feat(audit): enchufar audit en handlers de Rol (UDT-010 B8)
4 command handlers del módulo Roles + Permisos ahora auditan:
| Handler | Action |
|--------------------------------------|------------------------|
| CreateRolCommandHandler | rol.create |
| UpdateRolCommandHandler | rol.update |
| DeactivateRolCommandHandler | rol.deactivate |
| AssignPermisosToRolCommandHandler | rol.permisos_update |
Mismo patrón que B7 (using block + post-commit reads outside scope).
Metadata:
- rol.create: after={Codigo, Nombre, Descripcion}
- rol.update: {before, after} diff
- rol.permisos_update: {before, after} con arrays de codigos ordenados
AssignPermisosToRolCommandHandler captura 'before' leyendo
GetByRolCodigoAsync antes del TransactionScope para poder emitir el diff.
4 test classes actualizados con mock de IAuditLogger.
Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing.
Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-RM-AUD, design, tasks#B8}
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
using System.Transactions;
|
||||
using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Abstractions.Persistence;
|
||||
using SIGCM2.Application.Audit;
|
||||
using SIGCM2.Application.Permisos.Dtos;
|
||||
using SIGCM2.Domain.Exceptions;
|
||||
|
||||
@@ -10,15 +12,18 @@ public sealed class AssignPermisosToRolCommandHandler : ICommandHandler<AssignPe
|
||||
private readonly IRolRepository _rolRepository;
|
||||
private readonly IPermisoRepository _permisoRepository;
|
||||
private readonly IRolPermisoRepository _rolPermisoRepository;
|
||||
private readonly IAuditLogger _audit;
|
||||
|
||||
public AssignPermisosToRolCommandHandler(
|
||||
IRolRepository rolRepository,
|
||||
IPermisoRepository permisoRepository,
|
||||
IRolPermisoRepository rolPermisoRepository)
|
||||
IRolPermisoRepository rolPermisoRepository,
|
||||
IAuditLogger audit)
|
||||
{
|
||||
_rolRepository = rolRepository;
|
||||
_permisoRepository = permisoRepository;
|
||||
_rolPermisoRepository = rolPermisoRepository;
|
||||
_audit = audit;
|
||||
}
|
||||
|
||||
public async Task<IReadOnlyList<PermisoDto>> Handle(AssignPermisosToRolCommand command)
|
||||
@@ -40,9 +45,28 @@ public sealed class AssignPermisosToRolCommandHandler : ICommandHandler<AssignPe
|
||||
throw new PermisoNotFoundException(missing);
|
||||
}
|
||||
|
||||
// 3. Reemplazar el set (DELETE+INSERT en transacción dentro del repo)
|
||||
var permisoIds = permisos.Select(p => p.Id);
|
||||
await _rolPermisoRepository.ReplaceForRolAsync(rol.Id, permisoIds);
|
||||
// Capture "before" snapshot for audit diff
|
||||
var previousPermisos = await _rolPermisoRepository.GetByRolCodigoAsync(rol.Codigo);
|
||||
var beforeCodigos = previousPermisos.Select(p => p.Codigo).OrderBy(c => c, StringComparer.Ordinal).ToArray();
|
||||
var afterCodigos = permisos.Select(p => p.Codigo).OrderBy(c => c, StringComparer.Ordinal).ToArray();
|
||||
|
||||
using (var tx = new TransactionScope(
|
||||
TransactionScopeOption.Required,
|
||||
new TransactionOptions { IsolationLevel = IsolationLevel.ReadCommitted },
|
||||
TransactionScopeAsyncFlowOption.Enabled))
|
||||
{
|
||||
// 3. Reemplazar el set (DELETE+INSERT en transacción dentro del repo)
|
||||
var permisoIds = permisos.Select(p => p.Id);
