18 Commits

Author	SHA1	Message	Date
pqhuy1987	f3bea3c616	[CLAUDE] Workflow: Max 3 cấp/bước + N NV/cấp + sequential gating (V2 UAT iter 2) ... User feedback: "tối đa 3 cấp (không có cấp 4)" — không phải bắt buộc 3. Mỗi cấp = N NV (add bao nhiêu cũng được). Quy trình chạy theo số cấp thật sự cấu hình (1/2/3). C2 chưa thao tác được khi C1 chưa có NV. Convention DB: nhiều `ApprovalWorkflowLevel` row cùng Order = same Cấp, mỗi row = 1 NV. Service iterate group by Order; trong cùng cấp = OR-of-N (1 NV duyệt → cấp pass). BE — Application/ApprovalWorkflowsV2/ApprovalWorkflowV2AdminFeatures.cs: - Validator strict: - Order ∈ {1, 2, 3} (`MaxLevelsPerStep`) - Sequential gating: HaveSequentialOrders → 1 / 1+2 / 1+2+3, KHÔNG cho 2 (thiếu 1) hoặc 1+3 (thiếu 2) - HaveNoDuplicateApproverInSameLevel: 1 NV không thêm 2 lần cùng cấp - Schema KHÔNG đổi (giữ ApprovalWorkflowLevel.ApproverUserId 1-1). - Handler không đổi — auto handle multiple rows cùng Order. FE — ApprovalWorkflowsV2Page.tsx rewrite Levels section: - Type EditStep.levels → levelEntries: { order: 1|2|3; approverUserId }[] flat list (group by order trong render). - 3 SECTION CỐ ĐỊNH C1/C2/C3 trong Designer: - Mỗi section: header "Cấp N" + count NV + nút "+ Thêm NV" - List rows mỗi NV với Select dropdown filtered theo Phòng + Trash - C2 disabled (opacity-60) khi C1 empty. C3 disabled khi C2 empty. - Tooltip "+ Thêm NV": "Cấp k-1 phải có ≥1 NV trước" - Add NV: dropdown chỉ NV thuộc Phòng + chưa được thêm cùng cấp (no duplicate same level). - Xóa NV: chặn xóa NV cuối Cấp k nếu Cấp k+1 còn entries (toast error "Hãy xóa hết NV ở Cấp k+1 trước khi rỗng Cấp k"). - Đổi Phòng → clear toàn bộ levelEntries (NV cũ không thuộc Phòng mới). - DefinitionCard read-only: group s.levels by Order → render mỗi cấp là 1 row với badge "Cấp N" + list NV bên dưới. - Save validate: Phòng required + Cấp 1 ≥1 NV + sequential + NV thuộc đúng Phòng (defensive double-check). Verify: dotnet build BE OK · 77 test pass · npm build fe-admin OK. Logic Service PE/Contract chưa wire schema mới — vẫn pin Mig 21 legacy.	2026-05-08 13:20:51 +07:00
pqhuy1987	9712778929	[CLAUDE] FE-Admin: Lock 3 cấp/bước + filter NV theo Phòng (V2 UAT iter 1) ... User feedback Session 17 sau khi UAT Designer V2 lần đầu: - "Chốt cứng 1 phòng 3 cấp đi nhé (Logic vẫn giữ như thế nhưng giới hạn lại, không thay đổi Logic)" - "Liên kết đúng Phòng A → Thì Select nhân viên phòng A thôi" - "User có thể cùng cấp với nhau" (không bắt unique level name) Files: fe-admin/src/pages/system/ApprovalWorkflowsV2Page.tsx - FIXED_LEVELS_PER_STEP = 3 const + makeEmptyLevels()/makeEmptyStep() helpers. Initial state mỗi Step có sẵn 3 levels (C1/C2/C3). - copyFromDefinition pad/truncate về đúng 3 cấp (defensive cho data legacy >3 hoặc <3). - Bỏ button "+ Thêm cấp" + nút Trash xóa cấp + chevron move cấp. Vẫn giữ Add/Remove + reorder Step (Bước). - Filter Select NV theo s.departmentId (usersForDept helper): deptId=null → fallback all (chưa chọn phòng) deptId set → chỉ NV.DepartmentId === deptId - Đổi Phòng → reset 3 approver về '' (NV cũ có thể không thuộc Phòng mới). User select lại 3 NV. - Phòng required (* + required attr Select) — empty Phòng disable Select NV với placeholder "Chọn Phòng trước". - Empty filtered users → hint amber "Phòng chưa có NV, vào /system/users". - Save validate: phải có Phòng + đúng 3 cấp + tất cả approverUserId thuộc đúng deptId (defensive double-check). - ApproverUser type +departmentId (đã có sẵn ở UserDto BE+FE types). - pageSize 200→500 đảm bảo load đủ NV. Logic BE KHÔNG đổi: Service iterate Levels OrderBy Order. UI giới hạn 3 cấp chỉ là quy ước, BE vẫn handle N cấp nếu DB có. Verify: npm build fe-admin OK, 1924 modules, 0 TS error.	2026-05-08 13:04:13 +07:00
pqhuy1987	2781c7ea09	[CLAUDE] FE-Admin: Designer Quy trình duyệt mới V2 (Chunk C) ... Page mới `/system/approval-workflows-v2/:typeCode` mirror Designer cũ nhưng theo schema Mig 22: Bước (Phòng) > N Cấp (mỗi cấp = 1 NV cụ thể qua Select duy nhất) Files: - fe-admin/src/pages/system/ApprovalWorkflowsV2Page.tsx (new — 480 LOC) - Overview cards (Active version + History list per ApplicableType) - DefinitionCard read-only render Bước → Cấp với approver name + email - Designer dialog: Mã/Tên/Mô tả + reorder Step/Level (chevron up/down) + Add/Remove Step + Add/Remove Level + Select Phòng + Select NV duyệt - Validate: mỗi Step phải có ≥1 Level, mỗi Level phải có approverUserId - Auto-assign code QT-DN-V2-001 / QT-DN-PA-V2-001 / QT-HD-V2-001 - fe-admin/src/lib/menuKeys.ts (+2 const sync với BE MenuKeys) - fe-admin/src/components/Layout.tsx (resolver: ApprovalWorkflowsV2 root + AwV2_<TypeCode> leaf → /system/approval-workflows-v2/<code>) - fe-admin/src/App.tsx (import + 2 route) Verify: npm build fe-admin OK, 1924 modules transformed, 0 TS error. Next: Chunk D — STATUS + HANDOFF + CLAUDE.md update + final commit.	2026-05-08 12:45:00 +07:00
pqhuy1987	88a5be1afd	[CLAUDE] FE-Admin: Designer flat UI Phòng × Cấp + types ChoDuyet=10 (Chunk B) ... PeWorkflowsPage + WorkflowsPage rewrite for flat workflow model (Mig 21): - Drop InnerStepDto + EditInnerStep types - Drop PHASE_OPTIONS (auto-assign ChoDuyet=10 behind scenes) - StepDto + EditStep extend với departmentId, positionLevel - copyFromDefinition simplified - Designer step UI: Tên + Phòng Select + Cấp Select + SLA + Approvers Role/User optional fallback (drop entire InnerSteps sub-section) - DefinitionCard view: hiển thị badge Phòng (emerald) + Cấp NV/PP/TP (violet) + SLA per step - Save payload: phase=10 (ChoDuyet), departmentId, positionLevel - Hint amber: "Mig 21 flat workflow: User cùng Phòng + Cấp ≥ step → duyệt được (OR-of-many)" types/purchaseEvaluation.ts (fe-admin + fe-user mirror): - + ChoDuyet=10 enum value + label "Đang duyệt" + color amber - Legacy 2-6 + 98 keep cho data cũ display OK - getPeDisplayStatus: ChoDuyet + legacy intermediate → "Đã gửi duyệt" Verify: npm build fe-admin + fe-user pass. Pending Chunk D: Docs + Skill + Memory + session log. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 12:11:39 +07:00
pqhuy1987	b06bdce694	[CLAUDE] FE-Admin+Docs: Contract workflow N-stage Designer mirror PE + Docs (Chunk F) ... FE Admin WorkflowsPage Designer extend mirror PeWorkflowsPage: - Type InnerStepDto + extend StepDto +innerSteps - Type EditInnerStep + extend EditStep +innerSteps - copyFromDefinition include innerSteps map - Default new step +innerSteps:[] - departmentsList useQuery - Save mutation payload include innerSteps Order asc - UI sub-section "Cấp duyệt nhỏ trong phòng" drag-list per step card với Phòng × Cấp + required checkbox + button "+ Thêm cấp duyệt" emerald - Empty state hint fallback 2-cấp legacy KHÔNG đụng fe-user — WorkflowsPage admin-only. Reuse PositionLevel const + Label maps từ Session 12 types/users.ts. Docs: - STATUS.md Last updated + Phase summary (19→20 mig, 89→95 test, 56→57 bảng) + 1 row Recently Done Session 13 (KEEP narrative cũ) - HANDOFF.md TL;DR Session 13 prepend + 7 cảnh báo Session 14+ - migration-todos.md Phase 9 + Session 13 block 5 chunk - Session log NEW `2026-05-07-2400-n-stage-contract-mirror.md` đầy đủ rationale + per-chunk + bug log Defer cron audit 2026-06-01: schema-diagram §17 Mig 20, skill ef-core-migration row, skill contract-workflow N-stage cross-ref. 🎉 SESSION 13 COMPLETE: Mirror N-stage Contract module (Mig 20). 5 commit per-chunk + skip Chunk E auto-bind. Total 95 test pass. Backward compat 100% với 2-stage Mig 16 legacy. Pending Task 4: Wire BE TraLai PE transition + Task 2: Sample data seed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 19:13:27 +07:00
pqhuy1987	5e5042d717	[CLAUDE] FE-Admin+Docs: PE workflow N-stage Designer + UsersPage cấp + Docs (Chunk F) ... FE Admin: - types/users.ts: User +positionLevel field + PositionLevel const + PositionLevelLabel/Short maps (NV/PP/TP). - PeWorkflowsPage.tsx Designer extend: InnerStepDto + EditInnerStep types, copyFromDefinition include, departmentsList query, sub-section "Cấp duyệt nhỏ trong phòng" per step card với drag-list { Phòng × Cấp + required } + button "+ Thêm cấp duyệt" emerald + payload include (Order asc). Empty state hint fallback 2-cấp legacy. - UsersPage.tsx: column "Cấp" badge NV/PP/TP emerald (— nếu null) + action button cycle null→1→2→3→null call PATCH /users/{id}/position-level. KHÔNG đụng fe-user — admin-only feature (PeWorkflowsPage + UsersPage ở fe-admin only). Docs: - STATUS.md Last updated + Phase summary count (17→19 mig, 83→89 test, 55→56 bảng) + 1 row Recently Done Session 12 (KEEP narrative cũ). - HANDOFF.md TL;DR Session 12 prepend + 8 cảnh báo Session 13+ + giữ Session phase 2 narrative. - migration-todos.md Phase 9 + Session 12 block 6 chunk + 5 defer task. - session log NEW `2026-05-07-2300-n-stage-workflow.md` đầy đủ rationale + per-chunk + bug log + plan hierarchy. Defer cron audit 2026-06-01: schema-diagram §15 Mig 18 + §16 Mig 19, skill ef-core-migration Mig 18+19 row, skill contract-workflow N-stage cross-ref section. Verify: - npm run build fe-admin pass (✓ built, 0 TS error) - dotnet test 89 pass (no regression) - dotnet build 0 error 🎉 SESSION 12 COMPLETE: N-stage workflow approval Phòng × PositionLevel PE-only. Backward compat 100% với 2-stage Mig 16. 6 commit per-chunk A→F. Total 89 test pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 18:32:56 +07:00
pqhuy1987	4380bdc075	[CLAUDE] App+FE-Admin: Chunk E3 — UserManager toggle CanBypassReview ... Admin UI bật/tắt CanBypassReview per user (Migration 16): - BE: UserDto thêm field CanBypassReview (List + Get queries) - FE: User type thêm canBypassReview field - UsersPage: column "Bypass" badge fuchsia khi true + button toggle ShieldCheck (icon highlight fuchsia khi enabled, slate khi disabled) - bypassMut PATCH /users/{id}/bypass-review { canBypassReview: !current } Use case: phòng ban không có TPB hoặc TPB ủy quyền cho 1 NV cụ thể — NV được Stage=Confirm trực tiếp (skip Stage Review), IsBypassed=true ghi audit. Endpoint backend đã có sẵn ở Chunk E1 (commit 3c49316). Chỉ wire FE. fe-user KHÔNG có UsersPage (admin-only function) — chỉ update fe-admin. Build: BE pass + FE-admin pass + 77 test pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 13:38:09 +07:00
pqhuy1987	5d94bb449a	[CLAUDE] PE: Workflow designer admin UI + Ý kiến 4 phòng ban (P1 Session 5) ... ==== Task 1: PE Workflow Designer admin ==== BE (mirror Contract WorkflowAdminFeatures pattern): - Application/PurchaseEvaluations/PeWorkflowAdminFeatures.cs ~250 LOC: - GetPeWorkflowAdminOverviewQuery → list 2 EvaluationType (DuyetNcc / DuyetNccPhuongAn) với Active + History versions + count phiếu đang dùng - CreatePeWorkflowDefinitionCommand + Validator: auto-increment Version per Code, deactivate Active cũ trong cùng EvaluationType (1 active per type invariant) - DTOs: PeWorkflowStepApproverDto / PeWorkflowStepDto / PeWorkflowDefinitionDto / PeWorkflowTypeSummaryDto / PeWorkflowAdminOverviewDto - Phase validation 1..7 (state thường, không bao gồm 99=TuChoi) - Api/Controllers/PeWorkflowsController.cs: 