OTSSignsOrchestrator.Server/Workers/XiboFeatureManifests.cs

namespace OTSSignsOrchestrator.Server.Workers;

/// <summary>
/// Hardcoded Xibo feature ACL manifests per role.
/// Used by Phase2Pipeline step "assign-group-acl" when calling
/// <c>POST /api/group/{id}/acl</c>.
///
/// ObjectId is the feature key, PermissionsId is the permission level ("view", "edit", "delete").
/// </summary>
public static class XiboFeatureManifests
{
    /// <summary>Viewer role: read-only access to layouts, displays, media.</summary>
    public static readonly string[] ViewerObjectIds =
    [
        "layout.view",
        "media.view",
        "display.view",
        "schedule.view",
        "report.view",
    ];

    public static readonly string[] ViewerPermissionIds =
    [
        "view",
        "view",
        "view",
        "view",
        "view",
    ];

    /// <summary>Editor role: view + edit for layouts, media, schedules.</summary>
    public static readonly string[] EditorObjectIds =
    [
        "layout.view",
        "layout.edit",
        "media.view",
        "media.edit",
        "display.view",
        "schedule.view",
        "schedule.edit",
        "report.view",
    ];

    public static readonly string[] EditorPermissionIds =
    [
        "view",
        "edit",
        "view",
        "edit",
        "view",
        "view",
        "edit",
        "view",
    ];

    /// <summary>Admin role: full access to all features.</summary>
    public static readonly string[] AdminObjectIds =
    [
        "layout.view",
        "layout.edit",
        "layout.delete",
        "media.view",
        "media.edit",
        "media.delete",
        "display.view",
        "display.edit",
        "display.delete",
        "schedule.view",
        "schedule.edit",
        "schedule.delete",
        "report.view",
        "user.view",
        "user.edit",
    ];

    public static readonly string[] AdminPermissionIds =
    [
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "view",
        "edit",
    ];

    /// <summary>OTS IT group: full super-admin access (all features + user management).</summary>
    public static readonly string[] OtsItObjectIds =
    [
        "layout.view",
        "layout.edit",
        "layout.delete",
        "media.view",
        "media.edit",
        "media.delete",
        "display.view",
        "display.edit",
        "display.delete",
        "schedule.view",
        "schedule.edit",
        "schedule.delete",
        "report.view",
        "user.view",
        "user.edit",
        "user.delete",
        "application.view",
        "application.edit",
    ];

    public static readonly string[] OtsItPermissionIds =
    [
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
        "delete",
        "view",
        "view",
        "edit",
        "delete",
        "view",
        "edit",
    ];
}
feat: Implement provisioning pipelines for subscription management - Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes. - Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging. - Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR. - Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes. - Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots. - Introduce XiboFeatureManifests for hardcoded feature ACLs per role. - Add docker-compose.dev.yml for local development with PostgreSQL setup. 2026-03-18 10:27:26 -04:00			`namespace OTSSignsOrchestrator.Server.Workers;`

			`/// <summary>`
			`/// Hardcoded Xibo feature ACL manifests per role.`
			`/// Used by Phase2Pipeline step "assign-group-acl" when calling`
			`/// <c>POST /api/group/{id}/acl</c>.`
			`///`
			`/// ObjectId is the feature key, PermissionsId is the permission level ("view", "edit", "delete").`
			`/// </summary>`
			`public static class XiboFeatureManifests`
			`{`
			`/// <summary>Viewer role: read-only access to layouts, displays, media.</summary>`
			`public static readonly string[] ViewerObjectIds =`
			`[`
			`"layout.view",`
			`"media.view",`
			`"display.view",`
			`"schedule.view",`
			`"report.view",`
			`];`

			`public static readonly string[] ViewerPermissionIds =`
			`[`
			`"view",`
			`"view",`
			`"view",`
			`"view",`
			`"view",`
			`];`

			`/// <summary>Editor role: view + edit for layouts, media, schedules.</summary>`
			`public static readonly string[] EditorObjectIds =`
			`[`
			`"layout.view",`
			`"layout.edit",`
			`"media.view",`
			`"media.edit",`
			`"display.view",`
			`"schedule.view",`
			`"schedule.edit",`
			`"report.view",`
			`];`

			`public static readonly string[] EditorPermissionIds =`
			`[`
			`"view",`
			`"edit",`
			`"view",`
			`"edit",`
			`"view",`
			`"view",`
			`"edit",`
			`"view",`
			`];`

			`/// <summary>Admin role: full access to all features.</summary>`
			`public static readonly string[] AdminObjectIds =`
			`[`
			`"layout.view",`
			`"layout.edit",`
			`"layout.delete",`
			`"media.view",`
			`"media.edit",`
			`"media.delete",`
			`"display.view",`
			`"display.edit",`
			`"display.delete",`
			`"schedule.view",`
			`"schedule.edit",`
			`"schedule.delete",`
			`"report.view",`
			`"user.view",`
			`"user.edit",`
			`];`

			`public static readonly string[] AdminPermissionIds =`
			`[`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"view",`
			`"edit",`
			`];`

			`/// <summary>OTS IT group: full super-admin access (all features + user management).</summary>`
			`public static readonly string[] OtsItObjectIds =`
			`[`
			`"layout.view",`
			`"layout.edit",`
			`"layout.delete",`
			`"media.view",`
			`"media.edit",`
			`"media.delete",`
			`"display.view",`
			`"display.edit",`
			`"display.delete",`
			`"schedule.view",`
			`"schedule.edit",`
			`"schedule.delete",`
			`"report.view",`
			`"user.view",`
			`"user.edit",`
			`"user.delete",`
			`"application.view",`
			`"application.edit",`
			`];`

			`public static readonly string[] OtsItPermissionIds =`
			`[`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"view",`
			`"edit",`
			`"delete",`
			`"view",`
			`"edit",`
			`];`
			`}`