@blackcode_sa/metaestetics-api 1.15.17-staging.1 → 1.15.17-staging.11

package/src/services/clinic/utils/clinic-group.utils.ts

@@ -1,10 +1,13 @@
 import {
   collection,
+  collectionGroup,
   doc,
   getDoc,
   getDocs,
   query,
   where,
+  orderBy,
+  limit,
   updateDoc,
   setDoc,
   deleteDoc,
@@ -47,6 +50,18 @@ function generateId(): string {
   return `${randomPart}-${timestamp}`;
 }
 
+/**
+ * Generates a short 6-character uppercase alphanumeric token code.
+ * Used for admin registration tokens — easy to read, type, and share.
+ * 36^6 = ~2.1 billion combinations, collision risk negligible for active tokens.
+ */
+function generateTokenCode(): string {
+  const chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"; // no I/1/O/0 to avoid confusion
+  return Array.from({ length: 6 }, () =>
+    chars.charAt(Math.floor(Math.random() * chars.length))
+  ).join("");
+}
+
 /**
  * Creates a new clinic group
  * @param db - Firestore database instance
@@ -161,7 +176,7 @@ export async function createClinicGroup(
     clinicsInfo: [],
     admins: [ownerId],
     adminsInfo: [],
-    adminTokens: [],
+    adminTokens: [], // @deprecated — tokens now in subcollection, kept for backward compat
     ownerId,
     createdAt: now,
     updatedAt: now,
@@ -369,9 +384,10 @@ export async function addAdminToGroup(
         adminId,
         groupId,
       });
-      return; // Admin is already in the group
+      return;
     }
 
+    // Only add the admin ID — adminsInfo is populated by onCreateClinicAdmin trigger
     console.log("[CLINIC_GROUP] Updating group with new admin");
     await updateClinicGroup(
       db,
@@ -459,6 +475,18 @@ export async function deactivateClinicGroup(
  * @param data - Token data
  * @returns The created admin token
  */
+// --- Admin Token Subcollection ---
+// Tokens are stored in: clinic_groups/{groupId}/adminTokens/{tokenId}
+
+const ADMIN_TOKENS_SUBCOLLECTION = "adminTokens";
+
+function adminTokensRef(db: Firestore, groupId: string) {
+  return collection(db, CLINIC_GROUPS_COLLECTION, groupId, ADMIN_TOKENS_SUBCOLLECTION);
+}
+
+/**
+ * Creates an admin token in the subcollection.
+ */
 export async function createAdminToken(
   db: Firestore,
   groupId: string,
@@ -471,121 +499,105 @@ export async function createAdminToken(
     throw new Error("Clinic group not found");
   }
 
-  // Proveravamo da li admin pripada grupi
   if (!group.admins.includes(creatorAdminId)) {
     throw new Error("Admin does not belong to this clinic group");
   }
 
   const now = Timestamp.now();
-  const expiresInDays = data?.expiresInDays || 7; // Default 7 days
+  const expiresInDays = data?.expiresInDays || 7;
   const email = data?.email || null;
   const expiresAt = new Timestamp(
     now.seconds + expiresInDays * 24 * 60 * 60,
     now.nanoseconds
   );
 
+  const tokenRef = doc(adminTokensRef(db, groupId));
   const token: AdminToken = {
-    id: generateId(),
-    token: generateId(),
+    id: tokenRef.id,
+    token: generateTokenCode(),
     status: AdminTokenStatus.ACTIVE,
     email,
+    clinicGroupId: groupId,
     createdAt: now,
     expiresAt,
   };
 
-  // Dodajemo token u grupu
-  // Ovo treba promeniti, staviti admin tokene u sub-kolekciju u klinickoj grupi
-  await updateClinicGroup(
-    db,
-    groupId,
-    {
-      adminTokens: [...group.adminTokens, token],
-    },
-    app
-  );
-
+  await setDoc(tokenRef, token);
   return token;
 }
 
