@goplusvn/core 0.1.6 → 0.1.8

package/CHANGELOG.md

@@ -1,6 +1,45 @@
 # Changelog
 
-## Unreleased — platform foundation extraction
+## 0.1.8 — branding wiring + auth/rbac unification + clean typecheck
+
+- **Single source for permission checks (security fix).** `@goerp/core/rbac`
+  used to ship its own copy of `checkPermission` / `getUserPermissions` /
+  `getCrudPermissionsFromSession` / … which had drifted from `@goerp/core/auth`
+  — it still allowed `BYPASS_AUTH` in production and denied admins with no
+  explicit permission rows. `rbac` now re-exports these from the hardened `auth`
+  module (bypass dev-only, admin-before-empty-guard), so the two can't diverge.
+
+
+- **Branding via `TenantProvider`.** `Logo`/`LogoCompact` now resolve their image,
+  company name and tagline from `props → TenantProvider branding → defaults`, so a
+  new app re-skins by wrapping with `<TenantProvider tenant={{ branding }}>` (or
+  passing `logoSrc`/`companyName`/`tagline` props) instead of hardcoding. Added a
+  non-throwing `useOptionalTenant()` hook and a `tagline` field to `TenantBranding`.
+  `TenantProvider` also applies `branding.primaryColor` (an HSL triple) to
+  `--primary`/`--accent-primary` at runtime, so the brand color is config-driven
+  too. Fully backward compatible (no provider/props → previous GoERP defaults).
+- **Core now type-checks clean (0 errors).** Fixed the `system/categories`
+  components that imported the consumer alias `@goerp/core/ui` from inside the
+  package (unresolvable in core's own tsconfig → cascaded into implicit-any in
+  their event handlers); switched to relative imports.
+- **Standard entity configs.** `@goerp/core/configs/entities` now ships canonical
+  `EntityConfig`s (starting with `departmentsConfig`, plus the previously
+  unexported `materialCategoriesConfig`) so apps import + spread-to-override
+  instead of copy-pasting near-identical configs.
+
+## 0.1.7 — auth hardening
+
+Hardened `@goerp/core/auth` so the Vinh Hoa app (and others) can consolidate
+their hand-copied RBAC clones onto core without regressing two safety behaviors:
+
+- **Bypass is dev-only.** `BYPASS_AUTH` now requires `NODE_ENV !== "production"`,
+  so a `BYPASS_AUTH=1` env left set on a prod deploy can no longer disable all
+  permission checks.
+- **Admin-before-empty-permissions.** `checkPermission` now evaluates the
+  admin-role bypass BEFORE the empty-permissions guard, so an admin who relies on
+  their role (no explicit permission rows) is no longer denied everything.
+
+## 0.1.6 — platform foundation extraction
 
 Promoted the cross-cutting platform layer out of the Vinh Hoa reference app into
 core so every app inherits the same design system + infrastructure and only

package/PLATFORM.md

@@ -31,6 +31,53 @@ Use semantic tokens, never the raw Tailwind palette: `text-muted-foreground` not
 `text-slate-500`, `bg-card` not `bg-white`, `text-destructive` not `text-red-600`.
 Editing `base.css` reskins every app at once.
 
+## Branding (logo / company name)
+
+Wrap the app shell with `TenantProvider` — `Logo`/`LogoCompact` (used by the
+sidebar/header) then render the app's logo, name and tagline from config instead
+of the GoERP defaults. No provider → defaults (backward compatible).
+
+```tsx
+import { TenantProvider } from "@goerp/core/providers"
+
+<TenantProvider
+  tenant={{
+    id: "tanloc",
+    name: "Tấn Lộc",
+    branding: {
+      logo: "/logo.png",
+      companyName: "Tấn Lộc",
+      tagline: "Suất ăn CN",
+      primaryColor: "262 83% 58%", // HSL triple → re-skins --primary at runtime
+      favicon: "/favicon.ico",
+    },
+    currency: "VND",
+  }}
+>
+  <MainLayout>{children}</MainLayout>
+</TenantProvider>
+```
+
+`primaryColor` (an HSL triple, no `hsl()` wrapper) reskins the whole app's brand
+token at runtime — no globals edit needed. `favicon` is data the app reads in its
+metadata. Read branding anywhere via `useOptionalTenant()` (non-throwing); for a
+one-off, `Logo` also accepts `logoSrc` / `companyName` / `tagline` props.
+
+## Standard entity configs
+
+Core ships canonical configs for org entities so apps don't copy-paste them.
+Import and override by spreading:
+
+```ts
+import { departmentsConfig } from "@goerp/core/configs/entities"
+
+// use as-is, or tweak:
+export const departments = { ...departmentsConfig, apiEndpoint: "/api/org/departments" }
+```
+
+These drive the core CRUD engine (`@goerp/core/crud`) — declare an `EntityConfig`
+(fields/filters/permissions/features) and you get table/form/import/export.
+
 ## Errors
 
