Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: add role and user mapping profiles #4

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open

feat: add role and user mapping profiles #4

wants to merge 36 commits into from

Conversation

osm-Jatin
Copy link

@osm-Jatin osm-Jatin commented Feb 27, 2025
edited by coderabbitai bot
Loading

Description:

  • Added AutoMapper configuration to map User and Role entity to respective DTOs.
  • Included a conditional mapping to handle null values gracefully.
  • Updated UserProfile mapping, Role now maps to Role.Name, defaulting to "Unknown" if Role is null.
  • Update the service layer to use automapper.
  • Improved DTO transformation to avoid serialization issues.

Why this is needed?

  • Prevents null reference errors when Role is not assigned.
  • Ensures a proper response format for API consumers.
  • Enhances readability and maintainability of the AutoMapper configuration.

Summary by CodeRabbit

  • Documentation

    • Added a comprehensive setup guide that outlines prerequisites and initial configuration steps for .NET projects.

  • New Features

    • Launched new API endpoints for user and role management, enhancing administration and providing improved error feedback.
    • Integrated interactive API documentation to simplify exploration and usage.

  • Chores

    • Upgraded configurations to standardize naming conventions, logging, and error handling.
    • Improved system infrastructure with enhanced project scaffolding and database migration support.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Feb 27, 2025
edited
Loading

Warning

Rate limit exceeded

@osm-Jatin has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 18 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f681af4 and 5545798.

📒 Files selected for processing (1)
  • src/Api/Controllers/UserController.cs (1 hunks)

Walkthrough

This pull request introduces foundational resources for a .NET-based project named DotNetFoundation. It adds documentation and configuration files, sets up new project and solution files, and defines comprehensive API components. New REST controllers for roles and users are implemented along with structured error handling via custom middleware and filters. Additionally, Entity Framework Core models, migrations, DTOs, mapping profiles, repositories, and service layers have been added to support CRUD operations and proper data handling within the application.

Changes

File(s) Change Summary
base_setup.md, src/.editorconfig Added documentation for project setup and code conventions with base setup instructions and editor configuration rules.
src/Api/Api.csproj, src/Core/Core.csproj, src/DotNetFoundation.sln, src/Api/appsettings*.json, src/Api/Properties/launchSettings.json Introduced project, solution, and configuration files for API and Core projects, including logging configuration, environment settings, and a database connection string.
src/Api/Controllers/RoleController.cs, src/Api/Controllers/UserController.cs Added new RESTful controllers to manage roles and users with endpoints for GET, POST, PUT, and DELETE operations.
src/Api/Filters/CustomExceptionFilter.cs, src/Api/Middlewares/ExceptionHandlingMiddleware.cs Added custom error handling components to manage exceptions and return structured API responses.
src/Api/Migrations/DatabaseContextModelSnapshot.cs, src/Api/Migrations/...InitialCreate.Designer.cs, src/Api/Migrations/...InitialCreate.cs Added EF Core migration files and model snapshot defining the initial database schema for roles, users, and user logs, including relationships and constraints.
src/Api/Models/Common/BaseResponse.cs, src/Api/Models/Enums/ResponseStatus.cs Introduced a generic API response model and an enumeration for response statuses to standardize response structures.
src/Api/Program.cs Created the application entry point configuring dependency injection, logging (via Serilog), Swagger, and database connectivity.
src/Core/DataContext/DatabaseContext.cs, src/Core/Entities/Models/{Role,User,UserLog}.cs Added the EF Core database context and entity models for roles, users, and user logs with defined relationships and timestamp management.
src/Core/Entities/DTOs/{RoleDTOs,UserDTOs}.cs Added DTOs for roles and users to handle data validations and transfers between application layers.
src/Core/Exceptions/{AlreadyExistsException,BadRequestException,NotFoundException}.cs Added custom exception classes to represent specific error scenarios for better error handling and clarity.
src/Core/Mappings/{RoleMappingProfile,UserMappingProfile}.cs Added AutoMapper profiles to convert between entity models and DTOs for role and user data.
src/Core/Repositories/Interfaces/{IRoleRepository,IUserRepository}.cs, src/Core/Repositories/{RoleRepository,UserRepository}.cs Introduced repository interfaces and their implementations to encapsulate data access operations for roles and users.
src/Core/Services/Interfaces/{IRoleService,IUserService}.cs, src/Core/Services/{RoleService,UserService}.cs Added service layer interfaces and implementations to manage business logic for role and user management.

Sequence Diagram(s)

sequenceDiagram
    participant C as Client
    participant MW as Middleware
    participant CT as Controller
    participant SV as Service
    participant RP as Repository
    participant DB as Database

    C->>MW: Send API Request
    MW->>CT: Forward request
    CT->>SV: Invoke business logic
    SV->>RP: Data operation request
    RP->>DB: Execute query/update
    DB-->>RP: Return result
    RP-->>SV: Return data
    SV-->>CT: Return processed data
    CT-->>MW: Return API response
    MW-->>C: Send response
Loading

Poem

I'm a happy rabbit in a digital field,
Hopping through code where structure is revealed.
With controllers and services joining the race,
Middleware and mappings keep data in place.
I celebrate these changes with a joyful leap,
In DotNetFoundation, where clean codes run deep! 🐰💻

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Feb 27, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (24)
src/Core/Exceptions/NotFoundException.cs (1)

3-16: The exception class looks good but could benefit from documentation.

The class follows the standard exception pattern with proper constructors. Consider adding XML documentation to clarify the purpose and usage of this exception.

 namespace Core.Exceptions;

+/// <summary>
+/// Exception thrown when a requested resource is not found.
+/// </summary>
 public class NotFoundException : Exception
 {
+    /// <summary>
+    /// Initializes a new instance of the <see cref="NotFoundException"/> class.
+    /// </summary>
     public NotFoundException()
     {
     }

+    /// <summary>
+    /// Initializes a new instance of the <see cref="NotFoundException"/> class with a specified error message.
+    /// </summary>
+    /// <param name="message">The message that describes the error.</param>
-    public NotFoundException(string msg) : base(msg)
+    public NotFoundException(string message) : base(message)
     {
     }

+    /// <summary>
+    /// Initializes a new instance of the <see cref="NotFoundException"/> class with a specified error message and a reference to the inner exception that is the cause of this exception.
+    /// </summary>
+    /// <param name="message">The message that describes the error.</param>
+    /// <param name="innerException">The exception that is the cause of the current exception.</param>
     public NotFoundException(string message, Exception innerException) : base(message, innerException)
     {
     }
 }
src/Core/Exceptions/AlreadyExistsException.cs (1)

3-16: Standardize parameter naming for consistency.

