feat(api): GET /api/v1/users/{id}/permisos con CQRS handler [UDT-009]

2026-04-15 21:43:08 -03:00
parent 5fd88b5a9d
commit 47323302cc
6 changed files with 544 additions and 0 deletions
--- a/src/api/SIGCM2.Api/Controllers/UsuariosController.cs
+++ b/src/api/SIGCM2.Api/Controllers/UsuariosController.cs
@@ -10,6 +10,7 @@ using SIGCM2.Application.Usuarios.Deactivate;
 using SIGCM2.Application.Usuarios.GetById;
 using SIGCM2.Application.Usuarios.List;
 using SIGCM2.Application.Usuarios.Reactivate;
+using SIGCM2.Application.Usuarios.Permisos;
 using SIGCM2.Application.Usuarios.ResetPassword;
 using SIGCM2.Application.Usuarios.Update;
 using System.IdentityModel.Tokens.Jwt;
@@ -225,10 +226,46 @@ public sealed class UsuariosController : ControllerBase
        var result = await _dispatcher.Send<ResetUsuarioPasswordCommand, ResetUsuarioPasswordResponse>(command);
        return Ok(result);
    }
+
+    // ── UDT-009: Permisos endpoints ───────────────────────────────────────────
+
+    /// <summary>
+    /// Gets a usuario's role permissions, explicit grant/deny overrides, and computed effective set.
+    /// Requires administracion:usuarios:gestionar.
+    /// </summary>
+    [HttpGet("{id:int}/permisos")]
+    [RequirePermission("administracion:usuarios:gestionar")]
+    [ProducesResponseType(typeof(UsuarioPermisosResponse), StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    [ProducesResponseType(StatusCodes.Status403Forbidden)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public async Task<IActionResult> GetPermisos([FromRoute] int id)
+    {
+        var result = await _dispatcher.Send<GetUsuarioPermisosQuery, UsuarioPermisosDto>(
+            new GetUsuarioPermisosQuery(id));
+        return Ok(MapToPermisosResponse(result));
+    }
+
+    private static UsuarioPermisosResponse MapToPermisosResponse(UsuarioPermisosDto dto)
+        => new(
+            RolPermisos: dto.RolPermisos,
+            Overrides: new PermisosOverridesShape(dto.Grant, dto.Deny),
+            Effective: dto.Effective);
 }

 // ── request body records ──────────────────────────────────────────────────────

+/// <summary>UDT-009: Response shape for permisos endpoints.</summary>
+public sealed record UsuarioPermisosResponse(
+    IReadOnlyList<string> RolPermisos,
+    PermisosOverridesShape Overrides,
+    IReadOnlyList<string> Effective);
+
+/// <summary>UDT-009: The grant/deny override shape nested in UsuarioPermisosResponse.</summary>
+public sealed record PermisosOverridesShape(
+    IReadOnlyList<string> Grant,
+    IReadOnlyList<string> Deny);
+
 /// <summary>Create user request body — nullable to catch missing field scenarios.</summary>
 public sealed record CreateUsuarioRequest(
    string? Username,