Refactor to replace PrivilegeActions.All and PrivilegeSubjects.All with PrivilegeRule.All

Author: pwelter34

README.md

@@ -88,9 +88,9 @@ Use wildcards to allow all actions on a subject or an action on all subjects:
 
 ```csharp
 var context = new PrivilegeBuilder()
-    .Allow("test", PrivilegeSubjects.All)    // Allow 'test' action on any subject
-    .Allow(PrivilegeActions.All, "Post")     // Allow any action on 'Post'
-    .Forbid("publish", "Post")               // Forbid overrides allow
+    .Allow("test", PrivilegeRule.All)     // Allow 'test' action on any subject
+    .Allow(PrivilegeRule.All, "Post")     // Allow any action on 'Post'
+    .Forbid("publish", "Post")            // Forbid overrides allow
     .Build();
 
 context.Allowed("read", "Post").Should().BeTrue();
@@ -110,7 +110,7 @@ Qualifiers provide field-level or fine-grained permissions:
 ```csharp
 var context = new PrivilegeBuilder()
     .Allow("read", "Post", ["title", "id"])   // Only allow reading specific fields
-    .Allow("read", "User")                     // Allow reading all User fields
+    .Allow("read", "User")                    // Allow reading all User fields
     .Build();
 
 // Post permissions with qualifiers
@@ -186,7 +186,7 @@ Rules are evaluated in the order they are defined, with more specific rules taki
 
 1. **Forbid rules** always take precedence over allow rules when both match
 2. Rules are matched based on exact string comparison (case-insensitive by default)
-3. Wildcard rules (`PrivilegeActions.All`, `PrivilegeSubjects.All`) match any value
+3. Wildcard rules (`PrivilegeRule.All`, `PrivilegeRule.All`) match any value
 4. Alias expansion happens during rule matching
 
 ### String Comparison

samples/Sample.Application/Sample.Application.Client/Services/PrivilegeContextProvider.cs

@@ -22,7 +22,7 @@ public ValueTask<PrivilegeContext> GetContextAsync(ClaimsPrincipal? claimsPrinci
             .Alias("SensitiveFields", new[] { "Cost", "InternalNotes" }, PrivilegeMatch.Qualifier)
 
             // Global allowances
-            .Allow("read", PrivilegeSubjects.All)                 // read everything
+            .Allow("read", PrivilegeRule.All)                 // read everything
             .Allow("update", "Product", new[] { "Title", "Summary" }) // update selected product fields
             .Allow("create", "Product")
             .Allow("read", "Order")

src/Privileged.Components/PrivilegeView.cs

@@ -132,8 +132,8 @@ public class PrivilegeView : ComponentBase
     /// <see cref="StringComparer"/> configured in the privilege context.
     /// </para>
     /// <para>
-    /// Actions can be literal values or constants from <see cref="PrivilegeActions"/> if using
-    /// predefined action types. Wildcard actions like <see cref="PrivilegeActions.All"/> are supported
+    /// Actions can be literal values or constants from <see cref="PrivilegeRule"/> if using
+    /// predefined action types. Wildcard actions like <see cref="PrivilegeRule.All"/> are supported
     /// if defined in the privilege rules.
     /// </para>
     /// </remarks>
@@ -161,8 +161,8 @@ public class PrivilegeView : ComponentBase
     /// should be specified for meaningful authorization checks.
     /// </para>
     /// <para>
-    /// Subjects can be literal values or constants from <see cref="PrivilegeSubjects"/> if using
-    /// predefined subject types. Wildcard subjects like <see cref="PrivilegeSubjects.All"/> are supported
+    /// Subjects can be literal values or constants from <see cref="PrivilegeRule"/> if using
+    /// predefined subject types. Wildcard subjects like <see cref="PrivilegeRule.All"/> are supported
     /// if defined in the privilege rules.
     /// </para>
     /// <para>