|
||||
await _rolPermisoRepository.ReplaceForRolAsync(rol.Id, permisoIds);
|
||||
|
||||
await _audit.LogAsync(
|
||||
action: "rol.permisos_update",
|
||||
targetType: "Rol",
|
||||
targetId: rol.Id.ToString(),
|
||||
metadata: new { before = beforeCodigos, after = afterCodigos });
|
||||
|
||||
tx.Complete();
|
||||
}
|
||||
|
||||
// 4. Retornar el nuevo set asignado
|
||||
return permisos
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
using System.Transactions;
|
||||
using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Abstractions.Persistence;
|
||||
using SIGCM2.Application.Audit;
|
||||
using SIGCM2.Application.Roles.Dtos;
|
||||
using SIGCM2.Domain.Entities;
|
||||
using SIGCM2.Domain.Exceptions;
|
||||
@@ -9,10 +11,12 @@ namespace SIGCM2.Application.Roles.Create;
|
||||
public sealed class CreateRolCommandHandler : ICommandHandler<CreateRolCommand, RolCreatedDto>
|
||||
{
|
||||
private readonly IRolRepository _repository;
|
||||
private readonly IAuditLogger _audit;
|
||||
|
||||
public CreateRolCommandHandler(IRolRepository repository)
|
||||
public CreateRolCommandHandler(IRolRepository repository, IAuditLogger audit)
|
||||
{
|
||||
_repository = repository;
|
||||
_audit = audit;
|
||||
}
|
||||
|
||||
public async Task<RolCreatedDto> Handle(CreateRolCommand command)
|
||||
@@ -24,7 +28,23 @@ public sealed class CreateRolCommandHandler : ICommandHandler<CreateRolCommand,
|
||||
throw new RolAlreadyExistsException(command.Codigo);
|
||||
|
||||
var rol = Rol.ForCreation(command.Codigo, command.Nombre, command.Descripcion);
|
||||
var newId = await _repository.AddAsync(rol);
|
||||
|
||||
int newId;
|
||||
using (var tx = new TransactionScope(
|
||||
TransactionScopeOption.Required,
|
||||
new TransactionOptions { IsolationLevel = IsolationLevel.ReadCommitted },
|
||||
TransactionScopeAsyncFlowOption.Enabled))
|
||||
{
|
||||
newId = await _repository.AddAsync(rol);
|
||||
|
||||
await _audit.LogAsync(
|
||||
action: "rol.create",
|
||||
targetType: "Rol",
|
||||
targetId: newId.ToString(),
|
||||
metadata: new { after = new { rol.Codigo, rol.Nombre, rol.Descripcion } });
|
||||
|
||||
tx.Complete();
|
||||
}
|
||||
|
||||
return new RolCreatedDto(
|
||||
Id: newId,
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
using System.Transactions;
|
||||
using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Abstractions.Persistence;
|
||||
using SIGCM2.Application.Audit;
|
||||
using SIGCM2.Application.Roles.Dtos;
|
||||
using SIGCM2.Domain.Exceptions;
|
||||
|
||||
@@ -8,10 +10,12 @@ namespace SIGCM2.Application.Roles.Deactivate;
|
||||
public sealed class DeactivateRolCommandHandler : ICommandHandler<DeactivateRolCommand, RolDto>
|
||||
{
|
||||
private readonly IRolRepository _repository;
|
||||
private readonly IAuditLogger _audit;
|
||||
|
||||
public DeactivateRolCommandHandler(IRolRepository repository)
|
||||
public DeactivateRolCommandHandler(IRolRepository repository, IAuditLogger audit)
|
||||
{
|
||||
_repository = repository;
|
||||
_audit = audit;
|
||||
}
|
||||
|
||||
public async Task<RolDto> Handle(DeactivateRolCommand command)
|
||||
@@ -23,10 +27,23 @@ public sealed class DeactivateRolCommandHandler : ICommandHandler<DeactivateRolC
|
||||