 /**
- * Verifies and uses an admin token
- * @param db - Firestore database instance
- * @param groupId - ID of the clinic group
- * @param token - Token to verify
- * @param userRef - User reference
- * @param app - Firebase app instance
- * @returns Whether the token was successfully used
+ * Verifies and marks an admin token as used.
+ * Uses a collection group query to find the token across all groups.
  */
 export async function verifyAndUseAdminToken(
   db: Firestore,
   groupId: string,
-  token: string,
+  tokenValue: string,
   userRef: string,
   app: FirebaseApp
 ): Promise<boolean> {
-  const group = await getClinicGroup(db, groupId);
-  if (!group) {
-    throw new Error("Clinic group not found");
-  }
+  // Query the subcollection for the matching token
+  const tokensQuery = query(
+    adminTokensRef(db, groupId),
+    where("token", "==", tokenValue),
+    limit(1)
+  );
+  const snapshot = await getDocs(tokensQuery);
 
-  const adminToken = group.adminTokens.find((t) => t.token === token);
-  if (!adminToken) {
+  if (snapshot.empty) {
     throw new Error("Admin token not found");
   }
 
+  const tokenDoc = snapshot.docs[0];
+  const adminToken = tokenDoc.data() as AdminToken;
+
   if (adminToken.status !== AdminTokenStatus.ACTIVE) {
     throw new Error("Admin token is not active");
   }
 
   const now = Timestamp.now();
   if (adminToken.expiresAt.seconds < now.seconds) {
-    // Token je istekao, ažuriramo status
-    const updatedTokens = group.adminTokens.map((t) =>
-      t.id === adminToken.id ? { ...t, status: AdminTokenStatus.EXPIRED } : t
-    );
-
-    await updateClinicGroup(
-      db,
-      groupId,
-      {
-        adminTokens: updatedTokens,
-      },
-      app
-    );
-
+    await updateDoc(tokenDoc.ref, { status: AdminTokenStatus.EXPIRED });
     throw new Error("Admin token has expired");
   }
 
-  // Token je validan, ažuriramo status
-  const updatedTokens = group.adminTokens.map((t) =>
-    t.id === adminToken.id
-      ? {
-          ...t,
-          status: AdminTokenStatus.USED,
-          usedByUserRef: userRef,
-        }
-      : t
-  );
+  // Mark as used
+  await updateDoc(tokenDoc.ref, {
+    status: AdminTokenStatus.USED,
+    usedByUserRef: userRef,
+  });
 
-  await updateClinicGroup(
-    db,
-    groupId,
-    {
-      adminTokens: updatedTokens,
-    },
-    app
+  return true;
+}
+
+/**
+ * Finds an admin token by its token string across ALL clinic groups.
+ * Uses a collection group query — much more efficient than scanning all groups.
+ */
+export async function findAdminTokenByValue(
+  db: Firestore,
+  tokenValue: string
+): Promise<{ token: AdminToken; clinicGroupId: string } | null> {
+  const tokensQuery = query(
+    collectionGroup(db, ADMIN_TOKENS_SUBCOLLECTION),
+    where("token", "==", tokenValue),
+    where("status", "==", AdminTokenStatus.ACTIVE),
+    limit(1)
   );
+  const snapshot = await getDocs(tokensQuery);
 
-  return true;
+  if (snapshot.empty) return null;
+
+  const tokenData = snapshot.docs[0].data() as AdminToken;
+  return {
+    token: tokenData,
+    clinicGroupId: tokenData.clinicGroupId,
+  };
 }
 
 /**
- * Deletes an admin token
- * @param db - Firestore database instance
- * @param groupId - ID of the clinic group
- * @param tokenId - ID of the token to delete
- * @param adminId - ID of the admin making the deletion
- * @param app - Firebase app instance
+ * Deletes an admin token from the subcollection.
  */
 export async function deleteAdminToken(
   db: Firestore,
@@ -599,33 +611,43 @@ export async function deleteAdminToken(
     throw new Error("Clinic group not found");
   }
 
-  // Proveravamo da li admin pripada grupi
   if (!group.admins.includes(adminId)) {
     throw new Error("Admin does not belong to this clinic group");
   }
 
-  // Uklanjamo token
-  const updatedTokens = group.adminTokens.filter((t) => t.id !== tokenId);
+  await deleteDoc(doc(adminTokensRef(db, groupId), tokenId));
+}
 