src/Privileged/PrivilegeActions.cs

@@ -50,16 +50,16 @@ namespace Privileged;
 /// <para>Using wildcard constants for global rules:</para>
 /// <code>
 /// var context = new PrivilegeBuilder()
-///     .Allow("read", PrivilegeSubjects.All)     // Allow reading any subject
-///     .Allow(PrivilegeActions.All, "Post")      // Allow any action on posts
-///     .Forbid("delete", PrivilegeSubjects.All)  // Forbid deleting anything
+///     .Allow("read", PrivilegeRule.All)     // Allow reading any subject
+///     .Allow(PrivilegeRule.All, "Post")      // Allow any action on posts
+///     .Forbid("delete", PrivilegeRule.All)  // Forbid deleting anything
 ///     .Build();
 /// </code>
 /// </example>
 /// <seealso cref="PrivilegeContext"/>
 /// <seealso cref="PrivilegeBuilderExtensions"/>
-/// <seealso cref="PrivilegeSubjects"/>
-/// <seealso cref="PrivilegeActions"/>
+/// <seealso cref="PrivilegeRule"/>
+/// <seealso cref="PrivilegeRule"/>
 public class PrivilegeBuilder
 {
     private readonly List<PrivilegeRule> _rules = [];
@@ -149,11 +149,11 @@ public PrivilegeBuilder Comparer(StringComparer comparer)
     /// </summary>
     /// <param name="action">
     /// The action to allow (e.g., "read", "create", "update").
-    /// Can be a wildcard using <see cref="PrivilegeActions.All"/> to match any action.
+    /// Can be a wildcard using <see cref="PrivilegeRule.All"/> to match any action.
     /// </param>
     /// <param name="subject">
     /// The subject to allow (e.g., a resource or entity name like "Post", "User").
-    /// Can be a wildcard using <see cref="PrivilegeSubjects.All"/> to match any subject.
+    /// Can be a wildcard using <see cref="PrivilegeRule.All"/> to match any subject.
     /// </param>
     /// <param name="qualifiers">
     /// An optional collection of qualifiers that further scope the rule (e.g., field names, tags, or regions).
@@ -180,8 +180,8 @@ public PrivilegeBuilder Comparer(StringComparer comparer)
     /// var builder = new PrivilegeBuilder()
     ///     .Allow("read", "Post")                                  // Basic rule
     ///     .Allow("edit", "Post", new[] { "title", "content" })    // Rule with qualifiers
-    ///     .Allow(PrivilegeActions.All, "Comment")                 // Wildcard action
-    ///     .Allow("manage", PrivilegeSubjects.All);                // Wildcard subject
+    ///     .Allow(PrivilegeRule.All, "Comment")                 // Wildcard action
+    ///     .Allow("manage", PrivilegeRule.All);                // Wildcard subject
     /// </code>
     /// </example>
     /// <seealso cref="Forbid(string, string, IEnumerable{string}?)"/>
@@ -209,11 +209,11 @@ public PrivilegeBuilder Allow(string action, string subject, IEnumerable<string>
     /// </summary>
     /// <param name="action">
     /// The action to forbid (e.g., "delete", "update", "publish").
-    /// Can be a wildcard using <see cref="PrivilegeActions.All"/> to forbid any action.
+    /// Can be a wildcard using <see cref="PrivilegeRule.All"/> to forbid any action.
     /// </param>
     /// <param name="subject">
     /// The subject to forbid (e.g., a resource or entity name like "Post", "User").
-    /// Can be a wildcard using <see cref="PrivilegeSubjects.All"/> to forbid on any subject.
+    /// Can be a wildcard using <see cref="PrivilegeRule.All"/> to forbid on any subject.
     /// </param>
     /// <param name="qualifiers">
     /// An optional collection of qualifiers that further scope the rule (e.g., field names, tags, or regions).
@@ -239,10 +239,10 @@ public PrivilegeBuilder Allow(string action, string subject, IEnumerable<string>
     /// <example>
     /// <code>
     /// var builder = new PrivilegeBuilder()
-    ///     .Allow(PrivilegeActions.All, "Post")             // Allow all actions on posts
+    ///     .Allow(PrivilegeRule.All, "Post")             // Allow all actions on posts
     ///     .Forbid("delete", "Post")                        // Except deletion
     ///     .Forbid("edit", "Post", ["sensitive_data"])      // Forbid editing sensitive fields
-    ///     .Forbid(PrivilegeActions.All, "AdminSettings");  // Forbid all actions on admin settings
+    ///     .Forbid(PrivilegeRule.All, "AdminSettings");  // Forbid all actions on admin settings
     /// </code>
     /// </example>
     /// <seealso cref="Allow(string, string, IEnumerable{string}?)"/>
@@ -383,7 +383,7 @@ public PrivilegeBuilder Merge(PrivilegeModel model)
     /// <code>
     /// var builder = new PrivilegeBuilder()
     ///     .Allow("read", "Post")
-    ///     .Forbid("delete", PrivilegeSubjects.All);
+    ///     .Forbid("delete", PrivilegeRule.All);
     ///
     /// var context = builder.Build();
     ///

