@gelabs/ovr 0.2.2 → 0.4.0

package/dist/data-prisma-store.js

@@ -1,13 +1,22 @@
 import { prisma } from './chunk-MKALJTAU.js';
-import { round2, computeCharges, makePaymentRef, fullName, addDays, makeBillNo, makeOrderOfPaymentNo, makeOvrTicketNo, enrich } from './chunk-B634JHKZ.js';
+import { SUPER_ADMIN_LOCKED_PERMISSIONS, ALL_PERMISSIONS } from './chunk-WUNTHINH.js';
+import { round2, computeCharges, makePaymentRef, fullName, addDays, makeBillNo, makeOrderOfPaymentNo, makeOvrTicketNo, enrich } from './chunk-BI4EGLPG.js';
 import 'server-only';
 
 var norm = (s) => s.trim().toLowerCase();
+function slugRole(label) {
+  return label.trim().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+}
+function normalizePerms(perms) {
+  const set = new Set(perms);
+  return ALL_PERMISSIONS.filter((p) => set.has(p));
+}
 var ticketInclude = {
   officer: true,
   violations: true,
   payment: true
 };
+var userInclude = { officer: true, roleRef: true };
 function toOfficer(o) {
   return {
     id: o.id,
@@ -16,6 +25,36 @@ function toOfficer(o) {
     office: o.office
   };
 }
+function toViolation(c) {
+  return {
+    code: c.code,
+    title: c.title,
+    category: c.category,
+    basicFine: c.basicFine.toNumber(),
+    legalText: c.legalText ?? void 0,
+    active: c.active
+  };
+}
+function toUserAccount(u) {
+  return {
+    id: u.id,
+    username: u.username,
+    role: u.role,
+    roleLabel: u.roleRef?.label,
+    active: u.active,
+    officerId: u.officerId ?? null,
+    officerName: u.officer?.name,
+    createdAt: u.createdAt.toISOString()
+  };
+}
+function toRoleDef(r) {
+  return {
+    name: r.name,
+    label: r.label,
+    isSystem: r.isSystem,
+    permissions: normalizePerms(r.permissions)
+  };
+}
 function toRecord(row) {
   const violator = {
     firstName: row.violatorFirstName,
@@ -46,6 +85,8 @@ function toRecord(row) {
     violations,
     remarks: row.remarks ?? void 0,
     issuedBy: row.issuedBy ?? void 0,
+    apprehendingEnforcerId: row.apprehendingEnforcerId ?? void 0,
+    apprehendingEnforcerName: row.apprehendingEnforcerName ?? void 0,
     assessedAt: row.assessedAt.toISOString(),
     dueDate: row.dueDate.toISOString(),
     basicFinesTotal: row.basicFinesTotal.toNumber(),
@@ -64,16 +105,66 @@ function createPrismaStore(rules) {
   const store = {
     async listViolationCatalog(category) {
       const items = await prisma.violationCatalog.findMany({
-        where: category ? { category } : void 0,
+        where: { active: true, ...category ? { category } : {} },
         orderBy: [{ category: "asc" }, { code: "asc" }]
       });
-      return items.map((c) => ({
-        code: c.code,
-        title: c.title,
-        category: c.category,
-        basicFine: c.basicFine.toNumber(),
-        legalText: c.legalText ?? void 0
-      }));
+      return items.map(toViolation);
+    },
+    // ── Violation catalog management (GE-031) ──────────────────────────────
+    async listAllViolations() {
+      const items = await prisma.violationCatalog.findMany({
+        orderBy: [{ category: "asc" }, { code: "asc" }]
+      });
+      return items.map(toViolation);
+    },
+    async createViolation(input) {
+      const code = input.code.trim();
+      if (!code) throw new Error("Violation code is required.");
+      const title = input.title.trim();
+      if (!title) throw new Error("Title is required.");
+      if (!(input.basicFine >= 0)) throw new Error("Basic fine must be \u2265 0.");
+      const existing = await prisma.violationCatalog.findUnique({
+        where: { code }
+      });
+      if (existing) {
+        throw new Error(`A violation with code "${code}" already exists.`);
+      }
+      const c = await prisma.violationCatalog.create({
+        data: {
+          code,
+          title,
