kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
ebb56cc9f8c48cd5e97a3e3f6c58d046b29f6125
ColaFlow/docs/plans/sprint_2_story_2_task_3.md
Yaojia Wang ebb56cc9f8 feat(backend): Create Sprint 2 backend Stories and Tasks 
Created detailed implementation plans for Sprint 2 backend work:

Story 1: Audit Log Foundation (Phase 1)
- Task 1: Design AuditLog database schema and create migration
- Task 2: Create AuditLog entity and Repository
- Task 3: Implement EF Core SaveChangesInterceptor
- Task 4: Write unit tests for audit logging
- Task 5: Integrate with ProjectManagement Module

Story 2: Audit Log Core Features (Phase 2)
- Task 1: Implement Changed Fields Detection (JSON Diff)
- Task 2: Integrate User Context Tracking
- Task 3: Add Multi-Tenant Isolation
- Task 4: Implement Audit Query API
- Task 5: Write Integration Tests

Story 3: Sprint Management Module
- Task 1: Create Sprint Aggregate Root and Domain Events
- Task 2: Implement Sprint Repository and EF Core Configuration
- Task 3: Create CQRS Commands and Queries
- Task 4: Implement Burndown Chart Calculation
- Task 5: Add SignalR Real-Time Notifications
- Task 6: Write Integration Tests

Total: 3 Stories, 16 Tasks, 24 Story Points (8+8+8)
Estimated Duration: 10-12 days

All tasks include:
- Detailed technical implementation guidance
- Code examples and file paths
- Testing requirements (>= 90% coverage)
- Performance benchmarks (< 5ms audit overhead)
- Multi-tenant security validation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-04 22:56:31 +01:00

6.0 KiB
Raw Blame History

task_id, story, status, estimated_hours, created_date, assignee
task_id story status estimated_hours created_date assignee
sprint_2_story_2_task_3 sprint_2_story_2 not_started 3 2025-11-05 Backend Team

Task 3: Add Multi-Tenant Isolation

Story: Story 2 - Audit Log Core Features (Phase 2) Estimated: 3 hours

Description

Ensure audit logs are properly isolated by TenantId to prevent cross-tenant data access. Implement global query filters and verify with comprehensive tests.

Acceptance Criteria

  • Global query filter applied to AuditLog entity
  • TenantId automatically set on audit log creation
  • Cross-tenant queries blocked
  • Integration tests verify isolation
  • Security audit passed

Implementation Details

Already Implemented in Story 1!

The AuditLogInterceptor already sets TenantId:

var auditLog = new AuditLog
{
    TenantId = _tenantContext.TenantId,
    // ...
};

This Task: Add Global Query Filter and Comprehensive Testing

  1. Update EF Configuration: colaflow-api/src/ColaFlow.Infrastructure/Data/Configurations/AuditLogConfiguration.cs
public void Configure(EntityTypeBuilder<AuditLog> builder)
{
    // ... existing configuration ...

    // Multi-tenant global query filter
    // This will be dynamically replaced by TenantContext at runtime
    builder.HasQueryFilter(a => a.TenantId == Guid.Empty);
}
  1. Apply Global Filter in DbContext: colaflow-api/src/ColaFlow.Infrastructure/Data/ColaFlowDbContext.cs
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
    base.OnModelCreating(modelBuilder);

    // Apply tenant filter to AuditLog
    var tenantId = _tenantContext.TenantId;
    modelBuilder.Entity<AuditLog>().HasQueryFilter(a => a.TenantId == tenantId);
}
  1. Verify Repository Filtering: colaflow-api/src/ColaFlow.Infrastructure/Repositories/AuditLogRepository.cs
public async Task<List<AuditLog>> GetByEntityAsync(string entityType, Guid entityId)
{
    var tenantId = _tenantContext.TenantId;

    // Query automatically filtered by global query filter
    // Explicit TenantId check added for defense-in-depth
    return await _context.AuditLogs
        .Where(a => a.TenantId == tenantId && a.EntityType == entityType && a.EntityId == entityId)
        .OrderByDescending(a => a.Timestamp)
        .AsNoTracking()
        .ToListAsync();
}