-  await updateClinicGroup(
-    db,
-    groupId,
-    {
-      adminTokens: updatedTokens,
-    },
-    app
+/**
+ * Gets active admin tokens for a clinic group from the subcollection.
+ */
+export async function getActiveAdminTokens(
+  db: Firestore,
+  groupId: string,
+  adminId: string,
+  app: FirebaseApp
+): Promise<AdminToken[]> {
+  const group = await getClinicGroup(db, groupId);
+  if (!group) {
+    throw new Error("Clinic group not found");
+  }
+
+  if (!group.admins.includes(adminId)) {
+    throw new Error("Admin does not belong to this clinic group");
+  }
+
+  const tokensQuery = query(
+    adminTokensRef(db, groupId),
+    where("status", "==", AdminTokenStatus.ACTIVE)
   );
+  const snapshot = await getDocs(tokensQuery);
+  return snapshot.docs.map((d) => d.data() as AdminToken);
 }
 
 /**
- * Gets active admin tokens for a clinic group
- * @param db - Firestore database instance
- * @param groupId - ID of the clinic group
- * @param adminId - ID of the admin requesting the tokens
- * @param app - Firebase app instance (not used but included for consistency)
- * @returns Array of active admin tokens
+ * Gets ALL admin tokens for a clinic group (all statuses).
  */
-export async function getActiveAdminTokens(
+export async function getAllAdminTokens(
   db: Firestore,
   groupId: string,
   adminId: string,
@@ -636,11 +658,10 @@ export async function getActiveAdminTokens(
     throw new Error("Clinic group not found");
   }
 
-  // Proveravamo da li admin pripada grupi
   if (!group.admins.includes(adminId)) {
     throw new Error("Admin does not belong to this clinic group");
   }
 
-  // Vraćamo samo aktivne tokene
-  return group.adminTokens.filter((t) => t.status === AdminTokenStatus.ACTIVE);
+  const snapshot = await getDocs(adminTokensRef(db, groupId));
+  return snapshot.docs.map((d) => d.data() as AdminToken);
 }

package/src/services/plan-config.service.ts

@@ -0,0 +1,55 @@
+/**
+ * Plan Config Service — reads `system/planConfig` from Firestore with caching.
+ * Uses the Firebase client SDK (same as tier-enforcement.ts).
+ * Falls back to DEFAULT_PLAN_CONFIG if the document doesn't exist.
+ */
+import { Firestore, doc, getDoc } from 'firebase/firestore';
+import { DEFAULT_PLAN_CONFIG } from '../config/tiers.config';
+import type { PlanConfigDocument } from '../types/system/planConfig.types';
+import { PLAN_CONFIG_PATH } from '../types/system/planConfig.types';
+
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+class PlanConfigService {
+  private cachedConfig: PlanConfigDocument | null = null;
+  private cacheExpiry = 0;
+
+  /**
+   * Returns the current plan config, reading from Firestore if the cache
+   * has expired. Falls back to DEFAULT_PLAN_CONFIG if the doc is missing.
+   */
+  async getConfig(db: Firestore): Promise<PlanConfigDocument> {
+    const now = Date.now();
+    if (this.cachedConfig && now < this.cacheExpiry) {
+      return this.cachedConfig;
+    }
+
+    try {
+      const [collectionPath, docId] = PLAN_CONFIG_PATH.split('/');
+      const configRef = doc(db, collectionPath, docId);
+      const snap = await getDoc(configRef);
+
+      if (snap.exists()) {
+        this.cachedConfig = snap.data() as PlanConfigDocument;
+      } else {
+        this.cachedConfig = DEFAULT_PLAN_CONFIG;
+      }
+    } catch (error) {
+      console.error('PlanConfigService: Firestore read failed, using fallback config', error);
+      if (!this.cachedConfig) {
+        this.cachedConfig = DEFAULT_PLAN_CONFIG;
+      }
+    }
+
+    this.cacheExpiry = now + CACHE_TTL_MS;
+    return this.cachedConfig;
+  }
+
+  /** Clears the cache — useful for testing or after config updates. */
+  invalidateCache(): void {
+    this.cachedConfig = null;
+    this.cacheExpiry = 0;
+  }
+}
+
+export const planConfigService = new PlanConfigService();

