cannamanage

pplate/cannamanage

Fork 0

Commit Graph

Author	SHA1	Message	Date
Patrick Plate	302b7da8ca	docs: add frontend UI shopping list PDF + OpenPDF/CSV deps in service POM - Added OpenPDF 2.0.4 and Commons CSV 1.11.0 dependencies (Phase 4 prep) - Generated frontend framework evaluation PDF with ranked templates and live demo links	2026-06-11 18:25:10 +02:00
Patrick Plate	55d8434f35	feat(sprint-3): Phase 1 — staff permissions + token revocation - StaffPermission enum (8 granular permissions) - StaffAccount JPA entity with permissions collection - RevokedToken entity for JWT blacklisting - Flyway V3 migration (staff_accounts, staff_account_permissions, revoked_tokens) - StaffAccountRepository + RevokedTokenRepository - TokenRevocationService with Caffeine cache (60s TTL, 10k max) - StaffPermissionChecker SpEL bean (@staffPermissions.has) - PreventionOfficerChecker SpEL bean (@preventionOfficer.check) - JwtService: added jti claim + generateStaffAccessToken + extractJti/extractPermissions - JwtAuthFilter: token blacklist check via TokenRevocationService - SecurityConfig: STAFF role added to endpoint matchers - Controllers updated with @PreAuthorize for fine-grained access - TokenCleanupScheduler (daily 03:00 cleanup of expired revoked tokens) - Caffeine dependency added to cannamanage-service - Unit tests: StaffPermissionCheckerTest (7), TokenRevocationServiceTest (9)	2026-06-11 16:45:21 +02:00
Patrick Plate	2ede872d11	feat: Sprint 2 REST API layer — full implementation - Fix critical Hibernate @Filter activation bug (TenantFilterAspect) - Rename UserRole.ROLE_MANAGER → ROLE_STAFF (future-proofing) - SecurityConfig: ADMIN + MEMBER roles only for Sprint 2 - AuthController: POST /auth/login + POST /auth/refresh with JWT - AuthService: login, refresh token rotation, hashed refresh storage - MemberController: CRUD (GET/POST/PUT /members) - DistributionController: list + record distributions (CanG §26) - StockController: batch management (GET/POST /stock/batches) - ComplianceController: quota check (GET /compliance/quota/{id}) - OpenAPI/Swagger config with bearer-jwt security scheme - GlobalExceptionHandler: full RFC 9457 problem+json coverage - UserRepository: findByEmail, findByEmailAndTenantId - Flyway V2: role rename migration + login indexes - Testcontainers + test profile infrastructure (integration tests deferred) - Parent POM: Testcontainers BOM, entity scan via properties Controllers use validated DTOs (Jakarta Bean Validation records). Compliance checks run before distribution recording. Tenant filter AOP aspect ensures multi-tenant data isolation.	2026-06-11 12:05:52 +02:00

Author

SHA1

Message

Date

Patrick Plate

302b7da8ca

docs: add frontend UI shopping list PDF + OpenPDF/CSV deps in service POM

- Added OpenPDF 2.0.4 and Commons CSV 1.11.0 dependencies (Phase 4 prep)
- Generated frontend framework evaluation PDF with ranked templates and live demo links

2026-06-11 18:25:10 +02:00

Patrick Plate

55d8434f35

feat(sprint-3): Phase 1 — staff permissions + token revocation

- StaffPermission enum (8 granular permissions)
- StaffAccount JPA entity with permissions collection
- RevokedToken entity for JWT blacklisting
- Flyway V3 migration (staff_accounts, staff_account_permissions, revoked_tokens)
- StaffAccountRepository + RevokedTokenRepository
- TokenRevocationService with Caffeine cache (60s TTL, 10k max)
- StaffPermissionChecker SpEL bean (@staffPermissions.has)
- PreventionOfficerChecker SpEL bean (@preventionOfficer.check)
- JwtService: added jti claim + generateStaffAccessToken + extractJti/extractPermissions
- JwtAuthFilter: token blacklist check via TokenRevocationService
- SecurityConfig: STAFF role added to endpoint matchers
- Controllers updated with @PreAuthorize for fine-grained access
- TokenCleanupScheduler (daily 03:00 cleanup of expired revoked tokens)
- Caffeine dependency added to cannamanage-service
- Unit tests: StaffPermissionCheckerTest (7), TokenRevocationServiceTest (9)

2026-06-11 16:45:21 +02:00

Patrick Plate

2ede872d11

feat: Sprint 2 REST API layer — full implementation

- Fix critical Hibernate @Filter activation bug (TenantFilterAspect)
- Rename UserRole.ROLE_MANAGER → ROLE_STAFF (future-proofing)
- SecurityConfig: ADMIN + MEMBER roles only for Sprint 2
- AuthController: POST /auth/login + POST /auth/refresh with JWT
- AuthService: login, refresh token rotation, hashed refresh storage
- MemberController: CRUD (GET/POST/PUT /members)
- DistributionController: list + record distributions (CanG §26)
- StockController: batch management (GET/POST /stock/batches)
- ComplianceController: quota check (GET /compliance/quota/{id})
- OpenAPI/Swagger config with bearer-jwt security scheme
- GlobalExceptionHandler: full RFC 9457 problem+json coverage
- UserRepository: findByEmail, findByEmailAndTenantId
- Flyway V2: role rename migration + login indexes
- Testcontainers + test profile infrastructure (integration tests deferred)
- Parent POM: Testcontainers BOM, entity scan via properties

Controllers use validated DTOs (Jakarta Bean Validation records).
Compliance checks run before distribution recording.
Tenant filter AOP aspect ensures multi-tenant data isolation.

2026-06-11 12:05:52 +02:00

3 Commits