen ohne Authentifizierung.
+identitymanager.policy.authenticatedaccess.name=Authentifizierter Zugang
+identitymanager.policy.authenticatedaccess.description=Policy für den allgemeinen Zugriff durch authentifizierte Benutzer.
+identitymanager.policy.systemaccess.name=Systemzugang
+identitymanager.policy.systemaccess.description=Policy für Operationen auf Systemebene wie Installation, Aktualisierung und Wartung der Anwendung.
 
 includemanager.initialization=Der Includemanager wurde initialisiert.
 includemanager.addinclude=Die Client-Ressource '{0}' wurde in der Anwendung '{1}' registiert.

src/WebExpress.WebCore/Internationalization/en

@@ -165,6 +165,12 @@ identitymanager.registerpermission=The permission '{0}' has been assigned to the
 identitymanager.duplicatepermission=The permission '{0}' has already been registered in the application '{1}'.
 identitymanager.registerpolicy=The policy '{0}' has been assigned to the application '{1}' and registered in the identity manager.
 identitymanager.duplicatepolicy=The policy '{0}' has already been registered in the application '{1}'.
+identitymanager.policy.publicaccess.name=Public Access
+identitymanager.policy.publicaccess.description=Policy for accessing public resources without authentication.
+identitymanager.policy.authenticatedaccess.name=Authenticated Access
+identitymanager.policy.authenticatedaccess.description=Policy for general access by authenticated users.
+identitymanager.policy.systemaccess.name=System Access
+identitymanager.policy.systemaccess.description=Policy for system-level operations such as installing, updating, and maintaining the application.
 
 includemanager.initialization=The include manager has been initialized.
 includemanager.addinclude=The client resource '{0}' has been registered in the application '{1}'.

src/WebExpress.WebCore/WebIdentity/AuthenticatedAccess.cs

@@ -0,0 +1,19 @@
+using WebExpress.WebCore.WebAttribute;
+
+namespace WebExpress.WebCore.WebIdentity
+{
+    /// <summary>
+    /// Standard policy for general access by authenticated users.
+    /// </summary>
+    [Name("webexpress.webcore:identitymanager.policy.authenticatedaccess.name")]
+    [Description("webexpress.webcore:identitymanager.policy.authenticatedaccess.description")]
+    public sealed class AuthenticatedAccess : IIdentityPolicy
+    {
+        /// <summary>
+        /// Releases all resources used by the current instance of the class.
+        /// </summary>
+        public void Dispose()
+        {
+        }
+    }
+}

src/WebExpress.WebCore/WebIdentity/IIdentityGroup.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 
 namespace WebExpress.WebCore.WebIdentity
 {
@@ -7,6 +8,16 @@ namespace WebExpress.WebCore.WebIdentity
     /// </summary>
     public interface IIdentityGroup
     {
+        /// <summary>
+        /// Returns the id of the group.
+        /// </summary>
+        Guid Id { get; }
+
+        /// <summary>
+        /// Returns the name of the group.
+        /// </summary>
+        string Name { get; }
+
         /// <summary>
         /// Returns the policies associated with the group.
         /// </summary>

src/WebExpress.WebCore/WebIdentity/IIdentityManager.cs

@@ -27,6 +27,11 @@ public interface IIdentityManager : IComponentManager
         /// </summary>
         IEnumerable<IIdentity> Identities { get; }
 
+        /// <summary>
+        /// Returns the default "All" group to which every identity automatically belongs.
+        /// </summary>
+        IdentityGroupAll AllGroup { get; }
+
         /// <summary>
         /// Returns the current signed-in identity.
         /// </summary>

src/WebExpress.WebCore/WebIdentity/IIdentityPolicyContext.cs

@@ -1,4 +1,5 @@
-using WebExpress.WebCore.WebApplication;
+using System;
+using WebExpress.WebCore.WebApplication;
 using WebExpress.WebCore.WebComponent;
 using WebExpress.WebCore.WebPlugin;
 
@@ -14,6 +15,11 @@ public interface IIdentityPolicyContext : IContext
         /// </summary>
         IComponentId PolicyId { get; }
 