package/src/services/procedure/procedure.service.ts

@@ -1232,6 +1232,8 @@ export class ProcedureService extends BaseService {
       updatedProcedureData.duration = validatedData.duration;
     if (validatedData.isActive !== undefined)
       updatedProcedureData.isActive = validatedData.isActive;
+    if (validatedData.resourceRequirements !== undefined)
+      updatedProcedureData.resourceRequirements = validatedData.resourceRequirements;
 
     let practitionerChanged = false;
     let clinicChanged = false;

package/src/services/resource/resource.service.ts

@@ -116,7 +116,7 @@ export class ResourceService extends BaseService {
       name: data.name,
       nameLower: data.name.toLowerCase(),
       category: data.category,
-      description: data.description || undefined,
+      description: data.description || "",
       quantity: data.quantity,
       status: ResourceStatus.ACTIVE,
       linkedProcedureIds: [],
@@ -228,34 +228,61 @@ export class ResourceService extends BaseService {
     // Handle quantity change
     if (data.quantity !== undefined && data.quantity !== existing.quantity) {
       if (data.quantity > existing.quantity) {
-        // Add new instances
+        // Increasing quantity — first reactivate inactive instances, then create new ones if needed
+        const allInstances = await this.getResourceInstances(clinicBranchId, resourceId);
+        const activeInstances = allInstances.filter(i => i.status === ResourceStatus.ACTIVE);
+        const inactiveInstances = allInstances.filter(i => i.status === ResourceStatus.INACTIVE);
+
+        const needed = data.quantity - activeInstances.length;
         const batch = writeBatch(this.db);
         const now = serverTimestamp();
         const resourceName = data.name || existing.name;
 
-        for (let i = existing.quantity + 1; i <= data.quantity; i++) {
+        let reactivated = 0;
+
+        // Step 1: Reactivate inactive instances (sorted by index, lowest first)
+        const sortedInactive = [...inactiveInstances].sort((a, b) => a.index - b.index);
+        for (const instance of sortedInactive) {
+          if (reactivated >= needed) break;
           const instanceRef = doc(
-            this.getInstancesRef(clinicBranchId, resourceId)
+            this.getInstancesRef(clinicBranchId, resourceId),
+            instance.id
           );
-          const instanceData: Omit<
-            ResourceInstance,
-            "createdAt" | "updatedAt"
-          > & { createdAt: any; updatedAt: any } = {
-            id: instanceRef.id,
-            resourceId,
-            clinicBranchId,
-            label: `${resourceName} #${i}`,
-            index: i,
+          batch.update(instanceRef, {
             status: ResourceStatus.ACTIVE,
-            createdAt: now,
             updatedAt: now,
-          };
-          batch.set(instanceRef, instanceData);
+          });
+          reactivated++;
+        }
+
+        // Step 2: Create new instances for any remaining needed
+        const remaining = needed - reactivated;
+        if (remaining > 0) {
+          // Find the highest existing index to continue numbering
+          const maxIndex = allInstances.reduce((max, i) => Math.max(max, i.index), 0);
+          for (let i = 1; i <= remaining; i++) {
+            const instanceRef = doc(
+              this.getInstancesRef(clinicBranchId, resourceId)
+            );
+            const instanceData: Omit<
+              ResourceInstance,
+              "createdAt" | "updatedAt"
+            > & { createdAt: any; updatedAt: any } = {
+              id: instanceRef.id,
+              resourceId,
+              clinicBranchId,
+              label: `${resourceName} #${maxIndex + i}`,
+              index: maxIndex + i,
+              status: ResourceStatus.ACTIVE,
+              createdAt: now,
+              updatedAt: now,
+            };
+            batch.set(instanceRef, instanceData);
+          }
         }
 
         updateData.quantity = data.quantity;
 
-        // Update resource doc in the batch too
         const resourceDocRef = this.getResourceDocRef(
           clinicBranchId,
           resourceId
@@ -337,6 +364,48 @@ export class ResourceService extends BaseService {
     });
   }
 
