Add role control

API/ROLAC.API/Services/AuthService.cs

@@ -12,17 +12,20 @@ public class AuthService : IAuthService
     private readonly UserManager<AppUser> _userManager;
     private readonly ITokenService        _tokenService;
     private readonly AppDbContext         _db;
+    private readonly IPermissionService   _permissions;
     private readonly int                  _refreshTokenExpiryDays;
 
     public AuthService(
         UserManager<AppUser> userManager,
         ITokenService        tokenService,
         AppDbContext         db,
+        IPermissionService   permissions,
         IConfiguration       config)
     {
         _userManager            = userManager;
         _tokenService           = tokenService;
         _db                     = db;
+        _permissions            = permissions;
         _refreshTokenExpiryDays = int.Parse(config["Jwt:RefreshTokenExpiryDays"] ?? "30");
     }
 
@@ -62,7 +65,7 @@ public class AuthService : IAuthService
         await _userManager.UpdateAsync(user);
         await _db.SaveChangesAsync();
 
-        return (BuildResponse(accessToken, user, roles), rawRefresh);
+        return (await BuildResponseAsync(accessToken, user, roles), rawRefresh);
     }
 
     // -------------------------------------------------------------------------
@@ -104,7 +107,7 @@ public class AuthService : IAuthService
 
         await _db.SaveChangesAsync();
 
-        return (BuildResponse(newAccess, user, roles), newRaw);
+        return (await BuildResponseAsync(newAccess, user, roles), newRaw);
     }
 
     // -------------------------------------------------------------------------
@@ -128,18 +131,23 @@ public class AuthService : IAuthService
     // Private helpers
     // -------------------------------------------------------------------------
 
-    private static LoginResponse BuildResponse(
+    private async Task<LoginResponse> BuildResponseAsync(
         string accessToken, AppUser user, IList<string> roles)
         => new()
         {
             AccessToken = accessToken,
             ExpiresIn   = 15 * 60,
-            User = new UserInfo
-            {
-                Id                 = user.Id,
-                Email              = user.Email!,
-                Roles              = roles,
-                LanguagePreference = user.LanguagePreference,
-            },
+            User        = await BuildUserInfoAsync(user, roles),
+        };
+
+    /// <summary>Builds UserInfo including the effective permission map. Reused by /me.</summary>
+    public async Task<UserInfo> BuildUserInfoAsync(AppUser user, IList<string> roles)
+        => new()
+        {
+            Id                 = user.Id,
+            Email              = user.Email!,
+            Roles              = roles,
+            LanguagePreference = user.LanguagePreference,
+            Permissions        = await _permissions.GetEffectivePermissionsAsync(roles),
         };
 }