@open-mercato/core 0.4.2-canary-3b5064ce72 → 0.4.2-canary-15e78de280

package/dist/modules/auth/api/users/route.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/auth/api/users/route.ts"],
-  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-explicit-any */\nimport { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { logCrudAccess, makeCrudRoute } from '@open-mercato/shared/lib/crud/factory'\nimport { forbidden } from '@open-mercato/shared/lib/crud/errors'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { User, Role, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { Organization, Tenant } from '@open-mercato/core/modules/directory/data/entities'\nimport { E } from '#generated/entities.ids.generated'\nimport { loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { userCrudEvents, userCrudIndexer } from '@open-mercato/core/modules/auth/commands/users'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { escapeLikePattern } from '@open-mercato/shared/lib/db/escapeLikePattern'\nimport { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\nconst querySchema = z.object({\n  id: z.string().uuid().optional(),\n  page: z.coerce.number().min(1).default(1),\n  pageSize: z.coerce.number().min(1).max(100).default(50),\n  search: z.string().optional(),\n  organizationId: z.string().uuid().optional(),\n  roleIds: z.array(z.string().uuid()).optional(),\n}).passthrough()\n\nconst rawBodySchema = z.object({}).passthrough()\n\nconst passwordSchema = buildPasswordSchema()\n\nconst userCreateSchema = z.object({\n  email: z.string().email(),\n  password: passwordSchema,\n  organizationId: z.string().uuid(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userUpdateSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email().optional(),\n  password: passwordSchema.optional(),\n  organizationId: z.string().uuid().optional(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userListItemSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email(),\n  organizationId: z.string().uuid().nullable(),\n  organizationName: z.string().nullable(),\n  tenantId: z.string().uuid().nullable(),\n  tenantName: z.string().nullable(),\n  roles: z.array(z.string()),\n})\n\nconst userListResponseSchema = z.object({\n  items: z.array(userListItemSchema),\n  total: z.number().int().nonnegative(),\n  totalPages: z.number().int().positive(),\n  isSuperAdmin: z.boolean().optional(),\n})\n\nconst okResponseSchema = z.object({ ok: z.literal(true) })\n\nconst errorResponseSchema = z.object({ error: z.string() })\n\ntype CrudInput = Record<string, unknown>\n\nconst routeMetadata = {\n  GET: { requireAuth: true, requireFeatures: ['auth.users.list'] },\n  POST: { requireAuth: true, requireFeatures: ['auth.users.create'] },\n  PUT: { requireAuth: true, requireFeatures: ['auth.users.edit'] },\n  DELETE: { requireAuth: true, requireFeatures: ['auth.users.delete'] },\n}\n\nexport const metadata = routeMetadata\n\nconst crud = makeCrudRoute<CrudInput, CrudInput, Record<string, unknown>>({\n  metadata: routeMetadata,\n  orm: {\n    entity: User,\n    idField: 'id',\n    orgField: null,\n    tenantField: null,\n    softDeleteField: 'deletedAt',\n  },\n  events: userCrudEvents,\n  indexer: userCrudIndexer,\n  actions: {\n    create: {\n      commandId: 'auth.users.create',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: ({ result }) => ({ id: String(result.id) }),\n      status: 201,\n    },\n    update: {\n      commandId: 'auth.users.update',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: () => ({ ok: true }),\n    },\n    delete: {\n      