Dragon Guard WMS Web is an Angular 15 + PrimeNG 15 administrative frontend built on a Sakai shell and branded for Grupo MAS. It owns the document-management surface of the Warehouse Management System — creating and maintaining items, receipts, shipments, movements, and sales orders — while physical execution (posting received goods, confirming shipments on the floor) is exclusively the responsibility of the MAUI handheld application. The backend (.NETDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_WEB/llms.txt
Use this file to discover all available pages before exploring further.
Wms.Api) is the single source of truth shared by both clients.
Three-Tier Ecosystem
Folder Structure
The entire application lives undersrc/app/. Each top-level folder has a single, well-scoped concern:
The
supreme/ module is only ever loaded for users with the SUPERADMIN_SUPREMO role. Company admins never see this module, and the route guard rejects direct-URL access even if a user somehow navigates there.Lazy Module Loading
All business areas are lazy-loaded from the root router, which keeps the initial bundle small and isolates each domain:/dashboard requires at minimum a valid authenticated session (authGuard). Privileged sub-trees layer additional guards on top.
Central Service Rule
All outbound HTTP calls must go throughWmsService (located at src/app/layout/service/wms.service.ts). This service:
- Reads the base URL from
environment.apiUrl - Resolves
companyIdfrom the authenticated session automatically - Provides typed methods for every backend resource
HttpClient calls directly. Centralising HTTP in one place makes it straightforward to update base URLs, add request transforms, and trace all API traffic in a single file.
Authentication Flow
User submits credentials
The login screen calls
POST /api/Auth/login via AuthService (src/app/core/service/auth.service.ts). No JWT interceptor is applied to this call.Token stored in sessionStorage
On success, the JWT and session metadata (
active_company_id, active_role, is_supreme_admin) are written to sessionStorage. localStorage is never used — tokens are cleared automatically when the browser tab closes.JWT interceptor attaches Bearer header
An
HttpInterceptor in core/ reads the token from sessionStorage and appends Authorization: Bearer <token> to every subsequent request. The interceptor skips the login endpoint to avoid circular headers.Role-based redirect
After login,
AuthService inspects is_supreme_admin. SUPERADMIN_SUPREMO users are redirected to /dashboard/supreme; all others land on /dashboard.Route Guards
| Guard | Applied to | Required condition |
|---|---|---|
authGuard | /dashboard/** | Valid JWT in sessionStorage |
adminGuard | /dashboard/admin/** | Role ADMIN or higher |
supremeGuard | /dashboard/supreme/** | Role SUPERADMIN_SUPREMO |
401 or 403.
Key Architectural Constraint: No Posting from Web
The web application is strictly a document-management client. Physical warehouse operations — receiving goods against a receipt, confirming shipment lines, performing cycle counts — are executed exclusively by the MAUI handheld application. The following actions are forbidden from the Angular frontend:- Calling any stock-manipulation endpoint
- Calling any posting or confirmation endpoint
- Bypassing backend validation with client-side pre-processing
- Accessing data belonging to another company (cross-tenant reads)
Multitenancy
How Dragon Guard separates tenant-scoped WMS screens from the global SaaS surface, including session keys, service split, and role-based routing.
API Contracts
Endpoint inventory, contract stability rules, error codes, and the versioning strategy shared by the Angular frontend, .NET backend, and MAUI handheld.