books/backend/Books.Api/Commands/JournalEntryDrafts/JournalEntryDraftCommandHandlers.cs

using Books.Api.Domain;
using Books.Api.Domain.JournalEntryDrafts;
using Books.Api.EventFlow.Repositories;
using EventFlow.Commands;

namespace Books.Api.Commands.JournalEntryDrafts;

public class CreateJournalEntryDraftCommandHandler
    : CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, CreateJournalEntryDraftCommand>
{
    public override Task ExecuteAsync(
        JournalEntryDraftAggregate aggregate,
        CreateJournalEntryDraftCommand command,
        CancellationToken cancellationToken)
    {
        aggregate.Create(
            command.CompanyId,
            command.Name,
            command.CreatedBy,
            command.VoucherNumber,
            command.ExtractionData);

        return Task.CompletedTask;
    }
}

public class UpdateJournalEntryDraftCommandHandler
    : CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, UpdateJournalEntryDraftCommand>
{
    public override Task ExecuteAsync(
        JournalEntryDraftAggregate aggregate,
        UpdateJournalEntryDraftCommand command,
        CancellationToken cancellationToken)
    {
        aggregate.Update(
            command.Name,
            command.DocumentDate,
            command.Description,
            command.FiscalYearId,
            command.Lines,
            command.AttachmentIds);

        return Task.CompletedTask;
    }
}

/// <summary>
/// Command handler for posting a journal entry draft.
/// Validates fiscal year status and date range before allowing the post.
/// </summary>
public class MarkJournalEntryDraftPostedCommandHandler(
    IJournalEntryDraftRepository draftRepository,
    IFiscalYearRepository fiscalYearRepository)
    : CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, MarkJournalEntryDraftPostedCommand>
{
    public override async Task ExecuteAsync(
        JournalEntryDraftAggregate aggregate,
        MarkJournalEntryDraftPostedCommand command,
        CancellationToken cancellationToken)
    {
        // Load the draft read model to get fiscal year and document date
        var draft = await draftRepository.GetByIdAsync(
            aggregate.Id.Value, cancellationToken);

        var fiscalYearId = draft?.FiscalYearId ?? aggregate.FiscalYearId;

        // Validate fiscal year is set
        if (string.IsNullOrWhiteSpace(fiscalYearId))
        {
            throw new DomainException(
                "FISCAL_YEAR_REQUIRED",
                "Fiscal year is required for posting a journal entry",
                "Regnskabsår er påkrævet for bogføring af en postering");
        }

        // Fetch and validate fiscal year
        var fiscalYear = await fiscalYearRepository.GetByIdAsync(
            fiscalYearId, cancellationToken);

        if (fiscalYear == null)
        {
            throw new DomainException(
                "FISCAL_YEAR_NOT_FOUND",
                $"Fiscal year '{fiscalYearId}' not found",
                $"Regnskabsår '{fiscalYearId}' blev ikke fundet");
        }

        // Validate fiscal year is open (not Closed or Locked)
        if (fiscalYear.Status != "Open")
        {
            throw new DomainException(
                "FISCAL_YEAR_NOT_OPEN",
                $"Fiscal year is {fiscalYear.Status}. Only open fiscal years allow posting.",
                $"Regnskabsåret er {fiscalYear.Status}. Kun åbne regnskabsår tillader bogføring.");
        }

        // Validate document date falls within fiscal year range (if document date is set)
        if (draft?.DocumentDate != null)
        {
            var documentDate = DateOnly.FromDateTime(draft.DocumentDate.Value);
            var fyStart = DateOnly.FromDateTime(fiscalYear.StartDate);
            var fyEnd = DateOnly.FromDateTime(fiscalYear.EndDate);

            if (documentDate < fyStart || documentDate > fyEnd)
            {
                throw new DomainException(
                    "DOCUMENT_DATE_OUTSIDE_FISCAL_YEAR",
                    $"Document date {documentDate:yyyy-MM-dd} falls outside the fiscal year ({fyStart:yyyy-MM-dd} to {fyEnd:yyyy-MM-dd})",
                    $"Bilagsdato {documentDate:yyyy-MM-dd} ligger uden for regnskabsåret ({fyStart:yyyy-MM-dd} til {fyEnd:yyyy-MM-dd})");
            }
        }

        aggregate.MarkPosted(
            command.TransactionId,
            command.PostedBy);
    }
}

public class DiscardJournalEntryDraftCommandHandler
    : CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, DiscardJournalEntryDraftCommand>
{
    public override Task ExecuteAsync(
        JournalEntryDraftAggregate aggregate,
        DiscardJournalEntryDraftCommand command,
        CancellationToken cancellationToken)
    {
        aggregate.Discard(command.DiscardedBy);