 Bind the db-injected factories once, then use `serverError` in every catch block.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@goplusvn/core",
   "description": "GoPlusVN Platform Kit - ERP kernel: layout, RBAC, CRUD, multi-tenant, system pages",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "private": false,
   "publishConfig": {
     "registry": "https://registry.npmjs.org",
@@ -49,6 +49,7 @@
     "./utils/date-utils": "./src/utils/date-utils.ts",
     "./utils/cccd-parser": "./src/utils/cccd-parser.ts",
     "./configs/status": "./src/configs/status.ts",
+    "./configs/entities": "./src/configs/entities/index.ts",
     "./package.json": "./package.json"
   },
   "peerDependencies": {

package/src/auth/index.ts

@@ -43,8 +43,11 @@ export interface CrudPermissionResult {
 // ============================================================================
 
 const ADMIN_ROLE_CODE = "admin";
+// Auth bypass is a DEV-ONLY escape hatch — never allow it in production, even if
+// the env var is accidentally left set on a prod deploy.
 const BYPASS_AUTH =
-  process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
+  process.env.NODE_ENV !== "production" &&
+  (process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1");
 
 // Action code mapping
 const ACTION_CODES: Record<string, string> = {
@@ -186,11 +189,8 @@ export function checkPermission(
   if (!session?.user) return false;
   const user = session.user as ExtendedUser;
 
-  if (!user.permissions || user.permissions.length === 0) {
-    return false;
-  }
-
-  // Admin role bypass
+  // Admin role bypass — checked BEFORE the empty-permissions guard so an admin
+  // who relies on their role (no explicit permission rows) is not locked out.
   if (
     user.roles?.includes(ADMIN_ROLE_CODE) ||
     user.roles?.includes("SUPER_ADMIN")
@@ -198,6 +198,10 @@ export function checkPermission(
     return true;
   }
 
+  if (!user.permissions || user.permissions.length === 0) {
+    return false;
+  }
+
   return user.permissions.some(
     (p) => p.resourceCode === resourceCode && p.actionCode === actionCode,
   );

package/src/configs/entities/departments.config.ts

@@ -0,0 +1,140 @@
+import { Building2 } from "lucide-react";
+
+import type { EntityConfig } from "../../types";
+
+import { STATUS_OPTIONS } from "../status";
+
+/**
+ * Canonical "Phòng ban" (department) entity config — the org-structure entity
+ * every business app needs. Apps import this instead of copy-pasting it, and
+ * override fields by spreading: `{ ...departmentsConfig, apiEndpoint: "..." }`.
+ */
+export const departmentsConfig: EntityConfig = {
+  name: "department",
+  permissionResource: "department",
+  label: "Phòng ban",
+  pluralLabel: "Phòng ban",
+  icon: Building2,
+  description: "Quản lý cơ cấu tổ chức phòng ban",
+  apiEndpoint: "/api/departments",
+  idField: "id",
+  displayField: "name",
+
+  fields: [
+    {
+      name: "id",
+      label: "ID",
+      type: "text",
+      hideInForm: true,
+      hideInTable: true,
+    },
+    {
+      name: "code",
+      label: "Mã phòng ban",
+      type: "text",
+      required: true,
+      placeholder: "VD: IT, HR, SALES",
+      filterable: true,
+      width: 120,
+    },
+    {
+      name: "name",
+      label: "Tên phòng ban",
+      type: "text",
+      required: true,
+      placeholder: "Nhập tên phòng ban",
+      filterable: true,
+    },
+    {
+      name: "description",
+      label: "Mô tả",
+      type: "textarea",
+      placeholder: "Nhập mô tả phòng ban",
+      hideInTable: true,
+    },
+    {
+      name: "parentId",
+      label: "Phòng ban cha",
+      type: "select",
+      placeholder: "Chọn phòng ban cha (nếu có)",
+      dataSource: {
+        type: "api",
+        endpoint: "/api/departments",
+        labelField: "name",
+        valueField: "id",
+        searchable: true,
+      },
+      hideInTable: true,
+    },
+    {
+      name: "parentName",
+      label: "Phòng ban cha",
+      type: "text",
+      hideInForm: true,
+      isDisplayOnly: true,
+    },
+    {
+      name: "order",
+      label: "Thứ tự",
+      type: "number",
+      defaultValue: 0,
+      placeholder: "Thứ tự hiển thị",
+      width: 80,
+    },
+    {
+      name: "status",
+      label: "Trạng thái",
+      type: "switch",
+      required: true,
+      defaultValue: "active",
+      filterable: true,
+      options: STATUS_OPTIONS,
+    },
+    {
+      name: "createdAt",
+      label: "Ngày tạo",
+      type: "datetime",
+      hideInForm: true,
+      width: 120,
+      renderCell: (value) =>
+        new Date(value as string).toLocaleDateString("vi-VN"),
+    },
+  ],
+
+  filters: [
+    {
+      name: "search",
+      label: "Tìm kiếm",
+      type: "text",
+      field: "name",
+      operator: "contains",
+    },
+    {
+      name: "status",
+      label: "Trạng thái",
+      type: "select",
+      field: "status",
+      operator: "eq",
+      options: [
+        { label: "Hoạt động", value: "active" },
+        { label: "Vô hiệu hóa", value: "inactive" },
+      ],
+    },
+  ],
+
+  permissions: {
+    create: true,
+    read: true,
+    update: true,
+    delete: true,
+    export: true,
+    import: true,
+  },
+
+  features: {
+    search: true,
+    bulkActions: true,
+    export: true,
+    import: true,
+  },
+};

