Class UsersController

Namespace: KadicAuth.Api.Controllers

Assembly: KadicAuth.Api.dll

[ApiController]
[Route("api/[controller]")]
public class UsersController : ControllerBase

Inheritance: object

ControllerBase

UsersController

Constructors

UsersController(IMediator, ILogger<UsersController>, ICurrentUser, IPermissionService, ITenantIdContext, IStringLocalizer<AuthMessages>)

public UsersController(IMediator mediator, ILogger<UsersController> logger, ICurrentUser currentUser, IPermissionService permissionService, ITenantIdContext tenantIdContext, IStringLocalizer<AuthMessages> localizer)

Parameters

mediator IMediator
logger ILogger<UsersController>
currentUser ICurrentUser
permissionService IPermissionService
tenantIdContext ITenantIdContext
localizer IStringLocalizer<AuthMessages>

Methods

ActivateUser(Guid, CancellationToken)

Activate a user

[HttpPatch("{userId:guid}/activate")]
[Authorize(Policy = "AUTH_USERS_ACTIVATE")]
[ProducesResponseType(200)]
[ProducesResponseType(typeof(Error), 400)]
[ProducesResponseType(typeof(Error), 404)]
[ProducesResponseType(typeof(Error), 409)]
public Task<ActionResult> ActivateUser(Guid userId, CancellationToken cancellationToken)

Parameters

userId Guid
cancellationToken CancellationToken

Returns

Task<ActionResult>

AssignBranches(Guid, AssignBranchesRequest, CancellationToken)

Vincula el usuario como ADMIN a las sucursales indicadas. Si branchIds es null o vacío, se asigna a TODAS las sucursales activas del tenant. El rol ADMIN se resuelve por Code="ADMIN"; si no existe en el tenant, se crea automáticamente y se le asignan TODOS los permisos del sistema.

[HttpPut("{userId:guid}/branches")]
[Authorize(Policy = "AUTH_USERS_ASSIGN_BRANCHES")]
[ProducesResponseType(200)]
[ProducesResponseType(typeof(Error), 400)]
[ProducesResponseType(typeof(Error), 404)]
public Task<ActionResult> AssignBranches(Guid userId, AssignBranchesRequest request, CancellationToken cancellationToken)

Parameters

userId Guid
request AssignBranchesRequest
cancellationToken CancellationToken

Returns

Task<ActionResult>

ChangePassword(Guid, ChangePasswordDto, CancellationToken)

Change user password

[HttpPost("{userId:guid}/change-password")]
[ProducesResponseType(200)]
[ProducesResponseType(typeof(Error), 400)]
public Task<ActionResult> ChangePassword(Guid userId, ChangePasswordDto request, CancellationToken cancellationToken)

Parameters

userId Guid
request ChangePasswordDto
cancellationToken CancellationToken

Returns

Task<ActionResult>

CreateUser(CreateUserDto, CancellationToken)

Create a new user (with tenant and roles)

[HttpPost]
[Authorize(Policy = "AUTH_USERS_CREATE")]
[ProducesResponseType(typeof(Result<Guid>), 201)]
[ProducesResponseType(typeof(Result), 400)]
[ProducesResponseType(typeof(Result), 409)]
public Task<ActionResult> CreateUser(CreateUserDto request, CancellationToken cancellationToken)

Parameters

request CreateUserDto
cancellationToken CancellationToken

Returns

Task<ActionResult>

CreateUserWithRoles(CreateUserWithRolesRequest, CancellationToken)

Create user and optionally assign roles in one request.

[HttpPost("with-roles")]
[Authorize(Policy = "AUTH_USERS_CREATE")]
[ProducesResponseType(typeof(Result<Guid>), 201)]
[ProducesResponseType(typeof(Result), 400)]
[ProducesResponseType(typeof(Result), 409)]
public Task<ActionResult> CreateUserWithRoles(CreateUserWithRolesRequest request, CancellationToken cancellationToken)

Parameters

request CreateUserWithRolesRequest
cancellationToken CancellationToken

Returns

Task<ActionResult>

DeactivateUser(Guid, CancellationToken)