commandId: 'auth.users.delete',\n      response: () => ({ ok: true }),\n    },\n  },\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const url = new URL(req.url)\n  const rawRoleIds = url.searchParams.getAll('roleId').filter((id): id is string => typeof id === 'string' && id.trim().length > 0)\n  const parsed = querySchema.safeParse({\n    id: url.searchParams.get('id') || undefined,\n    page: url.searchParams.get('page') || undefined,\n    pageSize: url.searchParams.get('pageSize') || undefined,\n    search: url.searchParams.get('search') || undefined,\n    organizationId: url.searchParams.get('organizationId') || undefined,\n    roleIds: rawRoleIds.length ? rawRoleIds : undefined,\n  })\n  if (!parsed.success) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager)\n  let isSuperAdmin = false\n  try {\n    if (auth.sub) {\n      const rbacService = container.resolve('rbacService') as any\n      const acl = await rbacService.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n      isSuperAdmin = !!acl?.isSuperAdmin\n    }\n  } catch (err) {\n    console.error('users: failed to resolve rbac', err)\n  }\n  const { id, page, pageSize, search, organizationId, roleIds } = parsed.data\n  const where: any = { deletedAt: null }\n  if (!isSuperAdmin) {\n    if (!auth.tenantId) {\n      return NextResponse.json({ items: [], total: 0, totalPages: 1, isSuperAdmin })\n    }\n    where.tenantId = auth.tenantId\n  }\n  if (organizationId) where.organizationId = organizationId\n  if (search) where.email = { $ilike: `%${escapeLikePattern(search)}%` } as any\n  let idFilter: Set<string> | null = id ? new Set([id]) : null\n  if (Array.isArray(roleIds) && roleIds.length > 0) {\n    const uniqueRoleIds = Array.from(new Set(roleIds))\n    const linksForRoles = await em.find(UserRole, { role: { $in: uniqueRoleIds as any } } as any)\n    const roleUserIds = new Set<string>()\n    for (const link of linksForRoles) {\n      const uid = String((link as any).user?.id || (link as any).user || '')\n      if (uid) roleUserIds.add(uid)\n    }\n    if (roleUserIds.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n    if (idFilter) {\n      for (const uid of Array.from(idFilter)) {\n        if (!roleUserIds.has(uid)) idFilter.delete(uid)\n      }\n    } else {\n      idFilter = roleUserIds\n    }\n    if (!idFilter || idFilter.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  }\n  if (idFilter && idFilter.size) {\n    where.id = { $in: Array.from(idFilter) as any }\n  } else if (id) {\n    where.id = id\n  }\n  const [rows, count] = await em.findAndCount(User, where, { limit: pageSize, offset: (page - 1) * pageSize })\n  const userIds = rows.map((u: any) => u.id)\n  const links = userIds.length\n    ? await findWithDecryption(\n        em,\n        UserRole,\n        { user: { $in: userIds as any } } as any,\n        { populate: ['role'] },\n        { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n      )\n    : []\n  const roleMap: Record<string, string[]> = {}\n  for (const l of links) {\n    const uid = String((l as any).user?.id || (l as any).user)\n    const rname = String((l as any).role?.name || '')\n    if (!roleMap[uid]) roleMap[uid] = []\n    if (rname) roleMap[uid].push(rname)\n  }\n  const orgIds = rows\n    .map((u: any) => (u.organizationId ? String(u.organizationId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueOrgIds = Array.from(new Set(orgIds))\n  let orgMap: Record<string, string> = {}\n  if (uniqueOrgIds.length) {\n    const organizations = await em.find(\n      Organization,\n      { id: { $in: uniqueOrgIds as any }, deletedAt: null },\n    )\n    orgMap = organizations.reduce<Record<string, string>>((acc, org) => {\n      const orgId = org?.id ? String(org.id) : null\n      if (!orgId) return acc\n      const rawName = (org as any)?.name\n      const orgName = typeof rawName === 'string' && rawName.length > 0 ? rawName : orgId\n      acc[orgId] = orgName\n      return acc\n    }, {})\n  }\n  const tenantIds = rows\n    .map((u: any) => (u.tenantId ? String(u.tenantId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueTenantIds = Array.from(new Set(tenantIds))\n  let tenantMap: Record<string, string> = {}\n  if (uniqueTenantIds.length) {\n    const tenants = await em.find(\n      Tenant,\n      { id: { $in: uniqueTenantIds as any }, deletedAt: null },\n    )\n    tenantMap = tenants.reduce<Record<string, string>>((acc, tenant) => {\n      const tenantId = tenant?.id ? String(tenant.id) : null\n      if (!tenantId) return acc\n      const rawName = (tenant as any)?.name\n      const tenantName = typeof rawName === 'string' && rawName.length > 0 ? rawName : tenantId\n      acc[tenantId] = tenantName\n      return acc\n    }, {})\n  }\n  const tenantByUser: Record<string, string | null> = {}\n  const organizationByUser: Record<string, string | null> = {}\n  for (const u of rows) {\n    const uid = String(u.id)\n    tenantByUser[uid] = u.tenantId ? String(u.tenantId) : null\n    organizationByUser[uid] = u.organizationId ? String(u.organizationId) : null\n  }\n  const cfByUser = userIds.length\n    ? await loadCustomFieldValues({\n        em,\n        entityId: E.auth.user,\n        recordIds: userIds.map(String),\n        tenantIdByRecord: tenantByUser,\n        organizationIdByRecord: organizationByUser,\n        tenantFallbacks: auth.tenantId ? [auth.tenantId] : [],\n      })\n    : {}\n\n  const items = rows.map((u: any) => {\n    const uid = String(u.id)\n    const orgId = u.organizationId ? String(u.organizationId) : null\n    return {\n      id: uid,\n      email: String(u.email),\n      organizationId: orgId,\n      organizationName: orgId ? orgMap[orgId] ?? orgId : null,\n      tenantId: u.tenantId ? String(u.tenantId) : null,\n      tenantName: u.tenantId ? tenantMap[String(u.tenantId)] ?? String(u.tenantId) : null,\n      roles: roleMap[uid] || [],\n      ...(cfByUser[uid] || {}),\n    }\n  })\n  const totalPages = Math.max(1, Math.ceil(count / pageSize))\n  await logCrudAccess({\n    container,\n    auth,\n    request: req,\n    items,\n    idField: 'id',\n    resourceKind: 'auth.user',\n    organizationId: null,\n    tenantId: auth.tenantId ?? null,\n    query: parsed.data,\n    accessType: id ? 'read:item' : undefined,\n  })\n  return NextResponse.json({ items, total: count, totalPages, isSuperAdmin })\n}\n\nexport const POST = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.POST(req)\n}\n\nexport const PUT = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.PUT(req)\n}\n\nexport const DELETE = crud.DELETE\n\nasync function assertCanAssignRoles(req: Request, roles: unknown) {\n  if (!Array.isArray(roles)) return\n  const normalized = roles\n    .map((role) => (typeof role === 'string' ? role.trim().toLowerCase() : null))\n    .filter((role): role is string => !!role)\n  if (!normalized.includes('superadmin')) return\n  const auth = await getAuthFromRequest(req)\n  if (!auth) throw new Error('Unauthorized')\n  const container = await createRequestContainer()\n  const rbac = container.resolve('rbacService') as RbacService\n  const acl = await rbac.