/// <summary>
/// This ensures there is a SuperAdmin user in the system.
/// It gets the SuperAdmin's email and password from the "SuperAdmin" section of the appsettings.json file
/// NOTE: for security reasons I only allows one user with the RoleName of <see cref="SuperAdminRoleName"/>
/// </summary>
private static async Task AddSuperAdminAsync(IServiceProvider serviceProvider,
IConfiguration configuration,
TenantInfo tenant)
{
if (tenant is null)
{
throw new ArgumentNullException(nameof(tenant));
}
await using var appContext = new AppDbContext(tenant);
var repoLogger = serviceProvider.GetRequiredService <ILogger <AuthorizationRepository> >();
var authorizationRepository = new AuthorizationRepository(appContext, repoLogger);
if (authorizationRepository.IsAnyUsersWithRole(SuperAdminRoleName))
{
//For security reasons there can only be one user with the SuperAdminRoleName
return;
}
var superSection = configuration.GetSection("SuperAdmin");
if (superSection == null)
{
return;
}
var userEmail = superSection["Email"];
var userPassword = superSection["Password"];
var userManager = serviceProvider.GetRequiredService <UserManager <IdentityUser> >();
IdentityUser superUser = await userManager.AddNewUserAsync(userEmail, userPassword);
var authService = new AuthUsersService(authorizationRepository);
await authService.AddOrUpdateRoleToPermissionsAsync(
SuperAdminRoleName,
"SuperAdmin Role",
Permission.AccessAll);
await authService.AddRoleToUserAsync(superUser.Id, SuperAdminRoleName);
}