Redesign user management interface with improved side pane and enhanced permissions

application/account-management/Api/Endpoints/TenantEndpoints.cs

@@ -19,7 +19,7 @@ public void MapEndpoints(IEndpointRouteBuilder routes)
         ).Produces<TenantResponse>();
 
         group.MapPut("/current", async Task<ApiResult> (UpdateCurrentTenantCommand command, IMediator mediator)
-            => await mediator.Send(command)
+            => (await mediator.Send(command)).AddRefreshAuthenticationTokens()
         );
 
         routes.MapDelete("/internal-api/account-management/tenants/{id}", async Task<ApiResult> (TenantId id, IMediator mediator)

application/account-management/Api/Endpoints/UserEndpoints.cs

@@ -18,6 +18,10 @@ public void MapEndpoints(IEndpointRouteBuilder routes)
             => await mediator.Send(query)
         ).Produces<UsersResponse>();
 
+        group.MapGet("/{id}", async Task<ApiResult<UserDetails>> (UserId id, IMediator mediator)
+            => await mediator.Send(new GetUserByIdQuery(id))
+        ).Produces<UserDetails>();
+
         group.MapGet("/summary", async Task<ApiResult<UserSummaryResponse>> (IMediator mediator)
             => await mediator.Send(new GetUserSummaryQuery())
         ).Produces<UserSummaryResponse>();

application/account-management/Core/Configuration.cs

@@ -23,13 +23,14 @@
     {
         services.AddHttpClient<GravatarClient>(client =>
             {
                 client.BaseAddress = new Uri("https://gravatar.com/");
                 client.Timeout = TimeSpan.FromSeconds(5);
             }
         );
 
         return services
             .AddSharedServices<AccountManagementDbContext>(Assembly)
-            .AddScoped<AvatarUpdater>();
+            .AddScoped<AvatarUpdater>()
+            .AddScoped<UserInfoFactory>();
     }
 }

application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs

@@ -1,11 +1,9 @@
 using JetBrains.Annotations;
-using Mapster;
 using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.AccountManagement.Integrations.Gravatar;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
@@ -19,9 +17,10 @@
     public LoginId Id { get; init; } = null!;
 }
 
 public sealed class CompleteLoginHandler(
     IUserRepository userRepository,
     ILoginRepository loginRepository,
+    UserInfoFactory userInfoFactory,
     AuthenticationTokenService authenticationTokenService,
     IMediator mediator,
     AvatarUpdater avatarUpdater,
@@ -65,7 +64,7 @@
             var gravatar = await gravatarClient.GetGravatar(user.Id, user.Email, cancellationToken);
             if (gravatar is not null)
             {
                 if (await avatarUpdater.UpdateAvatar(user, true, gravatar.ContentType, gravatar.Stream, cancellationToken))
                 {
                     events.CollectEvent(new GravatarUpdated(gravatar.Stream.Length));
                 }
@@ -75,7 +74,8 @@
         login.MarkAsCompleted();
         loginRepository.Update(login);
 
-        authenticationTokenService.CreateAndSetAuthenticationTokens(user.Adapt<UserInfo>());
+        var userInfo = await userInfoFactory.CreateUserInfoAsync(user, cancellationToken);
+        authenticationTokenService.CreateAndSetAuthenticationTokens(userInfo);
 
         events.CollectEvent(new LoginCompleted(user.Id, completeEmailConfirmationResult.Value!.ConfirmationTimeInSeconds));
 

application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs

@@ -1,10 +1,9 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using JetBrains.Annotations;
-using Mapster;
 using Microsoft.AspNetCore.Http;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
+using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Domain;
@@ -17,6 +16,7 @@
 
 public sealed class RefreshAuthenticationTokensHandler(
     IUserRepository userRepository,
+    UserInfoFactory userInfoFactory,
     IHttpContextAccessor httpContextAccessor,
     AuthenticationTokenService authenticationTokenService,
     ITelemetryEventsCollector events,
@@ -31,7 +31,7 @@
         if (!UserId.TryParse(httpContext.User.FindFirstValue(ClaimTypes.NameIdentifier), out var userId))
         {
             logger.LogWarning("No valid 'sub' claim found in refresh token");
             return Result.Unauthorized("Invalid refresh token");
         }
 
         if (!RefreshTokenId.TryParse(httpContext.User.FindFirstValue("rtid"), out var refreshTokenId))
@@ -75,9 +75,10 @@
             return Result.Unauthorized($"No user found with user id {userId} found.");
         }
 