The class uses msg in one constructor and message in another. For better maintainability, parameter names should be consistent across similar methods.

 namespace Core.Exceptions;

+/// <summary>
+/// Exception thrown when an attempt is made to create a resource that already exists.
+/// </summary>
 public class AlreadyExistsException : Exception
 {
+    /// <summary>
+    /// Initializes a new instance of the <see cref="AlreadyExistsException"/> class.
+    /// </summary>
     public AlreadyExistsException()
     {
     }

+    /// <summary>
+    /// Initializes a new instance of the <see cref="AlreadyExistsException"/> class with a specified error message.
+    /// </summary>
+    /// <param name="message">The message that describes the error.</param>
-    public AlreadyExistsException(string msg) : base(msg)
+    public AlreadyExistsException(string message) : base(message)
     {
     }

+    /// <summary>
+    /// Initializes a new instance of the <see cref="AlreadyExistsException"/> class with a specified error message and a reference to the inner exception that is the cause of this exception.
+    /// </summary>
+    /// <param name="message">The message that describes the error.</param>
+    /// <param name="innerException">The exception that is the cause of the current exception.</param>
     public AlreadyExistsException(string message, Exception innerException) : base(message, innerException)
     {
     }
 }
src/Core/Exceptions/BadRequestException.cs (1)

3-16: Standardize parameter naming and add documentation.

Similar to the other exception classes, this class uses inconsistent parameter naming (msg vs message). Consider standardizing the naming and adding XML documentation for better code maintainability.

 namespace Core.Exceptions;

+/// <summary>
+/// Exception thrown when the request is invalid.
+/// </summary>
 public class BadRequestException : Exception
 {
+    /// <summary>
+    /// Initializes a new instance of the <see cref="BadRequestException"/> class.
+    /// </summary>
     public BadRequestException()
     {
     }

+    /// <summary>
+    /// Initializes a new instance of the <see cref="BadRequestException"/> class with a specified error message.
+    /// </summary>
+    /// <param name="message">The message that describes the error.</param>
-    public BadRequestException(string msg) : base(msg)
+    public BadRequestException(string message) : base(message)
     {
     }

+    /// <summary>
+    /// Initializes a new instance of the <see cref="BadRequestException"/> class with a specified error message and a reference to the inner exception that is the cause of this exception.
+    /// </summary>
+    /// <param name="message">The message that describes the error.</param>
+    /// <param name="innerException">The exception that is the cause of the current exception.</param>
     public BadRequestException(string message, Exception innerException) : base(message, innerException)
     {
     }
 }
src/Core/Entities/Models/UserLog.cs (1)

4-4: Remove unused import

The Microsoft.EntityFrameworkCore.Metadata.Internal namespace is imported but not used anywhere in this class. Consider removing it to keep the code clean.

-using Microsoft.EntityFrameworkCore.Metadata.Internal;
base_setup.md (1)

58-67: Add language specifier to code block

The fenced code block is missing a language specifier. Add a language identifier after the opening backticks for proper syntax highlighting and to comply with markdown standards.

-```
+```plaintext
 src/
 ├── Api/
 │   ├── Api.csproj
 │   ├── Program.cs
 │   └── ...
 └── Core/
     ├── Core.csproj
     └── ...
🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

58-58: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

src/Core/Entities/DTOs/UserDTOs.cs (2)

3-10: Add validation attributes to UserCreateDto

Consider adding validation attributes to ensure data integrity before it reaches the service layer. Properties like Email and Password should have validation rules.

 public class UserCreateDto
 {
+    [Required, MaxLength(100)]
     public string FirstName { get; set; } = string.Empty;
+    [Required, MaxLength(100)]
     public string LastName { get; set; } = string.Empty;
+    [Required, EmailAddress, MaxLength(255)]
     public string Email { get; set; } = string.Empty;
+    [Required, MinLength(8)]
     public string Password { get; set; } = string.Empty;
+    [Required]
     public int RoleId { get; set; }
 }

12-17: Add validation attributes to UserUpdateDto

Similar to UserCreateDto, consider adding validation attributes to ensure data integrity.

 public class UserUpdateDto
 {
+    [Required, MaxLength(100)]
     public string FirstName { get; set; } = string.Empty;
+    [Required, MaxLength(100)]
     public string LastName { get; set; } = string.Empty;
+    [Required]
     public int RoleId { get; set; }
 }
src/Api/Filters/CustomExceptionFilter.cs (1)

49-55: Use structured logging for better context.

Instead of LogError($"Internal server exception: {context.Exception.ToString()}"), consider passing the Exception object directly to the logger. This provides richer structured logs and avoids duplicating .ToString(). For example:

- _logger.LogError($"Internal server exception: {context.Exception.ToString()}");
+ _logger.LogError(context.Exception, "Internal server exception");
src/.editorconfig (1)

36-44: Avoid redundant naming style duplication.

The lines from 36 to 44 define the same pascal_case naming style twice. Consider consolidating them into a single definition to keep the file concise and easier to maintain.

src/Api/Models/Common/BaseResponse.cs (1)

75-99: Incorrect XML comment for PaginationMetadata class.

The XML comment for the PaginationMetadata class incorrectly describes it as a utility for generating bad request responses, which was copied from the previous class.

 /// <summary>
-/// Provides utilities for generating bad request responses based on model validation errors.
+/// Represents metadata for paginated responses.
 /// </summary>
 public class PaginationMetadata
src/Core/DataContext/DatabaseContext.cs (1)

7-16: The DatabaseContext is well-structured with appropriate DbSet properties.

The context properly defines DbSet properties for Users, Roles, and UserLogs. Consider using the nullable reference type annotation for the DbSet properties since EF Core requires them to be non-null.

-    public DbSet<User> Users { get; set; }
-    public DbSet<Role> Roles { get; set; }
-    public DbSet<UserLog> UserLogs { get; set; }
+    public DbSet<User> Users { get; set; } = null!;
+    public DbSet<Role> Roles { get; set; } = null!;
+    public DbSet<UserLog> UserLogs { get; set; } = null!;
src/Api/Middlewares/ExceptionHandlingMiddleware.cs (3)

20-24: Eliminate duplicate JSON serialization options.

The _jsonOptions field and the SendJsonResponse() method both create nearly identical JsonSerializerOptions. Consider consolidating to a single source of truth for consistent serialization settings and reduced maintenance overhead.

- private readonly JsonSerializerOptions _jsonOptions;
...
- _jsonOptions = new JsonSerializerOptions { ... };

private JsonSerializerOptions CreateJsonOptions()
{
    return new JsonSerializerOptions
    {
        Converters = { new JsonStringEnumConverter() },
        PropertyNamingPolicy = JsonNamingPolicy.CamelCase
    };
}

- // Then reuse CreateJsonOptions() anywhere JsonSerializerOptions is needed

45-66: Validate the assumption about ModelState usage in BadHttpRequestException cases.

The logic expects ModelState data to reside in HttpContext.Items["ModelState"], but BadHttpRequestException may occur for reasons unrelated to model validation. Make sure this approach doesn’t inadvertently produce misleading error messages when the item isn’t found or is null.

Do you want a script to search for all references to “ModelState” in the project to confirm whether it’s always set before this middleware gets invoked?

95-105: Recommend including correlation or request IDs in error logs.

When invoking HandleExceptionAsync, we only log the exception message. Including a unique correlation ID or request ID in error responses can help trace requests across distributed systems, enhancing debugging capabilities.

src/Core/Services/RoleService.cs (2)

23-27: Consider throwing an exception for a non-existent role.

Currently, the service returns null if the role doesn’t exist, but other methods return boolean for similar scenarios. A uniform approach—either returning a boolean, a null DTO, or throwing an exception—can improve consistency in error handling across the service layers.

