separate Framework.Authorization.SecuritySystem.Abstract

src/Framework.AutomationCore.ServiceEnvironment/Framework.AutomationCore.ServiceEnvironment.csproj

@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Framework.AutomationCore\Framework.AutomationCore.csproj" />
-    <ProjectReference Include="..\_Authorization\Framework.Authorization.SecuritySystem\Framework.Authorization.SecuritySystem.csproj" />
+    <ProjectReference Include="..\_Authorization\Framework.Authorization.SecuritySystem.Abstract\Framework.Authorization.SecuritySystem.Abstract.csproj" />
 
     <ProjectReference Include="..\_DomainDriven\Framework.DomainDriven.WebApiNetCore\Framework.DomainDriven.WebApiNetCore.csproj" />
     <ProjectReference Include="..\_DomainDriven\Framework.DomainDriven.Core\Framework.DomainDriven.Core.csproj" />

src/Framework.Configurator/ConfiguratorDependencyInjection.cs

@@ -2,8 +2,6 @@
 
 using Framework.Configurator.Handlers;
 using Framework.Configurator.Interfaces;
-using Framework.Configurator.Services;
-using Framework.SecuritySystem.ExternalSystem.Management;
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Routing;
@@ -37,8 +35,7 @@ public static IServiceCollection AddConfigurator(this IServiceCollection service
            .AddScoped<IDeletePrincipalHandler, DeletePrincipalHandler>()
            .AddScoped<IRunAsHandler, RunAsHandler>()
            .AddScoped<IStopRunAsHandler, StopRunAsHandler>()
-           .AddScoped<IDownloadPermissionTemplateHandler, DownloadPermissionTemplateHandler>()
-           .AddScoped<IPrincipalManagementService, ConfiguratorPrincipalManagementService>();
+           .AddScoped<IDownloadPermissionTemplateHandler, DownloadPermissionTemplateHandler>();
 
     public static IApplicationBuilder UseConfigurator(this IApplicationBuilder app, string route = "/admin/configurator") =>
         app

src/Framework.SecuritySystem/DependencyInjection/ServiceCollectionExtensions.cs

@@ -8,6 +8,7 @@
 using Framework.SecuritySystem.DependencyInjection.DomainSecurityServiceBuilder;
 using Framework.SecuritySystem.Expanders;
 using Framework.SecuritySystem.ExternalSystem;
+using Framework.SecuritySystem.ExternalSystem.Management;
 using Framework.SecuritySystem.PermissionOptimization;
 using Framework.SecuritySystem.SecurityAccessor;
 using Framework.SecuritySystem.Services;
@@ -77,7 +78,9 @@ public static IServiceCollection AddRelativeDomainPath<TFrom, TTo>(
 
     private static IServiceCollection RegisterGeneralSecuritySystem(this IServiceCollection services)
     {
-        return services.AddSingleton<SecurityModeExpander>()
+        return services.AddScoped<IPrincipalManagementService, RootPrincipalManagementService>()
+
+                       .AddSingleton<SecurityModeExpander>()
                        .AddSingleton<SecurityOperationExpander>()
                        .AddSingleton<SecurityRoleExpander>()
                        .AddSingleton<RoleFactorySecurityRuleExpander>()

src/Framework.Configurator/Services/ConfiguratorPrincipalManagementService.cs → src/Framework.SecuritySystem/ExternalSystem/Management/RootPrincipalManagementService.cs

@@ -1,22 +1,18 @@
 using Framework.Core;
-using Framework.Exceptions;
 using Framework.Persistent;
-using Framework.SecuritySystem;
-using Framework.SecuritySystem.ExternalSystem;
-using Framework.SecuritySystem.ExternalSystem.Management;
 
-namespace Framework.Configurator.Services;
+namespace Framework.SecuritySystem.ExternalSystem.Management;
 