         // TODO: Check if the refreshTokenId exists in the database and if the jwtId and refreshTokenVersion are valid
 
-        authenticationTokenService.RefreshAuthenticationTokens(user.Adapt<UserInfo>(), refreshTokenId, refreshTokenVersion, refreshTokenExpires);
+        var userInfo = await userInfoFactory.CreateUserInfoAsync(user, cancellationToken);
+        authenticationTokenService.RefreshAuthenticationTokens(userInfo, refreshTokenId, refreshTokenVersion, refreshTokenExpires);
         events.CollectEvent(new AuthenticationTokensRefreshed());
 
         return Result.Success();

application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs

@@ -1,10 +1,9 @@
 using JetBrains.Annotations;
-using Mapster;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
 using PlatformPlatform.AccountManagement.Features.Tenants.Commands;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
+using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
@@ -20,6 +19,7 @@ public sealed record CompleteSignupCommand(string OneTimePassword, string Prefer
 
 public sealed class CompleteSignupHandler(
     IUserRepository userRepository,
+    UserInfoFactory userInfoFactory,
     AuthenticationTokenService authenticationTokenService,
     IMediator mediator,
     ITelemetryEventsCollector events
@@ -42,7 +42,8 @@ public async Task<Result> Handle(CompleteSignupCommand command, CancellationToke
         if (!createTenantResult.IsSuccess) return Result.From(createTenantResult);
 
         var user = await userRepository.GetByIdAsync(createTenantResult.Value!.UserId, cancellationToken);
-        authenticationTokenService.CreateAndSetAuthenticationTokens(user!.Adapt<UserInfo>());
+        var userInfo = await userInfoFactory.CreateUserInfoAsync(user!, cancellationToken);
+        authenticationTokenService.CreateAndSetAuthenticationTokens(userInfo);
 
         events.CollectEvent(
             new SignupCompleted(createTenantResult.Value.TenantId, completeEmailConfirmationResult.Value!.ConfirmationTimeInSeconds)

application/account-management/Core/Features/Tenants/Commands/UpdateCurrentTenant.cs

@@ -1,7 +1,9 @@
 using FluentValidation;
 using JetBrains.Annotations;
 using PlatformPlatform.AccountManagement.Features.Tenants.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.SharedKernel.Cqrs;
+using PlatformPlatform.SharedKernel.ExecutionContext;
 using PlatformPlatform.SharedKernel.Telemetry;
 
 namespace PlatformPlatform.AccountManagement.Features.Tenants.Commands;
@@ -20,11 +22,19 @@ public UpdateCurrentTenantValidator()
     }
 }
 
-public sealed class UpdateTenantHandler(ITenantRepository tenantRepository, ITelemetryEventsCollector events)
-    : IRequestHandler<UpdateCurrentTenantCommand, Result>
+public sealed class UpdateTenantHandler(
+    ITenantRepository tenantRepository,
+    IExecutionContext executionContext,
+    ITelemetryEventsCollector events
+) : IRequestHandler<UpdateCurrentTenantCommand, Result>
 {
     public async Task<Result> Handle(UpdateCurrentTenantCommand command, CancellationToken cancellationToken)
     {
+        if (executionContext.UserInfo.Role != UserRole.Owner.ToString())
+        {
+            return Result.Forbidden("Only owners are allowed to update tenant information.");
+        }
+
         var tenant = await tenantRepository.GetCurrentTenantAsync(cancellationToken);
 
         tenant.Update(command.Name);

application/account-management/Core/Features/Users/Domain/UserRepository.cs

@@ -22,7 +22,7 @@
 
     Task<User[]> GetByIdsAsync(UserId[] ids, CancellationToken cancellationToken);
 