43-64: Reuse code for retrieving roles in update and delete paths.

You repeatedly fetch the role in both UpdateRoleAsync and DeleteRoleAsync. Consider extracting common retrieval or not-found checking logic into a helper method for better maintainability.

src/Api/Migrations/20250220183440_InitialCreate.cs (2)

24-25: Consider adding a unique constraint for the role's name.
Some applications require role names to be unique to prevent confusion and reduce data inconsistencies. If that is your use case, consider adding a database-level unique constraint here.

56-61: Double-check your ReferentialAction.Restrict strategy on the usersroles relationship.
Using Restrict means you cannot delete a role if there are users referencing it. Ensure this aligns with your intended business rules. If users can exist without a role, consider setting it to SetNull instead, or make sure roles are not deleted inadvertently.

src/Core/Repositories/UserRepository.cs (2)

31-35: Consider returning the newly created user or its ID instead of a boolean.
Returning just a boolean from AddUserAsync can make debugging more difficult since you lose direct access to the inserted entity. If you need confirmation the insert succeeded, returning the updated entity or the newly generated ID may be more useful.

37-41: Evaluate concurrency handling for UpdateUserAsync.
If you want to detect mid-air collisions or stale data scenarios, implement a concurrency token (e.g., a row version). Using _context.Users.Update(user) without concurrency checks might overwrite changes made in parallel.

src/Core/Repositories/RoleRepository.cs (2)

29-34: Return a clear status or an exception for role creation failures.
AddRoleAsync returns null if saving fails. Consider returning an error or throwing an exception for better clarity and debugging.

36-40: Assess concurrency for role updates.
Similar to the user repository, updates here are susceptible to silent overwrites. Consider version tracking or a concurrency token field to detect conflicting updates.

src/Api/Controllers/UserController.cs (2)

22-23: Simplify type references by using imported namespace

You've already imported the Core.Entities.DTOs namespace, so there's no need to use fully qualified type names.

-        Core.Entities.DTOs.UserResponseDto? user = await _userService.GetUserByIdAsync(id).ConfigureAwait(false);
+        UserResponseDto? user = await _userService.GetUserByIdAsync(id).ConfigureAwait(false);

-        Core.Entities.DTOs.UserResponseDto? user = await _userService.GetUserByEmailAsync(email).ConfigureAwait(false);
+        UserResponseDto? user = await _userService.GetUserByEmailAsync(email).ConfigureAwait(false);

-        IEnumerable<Core.Entities.DTOs.UserResponseDto> users = await _userService.GetAllUsersAsync().ConfigureAwait(false);
+        IEnumerable<UserResponseDto> users = await _userService.GetAllUsersAsync().ConfigureAwait(false);

Also applies to: 29-30, 36-37

48-49: Add Location header for resource creation response

For the RegisterUser endpoint, consider returning a CreatedAtAction response instead of StatusCode(201) to include a Location header in the response, similar to how it's done in RoleController.CreatedRole.

-        return success ? StatusCode(201, new { message = "User registered successfully" }) : BadRequest(new { message = "Failed to register user" });
+        return success 
+            ? CreatedAtAction(nameof(GetUserById), new { id = /* need user id here */ }, new { message = "User registered successfully" }) 
+            : BadRequest(new { message = "Failed to register user" });

Note: This requires modifying the AddUserAsync method to return the created user ID or the full UserResponseDto.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 177ba93 and 180824f.

📒 Files selected for processing (37)
  • base_setup.md (1 hunks)
  • src/.editorconfig (1 hunks)
  • src/Api/Api.csproj (1 hunks)
  • src/Api/Controllers/RoleController.cs (1 hunks)
  • src/Api/Controllers/UserController.cs (1 hunks)
  • src/Api/Filters/CustomExceptionFilter.cs (1 hunks)
  • src/Api/Middlewares/ExceptionHandlingMiddleware.cs (1 hunks)
  • src/Api/Migrations/20250220183440_InitialCreate.Designer.cs (1 hunks)
  • src/Api/Migrations/20250220183440_InitialCreate.cs (1 hunks)
  • src/Api/Migrations/DatabaseContextModelSnapshot.cs (1 hunks)
  • src/Api/Models/Common/BaseResponse.cs (1 hunks)
  • src/Api/Models/Enums/ResponseStatus.cs (1 hunks)
  • src/Api/Program.cs (1 hunks)
  • src/Api/Properties/launchSettings.json (1 hunks)
  • src/Api/appsettings.Development.json (1 hunks)
  • src/Api/appsettings.json (1 hunks)
  • src/Core/Core.csproj (1 hunks)
  • src/Core/DataContext/DatabaseContext.cs (1 hunks)
  • src/Core/Entities/DTOs/RoleDTOs.cs (1 hunks)
  • src/Core/Entities/DTOs/UserDTOs.cs (1 hunks)
  • src/Core/Entities/Models/Role.cs (1 hunks)
  • src/Core/Entities/Models/User.cs (1 hunks)
  • src/Core/Entities/Models/UserLog.cs (1 hunks)
  • src/Core/Exceptions/AlreadyExistsException.cs (1 hunks)
  • src/Core/Exceptions/BadRequestException.cs (1 hunks)
  • src/Core/Exceptions/NotFoundException.cs (1 hunks)
  • src/Core/Mappings/RoleMappingProfile.cs (1 hunks)
  • src/Core/Mappings/UserMappingProfile.cs (1 hunks)
  • src/Core/Repositories/Interfaces/IRoleRepository.cs (1 hunks)
  • src/Core/Repositories/Interfaces/IUserRepository.cs (1 hunks)
  • src/Core/Repositories/RoleRepository.cs (1 hunks)
  • src/Core/Repositories/UserRepository.cs (1 hunks)
  • src/Core/Services/Interfaces/IRoleService.cs (1 hunks)
  • src/Core/Services/Interfaces/IUserService.cs (1 hunks)
  • src/Core/Services/RoleService.cs (1 hunks)
  • src/Core/Services/UserService.cs (1 hunks)
  • src/DotNetFoundation.sln (1 hunks)
✅ Files skipped from review due to trivial changes (6)
  • src/Api/Models/Enums/ResponseStatus.cs
  • src/Core/Mappings/RoleMappingProfile.cs
  • src/DotNetFoundation.sln
  • src/Api/appsettings.json
  • src/Api/Properties/launchSettings.json
  • src/Core/Core.csproj
🧰 Additional context used
🪛 markdownlint-cli2 (0.17.2)
base_setup.md

58-58: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

🔇 Additional comments (42)
src/Api/Api.csproj (1)

10-14:

✅ Verification successful

Consider aligning package versions for consistent dependencies.

The Microsoft.AspNetCore.OpenApi package (8.0.11) and Microsoft.EntityFrameworkCore.Tools package (8.0.0) have different version numbers. Unless there's a specific reason for this difference, it's generally best to align related package versions to avoid potential compatibility issues.