+  /**
+   * Hard deletes a specific instance and all its calendar events.
+   * Only works on INACTIVE instances with no future bookings.
+   */
+  async hardDeleteInstance(
+    clinicBranchId: string,
+    resourceId: string,
+    instanceId: string
+  ): Promise<void> {
+    // Verify instance exists and is inactive
+    const instanceRef = doc(
+      this.getInstancesRef(clinicBranchId, resourceId),
+      instanceId
+    );
+    const instanceSnap = await getDoc(instanceRef);
+    if (!instanceSnap.exists()) throw new Error("Instance not found");
+
+    const instance = instanceSnap.data() as ResourceInstance;
+    if (instance.status === ResourceStatus.ACTIVE) {
+      throw new Error("Cannot hard-delete an active instance. Deactivate it first.");
+    }
+
+    // Check for future bookings
+    const hasFutureBookings = await this.instanceHasFutureBookings(
+      clinicBranchId, resourceId, instanceId
+    );
+    if (hasFutureBookings) {
+      throw new Error("Cannot delete instance with future bookings.");
+    }
+
+    // Delete all calendar events for this instance
+    const calendarRef = this.getInstanceCalendarRef(
+      clinicBranchId, resourceId, instanceId
+    );
+    const calendarSnap = await getDocs(calendarRef);
+
+    const batch = writeBatch(this.db);
+    calendarSnap.docs.forEach(d => batch.delete(d.ref));
+    batch.delete(instanceRef);
+    await batch.commit();
+  }
+
   /**
    * Gets all instances for a resource
    */

package/src/services/tier-enforcement.ts

@@ -14,6 +14,7 @@ import {
 import { PRACTITIONERS_COLLECTION } from '../types/practitioner/index';
 import { PROCEDURES_COLLECTION } from '../types/procedure/index';
 import { TIER_CONFIG, resolveEffectiveTier } from '../config/tiers.config';
+import { planConfigService } from './plan-config.service';
 
 export class TierLimitError extends Error {
   public readonly code = 'TIER_LIMIT_EXCEEDED';
@@ -171,10 +172,11 @@ export async function enforceProviderLimit(
   branchId: string
 ): Promise<void> {
   const { tier, billing } = await getClinicGroupTierData(db, clinicGroupId);
-  const config = TIER_CONFIG[tier];
-  if (!config) return;
+  const dynamicConfig = await planConfigService.getConfig(db);
+  const tierDef = dynamicConfig.tiers[tier] ?? TIER_CONFIG[tier];
+  if (!tierDef) return;
 
-  const baseMax = config.limits.maxProvidersPerBranch;
+  const baseMax = tierDef.limits.maxProvidersPerBranch;
   if (baseMax === -1) return;
 
   const addOns = billing?.addOns || {};
@@ -199,15 +201,17 @@ export async function enforceProcedureLimit(
   count: number = 1
 ): Promise<void> {
   const { tier, billing } = await getClinicGroupTierData(db, clinicGroupId);
-  const config = TIER_CONFIG[tier];
-  if (!config) return;
+  const dynamicConfig = await planConfigService.getConfig(db);
+  const tierDef = dynamicConfig.tiers[tier] ?? TIER_CONFIG[tier];
+  if (!tierDef) return;
 
-  const baseMax = config.limits.maxProceduresPerProvider;
+  const baseMax = tierDef.limits.maxProceduresPerProvider;
   if (baseMax === -1) return;
 
   const addOns = billing?.addOns || {};
   const procedureBlocks = addOns[branchId]?.procedureBlocks || 0;
-  const effectiveMax = baseMax + (procedureBlocks * 5);
+  const proceduresPerBlock = dynamicConfig.addons?.procedure?.proceduresPerBlock ?? 5;
+  const effectiveMax = baseMax + (procedureBlocks * proceduresPerBlock);
 
   const currentCount = await countProceduresForProvider(db, branchId, providerId);
   if (currentCount + count > effectiveMax) {
@@ -224,10 +228,11 @@ export async function enforceBranchLimit(
   clinicGroupId: string
 ): Promise<void> {
   const { tier, billing } = await getClinicGroupTierData(db, clinicGroupId);
-  const config = TIER_CONFIG[tier];
-  if (!config) return;
+  const dynamicConfig = await planConfigService.getConfig(db);
+  const tierDef = dynamicConfig.tiers[tier] ?? TIER_CONFIG[tier];
+  if (!tierDef) return;
 
