[CLAUDE] Domain+Infra: Plan CA Chunk A — Add role CatalogManager + seed 9 menu CRUD
- AppRoles.cs +CatalogManager const + update All array (6 LOC)
- DbInitializer.cs RoleLabels +CatalogManager ("DM", "Nhân viên Quản lý danh mục")
- DbInitializer.cs +SeedCatalogManagerPermissionsAsync() method ~50 LOC
- Wire seed call vào SeedAdminPermissionsAsync chain (idempotent, mirror SeedPePermissionDefaults pattern)
Permission scope: 9 menu key CRUD all true
- Master (root) + Suppliers + Projects + Departments
- Catalogs (root) + CatalogUnits + CatalogMaterials + CatalogServices + CatalogWorkItems
Verify:
- dotnet build SolutionErp.slnx PASS 0 err, 2 pre-existing DocxRenderer warn
- Idempotent: skip per-(role,menuKey) existing row
- 0 FE touch (Chunk B Implementer parallel commit 06a441c)
Plan CA: anh chốt move "Cấu hình danh mục dùng chung" từ fe-admin → fe-user.
Admin tạo role CatalogManager gán user nào cần CRUD; phần phân quyền User
giữ trong fe-admin Permission Matrix (existing /system/permissions).
Pending Chunk C: sidebar filter 2 app (fe-admin HIDE 9 menu, fe-user SHOW)
Pending Chunk D: smoke verify + tạo demo user catalog.manager@solutions.com.vn
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
pqhuy1987
@ -15,9 +15,15 @@ public static class AppRoles
|
|||||||
public const string AuthorizedSigner = "AuthorizedSigner";
|
public const string AuthorizedSigner = "AuthorizedSigner";
|
||||||
public const string HrAdmin = "HrAdmin";
|
public const string HrAdmin = "HrAdmin";
|
||||||
|
|
||||||
|
// [Plan CA S29 2026-05-22] Role mới — quản lý danh mục dùng chung
|
||||||
|
// (Suppliers/Projects/Departments/Catalogs) sau khi move FE từ admin → eoffice.
|
||||||
|
// Admin tạo role gán user nào cần CRUD danh mục; role-based access control.
|
||||||
|
public const string CatalogManager = "CatalogManager";
|
||||||
|
|
||||||
public static readonly string[] All = [
|
public static readonly string[] All = [
|
||||||
Admin, Drafter, DeptManager, ProjectManager,
|
Admin, Drafter, DeptManager, ProjectManager,
|
||||||
Procurement, CostControl, Finance, Accounting, Equipment,
|
Procurement, CostControl, Finance, Accounting, Equipment,
|
||||||
Director, AuthorizedSigner, HrAdmin,
|
Director, AuthorizedSigner, HrAdmin,
|
||||||
|
CatalogManager,
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1129,6 +1129,7 @@ public static class DbInitializer
|
|||||||
[AppRoles.Director] = ("BOD", "Ban Giám đốc"),
|
[AppRoles.Director] = ("BOD", "Ban Giám đốc"),
|
||||||
[AppRoles.AuthorizedSigner] = ("NĐUQ", "Người được Ủy quyền ký HĐ"),
|
[AppRoles.AuthorizedSigner] = ("NĐUQ", "Người được Ủy quyền ký HĐ"),
|
||||||
[AppRoles.HrAdmin] = ("HRA", "Phòng Nhân sự - Hành chính"),
|
[AppRoles.HrAdmin] = ("HRA", "Phòng Nhân sự - Hành chính"),
|
||||||
|
[AppRoles.CatalogManager] = ("DM", "Nhân viên Quản lý danh mục"),
|
||||||
};
|
};
|
||||||
|
|
||||||
private static async Task SeedRolesAsync(RoleManager<Role> roleManager, ILogger logger)
|
private static async Task SeedRolesAsync(RoleManager<Role> roleManager, ILogger logger)
|
||||||
@ -1545,6 +1546,63 @@ public static class DbInitializer
|
|||||||
// DuyetNccPhuongAn).