🏁 Script executed:

#!/bin/bash
# Description: Check latest version of Microsoft.EntityFrameworkCore.Tools
# Expected result: Information about the latest available version of the package

echo "Checking latest version of Microsoft.EntityFrameworkCore.Tools..."
curl -s "https://api.nuget.org/v3-flatcontainer/microsoft.entityframeworkcore.tools/index.json" | jq -r '.versions | .[-1]'

Length of output: 289

Alignment of Package Versions

After verification, the versions in the project appear intentional. The Microsoft.AspNetCore.OpenApi package is referenced at version 8.0.11 as a patch update, while the Microsoft.EntityFrameworkCore.Tools package is set to version 8.0.0—reflecting the current stable release. Notably, the latest version available for EF Core Tools is a preview (10.0.0‑preview.1.25081.1), so opting for the stable 8.0.0 release is appropriate. There’s no indication that aligning these versions is necessary or beneficial given they follow separate release cycles.

src/Core/Mappings/UserMappingProfile.cs (3)

11-12: Well-implemented conditional mapping for handling null Role values.

The conditional mapping for the Role property correctly implements the PR objective by providing a default "Unknown" value when Role is null, preventing null reference errors in the API response.

14-18: Good practice for handling creation timestamps and password security.

The mapping correctly ignores the PasswordHash field (which should be handled separately) and properly sets the CreatedAt and UpdatedAt timestamps to UTC time, following best practices for entity creation.

19-20: Proper handling of update timestamps.

The mapping correctly sets the UpdatedAt timestamp for user updates while preserving other fields.

src/Api/appsettings.Development.json (2)

15-15: Verify application name in Serilog properties.

The application name is set to "AuditLog.API" - please verify if this is the correct name for this application or if it should be updated to match your project name.

20-20: Connection string follows proper security practices.

Using placeholders in the connection string is good practice for development settings. Remember to replace these placeholders with actual values in your environment or use a secure method like user secrets or environment variables.

src/Core/Entities/DTOs/RoleDTOs.cs (3)

3-6: Well-designed DTO for role creation.

The RoleCreateDto is appropriately structured with a non-null initialized string property, following best practices for DTO design.

8-11: Clean separation of update DTO.

Good practice to have a separate DTO for updates, even if it currently has the same structure as the create DTO. This allows for future divergence if needed.

13-17: Well-structured response DTO.

The response DTO properly includes the Id along with the Name property and initializes the string to empty instead of null, preventing potential null reference issues.

src/Core/Entities/Models/Role.cs (4)

10-11: Well-defined primary key with appropriate column mapping.

The Id property is correctly marked as the primary key using the [Key] attribute and mapped to the database column "id".

13-14: Good validation constraints for the Name property.

The Name property has appropriate validation attributes (Required, MaxLength) and is properly initialized to avoid null reference issues.

16-20: Proper timestamp handling with UTC time.

Both timestamp fields default to UTC time, which is the best practice for storing dates in a database to avoid timezone issues.

22-22: Well-initialized collection property for the User relationship.

The Users collection is properly initialized with an empty list, following best practices to avoid null reference exceptions.

src/Core/Entities/Models/UserLog.cs (1)

8-26: Well-structured entity model

The UserLog entity is well-designed with proper relationships, annotations, and default values. The model follows good practices for Entity Framework Core and maintains consistent naming conventions with other entities.

base_setup.md (1)

1-70: Well-structured documentation

This is a comprehensive guide that clearly outlines the steps to set up the project structure. The instructions are well-organized, easy to follow, and include all necessary commands.

🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

58-58: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

src/Core/Entities/DTOs/UserDTOs.cs (1)

19-26: Verify Role mapping in AutoMapper profile

The UserResponseDto's Role property is correctly defined as a string to receive the Role.Name value. Ensure that the corresponding AutoMapper profile implements the conditional mapping mentioned in the PR objectives, defaulting to "Unknown" when Role is null.

src/Core/Entities/Models/User.cs (1)

7-36: Well-designed User entity with proper relationships

The User entity is well-implemented with appropriate annotations, validations, and relationships. The nullable Role property correctly supports the requirement to handle cases where a role isn't assigned. The model follows good practices for Entity Framework Core and maintains consistent naming conventions.

src/Api/Filters/CustomExceptionFilter.cs (1)

7-12: Consider verifying the necessity of the pragma warning suppression.

The comment mentions suppressing CA1019, which typically occurs if an attribute defines a constructor parameter that isn't exposed as a property. Verify whether the attribute is indeed required to be suppressed here, or if there's a more direct fix.

src/.editorconfig (1)

108-109: Confirm alignment with file-scoped namespace requirement.

The rules at lines 108–109 (csharp_style_namespace_declarations = file_scoped:error) force all namespaces to be declared in file-scoped style. If working with older .NET or external code, ensure this doesn't conflict with existing code or project constraints.

src/Api/Program.cs (1)

14-25: Ensure non-Microsoft logs are captured as needed.

The Serilog configuration filters only Microsoft logs to the console. Verify that intentional logs from other namespaces (e.g., application or third-party libraries) are directed to an appropriate sink. Otherwise, you may miss important logs from your own application logic.

src/Core/Services/Interfaces/IRoleService.cs (1)

1-13: Well-designed service interface for role management

The interface follows good design practices for a service layer in a .NET application:

  1. Clear, descriptive method names with async suffix for asynchronous operations
  2. Appropriate use of nullable return types where applicable
  3. Proper use of DTOs for input and output parameters
  4. Consistent return types (Task with appropriate return values)
  5. Follows the repository pattern principles with a clear separation of concerns
src/Core/Repositories/Interfaces/IUserRepository.cs (1)

1-13: Well-structured repository interface for user data operations

The interface follows repository pattern best practices:

  1. Clear, descriptive method names with async suffix
  2. Appropriate use of nullable return types
  3. Properly typed Task return values
  4. Comprehensive CRUD operations
  5. Entity-focused methods (works with User model rather than DTOs)
src/Core/Services/Interfaces/IUserService.cs (1)

1-14: Well-designed user service interface with proper DTO handling

The interface is well-structured and follows service layer best practices:

  1. Clear, descriptive method names with async suffix
  2. Appropriate use of DTOs for both input and output
  3. Properly typed Task return values with nullable annotations where applicable
  4. Comprehensive user management operations

According to the PR objectives, this interface will work with the AutoMapper configuration that handles Role property mapping with null value handling.

src/Core/Repositories/Interfaces/IRoleRepository.cs (1)

1-12: Well-designed repository interface for role management

The interface follows repository pattern best practices:

  1. Clear method names with async suffix
  2. Appropriate nullable return types
  3. Properly typed Task return values
  4. Comprehensive CRUD operations
  5. Entity-focused methods (works with Role model directly)

This repository interface will work together with the IRoleService to implement the role mapping functionality mentioned in the PR objectives.

src/Api/Models/Common/BaseResponse.cs (2)

6-47: The BaseResponse class is well-designed with comprehensive structure.

The generic base response class provides a standardized format for API responses with all necessary components: status, data, messages, error handling, and pagination support. Well-documented with XML comments.

49-73: ModelValidationBadRequest class has appropriate XML documentation.

The utility class for generating bad request responses from model validation errors follows best practices for error handling. The XML documentation matches the class's purpose.

src/Core/DataContext/DatabaseContext.cs (3)

17-24: Relationship configuration for User-Role is appropriate.

The one-to-many relationship between Role and User is properly configured with a DeleteBehavior.Restrict to prevent orphaned records. This ensures data integrity.

