Tenant user deactivation hardening & user UI

- Enforce backend guardrails: block self-deactivation, admin-on-admin deactivation, and ensure at least one active admin per tenant in `UserService.ToggleStatusAsync`
- Add audit logging for all deactivation attempts (success/failure)
- Add Blazor user management pages with matching frontend guardrails
- Update navigation to include Users page
- Bump System.IdentityModel.Tokens.Jwt to 8.15.0; add to Blazor project
- Document deactivation rules and rationale in knowledge base
- Minor Blazor project and analyzer suppressions update

Author: iammukeshm

src/Directory.Packages.props

@@ -84,7 +84,7 @@
     <PackageVersion Include="SonarAnalyzer.CSharp" Version="10.16.1.129956" />
     <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.15.0" />
     <PackageVersion Include="Shouldly" Version="4.3.0" />
     <PackageVersion Include="xunit" Version="2.9.3" />
     <PackageVersion Include="xunit.runner.visualstudio" Version="3.1.5" />
@@ -97,4 +97,4 @@
   <ItemGroup Label="AWS">
     <PackageVersion Include="AWSSDK.S3" Version="3.7.405.0" />
   </ItemGroup>
-</Project>
+</Project>

src/Modules/Identity/Modules.Identity/Services/UserService.cs

@@ -2,6 +2,7 @@
 using FSH.Framework.Caching;
 using FSH.Framework.Core.Common;
 using FSH.Framework.Core.Exceptions;
+using FSH.Framework.Core.Context;
 using FSH.Framework.Eventing.Outbox;
 using FSH.Framework.Jobs.Services;
 using FSH.Framework.Mailing;
@@ -18,6 +19,7 @@
 using FSH.Modules.Identity.Data;
 using FSH.Modules.Identity.Features.v1.Roles;
 using FSH.Modules.Identity.Features.v1.Users;
+using FSH.Modules.Auditing.Contracts;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Options;
@@ -42,11 +44,15 @@ internal sealed partial class UserService(
     IStorageService storageService,
     IOutboxStore outboxStore,
     IOptions<OriginOptions> originOptions,
-    IHttpContextAccessor httpContextAccessor
+    IHttpContextAccessor httpContextAccessor,
+    ICurrentUser currentUser,
+    IAuditClient auditClient
     ) : IUserService
 {
     private readonly Uri? _originUrl = originOptions.Value.OriginUrl;
     private readonly IHttpContextAccessor _httpContextAccessor = httpContextAccessor;
+    private readonly ICurrentUser _currentUser = currentUser;
+    private readonly IAuditClient _auditClient = auditClient;
 
     private void EnsureValidTenant()
     {
@@ -207,19 +213,94 @@ public async Task<string> RegisterAsync(string firstName, string lastName, strin
 
     public async Task ToggleStatusAsync(bool activateUser, string userId, CancellationToken cancellationToken)
     {
-        var user = await userManager.Users.Where(u => u.Id == userId).FirstOrDefaultAsync(cancellationToken);
+        EnsureValidTenant();
+
+        var actorId = _currentUser.GetUserId();
+        if (actorId == Guid.Empty)
+        {
+            throw new UnauthorizedException("authenticated user required to toggle status");
+        }
+
+        var actor = await userManager.FindByIdAsync(actorId.ToString());
+        _ = actor ?? throw new UnauthorizedException("current user not found");
+
+        async ValueTask AuditPolicyFailureAsync(string reason, CancellationToken ct)
+        {
+            var tenant = multiTenantContextAccessor?.MultiTenantContext?.TenantInfo?.Id ?? "unknown";
+            var claims = new Dictionary<string, object?>
+            {
+                ["actorId"] = actorId.ToString(),
+                ["targetUserId"] = userId,
+                ["tenant"] = tenant,
+                ["action"] = activateUser ? "activate" : "deactivate"
+            };
+
+            await _auditClient.WriteSecurityAsync(
+                SecurityAction.PolicyFailed,
+                subjectId: actorId.ToString(),
+                reasonCode: reason,
+                claims: claims,
+                severity: AuditSeverity.Warning,
+                source: "Identity",
+                ct: ct).ConfigureAwait(false);
+        }
+
+        if (!await userManager.IsInRoleAsync(actor, RoleConstants.Admin))
+        {
+            await AuditPolicyFailureAsync("ActorNotAdmin", cancellationToken);
+            throw new CustomException("Only administrators can toggle user status.");
+        }
+
+        if (!activateUser && string.Equals(actor.Id, userId, StringComparison.Ordinal))
+        {
+            await AuditPolicyFailureAsync("SelfDeactivationBlocked", cancellationToken);
+            throw new CustomException("Users cannot deactivate themselves.");
+        }
 
