Spaces:
Running
Running
| # Employee System User Integration | |
| ## Overview | |
| This document describes the implementation of automatic system user creation when an employee is created with the `is_system_user` flag set to `true`. | |
| ## Implementation Details | |
| ### 1. Schema Changes | |
| #### Employee Create Schema (`EmployeeCreate`) | |
| - Added `is_system_user: bool` field with default value `False` | |
| - When set to `True`, triggers system user creation after employee creation | |
| #### Employee Update Schema (`EmployeeUpdate`) | |
| - Added `is_system_user: Optional[bool]` field for updates | |
| #### Employee Response Schema (`EmployeeResponse`) | |
| - Added `is_system_user: bool` field to include in responses | |
| #### Employee Model (`EmployeeModel`) | |
| - Added `is_system_user: bool` field for database storage | |
| ### 2. Service Layer Changes | |
| #### Employee Service (`EmployeeService`) | |
| **Modified `create_employee` method:** | |
| - After successful employee creation, checks if `is_system_user` is `True` | |
| - If true, calls `_create_employee_system_user` method | |
| - System user creation failure doesn't fail employee creation (logged as error) | |
| **Added `_create_employee_system_user` method:** | |
| - Creates a system user in the `SCM_SYSTEM_USERS` collection | |
| - Generates username from employee code (lowercase, hyphens → underscores) | |
| - Creates temporary password with format `Temp@{random_token}` | |
| - Maps employee designation to role_id | |
| - Stores employee metadata in system user record | |
| ### 3. System User Creation Logic | |
| When `is_system_user=True`, the following system user is created: | |
| ```python | |
| { | |
| "username": "emp_test_001", # from employee_code | |
| "email": "employee@company.com", # same as employee | |
| "password": "Temp@{random}", # temporary password | |
| "full_name": "First Last", # from employee name | |
| "role_id": "role_asm", # from designation | |
| "merchant_id": "created_by_value", # from created_by | |
| "metadata": { | |
| "employee_user_id": "usr_xxx", | |
| "employee_code": "EMP-TEST-001", | |
| "designation": "ASM", | |
| "created_from": "employee_creation" | |
| } | |
| } | |
| ``` | |
| ### 4. Role Mapping | |
| Employee designations are mapped to system user roles: | |
| - `ASM` → `role_asm` | |
| - `SALES_EXECUTIVE` → `role_sales_executive` | |
| - etc. | |
| ### 5. Error Handling | |
| - System user creation errors are logged but don't fail employee creation | |
| - Employee record is always created successfully | |
| - System user creation can be retried separately if needed | |
| ## Usage Examples | |
| ### Creating Employee with System User | |
| ```python | |
| employee_data = EmployeeCreate( | |
| employee_code="EMP-MUM-001", | |
| first_name="John", | |
| last_name="Doe", | |
| email="john.doe@company.com", | |
| phone="+919876543210", | |
| designation=Designation.ASM, | |
| base_city="Mumbai", | |
| base_state="Maharashtra", | |
| doj=date.today(), | |
| emergency_contact={ | |
| "name": "Jane Doe", | |
| "relation": "Spouse", | |
| "phone": "+919876543211" | |
| }, | |
| is_system_user=True, # This triggers system user creation | |
| created_by="admin_001" | |
| ) | |
| employee = await EmployeeService.create_employee(employee_data) | |
| ``` | |
| ### Creating Employee without System User | |
| ```python | |
| employee_data = EmployeeCreate( | |
| # ... same fields ... | |
| is_system_user=False, # No system user created | |
| created_by="admin_001" | |
| ) | |
| employee = await EmployeeService.create_employee(employee_data) | |
| ``` | |
| ## API Response | |
| The employee response now includes the `is_system_user` field: | |
| ```json | |
| { | |
| "user_id": "usr_01HZQX5K3N2P8R6T4V9W", | |
| "employee_code": "EMP-MUM-001", | |
| "first_name": "John", | |
| "last_name": "Doe", | |
| "email": "john.doe@company.com", | |
| "designation": "ASM", | |
| "is_system_user": true, | |
| "status": "onboarding", | |
| "created_by": "admin_001", | |
| "created_at": "2023-01-10T08:00:00Z" | |
| } | |
| ``` | |
| ## Testing | |
| Use the provided test script to verify the functionality: | |
| ```bash | |
| cd cuatrolabs-scm-ms | |
| python test_employee_system_user_creation.py | |
| ``` | |
| ## Security Considerations | |
| 1. **Temporary Passwords**: System users are created with temporary passwords that should be changed on first login | |
| 2. **Role Mapping**: Ensure proper role mapping for security permissions | |
| 3. **Metadata Tracking**: Employee-system user relationship is tracked via metadata | |
| 4. **Error Isolation**: System user creation failures don't affect employee creation | |
| ## Future Enhancements | |
| 1. **Email Notifications**: Send temporary password via secure email | |
| 2. **Role Customization**: Allow custom role assignment during employee creation | |
| 3. **Bulk Operations**: Support bulk employee creation with system users | |
| 4. **Audit Trail**: Enhanced logging for system user creation events |