npm - @hed-hog/contact - Versions diffs - 0.0.333 → 0.0.338 - Mend

@hed-hog/contact 0.0.333 → 0.0.338

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/dist/person/person.controller.d.ts +6 -7
package/dist/person/person.controller.d.ts.map +1 -1
package/dist/person/person.controller.js +7 -3
package/dist/person/person.controller.js.map +1 -1
package/dist/person/person.service.d.ts +5 -2
package/dist/person/person.service.d.ts.map +1 -1
package/dist/person/person.service.js +57 -5
package/dist/person/person.service.js.map +1 -1
package/hedhog/data/role.yaml +9 -1
package/hedhog/frontend/app/_components/person-picker.tsx.ejs +4 -4
package/hedhog/frontend/app/accounts/page.tsx.ejs +6 -1
package/hedhog/frontend/app/activities/page.tsx.ejs +6 -1
package/hedhog/frontend/app/contact-type/page.tsx.ejs +6 -1
package/hedhog/frontend/app/document-type/page.tsx.ejs +6 -1
package/hedhog/frontend/app/follow-ups/page.tsx.ejs +6 -1
package/hedhog/frontend/app/person/_components/person-form-sheet.tsx.ejs +14 -24
package/hedhog/frontend/app/person/_components/person-import-sheet.tsx.ejs +102 -102
package/hedhog/frontend/app/person/page.tsx.ejs +6 -1
package/hedhog/frontend/app/proposals/_components/proposal-form-sheet.tsx.ejs +1306 -1306
package/hedhog/frontend/app/proposals/_components/proposal-types.ts.ejs +172 -172
package/hedhog/frontend/app/proposals/_components/proposals-management-page.tsx.ejs +74 -95
package/package.json +6 -6
package/src/person/person.controller.ts +29 -22
package/src/person/person.service.ts +94 -25

