rckrdmrd/erp-core
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
main
erp-core/docs/01-fase-foundation/MGN-003-roles/implementacion/TRACEABILITY.yml

489 lines
14 KiB
YAML
Raw Permalink Blame History

# TRACEABILITY.yml - MGN-003: Roles y Permisos
# Matriz de trazabilidad: Documentacion -> Codigo
# Ubicacion: docs/01-fase-foundation/MGN-003-roles/implementacion/
epic_code: MGN-003
epic_name: Roles y Permisos
phase: 1
phase_name: Foundation
story_points: 40
status: documented
# =============================================================================
# DOCUMENTACION
# =============================================================================
documentation:
requirements:
- id: RF-ROLE-001
file: ../requerimientos/RF-ROLE-001.md
title: Gestion de Roles
priority: P0
status: migrated
description: |
CRUD de roles con nombre, descripcion y estado.
Roles de sistema vs roles personalizados.
- id: RF-ROLE-002
file: ../requerimientos/RF-ROLE-002.md
title: Gestion de Permisos
priority: P0
status: migrated
description: |
Definicion de permisos granulares: module:action:resource.
Asignacion de permisos a roles.
- id: RF-ROLE-003
file: ../requerimientos/RF-ROLE-003.md
title: Asignacion Usuario-Rol
priority: P0
status: migrated
description: |
Asignar uno o mas roles a usuarios.
Un usuario hereda todos los permisos de sus roles.
- id: RF-ROLE-004
file: ../requerimientos/RF-ROLE-004.md
title: Verificacion de Permisos
priority: P0
status: migrated
description: |
Verificar en runtime si usuario tiene permiso especifico.
Guards y decoradores para proteger endpoints.
requirements_index:
file: ../requerimientos/INDICE-RF-ROLE.md
status: migrated
specifications:
- id: ET-RBAC-001
file: ../especificaciones/ET-rbac-backend.md
title: Backend RBAC
rf: [RF-ROLE-001, RF-ROLE-002, RF-ROLE-003, RF-ROLE-004]
status: migrated
- id: ET-RBAC-002
file: ../especificaciones/ET-RBAC-database.md
title: Database RBAC
rf: [RF-ROLE-001, RF-ROLE-002, RF-ROLE-003, RF-ROLE-004]
status: migrated
user_stories:
- id: US-MGN003-001
file: ../historias-usuario/US-MGN003-001.md
title: Crear Rol
rf: [RF-ROLE-001]
story_points: 5
status: migrated
- id: US-MGN003-002
file: ../historias-usuario/US-MGN003-002.md
title: Asignar Permisos a Rol
rf: [RF-ROLE-002]
story_points: 8
status: migrated
- id: US-MGN003-003
file: ../historias-usuario/US-MGN003-003.md
title: Asignar Rol a Usuario
rf: [RF-ROLE-003]
story_points: 5
status: migrated
- id: US-MGN003-004
file: ../historias-usuario/US-MGN003-004.md
title: Verificar Permiso en Endpoint
rf: [RF-ROLE-004]
story_points: 8
status: migrated
backlog:
file: ../historias-usuario/BACKLOG-MGN003.md
status: migrated
# =============================================================================
# IMPLEMENTACION
# =============================================================================
implementation:
database:
schema: core_rbac
path: apps/database/ddl/schemas/core_rbac/
tables:
- name: roles
file: apps/database/ddl/schemas/core_rbac/tables/roles.sql
rf: RF-RBAC-001
status: pending
columns:
- {name: id, type: UUID, pk: true}
- {name: tenant_id, type: UUID, fk: tenants}
- {name: name, type: VARCHAR(100)}
- {name: slug, type: VARCHAR(100)}
- {name: description, type: TEXT}
- {name: is_system, type: BOOLEAN, default: false}
- {name: is_active, type: BOOLEAN, default: true}
- {name: created_at, type: TIMESTAMPTZ}
- {name: updated_at, type: TIMESTAMPTZ}
indexes:
- {name: idx_roles_tenant_slug, unique: true}
rls_policies:
- tenant_isolation
- name: permissions
file: apps/database/ddl/schemas/core_rbac/tables/permissions.sql
rf: RF-RBAC-002
status: pending
columns:
- {name: id, type: UUID, pk: true}
- {name: module, type: VARCHAR(50)}
- {name: action, type: VARCHAR(50)}
- {name: resource, type: VARCHAR(100)}
- {name: description, type: TEXT}
- {name: created_at, type: TIMESTAMPTZ}
indexes:
- {name: idx_permissions_unique, columns: [module, action, resource], unique: true}
- name: role_permissions
file: apps/database/ddl/schemas/core_rbac/tables/role_permissions.sql
rf: RF-RBAC-002
status: pending
columns:
- {name: role_id, type: UUID, fk: roles}