2 endpoint GET /api/pe-workflows + POST. Reuse policy "Workflows.Read" + "Workflows.Create" (admin chung quyền cho cả 2 nhóm WF). FE: - pages/system/PeWorkflowsPage.tsx ~500 LOC mirror WorkflowsPage: - Landing 2-card grid khi /system/pe-workflows (chưa pick type) - TypePanel khi /system/pe-workflows/:typeCode (DuyetNcc / DuyetNccPhuongAn) - DefinitionCard read-only view với active badge + version + steps + approvers (Role/User chip) - PeWorkflowDesigner dialog: clone từ existing, edit Code/Name/Description, add/remove steps, +Role / +User approvers per step, save → version mới + deactivate cũ - App.tsx route /system/pe-workflows + /system/pe-workflows/:typeCode - Layout đã có resolver PeWf_<Code> → /system/pe-workflows/<code> từ session 3 ==== Task 2: Ý kiến 4 phòng ban PE ==== Domain: - PurchaseEvaluationDepartmentOpinion entity (AuditableEntity) — PEId + Kind + Opinion text + SignedAt + UserId + UserName denorm - PeDepartmentKind enum (PheDuyet / Ccm / MuaHang / SmPm) - PE entity + collection navigation DepartmentOpinions Infrastructure: - PurchaseEvaluationDepartmentOpinionConfiguration EF: UNIQUE(PEId, Kind) — max 1 row per phòng ban per phiếu (UPDATE in-place) - ApplicationDbContext + IApplicationDbContext DbSet - Migration 15 AddPurchaseEvaluationDepartmentOpinions (15 migration total / 52 DB tables) Application: - PeDepartmentOpinionFeatures.cs: UpsertPeDepartmentOpinionCommand (sign=true → set SignedAt+UserId, sign=false chỉ lưu text giữ chữ ký cũ) + DeletePeDepartmentOpinionCommand - DTO bundle update: + DepartmentOpinions list trong PurchaseEvaluationDetailBundleDto - GetPurchaseEvaluationQueryHandler load DepartmentOpinions + KindLabel resolution API: - POST /api/purchase-evaluations/{id}/opinions (upsert) - DELETE /api/purchase-evaluations/{id}/opinions/{kind} FE: - types/purchaseEvaluation.ts: + PeDepartmentKind enum + PeDepartmentKindLabel + PeDepartmentOpinion type + departmentOpinions vào bundle - PeDetailTabs Section "5. Ý kiến 4 phòng ban (sign-off)" — 2x2 grid OpinionBox per kind: - Read mode (readOnly menu Duyệt): hiển thị text + chữ ký - Edit mode: textarea + 2 button "Lưu text" / "Lưu & Ký" - Badge "Đã ký" emerald + tên người ký + ngày khi signedAt != null ==== Task 3: User seed verify ==== Seed `SeedDemoUsersAsync` đã match đúng user list authoritative (5 PRO TPB+NV / 7 CCM TPB+NV / 1 ISO / 1 CEO) từ prior commit. DbInitializer reconcile sẽ tự sync khi API restart. Typo trong list user (soluttions / trương) đã fixed sensibly trong seed. ==== Build verify ==== - dotnet build clean (0 error) - fe-admin TS build pass (1 module mới PeWorkflowsPage) - fe-user TS build pass (PE detail mirror) Total: 8 file mới (BE 4 + FE 1 + Migration 2 + 1 Domain) + 13 file modified. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 11:17:14 +07:00
pqhuy1987	072ad6d014	[CLAUDE] App+Api+FE-Admin: RolesPage CRUD (/system/roles) ... User feedback: /system/roles trỏ tới placeholder "chưa được build" — build trang quản lý 12 role mặc định + custom role admin tự thêm. ## BE — PermissionFeatures.cs 3 command mới: - CreateRoleCommand — Name regex `^[A-Za-z][A-Za-z0-9_]*$` (chỉ chữ/số/ underscore, bắt đầu chữ), throw ConflictException nếu code đã tồn tại - UpdateRoleCommand — CHỈ update ShortName + Description. KHÔNG đổi Name (Identity FK trong UserRoles + WorkflowStepApprover.AssignmentValue + [Authorize(Roles="...")] attr — đổi = data corruption widespread) - DeleteRoleCommand — block 2 trường hợp: * Role thuộc AppRoles.All hardcoded (workflow guard reference) * Còn user assigned (UserManager.GetUsersInRoleAsync count > 0) ValidationException reference fully-qualified để tránh