        return Task.CompletedTask;
    }
}
Full product audit: fix security, compliance, UX, and wire broken features Security (Phase 1): - Add authentication middleware on /graphql endpoint - Filter company queries by user access (prevent IDOR) - Add role-based authorization on mutations (owner/accountant) - Reduce API key cache TTL from 24h to 5 minutes - Hide exception details in production GraphQL errors - Fix RBAC in frontend companyStore (was hardcoded) Wiring broken features (Phase 2): - Wire Kassekladde submit/void/copy to GraphQL mutations - Wire Kontooversigt account creation to createAccount mutation - Wire Settings save to updateCompany mutation - Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations - Replace Momsindberetning mock data with real useVatReport query - Remove Dashboard hardcoded percentages and fake VAT deadline - Fix Kreditnotaer invoice selector to use real data - Fix mutation retry from 1 to 0 (prevent duplicate operations) Accounting compliance (Phase 3): - Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate - Add fiscal year boundary enforcement (status, date range checks) - Add PostedAt timestamp to posted events (Bogføringsloven §7) - Add account number uniqueness check within company - Add fiscal year overlap and gap checks - Add sequential invoice auto-numbering - Fix InvoiceLine VAT rate to use canonical VatCodes - Fix SAF-T account type mapping (financial → Expense) - Add DraftLine validation (cannot have both debit and credit > 0) UX improvements (Phase 4): - Fix Danish character encoding across 15+ files (ø, æ, å) - Deploy DemoDataDisclaimer on pages with mock/incomplete data - Adopt PageHeader component universally across all pages - Standardize active/inactive filtering to Switch pattern - Fix dead buttons in Header (Help, Notifications) - Remove hardcoded mock data from Settings - Fix Sidebar controlled state and Kontooversigt navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-05 21:35:26 +01:00			`using Books.Api.Domain;`
Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`using Books.Api.Domain.JournalEntryDrafts;`
Full product audit: fix security, compliance, UX, and wire broken features Security (Phase 1): - Add authentication middleware on /graphql endpoint - Filter company queries by user access (prevent IDOR) - Add role-based authorization on mutations (owner/accountant) - Reduce API key cache TTL from 24h to 5 minutes - Hide exception details in production GraphQL errors - Fix RBAC in frontend companyStore (was hardcoded) Wiring broken features (Phase 2): - Wire Kassekladde submit/void/copy to GraphQL mutations - Wire Kontooversigt account creation to createAccount mutation - Wire Settings save to updateCompany mutation - Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations - Replace Momsindberetning mock data with real useVatReport query - Remove Dashboard hardcoded percentages and fake VAT deadline - Fix Kreditnotaer invoice selector to use real data - Fix mutation retry from 1 to 0 (prevent duplicate operations) Accounting compliance (Phase 3): - Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate - Add fiscal year boundary enforcement (status, date range checks) - Add PostedAt timestamp to posted events (Bogføringsloven §7) - Add account number uniqueness check within company - Add fiscal year overlap and gap checks - Add sequential invoice auto-numbering - Fix InvoiceLine VAT rate to use canonical VatCodes - Fix SAF-T account type mapping (financial → Expense) - Add DraftLine validation (cannot have both debit and credit > 0) UX improvements (Phase 4): - Fix Danish character encoding across 15+ files (ø, æ, å) - Deploy DemoDataDisclaimer on pages with mock/incomplete data - Adopt PageHeader component universally across all pages - Standardize active/inactive filtering to Switch pattern - Fix dead buttons in Header (Help, Notifications) - Remove hardcoded mock data from Settings - Fix Sidebar controlled state and Kontooversigt navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-05 21:35:26 +01:00			`using Books.Api.EventFlow.Repositories;`
Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`using EventFlow.Commands;`

			`namespace Books.Api.Commands.JournalEntryDrafts;`

			`public class CreateJournalEntryDraftCommandHandler`
			`: CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, CreateJournalEntryDraftCommand>`
			`{`
			`public override Task ExecuteAsync(`
			`JournalEntryDraftAggregate aggregate,`
			`CreateJournalEntryDraftCommand command,`
			`CancellationToken cancellationToken)`
			`{`
			`aggregate.Create(`
			`command.CompanyId,`
			`command.Name,`
			`command.CreatedBy,`
			`command.VoucherNumber,`
			`command.ExtractionData);`

			`return Task.CompletedTask;`
			`}`
			`}`

			`public class UpdateJournalEntryDraftCommandHandler`
			`: CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, UpdateJournalEntryDraftCommand>`
			`{`
			`public override Task ExecuteAsync(`
			`JournalEntryDraftAggregate aggregate,`
			`UpdateJournalEntryDraftCommand command,`
			`CancellationToken cancellationToken)`
			`{`
			`aggregate.Update(`
			`command.Name,`
			`command.DocumentDate,`
			`command.Description,`
			`command.FiscalYearId,`
			`command.Lines,`
			`command.AttachmentIds);`