-public class ConfiguratorPrincipalManagementService(IEnumerable<IPermissionSystem> permissionSystems) : IPrincipalManagementService
+public class RootPrincipalManagementService(IEnumerable<IPermissionSystem> permissionSystems) : IPrincipalManagementService
 {
     private readonly IReadOnlyList<IPrincipalService> principalServices = permissionSystems.Select(ps => ps.PrincipalService).ToList();
 
     private IPrincipalManagementService PrincipalManagementService =>
         this.principalServices
             .OfType<IPrincipalManagementService>()
             .Single(
-                () => new BusinessLogicException($"{nameof(this.PrincipalManagementService)} not found"),
-                () => new BusinessLogicException($"More one  {nameof(this.PrincipalManagementService)}"));
+                () => new Exception($"{nameof(this.PrincipalManagementService)} not found"),
+                () => new Exception($"More one  {nameof(this.PrincipalManagementService)}"));
 
     public async Task<IEnumerable<TypedPrincipalHeader>> GetPrincipalsAsync(
         string nameFilter,
@@ -49,7 +45,7 @@ into g
                           g.Key with { IsVirtual = g.All(p => p.Header.IsVirtual) },
                           g.SelectMany(p => p.Permissions).ToList());
 
-        return request.SingleOrDefault(() => throw new BusinessLogicException($"More one principal {principalId}"));
+        return request.SingleOrDefault(() => throw new Exception($"More one principal {principalId}"));
     }
 
     public async Task<IEnumerable<string>> GetLinkedPrincipalsAsync(

src/IAD.Framework.sln

@@ -378,6 +378,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Framework.DomainDriven.Virt
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Framework.DomainDriven.Jobs", "_DomainDriven\Framework.DomainDriven.Jobs\Framework.DomainDriven.Jobs.csproj", "{9C8E3523-3B7D-4032-81E8-CB5A1F2C6DC8}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Framework.Authorization.SecuritySystem.Abstract", "_Authorization\Framework.Authorization.SecuritySystem.Abstract\Framework.Authorization.SecuritySystem.Abstract.csproj", "{6F977C79-794D-4401-8232-9E559DA5099E}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -3588,6 +3590,26 @@ Global
 		{9C8E3523-3B7D-4032-81E8-CB5A1F2C6DC8}.Release|x64.Build.0 = Release|Any CPU
 		{9C8E3523-3B7D-4032-81E8-CB5A1F2C6DC8}.Release|x86.ActiveCfg = Release|Any CPU
 		{9C8E3523-3B7D-4032-81E8-CB5A1F2C6DC8}.Release|x86.Build.0 = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|ARM.ActiveCfg = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|ARM.Build.0 = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|x64.Build.0 = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Debug|x86.Build.0 = Debug|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|ARM.ActiveCfg = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|ARM.Build.0 = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|x64.ActiveCfg = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|x64.Build.0 = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|x86.ActiveCfg = Release|Any CPU
+		{6F977C79-794D-4401-8232-9E559DA5099E}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -3715,6 +3737,7 @@ Global
 		{F6583269-DE40-45D6-8594-C1FFCA44C04D} = {BD23CE26-E161-47F1-826E-BD37F4F51C9E}
 		{2A86A4C2-94FA-49C3-AB20-72226DC82274} = {BD23CE26-E161-47F1-826E-BD37F4F51C9E}
 		{9C8E3523-3B7D-4032-81E8-CB5A1F2C6DC8} = {BD23CE26-E161-47F1-826E-BD37F4F51C9E}
+		{6F977C79-794D-4401-8232-9E559DA5099E} = {9FBDE8A9-8E9D-4B0E-8415-A6335F732358}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {68BB011C-6BAC-4558-903A-BF29D2F8046F}

src/_Authorization/Framework.Authorization.BLL.Core/Framework.Authorization.BLL.Core.csproj

@@ -1,17 +1,23 @@
 <Project Sdk="Microsoft.NET.Sdk">
+
   <PropertyGroup>
     <PackageId>Luxoft.Framework.Authorization.BLL.Core</PackageId>
   </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" />
   </ItemGroup>
+
   <ItemGroup>
     <Compile Include="..\..\__SolutionItems\CommonAssemblyInfo.cs" Link="Properties\CommonAssemblyInfo.cs" />
   </ItemGroup>
+
   <ItemGroup>
+    <ProjectReference Include="..\..\_DomainDriven\Framework.DomainDriven.ApplicationCore\Framework.DomainDriven.ApplicationCore.csproj" />
     <ProjectReference Include="..\Framework.Authorization.Domain.Models\Framework.Authorization.Domain.Models.csproj" />
     <ProjectReference Include="..\Framework.Authorization.LegacyAttributes\Framework.Authorization.LegacyAttributes.csproj" />
     <ProjectReference Include="..\Framework.Authorization.Notification.Abstract\Framework.Authorization.Notification.Abstract.csproj" />
-    <ProjectReference Include="..\Framework.Authorization.SecuritySystem\Framework.Authorization.SecuritySystem.csproj" />
+    <ProjectReference Include="..\Framework.Authorization.SecuritySystem.Abstract\Framework.Authorization.SecuritySystem.Abstract.csproj" />
   </ItemGroup>
+
 </Project>

src/_Authorization/Framework.Authorization.Environment/AuthorizationSystemSettings.cs

