dmolinari/SIG-CM2.0
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): GET /api/v1/users/{id}/permisos con CQRS handler [UDT-009]

Browse Source
This commit is contained in:
dmolinari
2026-04-15 21:43:08 -03:00
parent 5fd88b5a9d
commit 47323302cc
6 changed files with 544 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/api/SIGCM2.Api/Controllers/UsuariosController.cs
View File

@@ -10,6 +10,7 @@ using SIGCM2.Application.Usuarios.Deactivate;
using SIGCM2.Application.Usuarios.GetById;
using SIGCM2.Application.Usuarios.List;
using SIGCM2.Application.Usuarios.Reactivate;
using SIGCM2.Application.Usuarios.Permisos;
using SIGCM2.Application.Usuarios.ResetPassword;
using SIGCM2.Application.Usuarios.Update;
using System.IdentityModel.Tokens.Jwt;
@@ -225,10 +226,46 @@ public sealed class UsuariosController : ControllerBase
var result = await _dispatcher.Send<ResetUsuarioPasswordCommand, ResetUsuarioPasswordResponse>(command);
return Ok(result);
}
// ── UDT-009: Permisos endpoints ───────────────────────────────────────────
/// <summary>
/// Gets a usuario's role permissions, explicit grant/deny overrides, and computed effective set.
/// Requires administracion:usuarios:gestionar.
/// </summary>
[HttpGet("{id:int}/permisos")]
[RequirePermission("administracion:usuarios:gestionar")]
[ProducesResponseType(typeof(UsuarioPermisosResponse), StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<IActionResult> GetPermisos([FromRoute] int id)
{
var result = await _dispatcher.Send<GetUsuarioPermisosQuery, UsuarioPermisosDto>(
new GetUsuarioPermisosQuery(id));
return Ok(MapToPermisosResponse(result));
}
private static UsuarioPermisosResponse MapToPermisosResponse(UsuarioPermisosDto dto)
=> new(
RolPermisos: dto.RolPermisos,
Overrides: new PermisosOverridesShape(dto.Grant, dto.Deny),
Effective: dto.Effective);
}
// ── request body records ──────────────────────────────────────────────────────
/// <summary>UDT-009: Response shape for permisos endpoints.</summary>
public sealed record UsuarioPermisosResponse(
IReadOnlyList<string> RolPermisos,
PermisosOverridesShape Overrides,
IReadOnlyList<string> Effective);
/// <summary>UDT-009: The grant/deny override shape nested in UsuarioPermisosResponse.</summary>
public sealed record PermisosOverridesShape(
IReadOnlyList<string> Grant,
IReadOnlyList<string> Deny);
/// <summary>Create user request body — nullable to catch missing field scenarios.</summary>
public sealed record CreateUsuarioRequest(
string? Username,

4
src/api/SIGCM2.Application/DependencyInjection.cs
View File

@@ -22,6 +22,7 @@ using SIGCM2.Application.Usuarios.GetById;
using SIGCM2.Application.Usuarios.List;
using SIGCM2.Application.Usuarios.Reactivate;
using SIGCM2.Application.Usuarios.ResetPassword;
using SIGCM2.Application.Usuarios.Permisos;
using SIGCM2.Application.Usuarios.Update;
namespace SIGCM2.Application;
@@ -57,6 +58,9 @@ public static class DependencyInjection
services.AddScoped<ICommandHandler<ChangeMyPasswordCommand, Unit>, ChangeMyPasswordCommandHandler>();
services.AddScoped<ICommandHandler<ResetUsuarioPasswordCommand, ResetUsuarioPasswordResponse>, ResetUsuarioPasswordCommandHandler>();
// Usuarios/Permisos (UDT-009)
services.AddScoped<ICommandHandler<GetUsuarioPermisosQuery, UsuarioPermisosDto>, GetUsuarioPermisosQueryHandler>();
// FluentValidation validators (scans entire Application assembly)
services.AddValidatorsFromAssemblyContaining<LoginCommandValidator>();

4
src/api/SIGCM2.Application/Usuarios/Permisos/GetUsuarioPermisosQuery.cs Normal file
View File

@@ -0,0 +1,4 @@
namespace SIGCM2.Application.Usuarios.Permisos;
/// <summary>UDT-009: Query to get a user's role permissions, overrides, and effective set.</summary>
public sealed record GetUsuarioPermisosQuery(int Id);

51
src/api/SIGCM2.Application/Usuarios/Permisos/GetUsuarioPermisosQueryHandler.cs Normal file
View File

@@ -0,0 +1,51 @@
using SIGCM2.Application.Abstractions;
using SIGCM2.Application.Abstractions.Persistence;
using SIGCM2.Application.Common;
using SIGCM2.Domain.Exceptions;
namespace SIGCM2.Application.Usuarios.Permisos;
/// <summary>
/// UDT-009: Handles GET /api/v1/users/{id}/permisos.
/// Resolves role permissions + overrides + effective set.
/// </summary>
public sealed class GetUsuarioPermisosQueryHandler
: ICommandHandler<GetUsuarioPermisosQuery, UsuarioPermisosDto>
{
private readonly IUsuarioRepository _usuarioRepo;
private readonly IRolPermisoRepository _rolPermisoRepo;
public GetUsuarioPermisosQueryHandler(
IUsuarioRepository usuarioRepo,
IRolPermisoRepository rolPermisoRepo)
{
_usuarioRepo = usuarioRepo;
_rolPermisoRepo = rolPermisoRepo;
}
public async Task<UsuarioPermisosDto> Handle(GetUsuarioPermisosQuery query)
{
var usuario = await _usuarioRepo.GetByIdAsync(query.Id)
?? throw new UsuarioNotFoundException(query.Id);
var rolPermisoEntities = await _rolPermisoRepo.GetByRolCodigoAsync(usuario.Rol);
var rolPermisos = rolPermisoEntities
.Select(p => p.Codigo)
.OrderBy(c => c, StringComparer.Ordinal)
.ToArray();
var overrides = PermisosOverride.FromJson(usuario.PermisosJson);
var effective = PermisoResolver.Resolve(rolPermisos, overrides)
.OrderBy(c => c, StringComparer.Ordinal)
.ToArray();
return new UsuarioPermisosDto(
UsuarioId: usuario.Id,
Rol: usuario.Rol,
RolPermisos: rolPermisos,
Grant: overrides.Grant,
Deny: overrides.Deny,
Effective: effective);
}
}

13
src/api/SIGCM2.Application/Usuarios/Permisos/UsuarioPermisosDto.cs Normal file
View File

@@ -0,0 +1,13 @@
namespace SIGCM2.Application.Usuarios.Permisos;
/// <summary>
/// UDT-009: Response DTO for user permissions.
/// Contains role permissions, explicit overrides, and computed effective permissions.
/// </summary>
public sealed record UsuarioPermisosDto(
int UsuarioId,
string Rol,
IReadOnlyList<string> RolPermisos,
IReadOnlyList<string> Grant,
IReadOnlyList<string> Deny,
IReadOnlyList<string> Effective);