dmolinari
a3f01bc6c9
4 command handlers del módulo Roles + Permisos ahora auditan:
| Handler | Action |
|--------------------------------------|------------------------|
| CreateRolCommandHandler | rol.create |
| UpdateRolCommandHandler | rol.update |
| DeactivateRolCommandHandler | rol.deactivate |
| AssignPermisosToRolCommandHandler | rol.permisos_update |
Mismo patrón que B7 (using block + post-commit reads outside scope).
Metadata:
- rol.create: after={Codigo, Nombre, Descripcion}
- rol.update: {before, after} diff
- rol.permisos_update: {before, after} con arrays de codigos ordenados
AssignPermisosToRolCommandHandler captura 'before' leyendo
GetByRolCodigoAsync antes del TransactionScope para poder emitir el diff.
4 test classes actualizados con mock de IAuditLogger.
Suite: 378/378 Application.Tests + 141/141 Api.Tests = 519/519 passing.
Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-RM-AUD, design, tasks#B8}
77 lines
3.1 KiB
C#
77 lines
3.1 KiB
C#
using System.Transactions;
|
|
using SIGCM2.Application.Abstractions;
|
|
using SIGCM2.Application.Abstractions.Persistence;
|
|
using SIGCM2.Application.Audit;
|
|
using SIGCM2.Application.Permisos.Dtos;
|
|
using SIGCM2.Domain.Exceptions;
|
|
|
|
namespace SIGCM2.Application.Permisos.Assign;
|
|
|
|
public sealed class AssignPermisosToRolCommandHandler : ICommandHandler<AssignPermisosToRolCommand, IReadOnlyList<PermisoDto>>
|
|
{
|
|
private readonly IRolRepository _rolRepository;
|
|
private readonly IPermisoRepository _permisoRepository;
|
|
private readonly IRolPermisoRepository _rolPermisoRepository;
|
|
private readonly IAuditLogger _audit;
|
|
|
|
public AssignPermisosToRolCommandHandler(
|
|
IRolRepository rolRepository,
|
|
IPermisoRepository permisoRepository,
|
|
IRolPermisoRepository rolPermisoRepository,
|
|
IAuditLogger audit)
|
|
{
|
|
_rolRepository = rolRepository;
|
|
_permisoRepository = permisoRepository;
|
|
_rolPermisoRepository = rolPermisoRepository;
|
|
_audit = audit;
|
|
}
|
|
|
|
public async Task<IReadOnlyList<PermisoDto>> Handle(AssignPermisosToRolCommand command)
|
|
{
|
|
// 1. Validar que el rol existe
|
|
var rol = await _rolRepository.GetByCodigoAsync(command.RolCodigo);
|
|
if (rol is null)
|
|
throw new RolNotFoundException(command.RolCodigo);
|
|
|
|
// 2. Validar que todos los códigos existen en BD
|
|
var codigosList = command.Codigos.ToList();
|
|
var permisos = await _permisoRepository.GetByCodigosAsync(codigosList);
|
|
|
|
if (permisos.Count != codigosList.Count)
|
|
{
|
|
// Detectar el primer código que no fue encontrado
|
|
var foundCodigos = permisos.Select(p => p.Codigo).ToHashSet();
|
|
var missing = codigosList.First(c => !foundCodigos.Contains(c));
|
|
throw new PermisoNotFoundException(missing);
|
|
}
|
|
|
|
// Capture "before" snapshot for audit diff
|
|
var previousPermisos = await _rolPermisoRepository.GetByRolCodigoAsync(rol.Codigo);
|
|
var beforeCodigos = previousPermisos.Select(p => p.Codigo).OrderBy(c => c, StringComparer.Ordinal).ToArray();
|
|
var afterCodigos = permisos.Select(p => p.Codigo).OrderBy(c => c, StringComparer.Ordinal).ToArray();
|
|
|
|
using (var tx = new TransactionScope(
|
|
TransactionScopeOption.Required,
|
|
new TransactionOptions { IsolationLevel = IsolationLevel.ReadCommitted },
|
|
TransactionScopeAsyncFlowOption.Enabled))
|
|
{
|
|
// 3. Reemplazar el set (DELETE+INSERT en transacción dentro del repo)
|
|
var permisoIds = permisos.Select(p => p.Id);
|
|
await _rolPermisoRepository.ReplaceForRolAsync(rol.Id, permisoIds);
|
|
|
|
await _audit.LogAsync(
|
|
action: "rol.permisos_update",
|
|
targetType: "Rol",
|
|
targetId: rol.Id.ToString(),
|
|
metadata: new { before = beforeCodigos, after = afterCodigos });
|
|
|
|
tx.Complete();
|
|
}
|
|
|
|
// 4. Retornar el nuevo set asignado
|
|
return permisos
|
|
.Select(p => new PermisoDto(p.Id, p.Codigo, p.Nombre, p.Descripcion, p.Modulo))
|
|
.ToList();
|
|
}
|
|
}
|