@@ -1,36 +1,44 @@
-using FluentValidation;
-
-using Framework.Authorization.Domain;
-using Framework.Authorization.Notification;
+using Framework.Authorization.Notification;
+using Framework.Authorization.SecuritySystem;
 using Framework.Authorization.SecuritySystem.Validation;
+using Framework.SecuritySystem.Services;
 
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace Framework.Authorization.Environment;
 
 public class AuthorizationSystemSettings : IAuthorizationSystemSettings
 {
-    public Type NotificationPrincipalExtractorType { get; private set; } = typeof(NotificationPrincipalExtractor);
+    private Type notificationPrincipalExtractorType = typeof(NotificationPrincipalExtractor);
 
-    public List<Action<IServiceCollection>> RegisterActions { get; set; } = new();
+    private Type principalUniquePermissionValidatorType = typeof(PrincipalUniquePermissionValidator);
 
     public bool RegisterRunAsManager { get; set; } = true;
 
     public IAuthorizationSystemSettings SetNotificationPrincipalExtractor<T>()
         where T : INotificationPrincipalExtractor
     {
-        this.NotificationPrincipalExtractorType = typeof(T);
+        this.notificationPrincipalExtractorType = typeof(T);
 
         return this;
     }
 
     public IAuthorizationSystemSettings SetUniquePermissionValidator<TValidator>()
-        where TValidator : class, IValidator<Principal>
+        where TValidator : class, IPrincipalUniquePermissionValidator
     {
-        this.RegisterActions.Add(
-            sc => sc.Replace(ServiceDescriptor.KeyedScoped<IValidator<Principal>, TValidator>(PrincipalUniquePermissionValidator.Key)));
+        this.principalUniquePermissionValidatorType = typeof(TValidator);
 
         return this;
     }
+    public void Initialize(IServiceCollection services)
+    {
+        services.AddScoped(typeof(INotificationPrincipalExtractor), this.notificationPrincipalExtractorType);
+
+        services.AddScoped(typeof(IPrincipalUniquePermissionValidator), this.principalUniquePermissionValidatorType);
+
+        if (this.RegisterRunAsManager)
+        {
+            services.AddScoped<IRunAsManager, AuthorizationRunAsManager>();
+        }
+    }
 }

src/_Authorization/Framework.Authorization.Environment/Framework.Authorization.Environment.csproj

@@ -10,7 +10,6 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\..\_DomainDriven\Framework.DomainDriven.ApplicationCore\Framework.DomainDriven.ApplicationCore.csproj" />
     <ProjectReference Include="..\..\_DomainDriven\Framework.DomainDriven.Setup.Abstract\Framework.DomainDriven.Setup.Abstract.csproj" />
 
     <ProjectReference Include="..\Framework.Authorization.Notification\Framework.Authorization.Notification.csproj" />

src/_Authorization/Framework.Authorization.Environment/IAuthorizationSystemSettings.cs

@@ -1,7 +1,5 @@
-using FluentValidation;
-
-using Framework.Authorization.Domain;
-using Framework.Authorization.Notification;
+using Framework.Authorization.Notification;
+using Framework.Authorization.SecuritySystem.Validation;
 
 namespace Framework.Authorization.Environment;
 
@@ -13,5 +11,5 @@ IAuthorizationSystemSettings SetNotificationPrincipalExtractor<T>()
         where T : INotificationPrincipalExtractor;
 
     IAuthorizationSystemSettings SetUniquePermissionValidator<TValidator>()
-        where TValidator : class, IValidator<Principal>;
+        where TValidator : class, IPrincipalUniquePermissionValidator;
 }

src/_Authorization/Framework.Authorization.Environment/ServiceCollectionExtensions.cs

@@ -12,7 +12,6 @@
 using Framework.SecuritySystem;
 using Framework.SecuritySystem.DependencyInjection;
 using Framework.SecuritySystem.ExternalSystem;
-using Framework.SecuritySystem.Services;
 
 using Microsoft.Extensions.DependencyInjection;
 
