The query that retrieves the roles of a user no longer returns all the subjects a role has been assigned to, as this could pose a security risk by exposing unnecessary information.
The Mappings property is no longer used outside the query and has been removed.
The Role Enabled property has been removed, as stores already return only enabled roles and permissions. If this behavior is incorrect, it would indicate a bug in the current code, as enabled roles are added to claims, but permissions from disabled roles are also being added to claims.
The queries are also changed so that they project the properties that are really needed, optimizing data retrieval and reducing memory footprint.
These changes significantly improve query performance by removing four joins (many-to-many relationships) and avoiding a cartesian explosion, which would otherwise degrade performance based on the number of users a role is assigned to.
Potential breaking change:
This could impact those who have implemented their own store and rely on Balea.Models. However, Balea Server itself remains unaffected, as it returns a custom DTO. Since Balea.Models and the DTO share the same property names, the serializer will omit any additional properties, ensuring compatibility.
The following changes are implemented in this PR:
These changes significantly improve query performance by removing four joins (many-to-many relationships) and avoiding a cartesian explosion, which would otherwise degrade performance based on the number of users a role is assigned to.
Potential breaking change: This could impact those who have implemented their own store and rely on Balea.Models. However, Balea Server itself remains unaffected, as it returns a custom DTO. Since Balea.Models and the DTO share the same property names, the serializer will omit any additional properties, ensuring compatibility.
Resolves #51