- {name: permission_id, type: UUID, fk: permissions}
- {name: created_at, type: TIMESTAMPTZ}
constraints:
- {type: pk, columns: [role_id, permission_id]}
- name: user_roles
file: apps/database/ddl/schemas/core_rbac/tables/user_roles.sql
rf: RF-RBAC-003
status: pending
columns:
- {name: user_id, type: UUID, fk: users}
- {name: role_id, type: UUID, fk: roles}
- {name: assigned_at, type: TIMESTAMPTZ}
- {name: assigned_by, type: UUID, fk: users}
constraints:
- {type: pk, columns: [user_id, role_id]}
functions:
- name: user_has_permission
file: apps/database/ddl/schemas/core_rbac/functions/user_has_permission.sql
rf: RF-RBAC-004
status: pending
params: [p_user_id UUID, p_module VARCHAR, p_action VARCHAR, p_resource VARCHAR]
returns: BOOLEAN
description: Verifica si usuario tiene permiso especifico via roles
- name: get_user_permissions
file: apps/database/ddl/schemas/core_rbac/functions/get_user_permissions.sql
rf: RF-RBAC-004
status: pending
params: [p_user_id UUID]
returns: TABLE
description: Retorna todos los permisos del usuario
- name: seed_system_roles
file: apps/database/ddl/schemas/core_rbac/functions/seed_system_roles.sql
rf: RF-RBAC-005
status: pending
params: [p_tenant_id UUID]
returns: VOID
description: Crea roles de sistema para nuevo tenant
backend:
module: roles
path: apps/backend/src/modules/roles/
framework: NestJS
entities:
- name: Role
file: apps/backend/src/modules/roles/entities/role.entity.ts
rf: RF-RBAC-001
status: pending
- name: Permission
file: apps/backend/src/modules/roles/entities/permission.entity.ts
rf: RF-RBAC-002
status: pending
- name: RolePermission
file: apps/backend/src/modules/roles/entities/role-permission.entity.ts
rf: RF-RBAC-002
status: pending
- name: UserRole
file: apps/backend/src/modules/roles/entities/user-role.entity.ts
rf: RF-RBAC-003
status: pending
services:
- name: RolesService
file: apps/backend/src/modules/roles/roles.service.ts
rf: [RF-RBAC-001, RF-RBAC-005]
status: pending
methods:
- {name: create, rf: RF-RBAC-001}
- {name: findAll, rf: RF-RBAC-001}
- {name: findOne, rf: RF-RBAC-001}
- {name: update, rf: RF-RBAC-001}
- {name: remove, rf: RF-RBAC-001}
- {name: getSystemRoles, rf: RF-RBAC-005}
- name: PermissionsService
file: apps/backend/src/modules/roles/permissions.service.ts
rf: [RF-RBAC-002, RF-RBAC-004]
status: pending
methods:
- {name: findAll, rf: RF-RBAC-002}
- {name: findByModule, rf: RF-RBAC-002}
- {name: assignToRole, rf: RF-RBAC-002}
- {name: removeFromRole, rf: RF-RBAC-002}
- {name: getUserPermissions, rf: RF-RBAC-004}
- {name: hasPermission, rf: RF-RBAC-004}
- name: UserRolesService
file: apps/backend/src/modules/roles/user-roles.service.ts
rf: [RF-RBAC-003]
status: pending
methods:
- {name: assignRole, rf: RF-RBAC-003}
- {name: removeRole, rf: RF-RBAC-003}
- {name: getUserRoles, rf: RF-RBAC-003}
controllers:
- name: RolesController
file: apps/backend/src/modules/roles/roles.controller.ts
status: pending
endpoints:
- method: GET
path: /api/v1/roles
rf: RF-RBAC-001
description: Listar roles
- method: POST
path: /api/v1/roles
rf: RF-RBAC-001
description: Crear rol
- method: GET
path: /api/v1/roles/:id
rf: RF-RBAC-001
description: Obtener rol
- method: PATCH
path: /api/v1/roles/:id
rf: RF-RBAC-001
description: Actualizar rol
- method: DELETE
path: /api/v1/roles/:id
rf: RF-RBAC-001
description: Eliminar rol
- method: GET
path: /api/v1/roles/:id/permissions
rf: RF-RBAC-002
description: Permisos del rol
- method: POST
path: /api/v1/roles/:id/permissions
rf: RF-RBAC-002
description: Asignar permiso
- method: DELETE
path: /api/v1/roles/:id/permissions/:permissionId
rf: RF-RBAC-002
description: Quitar permiso
- name: PermissionsController
file: apps/backend/src/modules/roles/permissions.controller.ts
status: pending
endpoints:
- method: GET
path: /api/v1/permissions
rf: RF-RBAC-002
description: Listar permisos disponibles
- method: GET
path: /api/v1/permissions/modules
rf: RF-RBAC-002
description: Listar modulos
guards:
- name: RolesGuard
file: apps/backend/src/modules/roles/guards/roles.guard.ts
rf: RF-RBAC-004
status: pending