+          category: input.category,
+          basicFine: round2(input.basicFine),
+          legalText: input.legalText?.trim() || null,
+          active: true
+        }
+      });
+      return toViolation(c);
+    },
+    async updateViolation(code, patch) {
+      const data = {};
+      if (patch.title !== void 0) {
+        const title = patch.title.trim();
+        if (!title) throw new Error("Title is required.");
+        data.title = title;
+      }
+      if (patch.category !== void 0) data.category = patch.category;
+      if (patch.basicFine !== void 0) {
+        if (!(patch.basicFine >= 0)) throw new Error("Basic fine must be \u2265 0.");
+        data.basicFine = round2(patch.basicFine);
+      }
+      if (patch.legalText !== void 0) {
+        data.legalText = patch.legalText?.trim() || null;
+      }
+      if (patch.active !== void 0) data.active = patch.active;
+      const c = await prisma.violationCatalog.update({ where: { code }, data });
+      return toViolation(c);
+    },
+    async deleteViolation(code) {
+      await prisma.violationCatalog.update({
+        where: { code },
+        data: { active: false }
+      });
     },
     async listOfficers() {
       const officers = await prisma.officer.findMany({
@@ -85,6 +176,49 @@ function createPrismaStore(rules) {
       const o = await prisma.officer.findUnique({ where: { id } });
       return o ? toOfficer(o) : null;
     },
+    async createOfficer(input) {
+      const name = input.name.trim();
+      if (!name) throw new Error("Officer name is required.");
+      const office = input.office.trim();
+      if (!office) throw new Error("Office is required.");
+      const id = `off-${slugRole(name)}`;
+      if (id === "off-") throw new Error("Officer name must include letters or numbers.");
+      const existing = await prisma.officer.findUnique({ where: { id } });
+      if (existing) throw new Error(`An officer "${name}" already exists.`);
+      const o = await prisma.officer.create({
+        data: { id, name, badgeNo: input.badgeNo?.trim() || null, office }
+      });
+      return toOfficer(o);
+    },
+    async updateOfficer(id, patch) {
+      const data = {};
+      if (patch.name !== void 0) {
+        const name = patch.name.trim();
+        if (!name) throw new Error("Officer name is required.");
+        data.name = name;
+      }
+      if (patch.office !== void 0) {
+        const office = patch.office.trim();
+        if (!office) throw new Error("Office is required.");
+        data.office = office;
+      }
+      if (patch.badgeNo !== void 0) data.badgeNo = patch.badgeNo?.trim() || null;
+      const o = await prisma.officer.update({ where: { id }, data });
+      return toOfficer(o);
+    },
+    async deleteOfficer(id) {
+      const tickets = await prisma.ticket.count({ where: { officerId: id } });
+      if (tickets > 0) {
+        throw new Error(
+          `Can't remove \u2014 this officer has ${tickets} issued ticket(s).`
+        );
+      }
+      const linked = await prisma.user.count({ where: { officerId: id } });
+      if (linked > 0) {
+        throw new Error("Can't remove \u2014 this officer is linked to an account.");
+      }
+      await prisma.officer.delete({ where: { id } });
+    },
     async createTicket(input) {
       const now = /* @__PURE__ */ new Date();
       const v = input.violator;
@@ -147,6 +281,8 @@ function createPrismaStore(rules) {
             placeOfViolation: input.placeOfViolation?.trim() || null,
             remarks: input.remarks?.trim() || null,
             issuedBy: input.issuedBy?.trim() || null,
+            apprehendingEnforcerId: input.apprehendingEnforcerId || null,
+            apprehendingEnforcerName: input.apprehendingEnforcerName?.trim() || null,