Deactivate a user

[HttpPatch("{userId:guid}/deactivate")]
[Authorize(Policy = "AUTH_USERS_DEACTIVATE")]
[ProducesResponseType(200)]
[ProducesResponseType(typeof(Error), 400)]
[ProducesResponseType(typeof(Error), 404)]
[ProducesResponseType(typeof(Error), 409)]
public Task<ActionResult> DeactivateUser(Guid userId, CancellationToken cancellationToken)

Parameters

userId Guid
cancellationToken CancellationToken

Returns

Task<ActionResult>

GetMyPermissions(CancellationToken)

Returns the effective permission codes of the current authenticated user. For normal users this is the deduplicated union of the permissions of every role attached to their primary branch. For users with an ACTIVE grant in Auth.PlatformAdmins, this returns the complete catalog of permission codes so the frontend (which hides buttons and routes based on hasPermission()) treats them as fully privileged.

The UI should call this once right after login and whenever the token is refreshed.

[HttpGet("me/permissions")]
[Authorize]
[ProducesResponseType(typeof(IReadOnlyCollection<string>), 200)]
public Task<ActionResult<IReadOnlyCollection<string>>> GetMyPermissions(CancellationToken cancellationToken)

Parameters

cancellationToken CancellationToken

Returns

Task<ActionResult<IReadOnlyCollection<string>>>

GetUserById(Guid, CancellationToken)

Get user by ID

[HttpGet("{id:guid}")]
[Authorize(Policy = "AUTH_USERS_VIEW")]
[ProducesResponseType(typeof(UserDto), 200)]
[ProducesResponseType(typeof(Error), 404)]
[ProducesResponseType(typeof(Error), 400)]
public Task<ActionResult> GetUserById(Guid id, CancellationToken cancellationToken)

Parameters

id Guid
cancellationToken CancellationToken

Returns

Task<ActionResult>

GetUsers(PaginatorRequestDto, Guid?, CancellationToken)

Get all users with pagination, optionally filtered by tenant branch

[HttpGet]
[Authorize(Policy = "AUTH_USERS_VIEW")]
[ProducesResponseType(typeof(PaginatorResponseDto<UserDto>), 200)]
[ProducesResponseType(typeof(Error), 400)]
public Task<ActionResult> GetUsers(PaginatorRequestDto paginatorRequest, Guid? tenantBranchId = null, CancellationToken cancellationToken = default)

Parameters

paginatorRequest PaginatorRequestDto
tenantBranchId Guid?
cancellationToken CancellationToken

Returns

Task<ActionResult>

UpdateUser(Guid, UpdateUserDto, CancellationToken)

Update an existing user (profile, tenant branch, and roles)

[HttpPut("{id:guid}")]
[Authorize(Policy = "AUTH_USERS_UPDATE")]
[ProducesResponseType(200)]
[ProducesResponseType(typeof(Error), 400)]
[ProducesResponseType(typeof(Error), 404)]
[ProducesResponseType(typeof(Error), 409)]
public Task<ActionResult> UpdateUser(Guid id, UpdateUserDto request, CancellationToken cancellationToken)

Parameters

id Guid
request UpdateUserDto
cancellationToken CancellationToken

Returns

Task<ActionResult>

Table of Contents

Class UsersController

Constructors

UsersController(IMediator, ILogger<UsersController>, ICurrentUser, IPermissionService, ITenantIdContext, IStringLocalizer<AuthMessages>)

Parameters

Methods

ActivateUser(Guid, CancellationToken)

Parameters

Returns

AssignBranches(Guid, AssignBranchesRequest, CancellationToken)

Parameters

Returns

ChangePassword(Guid, ChangePasswordDto, CancellationToken)

Parameters

Returns

CreateUser(CreateUserDto, CancellationToken)

Parameters

Returns

CreateUserWithRoles(CreateUserWithRolesRequest, CancellationToken)

Parameters

Returns

DeactivateUser(Guid, CancellationToken)

Parameters

Returns

GetMyPermissions(CancellationToken)

Parameters

Returns

GetUserById(Guid, CancellationToken)

Parameters

Returns

GetUsers(PaginatorRequestDto, Guid?, CancellationToken)

Parameters

Returns

UpdateUser(Guid, UpdateUserDto, CancellationToken)

Parameters

Returns