vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[CLAUDE] Docs+Skill: chốt session 6 — 3 skill refresh + 2 rule audit định kỳ

Browse Source 
Pure docs work — 0 thay đổi code/test. 77 test vẫn pass (Domain 54 + Infra 23).

3 skill refresh stale (audit định kỳ §6.4 + §9.4 phát hiện):
- form-engine: "Phase 2 MVP missing PDF + form builder" → "Tier 3 feature-complete"
  + bỏ section duplicate "Gen mã HĐ chưa implement" (đã DONE Phase 3+6)
- permission-matrix: 12 menu cũ → ~60 menu key (Bg_*/Pe_*/PeWf_*/Catalogs)
  + inheritance roots 4 group + Budgets KHÔNG inherit (gotcha #35)
- ef-core-migration: "24 DbSet" → "52 bảng (15 migration)"

2 rule mới chốt:
- rules.md §6.4 — Audit + compact MD định kỳ (cadence + checklist + anti-pattern)
  Triết lý: KHÔNG rewrite toàn bộ. Compact + patch drift.
  Cron solution-erp-skill-audit-monthly mở rộng scope (skill + doc drift combined)
- rules.md §9.4 mở rộng cross-ref §6.4

Update STATUS Session 7+ priority + HANDOFF cảnh báo session 7 + migration-todos
Phase 9 Session 6 done sub.

Cron 2026-05-01 fire mai → combined audit theo checklist §6.4 + §9.4.

Session log đầy đủ: docs/changelog/sessions/2026-04-30-chot-session-6-md-audit-compact.md

Commit MD-only → CI skip (path filter gotcha #41).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
pqhuy1987
2026-04-30 01:18:51 +07:00
parent f24acb699a
commit 2abbc1d867
9 changed files with 319 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
.claude/skills/permission-matrix/SKILL.md
View File

@ -1,6 +1,6 @@
---
name: permission-matrix
description: Hệ thống phân quyền Role × MenuKey × CRUD. Seed 12 menu + admin full. FE PermissionGuard + usePermission. BE AuthorizationHandler + 48 policy. Dùng khi debug access denied, gán role, menu không hiện.
description: Hệ thống phân quyền Role × MenuKey × CRUD. ~60 menu key (12 root + Ct_*/Wf_*/Pe_*/PeWf_*/Bg_*/Catalogs). FE PermissionGuard + usePermission. BE AuthorizationHandler + ~240 policy. Dùng khi debug access denied, gán role, menu không hiện, inheritance không work.
when-to-use:
- "permission denied"
- "access denied"
@ -8,20 +8,19 @@ when-to-use:
- "gán role cho user"
- "seed permission"
- "permission matrix edit"
- "menu inheritance không work"
---
# Permission Matrix Skill
> **Status:** Phase 1 đợt 2 IMPLEMENTED + extended qua các phase sau (28 Ct_* + 7 Wf_* + Phase 6 thêm 13 Pe_*/PeWf_*).
> **Status (post Session 6 — 2026-04-30):** Phase 1 đợt 2 base + extended qua mọi phase. ~60 menu key total:
> - Core: Dashboard / Master+3 leaves / Forms / Reports / System+Users/Roles/Permissions (12 base)
> - Contracts root + 28 Ct_* (7 type × {Group/List/Create/Pending}) + Workflows root + 7 Wf_*
> - PurchaseEvaluations root + 6 Pe_* (2 type × 3 action) + PeWorkflows root + 2 PeWf_*
> - Budgets root + 3 Bg_* (List/Create/Pending)
> - Catalogs group + 4 leaves (Units/Materials/Services/WorkItems)
>
> **Phase 6 cross-ref (2026-04-23):** Thêm menu keys module Duyệt NCC:
> - `PurchaseEvaluations` (root group) + `PeWorkflows` (admin root, WIP)
> - `Pe_<Code>_<Action>` cho 2 type × 3 action = 6 leaf
> (`Pe_DuyetNcc_List/Create/Pending`, `Pe_DuyetNccPhuongAn_List/Create/Pending`)
> - `PeWf_<Code>` cho admin designer UI (FE chưa build)
> - Inheritance: `PurchaseEvaluations.Read` → auto grant Pe_* descendants (pattern Contracts → Ct_*)
> - FE resolver Layout.tsx: `Pe_<Code>_List` → `/purchase-evaluations?type=N` (1=NccOnly / 2=NccWithPlan)
> - **TODO session tiếp:** grant non-admin role `PurchaseEvaluations.Read` qua `/system/permissions` để user thấy menu Pe_*.
> **Inheritance roots (4 group, gotcha #35):** `Contracts` → Ct_*, `Workflows` → Wf_*, `PurchaseEvaluations` → Pe_*, `PeWorkflows` → PeWf_*. Khi thêm root mới có children → PHẢI extend 3 chỗ trong `GetMyMenuTreeQuery` (xem gotcha #35). Budgets KHÔNG inherit (Bg_* phải grant tay).
## Model
@ -35,26 +34,40 @@ User ────< UserRoles ────< Role ────< Permissions ──
- Union (OR) nhiều role → user có quyền nếu **bất kỳ role nào** cho quyền đó
- Admin role → **bypass** check (luôn pass mọi policy)
## Menu tree (seed)
12 menu trong `MenuKeys.All`:
## Menu tree (seed — ~60 key sau Phase 8)
```
Dashboard
Master
├── Suppliers
├── Projects
── Departments
Contracts
── Departments
└── Catalogs (group)
├── UnitsOfMeasure
├── MaterialItems
├── ServiceItems
└── WorkItems
Contracts (root inherit)
└── Ct_<Code>_<Group|List|Create|Pending> × 7 type = 28 leaf
Forms
PurchaseEvaluations (root inherit)
└── Pe_<Code>_<List|Create|Pending> × 2 type = 6 leaf
Budgets (root, NO inherit — grant tay)
├── Bg_List
├── Bg_Create
└── Bg_Pending
Reports
System
├── Users
├── Roles
── Permissions
── Permissions
├── Workflows (root inherit)
│ └── Wf_<Code> × 7 type = 7 leaf
└── PeWorkflows (root inherit)
└── PeWf_<Code> × 2 type = 2 leaf
```
Tree hierarchy qua `ParentKey` field. Seed trong `DbInitializer.SeedMenuTreeAsync`.
Tree hierarchy qua `ParentKey` field. Seed trong `DbInitializer.SeedMenuTreeAsync` + Pe/Wf/Bg seeders riêng.
## Code pointers