kawa
6d9c79ad5a
Feature work: - Certificate (app-only) auth per profile: cert store, context/Graph client factories, automated app-registration provisioning (delegated + application permissions, admin consent), and a SessionManager seam that resolves the auth model per profile. - Scheduled reports: repositories, hosted service/runner/coordinator, report pages, and email delivery (app-only Mail.Send). - Tenant-wide user-access audit when no site is selected. Audit fixes: - Site enumeration: app-only discovery used Graph getAllSites (needs Graph Sites.Read.All the cert app lacks) and silently returned empty. Switched to the admin-host CSOM TenantSiteEnumerator, matching the scheduler; both auth models now share one enumeration path. - Group expansion: the scan records a SharePoint group as a single principal, so user-centric audits found nothing for group-granted access. Resolve group membership (shared by audit + scheduler) and attribute it to the target user. - M365 group claims: the resolver only recognized AAD security groups (c:0t.c|). Group-connected/Teams sites grant via the M365 group claim (c:0o.c|…|<guid>[_o]); now expanded too, resolving owners for the "_o" claim. - Provision Directory.Read.All as an application permission so M365/AAD group expansion works under the cert identity. Also: ignore data/appcerts/ (encrypted certificate key material). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
68 lines
818 B
Plaintext
68 lines
818 B
Plaintext
## .NET / C#
|
|
bin/
|
|
obj/
|
|
*.user
|
|
*.suo
|
|
*.userosscache
|
|
*.sln.docstates
|
|
.vs/
|
|
*.rsuser
|
|
.idea/
|
|
|
|
## Build outputs
|
|
[Dd]ebug/
|
|
[Rr]elease/
|
|
[Pp]ublish/
|
|
[Oo]ut/
|
|
artifacts/
|
|
*.nupkg
|
|
*.snupkg
|
|
*.zip
|
|
|
|
## NuGet
|
|
*.nuget.props
|
|
*.nuget.targets
|
|
packages/
|
|
!**/packages/build/
|
|
project.lock.json
|
|
project.fragment.lock.json
|
|
|
|
## ASP.NET Core
|
|
appsettings.Development.json
|
|
appsettings.*.json
|
|
!appsettings.json
|
|
|
|
## Logs
|
|
logs/
|
|
*.log
|
|
|
|
## User secrets / sensitive config
|
|
secrets.json
|
|
*.pfx
|
|
*.p12
|
|
*.key
|
|
|
|
## OS
|
|
Thumbs.db
|
|
.DS_Store
|
|
|
|
## Node (if any frontend assets)
|
|
node_modules/
|
|
wwwroot/dist/
|
|
wwwroot/lib/
|
|
|
|
## Test results
|
|
TestResults/
|
|
*.trx
|
|
*.coveragexml
|
|
coverage/
|
|
|
|
## Runtime data (seeded from *.example.json; never commit live tenant/user data)
|
|
data/*.json
|
|
!data/*.example.json
|
|
data/logs/
|
|
data/exports/
|
|
data/templates/
|
|
data/audit.jsonl
|
|
data/appcerts/
|