ambiguous với FluentValidation.ValidationException. ## BE — RolesController 3 endpoint mới (POST/PUT/DELETE) — Authorize Admin role. ## FE — RolesPage Table list 12 + custom roles với 5 column (Mã code / Mã viết tắt / Tên đầy đủ / Loại badge / Ngày tạo) + actions Edit/Delete: - Edit dialog: chỉ ShortName + Description editable, Name disabled với hint "Không đổi được sau khi tạo" - Delete: block với toast nếu role mặc định (HARDCODED_ROLES set check client-side trước khi gọi BE — UX faster, BE vẫn double-check) - Create dialog: 3 field Name (regex pattern HTML5) + ShortName + Description - Banner amber warning về Mã code FK constraint - Loại badge: Mặc định (slate) vs Tùy chỉnh (brand) ## FE — App.tsx + import RolesPage + route /system/roles → RolesPage. ## Build - BE: dotnet build pass (0 error) - fe-admin: tsc + vite pass (13.88s) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-23 14:57:36 +07:00
pqhuy1987	ae59cfeb5d	[CLAUDE] FE-Admin: UsersPage dept/position field + RoleShortName tiếng Việt ... ## types/users.ts - User type + departmentId/departmentName/position - CreateUserInput + departmentId/position - RoleShortName map (Mã viết tắt VN per role): QTV/NV.PB/TPB/PM/PRO/CCM/ FIN/ACT/EQU/BOD/NĐUQ/HRA - RoleLabel map (Tên đầy đủ VN per role) - roleDisplayName(role) → "BOD — Ban Giám đốc" combined helper ## types/menu.ts Role type + shortName field (mirror BE RoleDto). ## UsersPage redesign - Column "Phòng ban" (departmentName + position 2 dòng) - Column "Vai trò" hiển thị badge ShortName ("BOD", "CCM", "PM"), tooltip hover full label - Column actions thêm "Sửa thông tin" (Pencil icon) — dialog edit dept/ position/active state - Create dialog 2-col grid: Email | Họ tên / Phòng ban (dropdown) | Chức vụ / Password (col-span-2). Roles checkboxes hiển thị "ShortName — full label" - Edit dialog mới — sửa fullName + dept + position + isActive - Roles dialog title kèm dept name (context cho user reviewer) - toggleActive mutation include departmentId/position để không reset ## PermissionsPage Panel 1 role list: - 2-line per row: ShortName (semibold) + Description (truncate small) - Tooltip = description đầy đủ - Active row vẫn ring-brand-200 Panel 2 header badge: ShortName thay name code English. ## Build fe-admin: tsc + vite pass (12.17s lần 1, 671ms lần 2) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-23 14:28:32 +07:00
pqhuy1987	91b2da147f	[CLAUDE] FE-Admin: PermissionsPage 3-panel layout ... Redesign theo yêu cầu user: 3 panel vertical đồng thời trên cùng 1 màn hình (không modal/dialog popup). Layout grid lg:grid-cols-[280px_1fr_300px]: Panel 1 — Vai trò (trái, 280px): Danh sách roles click-to-select với active highlight (brand-50 bg + ring-brand-200 + check icon). Đếm số roles ở header. Panel 2 — Quyền theo menu (giữa, flex): Tìm menu inline header + sticky thead. Click vai trò → lọc menu instant. Column toggle header (tick toàn cột) + per-cell checkbox. Hover brand-tinted. Menu key hiện mono nhỏ dưới label. Panel 3 — Tổng quan (phải, 300px): Vai trò đang chọn + số quyền (progress bar brand) + chi tiết từng CRUD (Xem/Tạo/Sửa/Xóa) với badge color-coded (slate/emerald/amber/ red) + count "X / Y menus" + tip helper cuối. Bỏ dialog select + 3-col grid filter ở đầu (thay bằng 3 panel), giữ logic mutation/toggle/column nguyên. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 10:02:25 +07:00
