Phase 1 — Core System & Security Modules#
Duration: ~6–8 weeks. Depends on: Phase 0. Why first? Every other module needs working access control, system settings, and audit logging.
Modules#
- User Access Information
- Group Setup
- Login Activity tracking
- System Settings
- License Information
- UI Conventions / Main Menu Navigator
- Global Search
- Self-guided help / tutorial
- Favorites
- MX Chat
- Calendar
Tasks#
- Wire group → role/claim mapping in the Auth API (finish what Phase 0 stubbed).
- Confirm legacy password hash format against staging, flip
UseLegacyPasswordHashon, prove rehash-on-login. - Refactor
SystemSettings,LicenseInfo,Group,UserAccesshelpers into services behind REST endpoints. - Build search API + calendar API + activity-log API.
- Integrate every module with the Auth API for permission checks.
- Feature flags so old and new run in parallel per module.
Exit criteria#
- A user can log in through the new Auth API and see their real roles / permissions.
- System Settings, Group Setup, and Login Activity are servable from the new API and match legacy output.
- Feature-flag mechanism is proven end-to-end.
- Rollback plan documented for each module.
Risks#
- Legacy password hash format may not match what we assumed. Confirming this early is a Phase 0 → Phase 1 gate.
- Group / permission model is spread across
AspMnxGroup,AspnetMembership,MnxUser*. The mapping is not trivial and needs a design doc before code.