[CLAUDE] Phase1.2: CRUD Master + Permission Matrix + FE admin pages

Backend: - Domain/Master: Supplier (+ SupplierType 5 loai), Project, Department (AuditableEntity) - Domain/Identity: MenuItem, Permission, MenuKeys const (12 menu) - EF Configurations voi unique Code + query filter IsDeleted - DbSets + IApplicationDbContext interface update - Application: PagedResult + PagedRequest generic - Application/Master CQRS CRUD 3 entity (Create/Update/Delete/Get/List voi paging search sort) - Application/Permissions: GetMyMenuTree (union OR role, filter tree), ListMenuItems, ListPermissionsByRole, UpsertPermission (guard admin khong tu giam quyen), ListRoles - Api/Authorization: MenuPermissionRequirement + Handler (Admin bypass, query DB) - Program.cs: register 48 policy {menu}.{action} tu MenuKeys x Actions - Api/Controllers: Suppliers, Projects, Departments, Menus, Roles, Permissions - DbInitializer: seed 12 menu + admin full CRUD permissions - Migration AddMasterData + AddPermissions Frontend (fe-admin): - Types: menuKeys.ts const, menu.ts (MenuNode/Role/Permission), master.ts (Supplier/Project/Department + SupplierType const-object) - AuthContext: load menu from /menus/me, cache localStorage, refreshMenu() - usePermission hook + PermissionGuard component (wrap button) - UI kit them: Dialog (modal overlay), Textarea, Select - Generic: DataTable (column config, sortable, loading, empty) + Pagination - PageHeader component - apiError helper extract message tu ProblemDetails - Layout rewrite: render menu dong tu AuthContext.menu (MenuGroup collapsible + NavLink + lucide icon map) - Pages: master/Suppliers, master/Projects, master/Departments (CRUD + search + sort + paging + Dialog form) - Page system/Permissions: ma tran Role x MenuKey x CRUD checkbox (tick tu dong PUT upsert) - App.tsx them 4 route moi Bug fix: - MenuPermissionHandler: EF expression tree khong support switch expression -> tach switch ra ngoai AnyAsync - TS erasableSyntaxOnly khong cho enum -> SupplierType const-object pattern (typeof[keyof]) E2E verified via Vite proxy: - GET /menus/me -> 6 root + 6 child nodes (12 menus) - GET /roles -> 12 roles - POST/GET/PUT/DELETE /suppliers -> full CRUD, soft delete OK - tsc -b fe-admin pass Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 11:30:14 +07:00
parent 49a5f57a50
commit 54d6c9ba52
63 changed files with 4422 additions and 93 deletions
--- a/src/Backend/SolutionErp.Api/Controllers/DepartmentsController.cs
+++ b/src/Backend/SolutionErp.Api/Controllers/DepartmentsController.cs
@ -0,0 +1,46 @@
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SolutionErp.Application.Common.Models;
+using SolutionErp.Application.Master.Departments;
+
+namespace SolutionErp.Api.Controllers;
+
+[ApiController]
+[Route("api/departments")]
+[Authorize]
+public class DepartmentsController(IMediator mediator) : ControllerBase
+{
+    [HttpGet]
+    public async Task<ActionResult<PagedResult<DepartmentDto>>> List(
+        [FromQuery] int page = 1, [FromQuery] int pageSize = 20,
+        [FromQuery] string? search = null, [FromQuery] string? sortBy = null, [FromQuery] bool sortDesc = true,
+        CancellationToken ct = default)
+        => Ok(await mediator.Send(new ListDepartmentsQuery { Page = page, PageSize = pageSize, Search = search, SortBy = sortBy, SortDesc = sortDesc }, ct));
+
+    [HttpGet("{id:guid}")]
+    public async Task<ActionResult<DepartmentDto>> Get(Guid id, CancellationToken ct)
+        => Ok(await mediator.Send(new GetDepartmentQuery(id), ct));
+
+    [HttpPost]
+    public async Task<ActionResult<Guid>> Create([FromBody] CreateDepartmentCommand cmd, CancellationToken ct)
+    {
