Dragon Guard is a multi-tenant warehouse management API where every operational entity — items, bins, stock, receipts, shipments, movements, and RFID tags — is strictly scoped to aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
CompanyId. Each authenticated request must carry a resolvable company context, and the server validates that the caller actually has access to that tenant before processing any operation.
Data Isolation
All operational tables carry aCompanyId column. No cross-tenant query can succeed through normal controller paths; the company context is resolved and enforced at the base-controller level before any business logic runs.
Company context resolution
ApiControllerBase.ResolveCompanyId determines the company context for each request using the following priority order:
Query parameter
If a
companyId query parameter is present, it is parsed as a GUID and validated against the caller’s access list.X-Company-Id header
If no query parameter is found, the
X-Company-Id request header is checked and parsed.CompanyId, it must also appear in the caller’s company_access JWT claims. HasCompanyAccess enforces this check:
SUPERADMIN_SUPREMO bypasses the company_access list entirely because IsSupremeAdmin is true when the JWT contains isSuperAdmin = true.
Regular WMS controllers are strictly tenant-scoped and are not opened to arbitrary cross-company reads, even for SUPERADMIN_SUPREMO. Supreme-only operations are exclusively exposed under
/api/supreme/*.User–Tenant Assignment Rules
- A non-supreme user belongs to exactly one tenant. Attempting to assign a user to a second tenant returns
USER_ALREADY_ASSIGNED_TO_OTHER_TENANT. SUPERADMIN_SUPREMOhas no operational tenant. Attempting to assign one back returnsSUPERADMIN_CANNOT_HAVE_TENANT.- If historical data has incorrectly assigned a user to multiple tenants, login is blocked until the conflict is resolved by a supreme administrator.
Tenant Lifecycle Enforcement
Dragon Guard enforces tenant status both at login time and on every subsequent request.Login checks
Non-supreme users are rejected at login if:company.IsActive = false, orcompany.Status != "Active"
Per-request middleware
A middleware registered inProgram.cs re-validates the tenant’s active status on every /api/* request. This means tokens issued before a suspension do not remain valid — the next call will be refused.
| Exempt prefix | Reason |
|---|---|
/api/auth | Login and token refresh must still work |
/api/plans | Tenant must be able to view plan information |
/api/supreme | Supreme admin operations are always permitted |
GET, HEAD, and OPTIONS requests are always allowed for read-only tenants. Only mutating methods (POST, PUT, PATCH, DELETE) are blocked when a plan is in read-only status.
Company Status Model
| Status | IsActive | Behavior |
|---|---|---|
| Active | true | Full access; all operations permitted |
| Inactive | false | Login blocked; all API requests rejected with 403 |
| Suspended | false | Login blocked; write operations return 402; reads may be restricted by plan |
SUPERADMIN_SUPREMO through the /api/supreme/* endpoints.
Operational vs. Supreme Isolation
| Path prefix | Who can access |
|---|---|
/api/* (non-supreme) | Authenticated tenant users scoped to their CompanyId |
/api/supreme/* | SUPERADMIN_SUPREMO only — all other callers receive 403 |
EnsureSupremeAccess() is called at the start of every supreme controller action: