MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
108 Commits 4 Branches 1 Tag
main
Commit Graph

11 Commits

Author SHA1 Message Date
WorkClub Automation
eaa163afa4 fix(k8s): stabilize keycloak rollout and align CD deploy manifests 
Update Keycloak probe/realm import behavior and authority config so auth services start reliably on the dev cluster, while keeping CD deployment steps aligned with the actual Kubernetes overlay behavior.
 2026-03-13 06:25:07 +01:00
WorkClub Automation
c918f447b2 fix(backend): add TenantDbTransactionInterceptor for RLS with explicit transactions 
Implements Option D: wraps auto-commit reads in explicit transactions with SET LOCAL.
Handles transaction lifecycle (create→SET LOCAL→execute→commit/dispose).
Uses IDbTransactionInterceptor for EF-managed SaveChanges transactions.
Critical fix for PostgreSQL RLS requiring transaction-scoped context.
 2026-03-05 20:43:03 +01:00
WorkClub Automation
65e80ee334 fix(backend): move RLS initialization before app_admin role assignment 
Reorganize SeedDataService to establish RLS policies before granting
app_admin role to prevent permission issues. Remove --no-restore flag
from Dockerfile.dev to ensure proper build.

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-05 19:22:29 +01:00
WorkClub Automation
3b7db39cc2 fix(backend): update middleware ordering and interceptors for RLS 
Update TenantValidationMiddleware, Program.cs startup sequence,
SaveChangesTenantInterceptor, and TenantProvider to ensure proper
middleware ordering and tenant context initialization before database access.

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-05 19:22:21 +01:00
WorkClub Automation
7859e1b3cf fix(infra): add explicit transaction management to TenantDbConnectionInterceptor for RLS 
PostgreSQL SET LOCAL only persists within a transaction scope. Added explicit transaction creation if none exists, ensuring tenant context is properly set before queries execute. Fixes tenant isolation for multi-tenant RLS filtering.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-05 16:30:50 +01:00
WorkClub Automation
8d3ac6e64a Remove transaction check from TenantDbConnectionInterceptor.SetTenantContext 
Allow SET LOCAL execution for all database commands by removing the transaction check.
EF Core creates implicit transactions for queries, so SET LOCAL works regardless.

This fixes the issue where read operations without explicit transactions were not getting
tenant context set properly, leading to incorrect RLS filtering and data visibility.
 2026-03-05 16:08:09 +01:00
WorkClub Automation
1a5d5e8651 style(backend): apply dotnet format whitespace normalization 
- Applied dotnet format to 24 files in backend/
- Corrects spacing, indentation, and formatting consistency
- No functional changes to code logic

Ultraworked with Sisyphus <https://github.com/code-yeongyu/oh-my-opencode>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-05 11:07:19 +01:00
WorkClub Automation
3a82933fd5 fix(backend): simplify Finbuckle namespace imports and register DB interceptors 
- Use consolidated Finbuckle.MultiTenant namespace instead of separate imports
- Switch TenantProvider to use untyped IMultiTenantContextAccessor (Finbuckle 9.x pattern)
- Register TenantDbConnectionInterceptor and SaveChangesTenantInterceptor as singletons
- Add interceptors to DbContext configuration for RLS tenant context support
- Update evidence files for Task 7 and Task 8 verification
 2026-03-03 18:52:35 +01:00
WorkClub Automation
28964c6767 feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 
- Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups)
- Implement RLS policies with SET LOCAL for tenant isolation
- Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback
- Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header
- Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor)
- Configure AppDbContext with tenant scoping and RLS support
- Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture
- Write TDD integration tests for multi-tenant isolation and RLS enforcement
- Add health check null safety for connection string

Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
 2026-03-03 14:32:21 +01:00
Sisyphus CI
b7854e9571 feat(seed): add development seed data script 
- Create SeedDataService in Infrastructure/Seed with idempotent seeding
- Seed 2 clubs: Sunrise Tennis Club, Valley Cycling Club
- Seed 7 member records (5 unique Keycloak test users)
- Seed 8 work items covering all status states
- Seed 5 shifts with date variety (past, today, future)
- Seed shift signups for realistic partial capacity
- Register SeedDataService in Program.cs with development-only guard
- Use deterministic GUID generation from club names
- Ensure all tenant IDs match for RLS compliance
- Track in learnings.md and evidence files for Task 22 QA
 2026-03-03 14:23:50 +01:00
Sisyphus Executor
c7dd3299d7 chore(scaffold): initialize git repo and monorepo with .NET solution 2026-03-03 14:02:37 +01:00