IDOR filter ContractsController:
- ListContractsQueryHandler + ICurrentUser: non-admin chi thay HD minh la Drafter hoac role eligible phase hien tai
- GetContractQueryHandler + ICurrentUser: throw ForbiddenException neu truy cap HD khong lien quan
- GetEligiblePhases() internal static trong ListContractsQueryHandler — mirror GetMyInboxQueryHandler.PhaseActorRoles (Drafter/DeptManager → DangSoanThao/DangDamPhan/DangInKy, ProjectManager+PRO+CCM+FIN+ACT+EQU → DangGopY, CostControl → DangKiemTraCCM, Director+AuthorizedSigner → DangTrinhKy, HrAdmin → DangDongDau)
SLA Expiry BackgroundService (Phase 3 iteration 2 partial):
- Infrastructure/HostedServices/SlaExpiryJob MOI: BackgroundService moi 15 phut (delay 30s startup)
- Query Contracts WHERE SlaDeadline < UtcNow AND Phase NOT IN (DaPhatHanh, TuChoi)
- Map phase → next (happy path). Goi IContractWorkflowService.TransitionAsync voi actorUserId=null + Decision=AutoApprove + comment 'AUTO: het SLA phase X (Nh qua han)'
- Try-catch tung contract, 1 fail khong block batch
- Log structured: 'SlaExpiryJob: auto-approved contract {Id} {From} → {To}'
- Package Microsoft.Extensions.Hosting added to Infrastructure
- DI register AddHostedService<SlaExpiryJob>
Admin password warning (Phase 5.1):
- DbInitializer.WarnDefaultAdminPasswordAsync: check CheckPasswordAsync voi AdminPassword default → log WRN '⚠️ Admin user vẫn dùng password mặc định. ĐỔI NGAY trong production!'
- Chain vao InitializeAsync sau cac seed
E2E verified:
- Admin GET /contracts → total 1 (see all)
- Drafter GET /contracts → total 0 (IDOR filter, chua tao HD nao)
- API startup log: '⚠️ Admin user admin@solutionerp.local vẫn dùng password mặc định'
- Build + TS check → pass
Docs:
- STATUS.md: Phase 5.1 hau nhu xong (IDOR + admin warning + SLA job tick), cumulative BE 3900 LOC
- migration-todos.md: tick Phase 5.1 IDOR + admin warning, Phase 3 iter 2 SlaExpiryJob + E2E non-admin + admin warning
- session log 2026-04-21-1730-idor-sla-job.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
14 KiB
14 KiB
Migration To-dos — Atomic Roadmap
Mỗi item là 1 task atomic (~2-8h work). Tick
[x]khi xong. Link session log nếu có.
Phase 0 — Draft Scaffold (T1)
- Tạo cấu trúc thư mục
SOLUTION_ERP/ - Scaffold .NET 10 solution
SolutionErp.slnx - Scaffold 4 project:
SolutionErp.{Domain, Application, Infrastructure, Api} - Wire Clean Arch references (Api → App/Infra, Infra → App, App → Domain)
- Install NuGet base: MediatR, FluentValidation, AutoMapper, EF Core SqlServer, Identity, JWT, Swagger, Serilog
- Scaffold 2 React + Vite apps
fe-admin+fe-uservới TS template - Config vite.config.ts: port, strictPort, proxy
/api, alias@ - Pin Node
>=20trong package.json +.nvmrccho CI - Parse 8 form →
docs/forms-spec.md - Parse quy trình →
docs/workflow-contract.md - Viết
docs/{CLAUDE,STATUS,PROJECT-MAP}.md - Viết
docs/database/database-guide.md(conventions + schema + ERD + migration workflow) - Viết
docs/flows/— README + 6 flow doc (auth, permission, contract-create, contract-approve, form-render, sla-expiry) - Viết
.gitignore,README.md,global.json,docker-compose.yml - Tạo placeholder skill folders:
contract-workflow,form-engine,permission-matrix git init+ commit đầu (25dad7f)- Push Gitea remote (chờ URL từ user)
Phase 1 — Alpha Core (T2-4)
Foundation (đã xong Session 2)