             officerId: officer.id,
             assessedAt: now,
             dueDate: addDays(now, rules.dueWindowDays),
@@ -231,6 +367,8 @@ function createPrismaStore(rules) {
             placeOfViolation: input.placeOfViolation?.trim() || null,
             remarks: input.remarks?.trim() || null,
             issuedBy: input.issuedBy?.trim() || null,
+            apprehendingEnforcerId: input.apprehendingEnforcerId || null,
+            apprehendingEnforcerName: input.apprehendingEnforcerName?.trim() || null,
             officerId: officer.id,
             assessedAt: created,
             dueDate: addDays(created, rules.dueWindowDays),
@@ -342,6 +480,178 @@ function createPrismaStore(rules) {
           }) === todayKey
         ).length
       };
+    },
+    // ── Accounts (GE-013 RBAC) ──────────────────────────────────────────────
+    async listUsers() {
+      const rows = await prisma.user.findMany({
+        include: userInclude,
+        orderBy: { createdAt: "desc" }
+      });
+      return rows.map(toUserAccount);
+    },
+    async createUser(input) {
+      const username = input.username.trim();
+      if (!username) throw new Error("Username is required.");
+      const role = await prisma.role.findUnique({ where: { name: input.role } });
+      if (!role) throw new Error(`Unknown role: ${input.role}`);
+      const existing = await prisma.user.findUnique({ where: { username } });
+      if (existing) throw new Error(`Username "${username}" is already taken.`);
+      const row = await prisma.user.create({
+        data: {
+          username,
+          passwordHash: input.passwordHash,
+          role: input.role,
+          active: true,
+          officerId: input.officerId ?? null
+        },
+        include: userInclude
+      });
+      return toUserAccount(row);
+    },
+    async setUserActive(id, active) {
+      const row = await prisma.user.update({
+        where: { id },
+        data: { active },
+        include: userInclude
+      });
+      return toUserAccount(row);
+    },
+    async setUserRole(id, role) {
+      const exists = await prisma.role.findUnique({ where: { name: role } });
+      if (!exists) throw new Error(`Unknown role: ${role}`);
+      const row = await prisma.user.update({
+        where: { id },
+        data: { role },
+        include: userInclude
+      });
+      return toUserAccount(row);
+    },
+    async updateUser(id, patch) {
+      const data = {};
+      if (patch.username !== void 0) {
+        const username = patch.username.trim();
+        if (!username) throw new Error("Username is required.");
+        const existing = await prisma.user.findUnique({ where: { username } });
+        if (existing && existing.id !== id) {
+          throw new Error(`Username "${username}" is already taken.`);
+        }
+        data.username = username;
+      }
+      if (patch.role !== void 0) {
+        const role = await prisma.role.findUnique({ where: { name: patch.role } });
+        if (!role) throw new Error(`Unknown role: ${patch.role}`);
+        data.roleRef = { connect: { name: patch.role } };
+      }
+      if (patch.officerId !== void 0) {
+        data.officer = patch.officerId ? { connect: { id: patch.officerId } } : { disconnect: true };
+      }
+      const row = await prisma.user.update({
+        where: { id },
+        data,
+        include: userInclude
+      });
+      return toUserAccount(row);
+    },
+    async resetUserPassword(id, passwordHash) {
+      await prisma.user.update({ where: { id }, data: { passwordHash } });
+    },
+    // ── Roles (GE-013 RBAC) ─────────────────────────────────────────────────
+    async listRoles() {
+      const rows = await prisma.role.findMany({
+        orderBy: [{ isSystem: "desc" }, { label: "asc" }]
+      });