			`return Task.CompletedTask;`
			`}`
			`}`

Full product audit: fix security, compliance, UX, and wire broken features Security (Phase 1): - Add authentication middleware on /graphql endpoint - Filter company queries by user access (prevent IDOR) - Add role-based authorization on mutations (owner/accountant) - Reduce API key cache TTL from 24h to 5 minutes - Hide exception details in production GraphQL errors - Fix RBAC in frontend companyStore (was hardcoded) Wiring broken features (Phase 2): - Wire Kassekladde submit/void/copy to GraphQL mutations - Wire Kontooversigt account creation to createAccount mutation - Wire Settings save to updateCompany mutation - Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations - Replace Momsindberetning mock data with real useVatReport query - Remove Dashboard hardcoded percentages and fake VAT deadline - Fix Kreditnotaer invoice selector to use real data - Fix mutation retry from 1 to 0 (prevent duplicate operations) Accounting compliance (Phase 3): - Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate - Add fiscal year boundary enforcement (status, date range checks) - Add PostedAt timestamp to posted events (Bogføringsloven §7) - Add account number uniqueness check within company - Add fiscal year overlap and gap checks - Add sequential invoice auto-numbering - Fix InvoiceLine VAT rate to use canonical VatCodes - Fix SAF-T account type mapping (financial → Expense) - Add DraftLine validation (cannot have both debit and credit > 0) UX improvements (Phase 4): - Fix Danish character encoding across 15+ files (ø, æ, å) - Deploy DemoDataDisclaimer on pages with mock/incomplete data - Adopt PageHeader component universally across all pages - Standardize active/inactive filtering to Switch pattern - Fix dead buttons in Header (Help, Notifications) - Remove hardcoded mock data from Settings - Fix Sidebar controlled state and Kontooversigt navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-05 21:35:26 +01:00			`/// <summary>`
			`/// Command handler for posting a journal entry draft.`
			`/// Validates fiscal year status and date range before allowing the post.`
			`/// </summary>`
			`public class MarkJournalEntryDraftPostedCommandHandler(`
			`IJournalEntryDraftRepository draftRepository,`
			`IFiscalYearRepository fiscalYearRepository)`
Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`: CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, MarkJournalEntryDraftPostedCommand>`
			`{`
Full product audit: fix security, compliance, UX, and wire broken features Security (Phase 1): - Add authentication middleware on /graphql endpoint - Filter company queries by user access (prevent IDOR) - Add role-based authorization on mutations (owner/accountant) - Reduce API key cache TTL from 24h to 5 minutes - Hide exception details in production GraphQL errors - Fix RBAC in frontend companyStore (was hardcoded) Wiring broken features (Phase 2): - Wire Kassekladde submit/void/copy to GraphQL mutations - Wire Kontooversigt account creation to createAccount mutation - Wire Settings save to updateCompany mutation - Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations - Replace Momsindberetning mock data with real useVatReport query - Remove Dashboard hardcoded percentages and fake VAT deadline - Fix Kreditnotaer invoice selector to use real data - Fix mutation retry from 1 to 0 (prevent duplicate operations) Accounting compliance (Phase 3): - Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate - Add fiscal year boundary enforcement (status, date range checks) - Add PostedAt timestamp to posted events (Bogføringsloven §7) - Add account number uniqueness check within company - Add fiscal year overlap and gap checks - Add sequential invoice auto-numbering - Fix InvoiceLine VAT rate to use canonical VatCodes - Fix SAF-T account type mapping (financial → Expense) - Add DraftLine validation (cannot have both debit and credit > 0) UX improvements (Phase 4): - Fix Danish character encoding across 15+ files (ø, æ, å) - Deploy DemoDataDisclaimer on pages with mock/incomplete data - Adopt PageHeader component universally across all pages - Standardize active/inactive filtering to Switch pattern - Fix dead buttons in Header (Help, Notifications) - Remove hardcoded mock data from Settings - Fix Sidebar controlled state and Kontooversigt navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-05 21:35:26 +01:00			`public override async Task ExecuteAsync(`
Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`JournalEntryDraftAggregate aggregate,`
			`MarkJournalEntryDraftPostedCommand command,`
			`CancellationToken cancellationToken)`
			`{`
Full product audit: fix security, compliance, UX, and wire broken features Security (Phase 1): - Add authentication middleware on /graphql endpoint - Filter company queries by user access (prevent IDOR) - Add role-based authorization on mutations (owner/accountant) - Reduce API key cache TTL from 24h to 5 minutes - Hide exception details in production GraphQL errors - Fix RBAC in frontend companyStore (was hardcoded) Wiring broken features (Phase 2): - Wire Kassekladde submit/void/copy to GraphQL mutations - Wire Kontooversigt account creation to createAccount mutation - Wire Settings save to updateCompany mutation - Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations - Replace Momsindberetning mock data with real useVatReport query - Remove Dashboard hardcoded percentages and fake VAT deadline - Fix Kreditnotaer invoice selector to use real data - Fix mutation retry from 1 to 0 (prevent duplicate operations) Accounting compliance (Phase 3): - Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate - Add fiscal year boundary enforcement (status, date range checks) - Add PostedAt timestamp to posted events (Bogføringsloven §7) - Add account number uniqueness check within company - Add fiscal year overlap and gap checks - Add sequential invoice auto-numbering - Fix InvoiceLine VAT rate to use canonical VatCodes - Fix SAF-T account type mapping (financial → Expense) - Add DraftLine validation (cannot have both debit and credit > 0) UX improvements (Phase 4): - Fix Danish character encoding across 15+ files (ø, æ, å) - Deploy DemoDataDisclaimer on pages with mock/incomplete data - Adopt PageHeader component universally across all pages - Standardize active/inactive filtering to Switch pattern - Fix dead buttons in Header (Help, Notifications) - Remove hardcoded mock data from Settings - Fix Sidebar controlled state and Kontooversigt navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-05 21:35:26 +01:00			`// Load the draft read model to get fiscal year and document date`
			`var draft = await draftRepository.GetByIdAsync(`
			`aggregate.Id.Value, cancellationToken);`

