Static Roles Can Have Pre-Granted Permissions

[hikalkan]

When we define a static role, we may want one of the following additional features:

• Grant all permissions (including new permissions will be added in the future) to the static role by default (unless it's explicitly prohibited for that role).
• Grant a list of permissions to the static role by default (unless it's explicitly prohibited for that role).

These configuration should work with the RoleManager seemlessly.

The benefits of this feature:

• When we introduce a new permission, we don't have to grant it to the static roles manually on the UI.
• We can define default permissions for all tenant admins from a single point. If we don't allow to change static role permissions on the UI, this can lead to system level frozen permissions for static roles for all tenants.

How to Use

Configuration.Modules.Zero()
    .RoleManagement.StaticRoles.Add(
        new StaticRoleDefinition("admin", MultiTenancySides.Tenant, grantAllPermissionsByDefault: true)
    );

Configuration.Modules.Zero()
    .RoleManagement.StaticRoles.Add(
        new StaticRoleDefinition("moderator", MultiTenancySides.Tenant)
        {
            GrantedPermissions =
            {
                "permission-1",
                "permission-2"
            }
        }
    );

[bbakermmc]

@hikalkan For the static permissions, do we need to seed them to all existing clients if we add new ones? If I just create a new static role, it never shows up in UI. My guess is I would also need to update the Seed for the tenant as well for new tenants to get them.

[ismcagdas]

do we need to seed them to all existing clients if we add new ones?

@bbakermmc yes, exactly.