     Task<(User[] Users, int TotalItems, int TotalPages)> Search(
         string? search,
         UserRole? userRole,
         UserStatus? userStatus,
@@ -103,7 +103,7 @@
         return (summary.TotalUsers, summary.ActiveUsers, summary.PendingUsers);
     }
 
     public async Task<(User[] Users, int TotalItems, int TotalPages)> Search(
         string? search,
         UserRole? userRole,
         UserStatus? userStatus,
@@ -158,15 +158,28 @@
                 ? users.OrderBy(u => u.ModifiedAt)
                 : users.OrderByDescending(u => u.ModifiedAt),
             SortableUserProperties.Name => sortOrder == SortOrder.Ascending
-                ? users.OrderBy(u => u.FirstName).ThenBy(u => u.LastName)
-                : users.OrderByDescending(u => u.FirstName).ThenByDescending(u => u.LastName),
+                ? users.OrderBy(u => u.FirstName == null ? 1 : 0)
+                    .ThenBy(u => u.FirstName)
+                    .ThenBy(u => u.LastName == null ? 1 : 0)
+                    .ThenBy(u => u.LastName)
+                    .ThenBy(u => u.Email)
+                : users.OrderBy(u => u.FirstName == null ? 0 : 1)
+                    .ThenByDescending(u => u.FirstName)
+                    .ThenBy(u => u.LastName == null ? 0 : 1)
+                    .ThenByDescending(u => u.LastName)
+                    .ThenBy(u => u.Email),
             SortableUserProperties.Email => sortOrder == SortOrder.Ascending
                 ? users.OrderBy(u => u.Email)
                 : users.OrderByDescending(u => u.Email),
             SortableUserProperties.Role => sortOrder == SortOrder.Ascending
                 ? users.OrderBy(u => u.Role)
                 : users.OrderByDescending(u => u.Role),
             _ => users
+                .OrderBy(u => u.FirstName == null ? 1 : 0)
+                .ThenBy(u => u.FirstName)
+                .ThenBy(u => u.LastName == null ? 1 : 0)
+                .ThenBy(u => u.LastName)
+                .ThenBy(u => u.Email)
         };
 
         pageSize ??= 50;

application/account-management/Core/Features/Users/Queries/GetUserById.cs

@@ -0,0 +1,26 @@
+using JetBrains.Annotations;
+using Mapster;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
+using PlatformPlatform.SharedKernel.Cqrs;
+using PlatformPlatform.SharedKernel.Domain;
+
+namespace PlatformPlatform.AccountManagement.Features.Users.Queries;
+
+[PublicAPI]
+public sealed record GetUserByIdQuery(UserId Id) : IRequest<Result<UserDetails>>;
+
+public sealed class GetUserByIdHandler(IUserRepository userRepository)
+    : IRequestHandler<GetUserByIdQuery, Result<UserDetails>>
+{
+    public async Task<Result<UserDetails>> Handle(GetUserByIdQuery query, CancellationToken cancellationToken)
+    {
+        var user = await userRepository.GetByIdAsync(query.Id, cancellationToken);
+
+        if (user is null)
+        {
+            return Result<UserDetails>.NotFound($"User with ID '{query.Id}' not found.");
+        }
+
+        return user.Adapt<UserDetails>();
+    }
+}

application/account-management/Core/Features/Users/Shared/UserInfoFactory.cs

@@ -0,0 +1,38 @@
+using PlatformPlatform.AccountManagement.Features.Tenants.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
+using PlatformPlatform.SharedKernel.Authentication;
+
+namespace PlatformPlatform.AccountManagement.Features.Users.Shared;
+
+/// <summary>
+///     Factory for creating UserInfo instances with tenant information.
+///     Centralizes the logic for creating UserInfo to follow SRP and avoid duplication.
+/// </summary>
+public sealed class UserInfoFactory(ITenantRepository tenantRepository)
+{
+    /// <summary>
+    ///     Creates a UserInfo instance from a User entity, including tenant name.
+    /// </summary>
+    /// <param name="user">The user entity</param>
+    /// <param name="cancellationToken">Cancellation token</param>
+    /// <returns>UserInfo with all required properties including tenant name</returns>
+    public async Task<UserInfo> CreateUserInfoAsync(User user, CancellationToken cancellationToken)
+    {
+        var tenant = await tenantRepository.GetByIdAsync(user.TenantId, cancellationToken);
+
+        return new UserInfo
+        {
+            IsAuthenticated = true,
+            Id = user.Id,
+            TenantId = user.TenantId,
+            Role = user.Role.ToString(),
+            Email = user.Email,
+            FirstName = user.FirstName,
+            LastName = user.LastName,
+            Title = user.Title,
+            AvatarUrl = user.Avatar.Url,
+            TenantName = tenant?.Name,
+            Locale = user.Locale
+        };
+    }
+}

application/account-management/Tests/Tenants/UpdateCurrentTenantTests.cs

@@ -47,4 +47,19 @@ public async Task UpdateCurrentTenant_WhenInvalid_ShouldReturnBadRequest()
 