			`var fiscalYearId = draft?.FiscalYearId ?? aggregate.FiscalYearId;`

			`// Validate fiscal year is set`
			`if (string.IsNullOrWhiteSpace(fiscalYearId))`
			`{`
			`throw new DomainException(`
			`"FISCAL_YEAR_REQUIRED",`
			`"Fiscal year is required for posting a journal entry",`
			`"Regnskabsår er påkrævet for bogføring af en postering");`
			`}`

			`// Fetch and validate fiscal year`
			`var fiscalYear = await fiscalYearRepository.GetByIdAsync(`
			`fiscalYearId, cancellationToken);`

			`if (fiscalYear == null)`
			`{`
			`throw new DomainException(`
			`"FISCAL_YEAR_NOT_FOUND",`
			`$"Fiscal year '{fiscalYearId}' not found",`
			`$"Regnskabsår '{fiscalYearId}' blev ikke fundet");`
			`}`

			`// Validate fiscal year is open (not Closed or Locked)`
			`if (fiscalYear.Status != "Open")`
			`{`
			`throw new DomainException(`
			`"FISCAL_YEAR_NOT_OPEN",`
			`$"Fiscal year is {fiscalYear.Status}. Only open fiscal years allow posting.",`
			`$"Regnskabsåret er {fiscalYear.Status}. Kun åbne regnskabsår tillader bogføring.");`
			`}`

			`// Validate document date falls within fiscal year range (if document date is set)`
			`if (draft?.DocumentDate != null)`
			`{`
			`var documentDate = DateOnly.FromDateTime(draft.DocumentDate.Value);`
			`var fyStart = DateOnly.FromDateTime(fiscalYear.StartDate);`
			`var fyEnd = DateOnly.FromDateTime(fiscalYear.EndDate);`

			`if (documentDate < fyStart \|\| documentDate > fyEnd)`
			`{`
			`throw new DomainException(`
			`"DOCUMENT_DATE_OUTSIDE_FISCAL_YEAR",`
			`$"Document date {documentDate:yyyy-MM-dd} falls outside the fiscal year ({fyStart:yyyy-MM-dd} to {fyEnd:yyyy-MM-dd})",`
			`$"Bilagsdato {documentDate:yyyy-MM-dd} ligger uden for regnskabsåret ({fyStart:yyyy-MM-dd} til {fyEnd:yyyy-MM-dd})");`
			`}`
			`}`

Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`aggregate.MarkPosted(`
			`command.TransactionId,`
			`command.PostedBy);`
			`}`
			`}`

			`public class DiscardJournalEntryDraftCommandHandler`
			`: CommandHandler<JournalEntryDraftAggregate, JournalEntryDraftId, DiscardJournalEntryDraftCommand>`
			`{`
			`public override Task ExecuteAsync(`
			`JournalEntryDraftAggregate aggregate,`
			`DiscardJournalEntryDraftCommand command,`
			`CancellationToken cancellationToken)`
			`{`
			`aggregate.Discard(command.DiscardedBy);`

			`return Task.CompletedTask;`
			`}`
			`}`