From 183c8be7ff01c1c798ac74ed0dd65b4fcfedae47 Mon Sep 17 00:00:00 2001
From: Sebastian <sebastian@squidex.io>
Date: Thu, 26 Sep 2019 11:37:28 +0200
Subject: [PATCH] Fixed permission setup.

---
 src/Squidex.Domain.Users/UserManagerExtensions.cs |  8 ++++----
 src/Squidex.Domain.Users/UserValues.cs            | 13 +++++++++++--
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/Squidex.Domain.Users/UserManagerExtensions.cs b/src/Squidex.Domain.Users/UserManagerExtensions.cs
index 23da77c12..880663a92 100644
--- a/src/Squidex.Domain.Users/UserManagerExtensions.cs
+++ b/src/Squidex.Domain.Users/UserManagerExtensions.cs
@@ -134,7 +134,7 @@ namespace Squidex.Domain.Users
             {
                 await DoChecked(() => userManager.CreateAsync(user), "Cannot create user.");
 
-                var claims = values.ToClaims().ToList();
+                var claims = values.ToClaims(true);
 
                 if (claims.Count > 0)
                 {
@@ -172,7 +172,7 @@ namespace Squidex.Domain.Users
 
         public static Task<IdentityResult> GenerateClientSecretAsync(this UserManager<IdentityUser> userManager, IdentityUser user)
         {
-            var claims = new[] { new Claim(SquidexClaimTypes.ClientSecret, RandomHash.New()) };
+            var claims = new List<Claim> { new Claim(SquidexClaimTypes.ClientSecret, RandomHash.New()) };
 
             return userManager.SyncClaimsAsync(user, claims);
         }
@@ -204,7 +204,7 @@ namespace Squidex.Domain.Users
                 await DoChecked(() => userManager.SetUserNameAsync(user, values.Email), "Cannot update email.");
             }
 
-            await DoChecked(() => userManager.SyncClaimsAsync(user, values.ToClaims().ToList()), "Cannot update user.");
+            await DoChecked(() => userManager.SyncClaimsAsync(user, values.ToClaims(false)), "Cannot update user.");
 
             if (!string.IsNullOrWhiteSpace(values.Password))
             {
@@ -251,7 +251,7 @@ namespace Squidex.Domain.Users
             }
         }
 
-        public static async Task<IdentityResult> SyncClaimsAsync(this UserManager<IdentityUser> userManager, IdentityUser user, IEnumerable<Claim> claims)
+        public static async Task<IdentityResult> SyncClaimsAsync(this UserManager<IdentityUser> userManager, IdentityUser user, List<Claim> claims)
         {
             if (claims.Any())
             {
diff --git a/src/Squidex.Domain.Users/UserValues.cs b/src/Squidex.Domain.Users/UserValues.cs
index d7a28ee6c..ff6dddfa5 100644
--- a/src/Squidex.Domain.Users/UserValues.cs
+++ b/src/Squidex.Domain.Users/UserValues.cs
@@ -6,6 +6,7 @@
 // ==========================================================================
 
 using System.Collections.Generic;
+using System.Linq;
 using System.Security.Claims;
 using Squidex.Infrastructure.Security;
 using Squidex.Shared.Identity;
@@ -32,7 +33,12 @@ namespace Squidex.Domain.Users
 
         public PermissionSet Permissions { get; set; }
 
-        public IEnumerable<Claim> ToClaims()
+        public List<Claim> ToClaims(bool initial)
+        {
+            return ToClaimsCore(initial).ToList();
+        }
+
+        private IEnumerable<Claim> ToClaimsCore(bool initial)
         {
             if (!string.IsNullOrWhiteSpace(DisplayName))
             {
@@ -66,7 +72,10 @@ namespace Squidex.Domain.Users
 
             if (Permissions != null)
             {
-                yield return new Claim(SquidexClaimTypes.Permissions, string.Empty);
+                if (!initial)
+                {
+                    yield return new Claim(SquidexClaimTypes.Permissions, string.Empty);
+                }
 
                 foreach (var permission in Permissions)
                 {