Implemented domain event raising in command handlers to enable audit logging and event-driven architecture for key Identity module operations.
Changes:
- Updated LoginCommand to include IpAddress and UserAgent fields for audit trail
- Updated AuthController to extract and pass IP address and user agent from HTTP context
- Modified LoginCommandHandler to raise UserLoggedInEvent on successful login
- Updated AssignUserRoleCommand to include AssignedBy field for audit purposes
- Modified AssignUserRoleCommandHandler to raise UserRoleAssignedEvent with previous role tracking
- Updated RemoveUserFromTenantCommand to include RemovedBy and Reason fields
- Modified RemoveUserFromTenantCommandHandler to raise UserRemovedFromTenantEvent before deletion
- Added domain methods to User aggregate: RecordLoginWithEvent, RaiseRoleAssignedEvent, RaiseRemovedFromTenantEvent
- Updated TenantUsersController to extract current user ID from JWT claims and pass to commands
Technical Details:
- All event raising follows aggregate root encapsulation pattern
- Domain events are persisted through repository UpdateAsync calls
- Event handlers will automatically log these events for audit trail
- Maintains backward compatibility with existing login flow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented Role-Based Access Control (RBAC) with 5 tenant-level roles following Clean Architecture principles.
Changes:
- Created TenantRole enum (TenantOwner, TenantAdmin, TenantMember, TenantGuest, AIAgent)
- Created UserTenantRole entity with repository pattern
- Updated JWT service to include role claims (tenant_role, role)
- Updated RegisterTenant to auto-assign TenantOwner role
- Updated Login to query and include user role in JWT
- Updated RefreshToken to preserve role claims
- Added authorization policies in Program.cs (RequireTenantOwner, RequireTenantAdmin, etc.)
- Updated /api/auth/me endpoint to return role information
- Created EF Core migration for user_tenant_roles table
- Applied database migration successfully
Database:
- New table: identity.user_tenant_roles
- Columns: id, user_id, tenant_id, role, assigned_at, assigned_by_user_id
- Indexes: user_id, tenant_id, role, unique(user_id, tenant_id)
- Foreign keys: CASCADE on user and tenant deletion
Testing:
- Created test-rbac.ps1 PowerShell script
- All RBAC tests passing
- JWT tokens contain role claims
- Role persists across login and token refresh
Documentation:
- DAY5-PHASE2-RBAC-IMPLEMENTATION-SUMMARY.md with complete implementation details
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