@@ -31,22 +30,16 @@ public static IServiceCollection AddAuthorizationSystem(this IServiceCollection
 
         setup?.Invoke(settings);
 
-        settings.RegisterActions.ForEach(action => action(services));
-
-        services.AddScoped<INotificationBasePermissionFilterSource, NotificationBasePermissionFilterSource>();
-        services.AddScoped(typeof(INotificationPrincipalExtractor), settings.NotificationPrincipalExtractorType);
-
-        if (settings.RegisterRunAsManager)
-        {
-            services.AddScoped<IRunAsManager, AuthorizationRunAsManager>();
-        }
+        settings.Initialize(services);
 
         return services;
     }
 
     private static IServiceCollection RegisterGeneralAuthorizationSystem(this IServiceCollection services)
     {
-        return services.AddScoped<IAvailablePermissionSource, AvailablePermissionSource>()
+        return services.AddScoped<INotificationBasePermissionFilterSource, NotificationBasePermissionFilterSource>()
+
+                       .AddScoped<IAvailablePermissionSource, AvailablePermissionSource>()
                        .AddScoped<ICurrentPrincipalSource, CurrentPrincipalSource>()
 
                        .AddSingleton<InitializerSettings>()
@@ -57,8 +50,7 @@ private static IServiceCollection RegisterGeneralAuthorizationSystem(this IServi
                        .AddScoped<AuthorizationPermissionSystemFactory>()
 
                        .AddScoped<IPrincipalGeneralValidator, PrincipalGeneralValidator>()
-                       .AddKeyedScoped<IValidator<Principal>, PrincipalUniquePermissionValidator>(PrincipalUniquePermissionValidator.Key)
-                       .AddKeyedScoped<IValidator<Permission>, PermissionGeneralValidator>(PermissionGeneralValidator.Key)
+                       .AddScoped<IPermissionGeneralValidator, PermissionGeneralValidator>()
                        .AddKeyedScoped<IValidator<Permission>, PermissionDelegateValidator>(PermissionDelegateValidator.Key)
                        .AddKeyedScoped<IValidator<Permission>, PermissionRequiredContextValidator>(PermissionRequiredContextValidator.Key)
                        .AddScoped<IValidator<PermissionRestriction>, PermissionRestrictionValidator>();

src/_Authorization/Framework.Authorization.SecuritySystem.Abstract/Framework.Authorization.SecuritySystem.Abstract.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <PackageId>Luxoft.Framework.Authorization.SecuritySystem.Abstract</PackageId>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="..\..\__SolutionItems\CommonAssemblyInfo.cs" Link="Properties\CommonAssemblyInfo.cs" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="FluentValidation" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Framework.Authorization.Domain\Framework.Authorization.Domain.csproj" />
+    <ProjectReference Include="..\..\Framework.SecuritySystem.Abstract\Framework.SecuritySystem.Abstract.csproj" />
+  </ItemGroup>
+
+</Project>

src/_Authorization/Framework.Authorization.SecuritySystem.Abstract/Validation/IPermissionGeneralValidator.cs

@@ -0,0 +1,7 @@
+using FluentValidation;
+
+using Framework.Authorization.Domain;
+
+namespace Framework.Authorization.SecuritySystem.Validation;
+
+public interface IPermissionGeneralValidator : IValidator<Permission>;

src/_Authorization/Framework.Authorization.SecuritySystem.Abstract/Validation/IPrincipalUniquePermissionValidator.cs

@@ -0,0 +1,7 @@
+using FluentValidation;
+
+using Framework.Authorization.Domain;
+
+namespace Framework.Authorization.SecuritySystem.Validation;
+
+public interface IPrincipalUniquePermissionValidator : IValidator<Principal>;

src/_Authorization/Framework.Authorization.SecuritySystem/AuthorizationPermissionSystem.cs