32-36: Use of ConfigureAwait(false) pattern is good practice.

The ConfigureAwait(false) is correctly used in the SaveChangesAsync method to avoid potential deadlocks in ASP.NET applications.

38-56: UpdateTimestamps method handles all entity types properly.

The method correctly updates the UpdatedAt property for all tracked entity types (User, Role, UserLog) when they are modified.

src/Core/Services/UserService.cs (4)

20-24: Good use of AutoMapper in GetUserByIdAsync method.

The method properly uses AutoMapper to transform the User entity to UserResponseDto. This aligns with the PR objective of adding user profile DTO transformation.

38-43: Password hashing is correctly implemented in AddUserAsync.

The method appropriately handles password hashing before storing the user in the database, which is a security best practice.

68-71: Password hashing implementation is secure.

The use of BCrypt for password hashing is a good security practice as it includes salt and is resistant to brute force attacks.

45-55:

❓ Verification inconclusive

Verify the Role mapping in UpdateUserAsync.

When mapping from UserUpdateDto to User, ensure that the Role property mapping correctly handles null values as mentioned in the PR objectives. The current implementation doesn't show how null Role values are handled during mapping.

🏁 Script executed:

#!/bin/bash
# Check for the AutoMapper profile that configures the Role mapping
echo "Searching for AutoMapper profiles that handle Role mapping..."
rg -i "createmap.*user" --type csharp -A 10

Length of output: 1289

Review Verification: Role Mapping in UpdateUserAsync

Our investigation shows that the AutoMapper profile correctly handles the Role mapping for converting a User to a UserResponseDto by mapping a null Role to the string "Unknown." However, in the mapping configuration for updating a User (mapping from UserUpdateDto to User), there is no explicit handling for the Role property. This means that if UserUpdateDto.Role is null, the update operation in UpdateUserAsync may inadvertently override the User's existing Role with a null value.

Actionable items:

  • File: src/Core/Mappings/UserMappingProfile.cs
    Location: In the CreateMap<UserUpdateDto, User>() configuration (currently only setting UpdatedAt)
    Suggestion: Consider adding explicit handling for the Role property. For example, you might add a condition to ignore mapping when the Role is null or set a default value if appropriate.

Please review the intended behavior regarding Role updates and adjust the mapping configuration accordingly if needed.

src/Api/Migrations/DatabaseContextModelSnapshot.cs (2)

1-167: Auto-generated migration snapshot looks appropriate.

This auto-generated file correctly captures the database schema including the relationships between User, Role, and UserLog entities. The User-Role relationship is properly configured with DeleteBehavior.Restrict as defined in the DatabaseContext.

19-20:

❓ Verification inconclusive

Verify Entity Framework Core version compatibility.

The snapshot indicates EF Core version 8.0.8. Ensure this matches your project's dependencies to avoid compatibility issues.

🏁 Script executed:

#!/bin/bash
# Check the Entity Framework Core version in the project file
echo "Checking EF Core version in project files..."
fd -e csproj | xargs cat | grep -i "entityframeworkcore"

Length of output: 405

Ensure Consistent EF Core Package Versions

I verified the EF Core dependency versions in your project. The snapshot reflects the runtime package (Microsoft.EntityFrameworkCore) at version 8.0.8, which aligns with the annotations in your snapshot file. However, note that the tooling (Microsoft.EntityFrameworkCore.Tools) and the Pomelo provider (Pomelo.EntityFrameworkCore.MySql) are set to version 8.0.0. Please double-check that these intentional differences are compatible, or consider aligning the versions to prevent any unforeseen compatibility issues.

src/Api/Migrations/20250220183440_InitialCreate.Designer.cs (2)

25-53: Avoid manual modifications to auto-generated migration files.

This file is automatically generated by Entity Framework Core. Manual changes can complicate future migrations. If you need schema adjustments, make them via the model and generate a new migration.

147-159: Confirm delete behaviors for foreign keys.

The OnDelete(DeleteBehavior.Restrict) for the User -> Role relationship and OnDelete(DeleteBehavior.Cascade) for UserLog -> User might have business implications. Verify that restricting deletion of a Role is intended, while cascading deletion of a User triggers removal of user logs.

src/Core/Services/RoleService.cs (1)

35-41: Check for duplicate roles to prevent conflicts.

When creating a role, ensure the new role name doesn’t already exist to avoid duplicates. You might safeguard by implementing a uniqueness check in the repository and returning null or an error message if the name is already taken.

src/Api/Migrations/20250220183440_InitialCreate.cs (1)

100-112: Rollback logic seems consistent.
The Down method correctly drops tables in the reverse order of creation, preventing orphaned references. The approach is coherent with standard EF Core migration patterns.

src/Core/Repositories/UserRepository.cs (2)

19-20: Review the implications of using AsNoTracking() when later performing updates.
Because the entity is tracked as “no-tracking” in this retrieval, you might lose concurrency and change-tracking benefits in subsequent updates. Ensure your service layer is aware if an update requires concurrency checks.

43-47: Ensure null checks before deleting.
While presumably handled at a higher layer, a missing user object might lead to exceptions. Adding a quick check (or verifying it in the service layer) can improve robustness.

src/Api/Controllers/RoleController.cs (1)

1-82: Controller implementation follows RESTful best practices

The RoleController implementation demonstrates good API design following RESTful principles:

  • Proper dependency injection of IRoleService
  • Async/await pattern with ConfigureAwait(false) for all operations
  • Appropriate HTTP status codes (200, 201, 204, 400, 404) for different scenarios
  • Structured error responses with informative messages
  • Input validation with ModelState checks
  • Clear method naming that indicates purpose
  • Consistent return types (IActionResult)

coderabbitai[bot]
coderabbitai bot reviewed Feb 27, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
src/Api/Controllers/UserController.cs (1)

51-56: 🛠️ Refactor suggestion

Add ModelState validation for UpdateUser method

The UpdateUser method should validate the ModelState similar to the RegisterUser method.

[HttpPut("{id}")]
public async Task<IActionResult> UpdateUser(int id, [FromBody] UserUpdateDto userDto)
{
+    if (!ModelState.IsValid)
+    {
+        return BadRequest(ModelState);
+    }
+
    bool success = await _userService.UpdateUserAsync(id, userDto).ConfigureAwait(false);
    return success ? NoContent() : NotFound(new { message = "User not found or update failed" });
}
🧹 Nitpick comments (5)
src/Api/Controllers/UserController.cs (5)

26-29: Add input validation for email parameter

The email parameter should be validated before being passed to the service to ensure it's in a valid format and prevent potential issues with invalid email formats.

[HttpGet("email/{email}")]
public async Task<IActionResult> GetUserByEmail(string email)
{
+    if (string.IsNullOrWhiteSpace(email) || !IsValidEmail(email))
+    {
+        return BadRequest(new { message = "Invalid email format" });
+    }
+
    UserResponseDto? user = await _userService.GetUserByEmailAsync(email).ConfigureAwait(false);
    return user == null ? NotFound(new { message = "User not found" }) : Ok(user);
}

// Add this helper method at the end of the class
+private static bool IsValidEmail(string email)
+{
+    try
+    {
+        var addr = new System.Net.Mail.MailAddress(email);
+        return addr.Address == email;
+    }
+    catch
+    {
+        return false;
+    }
+}

19-22: Add input validation for id parameter

The id parameter should be validated before being passed to the service to ensure it's positive.