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n  if (!acl?.isSuperAdmin) {\n    throw forbidden('Only super administrators can assign the superadmin role.')\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'User management',\n  methods: {\n    GET: {\n      summary: 'List users',\n      description:\n        'Returns users for the current tenant. Super administrators may scope the response via organization or role filters.',\n      query: querySchema,\n      responses: [\n        { status: 200, description: 'User collection', schema: userListResponseSchema },\n      ],\n    },\n    POST: {\n      summary: 'Create user',\n      description: 'Creates a new confirmed user within the specified organization and optional roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userCreateSchema,\n      },\n      responses: [\n        {\n          status: 201,\n          description: 'User created',\n          schema: z.object({ id: z.string().uuid() }),\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload or duplicate email', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update user',\n      description: 'Updates profile fields, organization assignment, credentials, or role memberships.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userUpdateSchema,\n      },\n      responses: [\n        { status: 200, description: 'User updated', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete user',\n      description: 'Deletes a user by identifier. Undo support is provided via the command bus.',\n      query: z.object({ id: z.string().uuid().describe('User identifier') }),\n      responses: [\n        { status: 200, description: 'User deleted', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'User cannot be deleted', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AACA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,eAAe,qBAAqB;AAC7C,SAAS,iBAAiB;AAC1B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,MAAY,gBAAgB;AAErC,SAAS,cAAc,cAAc;AACrC,SAAS,SAAS;AAClB,SAAS,6BAA6B;AAEtC,SAAS,gBAAgB,uBAAuB;AAChD,SAAS,0BAA0B;AACnC,SAAS,yBAAyB;AAClC,SAAS,2BAA2B;AAEpC,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,EAAE;AAAA,EACtD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,SAAS;AAC/C,CAAC,EAAE,YAAY;AAEf,MAAM,gBAAgB,EAAE,OAAO,CAAC,CAAC,EAAE,YAAY;AAE/C,MAAM,iBAAiB,oBAAoB;AAE3C,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,UAAU;AAAA,EACV,gBAAgB,EAAE,OAAO,EAAE,KAAK;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACnC,UAAU,eAAe,SAAS;AAAA,EAClC,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,kBAAkB,EAAE,OAAO,EAAE,SAAS;AAAA,EACtC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EACrC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC;AAC3B,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,OAAO,EAAE,MAAM,kBAAkB;AAAA,EACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY;AAAA,EACpC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACtC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACrC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AAEzD,MAAM,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAI1D,MAAM,gBAAgB;AAAA,EACpB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AAAA,EAClE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AACtE;AAEO,MAAM,WAAW;AAExB,MAAM,OAAO,cAA6D;AAAA,EACxE,UAAU;AAAA,EACV,KAAK;AAAA,IACH,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,iBAAiB;AAAA,EACnB;AAAA,EACA,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,CAAC,EAAE,OAAO,OAAO,EAAE,IAAI,OAAO,OAAO,EAAE,EAAE;AAAA,MACnD,QAAQ;AAAA,IACV;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,EACF;AACF,