-  const baseMax = config.limits.maxBranches;
+  const baseMax = tierDef.limits.maxBranches;
   if (baseMax === -1) return;
 
   const branchAddonCount = billing?.branchAddonCount || 0;

package/src/types/clinic/index.ts

@@ -3,6 +3,7 @@ import { Timestamp, FieldValue } from 'firebase/firestore';
 import type { ClinicInfo } from '../profile';
 import { ClinicReviewInfo } from '../reviews';
 import { ProcedureSummaryInfo } from '../procedure';
+import { ClinicRole } from './rbac.types';
 
 export const CLINIC_GROUPS_COLLECTION = 'clinic_groups';
 export const CLINIC_ADMINS_COLLECTION = 'clinic_admins';
@@ -110,6 +111,8 @@ export interface ClinicAdmin {
   clinicsManagedInfo: ClinicInfo[];
   contactInfo: ContactPerson;
   roleTitle: string;
+  role?: ClinicRole;
+  permissions?: Record<string, boolean>;
   createdAt: Timestamp;
   updatedAt: Timestamp;
   isActive: boolean;
@@ -126,6 +129,8 @@ export interface CreateClinicAdminData {
   clinicsManagedInfo?: ClinicInfo[];
   contactInfo: ContactPerson;
   roleTitle: string;
+  role?: ClinicRole;
+  permissions?: Record<string, boolean>;
   isActive: boolean;
 }
 
@@ -155,6 +160,7 @@ export interface AdminToken {
   email?: string | null;
   status: AdminTokenStatus;
   usedByUserRef?: string;
+  clinicGroupId: string;
   createdAt: Timestamp;
   expiresAt: Timestamp;
 }
@@ -303,7 +309,8 @@ export interface ClinicGroup {
   clinicsInfo: ClinicInfo[];
   admins: string[];
   adminsInfo: AdminInfo[];
-  adminTokens: AdminToken[];
+  /** @deprecated Tokens now stored in subcollection clinic_groups/{id}/adminTokens */
+  adminTokens?: AdminToken[];
   ownerId: string | null;
   createdAt: Timestamp;
   updatedAt: Timestamp;

package/src/types/clinic/rbac.types.ts

@@ -9,11 +9,19 @@ import { Timestamp } from 'firebase/firestore';
 export enum ClinicRole {
   OWNER = 'owner',
   ADMIN = 'admin',
-  DOCTOR = 'doctor',
   RECEPTIONIST = 'receptionist',
   ASSISTANT = 'assistant',
 }
 
+/**
+ * Display info denormalized onto a staff record for fast list rendering.
+ */
+export interface StaffDisplayInfo {
+  firstName: string;
+  lastName: string;
+  email: string;
+}
+
 /**
  * Represents a staff member within a clinic group
  */
@@ -25,6 +33,8 @@ export interface ClinicStaffMember {
   role: ClinicRole;
   permissions: Record<string, boolean>;
   isActive: boolean;
+  displayInfo?: StaffDisplayInfo;
+  invitedBy?: string;
   createdAt?: Timestamp;
   updatedAt?: Timestamp;
 }
@@ -38,6 +48,31 @@ export interface RolePermissionConfig {
   permissions: Record<string, boolean>;
 }
 
+/**
+ * Status of a staff invitation
+ */
+export enum StaffInviteStatus {
+  PENDING = 'pending',
+  ACCEPTED = 'accepted',
+  EXPIRED = 'expired',
+  CANCELLED = 'cancelled',
+}
+
+/**
+ * An invitation for a new staff member to join a clinic group
+ */
+export interface ClinicStaffInvite {
+  id: string;
+  email: string;
+  clinicGroupId: string;
+  role: ClinicRole;
+  token: string;
+  status: StaffInviteStatus;
+  invitedBy: string;
+  createdAt?: Timestamp;
+  expiresAt?: Timestamp;
+}
+
 /**
  * Usage limits for a given subscription tier.
  * All features are available on every tier — only usage is capped.