public User(SecurityProvider provider, ClaimsPrincipal principal, List <string> baseRoles, IEnumerable <StatusModule> modules) { Provider = provider; Principal = principal; var identity = principal?.Identity; if (identity == null) { IsAnonymous = true; return; } IsAnonymous = !identity.IsAuthenticated; if (identity.IsAuthenticated) { AccountName = identity.Name; } var roles = baseRoles; if (IsAnonymous) { roles.Add(Models.Roles.Anonymous); } else { roles.Add(Models.Roles.Authenticated); // Global admins are unique and can see a few more things about Opserver itself (not per-module) if (provider.IsGlobalAdmin(this)) { roles.Add(Models.Roles.GlobalAdmin); IsGlobalAdmin = true; } } // Add per-module roles foreach (var module in modules) { if (IsAdmin(module)) { roles.Add(module.SecuritySettings.AdminRole); roles.Add(module.SecuritySettings.ViewRole); } else if (HasAccess(module)) { roles.Add(module.SecuritySettings.ViewRole); } } Roles = roles.ToImmutableHashSet(); }