Domain/Common/BaseEntity.cs(Id Guid, CreatedAt, UpdatedAt, CreatedBy, UpdatedBy)Domain/Common/AuditableEntity.cs(IsDeleted, DeletedAt, DeletedBy)Domain/Contracts/Enums:ContractType,ContractPhase(9 state),ApprovalDecisionDomain/Identity/User.cs(IdentityUser + FullName + RefreshToken + IsActive)Domain/Identity/Role.cs(IdentityRole + Description)Domain/Identity/AppRoles.cs— 12 role constantsApplication/Common/Interfaces/: IApplicationDbContext, ICurrentUser, IDateTime, IJwtTokenServiceApplication/Common/Exceptions/*Application/Common/Behaviors/ValidationBehavior.csApplication/DependencyInjection.cs— MediatR + FluentValidationInfrastructure/Persistence/ApplicationDbContext.cs : IdentityDbContextInfrastructure/Persistence/Interceptors/AuditingInterceptor.csInfrastructure/Persistence/DbInitializer.cs— seed 12 role + adminInfrastructure/Persistence/DesignTimeDbContextFactory.csInfrastructure/Identity/{JwtSettings, JwtTokenService}.csInfrastructure/Services/DateTimeService.csInfrastructure/DependencyInjection.csApi/Services/CurrentUserService.csApi/Middleware/GlobalExceptionMiddleware.csApi/Controllers/AuthController.cs(login, refresh, me, logout)Api/Program.cs(Serilog, JWT, CORS, Swagger, middleware)Api/appsettings.{json, Development.json}+launchSettings.json(port 5443)- Migration 1
Init+ apply toSolutionErp_DevLocalDB - FE: Vite config (Tailwind 4 + proxy + alias)
- FE:
src/{index.css, lib/api.ts, lib/cn.ts, types/auth.ts}cho 2 app - FE:
src/contexts/AuthContext.tsx,components/{ProtectedRoute, Layout}.tsx - FE:
components/ui/{Button, Input, Label}.tsx - FE:
pages/LoginPage.tsx,pages/DashboardPage.tsx(admin) +pages/InboxPage.tsx(user) - FE:
App.tsxvới Router + AuthProvider + Toaster - FE:
main.tsxvới QueryClient (TanStack Query) - E2E verified: login qua Vite proxy cả 2 app → JWT + user info
Phase 1 đợt 2 — CRUD master + Permission Matrix (sắp tới)
Domain/Master/Supplier(+ SupplierType enum 5 loại) /Project/Department(AuditableEntity)- EF
IEntityTypeConfiguration<T>cho mỗi entity (unique Code + query filter IsDeleted) - CQRS CRUD: Create/Update/Delete/GetById/List (PagedResult) cho 3 entity
Api/Controllers/{SuppliersController, ProjectsController, DepartmentsController}- Migration 2:
AddMasterData Domain/Identity/MenuItem(Key PK, Label, ParentKey, Order, Icon) +MenuKeysconst classDomain/Identity/Permission(RoleId, MenuKey, CanRead/Create/Update/Delete)- Seed default menu tree (12 menu) + admin full access trong DbInitializer
Application/Permissions/Queries/GetMyMenuTreeQuery— resolve per-user, union OR, tree filterApi/Controllers/{MenusController, RolesController, PermissionsController}- Migration 3:
AddPermissions - Authorization handler
MenuPermissionHandler+ register 48 policy{menu}.{action} Domain/Entities/Contractskeleton (Id, Type, SupplierId, ProjectId, Phase=DangChon, DraftData JSON) — deferred Phase 2/3- Contract CRUD draft only (không workflow Phase 3) — deferred
- FE:
<PermissionGuard menuKey="Suppliers" action="Update">+usePermission()hook - FE Admin: 3 trang CRUD Supplier/Project/Department với DataTable + Dialog modal + search/sort/paging
- FE Admin: Permission Matrix grid page (role × menu × CRUD checkbox)
- FE Admin: Layout menu động từ
/api/menus/me - FE User: trang "HĐ của tôi" list + filter — Phase 3
- FE Admin: Users management page (tạo user + gán role) — sắp tới
- FE Admin: Roles CRUD — sắp tới
- Route guard theo role admin-only — có PermissionGuard ở button, route cần thêm
Exit criteria Phase 1
- Admin login → tạo NCC/Project → tạo role "Nhân viên CCM" → gán permission menu "Contracts.Read"
- User CCM login → thấy menu Contracts, không thấy menu Admin
- Tạo Contract draft → list hiển thị, không bị 403 sai
Phase 2 — Form Engine (T5-6)
MVP xong (Phase 2 iteration 1)
- Khảo sát: chọn OpenXml + ClosedXML (free, không cần license)
Domain/Forms/ContractTemplate(Id, FormCode, Name, ContractType, FileName, StoragePath, Format, FieldSpec JSON, IsActive)Domain/Forms/ContractClauseskeleton- EF config + Migration
