letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity

fix(audit): backlog sweep — partial archived indexes, custom-fields per-entity gate, polish
Some checks failed
Build & Push Docker Images / lint (push) Successful in 1m37s
Details
Build & Push Docker Images / build-and-push (push) Failing after 24s
Details

Browse Source 
Wave through the 2026-05-07 backlog of small/concrete audit-final-deferred
items (deferring the Documenso Phases 2-7 build and items needing design
decisions or live external instances).

DB schema:
- Migration 0046 converts 5 composite (port_id, archived_at) indexes to
  partial WHERE archived_at IS NULL — clients, interests, yachts, and
  both residential tables. Smaller, faster planner choice for the
  dominant list-query shape.

Multi-tenant isolation:
- document_sends now verifies recipient.interestId belongs to the port
  before landing on the audit row (the surrounding clientId check was
  already port-scoped; interestId pollution was the gap).

Routes / API:
- /api/v1/custom-fields/[entityId] requires entityType query param and
  gates on the matching resource permission (clients/interests/berths/
  yachts/companies). Fixes the cross-resource gap where a user with
  clients.view could read company custom-field values.
- Admin user list trash button wrapped in PermissionGate (edit was
  already gated; remove was not).

Service polish:
- berth-recommender accepts string-shaped JSONB booleans
  ('true'/'false') so admin UIs that wrap values as strings don't
  silently fall through to defaults.
- expense-pdf renderReceiptHeader anchors all text positions to a
  captured baseY rather than reading mutating doc.y after rect+stroke.
  Headers no longer drift on the first receipt page after a soft page
  break.
- berth-pdf apply: collect non-finite numeric coercion drops + warn-log
  them so partial silent drops are observable (was invisible because
  the no-fields-supplied check only fires when ALL drop).
- Storage cache fingerprint comment documenting the encrypted-secret
  invariant + the explicit invalidation hook.

UI polish:
- invoice-detail typed: replaced two `any` casts with a proper
  InvoiceDetailData / LineItem / LinkedExpense interface set.
- YachtForm now accepts initialOwner prop. Wired through:
  - client-yachts-tab passes { type: 'client', id: clientId }
  - interest-form passes { type: 'client', id: selectedClientId }
- Interest-form yacht picker now includes company-owned yachts where
  the selected client is a member (fetches client.companies and feeds
  YachtPicker an array filter). Plus an inline "Add new" button that
  opens YachtForm pre-bound to the client.
- YachtPicker accepts ownerFilter as single OR array for "match any"
  semantics.

BACKLOG.md updated with what landed vs what's still deferred (and why
each deferred item is genuinely larger than this push warrants).

Tests: 1185/1185 vitest, tsc clean.
This commit is contained in:
Matt
2026-05-07 21:45:42 +02:00
parent 5c8c12ba1f
commit 60365dc3de
19 changed files with 527 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/lib/services/berth-pdf.service.ts
View File

@@ -479,6 +479,11 @@ export async function applyParseResults(
const update: Record<string, unknown> = {};
const applied: Array<keyof ExtractedBerthFields> = [];
// Capture keys whose values were supplied but couldn't be coerced
// (e.g. a numeric column receiving a non-finite or non-numeric value).
// Without this, partial silent drops are invisible because the
// "no appliable fields supplied" check only fires when EVERY key drops.
const dropped: Array<{ key: keyof ExtractedBerthFields; reason: string }> = [];
for (const key of APPLIABLE_FIELDS) {
const value = fieldsToApply[key];
if (value === undefined) continue;
@@ -489,7 +494,10 @@ export async function applyParseResults(
}
if (NUMERIC_FIELDS.has(key)) {
const n = typeof value === 'number' ? value : Number(value);
if (!Number.isFinite(n)) continue;
if (!Number.isFinite(n)) {
dropped.push({ key, reason: `non-finite numeric (${typeof value}: ${String(value)})` });
continue;
}
// numeric columns expect strings to preserve precision.
update[key] = String(n);
} else {
@@ -500,6 +508,12 @@ export async function applyParseResults(
if (applied.length === 0) {
throw new ValidationError('No appliable fields supplied.');
}
if (dropped.length > 0) {
logger.warn(
{ berthId, versionId, dropped },
'Berth PDF apply: silently dropped fields that failed type coercion',
);
}
update.updatedAt = new Date();
await db.transaction(async (tx) => {