dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
15752f8c2d11475e1c688e0b2037a6006ac21be4
ScadaBridge/src/ZB.MOM.WW.ScadaBridge.Security/ScadaBridgeGroupRoleMapper.cs
T
Joseph Doherty eabf270d71 docs: complete XML doc coverage (returns, summaries, inheritdoc) 
Resolve all 622 issues flagged by the enhanced CommentChecker: add missing
<returns> tags (incl. the standard phrasing on non-generic Task methods),
add missing <summary> tags, and replace misused/redundant <inheritdoc/> on
members that override or implement nothing with real documentation.
Documentation-only — no behavior change; solution builds clean.
2026-06-03 11:39:32 -04:00

48 lines
2.5 KiB
C#
Raw Blame History

using ZB.MOM.WW.Auth.Abstractions.Roles;
namespace ZB.MOM.WW.ScadaBridge.Security;
/// <summary>
/// Adapts ScadaBridge's DB-backed <see cref="RoleMapper"/> to the shared
/// <see cref="IGroupRoleMapper{TRole}"/> seam from <c>ZB.MOM.WW.Auth.Abstractions</c>.
/// </summary>
/// <remarks>
/// Task 1.1 of the Auth-library adoption: this is an <b>additive</b> wrapper. It does not
/// re-implement the LDAP-group → role resolution or the site-scope union semantics — it
/// delegates wholesale to <see cref="RoleMapper.MapGroupsToRolesAsync"/> and re-shapes the
/// result onto the shared contract. <typeparamref name="TRole"/> is <see cref="string"/>
/// because ScadaBridge roles travel as plain strings in claims. The full
/// <see cref="RoleMappingResult"/> — including <see cref="RoleMappingResult.PermittedSiteIds"/>
/// and <see cref="RoleMappingResult.IsSystemWideDeployment"/> — is carried verbatim in the
/// mapping's opaque <see cref="GroupRoleMapping{TRole}.Scope"/> so no site-scope information
/// is lost across the seam. The existing login flow is rewired to consume this in a later task.
/// </remarks>
public sealed class ScadaBridgeGroupRoleMapper : IGroupRoleMapper<string>
{
private readonly RoleMapper _roleMapper;
/// <summary>Initializes the mapper with the wrapped <see cref="RoleMapper"/>.</summary>
/// <param name="roleMapper">The DB-backed role mapper whose union semantics are reused.</param>
public ScadaBridgeGroupRoleMapper(RoleMapper roleMapper)
{
_roleMapper = roleMapper ?? throw new ArgumentNullException(nameof(roleMapper));
}
/// <summary>
/// Maps a list of LDAP/AD group names to ScadaBridge roles using the wrapped
/// <see cref="RoleMapper"/> and returns the resulting role mapping with site-scope
/// information carried in the opaque <c>Scope</c> field.
/// </summary>
/// <param name="groups">The AD/LDAP group names to resolve into roles.</param>
/// <param name="ct">Cancellation token.</param>
/// <returns>A task that resolves to the group-to-role mapping including permitted site identifiers.</returns>
public async Task<GroupRoleMapping<string>> MapAsync(IReadOnlyList<string> groups, CancellationToken ct)
{
var result = await _roleMapper.MapGroupsToRolesAsync(groups, ct);
// Carry the full RoleMappingResult as the opaque Scope so the site-scope
// payload (PermittedSiteIds + IsSystemWideDeployment) survives the seam.
return new GroupRoleMapping<string>(result.Roles, Scope: result);
}
}
Reference in New Issue View Git Blame Copy Permalink