Skip to content

Effects

IdentityModule is an [EffectsModule(typeof(IIdentityStore))] that generates Eff<RT, T> effect methods for programmatic identity and role management.

Capability Interface

public interface IHasIdentityStore
{
    IIdentityStore IdentityStore { get; }
}

Effect Methods

public static partial class IdentityModule
{
    public static partial class Identity
    {
        public static Eff<RT, Option<UserIdentity>> GetAsync<RT>(string userId)
            where RT : IHasIdentityStore => ...

        public static Eff<RT, IReadOnlyList<RoleAssignment>> GetRolesAsync<RT>(string userId)
            where RT : IHasIdentityStore => ...

        public static Eff<RT, Unit> AssignRoleAsync<RT>(string userId, string roleName)
            where RT : IHasIdentityStore => ...

        public static Eff<RT, Unit> RevokeRoleAsync<RT>(string userId, string roleName)
            where RT : IHasIdentityStore => ...
    }
}

Examples

Assign a role

var promoteToAdmin =
    from user in IdentityModule.Identity.GetAsync<AppRuntime>(userId)
        .Require(Error.New(404, "User not found"))
    from _ in IdentityModule.Identity.AssignRoleAsync<AppRuntime>(userId, "admin")
    from __ in AuditModule.Audit.SaveAsync<AppRuntime>(new AuditEntry
    {
        EntityType = "User",
        EntityId = userId,
        Action = "role_assigned:admin",
        Actor = CorrelationContext.Current?.UserId ?? "system"
    })
    select unit;

Check roles in a pipeline

var adminOnlyOperation =
    from roles in IdentityModule.Identity.GetRolesAsync<AppRuntime>(userId)
    from _ in Guard<AppRuntime>(roles.Any(r => r.RoleName == "admin"),
        Error.New(403, "Admin role required"))
    from result in PerformAdminAction()
    select result;

Effects vs attributes

Effects-based identity queries are for programmatic role management (assigning roles, querying role data). For handler authorization, use [Authorize] and [Require] attributes — see Authorization.