[CLAUDE] Phase1.2: CRUD Master + Permission Matrix + FE admin pages

Backend:
- Domain/Master: Supplier (+ SupplierType 5 loai), Project, Department (AuditableEntity)
- Domain/Identity: MenuItem, Permission, MenuKeys const (12 menu)
- EF Configurations voi unique Code + query filter IsDeleted
- DbSets + IApplicationDbContext interface update
- Application: PagedResult + PagedRequest generic
- Application/Master CQRS CRUD 3 entity (Create/Update/Delete/Get/List voi paging search sort)
- Application/Permissions: GetMyMenuTree (union OR role, filter tree), ListMenuItems, ListPermissionsByRole, UpsertPermission (guard admin khong tu giam quyen), ListRoles
- Api/Authorization: MenuPermissionRequirement + Handler (Admin bypass, query DB)
- Program.cs: register 48 policy {menu}.{action} tu MenuKeys x Actions
- Api/Controllers: Suppliers, Projects, Departments, Menus, Roles, Permissions
- DbInitializer: seed 12 menu + admin full CRUD permissions
- Migration AddMasterData + AddPermissions

Frontend (fe-admin):
- Types: menuKeys.ts const, menu.ts (MenuNode/Role/Permission), master.ts (Supplier/Project/Department + SupplierType const-object)
- AuthContext: load menu from /menus/me, cache localStorage, refreshMenu()
- usePermission hook + PermissionGuard component (wrap button)
- UI kit them: Dialog (modal overlay), Textarea, Select
- Generic: DataTable (column config, sortable, loading, empty) + Pagination
- PageHeader component
- apiError helper extract message tu ProblemDetails
- Layout rewrite: render menu dong tu AuthContext.menu (MenuGroup collapsible + NavLink + lucide icon map)
- Pages: master/Suppliers, master/Projects, master/Departments (CRUD + search + sort + paging + Dialog form)
- Page system/Permissions: ma tran Role x MenuKey x CRUD checkbox (tick tu dong PUT upsert)
- App.tsx them 4 route moi

Bug fix:
- MenuPermissionHandler: EF expression tree khong support switch expression -> tach switch ra ngoai AnyAsync
- TS erasableSyntaxOnly khong cho enum -> SupplierType const-object pattern (typeof[keyof])

E2E verified via Vite proxy:
- GET /menus/me -> 6 root + 6 child nodes (12 menus)
- GET /roles -> 12 roles
- POST/GET/PUT/DELETE /suppliers -> full CRUD, soft delete OK
- tsc -b fe-admin pass

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docs/changelog/migration-todos.md

@@ -60,27 +60,28 @@
 
 ### Phase 1 đợt 2 — CRUD master + Permission Matrix (sắp tới)
 
-- [ ] `Domain/Entities/Supplier` (Code, Name, TaxCode, Phone, Email, Address, Type enum: NCC/NTP/TĐ/ĐVDV)
-- [ ] `Domain/Entities/Project` (Code, Name, StartDate, EndDate, ManagerUserId)
-- [ ] `Domain/Entities/Department` (Code, Name, ManagerUserId)
-- [ ] EF `IEntityTypeConfiguration<T>` cho mỗi entity
-- [ ] CQRS CRUD: Create/Update/Delete/GetById/List (với paging) cho 3 entity
-- [ ] `Api/Controllers/{SuppliersController, ProjectsController, DepartmentsController}`
-- [ ] Migration 2: `AddMasterData`
-- [ ] `Domain/Entities/MenuItem` (Key PascalCase, Label, ParentKey, Order, Icon)
-- [ ] `Domain/Entities/Permission` (RoleId, MenuKey, CanRead/Create/Update/Delete)
-- [ ] Seed default menu tree + permission admin có full access
-- [ ] `Application/Permissions/Queries/GetMyMenuTreeQuery` — resolve per-user, cache
-- [ ] `Api/Controllers/{MenusController, RolesController, PermissionsController}`
-- [ ] Migration 3: `AddPermissions`
-- [ ] `Domain/Entities/Contract` skeleton (Id, Type, SupplierId, ProjectId, Phase=DangChon, DraftData JSON)
-- [ ] Contract CRUD draft only (không workflow Phase 3)
-- [ ] FE: `<PermissionGuard menuKey="Suppliers" action="Update">` + `usePermission()` hook
-- [ ] FE Admin: 3 trang CRUD Supplier/Project/Department với table + modal + search/sort
-- [ ] FE Admin: Permission Matrix grid page (role × menu × CRUD checkbox)
-- [ ] FE User: trang "HĐ của tôi" list + filter
-- [ ] Route guard theo role admin-only
-- [ ] Update `SolutionErp.slnx` nếu thêm project mới
+- [x] `Domain/Master/Supplier` (+ SupplierType enum 5 loại) / `Project` / `Department` (AuditableEntity)
+- [x] EF `IEntityTypeConfiguration<T>` cho mỗi entity (unique Code + query filter IsDeleted)
+- [x] CQRS CRUD: Create/Update/Delete/GetById/List (PagedResult) cho 3 entity
+- [x] `Api/Controllers/{SuppliersController, ProjectsController, DepartmentsController}`
+- [x] Migration 2: `AddMasterData`
+- [x] `Domain/Identity/MenuItem` (Key PK, Label, ParentKey, Order, Icon) + `MenuKeys` const class
+- [x] `Domain/Identity/Permission` (RoleId, MenuKey, CanRead/Create/Update/Delete)
+- [x] Seed default menu tree (12 menu) + admin full access trong DbInitializer
+- [x] `Application/Permissions/Queries/GetMyMenuTreeQuery` — resolve per-user, union OR, tree filter
+- [x] `Api/Controllers/{MenusController, RolesController, PermissionsController}`
+- [x] Migration 3: `AddPermissions`
+- [x] Authorization handler `MenuPermissionHandler` + register 48 policy `{menu}.{action}`
+- [ ] `Domain/Entities/Contract` skeleton (Id, Type, SupplierId, ProjectId, Phase=DangChon, DraftData JSON) — deferred Phase 2/3
+- [ ] Contract CRUD draft only (không workflow Phase 3) — deferred
+- [x] FE: `<PermissionGuard menuKey="Suppliers" action="Update">` + `usePermission()` hook
+- [x] FE Admin: 3 trang CRUD Supplier/Project/Department với DataTable + Dialog modal + search/sort/paging
+- [x] FE Admin: Permission Matrix grid page (role × menu × CRUD checkbox)
+- [x] FE Admin: Layout menu động từ `/api/menus/me`
+- [ ] FE User: trang "HĐ của tôi" list + filter — Phase 3
+- [ ] FE Admin: Users management page (tạo user + gán role) — sắp tới
+- [ ] FE Admin: Roles CRUD — sắp tới
+- [ ] Route guard theo role admin-only — có PermissionGuard ở button, route cần thêm
 
 ### Exit criteria Phase 1