25dad7f36f
- .NET 10 Clean Architecture: Domain/Application/Infrastructure/Api (4 project) - 2 React + Vite + TS app: fe-admin (:8082), fe-user (:8080) voi proxy /api - Node engines >=20, .nvmrc = 20 cho CI (bai hoc NamGroup) - SQL Server 2022 qua docker-compose (dev) - Parse 8 FORM -> docs/forms-spec.md (catalog + ma HD format RG-001) - Parse QUY_TRINH -> docs/workflow-contract.md (9 phase state machine + role matrix) - docs: CLAUDE.md, STATUS.md, PROJECT-MAP.md, migration-todos.md (roadmap 5 phase) - .claude/skills: 3 placeholder (contract-workflow, form-engine, permission-matrix) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1.5 KiB
1.5 KiB
name, description, when-to-use
| name | description | when-to-use | ||||||
|---|---|---|---|---|---|---|---|---|
| permission-matrix | Hệ thống phân quyền Role × MenuKey × CRUD. Sidebar gating, permission guard, seed default, reset password. Dùng khi debug access denied, gán role, menu không hiện. |
|
Permission Matrix Skill
Phase 1 deliverable. Hiện tại skill này là PLACEHOLDER.
Context
Pattern copy từ NamGroup skill permission-system nhưng đơn giản hóa:
- 1 User có N Role
- 1 Role có ma trận (MenuKey, CRUD flags) —
Permissiontable - Không có per-user override (giữ đơn giản cho Phase 1)
- Menu tree flat 2 cấp, hardcode
MenuKey
Tech
- BE:
[Authorize(Policy = "Menu.Read")]attribute - FE:
<PermissionGuard menuKey="Contracts" action="Update">+usePermission().can("Contracts", "Update") - Resolution: API
/api/menus/metrả về tree + permissions đã resolved theo user's roles
Code pointers (sẽ có sau Phase 1)
src/Backend/SolutionErp.Domain/Identity/Permission.cssrc/Backend/SolutionErp.Application/Permissions/Queries/GetMyMenuTreeQuery.csfe-admin/src/components/PermissionGuard.tsxfe-admin/src/hooks/usePermission.ts
Common pitfalls (dự kiến)
- Quên refresh token sau khi admin update permission → user phải logout/login mới thấy
- MenuKey hardcode dễ typo → tập trung vào file
src/lib/menuKeys.ts(FE) +MenuKeys.cs(BE const)