+      return rows.map(toRoleDef);
+    },
+    async getRolePermissions(name) {
+      const r = await prisma.role.findUnique({ where: { name } });
+      return r ? normalizePerms(r.permissions) : [];
+    },
+    async createRole(input) {
+      const label = input.label.trim();
+      if (!label) throw new Error("Role name is required.");
+      const name = slugRole(label);
+      if (!name) throw new Error("Role name must include letters or numbers.");
+      const existing = await prisma.role.findUnique({ where: { name } });
+      if (existing) throw new Error(`A role named "${label}" already exists.`);
+      const row = await prisma.role.create({
+        data: {
+          name,
+          label,
+          isSystem: false,
+          permissions: normalizePerms(input.permissions)
+        }
+      });
+      return toRoleDef(row);
+    },
+    async updateRole(name, patch) {
+      const role = await prisma.role.findUnique({ where: { name } });
+      if (!role) throw new Error("Role not found.");
+      const data = {};
+      if (patch.label !== void 0 && !role.isSystem) {
+        const label = patch.label.trim();
+        if (!label) throw new Error("Role name is required.");
+        data.label = label;
+      }
+      if (patch.permissions !== void 0) {
+        let perms = normalizePerms(patch.permissions);
+        if (name === "SUPER_ADMIN") {
+          perms = normalizePerms([...perms, ...SUPER_ADMIN_LOCKED_PERMISSIONS]);
+        }
+        data.permissions = perms;
+      }
+      const row = await prisma.role.update({ where: { name }, data });
+      return toRoleDef(row);
+    },
+    async deleteRole(name) {
+      const role = await prisma.role.findUnique({ where: { name } });
+      if (!role) throw new Error("Role not found.");
+      if (role.isSystem) throw new Error("System roles can't be deleted.");
+      const inUse = await prisma.user.count({ where: { role: name } });
+      if (inUse > 0) {
+        throw new Error(
+          `Can't delete "${role.label}" \u2014 it's assigned to ${inUse} account(s).`
+        );
+      }
+      await prisma.role.delete({ where: { name } });
+    },
+    // ── Activity log (GE-022) ───────────────────────────────────────────────
+    async logActivity(entry) {
+      await prisma.activityLog.create({
+        data: {
+          actorId: entry.actorId ?? null,
+          actorUsername: entry.actorUsername ?? null,
+          action: entry.action,
+          summary: entry.summary,
+          targetType: entry.targetType ?? null,
+          targetId: entry.targetId ?? null
+        }
+      });
+    },
+    async listActivity(filter) {
+      const where = {};
+      if (filter?.action) where.action = filter.action;
+      if (filter?.actorId) where.actorId = filter.actorId;
+      if (filter?.fromISO || filter?.toISO) {
+        const range = {};
+        if (filter.fromISO) range.gte = new Date(filter.fromISO);
+        if (filter.toISO) range.lte = new Date(filter.toISO);
+        where.createdAt = range;
+      }
+      const rows = await prisma.activityLog.findMany({
+        where,
+        orderBy: { createdAt: "desc" },
+        take: Math.min(Math.max(filter?.limit ?? 200, 1), 1e3)
+      });
+      return rows.map((r) => ({
+        id: r.id,
+        actorId: r.actorId ?? null,
+        actorUsername: r.actorUsername ?? null,
+        action: r.action,
+        summary: r.summary,
+        targetType: r.targetType ?? void 0,
+        targetId: r.targetId ?? void 0,
+        createdAt: r.createdAt.toISOString()
+      }));
     }
   };
   return store;

package/dist/data-seed-runner.js

@@ -1,6 +1,18 @@
 // ../ovr-data/src/seed-runner.ts
 async function seedRunner(prisma, data) {
-  const { catalog, officers, tickets, users, passwordHash } = data;
