[CLAUDE] Scaffold: khoi tao SOLUTION_ERP Phase 0

- .NET 10 Clean Architecture: Domain/Application/Infrastructure/Api (4 project) - 2 React + Vite + TS app: fe-admin (:8082), fe-user (:8080) voi proxy /api - Node engines >=20, .nvmrc = 20 cho CI (bai hoc NamGroup) - SQL Server 2022 qua docker-compose (dev) - Parse 8 FORM -> docs/forms-spec.md (catalog + ma HD format RG-001) - Parse QUY_TRINH -> docs/workflow-contract.md (9 phase state machine + role matrix) - docs: CLAUDE.md, STATUS.md, PROJECT-MAP.md, migration-todos.md (roadmap 5 phase) - .claude/skills: 3 placeholder (contract-workflow, form-engine, permission-matrix) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 10:37:34 +07:00
commit 25dad7f36f
69 changed files with 3616 additions and 0 deletions
--- a/.claude/skills/permission-matrix/SKILL.md
+++ b/.claude/skills/permission-matrix/SKILL.md
@ -0,0 +1,41 @@
+---
+name: permission-matrix
+description: Hệ thống phân quyền Role × MenuKey × CRUD. Sidebar gating, permission guard, seed default, reset password. Dùng khi debug access denied, gán role, menu không hiện.
+when-to-use:
+  - "permission denied"
+  - "access denied"
+  - "menu không hiện"
+  - "gán role cho user"
+  - "reset password"
+  - "seed permission"
+---
+
+# Permission Matrix Skill
+
+> **Phase 1 deliverable.** Hiện tại skill này là PLACEHOLDER.
+
+## Context
+
+Pattern copy từ **NamGroup** skill `permission-system` nhưng đơn giản hóa:
+- 1 User có N Role
+- 1 Role có ma trận (MenuKey, CRUD flags) — `Permission` table
+- Không có per-user override (giữ đơn giản cho Phase 1)
+- Menu tree flat 2 cấp, hardcode `MenuKey`
+
+## Tech
+
+- BE: `[Authorize(Policy = "Menu.Read")]` attribute
+- FE: `<PermissionGuard menuKey="Contracts" action="Update">` + `usePermission().can("Contracts", "Update")`
+- Resolution: API `/api/menus/me` trả về tree + permissions đã resolved theo user's roles
+
+## Code pointers (sẽ có sau Phase 1)
+
+- `src/Backend/SolutionErp.Domain/Identity/Permission.cs`
+- `src/Backend/SolutionErp.Application/Permissions/Queries/GetMyMenuTreeQuery.cs`
+- `fe-admin/src/components/PermissionGuard.tsx`
+- `fe-admin/src/hooks/usePermission.ts`
+
+## Common pitfalls (dự kiến)
+
+- Quên refresh token sau khi admin update permission → user phải logout/login mới thấy
+- MenuKey hardcode dễ typo → tập trung vào file `src/lib/menuKeys.ts` (FE) + `MenuKeys.cs` (BE const)