admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): add DEVELOPER + PARK_OPERATOR roles with owner scoping (B2B accounts)
Some checks failed
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 16s
Details
CI / E2E Tests (push) Has been skipped
Details
CodeQL Analysis / CodeQL (javascript-typescript) (push) Failing after 50s
Details
Deploy / Build API Image (push) Failing after 25s
Details
Deploy / Build Web Image (push) Failing after 11s
Details
Deploy / Build AI Services Image (push) Failing after 10s
Details
E2E Tests / Playwright E2E (push) Failing after 12s
Details
Security Scanning / Dependency Audit (pnpm) (push) Failing after 4s
Details
Security Scanning / Trivy Scan — API Image (push) Failing after 1m16s
Details
Security Scanning / Trivy Scan — Web Image (push) Failing after 1m2s
Details
Security Scanning / Trivy Scan — AI Services Image (push) Failing after 50s
Details
Security Scanning / Trivy Filesystem Scan (push) Failing after 38s
Details
Deploy / Deploy to Staging (push) Has been skipped
Details
Deploy / Smoke Test Staging (push) Has been skipped
Details
Deploy / Deploy to Production (push) Has been skipped
Details
Deploy / Smoke Test Production (push) Has been skipped
Details
Security Scanning / Security Gate (push) Failing after 0s
Details
Deploy / Rollback Production (push) Has been skipped
Details
Deploy / Rollback Staging (push) Failing after 10m50s
Details

Browse Source 
Two new B2B roles for CĐT (project developers) and KCN operators, provisioned by
admin. Each account owns a subset of ProjectDevelopment / IndustrialPark records
and can CRUD them from the dashboard; admin retains full access.

Phase 1 — Schema
- Extend UserRole enum with DEVELOPER + PARK_OPERATOR (before ADMIN)
- ProjectDevelopment.ownerId FK (User, ON DELETE SET NULL) + index
- IndustrialPark.ownerId FK + index
- Migration 20260420030000

Phase 2a — Backend authorization
- CreateProjectCommand + CreateIndustrialParkCommand accept ownerId; controllers
  auto-set it to the caller's user id when role=DEVELOPER / PARK_OPERATOR
- Update + Delete commands gain (requesterUserId, requesterRole) and enforce
  ADMIN-or-owner via ForbiddenException; reassigning ownerId is admin-only
- Search params gain optional ownerId filter wired through Prisma repos
- New endpoints: GET /projects/mine/list, GET /industrial/parks/mine/list
- user-rate-limit guard: add DEVELOPER + PARK_OPERATOR entries (300/window)

Phase 2b — Admin provision
- ProvisionDeveloperCommand/Handler: create user (role=DEVELOPER), pre-validate
  target projects have no existing owner, batch-assign ownerId
- ProvisionParkOperatorCommand/Handler: same for PARK_OPERATOR + IndustrialPark
- POST /admin/accounts/developers, POST /admin/accounts/park-operators (admin-only)
- DTOs with phone/password/fullName/email + optional {project,park}Ids[]

Phase 2c — Project stats for developer dashboard
- GetProjectStatsQuery + handler: aggregates linkedListingCount, activeListingCount,
  totalInquiries, unreadInquiries, savedByUsers via Property → Listing → Inquiry chain
- GET /projects/:id/stats — admin sees all, DEVELOPER only their own (403 otherwise)

Phase 3 — Frontend
- Dashboard layout role-aware: DEVELOPER sees "Dự án của tôi" + CRM + Profile (hides
  listings/analytics/subscription); PARK_OPERATOR sees "KCN của tôi" equivalent
- /projects dashboard page switches to duAnApi.searchMine() when role=DEVELOPER
- /industrial-parks page switches to industrialApi.searchMine() when role=PARK_OPERATOR
- Admin nav gains "Tài khoản CĐT" + "Tài khoản KCN" entries
- New pages /admin/accounts/developers + /admin/accounts/park-operators with
  checkbox-based multi-select for linking entities
- adminApi.provisionDeveloper + provisionParkOperator + types
- duAnApi.searchMine + getStats; industrialApi.searchMine
- Login demo accounts list includes CĐT Vingroup + KCN VSIP

Phase 4 — Seed (prisma/seed-b2b-accounts.ts)
- DEVELOPER "CĐT Vingroup" (+84912000001) owns 4 projects
- DEVELOPER "CĐT Masterise Homes" (+84912000003) owns 2 projects
- PARK_OPERATOR "Vận hành KCN VSIP" (+84912000002) owns 2 seeded KCN
- Password Velik@2026 for all

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Ho Ngoc Hai
2026-04-20 22:12:16 +07:00
parent dd3ad4aeca
commit 33a5ff407b
51 changed files with 1727 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/web/app/[locale]/(dashboard)/projects/page.tsx
View File

@@ -10,6 +10,7 @@ import { Button } from '@/components/ui/button';
import { Card, CardContent } from '@/components/ui/card';
import { Input } from '@/components/ui/input';
import { Select } from '@/components/ui/select';
import { useAuthStore } from '@/lib/auth-store';
import { formatPrice } from '@/lib/currency';
import {
duAnApi,
@@ -36,6 +37,8 @@ const INITIAL_FILTERS = {
export default function ProjectsAdminPage() {
const [filters, setFilters] = React.useState(INITIAL_FILTERS);
const role = useAuthStore((s) => s.user?.role);
const isDeveloper = role === 'DEVELOPER';
const queryParams = React.useMemo<SearchProjectsParams>(() => {
const params: SearchProjectsParams = { page: filters.page, limit: 12 };
@@ -46,8 +49,9 @@ export default function ProjectsAdminPage() {
}, [filters]);
const { data: result, isLoading } = useQuery({
queryKey: ['admin-projects', queryParams],
queryFn: () => duAnApi.search(queryParams),
queryKey: ['admin-projects', { mine: isDeveloper, ...queryParams }],
// DEVELOPER sees only their own projects; ADMIN sees all.
queryFn: () => (isDeveloper ? duAnApi.searchMine(queryParams) : duAnApi.search(queryParams)),
staleTime: 30_000,
});