feat(07-03): implement GraphUserSearchService for people-picker autocomplete

- Queries Graph /users with startsWith filter on displayName, mail, UPN - Requires minimum 2 chars to prevent overly broad queries - Sets ConsistencyLevel=eventual + Count=true (required for advanced filter) - Escapes single quotes to prevent OData injection - Returns up to maxResults (default 10) GraphUserResult records
2026-04-07 12:39:22 +02:00
parent 7e6f3e7fc0
commit 026b8294de
1 changed files with 53 additions and 0 deletions
--- a/SharepointToolbox/Services/GraphUserSearchService.cs
+++ b/SharepointToolbox/Services/GraphUserSearchService.cs
@@ -0,0 +1,53 @@
+using SharepointToolbox.Infrastructure.Auth;
+
+namespace SharepointToolbox.Services;
+
+/// <summary>
+/// Searches tenant users via Microsoft Graph API.
+/// Used by the people-picker autocomplete in the User Access Audit tab.
+/// </summary>
+public class GraphUserSearchService : IGraphUserSearchService
+{
+    private readonly GraphClientFactory _graphClientFactory;
+
+    public GraphUserSearchService(GraphClientFactory graphClientFactory)
+    {
+        _graphClientFactory = graphClientFactory;
+    }
+
+    public async Task<IReadOnlyList<GraphUserResult>> SearchUsersAsync(
+        string clientId,
+        string query,
+        int maxResults = 10,
+        CancellationToken ct = default)
+    {
+        if (string.IsNullOrWhiteSpace(query) || query.Length < 2)
+            return Array.Empty<GraphUserResult>();
+
+        var graphClient = await _graphClientFactory.CreateClientAsync(clientId, ct);
+
+        // Use $filter with startsWith on displayName and mail.
+        // Graph API requires ConsistencyLevel=eventual for advanced queries.
+        var escapedQuery = query.Replace("'", "''");
+        var response = await graphClient.Users.GetAsync(config =>
+        {
+            config.QueryParameters.Filter =
+                $"startsWith(displayName,'{escapedQuery}') or startsWith(mail,'{escapedQuery}') or startsWith(userPrincipalName,'{escapedQuery}')";
+            config.QueryParameters.Select = new[] { "displayName", "userPrincipalName", "mail" };
+            config.QueryParameters.Top = maxResults;
+            config.QueryParameters.Orderby = new[] { "displayName" };
+            config.Headers.Add("ConsistencyLevel", "eventual");
+            config.QueryParameters.Count = true;
+        }, ct);
+
+        if (response?.Value is null)
+            return Array.Empty<GraphUserResult>();
+
+        return response.Value
+            .Select(u => new GraphUserResult(
+                DisplayName: u.DisplayName ?? u.UserPrincipalName ?? "Unknown",
+                UserPrincipalName: u.UserPrincipalName ?? string.Empty,
+                Mail: u.Mail))
+            .ToList();
+    }
+}