[HttpGet("{id}")]
public async Task<IActionResult> GetUserById(int id)
{
+    if (id <= 0)
+    {
+        return BadRequest(new { message = "Invalid user ID" });
+    }
+
    UserResponseDto? user = await _userService.GetUserByIdAsync(id).ConfigureAwait(false);
    return user == null ? NotFound(new { message = "User not found" }) : Ok(user);
}

59-62: Add input validation for id parameter in DeleteUser method

Similar to other methods, the id parameter should be validated before being passed to the service.

[HttpDelete("{id}")]
public async Task<IActionResult> DeleteUser(int id)
{
+    if (id <= 0)
+    {
+        return BadRequest(new { message = "Invalid user ID" });
+    }
+
    bool success = await _userService.DeleteUserAsync(id).ConfigureAwait(false);
    return success ? NoContent() : NotFound(new { message = "User not found or deletion failed" });
}

7-9: Consider adding authorization to protect sensitive endpoints

Currently, there's no authorization applied to the controller or individual endpoints. Depending on your application's requirements, you should consider adding authorization attributes to restrict access to authenticated users or users with specific roles.

+using Microsoft.AspNetCore.Authorization;

namespace Api.Controllers;

[Route("api/[controller]")]
[ApiController]
+[Authorize] // Add this to restrict all endpoints to authenticated users
public class UserController : ControllerBase

Then you can also add role-based authorization to specific methods if needed:

[HttpDelete("{id}")]
[Authorize(Roles = "Admin")] // Only allow admins to delete users
public async Task<IActionResult> DeleteUser(int id)
{
    // Method implementation
}

Please check your authentication/authorization setup and adjust accordingly.

1-64: Consider adding logging for debugging and monitoring

Adding logging would help with debugging and monitoring in a production environment. Consider injecting an ILogger instance to log important events and possible errors.

using Core.Entities.DTOs;
using Core.Services.Interfaces;
using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;

namespace Api.Controllers;

[Route("api/[controller]")]
[ApiController]
public class UserController : ControllerBase
{
    private readonly IUserService _userService;
+    private readonly ILogger<UserController> _logger;

-    public UserController(IUserService userService)
+    public UserController(IUserService userService, ILogger<UserController> logger)
    {
        _userService = userService;
+        _logger = logger;
    }

    [HttpGet("{id}")]
    public async Task<IActionResult> GetUserById(int id)
    {
+        _logger.LogInformation("Getting user by ID: {UserId}", id);
        UserResponseDto? user = await _userService.GetUserByIdAsync(id).ConfigureAwait(false);
+        if (user == null)
+        {
+            _logger.LogWarning("User not found with ID: {UserId}", id);
+            return NotFound(new { message = "User not found" });
+        }
+        return Ok(user);
-        return user == null ? NotFound(new { message = "User not found" }) : Ok(user);
    }

    // Add similar logging to other methods
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 180824f and 1889ef7.

📒 Files selected for processing (1)
  • src/Api/Controllers/UserController.cs (1 hunks)

@osm-Jatin osm-Jatin force-pushed the feat/auto-mapper branch 2 times, most recently from c0e0fd0 to 11ef6ec Compare February 27, 2025 18:04
sameer-s-b
sameer-s-b requested changes Feb 27, 2025
View reviewed changes
Copy link
Member

@sameer-s-b sameer-s-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are comments from CodeRabbit to resolve. Please check

@osm-Jatin osm-Jatin changed the title feat: add role mapping and user profile dto transformation feat: add role and user mapping profiles Feb 27, 2025
coderabbitai[bot]
coderabbitai bot reviewed Mar 1, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (12)
src/Api/Middlewares/ExceptionHandlingMiddleware.cs (2)

86-86: Consider simplifying by removing the unnecessary method.

The SendJsonResponse() method simply returns the _jsonOptions field without adding any functionality. Consider removing this method and directly using _jsonOptions in line 72.

-JsonSerializerOptions options = SendJsonResponse();
-await context.Response.WriteAsJsonAsync(response, options).ConfigureAwait(false);
+await context.Response.WriteAsJsonAsync(response, _jsonOptions).ConfigureAwait(false);

76-78: Consider using structured logging for better log organization.

Replace string interpolation with structured logging parameters for better searchability and organization in your logging system:

-_logger.LogError($"Internal server exception: {exception.Message}");
-_logger.LogError($"Inner exception: {exception.InnerException}");
-_logger.LogError($"Exception stack trace: {exception.StackTrace}");
+_logger.LogError(exception, "Internal server exception occurred");

This approach logs the entire exception object, which includes message, inner exception, and stack trace in a structured way that most logging systems can parse better.

src/Core/Entities/DTOs/UserDTOs.cs (1)

26-26: Consider adding documentation for empty class

The UserUpdateDto class inherits from UserBaseDto without adding any properties, which is fine if updates use the same fields as the base. Consider adding a brief XML comment to explain the purpose of this empty class for future developers.

+/// <summary>
+/// DTO for updating user information. Contains all updatable fields from UserBaseDto.
+/// </summary>
 public class UserUpdateDto : UserBaseDto { }
src/Core/Entities/Models/UserLog.cs (2)

21-22: Consider adding an index for the foreign key.

The UserId foreign key would benefit from an index to improve query performance when filtering or joining on this column, especially for user activity reports or auditing.

[ForeignKey(nameof(UserId))]
+[Index]
public virtual User? User { get; private set; }

14-15: Consider using an enum for the Action property.

Using string literals for actions like "LOGIN" or "PASSWORD_RESET" could lead to inconsistencies. Consider using an enum to enforce valid values.

-[Required, Column("action")]
-public string Action { get; set; } = string.Empty; // LOGIN, PASSWORD_RESET, etc.
+[Required, Column("action")]
+public UserLogActionType Action { get; set; }

// Add this enum to the file
+public enum UserLogActionType
+{
+    Login,
+    PasswordReset,
+    // Add other action types as needed
+}
src/Core/Entities/Models/Role.cs (1)

15-16: Consider adding a unique constraint to the Name property.

Role names are typically unique within a system. Adding a unique constraint would prevent duplicate roles and improve data integrity.

-[Required, MaxLength(50), Column("name")]
+[Required, MaxLength(50), Column("name"), Index(IsUnique = true)]
public string Name { get; set; } = string.Empty;
src/Api/Migrations/20250227230301_InitialCreate.cs (1)

73-74: Consider adding a length constraint to the action column.

The action column is currently defined as longtext, which may be excessive for storing action types like "LOGIN" or "PASSWORD_RESET". Consider adding a length constraint to save storage space.

-action = table.Column<string>(type: "longtext", nullable: false)
+action = table.Column<string>(type: "varchar(50)", maxLength: 50, nullable: false)
src/Core/DataContext/DatabaseContext.cs (2)

17-42: Well-designed entity relationships with good comments.

The relationships between entities are properly configured with appropriate cascade delete behaviors. The global query filter for soft deletion of UserLogs is a good practice.

