Add privilege-aware password input component

Author: pwelter34

Directory.Packages.props

@@ -13,8 +13,8 @@
     <PackageVersion Include="Equatable.Generator" Version="2.1.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
     <PackageVersion Include="Microsoft.AspNetCore.Authorization" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.AspNetCore.Components.Authorization" Version="10.0.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.Components.Web" Version="10.0.0" />
+    <PackageVersion Include="Microsoft.AspNetCore.Components.Authorization" Version="10.0.1" />
+    <PackageVersion Include="Microsoft.AspNetCore.Components.Web" Version="10.0.1" />
     <PackageVersion Include="Microsoft.AspNetCore.Components.WebAssembly" Version="10.0.1" />
     <PackageVersion Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="10.0.1" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />

samples/Sample.Application/Sample.Application.Client/Layout/NavMenu.razor

@@ -1,4 +1,4 @@
-<div class="top-row ps-3 navbar navbar-dark">
+<div class="top-row ps-3 navbar navbar-dark">
     <div class="container-fluid">
         <a class="navbar-brand" href="">Sample.Application</a>
     </div>
@@ -31,6 +31,11 @@
                 <span class="bi bi-shield-lock-nav-menu" aria-hidden="true"></span> Privileges
             </NavLink>
         </div>
+        <div class="nav-item px-3">
+            <div class="nav-link">
+                @RendererInfo.Name
+            </div>
+        </div>
     </nav>
 </div>
 

samples/Sample.Application/Sample.Application.Client/Pages/PrivilegeDemo.razor

@@ -75,6 +75,11 @@ else
                 <label class="form-label">Internal Notes</label>
                 <PrivilegeInputTextArea class="form-control" @bind-Value="Model.InternalNotes" Subject="Product" Field="InternalNotes" />
             </div>
+            <div class="col-md-4">
+                <label class="form-label">Password</label>
+                <PrivilegeInputPassword class="form-control" @bind-Value="Model.Password" Subject="Product" Field="Password" Togglable="false" ToggleClass="text-body-tertiary" />
+            </div>
+
         </div>
 
         <button type="submit" class="btn btn-primary mt-3">Save</button>
@@ -90,7 +95,7 @@ else
             </tr>
         </thead>
         <tbody>
-            @foreach (var field in new[] { "Title", "Summary", "Cost", "InternalNotes" })
+            @foreach (var field in new[] { "Title", "Summary", "Cost", "InternalNotes", "Password" })
             {
                 <tr>
                     <td>@field</td>
@@ -121,5 +126,7 @@ else
         public string Summary { get; set; } = "Summary goes here";
         public decimal Cost { get; set; } = 42.5m;
         public string InternalNotes { get; set; } = "Secret stuff";
+
+        public string Password { get; set; } = "P@ssw0rd!";
     }
 }

samples/Sample.Application/Sample.Application.Client/Services/PrivilegeContextProvider.cs

@@ -17,20 +17,20 @@ public ValueTask<PrivilegeContext> GetContextAsync(ClaimsPrincipal? claimsPrinci
         // Simulate different privilege sets. This could be swapped based on a fake user id.
         var builder = new PrivilegeBuilder()
             // Aliases
-            .Alias("Crud", new[] { "create", "read", "update", "delete" }, PrivilegeMatch.Action)
-            .Alias("PublicFields", new[] { "Title", "Summary" }, PrivilegeMatch.Qualifier)
-            .Alias("SensitiveFields", new[] { "Cost", "InternalNotes" }, PrivilegeMatch.Qualifier)
+            .Alias("Crud", ["create", "read", "update", "delete"], PrivilegeMatch.Action)
+            .Alias("PublicFields", ["Title", "Summary"], PrivilegeMatch.Qualifier)
+            .Alias("SensitiveFields", ["Cost", "InternalNotes"], PrivilegeMatch.Qualifier)
 
             // Global allowances
             .Allow("read", PrivilegeRule.Any)                 // read everything
-            .Allow("update", "Product", new[] { "Title", "Summary" }) // update selected product fields
+            .Allow("update", "Product", ["Title", "Summary", "Password"]) // update selected product fields
             .Allow("create", "Product")
             .Allow("read", "Order")
 
             // Forbid some specifics
             .Forbid("delete", "Product")
-            .Forbid("update", "Product", new[] { "Cost" })      // override broader rules
-            .Forbid("read", "Product", new[] { "InternalNotes" });
+            .Forbid("update", "Product", ["Cost"])      // override broader rules
+            .Forbid("read", "Product", ["InternalNotes"]);
 
