feat(audit): enchufar audit en handlers de Rol (UDT-010 B8)
4 command handlers del módulo Roles + Permisos ahora auditan:
| Handler | Action |
|--------------------------------------|------------------------|
| CreateRolCommandHandler | rol.create |
| UpdateRolCommandHandler | rol.update |
| DeactivateRolCommandHandler | rol.deactivate |
| AssignPermisosToRolCommandHandler | rol.permisos_update |
Mismo patrón que B7 (using block + post-commit reads outside scope).
Metadata:
- rol.create: after={Codigo, Nombre, Descripcion}
- rol.update: {before, after} diff
- rol.permisos_update: {before, after} con arrays de codigos ordenados
AssignPermisosToRolCommandHandler captura 'before' leyendo
GetByRolCodigoAsync antes del TransactionScope para poder emitir el diff.
4 test classes actualizados con mock de IAuditLogger.
Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing.
Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-RM-AUD, design, tasks#B8}
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
using System.Transactions;
|
||||
using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Abstractions.Persistence;
|
||||
using SIGCM2.Application.Audit;
|
||||
using SIGCM2.Application.Permisos.Dtos;
|
||||
using SIGCM2.Domain.Exceptions;
|
||||
|
||||
@@ -10,15 +12,18 @@ public sealed class AssignPermisosToRolCommandHandler : ICommandHandler<AssignPe
|
||||
private readonly IRolRepository _rolRepository;
|
||||
private readonly IPermisoRepository _permisoRepository;
|
||||
private readonly IRolPermisoRepository _rolPermisoRepository;
|
||||
private readonly IAuditLogger _audit;
|
||||
|
||||
public AssignPermisosToRolCommandHandler(
|
||||
IRolRepository rolRepository,
|
||||
IPermisoRepository permisoRepository,
|
||||
IRolPermisoRepository rolPermisoRepository)
|
||||
IRolPermisoRepository rolPermisoRepository,
|
||||
IAuditLogger audit)
|
||||
{
|
||||
_rolRepository = rolRepository;
|
||||
_permisoRepository = permisoRepository;
|
||||
_rolPermisoRepository = rolPermisoRepository;
|
||||
_audit = audit;
|
||||
}
|
||||
|
||||
public async Task<IReadOnlyList<PermisoDto>> Handle(AssignPermisosToRolCommand command)
|
||||
@@ -40,9 +45,28 @@ public sealed class AssignPermisosToRolCommandHandler : ICommandHandler<AssignPe
|
||||
throw new PermisoNotFoundException(missing);
|
||||
}
|
||||
|
||||
// 3. Reemplazar el set (DELETE+INSERT en transacción dentro del repo)
|
||||
var permisoIds = permisos.Select(p => p.Id);
|
||||
await _rolPermisoRepository.ReplaceForRolAsync(rol.Id, permisoIds);
|
||||
// Capture "before" snapshot for audit diff
|
||||
var previousPermisos = await _rolPermisoRepository.GetByRolCodigoAsync(rol.Codigo);
|
||||
var beforeCodigos = previousPermisos.Select(p => p.Codigo).OrderBy(c => c, StringComparer.Ordinal).ToArray();
|
||||
var afterCodigos = permisos.Select(p => p.Codigo).OrderBy(c => c, StringComparer.Ordinal).ToArray();
|
||||
|
||||
using (var tx = new TransactionScope(
|
||||
TransactionScopeOption.Required,
|
||||
new TransactionOptions { IsolationLevel = IsolationLevel.ReadCommitted },
|
||||
TransactionScopeAsyncFlowOption.Enabled))
|
||||
{
|
||||
// 3. Reemplazar el set (DELETE+INSERT en transacción dentro del repo)
|
||||
var permisoIds = permisos.Select(p => p.Id);
|
||||
await _rolPermisoRepository.ReplaceForRolAsync(rol.Id, permisoIds);
|
||||
|
||||
await _audit.LogAsync(
|
||||
action: "rol.permisos_update",
|
||||
targetType: "Rol",
|
||||
targetId: rol.Id.ToString(),
|
||||
metadata: new { before = beforeCodigos, after = afterCodigos });
|
||||
|
||||
tx.Complete();
|
||||
}
|
||||
|
||||
// 4. Retornar el nuevo set asignado
|
||||
return permisos
|
||||
|
||||
Reference in New Issue
Block a user