+  const { catalog, officers, tickets, users, roles, passwordHash } = data;
+  for (const r of roles) {
+    await prisma.role.upsert({
+      where: { name: r.name },
+      update: { label: r.label, isSystem: r.isSystem, permissions: r.permissions },
+      create: {
+        name: r.name,
+        label: r.label,
+        isSystem: r.isSystem,
+        permissions: r.permissions
+      }
+    });
+  }
   for (const o of officers) {
     await prisma.officer.upsert({
       where: { id: o.id },
@@ -77,21 +89,12 @@ async function seedRunner(prisma, data) {
     });
   }
   for (const u of users) {
+    const role = u.role ?? "ENFORCER";
+    const officerId = u.officerId ?? null;
     await prisma.user.upsert({
       where: { username: u.username },
-      update: {
-        passwordHash,
-        role: "ENFORCER",
-        active: true,
-        officerId: u.officerId
-      },
-      create: {
-        username: u.username,
-        passwordHash,
-        role: "ENFORCER",
-        active: true,
-        officerId: u.officerId
-      }
+      update: { passwordHash, role, active: true, officerId },
+      create: { username: u.username, passwordHash, role, active: true, officerId }
     });
   }
   await prisma.$executeRawUnsafe(`
@@ -102,7 +105,7 @@ async function seedRunner(prisma, data) {
     )
   `);
   console.log(
-    `\u2713 Seed complete: ${officers.length} officers, ${catalog.length} catalog items, ${tickets.length} tickets, ${users.length} users.`
+    `\u2713 Seed complete: ${roles.length} roles, ${officers.length} officers, ${catalog.length} catalog items, ${tickets.length} tickets, ${users.length} users.`
   );
 }
 

package/dist/data.d.ts

@@ -1,4 +1,4 @@
-import { ViolationCatalogItem, Officer, TicketRecord, ViolationCategory, Violator, Ticket, TicketStatus, PaymentMethod } from './types.js';
+import { ViolationCatalogItem, Officer, TicketRecord, UserAccount, RoleDef, ViolationCategory, NewViolationInput, NewOfficerInput, Violator, Ticket, TicketStatus, PaymentMethod, NewUserInput, Permission, NewRoleInput, NewActivityInput, ActivityFilter, ActivityLog } from './types.js';
 
 /**
  * The data-access contract. UI code depends ONLY on this interface — never on a
@@ -19,6 +19,8 @@ interface NewTicketInput {
     }[];
     remarks?: string;
     issuedBy?: string;
+    apprehendingEnforcerId?: string;
+    apprehendingEnforcerName?: string;
 }
 /** An offline-issued ticket pushed to the server (client-assigned number + time). */
 interface PushTicketInput extends NewTicketInput {
@@ -42,9 +44,26 @@ interface TicketStats {
     issuedToday: number;
 }
 interface DataStore {
+    /** ACTIVE catalog entries only (what enforcers may issue against). */
     listViolationCatalog(category?: ViolationCategory): Promise<ViolationCatalogItem[]>;
+    /** ALL catalog entries incl. archived — for the admin Violations manager. */
+    listAllViolations(): Promise<ViolationCatalogItem[]>;
+    /** Add a catalog entry (code is the id; must be unique). */
+    createViolation(input: NewViolationInput): Promise<ViolationCatalogItem>;
+    /** Edit an entry's title/category/fine/legalText, or (un)archive it. */
+    updateViolation(code: string, patch: Partial<Omit<NewViolationInput, "code">> & {
+        active?: boolean;
+    }): Promise<ViolationCatalogItem>;
+    /** Archive an entry (soft-delete: active=false) so old tickets stay resolvable. */
+    deleteViolation(code: string): Promise<void>;
     listOfficers(): Promise<Officer[]>;
     getOfficer(id: string): Promise<Officer | null>;
+    /** Add an apprehending officer (id is slugified from the name; must be unique). */
+    createOfficer(input: NewOfficerInput): Promise<Officer>;
+    /** Edit an officer's name / badge / office. */
+    updateOfficer(id: string, patch: Partial<NewOfficerInput>): Promise<Officer>;