AddForms Application/Forms/Services/IFormRendererinterfaceInfrastructure/Forms/DocxRenderer(OpenXml, handle placeholder split runs)Infrastructure/Forms/XlsxRenderer(ClosedXML)Application/Forms/FormFeatures.cs— List/Get/Render CQRSApi/Controllers/FormsController— GET templates, GET single, POST render- Copy 5 .docx/.xlsx template →
wwwroot/templates/ - Seed 8 ContractTemplate rows (5 IsActive=true, 3 chờ convert)
- FE admin:
FormsPage— list + render dialog điền JSON + download - E2E verified: render FO-002.05 → file .docx 482KB mở được bằng Word
Iteration 2 (optional — enhance)
- Convert 3 file
.doc→.docx(retry Word COM vớiDisplayAlerts=0+ timeout, hoặc LibreOffice headless) - Parse chi tiết field của 5 template HĐ — mỗi form thành JSON
FieldSpec - Support
{{#loop}}...{{/loop}}block cho table lặp (hạng mục HĐ giao khoán, PO) - FE user: form builder dynamic — render từ fieldSpec thay vì điền JSON tay
- FE admin: upload template mới qua UI (POST multipart) + edit field mapping
- Lưu
ContractClause(FO-002.04) dạng rich text, admin edit qua TipTap/TinyMCE - PDF convert via LibreOffice headless (
soffice --headless --convert-to pdf) - Import/export template (backup/restore)
- Format helpers: number →
150,000,000 VND, date →dd/MM/yyyy - Content preservation test: render → diff layout với template gốc
Phase 3 — Workflow State Machine (T7-9)
MVP xong (iteration 1)
Domain/Contracts/Contract(Phase, SlaDeadline, BypassProcurementAndCCM, MaHopDong, DraftData, SlaWarningSent)Domain/Contracts/ContractApproval(FromPhase, ToPhase, ApproverUserId, Decision, Comment)Domain/Contracts/ContractComment+ContractAttachment(+ AttachmentPurpose enum)Domain/Contracts/ContractCodeSequence(Prefix PK, LastSeq)- EF config + unique MaHopDong filtered + indexes Phase/Supplier/Project/SlaDeadline + cascade delete
- DbSets (5) +
IApplicationDbContextupdate - Migration
AddContractsWorkflow Application/Contracts/Services/IContractWorkflowService+IContractCodeGeneratorInfrastructure/Services/ContractWorkflowService— adjacency 9 phase + role guard + Admin bypass + system actor + bypass CCM (Chủ đầu tư)Infrastructure/Services/ContractCodeGenerator— 7 format RG-001 + transaction SERIALIZABLE- CQRS: Create/UpdateDraft/Transition/AddComment/List/Inbox/GetDetail/Delete (8 feature)
Api/Controllers/ContractsController— 8 endpoint REST- FE admin: ContractsListPage + ContractDetailPage (timeline + action dialog)
- FE user: InboxPage + ContractCreatePage + ContractDetailPage + MyContractsPage
- PhaseBadge component + color map
- E2E verified: tạo HĐ → chạy 9 phase → gen mã
FLOCK 01/HĐGK/SOL&PVL2026/01
Iteration 2 (polish)
Infrastructure/HostedServices/SlaExpiryJob— check mỗi 15min, auto-approve quá hạn với Decision=AutoApprove (+30s delay startup)- E2E test với non-admin user (Drafter role) — IDOR filter verified
- Admin password warning log khi vẫn dùng default
- Warning notification khi còn 20% SLA (track
SlaWarningSentflag đã có) Infrastructure/Services/NotificationService— email (MailKit) + in-app- SignalR hub cho real-time notification badge
- MediatR
AuditBehavior— log mọi command (ngoài ContractApprovals) - Upload attachment endpoint (multipart) + FE upload UI (
wwwroot/uploads/contracts/{id}/) - RowVersion optimistic concurrency (2 user race → 409)
- Render HĐ docx lúc tạo (merge TemplateId + DraftData + ContractClause appendix)
- Filter Inbox theo phase ở FE
- E2E test: reject → quay về DangSoanThao
- E2E test: SLA expired → auto-approve + log (test thật qua set SlaDeadline past)
Phase 4 — Reporting + Polish (T10-11)
MVP xong (iteration 1)
- Dashboard admin: 5 KPI (total/active/overdue/published this month/total value) + by phase + top 5 NCC + top 5 dự án + 12 tháng
- Excel export HĐ theo filter (phase/supplier/project/date range) qua ClosedXML
- BE
GetDashboardStatsQuery+ExportContractsToExcelCommand+ ReportsController - FE
DashboardPagerewrite vớiBarCharttự build (Tailwind only, không thư viện ngoài) - FE
ReportsPagefilter + export - Docs consolidation:
rules.md+architecture.md+database/schema-diagram.md+ gotchas update
Iteration 2 (polish — optional)
- SLA overdue report (by role / phase, export Excel)
- Contract audit log export (từng HĐ ra PDF)
- Dashboard user-specific (HĐ của tôi / role của tôi)
- Chart library recharts (nếu cần chart phức tạp)
- UX polish: skeleton loader cho mọi list, empty state có action, error boundary recovery
- Accessibility: keyboard nav, focus trap modal, aria labels
- Dark mode
- Performance: explicit index DB cho query hot đã identify
- Tài liệu user guide: quy trình tạo HĐ + duyệt
- UAT với 5-10 HĐ dữ liệu thật từ bộ phận Cung ứng
Phase 5 — Production (T12-13)
Prep xong (code + scripts + docs)
docs/guides/cicd.md— CI/CD runbook- Gitea Actions workflow
.gitea/workflows/deploy.yml— build .NET + 2 FE, deploy IIS qua WinRM - Pin Node
.nvmrc20 (gotcha #5) scripts/deploy-iis.ps1— stop pool → backup → xcopy → start → health checkscripts/backup-sql.ps1— daily BACKUP DATABASE + COMPRESSION + retention 30dappsettings.Production.jsontemplate + user secrets pattern- Rate limiting (built-in .NET 10) — auth-login 5/min + global 300/min
- Health check
/health/live+/health/ready(DB probe) - Serilog File sink rolling daily retention 30d
- HSTS production (1 year)
docs/guides/deployment-iis.md— setup lần đầu + troubleshootingdocs/guides/security-checklist.md— OWASP top 10docs/guides/runbook.md— operations (restart, rollback, restore)- FE refresh token auto interceptor (queue pattern cả 2 app)
Deploy thật (cần Gitea URL)
- Windows Server setup: IIS + URL Rewrite + ARR (reverse proxy FE → IIS)
- SQL Server prod + Task Scheduler trigger backup-sql.ps1
- HTTPS certificate (Let's Encrypt qua win-acme)
- Gitea remote setup + push all commits
- Set 5 Gitea Actions secrets (IIS_HOST/USER/PASSWORD/JWT_SECRET/DB_CONNECTION)
- Enable Gitea runner (Windows + Ubuntu)
- Test CI/CD workflow lần đầu staging
- UAT production 1 tuần với 2-3 user thật
- Go-live checklist: backup, rollback plan, on-call contact
Phase 5.1 Security hardening + Users Mgmt
- Security headers middleware (X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy)
- Identity account lockout (5 fail → 15min, config-driven)
- Password policy config-driven (default 8 dev, override
Identity:Password:RequiredLengthprod) - LoginCommand: check IsLockedOutAsync + AccessFailedAsync + reset on success
- BE Users management: CQRS 8 feature + UsersController 7 endpoint (Users.Read/Create/Update policies)
- FE admin
/system/users: list + create + assign roles + reset password + unlock + toggle active - IDOR check ContractsController — user Drafter chỉ xem HĐ mình tạo hoặc role eligible phase (
ListContractsQueryHandler+GetContractQueryHandler) - Admin mặc định warning log (
DbInitializer.WarnDefaultAdminPasswordAsync) - Dependencies scan vào CI (
dotnet list package --vulnerable --include-transitive,npm audit --audit-level=high) - BE Roles CRUD (Create/Rename/Delete custom role) + FE
/system/roles— optional, 12 role seed đủ dùng
Post-launch (Phase 6+ — future)
- E-signature integration (VNPT CA hoặc FPT CA)
- Tích hợp Bravo / SAP ERP import NCC
- Mobile app (React Native?) cho BOD duyệt ngoài giờ
- AI: gợi ý điền form dựa HĐ cũ, OCR scan HĐ đối tác
- Multi-tenant nếu có công ty thứ 2