+        /// <summary>
+        /// Returns the policy type.
+        /// </summary>
+        Type Policy { get; }
+
         /// <summary>
         /// Returns the associated plugin context.
         /// </summary>

src/WebExpress.WebCore/WebIdentity/IdentityGroupAll.cs

@@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace WebExpress.WebCore.WebIdentity
+{
+    /// <summary>
+    /// Represents the default "All" group to which every identity automatically belongs.
+    /// </summary>
+    public class IdentityGroupAll : IIdentityGroup
+    {
+        /// <summary>
+        /// Returns the id of the group.
+        /// </summary>
+        public Guid Id { get; } = Guid.Empty;
+
+        /// <summary>
+        /// Returns the name of the group.
+        /// </summary>
+        public string Name => "All";
+
+        /// <summary>
+        /// Returns the policies associated with the group.
+        /// </summary>
+        public IEnumerable<string> Policies { get; }
+
+        /// <summary>
+        /// Initializes a new instance of the class.
+        /// </summary>
+        /// <param name="policies">The policies to associate with the group.</param>
+        internal IdentityGroupAll(IEnumerable<string> policies)
+        {
+            Policies = policies?.ToList() ?? [];
+        }
+    }
+}

src/WebExpress.WebCore/WebIdentity/IdentityManager.cs

@@ -27,6 +27,11 @@ public class IdentityManager : IIdentityManager
         private readonly IdentityPermissionDictionary _permissionDictionary = [];
         private readonly IdentityPolicyDictionary _policyDictionary = [];
 
+        /// <summary>
+        /// Returns the default "All" group to which every identity automatically belongs.
+        /// </summary>
+        public IdentityGroupAll AllGroup { get; } = new IdentityGroupAll([typeof(PublicAccess).FullName.ToLower()]);
+
         /// <summary>
         /// Returns all permissions.
         /// </summary>
@@ -229,7 +234,8 @@ private void Register(IPluginContext pluginContext, IEnumerable<IApplicationCont
                     {
                         PluginContext = pluginContext,
                         ApplicationContext = applicationContext,
-                        PolicyId = id
+                        PolicyId = id,
+                        Policy = policyType
                     };
 
                     if (_policyDictionary.AddPolicyItem
@@ -437,15 +443,18 @@ public bool CheckAccess<T>(IApplicationContext applicationContext, IIdentity ide
         }
 
         /// <summary>
-        /// Checks whether the given identity has the specified permission by evaluating all associated groups.
+        /// Checks whether the given identity has the specified permission by evaluating all associated groups,
+        /// including the default "All" group to which every identity automatically belongs.
         /// </summary>
         /// <param name="applicationContext">The context of the application.</param>
         /// <param name="identity">The identity to check.</param>
         /// <param name="permission">The permission to check for.</param>
         /// <returns>True if any group grants the permission, false otherwise.</returns>
         public bool CheckAccess(IApplicationContext applicationContext, IIdentity identity, Type permission)
         {
-            return (identity?.Groups ?? []).Any(group => CheckAccess(applicationContext, group, permission));
+            var groups = (identity?.Groups ?? []).Append(AllGroup);
+
+            return groups.Any(group => CheckAccess(applicationContext, group, permission));
         }
 
         /// <summary>

src/WebExpress.WebCore/WebIdentity/IdentityPolicyContext.cs

@@ -1,4 +1,5 @@
-using WebExpress.WebCore.WebApplication;
+using System;
+using WebExpress.WebCore.WebApplication;
 using WebExpress.WebCore.WebComponent;
 using WebExpress.WebCore.WebPlugin;
 
@@ -14,6 +15,11 @@ public class IdentityPolicyContext : IIdentityPolicyContext
         /// </summary>
         public IComponentId PolicyId { get; internal set; }
 
+        /// <summary>
+        /// Returns the policy type.
+        /// </summary>
+        public Type Policy { get; internal set; }
+
         /// <summary>
         /// Returns the associated plugin context.
         /// </summary>