         _cached = builder.Build();
         return ValueTask.FromResult(_cached);

samples/Sample.Application/Sample.Application/Components/Pages/PrivilegeDemo.razor

@@ -6,6 +6,7 @@
 using Sample.Application.Components;
 
 namespace Sample.Application;
+
 public class Program
 {
     public static void Main(string[] args)

samples/Sample.Application/Sample.Application/Components/Pages/Privileges.razor

@@ -41,7 +41,7 @@ namespace Privileged.Components;
 ///         </PrivilegeForm>
 ///     </Loaded>
 /// </PrivilegeContextView>
-/// 
+///
 /// <!-- Simplified usage with ChildContent -->
 /// <PrivilegeContextView>
 ///     <PrivilegeInputText @bind-Value="model.SecretField" Subject="Document" Field="Secret" />
@@ -53,37 +53,14 @@ namespace Privileged.Components;
 /// <seealso cref="AuthenticationStateProvider"/>
 public class PrivilegeContextView : ComponentBase
 {
-    /// <summary>
-    /// Gets or sets the provider for retrieving the privilege context.
-    /// This service is automatically injected and must be registered in the dependency injection container.
-    /// </summary>
-    /// <value>
-    /// An <see cref="IPrivilegeContextProvider"/> instance used to asynchronously load the privilege context.
-    /// This service should be registered in the dependency injection container.
-    /// </value>
-    /// <remarks>
-    /// The provider is responsible for loading user-specific privilege rules and aliases, typically from
-    /// a database, cache, or external authorization service. The implementation should handle user identity
-    /// and return appropriate privilege contexts based on the authenticated user's roles and permissions.
-    /// </remarks>
-    [Inject]
-    protected IPrivilegeContextProvider PrivilegeContextProvider { get; set; } = default!;
+    public PrivilegeContextView(
+        IPrivilegeContextProvider privilegeContextProvider,
+        AuthenticationStateProvider? authenticationStateProvider = null)
+    {
+        PrivilegeContextProvider = privilegeContextProvider;
+        AuthenticationStateProvider = authenticationStateProvider;
+    }
 
-    /// <summary>
-    /// Gets or sets the authentication state provider used to retrieve the current user's authentication information.
-    /// This service is automatically injected from the Blazor authentication system.
-    /// </summary>
-    /// <value>
-    /// An <see cref="AuthenticationStateProvider"/> instance used to retrieve the current user's authentication state.
-    /// This is passed to the privilege context provider to load user-specific privileges.
-    /// </value>
-    /// <remarks>
-    /// The authentication state contains the current user's <see cref="System.Security.Claims.ClaimsPrincipal"/>, 
-    /// which is used by the privilege context provider to determine what privileges should be loaded.
-    /// This enables user-specific privilege evaluation based on identity, roles, and claims.
-    /// </remarks>
-    [Inject]
-    protected AuthenticationStateProvider AuthenticationStateProvider { get; set; } = default!;
 
     /// <summary>
     /// Gets or sets the render fragment to display while the privilege context is loading.
@@ -164,6 +141,37 @@ public class PrivilegeContextView : ComponentBase
     [Parameter]
     public RenderFragment? ChildContent { get; set; }
 
+
+    /// <summary>
+    /// Gets or sets the provider for retrieving the privilege context.
+    /// This service is automatically injected and must be registered in the dependency injection container.
+    /// </summary>
+    /// <value>
+    /// An <see cref="IPrivilegeContextProvider"/> instance used to asynchronously load the privilege context.
+    /// This service should be registered in the dependency injection container.
+    /// </value>
+    /// <remarks>
+    /// The provider is responsible for loading user-specific privilege rules and aliases, typically from
+    /// a database, cache, or external authorization service. The implementation should handle user identity
+    /// and return appropriate privilege contexts based on the authenticated user's roles and permissions.
+    /// </remarks>
+    protected IPrivilegeContextProvider PrivilegeContextProvider { get; }
+
+    /// <summary>
+    /// Gets or sets the authentication state provider used to retrieve the current user's authentication information.
+    /// This service is automatically injected from the Blazor authentication system.
+    /// </summary>
+    /// <value>
+    /// An <see cref="AuthenticationStateProvider"/> instance used to retrieve the current user's authentication state.
+    /// This is passed to the privilege context provider to load user-specific privileges.
+    /// </value>
+    /// <remarks>
+    /// The authentication state contains the current user's <see cref="System.Security.Claims.ClaimsPrincipal"/>,
+    /// which is used by the privilege context provider to determine what privileges should be loaded.
+    /// This enables user-specific privilege evaluation based on identity, roles, and claims.
+    /// </remarks>
+    protected AuthenticationStateProvider? AuthenticationStateProvider { get; }
+
     /// <summary>
     /// Gets or sets the privilege context used for evaluating privilege rules.
     /// </summary>
@@ -177,7 +185,8 @@ public class PrivilegeContextView : ComponentBase
     /// privilege-aware behavior throughout the component tree. The loading state can be determined by
     /// checking if this property is <c>null</c>.
     /// </remarks>
-    protected PrivilegeContext? PrivilegeContext { get; set; }
+    protected PrivilegeContext? PrivilegeContext { get; private set; }
+
 
