refactor: move dashboard summary from ecosystem to platform controller

[sujitaw]

What

• moved the dashboard/summary function from ecosystem controller to platform controller

Summary by CodeRabbit

• Refactor

  • Dashboard summary endpoint relocated to the platform area and now requires platform-administrator access.

• Bug Fixes

  • Verification flow now blocks use of the reserved admin client alias and returns a new error message when that alias is used.

[coderabbitai]

📝 Walkthrough

Walkthrough

Removed the dashboard summary endpoint from EcosystemController and reintroduced it on PlatformController with a corresponding PlatformService method; also added a ForbiddenException guard in user verification to block ADMIN_CLIENT_ALIAS and a new error message entry for that case.

Changes

Cohort / File(s)	Summary
Endpoint removed apps/api-gateway/src/ecosystem/ecosystem.controller.ts	Deleted GET /dashboard/summary handler and its Swagger decorators/guards.
Endpoint added apps/api-gateway/src/platform/platform.controller.ts	Added GET /ecosystem/dashboard/summary handler on PlatformController protected by JWT and EcosystemRolesGuard (PLATFORM_ADMIN) that returns platform dashboard payload.
Service addition apps/api-gateway/src/platform/platform.service.ts	Added getDashboardCountEcosystem(): Promise<IPlatformDashboardCount> invoking NATS get-platform-admin-dashboard-count; imported IPlatformDashboardCount.
Verification guard apps/user/src/user.service.ts	Added ForbiddenException and a check to block usage of ADMIN_CLIENT_ALIAS in verification mail flow (throws forbidden with adminAlias message).
Messages libs/common/src/response-messages/index.ts	Added ResponseMessages.error.adminAlias string used when admin alias usage is forbidden.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix/changes required for platform admin UI #1571: Overlaps movement/removal of GET /dashboard/summary from EcosystemController and related reimplementation on PlatformController/PlatformService.
• feat: platform admin and ecosystem #1551: Touches the same ecosystem dashboard summary endpoint relocation and interface usage.

Suggested reviewers

• shitrerohit

Poem

🐰
I hopped from branch to branch today,
Moved a dashboard on my way,
Platform guards now hold the key,
Admins watch the summary,
Hooray—new routes, a merry play!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately describes the main change: moving the getDashboardCountEcosystem endpoint from EcosystemController to PlatformController. The title is concise, specific, and directly reflects the primary refactoring work.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/update_permission_of_api_for_admin_portal

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/api-gateway/src/platform/platform.controller.ts`:
- Around line 340-341: The route method decorated with
`@Roles`(OrgRoles.PLATFORM_ADMIN) currently uses EcosystemRolesGuard; replace that
guard with OrgRolesGuard so this endpoint uses the same org-role check as other
platform-admin routes. Update the method decorators to
`@UseGuards`(AuthGuard('jwt'), OrgRolesGuard) (replacing EcosystemRolesGuard) to
ensure consistent authorization behavior for the PLATFORM_ADMIN-protected
endpoint.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e129f798-e969-489c-be7e-aea236cc320d

📥 Commits

Reviewing files that changed from the base of the PR and between 1d4c59b and c73c811.

📒 Files selected for processing (3)

• apps/api-gateway/src/ecosystem/ecosystem.controller.ts
• apps/api-gateway/src/platform/platform.controller.ts
• apps/api-gateway/src/platform/platform.service.ts

💤 Files with no reviewable changes (1)

• apps/api-gateway/src/ecosystem/ecosystem.controller.ts

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (1)

apps/user/src/user.service.ts (1)

141-145: Move the ADMIN alias guard before fetching credentials.

The validation against ADMIN_CLIENT_ALIAS occurs after calling getCredentialsByAlias(clientAlias) on line 141. If the alias is forbidden, the credentials lookup is wasted work. Move the guard before line 141 to fail fast.

♻️ Proposed refactor to fail fast

+      if (process.env.ADMIN_CLIENT_ALIAS === clientAlias) {
+        throw new ForbiddenException(ResponseMessages.user.error.adminAlias);
+      }
+
       const clientDetails = await getCredentialsByAlias(clientAlias);

-      if (process.env.ADMIN_CLIENT_ALIAS === clientAlias) {
-        throw new ForbiddenException(ResponseMessages.user.error.adminAlias);
-      }
       try {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/user/src/user.service.ts` around lines 141 - 145, The code fetches
credentials via getCredentialsByAlias(clientAlias) before checking the
ADMIN_CLIENT_ALIAS guard; move the guard that compares
process.env.ADMIN_CLIENT_ALIAS to clientAlias (the check that throws new
ForbiddenException(ResponseMessages.user.error.adminAlias)) to run before
calling getCredentialsByAlias so the function fails fast and avoids the
unnecessary credentials lookup.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@apps/user/src/user.service.ts`:
- Around line 141-145: The code fetches credentials via
getCredentialsByAlias(clientAlias) before checking the ADMIN_CLIENT_ALIAS guard;
move the guard that compares process.env.ADMIN_CLIENT_ALIAS to clientAlias (the
check that throws new
ForbiddenException(ResponseMessages.user.error.adminAlias)) to run before
calling getCredentialsByAlias so the function fails fast and avoids the
unnecessary credentials lookup.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 92df1b0a-fb78-48c6-beba-8eab71cc736e

📥 Commits

Reviewing files that changed from the base of the PR and between c73c811 and bdd27a8.

📒 Files selected for processing (2)

• apps/user/src/user.service.ts
• libs/common/src/response-messages/index.ts