The commented example code (lines 35-41) provides helpful guidance on how to work with the query filters, but should be moved to documentation or a README file rather than remaining in the production code.

56-74: Consider refactoring timestamp update logic.

The current implementation uses a switch statement to update timestamps based on entity type. For better maintainability as you add more entity types, consider implementing a common interface (e.g., IHasTimestamps) that all timestamped entities implement, and modify the UpdateTimestamps method to work with this interface.

-        switch (entry.Entity)
-        {
-            case User user:
-                user.UpdateTimestamp();
-                break;
-            case Role role:
-                role.UpdateTimestamp();
-                break;
-            case UserLog userLog:
-                userLog.UpdateTimestamp();
-                break;
-        }
+        if (entry.Entity is IHasTimestamps entity)
+        {
+            entity.UpdateTimestamp();
+        }
src/Core/Services/RoleService.cs (2)

35-46: Consider adding more detailed error handling.

The method returns null when a role with the same name already exists, but doesn't provide any information about why the creation failed. Consider enhancing this by returning more detailed error information or throwing a specific exception with a descriptive message.

Additionally, ensure the AutoMapper profile has the appropriate mapping configuration for the conditional null handling mentioned in the PR description.

48-64: Consider adding validation for roleDto.

Before checking for existing roles, consider validating that the incoming roleDto has valid data (e.g., name is not empty). This validation could be part of a separate validator class using a pattern like FluentValidation to keep the service class focused on business logic.

src/Core/Repositories/RoleRepository.cs (1)

19-22: Consider concurrency tokens or row versions if concurrent updates are expected.
Currently, the repository doesn’t handle EF concurrency conflicts. This is typically fine for smaller applications, but if you foresee concurrent edits or deletions, adding concurrency tokens (row versions) can prevent silent overwrites.

Also applies to: 24-27, 29-32, 34-39, 41-45, 47-51

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1889ef7 and f681af4.

📒 Files selected for processing (22)
  • src/Api/Controllers/RoleController.cs (1 hunks)
  • src/Api/Controllers/UserController.cs (1 hunks)
  • src/Api/Middlewares/ExceptionHandlingMiddleware.cs (1 hunks)
  • src/Api/Migrations/20250227230301_InitialCreate.Designer.cs (1 hunks)
  • src/Api/Migrations/20250227230301_InitialCreate.cs (1 hunks)
  • src/Api/Migrations/DatabaseContextModelSnapshot.cs (1 hunks)
  • src/Api/Program.cs (1 hunks)
  • src/Core/Core.csproj (1 hunks)
  • src/Core/DataContext/DatabaseContext.cs (1 hunks)
  • src/Core/Entities/DTOs/RoleDTOs.cs (1 hunks)
  • src/Core/Entities/DTOs/UserDTOs.cs (1 hunks)
  • src/Core/Entities/Models/Role.cs (1 hunks)
  • src/Core/Entities/Models/User.cs (1 hunks)
  • src/Core/Entities/Models/UserLog.cs (1 hunks)
  • src/Core/Mappings/RoleMappingProfile.cs (1 hunks)
  • src/Core/Mappings/UserMappingProfile.cs (1 hunks)
  • src/Core/Repositories/Interfaces/IRoleRepository.cs (1 hunks)
  • src/Core/Repositories/RoleRepository.cs (1 hunks)
  • src/Core/Services/Interfaces/IRoleService.cs (1 hunks)
  • src/Core/Services/Interfaces/IUserService.cs (1 hunks)
  • src/Core/Services/RoleService.cs (1 hunks)
  • src/Core/Services/UserService.cs (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (9)
  • src/Core/Mappings/RoleMappingProfile.cs
  • src/Core/Core.csproj
  • src/Core/Mappings/UserMappingProfile.cs
  • src/Core/Services/Interfaces/IRoleService.cs
  • src/Core/Entities/Models/User.cs
  • src/Core/Services/Interfaces/IUserService.cs
  • src/Api/Migrations/DatabaseContextModelSnapshot.cs
  • src/Api/Controllers/RoleController.cs
  • src/Api/Controllers/UserController.cs
🧰 Additional context used
🧠 Learnings (4)
src/Core/Entities/DTOs/RoleDTOs.cs (1) 
Learnt from: osm-Jatin
PR: OsmosysSoftware/dotnet-foundation-v2#2
File: src/Core/Entities/DTOs/RoleDTOs.cs:0-0
Timestamp: 2025-03-01T04:59:30.467Z
Learning: The DTO classes for roles in the .NET Foundation project should use inheritance with a base class to avoid code duplication and ensure consistent validation. A `RoleBaseDto` abstract class should contain common properties like `Name` with validation attributes, and specific DTOs like `RoleCreateDto`, `RoleUpdateDto`, and `RoleResponseDto` should inherit from it.
src/Core/Repositories/Interfaces/IRoleRepository.cs (1) 
Learnt from: osm-Jatin
PR: OsmosysSoftware/dotnet-foundation-v2#3
File: src/Core/Repositories/RoleRepository.cs:34-39
Timestamp: 2025-03-01T11:03:11.068Z
Learning: The uniqueness check for role names is handled in the service layer (RoleService) rather than in the repository layer (RoleRepository). The RoleRepository provides a GetRoleByNameAsync method which the service uses to implement this business logic.
src/Core/Entities/DTOs/UserDTOs.cs (1) 
Learnt from: osm-Jatin
PR: OsmosysSoftware/dotnet-foundation-v2#2
File: src/Core/Entities/DTOs/RoleDTOs.cs:0-0
Timestamp: 2025-03-01T04:59:30.467Z
Learning: The DTO classes for roles in the .NET Foundation project should use inheritance with a base class to avoid code duplication and ensure consistent validation. A `RoleBaseDto` abstract class should contain common properties like `Name` with validation attributes, and specific DTOs like `RoleCreateDto`, `RoleUpdateDto`, and `RoleResponseDto` should inherit from it.
src/Core/Repositories/RoleRepository.cs (1) 
Learnt from: osm-Jatin
PR: OsmosysSoftware/dotnet-foundation-v2#3
File: src/Core/Repositories/RoleRepository.cs:34-39
Timestamp: 2025-03-01T11:03:11.068Z
Learning: The uniqueness check for role names is handled in the service layer (RoleService) rather than in the repository layer (RoleRepository). The RoleRepository provides a GetRoleByNameAsync method which the service uses to implement this business logic.
🔇 Additional comments (28)
src/Api/Program.cs (2)

50-54: Good practice for connection string validation!

Nice implementation of null checking for the database connection string. This proactive validation prevents cryptic runtime errors and provides a clear message about the configuration issue.

39-44: AutoMapper configuration aligns well with PR objectives.

The setup of AutoMapper with the RoleMappingProfile and UserMappingProfile perfectly aligns with the PR objectives of adding mapping profiles for handling User and Role entities.

src/Api/Middlewares/ExceptionHandlingMiddleware.cs (2)

10-25: Well-structured middleware implementation.

The middleware is properly implemented with constructor injection for dependencies and appropriate configuration of JSON serialization options. The use of JsonStringEnumConverter ensures that enums are serialized as strings rather than integers, which improves the readability of your API responses.

