feature(#6): this commit introduces security policy restrictions/checks so that reserved permissions cannot be created, preventing privilege escalation.

https-richardy · https-richardy · commit 2b7749b35f42 · 2026-03-13T01:14:30.000-03:00
diff --git a/Source/HttpsRichardy.Federation.Application/Handlers/Permission/PermissionCreationHandler.cs b/Source/HttpsRichardy.Federation.Application/Handlers/Permission/PermissionCreationHandler.cs
@@ -1,11 +1,18 @@
 namespace HttpsRichardy.Federation.Application.Handlers.Permission;
 
-public sealed class PermissionCreationHandler(IPermissionCollection collection, IRealmProvider realmProvider) :
+public sealed class PermissionCreationHandler(IPermissionCollection collection, IPermissionNamespacePolicy policy, IRealmProvider realmProvider) :
     IDispatchHandler<PermissionCreationScheme, Result<PermissionDetailsScheme>>
 {
     public async Task<Result<PermissionDetailsScheme>> HandleAsync(PermissionCreationScheme parameters, CancellationToken cancellation = default)
     {
         var realm = realmProvider.GetCurrentRealm();
+        var result = await policy.EnsurePermissionIsAllowedAsync(realm, new() { Name = parameters.Name }, cancellation);
+
+        if (result.IsFailure)
+        {
+            return Result<PermissionDetailsScheme>.Failure(PermissionErrors.PermissionNameIsReserved);
+        }
+
         var filters = PermissionFilters.WithSpecifications()
             .WithName(parameters.Name)
             .Build();
@@ -23,4 +30,4 @@ public async Task<Result<PermissionDetailsScheme>> HandleAsync(PermissionCreatio
 
         return Result<PermissionDetailsScheme>.Success(PermissionMapper.AsResponse(createdPermission));
     }
-}
+}
diff --git a/Source/HttpsRichardy.Federation.Application/Handlers/Permission/PermissionUpdateHandler.cs b/Source/HttpsRichardy.Federation.Application/Handlers/Permission/PermissionUpdateHandler.cs
@@ -1,6 +1,6 @@
 namespace HttpsRichardy.Federation.Application.Handlers.Permission;
 
-public sealed class PermissionUpdateHandler(IPermissionCollection collection, IRealmProvider realmProvider) :
+public sealed class PermissionUpdateHandler(IPermissionCollection collection, IPermissionNamespacePolicy policy, IRealmProvider realmProvider) :
     IDispatchHandler<PermissionUpdateScheme, Result<PermissionDetailsScheme>>
 {
     public async Task<Result<PermissionDetailsScheme>> HandleAsync(PermissionUpdateScheme parameters, CancellationToken cancellation = default)
@@ -18,10 +18,16 @@ public async Task<Result<PermissionDetailsScheme>> HandleAsync(PermissionUpdateS
             return Result<PermissionDetailsScheme>.Failure(PermissionErrors.PermissionDoesNotExist);
         }
 
+        var result = await policy.EnsurePermissionIsAllowedAsync(realm, new() { Name = parameters.Name }, cancellation);
+        if (result.IsFailure)
+        {
+            return Result<PermissionDetailsScheme>.Failure(PermissionErrors.PermissionNameIsReserved);
+        }
+
         permission = PermissionMapper.AsPermission(parameters, permission, realm);
 
         var updatedPermission = await collection.UpdateAsync(permission, cancellation: cancellation);
 
         return Result<PermissionDetailsScheme>.Success(PermissionMapper.AsResponse(updatedPermission));
     }
-}
+}