+        var user = await userManager.Users.Where(u => u.Id == userId).FirstOrDefaultAsync(cancellationToken);
         _ = user ?? throw new NotFoundException("User Not Found.");
 
-        bool isAdmin = await userManager.IsInRoleAsync(user, RoleConstants.Admin);
-        if (isAdmin)
+        bool targetIsAdmin = await userManager.IsInRoleAsync(user, RoleConstants.Admin);
+        if (targetIsAdmin)
         {
-            throw new CustomException("Administrators Profile's Status cannot be toggled");
+            await AuditPolicyFailureAsync("AdminDeactivationBlocked", cancellationToken);
+            throw new CustomException("Administrators cannot be deactivated.");
+        }
+
+        if (!activateUser)
+        {
+            var activeAdmins = await userManager.GetUsersInRoleAsync(RoleConstants.Admin);
+            int activeAdminCount = activeAdmins.Count(u => u.IsActive);
+            if (activeAdminCount == 0)
+            {
+                await AuditPolicyFailureAsync("NoActiveAdmins", cancellationToken);
+                throw new CustomException("Tenant must have at least one active administrator.");
+            }
         }
 
         user.IsActive = activateUser;
 
-        await userManager.UpdateAsync(user);
+        var result = await userManager.UpdateAsync(user);
+        if (!result.Succeeded)
+        {
+            var errors = result.Errors.Select(error => error.Description).ToList();
+            throw new CustomException("Toggle status failed", errors);
+        }
+
+        var tenantId = multiTenantContextAccessor?.MultiTenantContext?.TenantInfo?.Id ?? "unknown";
+        await _auditClient.WriteActivityAsync(
+            ActivityKind.Command,
+            name: "ToggleUserStatus",
+            statusCode: 204,
+            durationMs: 0,
+            captured: BodyCapture.None,
+            requestSize: 0,
+            responseSize: 0,
+            requestPreview: new { actorId = actorId.ToString(), targetUserId = userId, action = activateUser ? "activate" : "deactivate", tenant = tenantId },
+            responsePreview: new { outcome = "success" },
+            severity: AuditSeverity.Information,
+            source: "Identity",
+            ct: cancellationToken).ConfigureAwait(false);
     }
 
     public async Task UpdateAsync(string userId, string firstName, string lastName, string phoneNumber, FileUploadRequest image, bool deleteCurrentImage)

src/Playground/Playground.Blazor/Components/Layout/NavMenu.razor

@@ -2,5 +2,6 @@
 <MudNavMenu>
     <MudNavLink Href="/" Match="NavLinkMatch.All" Icon="@Icons.Material.Filled.Dashboard">Dashboard</MudNavLink>
     <MudNavLink Href="/profile" Match="NavLinkMatch.Prefix" Icon="@Icons.Material.Filled.Person">Profile</MudNavLink>
+    <MudNavLink Href="/users" Match="NavLinkMatch.Prefix" Icon="@Icons.Material.Filled.Group">Users</MudNavLink>
     <MudNavLink Href="/audits" Match="NavLinkMatch.Prefix" Icon="@Icons.Material.Filled.List">Audits</MudNavLink>
 </MudNavMenu>