+        var id = await mediator.Send(cmd, ct);
+        return CreatedAtAction(nameof(Get), new { id }, new { id });
+    }
+
+    [HttpPut("{id:guid}")]
+    public async Task<IActionResult> Update(Guid id, [FromBody] UpdateDepartmentCommand cmd, CancellationToken ct)
+    {
+        if (id != cmd.Id) return BadRequest(new { detail = "ID không khớp" });
+        await mediator.Send(cmd, ct);
+        return NoContent();
+    }
+
+    [HttpDelete("{id:guid}")]
+    public async Task<IActionResult> Delete(Guid id, CancellationToken ct)
+    {
+        await mediator.Send(new DeleteDepartmentCommand(id), ct);
+        return NoContent();
+    }
+}
--- a/src/Backend/SolutionErp.Api/Controllers/MenusController.cs
+++ b/src/Backend/SolutionErp.Api/Controllers/MenusController.cs
@ -0,0 +1,22 @@
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SolutionErp.Application.Permissions;
+using SolutionErp.Application.Permissions.Dtos;
+using SolutionErp.Application.Permissions.Queries.GetMyMenuTree;
+
+namespace SolutionErp.Api.Controllers;
+
+[ApiController]
+[Route("api/menus")]
+[Authorize]
+public class MenusController(IMediator mediator) : ControllerBase
+{
+    [HttpGet("me")]
+    public async Task<ActionResult<List<MenuNodeDto>>> Me(CancellationToken ct)
+        => Ok(await mediator.Send(new GetMyMenuTreeQuery(), ct));
+
+    [HttpGet]
+    public async Task<ActionResult<List<MenuItemDto>>> List(CancellationToken ct)
+        => Ok(await mediator.Send(new ListMenuItemsQuery(), ct));
+}
--- a/src/Backend/SolutionErp.Api/Controllers/PermissionsController.cs
+++ b/src/Backend/SolutionErp.Api/Controllers/PermissionsController.cs
@ -0,0 +1,25 @@
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SolutionErp.Application.Permissions;
+using SolutionErp.Application.Permissions.Dtos;
+
+namespace SolutionErp.Api.Controllers;
+
+[ApiController]
+[Route("api/permissions")]
+[Authorize(Policy = "Permissions.Read")]
+public class PermissionsController(IMediator mediator) : ControllerBase
+{
+    [HttpGet("by-role/{roleId:guid}")]
+    public async Task<ActionResult<List<PermissionDto>>> ListByRole(Guid roleId, CancellationToken ct)
+        => Ok(await mediator.Send(new ListPermissionsByRoleQuery(roleId), ct));
+
+    [HttpPut]
+    [Authorize(Policy = "Permissions.Update")]
+    public async Task<IActionResult> Upsert([FromBody] UpsertPermissionCommand cmd, CancellationToken ct)
+    {
+        await mediator.Send(cmd, ct);
+        return NoContent();
+    }
+}
--- a/src/Backend/SolutionErp.Api/Controllers/ProjectsController.cs
+++ b/src/Backend/SolutionErp.Api/Controllers/ProjectsController.cs
@ -0,0 +1,46 @@
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SolutionErp.Application.Common.Models;
+using SolutionErp.Application.Master.Projects;
+
+namespace SolutionErp.Api.Controllers;
+
+[ApiController]
+[Route("api/projects")]
+[Authorize]
+public class ProjectsController(IMediator mediator) : ControllerBase
+{
+    [HttpGet]
+    public async Task<ActionResult<PagedResult<ProjectDto>>> List(
+        [FromQuery] int page = 1, [FromQuery] int pageSize = 20,
+        [FromQuery] string? search = null, [FromQuery] string? sortBy = null, [FromQuery] bool sortDesc = true,
+        CancellationToken ct = default)
+        => Ok(await mediator.Send(new ListProjectsQuery { Page = page, PageSize = pageSize, Search = search, SortBy = sortBy, SortDesc = sortDesc }, ct));
+
+    [HttpGet("{id:guid}")]
+    public async Task<ActionResult<ProjectDto>> Get(Guid id, CancellationToken ct)
+        => Ok(await mediator.Send(new GetProjectQuery(id), ct));
+
+    [HttpPost]
+    public async Task<ActionResult<Guid>> Create([FromBody] CreateProjectCommand cmd, CancellationToken ct)