package/src/configs/entities/index.ts

@@ -0,0 +1,4 @@
+// Canonical entity configs shipped by core. Apps import these instead of
+// copy-pasting, and override by spreading: `{ ...departmentsConfig, ... }`.
+export { departmentsConfig } from "./departments.config";
+export { materialCategoriesConfig } from "./material-categories.config";

package/src/providers/tenant-provider.tsx

@@ -4,7 +4,14 @@ import React, { createContext, useContext } from "react";
 export interface TenantBranding {
   logo?: string;
   companyName: string;
+  /** Subtitle shown under the company name in the logo (e.g. "ERP System"). */
+  tagline?: string;
+  /**
+   * Brand color as an HSL triple, e.g. "262 83% 58%" (no `hsl(...)` wrapper).
+   * Applied at runtime to `--primary` / `--accent-primary` by TenantProvider.
+   */
   primaryColor?: string;
+  /** Favicon URL — apps read `tenant.branding.favicon` in their metadata. */
   favicon?: string;
 }
 
@@ -29,8 +36,18 @@ interface TenantProviderProps {
 }
 
 export function TenantProvider({ children, tenant }: TenantProviderProps) {
+  const { primaryColor } = tenant.branding;
   return (
     <TenantContext.Provider value={{ tenant }}>
+      {primaryColor && (
+        // Re-skin the brand token at runtime so the whole app follows the
+        // tenant color. Rendered after the imported base.css → wins the cascade.
+        <style
+          dangerouslySetInnerHTML={{
+            __html: `:root{--primary:${primaryColor};--accent-primary:${primaryColor};}`,
+          }}
+        />
+      )}
       {children}
     </TenantContext.Provider>
   );
@@ -43,3 +60,12 @@ export function useTenantContext() {
   }
   return context;
 }
+
+/**
+ * Non-throwing variant: returns the tenant config if inside a TenantProvider,
+ * otherwise `undefined`. Lets shared components (e.g. Logo) read branding
+ * without forcing every app to mount a provider.
+ */
+export function useOptionalTenant(): TenantConfig | undefined {
+  return useContext(TenantContext)?.tenant;
+}

package/src/rbac/index.ts

@@ -116,179 +116,21 @@ interface ExtendedUser {
   permissions?: Permission[];
 }
 
-export function getUserPermissions(session: Session | null): Permission[] {
-  if (!session?.user) return [];
-  const user = session.user as ExtendedUser;
+// Permission checks now live in a single hardened source: @goerp/core/auth
+// (bypass is dev-only; the admin role is honored BEFORE the empty-permissions
+// guard). Re-exported here so existing @goerp/core/rbac consumers are unchanged
+// and can never diverge from auth again.
+export {
+  getUserPermissions,
+  getCrudPermissionsFromSession,
+  checkPermission,
+  hasPermission,
+  requirePermission,
+  hasRole,
+  hasAnyRole,
+  isAdmin,
+} from "../auth";
 