if (await _repository.HasActiveUsuariosAsync(command.Codigo))
|
||||
throw new RolInUseException(command.Codigo);
|
||||
|
||||
var updated = await _repository.UpdateAsync(
|
||||
existing.Codigo, existing.Nombre, existing.Descripcion, activo: false);
|
||||
if (!updated)
|
||||
throw new RolNotFoundException(command.Codigo);
|
||||
using (var tx = new TransactionScope(
|
||||
TransactionScopeOption.Required,
|
||||
new TransactionOptions { IsolationLevel = IsolationLevel.ReadCommitted },
|
||||
TransactionScopeAsyncFlowOption.Enabled))
|
||||
{
|
||||
var updated = await _repository.UpdateAsync(
|
||||
existing.Codigo, existing.Nombre, existing.Descripcion, activo: false);
|
||||
if (!updated)
|
||||
throw new RolNotFoundException(command.Codigo);
|
||||
|
||||
await _audit.LogAsync(
|
||||
action: "rol.deactivate",
|
||||
targetType: "Rol",
|
||||
targetId: existing.Id.ToString());
|
||||
|
||||
tx.Complete();
|
||||
}
|
||||
|
||||
var rol = await _repository.GetByCodigoAsync(command.Codigo)
|
||||
?? throw new RolNotFoundException(command.Codigo);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
using System.Transactions;
|
||||
using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Abstractions.Persistence;
|
||||
using SIGCM2.Application.Audit;
|
||||
using SIGCM2.Application.Roles.Dtos;
|
||||
using SIGCM2.Domain.Exceptions;
|
||||
|
||||
@@ -8,19 +10,42 @@ namespace SIGCM2.Application.Roles.Update;
|
||||
public sealed class UpdateRolCommandHandler : ICommandHandler<UpdateRolCommand, RolDto>
|
||||
{
|
||||
private readonly IRolRepository _repository;
|
||||
private readonly IAuditLogger _audit;
|
||||
|
||||
public UpdateRolCommandHandler(IRolRepository repository)
|
||||
public UpdateRolCommandHandler(IRolRepository repository, IAuditLogger audit)
|
||||
{
|
||||
_repository = repository;
|
||||
_audit = audit;
|
||||
}
|
||||
|
||||
public async Task<RolDto> Handle(UpdateRolCommand command)
|
||||
{
|
||||
var updated = await _repository.UpdateAsync(
|
||||
command.Codigo, command.Nombre, command.Descripcion, command.Activo);
|
||||
var before = await _repository.GetByCodigoAsync(command.Codigo)
|
||||
?? throw new RolNotFoundException(command.Codigo);
|
||||
|
||||
if (!updated)
|
||||
throw new RolNotFoundException(command.Codigo);
|
||||
using (var tx = new TransactionScope(
|
||||
TransactionScopeOption.Required,
|
||||
new TransactionOptions { IsolationLevel = IsolationLevel.ReadCommitted },
|
||||
TransactionScopeAsyncFlowOption.Enabled))
|
||||
{
|
||||
var updated = await _repository.UpdateAsync(
|
||||
command.Codigo, command.Nombre, command.Descripcion, command.Activo);
|
||||
|
||||
if (!updated)
|
||||
throw new RolNotFoundException(command.Codigo);
|
||||
|
||||
await _audit.LogAsync(
|
||||
action: "rol.update",
|
||||
targetType: "Rol",
|
||||
targetId: before.Id.ToString(),
|
||||
metadata: new
|
||||
{
|
||||
before = new { before.Nombre, before.Descripcion, before.Activo },
|
||||
after = new { command.Nombre, command.Descripcion, command.Activo },
|
||||
});
|
||||
|
||||
tx.Complete();
|
||||
}
|
||||
|
||||
var rol = await _repository.GetByCodigoAsync(command.Codigo)
|
||||
?? throw new RolNotFoundException(command.Codigo);
|
||||
|
||||
Reference in New Issue
Block a user