|
// DuyetNccPhuongAn).
|
||||||
// Idempotent: skip per-(role,menuKey) đã có, chỉ add row mới.
|
// Idempotent: skip per-(role,menuKey) đã có, chỉ add row mới.
|
||||||
await SeedPurchaseEvaluationPermissionDefaultsAsync(db, roleManager, logger);
|
await SeedPurchaseEvaluationPermissionDefaultsAsync(db, roleManager, logger);
|
||||||
|
|
||||||
|
// [Plan CA S29 2026-05-22] Role CatalogManager — quản lý danh mục dùng chung
|
||||||
|
// (Master/Suppliers/Projects/Departments + 4 Catalogs leaf). Admin gán role
|
||||||
|
// cho user nào cần CRUD danh mục sau khi move FE từ admin → eoffice.
|
||||||
|
await SeedCatalogManagerPermissionsAsync(db, roleManager, logger);
|
||||||
|
}
|
||||||
|
|
||||||
|
// [Plan CA S29 2026-05-22] Permission defaults cho role CatalogManager.
|
||||||
|
// Strategy: full CRUD trên 9 menu key danh mục dùng chung:
|
||||||
|
// - Master (root group) + Suppliers + Projects + Departments
|
||||||
|
// - Catalogs (root group) + CatalogUnits + CatalogMaterials + CatalogServices + CatalogWorkItems
|
||||||
|
// Idempotent: skip per-(role,menuKey) đã có row.
|
||||||
|
private static async Task SeedCatalogManagerPermissionsAsync(
|
||||||
|
ApplicationDbContext db, RoleManager<Role> roleManager, ILogger logger)
|
||||||
|
{
|
||||||
|
var role = await roleManager.FindByNameAsync(AppRoles.CatalogManager);
|
||||||
|
if (role is null) return;
|
||||||
|
|
||||||
|
var menuKeys = new[]
|
||||||
|
{
|
||||||
|
MenuKeys.Master,
|
||||||
|
MenuKeys.Suppliers,
|
||||||
|
MenuKeys.Projects,
|
||||||
|
MenuKeys.Departments,
|
||||||
|
MenuKeys.Catalogs,
|
||||||
|
MenuKeys.CatalogUnits,
|
||||||
|
MenuKeys.CatalogMaterials,
|
||||||
|
MenuKeys.CatalogServices,
|
||||||
|
MenuKeys.CatalogWorkItems,
|
||||||
|
};
|
||||||
|
|
||||||
|
var existing = await db.Permissions
|
||||||
|
.Where(p => p.RoleId == role.Id && menuKeys.Contains(p.MenuKey))
|
||||||
|
.Select(p => p.MenuKey)
|
||||||
|
.ToListAsync();
|
||||||
|
|
||||||
|
int added = 0;
|
||||||
|
foreach (var menuKey in menuKeys)
|
||||||
|
{
|
||||||
|
if (existing.Contains(menuKey)) continue;
|
||||||
|
db.Permissions.Add(new Permission
|
||||||
|
{
|
||||||
|
RoleId = role.Id,
|
||||||
|
MenuKey = menuKey,
|
||||||
|
CanRead = true,
|
||||||
|
CanCreate = true,
|
||||||
|
CanUpdate = true,
|
||||||
|
CanDelete = true,
|
||||||
|
});
|
||||||
|
added++;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (added > 0)
|
||||||
|
{
|
||||||
|
await db.SaveChangesAsync();
|
||||||
|
logger.LogInformation("Seeded {Count} CatalogManager permissions (9 menu keys)", added);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Permission defaults cho module Duyệt NCC (Pe_*). Strategy:
|
// Permission defaults cho module Duyệt NCC (Pe_*). Strategy:
|
||||||
|
|||||||
Reference in New Issue
Block a user