-  if (!user.permissions) {
-    return [];
-  }
-  return user.permissions;
-}
-
-const BYPASS_AUTH =
-  process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
-
-const ADMIN_ROLE_CODES = ["admin", "SUPER_ADMIN"];
-
-export function getCrudPermissionsFromSession(
-  session: Session | null,
-  entity: string,
-): {
-  create: boolean;
-  view: boolean;
-  update: boolean;
-  delete: boolean;
-  export: boolean;
-  import: boolean;
-  approve: boolean;
-  reject: boolean;
-} {
-  if (BYPASS_AUTH) {
-    return {
-      create: true,
-      view: true,
-      update: true,
-      delete: true,
-      export: true,
-      import: true,
-      approve: true,
-      reject: true,
-    };
-  }
-
-  if (!session?.user) {
-    return {
-      create: false,
-      view: false,
-      update: false,
-      delete: false,
-      export: false,
-      import: false,
-      approve: false,
-      reject: false,
-    };
-  }
-
-  const user = session.user as ExtendedUser;
-
-  if (!user.id) {
-    return {
-      create: false,
-      view: false,
-      update: false,
-      delete: false,
-      export: false,
-      import: false,
-      approve: false,
-      reject: false,
-    };
-  }
-
-  const isAdmin = user.roles?.some((role) => ADMIN_ROLE_CODES.includes(role));
-  if (isAdmin) {
-    return {
-      create: true,
-      view: true,
-      update: true,
-      delete: true,
-      export: true,
-      import: true,
-      approve: true,
-      reject: true,
-    };
-  }
-
-  const permissions = user.permissions || [];
-  const permissionKeys = new Set(
-    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`),
-  );
-
-  const hasPermission = (action: string) => {
-    const key = `${entity}:${action}`;
-    return permissionKeys.has(key);
-  };
-
-  return {
-    create: hasPermission(getActionCode("create")),
-    view: hasPermission(getActionCode("view")),
-    update: hasPermission(getActionCode("update")),
-    delete: hasPermission(getActionCode("delete")),
-    export: hasPermission(getActionCode("export")),
-    import: hasPermission(getActionCode("import")),
-    approve: hasPermission(getActionCode("approve")),
-    reject: hasPermission(getActionCode("reject")),
-  };
-}
-
-export function checkPermission(
-  session: Session | null,
-  resourceCode: string,
-  actionCode: string,
-): boolean {
-  if (BYPASS_AUTH) {
-    return true;
-  }
-
-  if (!session?.user) return false;
-  const user = session.user as ExtendedUser;
-
-  if (!user.permissions || user.permissions.length === 0) {
-    return false;
-  }
-
-  if (user.roles?.some((role) => ADMIN_ROLE_CODES.includes(role))) {
-    return true;
-  }
-
-  const permissionKey = `${resourceCode}:${actionCode}`;
-  return user.permissions.some(
-    (p) => p.resourceCode === resourceCode && p.actionCode === actionCode,
-  );
-}
-
-export function hasPermission(
-  session: Session | null,
-  resourceCode: string,
-  actionCode: string,
-): boolean {
-  return checkPermission(session, resourceCode, actionCode);
-}
-
-export function requirePermission(
-  session: Session | null,
-  resourceCode: string,
-  actionCode: string,
-): void {
-  if (!checkPermission(session, resourceCode, actionCode)) {
-    throw new Error(
-      `Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`,
-    );
-  }
-}
-
-export function hasRole(session: Session | null, roleCode: string): boolean {
-  if (!session?.user) return false;
-  const user = session.user as ExtendedUser;
-
-  if (!user.roles) {
-    return false;
-  }
-  return user.roles.includes(roleCode);
-}
-
-export function hasAnyRole(
-  session: Session | null,
-  roleCodes: string[],
-): boolean {
-  if (!session?.user) return false;
-  const user = session.user as ExtendedUser;
-
-  if (!user.roles) {
-    return false;
-  }
-  return roleCodes.some((role) => user.roles!.includes(role));
-}
 export * from "./permission-service";
 export * from "./role-service";
 export * from "./resource-service";