         TelemetryEventsCollectorSpy.AreAllEventsDispatched.Should().BeFalse();
     }
+
+    [Fact]
+    public async Task UpdateCurrentTenant_WhenNonOwner_ShouldReturnForbidden()
+    {
+        // Arrange
+        var command = new UpdateCurrentTenantCommand { Name = Faker.TenantName() };
+
+        // Act
+        var response = await AuthenticatedMemberHttpClient.PutAsJsonAsync("/api/account-management/tenants/current", command);
+
+        // Assert
+        await response.ShouldHaveErrorStatusCode(HttpStatusCode.Forbidden, "Only owners are allowed to update tenant information.");
+
+        TelemetryEventsCollectorSpy.AreAllEventsDispatched.Should().BeFalse();
+    }
 }

application/account-management/Tests/Users/GetUserByIdTests.cs

@@ -0,0 +1,85 @@
+using System.Net;
+using System.Text.Json;
+using FluentAssertions;
+using PlatformPlatform.AccountManagement.Database;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Queries;
+using PlatformPlatform.SharedKernel.Domain;
+using PlatformPlatform.SharedKernel.Tests;
+using PlatformPlatform.SharedKernel.Tests.Persistence;
+using Xunit;
+
+namespace PlatformPlatform.AccountManagement.Tests.Users;
+
+public sealed class GetUserByIdTests : EndpointBaseTest<AccountManagementDbContext>
+{
+    private readonly UserId _userId = UserId.NewId();
+
+    public GetUserByIdTests()
+    {
+        Connection.Insert("Users", [
+                ("TenantId", DatabaseSeeder.Tenant1.Id.ToString()),
+                ("Id", _userId.ToString()),
+                ("CreatedAt", TimeProvider.System.GetUtcNow().AddMinutes(-10)),
+                ("ModifiedAt", null),
+                ("Email", Faker.Internet.Email()),
+                ("FirstName", Faker.Name.FirstName()),
+                ("LastName", Faker.Name.LastName()),
+                ("Title", Faker.Name.JobTitle()),
+                ("Role", UserRole.Member.ToString()),
+                ("EmailConfirmed", true),
+                ("Avatar", JsonSerializer.Serialize(new Avatar())),
+                ("Locale", "en-US")
+            ]
+        );
+    }
+
+    [Fact]
+    public async Task GetUserById_WhenUserExists_ShouldReturnUserDetails()
+    {
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.GetAsync($"/api/account-management/users/{_userId}");
+
+        // Assert
+        response.ShouldBeSuccessfulGetRequest();
+        var userDetails = await response.DeserializeResponse<UserDetails>();
+        userDetails.Should().NotBeNull();
+        userDetails.Id.Should().Be(_userId);
+    }
+
+    [Fact]
+    public async Task GetUserById_WhenUserDoesNotExist_ShouldReturnNotFound()
+    {
+        // Arrange
+        var nonExistentUserId = UserId.NewId();
+
+        // Act
+        var response = await AuthenticatedOwnerHttpClient.GetAsync($"/api/account-management/users/{nonExistentUserId}");
+
+        // Assert
+        await response.ShouldHaveErrorStatusCode(HttpStatusCode.NotFound, $"User with ID '{nonExistentUserId}' not found.");
+    }
+
+    [Fact]
+    public async Task GetUserById_WhenMemberTriesToAccessOtherUser_ShouldSucceed()
+    {
+        // Act
+        var response = await AuthenticatedMemberHttpClient.GetAsync($"/api/account-management/users/{_userId}");
+
+        // Assert
+        response.ShouldBeSuccessfulGetRequest();
+        var userDetails = await response.DeserializeResponse<UserDetails>();
+        userDetails.Should().NotBeNull();
+        userDetails.Id.Should().Be(_userId);
+    }
+
+    [Fact]
+    public async Task GetUserById_WhenNotAuthenticated_ShouldReturnUnauthorized()
+    {
+        // Act
+        var response = await AnonymousHttpClient.GetAsync($"/api/account-management/users/{_userId}");
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+    }
+}