Defense-in-Depth Strategy:

  1. Layer 1: TenantId automatically set by Interceptor
  2. Layer 2: Global Query Filter in EF Core
  3. Layer 3: Explicit TenantId checks in Repository
  4. Layer 4: Integration tests verify isolation

Testing

Integration Tests: colaflow-api/tests/ColaFlow.Application.IntegrationTests/AuditLog/MultiTenantIsolationTests.cs

public class AuditLogMultiTenantIsolationTests : IntegrationTestBase
{
    [Fact]
    public async Task GetByEntityAsync_ShouldOnlyReturnCurrentTenantAuditLogs()
    {
        // Arrange - Create audit logs for two tenants
        var tenant1Id = Guid.NewGuid();
        var tenant2Id = Guid.NewGuid();
        var entityId = Guid.NewGuid();

        // Tenant 1 creates a project
        SetCurrentTenant(tenant1Id);
        var log1 = new AuditLog
        {
            Id = Guid.NewGuid(),
            TenantId = tenant1Id,
            EntityType = "Project",
            EntityId = entityId,
            Action = AuditAction.Create,
            Timestamp = DateTime.UtcNow
        };
        await Context.AuditLogs.AddAsync(log1);
        await Context.SaveChangesAsync();

        // Tenant 2 tries to access (should fail)
        SetCurrentTenant(tenant2Id);

        var repository = new AuditLogRepository(Context, TenantContext);

        // Act
        var result = await repository.GetByEntityAsync("Project", entityId);

        // Assert
        Assert.Empty(result); // Tenant 2 should NOT see Tenant 1's audit logs
    }

    [Fact]
    public async Task CreateProject_ShouldSetTenantIdAutomatically()
    {
        // Arrange
        var tenantId = Guid.NewGuid();
        SetCurrentTenant(tenantId);

        // Act
        var projectId = await Mediator.Send(new CreateProjectCommand
        {
            Name = "Test Project",
            Key = "TEST"
        });

        // Assert
        var auditLogs = await Context.AuditLogs
            .IgnoreQueryFilters() // Bypass filter to check actual data
            .Where(a => a.EntityId == projectId)
            .ToListAsync();

        Assert.All(auditLogs, log => Assert.Equal(tenantId, log.TenantId));
    }

    [Fact]
    public async Task DirectDatabaseQuery_ShouldRespectGlobalQueryFilter()
    {
        // Arrange
        var tenant1Id = Guid.NewGuid();
        var tenant2Id = Guid.NewGuid();

        // Create logs for both tenants (using IgnoreQueryFilters)
        await Context.AuditLogs.AddAsync(new AuditLog { Id = Guid.NewGuid(), TenantId = tenant1Id, /* ... */ });
        await Context.AuditLogs.AddAsync(new AuditLog { Id = Guid.NewGuid(), TenantId = tenant2Id, /* ... */ });
        await Context.SaveChangesAsync();

        // Act - Set current tenant to tenant1
        SetCurrentTenant(tenant1Id);
        var logs = await Context.AuditLogs.ToListAsync();

        // Assert - Should only see tenant1 logs
        Assert.All(logs, log => Assert.Equal(tenant1Id, log.TenantId));
    }

    [Fact]
    public async Task BypassFilter_ShouldWorkWithIgnoreQueryFilters()
    {
        // For admin/system operations that need to see all tenants
        var allLogs = await Context.AuditLogs
            .IgnoreQueryFilters()
            .ToListAsync();

        Assert.True(allLogs.Count > 0);
    }
}

Security Test Cases:

  1. Cross-tenant read blocked
  2. TenantId automatically set on creation
  3. Global query filter applied
  4. IgnoreQueryFilters works for admin operations
  5. Repository explicit filtering works

Technical Notes

  • Use IgnoreQueryFilters() for admin/system operations only
  • Always combine global filter with explicit TenantId checks (defense-in-depth)
  • Test with real database, not in-memory (to verify SQL generation)
  • Run security tests in CI/CD pipeline

Created: 2025-11-05 by Backend Agent