package/src/system/pages/components/categories/category-list.tsx

@@ -43,7 +43,7 @@ import {
   SelectValue,
   Switch,
   Checkbox,
-} from "@goerp/core/ui";
+} from "../../../../ui";
 
 interface CategoryListProps {
   group: SystemCategoryGroup;

package/src/system/pages/components/categories/category-manager.tsx

@@ -4,7 +4,7 @@ import { useState } from "react";
 import { Search } from "lucide-react";
 
 import type { SystemCategoryGroup } from "../../../types";
-import { Input } from "@goerp/core/ui";
+import { Input } from "../../../../ui";
 import { GroupSidebar } from "./group-sidebar";
 import { CategoryList } from "./category-list";
 

package/src/system/pages/components/categories/group-sidebar.tsx

@@ -11,7 +11,7 @@ import {
   DropdownMenuItem,
   DropdownMenuTrigger,
   ScrollArea,
-} from "@goerp/core/ui";
+} from "../../../../ui";
 import { cn } from "../../../../utils";
 // Assuming we'll implement these dialogs or use generic ones
 // For now, I'll assume we might use a generic form or specific dialogs
@@ -34,7 +34,7 @@ import {
   FormMessage,
   Input as FormInput,
   Textarea,
-} from "@goerp/core/ui";
+} from "../../../../ui";
 import { systemCategoryGroupSchema } from "../../../schemas/system-category-group.schema";
 
 interface GroupSidebarProps {

package/src/ui/layout/logo.tsx

@@ -2,13 +2,24 @@
 
 import Image from "next/image";
 
+import { useOptionalTenant } from "../../providers/tenant-provider";
 import { cn } from "../../utils";
 
+// Defaults used when neither props nor a TenantProvider supply branding — keeps
+// the component working out of the box (and backward compatible).
+const DEFAULT_LOGO_SRC = "/images/logos/goeat_logo.png";
+const DEFAULT_COMPANY = "GoERP";
+const DEFAULT_TAGLINE = "ERP System";
+
 interface LogoProps {
   className?: string;
   size?: "sm" | "md" | "lg" | "xl" | "2xl";
   showText?: boolean;
   collapsed?: boolean;
+  /** Direct overrides. Otherwise read from TenantProvider branding, else defaults. */
+  logoSrc?: string;
+  companyName?: string;
+  tagline?: string;
 }
 
 const sizeMap = {
@@ -24,14 +35,21 @@ export function Logo({
   size = "md",
   showText = true,
   collapsed = false,
+  logoSrc,
+  companyName,
+  tagline,
 }: LogoProps) {
+  const branding = useOptionalTenant()?.branding;
+  const src = logoSrc ?? branding?.logo ?? DEFAULT_LOGO_SRC;
+  const name = companyName ?? branding?.companyName ?? DEFAULT_COMPANY;
+  const sub = tagline ?? branding?.tagline ?? DEFAULT_TAGLINE;
   const dimensions = sizeMap[size];
 
   return (
     <div className={cn("flex items-center gap-2", className)}>
       <Image
-        src="/images/logos/goeat_logo.png"
-        alt="GoERP Logo"
+        src={src}
+        alt={`${name} Logo`}
         width={dimensions.width}
         height={dimensions.height}
         className="object-contain"
@@ -39,20 +57,34 @@ export function Logo({
       />
       {showText && !collapsed && (
         <div className="flex flex-col leading-none">
-          <span className="text-base font-bold text-foreground">GoERP</span>
-          <span className="text-[11px] text-muted-foreground">ERP System</span>
+          <span className="text-base font-bold text-foreground">{name}</span>
+          {sub && (
+            <span className="text-[11px] text-muted-foreground">{sub}</span>
+          )}
         </div>
       )}
     </div>
   );
 }
 
-export function LogoCompact({ className }: { className?: string }) {
+export function LogoCompact({
+  className,
+  logoSrc,
+  companyName,
+}: {
+  className?: string;
+  logoSrc?: string;
+  companyName?: string;
+}) {
+  const branding = useOptionalTenant()?.branding;
+  const src = logoSrc ?? branding?.logo ?? DEFAULT_LOGO_SRC;
+  const name = companyName ?? branding?.companyName ?? DEFAULT_COMPANY;
+
   return (
     <div className={cn("flex items-center justify-center", className)}>
       <Image
-        src="/images/logos/goeat_logo.png"
-        alt="GoERP"
+        src={src}
+        alt={name}
         width={32}
         height={32}
         className="object-contain"