nns/food-market
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(auth): SuperAdmin платформы без OrganizationId + отдельный Admin для Demo Market
Some checks are pending
CI / POS (WPF, Windows) (push) Waiting to run
Details
CI / Backend (.NET 8) (push) Successful in 1m8s
Details
CI / Web (React + Vite) (push) Successful in 41s
Details
Docker API / Build + push API (push) Successful in 1m8s
Details
Docker API / Deploy API on stage (push) Successful in 18s
Details

Browse source 
admin@food-market.local → SuperAdmin (OrganizationId=null, видит все орги)
admin@demo-market.local → Admin Demo Market (новый, для тестов орг-уровня)
Idempotent-фикс для существующих БД: исправляет роль и чистит OrganizationId.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
nurdotnet 2026-04-28 10:12:54 +05:00
parent c0824518ab
commit f61d8bc178
1 changed files with 47 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
src/food-market.api/Seed/DevDataSeeder.cs
View file

@ -63,36 +63,63 @@ public async Task StartAsync(CancellationToken ct)
await SeedTenantReferencesAsync(db, demoOrg.Id, ct);
const string adminEmail = "admin@food-market.local";
var admin = await userMgr.FindByEmailAsync(adminEmail);
if (admin is null)
// SuperAdmin платформы — без OrganizationId, видит все организации
const string superAdminEmail = "admin@food-market.local";
var superAdmin = await userMgr.FindByEmailAsync(superAdminEmail);
if (superAdmin is null)
{
admin = new User
superAdmin = new User
{
UserName = adminEmail,
Email = adminEmail,
UserName = superAdminEmail,
Email = superAdminEmail,
EmailConfirmed = true,
FullName = "System Admin",
OrganizationId = demoOrg.Id,
FullName = "Platform SuperAdmin",
OrganizationId = null,
};
var result = await userMgr.CreateAsync(admin, "Admin12345!");
var result = await userMgr.CreateAsync(superAdmin, "Admin12345!");
if (result.Succeeded)
{
// Только SuperAdmin как Identity-роль. «Администратор» —
// организационная роль внутри Employee, не Identity.
await userMgr.AddToRoleAsync(admin, SystemRoles.SuperAdmin);
}
await userMgr.AddToRoleAsync(superAdmin, SystemRoles.SuperAdmin);
}
else
{
if (!await userMgr.IsInRoleAsync(admin, SystemRoles.SuperAdmin))
await userMgr.AddToRoleAsync(admin, SystemRoles.SuperAdmin);
// Чистим дублирующую Identity-роль Admin (если оставалась с прошлых сидов).
if (await userMgr.IsInRoleAsync(admin, SystemRoles.Admin))
await userMgr.RemoveFromRoleAsync(admin, SystemRoles.Admin);
// Исправляем старую БД: убираем OrganizationId и пересаживаем на SuperAdmin
if (superAdmin.OrganizationId is not null)
{
superAdmin.OrganizationId = null;
await userMgr.UpdateAsync(superAdmin);
}
var roles = await userMgr.GetRolesAsync(superAdmin);
if (!roles.Contains(SystemRoles.SuperAdmin))
{
await userMgr.RemoveFromRolesAsync(superAdmin, roles);
await userMgr.AddToRoleAsync(superAdmin, SystemRoles.SuperAdmin);
}
}
await SeedAdminEmployeeAsync(db, demoOrg.Id, admin?.Id, ct);
// Admin демо-организации — владелец/директор Demo Market
const string demoAdminEmail = "admin@demo-market.local";
var demoAdmin = await userMgr.FindByEmailAsync(demoAdminEmail);
if (demoAdmin is null)
{
demoAdmin = new User
{
UserName = demoAdminEmail,
Email = demoAdminEmail,
EmailConfirmed = true,
FullName = "Demo Market Admin",
OrganizationId = demoOrg.Id,
};
var result = await userMgr.CreateAsync(demoAdmin, "Admin12345!");
if (result.Succeeded)
await userMgr.AddToRoleAsync(demoAdmin, SystemRoles.Admin);
}
else
{
if (!await userMgr.IsInRoleAsync(demoAdmin, SystemRoles.Admin))
await userMgr.AddToRoleAsync(demoAdmin, SystemRoles.Admin);
}
await SeedAdminEmployeeAsync(db, demoOrg.Id, superAdmin?.Id, ct);
// Глобальные SystemSettings — single-row. Сидируем дефолт 30 дней
// retention если ещё нет записи.