From 9d48aceb1bad60d2898536ffbcf5fca25e418cd0 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Tue, 5 Nov 2024 18:00:04 +0000
Subject: [PATCH 1/2] Update SecurityIdentity to list owned Permissions, and
 allow simpler permission checks

---
 .../security/identity/SecurityIdentity.java   | 46 ++++++++++++++++---
 1 file changed, 39 insertions(+), 7 deletions(-)

diff --git a/src/main/java/io/quarkus/security/identity/SecurityIdentity.java b/src/main/java/io/quarkus/security/identity/SecurityIdentity.java
index 3875465..e7d25b8 100644
--- a/src/main/java/io/quarkus/security/identity/SecurityIdentity.java
+++ b/src/main/java/io/quarkus/security/identity/SecurityIdentity.java
@@ -6,6 +6,7 @@
 import java.util.Set;
 import java.util.concurrent.CompletionStage;
 
+import io.quarkus.security.StringPermission;
 import io.quarkus.security.credential.Credential;
 import io.smallrye.mutiny.Uni;
 
@@ -62,16 +63,21 @@ default <T extends Principal> T getPrincipal(Class<T> clazz) {
 
     /**
      * Checks if a user has a given role. These roles must be resolvable in advance for every request.
-     * <p>
-     * If more advanced authorization support is required than can be provided by a simple role based system
-     * then {@link #checkPermission(Permission)} and {@link #checkPermissionBlocking(Permission)} should be used
-     * instead.
-     * <p>
      *
      * @return <code>true</code> if the identity has the specified role.
      */
     boolean hasRole(String role);
 
+    /**
+     * Returns the set of all permissions held by the user. These permissions must be resolvable in advance for every request.
+     * <p>
+     * This set should either be unmodifiable, or a defensive copy so attempts to change the role set do not modify
+     * the underlying identity.
+     *
+     * @return The set of all permissions held by the user
+     */
+    Set<Permission> getPermissions();
+
     /**
      * Gets the users credential of the given type, or <code>null</code> if a credential of the given type is not
      * present.
@@ -111,7 +117,7 @@ default <T extends Principal> T getPrincipal(Class<T> clazz) {
     Map<String, Object> getAttributes();
 
     /**
-     * Checks if a user holds a given permissions, and if so will return <code>true</code>.
+     * Checks if a user holds a given permission.
      * <p>
      * This method is asynchronous, as it may involve calls to a remote resource.
      *
@@ -121,7 +127,7 @@ default <T extends Principal> T getPrincipal(Class<T> clazz) {
     Uni<Boolean> checkPermission(Permission permission);
 
     /**
-     * Checks if a user holds a given permissions, and if so will return <code>true</code>.
+     * Checks if a user holds a given permission.
      * <p>
      * This method is a blocking version of {@link #checkPermission(Permission)}. By default it will
      * just wait for the {@link CompletionStage} to be complete, however it is likely that some implementations
@@ -133,4 +139,30 @@ default <T extends Principal> T getPrincipal(Class<T> clazz) {
     default boolean checkPermissionBlocking(Permission permission) {
         return checkPermission(permission).await().indefinitely();
     }
+
+    /**
+     * Checks if a user holds a given permission.
+     * <p>
+     * This method is asynchronous, as it may involve calls to a remote resource.
+     *
+     * @param permission The permission
+     * @return A completion stage that will resolve to true if the user has the specified permission
+     */
+    default Uni<Boolean> checkPermission(String permission) {
+    	return checkPermission(new StringPermission(permission));
+    }
+
+    /**
+     * Checks if a user holds a given permission.
+     * <p>
+     * This method is a blocking version of {@link #checkPermission(Permission)}. By default it will
+     * just wait for the {@link CompletionStage} to be complete, however it is likely that some implementations
+     * will want to provide a more efficient version.
+     *
+     * @param permission The permission
+     * @return A completion stage that will resolve to true if the user has the specified permission
+     */
+    default boolean checkPermissionBlocking(String permission) {
+        return checkPermission(permission).await().indefinitely();
+    }
 }

From 8dcd65ba1186e5f5bcec16c164df5e2e46bec576 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Tue, 5 Nov 2024 19:18:43 +0000
Subject: [PATCH 2/2] Update
 src/main/java/io/quarkus/security/identity/SecurityIdentity.java
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Michal Vavřík <43821672+michalvavrik@users.noreply.github.com>
---
 .../java/io/quarkus/security/identity/SecurityIdentity.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/io/quarkus/security/identity/SecurityIdentity.java b/src/main/java/io/quarkus/security/identity/SecurityIdentity.java
index e7d25b8..65e9a2a 100644
--- a/src/main/java/io/quarkus/security/identity/SecurityIdentity.java
+++ b/src/main/java/io/quarkus/security/identity/SecurityIdentity.java
@@ -71,7 +71,7 @@ default <T extends Principal> T getPrincipal(Class<T> clazz) {
     /**
      * Returns the set of all permissions held by the user. These permissions must be resolvable in advance for every request.
      * <p>
-     * This set should either be unmodifiable, or a defensive copy so attempts to change the role set do not modify
+     * This set should either be unmodifiable, or a defensive copy so attempts to change the permission set do not modify
      * the underlying identity.
      *
      * @return The set of all permissions held by the user