     /// <summary>
     /// Builds the render tree for the component, displaying the appropriate content based on the loading state
@@ -204,8 +213,8 @@ public class PrivilegeContextView : ComponentBase
     protected override void BuildRenderTree(RenderTreeBuilder builder)
     {
         builder.OpenComponent<CascadingValue<PrivilegeContext?>>(0);
-        builder.AddAttribute(1, nameof(CascadingValue<PrivilegeContext?>.Value), PrivilegeContext);
-        builder.AddAttribute(2, nameof(CascadingValue<PrivilegeContext?>.ChildContent), BuildChildContent());
+        builder.AddAttribute(1, nameof(CascadingValue<>.Value), PrivilegeContext);
+        builder.AddAttribute(2, nameof(CascadingValue<>.ChildContent), BuildChildContent());
         builder.CloseComponent();
     }
 
@@ -232,8 +241,8 @@ protected override void BuildRenderTree(RenderTreeBuilder builder)
     /// </remarks>
     protected override async Task OnInitializedAsync()
     {
-        var authenticationState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
-        PrivilegeContext = await PrivilegeContextProvider.GetContextAsync(authenticationState.User);
+        var authenticationState = AuthenticationStateProvider != null ? await AuthenticationStateProvider.GetAuthenticationStateAsync() : null;
+        PrivilegeContext = await PrivilegeContextProvider.GetContextAsync(authenticationState?.User);
         StateHasChanged();
     }
 

samples/Sample.Application/Sample.Application/Program.cs

@@ -27,9 +27,9 @@ namespace Privileged.Components;
 /// </remarks>
 /// <example>
 /// <code>
-/// &lt;PrivilegeInputDate @bind-Value="model.BirthDate" 
-///                     Subject="Employee" 
-///                     Field="BirthDate" 
+/// &lt;PrivilegeInputDate @bind-Value="model.BirthDate"
+///                     Subject="Employee"
+///                     Field="BirthDate"
 ///                     type="date" /&gt;
 /// </code>
 /// </example>
@@ -64,7 +64,7 @@ public class PrivilegeInputDate<TValue> : InputDate<TValue>
     protected PrivilegeFormState? PrivilegeFormState { get; set; }
 
     /// <summary>
-    /// Gets or sets the subject for privilege evaluation. 
+    /// Gets or sets the subject for privilege evaluation.
     /// </summary>
     /// <value>
     /// The subject string used for privilege evaluation. If not specified, defaults to:
@@ -228,8 +228,8 @@ protected override void OnParametersSet()
     /// <item><description>Maintains the element reference for form integration</description></item>
     /// </list>
     /// <para>
-    /// Note that when no read permission is granted, a single-line password input is rendered instead of 
-    /// a date input to maintain security and hide sensitive date information such as birth dates, hire dates, 
+    /// Note that when no read permission is granted, a single-line password input is rendered instead of
+    /// a date input to maintain security and hide sensitive date information such as birth dates, hire dates,
     /// or other personally identifiable temporal data.
     /// </para>
     /// </remarks>
@@ -258,4 +258,20 @@ protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Renderin
         builder.AddElementReferenceCapture(7, __inputReference => Element = __inputReference);
         builder.CloseElement();
     }
+
+    protected override string FormatValueAsString(TValue? value)
+    {
+        // treat MinValue as empty
+        if (value is DateTime dateTime && dateTime == DateTime.MinValue)
+            return string.Empty;
+
+        if (value is DateTimeOffset dateTimeOffset && dateTimeOffset == DateTimeOffset.MinValue)
+            return string.Empty;
+
+        if (value is DateOnly dateOnly && dateOnly == DateOnly.MinValue)
+            return string.Empty;
+
+        // otherwise, use base implementation
+        return base.FormatValueAsString(value);
+    }
 }