package/src/person/person.service.ts CHANGED Viewed

@@ -4,40 +4,40 @@ import { PaginationDTO, PaginationService } from '@hed-hog/api-pagination';
 import { Prisma, PrismaService } from '@hed-hog/api-prisma';
 import { FileService, IntegrationDeveloperApiService, SettingService } from '@hed-hog/core';
 import {
-    BadRequestException,
-    Inject,
-    Injectable,
-    Logger,
-    NotFoundException,
-    forwardRef,
+  BadRequestException,
+  Inject,
+  Injectable,
+  Logger,
+  NotFoundException,
+  forwardRef,
 } from '@nestjs/common';
 import {
-    ACCOUNT_LIFECYCLE_STAGES,
-    type AccountLifecycleStage,
-    type CreateAccountDTO,
-    type UpdateAccountDTO,
+  ACCOUNT_LIFECYCLE_STAGES,
+  type AccountLifecycleStage,
+  type CreateAccountDTO,
+  type UpdateAccountDTO,
 } from './dto/account.dto';
 import {
-    type ActivityListQueryDTO,
-    type CrmActivityPriority,
-    type CrmActivitySourceKind,
-    type CrmActivityStatus,
-    type CrmActivityType,
+  type ActivityListQueryDTO,
+  type CrmActivityPriority,
+  type CrmActivitySourceKind,
+  type CrmActivityStatus,
+  type CrmActivityType,
 } from './dto/activity.dto';
 import { CreateFollowupDTO } from './dto/create-followup.dto';
 import {
-    CreateInteractionDTO,
-    PersonInteractionTypeDTO,
+  CreateInteractionDTO,
+  PersonInteractionTypeDTO,
 } from './dto/create-interaction.dto';
 import { CreateDTO } from './dto/create.dto';
 import {
-    type CrmDashboardPeriod,
-    type DashboardQueryDTO,
+  type CrmDashboardPeriod,
+  type DashboardQueryDTO,
 } from './dto/dashboard-query.dto';
 import { CheckPersonDuplicatesQueryDTO } from './dto/duplicates-query.dto';
 import {
-    FollowupListQueryDTO,
-    FollowupStatsQueryDTO,
+  FollowupListQueryDTO,
+  FollowupStatsQueryDTO,
 } from './dto/followup-query.dto';
 import { CRM_IMPORT_FIELDS } from './dto/import.dto';
 import { MergePersonDTO } from './dto/merge.dto';
@@ -52,6 +52,11 @@ const CONTACT_OWNER_ALLOWED_ROLE_SLUGS = [
   'admin-contact',
   CONTACT_OWNER_ROLE_SLUG,
 ];
+const PERSON_USER_LINKER_ALLOWED_ROLE_SLUGS = [
+  'admin',
+  'admin-contact',
+  'person-user-linker',
+];
 type PersonActivityAction = 'created' | 'updated' | 'interaction_created';
 const EMPLOYER_COMPANY_METADATA_KEY = 'employer_company_id';
 const NOTES_METADATA_KEY = 'notes';
@@ -850,6 +855,32 @@ export class PersonService {
     return Array.from(byId.values());
   }
+  private async canLinkPersonUser(userId: number): Promise<boolean> {
+    if (!userId || userId <= 0) {
+      return false;
+    }
+    const userWithRole = await this.prismaService.user.findUnique({
+      where: { id: userId },
+      select: {
+        role_user: {
+          select: {
+            role: {
+              select: { slug: true },
+            },
+          },
+        },
+      },
+    });
+    if (!userWithRole?.role_user) {
+      return false;
+    }
+    const userRoles = userWithRole.role_user.map((r) => r.role.slug);
+    return userRoles.some((role) => PERSON_USER_LINKER_ALLOWED_ROLE_SLUGS.includes(role));
+  }
   async getLinkedUserOptions(search?: string) {
     const where: Prisma.userWhereInput = search
       ? { name: { contains: search, mode: 'insensitive' } }
@@ -860,7 +891,6 @@ export class PersonService {
       select: {
         id: true,
         name: true,
-        photo_id: true,
         user_identifier: {
           where: { type: 'email' },
           select: { value: true },
@@ -875,7 +905,6 @@ export class PersonService {
       id: user.id,
       name: user.name || `#${user.id}`,
       email: user.user_identifier[0]?.value || '',
-      photo_id: user.photo_id ?? null,
     }));
   }
@@ -2171,7 +2200,7 @@ export class PersonService {
     };
   }
-  async create(data: CreateDTO, locale: string) {
+  async create(data: CreateDTO, locale: string, user?: { id?: number; name?: string | null }) {
     const allowCompanyRegistration = await this.isCompanyRegistrationAllowed();
     await this.ensureCompanyRegistrationAllowed({
@@ -2179,6 +2208,20 @@ export class PersonService {
       locale,
     });
+    // Validate user linking permission
+    if (data.user_id !== undefined && data.user_id !== null) {
+      const canLink = await this.canLinkPersonUser(data.user_id);
+      if (!canLink) {
+        throw new BadRequestException(
+          getLocaleText(
+            'personUserLinkingNotAllowed',
+            locale,
+            'You do not have permission to link a person to a user.',
+          ),
+        );
+      }
+    }
     const result = await this.prismaService.$transaction(async (tx) => {
       const person = await tx.person.create({
         data: {
@@ -2226,7 +2269,16 @@ export class PersonService {
     user?: { id?: number; name?: string | null },
   ) {
     const allowCompanyRegistration = await this.isCompanyRegistrationAllowed();
-    const person = await this.prismaService.person.findUnique({ where: { id } });
+    const person = await this.prismaService.person.findUnique({
+      where: { id },
+      include: {
+        person_user: {
+          select: {
+            user_id: true,
+          },
+        },
+      },
+    });
     if (!person) {
       throw new BadRequestException(
         getLocaleText('personNotFound', locale, `Person with ID ${id} not found`),
@@ -2245,6 +2297,23 @@ export class PersonService {
       locale,
     });
+    // Validate user linking permission
+    if (data.user_id !== undefined && data.user_id !== person.person_user?.[0]?.user_id) {
+      if (data.user_id !== null) {
+        const canLink = await this.canLinkPersonUser(data.user_id);
+        if (!canLink) {
+          throw new BadRequestException(
+            getLocaleText(
+              'personUserLinkingNotAllowed',
+              locale,
+              'You do not have permission to link a person to a user.',
+            ),
+          );
+        }
+      }
+      // Permitir remover vinculação (null) sem restrição
+    }
     const currentLifecycleStage = await this.getPersonLifecycleStage(id);
     const nextLifecycleStage = this.normalizeTextOrNull(data.lifecycle_stage);
     const stageTransitionParams =