letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d62822c284e1a3c3b4049412ad03df9e9e7b609c
pn-new-crm/src/lib/services/roles.service.ts

142 lines
4.0 KiB
TypeScript
Raw Normal View History

Implement admin users and roles management - Add user CRUD: list, create (via Better Auth), update role/status, remove from port - Add role CRUD: create, update permissions, delete with system role protection - Full permissions matrix UI with accordion groups and per-action checkboxes - Validators, services, API routes, and UI components following existing patterns Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 15:47:11 -04:00
import { eq } from 'drizzle-orm';
import { db } from '@/lib/db';
import { roles, userPortRoles } from '@/lib/db/schema';
import type { RolePermissions } from '@/lib/db/schema/users';
refactor(services): centralize AuditMeta + transactional setEntityTags helper The same `interface AuditMeta { userId; portId; ipAddress; userAgent }` was duplicated in 26 service files. Move the canonical definition into `@/lib/audit` next to the related types and update every service to import it. `ServiceAuditMeta` (the alias used in invoices.ts and expenses.ts) collapses into the same name. Tag CRUD across clients/companies/yachts/interests/berths followed an identical wipe-then-rewrite recipe with two latent issues: the delete and insert weren't wrapped in a transaction (a partial failure left the entity with zero tags) and the audit-log payload shape diverged (`newValue: { tagIds }` for clients/yachts/companies but `metadata: { type: 'tags_updated', tagIds }` for interests/berths). Extract `setEntityTags` in `entity-tags.helper.ts` that performs the delete+insert inside a single transaction, normalizes the audit payload to `newValue: { tagIds }`, and dispatches the per-entity socket event through a switch so `ServerToClientEvents` typing stays intact. The five `setXTags(...)` service functions now do parent-row tenant verification and delegate the join-table work + side effects. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 01:58:42 +02:00
import { createAuditLog, type AuditMeta } from '@/lib/audit';
Implement admin users and roles management - Add user CRUD: list, create (via Better Auth), update role/status, remove from port - Add role CRUD: create, update permissions, delete with system role protection - Full permissions matrix UI with accordion groups and per-action checkboxes - Validators, services, API routes, and UI components following existing patterns Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 15:47:11 -04:00
import { ConflictError, NotFoundError, ValidationError } from '@/lib/errors';
import { emitToRoom } from '@/lib/socket/server';
import type { CreateRoleInput, UpdateRoleInput } from '@/lib/validators/roles';
export async function listRoles() {
return db.select().from(roles).orderBy(roles.name);
}
export async function getRole(id: string) {
const role = await db.query.roles.findFirst({
where: eq(roles.id, id),
});
if (!role) throw new NotFoundError('Role');
return role;
}
export async function createRole(data: CreateRoleInput, meta: AuditMeta) {
// Check name uniqueness
const existing = await db.query.roles.findFirst({
where: eq(roles.name, data.name),
});
if (existing) {
throw new ConflictError(`A role named "${data.name}" already exists`);
}
const [role] = await db
.insert(roles)
.values({
name: data.name,
description: data.description ?? null,
permissions: data.permissions as RolePermissions,
})
.returning();
void createAuditLog({
userId: meta.userId,
portId: meta.portId,
action: 'create',
entityType: 'role',
entityId: role!.id,
newValue: { name: role!.name },
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
});
emitToRoom(`port:${meta.portId}`, 'system:alert', {
alertType: 'role:created',
message: `Role "${role!.name}" created`,
severity: 'info',
});
return role!;
}
export async function updateRole(id: string, data: UpdateRoleInput, meta: AuditMeta) {
const role = await db.query.roles.findFirst({
where: eq(roles.id, id),
});
if (!role) throw new NotFoundError('Role');
// Check name uniqueness if changing name
if (data.name && data.name !== role.name) {
const conflict = await db.query.roles.findFirst({
where: eq(roles.name, data.name),
});
if (conflict) {
throw new ConflictError(`A role named "${data.name}" already exists`);
}
}
const updates: Record<string, unknown> = { updatedAt: new Date() };
if (data.name !== undefined) updates.name = data.name;
if (data.description !== undefined) updates.description = data.description;
if (data.permissions !== undefined) updates.permissions = data.permissions as RolePermissions;
const [updated] = await db.update(roles).set(updates).where(eq(roles.id, id)).returning();
void createAuditLog({
userId: meta.userId,
portId: meta.portId,
action: 'update',
entityType: 'role',
entityId: id,
oldValue: { name: role.name, permissions: role.permissions },
newValue: { name: updated!.name, permissions: updated!.permissions },
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
});
emitToRoom(`port:${meta.portId}`, 'system:alert', {
alertType: 'role:updated',
message: `Role "${updated!.name}" updated`,
severity: 'info',
});
return updated!;
}
export async function deleteRole(id: string, meta: AuditMeta) {
const role = await db.query.roles.findFirst({
where: eq(roles.id, id),
});
if (!role) throw new NotFoundError('Role');
if (role.isSystem) {
throw new ValidationError('System roles cannot be deleted');
}
// Check if any users are assigned this role
const assignments = await db.query.userPortRoles.findFirst({
where: eq(userPortRoles.roleId, id),
});
if (assignments) {
throw new ConflictError('Cannot delete a role that is assigned to users. Reassign them first.');
}
await db.delete(roles).where(eq(roles.id, id));
void createAuditLog({
userId: meta.userId,
portId: meta.portId,
action: 'delete',
entityType: 'role',
entityId: id,
oldValue: { name: role.name },
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
});
emitToRoom(`port:${meta.portId}`, 'system:alert', {
alertType: 'role:deleted',
message: `Role "${role.name}" deleted`,
severity: 'info',
});
}
Reference in New Issue Copy Permalink