meezi

soroushdes/meezi

Fork 0

Commit Graph

Author	SHA1	Message	Date
soroush.asadi	bab3453e41	fix(auth): read role claim under mapped name so Owner/Manager gates work CI/CD / CI · API (dotnet build + test) (push) Successful in 43s Details CI/CD / CI · Admin API (dotnet build) (push) Successful in 32s Details CI/CD / CI · Dashboard (tsc) (push) Successful in 1m4s Details CI/CD / CI · Admin Web (tsc) (push) Successful in 36s Details CI/CD / CI · Website (tsc) (push) Successful in 45s Details CI/CD / CI · Koja (tsc) (push) Successful in 49s Details CI/CD / Deploy · all services (push) Successful in 1m27s Details ROOT CAUSE of demo-seed/billing/etc. returning 403 for real owners: .NET's JWT handler remaps the short "role" claim to ClaimTypes.Role on inbound, so TenantMiddleware's FindFirst("role") returned null and tenant.Role (EmployeeRole?) stayed null. EnsureManager/EnsureOwner then rejected even a valid Owner token with MANAGER_REQUIRED / OWNER_REQUIRED, while reads (no role gate) worked and [Authorize(Roles=...)] worked (it reads the remapped claim). Now reads the role under both MeeziClaimTypes.Role ("role") and ClaimTypes.Role. Same fix applied to the AuthController whoami role. Fixes demo seed, subscription billing, and every other tenant.Role-gated action. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 11:18:10 +03:30
soroush.asadi	ef15fd6247	feat(api): .NET 10 multi-tenant REST API Full backend implementation: - Multi-tenant cafe/restaurant management (menus, orders, tables, staff) - POS order flow with ZarinPal and Snappfood payment integration - OTP authentication via Kavenegar SMS - QR digital menu with public discover/finder endpoints - Customer loyalty, coupons, CRM - PostgreSQL via EF Core, Redis for caching/sessions - Background jobs, webhook handlers - Full migration history Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-05-27 21:33:48 +03:30

Author

SHA1

Message

Date

soroush.asadi

bab3453e41

fix(auth): read role claim under mapped name so Owner/Manager gates work

CI/CD / CI · API (dotnet build + test) (push) Successful in 43s

Details

CI/CD / CI · Admin API (dotnet build) (push) Successful in 32s

Details

CI/CD / CI · Dashboard (tsc) (push) Successful in 1m4s

Details

CI/CD / CI · Admin Web (tsc) (push) Successful in 36s

Details

CI/CD / CI · Website (tsc) (push) Successful in 45s

Details

CI/CD / CI · Koja (tsc) (push) Successful in 49s

Details

CI/CD / Deploy · all services (push) Successful in 1m27s

Details

ROOT CAUSE of demo-seed/billing/etc. returning 403 for real owners: .NET's JWT
handler remaps the short "role" claim to ClaimTypes.Role on inbound, so
TenantMiddleware's FindFirst("role") returned null and tenant.Role (EmployeeRole?)
stayed null. EnsureManager/EnsureOwner then rejected even a valid Owner token with
MANAGER_REQUIRED / OWNER_REQUIRED, while reads (no role gate) worked and
[Authorize(Roles=...)] worked (it reads the remapped claim). Now reads the role
under both MeeziClaimTypes.Role ("role") and ClaimTypes.Role. Same fix applied to
the AuthController whoami role. Fixes demo seed, subscription billing, and every
other tenant.Role-gated action.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-02 11:18:10 +03:30

soroush.asadi

ef15fd6247

feat(api): .NET 10 multi-tenant REST API

Full backend implementation:
- Multi-tenant cafe/restaurant management (menus, orders, tables, staff)
- POS order flow with ZarinPal and Snappfood payment integration
- OTP authentication via Kavenegar SMS
- QR digital menu with public discover/finder endpoints
- Customer loyalty, coupons, CRM
- PostgreSQL via EF Core, Redis for caching/sessions
- Background jobs, webhook handlers
- Full migration history

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-05-27 21:33:48 +03:30

2 Commits