softwarehuset/books
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
books/backend/Books.Api/Domain/UserAccess/Events/UserCompanyAccessEvents.cs
Nicolaj Hartmann 709d0a4739 Audit v2: fix security, data integrity, compliance, bugs, encoding, UX 
Backend Security & Data Integrity:
- Block negative debit/credit amounts that bypass balance validation
- Require document date at posting (was optional, bypassing fiscal year checks)
- Fix event sourcing anti-pattern: timestamps now stored in events, not UtcNow in Apply
- Add [Authorize] to BankingController OAuth callback
- Add company access check on attachment downloads
- Validate CVR in CompanyAggregate.Create and CompanyAggregate.Update
- Require company CVR for invoice creation (Momsloven §52)
- Delete leftover WeatherForecastController
- Fix duplicate migration number 007 (renamed to 007b)
- Remove dead code in VatCalculationService (identical if/else branches)

Accounting Compliance:
- Add missing VAT accounts to StandardDanishAccounts (5610, 5611, 5620)
- Populate SAF-T TaxInformation on transaction lines (was always null)
- Add AuditFileCountry and TaxRegistrationNumber to SAF-T header

Critical Frontend Bugs:
- Fix Dashboard <a href> causing full page reloads (now uses React Router Link)
- Wire Kassekladde filters to actual data (account, status, date range)
- Pre-populate form when editing existing Kassekladde drafts
- Add detail drawer for "Vis detaljer" action (was just a toast)
- Toggle advanced filters with "Flere filtre" button
- CloseFiscalYearWizard now actually posts closing entries via mutations
- "Create next year" checkbox now creates the next fiscal year

Danish Character Encoding (~50 fixes):
- Fix ø/æ/å across Momsindberetning, DocumentUploadModal, Bankafstemning,
  Kontooversigt, CloseFiscalYearWizard, vatCodes, periodStore, periods,
  accounting, types/periods

Dead Buttons & UX:
- Disable Momsindberetning PDF/Export buttons with tooltips
- FiscalYearSelector "Administrer" now navigates to Settings
- Settings bank tab now uses real BankConnectionsTab component
- Bankafstemning save button disabled with development tooltip
- Replace hardcoded account options with real API data (Bankafstemning, Fakturaer)
- Header help button shows info message, notification bell shows popover

Consistency & Quality:
- Remove 7 console.log statements from production code
- Adopt PageHeader on 6 remaining pages (Kreditnotaer, Settings, Admin, etc.)
- Standardize loading states to Skeleton pattern (5 pages)
- Replace deprecated bodyStyle prop on Ant Design Cards
- Standardize date format to DD-MM-YYYY
- Fix sidebar width mismatch in designTokens
- Fix Kontooversigt breadcrumb pointing to non-existent route

Accessibility:
- Add aria-label to sidebar navigation
- Add +/- prefix to AmountText for color-blind users
- Fix CompanySwitcher permanent skeleton when no companies

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 00:18:19 +01:00

44 lines
1.4 KiB
C#
Raw Blame History

using EventFlow.Aggregates;
namespace Books.Api.Domain.UserAccess.Events;
/// <summary>
/// Emitted when a user is granted access to a company.
/// </summary>
public class UserCompanyAccessGrantedEvent(
string userId,
string companyId,
CompanyRole role,
string grantedBy,
DateTimeOffset grantedAt) : AggregateEvent<UserCompanyAccessAggregate, UserCompanyAccessId>
{
public string UserId { get; } = userId;
public string CompanyId { get; } = companyId;
public CompanyRole Role { get; } = role;
public string GrantedBy { get; } = grantedBy;
public DateTimeOffset GrantedAt { get; } = grantedAt;
}
/// <summary>
/// Emitted when a user's role is changed for a company.
/// </summary>
public class UserCompanyAccessRoleChangedEvent(
CompanyRole oldRole,
CompanyRole newRole,
string changedBy) : AggregateEvent<UserCompanyAccessAggregate, UserCompanyAccessId>
{
public CompanyRole OldRole { get; } = oldRole;
public CompanyRole NewRole { get; } = newRole;
public string ChangedBy { get; } = changedBy;
}
/// <summary>
/// Emitted when a user's access to a company is revoked.
/// </summary>
public class UserCompanyAccessRevokedEvent(
string revokedBy,
DateTimeOffset revokedAt) : AggregateEvent<UserCompanyAccessAggregate, UserCompanyAccessId>
{
public string RevokedBy { get; } = revokedBy;
public DateTimeOffset RevokedAt { get; } = revokedAt;
}
Reference in a new issue View git blame Copy permalink