Skip to content

STATUS.md

Latest commit

 

History

History
60 lines (52 loc) · 2.25 KB

STATUS.md

File metadata and controls

60 lines (52 loc) · 2.25 KB

OmniDesk — Current Status (Snapshot)

Date: 2026-01-22

What is working

  • API builds and runs with:
    • Swagger
    • Serilog request logging
    • /health
  • EF Core migrations created and applied
  • Identity + JWT auth:
    • POST /auth/register
    • POST /auth/login
    • GET /auth/me
  • Multi-tenancy foundation:
    • Tenant resolved from X-Org-Id header into TenantContext
  • Org + Membership:
    • POST /orgs creates org and creator is Owner
    • GET /orgs lists orgs for current user
  • Org Members controller:
    • GET /orgs/{orgId}/members (Admin+)
    • PATCH /orgs/{orgId}/members/{userId} (Owner only)
  • Integration testing infrastructure:
    • Testcontainers PostgreSQL (self-contained)
    • EF migrations applied automatically in fixture
    • Respawn reset between tests

Current test status

  • Most tests pass.
  • Two tests currently fail because expected 400, but API returns 403:
    • Missing tenant header
    • Mismatched route orgId vs header orgId

Why it happens

Authorization (policy checks) runs before MVC action filters. If tenant header is missing/mismatched, the RBAC policy fails first and returns 403.

Options to fix later

  1. Update tests to accept 403 (current behavior).
  2. Improve pipeline to return 400 for tenant issues by moving validation earlier:
    • Implement tenant requirement as IAsyncAuthorizationFilter or a custom AuthorizationRequirement that checks tenant header and route orgId match.
    • Or add middleware after TenantResolutionMiddleware and before Authorization to validate route/header match for specific route patterns.

Known warnings

  • FluentAssertions prints a license warning (Xceed). Consider replacing with:
    • xUnit Assert.* or
    • another assertion lib without commercial warning.

Next tasks (recommended order)

  1. Decide how to handle tenant header errors (keep 403 vs change to 400) and adjust tests accordingly.
  2. Start Phase 2: Helpdesk module (Tickets/Categories/Comments) + tenant query filters + RBAC rules.
  3. Add pagination/filtering conventions + DTOs for tickets.
  4. Add audit logs later.

How to resume quickly

  • Run tests:
    • dotnet test
  • Run API:
    • dotnet run --project src/OmniDesk.Api
  • Local DB migrations:
    • dotnet ef database update --project src/OmniDesk.Infrastructure --startup-project src/OmniDesk.Api