src/Privileged/PrivilegeBuilder.cs

@@ -16,7 +16,7 @@ namespace Privileged;
 /// <list type="bullet">
 /// <item><description>Rule-based authorization with allow and forbid permissions.</description></item>
 /// <item><description>Alias expansion for actions, subjects, and qualifiers.</description></item>
-/// <item><description>Wildcard matching using <see cref="PrivilegeActions.All"/> and <see cref="PrivilegeSubjects.All"/>.</description></item>
+/// <item><description>Wildcard matching using <see cref="PrivilegeRule.All"/> and <see cref="PrivilegeRule.All"/>.</description></item>
 /// <item><description>Field-level permissions through qualifiers.</description></item>
 /// <item><description>Customizable string comparison for rule matching.</description></item>
 /// </list>
@@ -221,7 +221,7 @@ private bool SubjectMatcher(PrivilegeRule rule, string subject)
             return true;
 
         // wildcard match optimization
-        if (StringComparer.Equals(rule.Subject, PrivilegeSubjects.All))
+        if (StringComparer.Equals(rule.Subject, PrivilegeRule.All))
             return true;
 
         // Alias match
@@ -235,7 +235,7 @@ private bool ActionMatcher(PrivilegeRule rule, string action)
             return true;
 
         // wildcard match optimization
-        if (StringComparer.Equals(rule.Action, PrivilegeActions.All))
+        if (StringComparer.Equals(rule.Action, PrivilegeRule.All))
             return true;
 
         // Alias match

src/Privileged/PrivilegeContext.cs

@@ -9,14 +9,20 @@ namespace Privileged;
 [Equatable]
 public partial record PrivilegeRule
 {
+    /// <summary>
+    /// A special keyword indicating that the rule applies to all subjects, actions and qualifiers.
+    /// When used in a rule, it matches any value.
+    /// </summary>
+    public const string All = "*";
+
     /// <summary>
     /// Represents a privilege rule that allows all actions and subjects.
     /// </summary>
     [IgnoreEquality]
     public static PrivilegeRule AllowAll { get; } = new()
     {
-        Action = PrivilegeActions.All,
-        Subject = PrivilegeSubjects.All
+        Action = All,
+        Subject = All
     };
 
     /// <summary>

src/Privileged/PrivilegeRule.cs

@@ -199,8 +199,8 @@ public async Task HandleRequirement_WithWildcardRules_WorksCorrectly()
     {
         // Arrange
         var privilegeContext = new PrivilegeBuilder()
-            .Allow("read", PrivilegeSubjects.All)
-            .Allow(PrivilegeActions.All, "Post")
+            .Allow("read", PrivilegeRule.All)
+            .Allow(PrivilegeRule.All, "Post")
             .Forbid("delete", "Post")
             .Build();
 

src/Privileged/PrivilegeSubjects.cs

@@ -71,15 +71,15 @@ private bool SubjectMatcher(PrivilegeRule rule, string subject)
     {
         // can match global all or requested subject
         return StringComparer.Equals(rule.Subject, subject)
-               || StringComparer.Equals(rule.Subject, PrivilegeSubjects.All)
+               || StringComparer.Equals(rule.Subject, PrivilegeRule.All)
                || AliasMatcher(rule.Subject, subject, PrivilegeMatch.Subject);
     }
 
     private bool ActionMatcher(PrivilegeRule rule, string action)
     {
         // can match global manage action or requested action
         return StringComparer.Equals(rule.Action, action)
-               || StringComparer.Equals(rule.Action, PrivilegeActions.All)
+               || StringComparer.Equals(rule.Action, PrivilegeRule.All)
                || AliasMatcher(rule.Action, action, PrivilegeMatch.Action);
     }