27-84: Comprehensive exception handling with appropriate status codes.

Excellent implementation of exception handling with specific catch blocks for different exception types. This ensures that clients receive appropriate HTTP status codes and error messages based on the type of exception that occurred.

The special handling for model validation errors in BadHttpRequestException is particularly valuable for providing detailed feedback on invalid requests.

src/Core/Entities/DTOs/UserDTOs.cs (3)

5-18: Well-structured base DTO with appropriate validation

The UserBaseDto class is designed well with proper validation attributes and non-null string defaults. The validation constraints look appropriate for each field: name fields limited to 100 characters, email with both validation and 255 character limit, and required RoleId.

20-24: Good password validation for user creation

The UserCreateDto properly extends the base DTO and adds password requirements with a reasonable minimum length of 8 characters. Also good practice to initialize the string property with empty string rather than leaving it nullable.

28-35: Role property in response DTO matches PR objectives

The UserResponseDto correctly uses a string Role property rather than an integer RoleId, which aligns with the PR objectives to map Role entities to their respective DTOs. This will enable the conditional mapping to "Unknown" when the Role is null (though that mapping logic would be defined in the mapper profile).

src/Core/Services/UserService.cs (6)

11-18: Good implementation of dependency injection

The constructor properly injects and stores the required dependencies. Using AutoMapper here aligns with the PR objectives of utilizing AutoMapper for entity-to-DTO transformations.

20-30: Clean implementation of user retrieval with null handling

The GetUserByIdAsync and GetUserByEmailAsync methods properly handle null cases and use AutoMapper for converting entities to DTOs. Good use of the null conditional operator and ConfigureAwait(false) for performance optimization.

38-50: Comprehensive user creation with validation

The AddUserAsync method properly:

  1. Checks for existing users with the same email
  2. Maps the DTO to entity
  3. Securely hashes passwords
  4. Explicitly sets the role

The explicit call to user.SetRole(userDto.RoleId) suggests there might be domain logic in the Role setting that the mapper doesn't handle.

52-69: Thorough update logic with appropriate validations

The update method properly checks for the user's existence and potential email conflicts before applying changes. The use of _mapper.Map(userDto, user) to update an existing entity is the correct approach with AutoMapper. The explicit role setting is consistent with the add method.

82-85: Secure password hashing

Good use of BCrypt for password hashing, which is a secure and industry-standard approach for password storage.

32-36: Efficient collection mapping

The GetAllUsersAsync method efficiently uses AutoMapper to transform collections of entities to DTOs in a single operation.

src/Core/Entities/DTOs/RoleDTOs.cs (2)

5-10: Well-designed base DTO with appropriate validation.

The abstract base class provides consistent validation across all role DTOs with clear error messages and appropriate length constraints for the Name property.

12-14: Good use of inheritance to promote code reuse.

The inheritance hierarchy is well structured:

  • RoleCreateDto and RoleUpdateDto inherit validation rules from the base class
  • RoleResponseDto extends the base with an Id property for API responses

This aligns with the previously established pattern of using inheritance to avoid code duplication and ensure consistent validation.

Also applies to: 16-18, 20-23

src/Core/Entities/Models/UserLog.cs (1)

8-38: Well-structured entity with appropriate database mappings.

The UserLog entity is well-designed with:

  • Proper column mappings and data annotations
  • Read-only navigation property to avoid UserId conflicts
  • Private setters for timestamps to control modification
  • Internal timestamp update method for EF Core
  • Soft delete functionality via Status property

The model follows best practices for Entity Framework Core entities.

src/Core/Entities/Models/Role.cs (1)

9-30: Well-designed entity with appropriate database mappings and navigation properties.

The Role entity follows best practices with:

  • Proper table and column mappings
  • Data annotations for validation (Required, MaxLength)
  • Timestamp fields with private setters
  • Soft delete functionality
  • Virtual collection for related Users

This design facilitates proper database mapping and relationships.

src/Api/Migrations/20250227230301_InitialCreate.cs (4)

18-35: Well-structured roles table creation.

The roles table is properly set up with appropriate column types, constraints, and character set.

36-66: Well-designed users table with proper foreign key relationship.

The users table includes:

  • Appropriate column definitions and constraints
  • A unique index on the email column (line 97-101)
  • Proper foreign key relationship to roles with ReferentialAction.Restrict

Using ReferentialAction.Restrict is a good choice when implementing soft delete functionality.

67-90: Well-structured user_logs table with proper constraints.

The user_logs table properly references the users table and includes appropriate columns for auditing purposes.

109-121: Properly ordered table deletion in Down method.

The tables are dropped in the correct order (user_logs → users → roles) to respect foreign key constraints.

src/Api/Migrations/20250227230301_InitialCreate.Designer.cs (1)

1-175: Review of migration file structure.

This is an auto-generated EF Core migration file that correctly defines the database schema. The relationships between Role, User, and UserLog entities are properly configured with appropriate constraints.

One observation regarding the PR objective: The User entity has a non-nullable RoleId field (lines 89-91), which means every User must have a Role at the database level. The PR mentions handling null roles by defaulting to "Unknown", but this would need to happen at the mapping layer since the database schema enforces that RoleId must have a value.

src/Core/Repositories/Interfaces/IRoleRepository.cs (1)

5-13: Well-structured repository interface.

The interface follows a clean repository pattern design with appropriate method signatures for CRUD operations. Methods correctly use nullable return types where appropriate, and async patterns are properly implemented.

Based on the retrieved learnings, this interface provides the GetRoleByNameAsync method that the service layer uses to implement role name uniqueness checks.

src/Core/Services/RoleService.cs (2)

14-21: Good dependency injection pattern.

The service properly injects the role repository and mapper, following dependency inversion principles.

23-27: Consistent use of AutoMapper.

The service correctly uses AutoMapper for entity-to-DTO mapping and properly handles null cases.

src/Core/Repositories/RoleRepository.cs (3)

24-27: Handle potential null name edge case.
If name is null, name.Equals(...) will throw an exception. To ensure robustness, check for null before attempting the comparison or use a safe helper method, especially if the calling code doesn’t guarantee non-null input.

A possible fix:

 public async Task<Role?> GetRoleByNameAsync(string name)
 {
+    if (string.IsNullOrWhiteSpace(name))
+    {
+        return null;
+    }
     return await _context.Roles
         .AsNoTracking()
-        .FirstOrDefaultAsync(r => r.Name.Equals(name, StringComparison.OrdinalIgnoreCase))
+        .FirstOrDefaultAsync(r => r.Name != null 
+                                  && r.Name.Equals(name, StringComparison.OrdinalIgnoreCase))
         .ConfigureAwait(false);
 }

29-32: Good use of AsNoTracking() for read operations.
This approach optimizes performance for queries that do not need to track entities, adhering to best practices for read-only data access.

1-52: Overall repository implementation looks solid.
The repository follows a clear structure and adheres to common patterns by abstracting CRUD operations. It integrates well with Entity Framework Core, and the methods are asynchronous with ConfigureAwait(false)—all of which indicate good maintainability.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@sameer-s-b sameer-s-b sameer-s-b requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@osm-Jatin @sameer-s-b