+    {
+        var id = await mediator.Send(cmd, ct);
+        return CreatedAtAction(nameof(Get), new { id }, new { id });
+    }
+
+    [HttpPut("{id:guid}")]
+    public async Task<IActionResult> Update(Guid id, [FromBody] UpdateProjectCommand cmd, CancellationToken ct)
+    {
+        if (id != cmd.Id) return BadRequest(new { detail = "ID không khớp" });
+        await mediator.Send(cmd, ct);
+        return NoContent();
+    }
+
+    [HttpDelete("{id:guid}")]
+    public async Task<IActionResult> Delete(Guid id, CancellationToken ct)
+    {
+        await mediator.Send(new DeleteProjectCommand(id), ct);
+        return NoContent();
+    }
+}
--- a/src/Backend/SolutionErp.Api/Controllers/RolesController.cs
+++ b/src/Backend/SolutionErp.Api/Controllers/RolesController.cs
@ -0,0 +1,17 @@
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SolutionErp.Application.Permissions;
+using SolutionErp.Application.Permissions.Dtos;
+
+namespace SolutionErp.Api.Controllers;
+
+[ApiController]
+[Route("api/roles")]
+[Authorize]
+public class RolesController(IMediator mediator) : ControllerBase
+{
+    [HttpGet]
+    public async Task<ActionResult<List<RoleDto>>> List(CancellationToken ct)
+        => Ok(await mediator.Send(new ListRolesQuery(), ct));
+}
--- a/src/Backend/SolutionErp.Api/Controllers/SuppliersController.cs
+++ b/src/Backend/SolutionErp.Api/Controllers/SuppliersController.cs
@ -0,0 +1,53 @@
+using MediatR;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SolutionErp.Application.Common.Models;
+using SolutionErp.Application.Master.Suppliers.Commands.CreateSupplier;
+using SolutionErp.Application.Master.Suppliers.Commands.DeleteSupplier;
+using SolutionErp.Application.Master.Suppliers.Commands.UpdateSupplier;
+using SolutionErp.Application.Master.Suppliers.Dtos;
+using SolutionErp.Application.Master.Suppliers.Queries.GetSupplier;
+using SolutionErp.Application.Master.Suppliers.Queries.ListSuppliers;
+using SolutionErp.Domain.Master;
+
+namespace SolutionErp.Api.Controllers;
+
+[ApiController]
+[Route("api/suppliers")]
+[Authorize]
+public class SuppliersController(IMediator mediator) : ControllerBase
+{
+    [HttpGet]
+    public async Task<ActionResult<PagedResult<SupplierDto>>> List(
+        [FromQuery] int page = 1, [FromQuery] int pageSize = 20,
+        [FromQuery] string? search = null, [FromQuery] string? sortBy = null, [FromQuery] bool sortDesc = true,
+        [FromQuery] SupplierType? type = null,
+        CancellationToken ct = default)
+        => Ok(await mediator.Send(new ListSuppliersQuery(type) { Page = page, PageSize = pageSize, Search = search, SortBy = sortBy, SortDesc = sortDesc }, ct));
+
+    [HttpGet("{id:guid}")]
+    public async Task<ActionResult<SupplierDto>> Get(Guid id, CancellationToken ct)
+        => Ok(await mediator.Send(new GetSupplierQuery(id), ct));
+
+    [HttpPost]
+    public async Task<ActionResult<Guid>> Create([FromBody] CreateSupplierCommand cmd, CancellationToken ct)
+    {
+        var id = await mediator.Send(cmd, ct);
+        return CreatedAtAction(nameof(Get), new { id }, new { id });
+    }
+
+    [HttpPut("{id:guid}")]
+    public async Task<IActionResult> Update(Guid id, [FromBody] UpdateSupplierCommand cmd, CancellationToken ct)
+    {
+        if (id != cmd.Id) return BadRequest(new { detail = "ID không khớp" });
+        await mediator.Send(cmd, ct);
+        return NoContent();
+    }
+
+    [HttpDelete("{id:guid}")]
+    public async Task<IActionResult> Delete(Guid id, CancellationToken ct)
+    {
+        await mediator.Send(new DeleteSupplierCommand(id), ct);
+        return NoContent();
+    }
+}