Implemented domain event raising in command handlers to enable audit logging and event-driven architecture for key Identity module operations.
Changes:
- Updated LoginCommand to include IpAddress and UserAgent fields for audit trail
- Updated AuthController to extract and pass IP address and user agent from HTTP context
- Modified LoginCommandHandler to raise UserLoggedInEvent on successful login
- Updated AssignUserRoleCommand to include AssignedBy field for audit purposes
- Modified AssignUserRoleCommandHandler to raise UserRoleAssignedEvent with previous role tracking
- Updated RemoveUserFromTenantCommand to include RemovedBy and Reason fields
- Modified RemoveUserFromTenantCommandHandler to raise UserRemovedFromTenantEvent before deletion
- Added domain methods to User aggregate: RecordLoginWithEvent, RaiseRoleAssignedEvent, RaiseRemovedFromTenantEvent
- Updated TenantUsersController to extract current user ID from JWT claims and pass to commands
Technical Details:
- All event raising follows aggregate root encapsulation pattern
- Domain events are persisted through repository UpdateAsync calls
- Event handlers will automatically log these events for audit trail
- Maintains backward compatibility with existing login flow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add complete role management functionality for tenant administrators to manage user roles within their tenants.
Changes:
- Extended IUserTenantRoleRepository with pagination, role counting, and last owner check methods
- Extended IUserRepository with GetByIdAsync(Guid) and GetByIdsAsync for flexible user retrieval
- Extended IRefreshTokenRepository with GetByUserAndTenantAsync and UpdateRangeAsync
- Implemented repository methods in Infrastructure layer
- Created DTOs: UserWithRoleDto and PagedResultDto<T>
- Implemented ListTenantUsersQuery with pagination support
- Implemented AssignUserRoleCommand to assign/update user roles
- Implemented RemoveUserFromTenantCommand with token revocation
- Created TenantUsersController with 4 endpoints (list, assign, remove, get-roles)
- Added comprehensive PowerShell test script
Security Features:
- Only TenantOwner can assign/update/remove roles
- Prevents removal of last TenantOwner (lockout protection)
- Prevents manual assignment of AIAgent role (reserved for MCP)
- Cross-tenant access protection
- Automatic refresh token revocation when user removed
API Endpoints:
- GET /api/tenants/{id}/users - List users with roles (paginated)
- POST /api/tenants/{id}/users/{userId}/role - Assign/update role
- DELETE /api/tenants/{id}/users/{userId} - Remove user from tenant
- GET /api/tenants/roles - Get available roles
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
