Add Master Data

2025-10-10 16:22:06 +07:00
parent ad0d9e41ba
commit d4ab1cb592
55 changed files with 16058 additions and 197 deletions
--- a/AMREZ.EOP.API/Controllers/AuthenticationController.cs
+++ b/AMREZ.EOP.API/Controllers/AuthenticationController.cs
@@ -1,6 +1,8 @@
 using System.Security.Claims;
 using AMREZ.EOP.Abstractions.Applications.UseCases.Authentications;
+using AMREZ.EOP.Application.UseCases.Authentications;
 using AMREZ.EOP.Contracts.DTOs.Authentications.AddEmailIdentity;
+using AMREZ.EOP.Contracts.DTOs.Authentications.AssignRole;
 using AMREZ.EOP.Contracts.DTOs.Authentications.ChangePassword;
 using AMREZ.EOP.Contracts.DTOs.Authentications.DisableMfa;
 using AMREZ.EOP.Contracts.DTOs.Authentications.EnableTotp;
@@ -10,6 +12,8 @@ using AMREZ.EOP.Contracts.DTOs.Authentications.Logout;
 using AMREZ.EOP.Contracts.DTOs.Authentications.LogoutAll;
 using AMREZ.EOP.Contracts.DTOs.Authentications.Refresh;
 using AMREZ.EOP.Contracts.DTOs.Authentications.Register;
+using AMREZ.EOP.Contracts.DTOs.Authentications.Role;
+using AMREZ.EOP.Contracts.DTOs.Authentications.UnassignRole;
 using AMREZ.EOP.Contracts.DTOs.Authentications.VerifyEmail;
 using AMREZ.EOP.Domain.Shared.Contracts;
 using Microsoft.AspNetCore.Authentication;
@@ -24,18 +28,19 @@ public class AuthenticationController : ControllerBase
    private readonly ILoginUseCase _login;
    private readonly IRegisterUseCase _register;
    private readonly IChangePasswordUseCase _changePassword;
-
+    
    private readonly IAddEmailIdentityUseCase _addEmail;
    private readonly IVerifyEmailUseCase _verifyEmail;

    private readonly IEnableTotpUseCase _enableTotp;
    private readonly IDisableMfaUseCase _disableMfa;
-    
+
    private readonly ILogoutUseCase _logout;
    private readonly ILogoutAllUseCase _logoutAll;
-    
+
    private readonly IIssueTokenPairUseCase _issueTokens;
    private readonly IRefreshUseCase _refresh;
+
    
    public AuthenticationController(
        ILoginUseCase login,
@@ -74,9 +79,21 @@ public class AuthenticationController : ControllerBase
            new(ClaimTypes.NameIdentifier, res.UserId.ToString()),
            new(ClaimTypes.Name, res.Email),
            new(ClaimTypes.Email, res.Email),
-            new("tenant", res.TenantKey)
+            new("tenant", res.TenantKey),
+            new("tenantId", res.TenantId.ToString())
        };

+        var roles = (res.Roles ?? Array.Empty<string>())
+            .Where(r => !string.IsNullOrWhiteSpace(r))
+            .Distinct(StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+        foreach (var r in roles)
+            claims.Add(new Claim(ClaimTypes.Role, r));
+
+        if (roles.Length > 0)
+            claims.Add(new Claim("roles_csv", string.Join(",", roles)));
+
        var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, AuthPolicies.Scheme));
        await HttpContext.SignInAsync(AuthPolicies.Scheme, principal);

@@ -85,7 +102,8 @@ public class AuthenticationController : ControllerBase
            UserId = res.UserId,
            TenantId = res.TenantId,
            Tenant = res.TenantKey,
-            Email = res.Email
+            Email = res.Email,
+            Roles = roles
        }, ct);

        if (!string.IsNullOrWhiteSpace(tokenPair.RefreshToken))
@@ -105,6 +123,7 @@ public class AuthenticationController : ControllerBase
        return Ok(new
        {
            user = res,
+            roles, 
            access_token = tokenPair.AccessToken,
            token_type = "Bearer",
            expires_at = tokenPair.AccessExpiresAt
@@ -132,7 +151,7 @@ public class AuthenticationController : ControllerBase
                new CookieOptions
                {
                    HttpOnly = true,
-                    Secure = false,              
+                    Secure = false,
                    SameSite = SameSiteMode.None,
                    Expires = res.RefreshExpiresAt?.UtcDateTime
                });
@@ -145,7 +164,7 @@ public class AuthenticationController : ControllerBase
            expires_at = res.AccessExpiresAt
        });
    }
-    
+
    [HttpPost("register")]
    public async Task<IActionResult> Register([FromBody] RegisterRequest body, CancellationToken ct)
    {
@@ -164,13 +183,15 @@ public class AuthenticationController : ControllerBase
        return NoContent();
    }

+    
+    
    [HttpPost("logout")]
    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync(AuthPolicies.Scheme);
        return NoContent();
    }
-    
+
    [HttpPost("email")]
    public async Task<IActionResult> AddEmail([FromBody] AddEmailIdentityRequest body, CancellationToken ct)
    {
@@ -186,7 +207,7 @@ public class AuthenticationController : ControllerBase
        if (!ok) return BadRequest(new { message = "Verify email failed" });
        return NoContent();
    }
-    
+
    [HttpPost("totp/enable")]
    public async Task<IActionResult> EnableTotp([FromBody] EnableTotpRequest body, CancellationToken ct)
    {
@@ -202,7 +223,7 @@ public class AuthenticationController : ControllerBase
        if (!ok) return BadRequest(new { message = "Disable MFA failed" });
        return NoContent();
    }
-    
+
    [HttpPost("revoke")]
    public async Task<IActionResult> Revoke([FromBody] LogoutRequest body, CancellationToken ct)
    {