+    /** Remove an officer. Throws if they have issued tickets or are linked to an account. */
+    deleteOfficer(id: string): Promise<void>;
     createTicket(input: NewTicketInput): Promise<Ticket>;
     /** Reserve a block of global ticket-sequence numbers (offline ID leasing). */
     leaseSeqs(count: number): Promise<{
@@ -58,6 +77,40 @@ interface DataStore {
     listTickets(filter?: TicketFilter): Promise<Ticket[]>;
     payTicket(ovrTicketNo: string, payment: NewPaymentInput): Promise<Ticket>;
     stats(): Promise<TicketStats>;
+    /** All accounts, newest first (never includes the password hash). */
+    listUsers(): Promise<UserAccount[]>;
+    /** Create an account. Throws if the username is already taken. */
+    createUser(input: NewUserInput): Promise<UserAccount>;
+    /** Activate / deactivate an account (soft enable/disable of login). */
+    setUserActive(id: string, active: boolean): Promise<UserAccount>;
+    /** Change a role (must be an existing role name). */
+    setUserRole(id: string, role: string): Promise<UserAccount>;
+    /** Edit an account's username / role / linked officer (any subset). */
+    updateUser(id: string, patch: {
+        username?: string;
+        role?: string;
+        officerId?: string | null;
+    }): Promise<UserAccount>;
+    /** Replace the password hash (admin-initiated reset). */
+    resetUserPassword(id: string, passwordHash: string): Promise<void>;
+    /** All roles (system first, then custom), for the Roles editor + account dropdown. */
+    listRoles(): Promise<RoleDef[]>;
+    /** Effective permissions for a role name ([] if the role is unknown). */
+    getRolePermissions(name: string): Promise<Permission[]>;
+    /** Create a custom role (name is slugified from the label; must be unique). */
+    createRole(input: NewRoleInput): Promise<RoleDef>;
+    /** Update a role's label and/or permissions. SUPER_ADMIN keeps its locked perms. */
+    updateRole(name: string, patch: {
+        label?: string;
+        permissions?: Permission[];
+    }): Promise<RoleDef>;
+    /** Delete a custom role. Throws if it's a system role or still assigned to a user. */
+    deleteRole(name: string): Promise<void>;
+    /** Record an audit-trail entry (append-only; never throws on a logging failure
+     *  in callers — treat as best-effort). */
+    logActivity(entry: NewActivityInput): Promise<void>;
+    /** List activity newest-first, optionally filtered (action / actor / date / limit). */
+    listActivity(filter?: ActivityFilter): Promise<ActivityLog[]>;
 }
 /** Seed data injected into the mock store factory (per-LGU, app-owned). */
 interface MockSeed {
@@ -65,11 +118,17 @@ interface MockSeed {
     OFFICERS: Officer[];
     SEED_TICKETS: TicketRecord[];
     SEED_NEXT_SEQ: number;
+    /** Accounts shown in the mock accounts UI (mock login still uses the demo cookie). */
+    USERS: UserAccount[];
+    /** Roles available in the mock Roles editor + account dropdown. */
+    ROLES: RoleDef[];
 }
-/** One enforcer login (links a username to an officer). */
+/** One seeded login. Defaults to an ENFORCER linked to an officer; a SUPER_ADMIN
+ *  or ADMIN may omit `officerId`. `role` is a role name. */
 interface SeedUser {
     username: string;
-    officerId: string;
+    officerId?: string | null;
+    role?: string;
 }
 /** Everything the Postgres seed runner needs (argon2 hash pre-computed). */
 interface SeedData {
@@ -77,6 +136,8 @@ interface SeedData {
     officers: Officer[];
     tickets: TicketRecord[];
     users: SeedUser[];
+    /** Roles to upsert (system roles seeded from SYSTEM_ROLES). */
+    roles: RoleDef[];
     /** argon2 hash of the demo password — computed by the app (keeps argon2 out of this package). */
     passwordHash: string;
 }