Go to file

dmolinari 26efb74c22 feat(audit): enchufar audit en handlers de Usuario — Closes #6

7 command handlers del módulo Usuarios ahora auditan via IAuditLogger:

| Handler                                 | Action                  |
|-----------------------------------------|-------------------------|
| CreateUsuarioCommandHandler             | usuario.create          |
| UpdateUsuarioCommandHandler             | usuario.update          |
| DeactivateUsuarioCommandHandler         | usuario.deactivate      |
| ReactivateUsuarioCommandHandler         | usuario.reactivate      |
| ChangeMyPasswordCommandHandler          | usuario.password_change |
| ResetUsuarioPasswordCommandHandler      | usuario.password_reset  |
| UpdateUsuarioPermisosOverridesHandler   | usuario.permisos_update |

Patrón por handler (per design #D-1):
  using (var tx = new TransactionScope(Required, ReadCommitted, AsyncFlowEnabled))
  {
      await repo.UpdateAsync(...);
      await audit.LogAsync(...);
      tx.Complete();
  }
  // post-commit reads OUTSIDE the using block
  var updated = await repo.GetDetailAsync(...);

Metadata captured:
- usuario.create: after={username, nombre, apellido, email, rol} — NO password.
- usuario.update: {before, after} diff of editable fields.
- usuario.password_reset: {targetId} only — tempPassword is NEVER persisted to
  audit (returned to caller once, never stored).
- usuario.permisos_update: {before, after} of grant/deny override lists.

Key fix during implementation: initially used 'using var tx = ...' (bare
declaration). This kept the TransactionScope active for the rest of the method,
causing 'The current TransactionScope is already complete' when post-commit
reads (GetDetailAsync) tried to enlist. Solution: explicit 'using (var tx = ...)
{ ... }' block that disposes the scope before post-commit reads.

AuditContextMissingException surfaces from AuditLogger when IAuditContext
lacks ActorUserId — fail-closed per #REQ-AUD-4. In integration tests, the
middleware populates ActorUserId from the JWT sub of the authenticated admin.

Test updates: 6 existing unit test classes now inject IAuditLogger mock:
- CreateUsuarioCommandHandlerTests
- UpdateUsuarioCommandHandlerTests
- DeactivateUsuarioCommandHandlerTests
- ReactivateUsuarioCommandHandlerTests
- ChangeMyPasswordCommandHandlerTests
- ResetUsuarioPasswordCommandHandlerTests

Follow-up #6 ([Auditoría] Registrar admin creador en alta de usuarios) is
closed: CreateUsuarioCommandHandler now records ActorUserId = admin JWT sub
on every user creation. TODO comment removed.

Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing.

Closes #6
Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-UM-AUD, design, tasks#B7}

2026-04-16 13:49:44 -03:00

.atl

feat(web): infra UI completa pre-ADM-001 — DataTable + 8 shadcn + MCP global

2026-04-16 11:54:14 -03:00

database

feat(db): V010 audit infrastructure + temporal tables

2026-04-16 13:10:04 -03:00

docs

docs(web): smoke test checklist UDT-002 — login, refresh, logout, reuse detection

2026-04-14 13:52:59 -03:00

scripts

chore(udt-001): RSA key generation script

2026-04-13 21:35:56 -03:00

src

feat(audit): enchufar audit en handlers de Usuario — Closes #6

2026-04-16 13:49:44 -03:00

tests

feat(audit): enchufar audit en handlers de Usuario — Closes #6

2026-04-16 13:49:44 -03:00

.gitignore

chore(repo): gitignore .claude/ local state and autogen src/src.sln

2026-04-14 14:39:38 -03:00

Directory.Packages.props

feat(api): UDT-003 registro de usuarios — backend completo (Phases 1-6)

2026-04-15 10:47:48 -03:00

README.md

Actualizar README.md

2026-04-15 17:36:36 +00:00

SIGCM2.slnx

chore(udt-001): repo scaffold with central package management

2026-04-13 21:35:51 -03:00

README.md

SIG-CM 2.0

Sistema de gestión comercial — migración del sistema legacy (VB6) a una plataforma web moderna.

Stack

Backend: .NET 10 · C# 13 · ASP.NET Core · Clean Architecture · Dapper 2.x · SQL Server 2022 · JWT RS256 · Serilog · FluentValidation · xUnit + NSubstitute
Frontend: React 19 · TypeScript 5 strict · Vite 6 · Tailwind 4 · Zustand · React Router 7 · TanStack Query · Axios · Vitest + RTL
Infra: Docker · Gitea Actions · Obsidian (documentación interna) · SQL Server

Estructura

src/api/             # Backend .NET (Clean Architecture)
  SIGCM2.Api/          controllers, filters, Program.cs
  SIGCM2.Application/  commands, handlers, validators, abstractions
  SIGCM2.Domain/       entities, exceptions, domain security
  SIGCM2.Infrastructure/ persistence (Dapper), security, DI

src/web/             # Frontend React 19 (Vite + TS strict)
  src/features/        feature modules (auth, users, …)
  src/components/      shared UI + layout
  src/tests/           Vitest suites

database/
  migrations/          .sql con orden Vxxx
  seeds/               datos iniciales
  schemas/             definiciones auxiliares

tests/
  SIGCM2.Api.Tests/            integration (TestWebAppFactory + SQL Server)
  SIGCM2.Application.Tests/    unit (handlers, validators)
  SIGCM2.TestSupport/          fixtures compartidas

Obsidian/            # Source of truth funcional (IGNORADO por git)
  STATUS.md            roadmap y estado de UDTs
  INSTRUCCIONES_IA.md  SOP del agente de IA
  02-ARQUITECTURA.../  specs por módulo

Cómo correr

Requisitos

.NET 10 SDK
Node 20+
SQL Server 2019+ (local o remoto)

Backend

cd src/api/SIGCM2.Api
dotnet run

Config en appsettings.json (DB: SIGCM2, usuario desarrollo, server TECNICA3). Para tests de integración se usa SIGCM2_Test.

Frontend

cd src/web
npm install
npm run dev

Tests

# Backend
dotnet test tests/SIGCM2.Application.Tests       # unit
dotnet test tests/SIGCM2.Api.Tests               # integration (requiere SIGCM2_Test)

# Frontend
cd src/web && npx vitest run

Convenciones

Ramas: feature/UDT-XXX desde main.
Commits: tipo(módulo): descripción — feat, fix, docs, refactor, test, chore, security.
Orden de trabajo por UDT: BD → Backend → Frontend.
Desarrollo guiado por Spec-Driven Development (SDD) + Strict TDD.
Follow-ups / deuda técnica se registran como issues de Gitea con label followup.