[CLAUDE] Domain+Infra: Plan CA Chunk A — Add role CatalogManager + seed 9 menu CRUD

- AppRoles.cs +CatalogManager const + update All array (6 LOC) - DbInitializer.cs RoleLabels +CatalogManager ("DM", "Nhân viên Quản lý danh mục") - DbInitializer.cs +SeedCatalogManagerPermissionsAsync() method ~50 LOC - Wire seed call vào SeedAdminPermissionsAsync chain (idempotent, mirror SeedPePermissionDefaults pattern) Permission scope: 9 menu key CRUD all true - Master (root) + Suppliers + Projects + Departments - Catalogs (root) + CatalogUnits + CatalogMaterials + CatalogServices + CatalogWorkItems Verify: - dotnet build SolutionErp.slnx PASS 0 err, 2 pre-existing DocxRenderer warn - Idempotent: skip per-(role,menuKey) existing row - 0 FE touch (Chunk B Implementer parallel commit 06a441c) Plan CA: anh chốt move "Cấu hình danh mục dùng chung" từ fe-admin → fe-user. Admin tạo role CatalogManager gán user nào cần CRUD; phần phân quyền User giữ trong fe-admin Permission Matrix (existing /system/permissions). Pending Chunk C: sidebar filter 2 app (fe-admin HIDE 9 menu, fe-user SHOW) Pending Chunk D: smoke verify + tạo demo user catalog.manager@solutions.com.vn Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 10:58:18 +07:00
parent 06a441cf4e
commit 80d39a06fb
2 changed files with 64 additions and 0 deletions
--- a/src/Backend/SolutionErp.Domain/Identity/AppRoles.cs
+++ b/src/Backend/SolutionErp.Domain/Identity/AppRoles.cs
@ -15,9 +15,15 @@ public static class AppRoles
    public const string AuthorizedSigner = "AuthorizedSigner";
    public const string HrAdmin = "HrAdmin";

+    // [Plan CA S29 2026-05-22] Role mới — quản lý danh mục dùng chung
+    // (Suppliers/Projects/Departments/Catalogs) sau khi move FE từ admin → eoffice.
+    // Admin tạo role gán user nào cần CRUD danh mục; role-based access control.
+    public const string CatalogManager = "CatalogManager";
+
    public static readonly string[] All = [
        Admin, Drafter, DeptManager, ProjectManager,
        Procurement, CostControl, Finance, Accounting, Equipment,
        Director, AuthorizedSigner, HrAdmin,
+        CatalogManager,
    ];
 }
--- a/src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs
+++ b/src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs
@ -1129,6 +1129,7 @@ public static class DbInitializer
        [AppRoles.Director]         = ("BOD",   "Ban Giám đốc"),
        [AppRoles.AuthorizedSigner] = ("NĐUQ",  "Người được Ủy quyền ký HĐ"),
        [AppRoles.HrAdmin]          = ("HRA",   "Phòng Nhân sự - Hành chính"),
+        [AppRoles.CatalogManager]   = ("DM",    "Nhân viên Quản lý danh mục"),
    };

    private static async Task SeedRolesAsync(RoleManager<Role> roleManager, ILogger logger)
@ -1545,6 +1546,63 @@ public static class DbInitializer
        // DuyetNccPhuongAn).
        // Idempotent: skip per-(role,menuKey) đã có, chỉ add row mới.
        await SeedPurchaseEvaluationPermissionDefaultsAsync(db, roleManager, logger);
+
+        // [Plan CA S29 2026-05-22] Role CatalogManager — quản lý danh mục dùng chung
+        // (Master/Suppliers/Projects/Departments + 4 Catalogs leaf). Admin gán role
+        // cho user nào cần CRUD danh mục sau khi move FE từ admin → eoffice.
+        await SeedCatalogManagerPermissionsAsync(db, roleManager, logger);
+    }
+
+    // [Plan CA S29 2026-05-22] Permission defaults cho role CatalogManager.
+    // Strategy: full CRUD trên 9 menu key danh mục dùng chung:
+    //   - Master (root group) + Suppliers + Projects + Departments
+    //   - Catalogs (root group) + CatalogUnits + CatalogMaterials + CatalogServices + CatalogWorkItems
+    // Idempotent: skip per-(role,menuKey) đã có row.
+    private static async Task SeedCatalogManagerPermissionsAsync(
+        ApplicationDbContext db, RoleManager<Role> roleManager, ILogger logger)
+    {
+        var role = await roleManager.FindByNameAsync(AppRoles.CatalogManager);
+        if (role is null) return;
+
+        var menuKeys = new[]
+        {
+            MenuKeys.Master,
+            MenuKeys.Suppliers,
+            MenuKeys.Projects,
+            MenuKeys.Departments,
+            MenuKeys.Catalogs,
+            MenuKeys.CatalogUnits,
+            MenuKeys.CatalogMaterials,
+            MenuKeys.CatalogServices,
+            MenuKeys.CatalogWorkItems,
+        };
+
+        var existing = await db.Permissions
+            .Where(p => p.RoleId == role.Id && menuKeys.Contains(p.MenuKey))
+            .Select(p => p.MenuKey)
+            .ToListAsync();
+
+        int added = 0;
+        foreach (var menuKey in menuKeys)
+        {
+            if (existing.Contains(menuKey)) continue;
+            db.Permissions.Add(new Permission
+            {
+                RoleId = role.Id,
+                MenuKey = menuKey,
+                CanRead = true,
+                CanCreate = true,
+                CanUpdate = true,
+                CanDelete = true,
+            });
+            added++;
+        }
+
+        if (added > 0)
+        {
+            await db.SaveChangesAsync();
+            logger.LogInformation("Seeded {Count} CatalogManager permissions (9 menu keys)", added);
+        }
    }

    // Permission defaults cho module Duyệt NCC (Pe_*). Strategy: