feat(api): List + GetById usuarios — handlers, repo, endpoints [UDT-008]

2026-04-15 17:46:23 -03:00
parent 9dcd63543e
commit 2925336783
29 changed files with 1210 additions and 6 deletions
--- a/src/api/SIGCM2.Application/Usuarios/Update/UpdateUsuarioCommandHandler.cs
+++ b/src/api/SIGCM2.Application/Usuarios/Update/UpdateUsuarioCommandHandler.cs
@@ -0,0 +1,70 @@
+using SIGCM2.Application.Abstractions;
+using SIGCM2.Application.Abstractions.Persistence;
+using SIGCM2.Application.Common;
+using SIGCM2.Application.Usuarios.GetById;
+using SIGCM2.Domain.Exceptions;
+
+namespace SIGCM2.Application.Usuarios.Update;
+
+public sealed class UpdateUsuarioCommandHandler : ICommandHandler<UpdateUsuarioCommand, UsuarioDetailDto>
+{
+    private readonly IUsuarioRepository _repository;
+    private readonly IRolRepository _rolRepository;
+    private readonly IRefreshTokenRepository _refreshTokenRepository;
+
+    public UpdateUsuarioCommandHandler(
+        IUsuarioRepository repository,
+        IRolRepository rolRepository,
+        IRefreshTokenRepository refreshTokenRepository)
+    {
+        _repository = repository;
+        _rolRepository = rolRepository;
+        _refreshTokenRepository = refreshTokenRepository;
+    }
+
+    public async Task<UsuarioDetailDto> Handle(UpdateUsuarioCommand cmd)
+    {
+        var target = await _repository.GetByIdAsync(cmd.Id)
+            ?? throw new UsuarioNotFoundException(cmd.Id);
+
+        // Guard: validate rol exists and is active
+        var rolExists = await _rolRepository.ExistsActiveByCodigoAsync(cmd.Rol);
+        if (!rolExists)
+            throw new FluentValidation.ValidationException(
+                [new FluentValidation.Results.ValidationFailure("Rol", $"El rol '{cmd.Rol}' no existe o está inactivo.")]);
+
+        // Guard: anti-lockout — cannot remove last active admin
+        if (target.Rol == "admin" && target.Activo)
+        {
+            var isChangingRol = !string.Equals(cmd.Rol, "admin", StringComparison.Ordinal);
+            var isDeactivating = !cmd.Activo;
+
+            if ((isChangingRol || isDeactivating)
+                && await _repository.CountActiveAdminsAsync() <= 1)
+            {
+                throw new LastAdminLockoutException();
+            }
+        }
+
+        var fields = new UpdateUsuarioFields(cmd.Nombre, cmd.Apellido, cmd.Email, cmd.Rol, cmd.Activo);
+        var now = DateTime.UtcNow;
+        await _repository.UpdateAsync(cmd.Id, fields, now);
+
+        // Revoke refresh tokens if rol changed or user deactivated
+        var rolChanged = !string.Equals(target.Rol, cmd.Rol, StringComparison.Ordinal);
+        var justDeactivated = target.Activo && !cmd.Activo;
+        if (rolChanged || justDeactivated)
+        {
+            await _refreshTokenRepository.RevokeAllActiveForUserAsync(cmd.Id, now);
+        }
+
+        // TODO: audit — defer to ADM-004
+        var updated = await _repository.GetDetailAsync(cmd.Id)
+            ?? throw new UsuarioNotFoundException(cmd.Id);
+
+        return new UsuarioDetailDto(
+            updated.Id, updated.Username, updated.Nombre, updated.Apellido,
+            updated.Email, updated.Rol, updated.Activo, updated.MustChangePassword,
+            updated.UltimoLogin, updated.FechaModificacion);
+    }
+}