@@ -12,7 +12,7 @@ namespace Framework.Authorization.SecuritySystem;
 public class AuthorizationPermissionSystem(
     IServiceProvider serviceProvider,
     ISecurityContextSource securityContextSource,
-    SecurityRuleCredential defaultSecurityRuleCredential)
+    SecurityRuleCredential securityRuleCredential)
     : IPermissionSystem<Permission>
 {
     public Type PermissionType { get; } = typeof(Permission);
@@ -31,12 +31,12 @@ public Expression<Func<Permission, IEnumerable<Guid>>> GetPermissionRestrictions
 
     public IPermissionSource<Permission> GetPermissionSource(DomainSecurityRule.RoleBaseSecurityRule securityRule)
     {
-        return ActivatorUtilities.CreateInstance<AuthorizationPermissionSource>(serviceProvider, securityRule.TryApplyCredential(defaultSecurityRuleCredential));
+        return ActivatorUtilities.CreateInstance<AuthorizationPermissionSource>(serviceProvider, securityRule.TryApplyCredential(securityRuleCredential));
     }
 
     public Task<IEnumerable<SecurityRole>> GetAvailableSecurityRoles(CancellationToken cancellationToken = default)
     {
-        return ActivatorUtilities.CreateInstance<AuthorizationAvailableSecurityRoleSource>(serviceProvider, defaultSecurityRuleCredential)
+        return ActivatorUtilities.CreateInstance<AuthorizationAvailableSecurityRoleSource>(serviceProvider, securityRuleCredential)
                                  .GetAvailableSecurityRoles(cancellationToken);
     }
     IPermissionSource IPermissionSystem.GetPermissionSource(DomainSecurityRule.RoleBaseSecurityRule securityRule)

src/_Authorization/Framework.Authorization.SecuritySystem/Framework.Authorization.SecuritySystem.csproj

@@ -17,8 +17,10 @@
   <ItemGroup>
     <ProjectReference Include="..\..\Framework.DependencyInjection\Framework.DependencyInjection.csproj" />
     <ProjectReference Include="..\..\Framework.SecuritySystem\Framework.SecuritySystem.csproj" />
+
     <ProjectReference Include="..\..\_DomainDriven\Framework.DomainDriven.ApplicationCore\Framework.DomainDriven.ApplicationCore.csproj" />
-    <ProjectReference Include="..\Framework.Authorization.Domain\Framework.Authorization.Domain.csproj" />
+
+    <ProjectReference Include="..\Framework.Authorization.SecuritySystem.Abstract\Framework.Authorization.SecuritySystem.Abstract.csproj" />
   </ItemGroup>
 
 </Project>

src/_Authorization/Framework.Authorization.SecuritySystem/Validation/PermissionGeneralValidator.cs

@@ -6,10 +6,8 @@
 
 namespace Framework.Authorization.SecuritySystem.Validation;
 
-public class PermissionGeneralValidator : AbstractValidator<Permission>
+public class PermissionGeneralValidator : AbstractValidator<Permission>, IPermissionGeneralValidator
 {
-    public const string Key = "General";
-
     public PermissionGeneralValidator(
         IValidator<PermissionRestriction> permissionRestrictionValidator,
         [FromKeyedServices(PermissionRequiredContextValidator.Key)] IValidator<Permission> permissionRequiredContextValidator,

src/_Authorization/Framework.Authorization.SecuritySystem/Validation/PrincipalDisableUniquePermissionValidator.cs

@@ -0,0 +1,7 @@
+using FluentValidation;
+
+using Framework.Authorization.Domain;
+
+namespace Framework.Authorization.SecuritySystem.Validation;
+
+public class PrincipalDisableUniquePermissionValidator : AbstractValidator<Principal>, IPrincipalUniquePermissionValidator;

src/_Authorization/Framework.Authorization.SecuritySystem/Validation/PrincipalGeneralValidator.cs

@@ -2,17 +2,13 @@
 
 using Framework.Authorization.Domain;
 
-using Microsoft.Extensions.DependencyInjection;
-
 namespace Framework.Authorization.SecuritySystem.Validation;
 
 public class PrincipalGeneralValidator : AbstractValidator<Principal>, IPrincipalGeneralValidator
 {
-    //public const string Key = "General";
-
     public PrincipalGeneralValidator(
-        [FromKeyedServices(PrincipalUniquePermissionValidator.Key)] IValidator<Principal> uniquePermissionValidator,
-        [FromKeyedServices(PermissionGeneralValidator.Key)] IValidator<Permission> permissionGeneralValidator)
+        IPrincipalUniquePermissionValidator uniquePermissionValidator,
+        IPermissionGeneralValidator permissionGeneralValidator)
     {
         this.Include(uniquePermissionValidator);