pqhuy1987	f216169039	[CLAUDE] FE-Admin+Domain+Infra+App: Workflows tab → sidebar menu items ... User request: 7 tab trong /system/workflows thành menu items riêng. Domain: - MenuKeys.WorkflowTypeLeaf(code) helper — `Wf_<TypeCode>` pattern Infrastructure (DbInitializer): - Seed 7 leaves dưới Workflows group (order 95..101), label matches ContractType (HĐ Thầu phụ / Giao khoán / NCC / Dịch vụ / Mua bán / Nguyên tắc NCC / Nguyên tắc Dịch vụ). Idempotent. Application (GetMyMenuTreeQuery): - Generalized inherit-perm logic: descendants of Contracts AND Workflows inherit parent CanRead flag. Single Workflows.Read grant → all 7 Wf_* leaves visible; no per-leaf permission rows needed. FE Layout (admin): - resolvePath: Wf_<Code> → /system/workflows/<code>. Ct_* still hidden on admin side. FE App.tsx: - New route /system/workflows/:typeCode? FE WorkflowsPage: - Removed horizontal tab bar; type selection now comes từ URL param. - Landing view (no param): 3-col grid card per type với active version badge — so admin có visual overview khi click top-level Workflows group without selecting a type. - TYPE_CODE_TO_INT map drives URL→int conversion. Result: click `Quy trình HĐ > HĐ Mua bán` trong sidebar → opens /system/workflows/MuaBan directly với designer scoped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 09:49:42 +07:00
pqhuy1987	355bbe3a61	[CLAUDE] FE-Admin: Dialog size xl → lg (fix TS2322 CI build)	2026-04-22 09:31:10 +07:00
pqhuy1987	e7e5f2d066	[CLAUDE] Domain+Infra+App+Api+FE-Admin: versioned workflow per ContractType ... User yêu cầu: mỗi loại HĐ có quy trình riêng với admin add roles + users vào từng bước. Khi tạo version mới → HĐ tương lai chạy theo, HĐ cũ giữ version cũ. Domain: - WorkflowDefinition (Code + Version + ContractType + IsActive + Steps) - WorkflowStep (Order + Phase + Name + SlaDays + Approvers) - WorkflowStepApprover (Kind: Role/User + AssignmentValue) - Contract.WorkflowDefinitionId — pinned at creation - WorkflowPolicyRegistry.FromDefinition() — build runtime policy từ DB Infrastructure: - EF config + migration AddVersionedWorkflows (3 table mới) - DbInitializer.SeedWorkflowDefinitionsAsync: v01 per 7 ContractType, steps sinh từ hardcoded WorkflowPolicies (Role approvers). - ContractWorkflowService.TransitionAsync: load pinned WorkflowDefinition → FromDefinition(), fallback cho HĐ cũ không có pin. Application: - CreateContractCommand pin WorkflowDefinitionId = active version cho type - ContractFeatures.Get(id): load pinned def cho workflow summary - WorkflowAdminFeatures: GetWorkflowAdminOverviewQuery (7 types + active + history + ContractsUsingCount), CreateWorkflowDefinitionCommand (validate payload, auto-increment version, deactivate old). Api: - GET /api/workflows trả overview - POST /api/workflows tạo version mới (deactivate old) FE /system/workflows: - Tabs per 7 ContractType, mỗi tab hiện active version + lịch sử - DefinitionCard: steps với badge role/user + SLA + archived indicator hiện "N HĐ còn chạy" cho version cũ - WorkflowDesigner modal: form code/name/desc + danh sách steps (phase/name/SLA) + approvers (+ Role hoặc + User). Drop step ok. Clone từ version hiện tại để tạo v02 có điểm start sensible. - Amber banner: HĐ cũ không bị ảnh hưởng khi tạo version mới Invariants được giữ: - Unique (Code, Version) index - Chỉ 1 version IsActive per ContractType tại 1 thời điểm - Set default sẽ auto xóa override → respect legacy override table - Role-kind approvers drive transition guards; User-kind fallback DeptManager role cho v1 (user-level targeting = iteration 2) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 22:57:41 +07:00
