Phase 1 — Core System & Security Modules#

Duration: ~6–8 weeks. Depends on: Phase 0. Why first? Every other module needs working access control, system settings, and audit logging.

Modules#

  • User Access Information
  • Group Setup
  • Login Activity tracking
  • System Settings
  • License Information
  • UI Conventions / Main Menu Navigator
  • Global Search
  • Self-guided help / tutorial
  • Favorites
  • MX Chat
  • Calendar

Tasks#

  • Wire group → role/claim mapping in the Auth API (finish what Phase 0 stubbed).
  • Confirm legacy password hash format against staging, flip UseLegacyPasswordHash on, prove rehash-on-login.
  • Refactor SystemSettings, LicenseInfo, Group, UserAccess helpers into services behind REST endpoints.
  • Build search API + calendar API + activity-log API.
  • Integrate every module with the Auth API for permission checks.
  • Feature flags so old and new run in parallel per module.

Exit criteria#

  • A user can log in through the new Auth API and see their real roles / permissions.
  • System Settings, Group Setup, and Login Activity are servable from the new API and match legacy output.
  • Feature-flag mechanism is proven end-to-end.
  • Rollback plan documented for each module.

Risks#

  • Legacy password hash format may not match what we assumed. Confirming this early is a Phase 0 → Phase 1 gate.
  • Group / permission model is spread across AspMnxGroup, AspnetMembership, MnxUser*. The mapping is not trivial and needs a design doc before code.