description: Verifica que usuario tenga rol requerido
- name: PermissionsGuard
file: apps/backend/src/modules/roles/guards/permissions.guard.ts
rf: RF-RBAC-004
status: pending
description: Verifica que usuario tenga permiso requerido
decorators:
- name: Roles
file: apps/backend/src/modules/roles/decorators/roles.decorator.ts
rf: RF-RBAC-004
status: pending
usage: "@Roles('admin', 'manager')"
- name: Permissions
file: apps/backend/src/modules/roles/decorators/permissions.decorator.ts
rf: RF-RBAC-004
status: pending
usage: "@Permissions('users:read:all')"
- name: RequirePermission
file: apps/backend/src/modules/roles/decorators/require-permission.decorator.ts
rf: RF-RBAC-004
status: pending
usage: "@RequirePermission('users', 'write', 'all')"
frontend:
feature: roles
path: apps/frontend/src/features/roles/
framework: React
pages:
- name: RolesPage
file: apps/frontend/src/features/roles/pages/RolesPage.tsx
rf: RF-RBAC-001
status: pending
route: /settings/roles
- name: RoleDetailPage
file: apps/frontend/src/features/roles/pages/RoleDetailPage.tsx
rf: [RF-RBAC-001, RF-RBAC-002]
status: pending
route: /settings/roles/:id
- name: PermissionsPage
file: apps/frontend/src/features/roles/pages/PermissionsPage.tsx
rf: RF-RBAC-002
status: pending
route: /settings/permissions
components:
- name: RoleTable
file: apps/frontend/src/features/roles/components/RoleTable.tsx
rf: RF-RBAC-001
status: pending
- name: RoleForm
file: apps/frontend/src/features/roles/components/RoleForm.tsx
rf: RF-RBAC-001
status: pending
- name: PermissionMatrix
file: apps/frontend/src/features/roles/components/PermissionMatrix.tsx
rf: RF-RBAC-002
status: pending
description: Matriz visual para asignar permisos a rol
- name: UserRoleAssignment
file: apps/frontend/src/features/roles/components/UserRoleAssignment.tsx
rf: RF-RBAC-003
status: pending
stores:
- name: rolesStore
file: apps/frontend/src/features/roles/stores/rolesStore.ts
rf: [RF-RBAC-001, RF-RBAC-002]
status: pending
hooks:
- name: usePermission
file: apps/frontend/src/features/roles/hooks/usePermission.ts
rf: RF-RBAC-004
status: pending
description: Hook para verificar permisos en frontend
- name: useHasRole
file: apps/frontend/src/features/roles/hooks/useHasRole.ts
rf: RF-RBAC-004
status: pending
description: Hook para verificar roles en frontend
# =============================================================================
# DEPENDENCIAS
# =============================================================================
dependencies:
depends_on:
- module: MGN-001
type: hard
reason: RBAC usa tokens JWT
- module: MGN-002
type: hard
reason: Roles se asignan a usuarios
required_by:
- module: MGN-004
type: soft
reason: Tenants tienen roles por defecto
- module: ALL_BUSINESS
type: hard
reason: Todos los modulos usan permisos
# =============================================================================
# TESTS
# =============================================================================
tests:
unit:
- name: RolesService.spec.ts
file: apps/backend/src/modules/roles/__tests__/roles.service.spec.ts
status: pending
cases: 10
- name: PermissionsService.spec.ts
file: apps/backend/src/modules/roles/__tests__/permissions.service.spec.ts
status: pending
cases: 12
- name: RolesGuard.spec.ts
file: apps/backend/src/modules/roles/__tests__/roles.guard.spec.ts
status: pending
cases: 8
integration:
- name: roles.controller.e2e.spec.ts
file: apps/backend/test/roles/roles.controller.e2e.spec.ts
status: pending
cases: 12
coverage:
target: 80%
current: 0%
# =============================================================================
# METRICAS
# =============================================================================
metrics:
story_points:
estimated: 40
actual: null
files:
database: 7
backend: 18
frontend: 10
tests: 6
total: 41
# =============================================================================
# HISTORIAL
# =============================================================================
history:
- date: "2025-12-05"
action: "Creacion de TRACEABILITY.yml"
author: Requirements-Analyst
Reference in New Issue View Git Blame Copy Permalink