pqhuy1987	5e0f3801a1	[CLAUDE] Move nested-type menu → fe-user; Admin workflow config page ... User clarified: menu loại HĐ 3-level (Danh sách/Thao tác/Duyệt) thuộc fe-user. Admin có page riêng để config quy trình per loại HĐ. fe-admin Layout: - filterForAdmin() drops Ct_* entries (hide nested type menu). - Admin sidebar giờ về lại đơn giản: Dashboard / Master / Hợp đồng (leaf) / Forms / Reports / System. fe-user Layout: - Dynamic menu tree từ /menus/me (thay fixed USER_MENU hardcoded). - Recursive MenuNodeRenderer (top-level expanded, nested collapsed). - resolvePath user-specific: Ct_*_List → /my-contracts?type=X, Ct_*_Create → /contracts/new?type=X, Ct_*_Pending → /inbox?type=X. - filterForUser drops admin-only entries (Master/System/Forms/Reports). - Static USER_FIXED_TOP prepends "Hộp thư" leaf → /inbox. - MyContractsPage + InboxPage đọc ?type=X param, filter client-side. Workflow config (Admin side): - Domain: WorkflowTypeAssignment entity (ContractType → PolicyName override). Registry.ForContractWithOverrides() prefer DB override else default. - Infrastructure: EF config + migration AddWorkflowTypeAssignments, unique index trên ContractType. ContractWorkflowService load overrides dict mỗi transition. ContractFeatures load overrides khi build WorkflowSummaryDto. - Application: GetWorkflowAdminOverviewQuery returns 7 types × current policy + available policies. SetWorkflowAssignmentCommand validate policy name tồn tại; nếu = default thì delete override (no stale row). - Api: GET /api/workflows + PUT /api/workflows/{contractType} với policy "Workflows.Read" + "Workflows.Update". - Menu: new key `Workflows` dưới System, label "Quy trình HĐ". - FE /system/workflows: 7 card per type, dropdown Standard/SkipCcm + 'Đã override' badge khi khác default, phase sequence timeline, explanation banner ở top. Iteration 2 note: admin-authored custom policies. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 22:41:05 +07:00
pqhuy1987	6c0e20649a	[CLAUDE] FE-Admin: PermissionsPage improved (search + stats + column bulk toggle + empty state)	2026-04-21 15:17:58 +07:00
pqhuy1987	11e61c9c39	[CLAUDE] Phase5.1: Security headers + account lockout + Users management ... Security hardening: - Api/Middleware/SecurityHeadersMiddleware MOI: remove server fingerprint (Server, X-Powered-By, ...), add X-Content-Type-Options:nosniff, X-Frame-Options:DENY, Referrer-Policy:strict-origin-when-cross-origin, Permissions-Policy (disable geolocation/mic/cam/payment), X-Permitted-Cross-Domain-Policies:none, CSP (default-src 'self' + img data: + style inline for Tailwind + frame-ancestors 'none'). Skip CSP tren /swagger (dung inline script). - Program.cs wire UseMiddleware SecurityHeadersMiddleware first in pipeline - Infrastructure/DependencyInjection Identity options: - Password.RequiredLength config-driven (Identity:Password:RequiredLength, default 8 dev, override 12+ prod) - Lockout: DefaultLockoutTimeSpan (15min), MaxFailedAccessAttempts (5), AllowedForNewUsers=true — all config-driven - LoginCommandHandler: IsLockedOutAsync check truoc → throw voi deadline message, AccessFailedAsync khi sai password, ResetAccessFailedCountAsync khi login thanh cong Users management: - Application/Users/UserFeatures.cs: 8 CQRS (ListUsersQuery paging+search, GetUserQuery, CreateUserCommand + Validator, UpdateUserCommand voi self-disable protection, AssignRolesCommand voi self-demote protection (khong tu go Admin), ResetPasswordCommand (invalidate refresh token + unlock), UnlockUserCommand) - UserDto: Id, Email, FullName, IsActive, IsLocked (computed tu LockoutEnd), CreatedAt, Roles - Api/Controllers/UsersController: 7 endpoint (Users.Read/Create/Update policies): - GET / (list paged), GET /{id}, POST /, PUT /{id}, PUT /{id}/roles, POST /{id}/reset-password, POST /{id}/unlock - using alias ValidationException = Application.Common.Exceptions.ValidationException (fix ambiguity voi FluentValidation) Frontend fe-admin: - types/users.ts MOI: User type + AVAILABLE_ROLES 12 role (match BE AppRoles.cs) + RoleLabel Vietnamese - pages/system/UsersPage.tsx MOI: - DataTable columns: Email (mono), FullName, Roles (badge chips voi Vietnamese label), IsActive (CheckCircle/XCircle), IsLocked (KeyRound red), CreatedAt - Actions per row (PermissionGuard Users.Update wrap): Gan role (Shield icon → Dialog grid 12 checkbox), Reset password (KeyRound → Dialog voi warning user se bi logout), Unlock (Unlock icon, chi hien khi isLocked), Toggle active (XCircle/CheckCircle) - Create user dialog: email + fullName + password (min 8) + grid 12 role checkbox - Route /system/users vao App.tsx E2E verified: - Security headers present tren moi response (check qua curl -I) - POST /api/users voi roles: [Drafter] → 201 + id - GET /api/users → paged voi 2 user (admin + new test.drafter) - TS check fe-admin → pass - dotnet build → 0 errors Docs: - docs/STATUS.md: Phase 5.1 xong, cumulative BE 3700 LOC, 42 endpoints, 17 FE pages - docs/HANDOFF.md: phase table update row Phase 5.1, last updated timestamp - docs/changelog/migration-todos.md: tick 6 items Phase 5.1 + 4 items remaining (IDOR, deps scan, admin warning, Roles CRUD) - docs/changelog/sessions/2026-04-21-1630-phase5-1-security-users.md: session log Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> EOF	2026-04-21 13:06:46 +07:00
pqhuy1987	54d6c9ba52	[CLAUDE] Phase1.2: CRUD Master + Permission Matrix + FE admin pages ... Backend: - Domain/Master: Supplier (+ SupplierType 5 loai), Project, Department (AuditableEntity) - Domain/Identity: MenuItem, Permission, MenuKeys const (12 menu) - EF Configurations voi unique Code + query filter IsDeleted - DbSets + IApplicationDbContext interface update - Application: PagedResult + PagedRequest generic - Application/Master CQRS CRUD 3 entity (Create/Update/Delete/Get/List voi paging search sort) - Application/Permissions: GetMyMenuTree (union OR role, filter tree), ListMenuItems, ListPermissionsByRole, UpsertPermission (guard admin khong tu giam quyen), ListRoles - Api/Authorization: MenuPermissionRequirement + Handler (Admin bypass, query DB) - Program.cs: register 48 policy {menu}.{action} tu MenuKeys x Actions - Api/Controllers: Suppliers, Projects, Departments, Menus, Roles, Permissions - DbInitializer: seed 12 menu + admin full CRUD permissions - Migration AddMasterData + AddPermissions Frontend (fe-admin): - Types: menuKeys.ts const, menu.ts (MenuNode/Role/Permission), master.ts (Supplier/Project/Department + SupplierType const-object) - AuthContext: load menu from /menus/me, cache localStorage, refreshMenu() - usePermission hook + PermissionGuard component (wrap button) - UI kit them: Dialog (modal overlay), Textarea, Select - Generic: DataTable (column config, sortable, loading, empty) + Pagination - PageHeader component - apiError helper extract message tu ProblemDetails - Layout rewrite: render menu dong tu AuthContext.menu (MenuGroup collapsible + NavLink + lucide icon map) - Pages: master/Suppliers, master/Projects, master/Departments (CRUD + search + sort + paging + Dialog form) - Page system/Permissions: ma tran Role x MenuKey x CRUD checkbox (tick tu dong PUT upsert) - App.tsx them 4 route moi Bug fix: - MenuPermissionHandler: EF expression tree khong support switch expression -> tach switch ra ngoai AnyAsync - TS erasableSyntaxOnly khong cho enum -> SupplierType const-object pattern (typeof[keyof]) E2E verified via Vite proxy: - GET /menus/me -> 6 root + 6 child nodes (12 menus) - GET /roles -> 12 roles - POST/GET/PUT/DELETE /suppliers -> full CRUD, soft delete OK - tsc -b fe-admin pass Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 11:30:14 +07:00