Teamup

soroushdes/Teamup

Fork 0

Commit Graph

Author	SHA1	Message	Date
soroush.asadi	e1911f58b1	M1: OrgBoard — organizations, teams, seats, the board & cartable OrgBoard module (references SharedKernel only; RBAC via ICurrentUser/IPermissionService): - Organization, Team, Seat (human/open/ai), WorkItem (board task: type, status, assignee, parent) entities; internal OrgBoardDbContext (schema "orgboard") + InitialOrgBoard migration; design-time factory. (WorkItem avoids the System.Threading.Tasks.Task clash.) - Endpoints under /api/orgboard, every mutation permission-checked at the scope chain [team, org]: POST /organizations, POST/GET /teams, POST /tasks, GET /board (columns backlog->in progress->in review->done), PATCH /tasks/{id}/move, /assign, GET /cartable. Test isolation: integration tests now use IClassFixture so each class gets its own pgvector container (the bootstrap-once rule made a shared container collide). Verified: build green; ArchitectureTests 8/8 (OrgBoard references only SharedKernel); IntegrationTests 12/12 incl. a new board flow — owner sets up org+team, creates/moves/ assigns a task, sees it on the board and in the cartable; an invited Member can view the board but is 403'd from creating a team. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-09 11:58:20 +03:30
soroush.asadi	61991bf6cd	M1: Identity & access — members, RBAC, JWT auth, invitations Adds the access foundation everything else enforces against. SharedKernel (shared access contracts, no Identity dependency for consumers): - ScopeRef/ScopeType, RoleType, Capability, AccessPolicy (role x capability matrix), ICurrentUser, IPermissionService (scope-chain evaluation). Identity module: - Member, Membership, Invitation entities; internal IdentityDbContext (schema "identity") + InitialIdentity migration; design-time factory. - JWT auth (HS256) issuing membership claims; PasswordHasher<Member>; CurrentUser (claims -> ICurrentUser) and PermissionService implementations. - Public IMemberDirectory contract for other modules to resolve member display info. - Endpoints: POST /bootstrap (first owner), /auth/login, GET /me, POST /invitations, POST /invitations/accept. Owner-only actions enforced via IPermissionService. - Web host wires UseAuthentication/UseAuthorization and string-enum JSON. Verified: build green; ArchitectureTests 8/8 (Identity references only SharedKernel); IntegrationTests 11/11 incl. a new end-to-end flow — bootstrap -> login -> /me -> invite -> accept -> login as invitee, and a Member is 403'd from inviting. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-09 07:59:57 +03:30

Author

SHA1

Message

Date

soroush.asadi

e1911f58b1

M1: OrgBoard — organizations, teams, seats, the board & cartable

OrgBoard module (references SharedKernel only; RBAC via ICurrentUser/IPermissionService):
- Organization, Team, Seat (human/open/ai), WorkItem (board task: type, status, assignee,
  parent) entities; internal OrgBoardDbContext (schema "orgboard") + InitialOrgBoard
  migration; design-time factory. (WorkItem avoids the System.Threading.Tasks.Task clash.)
- Endpoints under /api/orgboard, every mutation permission-checked at the scope chain
  [team, org]: POST /organizations, POST/GET /teams, POST /tasks, GET /board (columns
  backlog->in progress->in review->done), PATCH /tasks/{id}/move, /assign, GET /cartable.

Test isolation: integration tests now use IClassFixture so each class gets its own
pgvector container (the bootstrap-once rule made a shared container collide).

Verified: build green; ArchitectureTests 8/8 (OrgBoard references only SharedKernel);
IntegrationTests 12/12 incl. a new board flow — owner sets up org+team, creates/moves/
assigns a task, sees it on the board and in the cartable; an invited Member can view the
board but is 403'd from creating a team.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-09 11:58:20 +03:30

soroush.asadi

61991bf6cd

M1: Identity & access — members, RBAC, JWT auth, invitations

Adds the access foundation everything else enforces against.

SharedKernel (shared access contracts, no Identity dependency for consumers):
- ScopeRef/ScopeType, RoleType, Capability, AccessPolicy (role x capability matrix),
  ICurrentUser, IPermissionService (scope-chain evaluation).

Identity module:
- Member, Membership, Invitation entities; internal IdentityDbContext (schema
  "identity") + InitialIdentity migration; design-time factory.
- JWT auth (HS256) issuing membership claims; PasswordHasher<Member>; CurrentUser
  (claims -> ICurrentUser) and PermissionService implementations.
- Public IMemberDirectory contract for other modules to resolve member display info.
- Endpoints: POST /bootstrap (first owner), /auth/login, GET /me, POST /invitations,
  POST /invitations/accept. Owner-only actions enforced via IPermissionService.
- Web host wires UseAuthentication/UseAuthorization and string-enum JSON.

Verified: build green; ArchitectureTests 8/8 (Identity references only SharedKernel);
IntegrationTests 11/11 incl. a new end-to-end flow — bootstrap -> login -> /me ->
invite -> accept -> login as invitee, and a Member is 403'd from inviting.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-09 07:59:57 +03:30

2 Commits