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC1E,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,aAAa,IAAI,aAAa,OAAO,QAAQ,EAAE,OAAO,CAACA,QAAqB,OAAOA,QAAO,YAAYA,IAAG,KAAK,EAAE,SAAS,CAAC;AAChI,QAAM,SAAS,YAAY,UAAU;AAAA,IACnC,IAAI,IAAI,aAAa,IAAI,IAAI,KAAK;AAAA,IAClC,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,QAAQ,IAAI,aAAa,IAAI,QAAQ,KAAK;AAAA,IAC1C,gBAAgB,IAAI,aAAa,IAAI,gBAAgB,KAAK;AAAA,IAC1D,SAAS,WAAW,SAAS,aAAa;AAAA,EAC5C,CAAC;AACD,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AACpF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI;AAClC,MAAI,eAAe;AACnB,MAAI;AACF,QAAI,KAAK,KAAK;AACZ,YAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,YAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AACvH,qBAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,iCAAiC,GAAG;AAAA,EACpD;AACA,QAAM,EAAE,IAAI,MAAM,UAAU,QAAQ,gBAAgB,QAAQ,IAAI,OAAO;AACvE,QAAM,QAAa,EAAE,WAAW,KAAK;AACrC,MAAI,CAAC,cAAc;AACjB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,GAAG,aAAa,CAAC;AAAA,IAC/E;AACA,UAAM,WAAW,KAAK;AAAA,EACxB;AACA,MAAI,eAAgB,OAAM,iBAAiB;AAC3C,MAAI,OAAQ,OAAM,QAAQ,EAAE,QAAQ,IAAI,kBAAkB,MAAM,CAAC,IAAI;AACrE,MAAI,WAA+B,KAAK,oBAAI,IAAI,CAAC,EAAE,CAAC,IAAI;AACxD,MAAI,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,GAAG;AAChD,UAAM,gBAAgB,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC;AACjD,UAAM,gBAAgB,MAAM,GAAG,KAAK,UAAU,EAAE,MAAM,EAAE,KAAK,cAAqB,EAAE,CAAQ;AAC5F,UAAM,cAAc,oBAAI,IAAY;AACpC,eAAW,QAAQ,eAAe;AAChC,YAAM,MAAM,OAAQ,KAAa,MAAM,MAAO,KAAa,QAAQ,EAAE;AACrE,UAAI,IAAK,aAAY,IAAI,GAAG;AAAA,IAC9B;AACA,QAAI,YAAY,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC3F,QAAI,UAAU;AACZ,iBAAW,OAAO,MAAM,KAAK,QAAQ,GAAG;AACtC,YAAI,CAAC,YAAY,IAAI,GAAG,EAAG,UAAS,OAAO,GAAG;AAAA,MAChD;AAAA,IACF,OAAO;AACL,iBAAW;AAAA,IACb;AACA,QAAI,CAAC,YAAY,SAAS,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAAA,EACvG;AACA,MAAI,YAAY,SAAS,MAAM;AAC7B,UAAM,KAAK,EAAE,KAAK,MAAM,KAAK,QAAQ,EAAS;AAAA,EAChD,WAAW,IAAI;AACb,UAAM,KAAK;AAAA,EACb;AACA,QAAM,CAAC,MAAM,KAAK,IAAI,MAAM,GAAG,aAAa,MAAM,OAAO,EAAE,OAAO,UAAU,SAAS,OAAO,KAAK,SAAS,CAAC;AAC3G,QAAM,UAAU,KAAK,IAAI,CAAC,MAAW,EAAE,EAAE;AACzC,QAAM,QAAQ,QAAQ,SAClB,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,EAAE,MAAM,EAAE,KAAK,QAAe,EAAE;AAAA,IAChC,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,IACA,CAAC;AACL,QAAM,UAAoC,CAAC;AAC3C,aAAW,KAAK,OAAO;AACrB,UAAM,MAAM,OAAQ,EAAU,MAAM,MAAO,EAAU,IAAI;AACzD,UAAM,QAAQ,OAAQ,EAAU,MAAM,QAAQ,EAAE;AAChD,QAAI,CAAC,QAAQ,GAAG,EAAG,SAAQ,GAAG,IAAI,CAAC;AACnC,QAAI,MAAO,SAAQ,GAAG,EAAE,KAAK,KAAK;AAAA,EACpC;AACA,QAAM,SAAS,KACZ,IAAI,CAAC,MAAY,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI,IAAK,EACpE,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC;AAC/C,MAAI,SAAiC,CAAC;AACtC,MAAI,aAAa,QAAQ;AACvB,UAAM,gBAAgB,MAAM,GAAG;AAAA,MAC7B;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,aAAoB,GAAG,WAAW,KAAK;AAAA,IACtD;AACA,aAAS,cAAc,OAA+B,CAAC,KAAK,QAAQ;AAClE,YAAM,QAAQ,KAAK,KAAK,OAAO,IAAI,EAAE,IAAI;AACzC,UAAI,CAAC,MAAO,QAAO;AACnB,YAAM,UAAW,KAAa;AAC9B,YAAM,UAAU,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AAC9E,UAAI,KAAK,IAAI;AACb,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,YAAY,KACf,IAAI,CAAC,MAAY,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI,IAAK,EACxD,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,kBAAkB,MAAM,KAAK,IAAI,IAAI,SAAS,CAAC;AACrD,MAAI,YAAoC,CAAC;AACzC,MAAI,gBAAgB,QAAQ;AAC1B,UAAM,UAAU,MAAM,GAAG;AAAA,MACvB;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,gBAAuB,GAAG,WAAW,KAAK;AAAA,IACzD;AACA,gBAAY,QAAQ,OAA+B,CAAC,KAAK,WAAW;AAClE,YAAM,WAAW,QAAQ,KAAK,OAAO,OAAO,EAAE,IAAI;AAClD,UAAI,CAAC,SAAU,QAAO;AACtB,YAAM,UAAW,QAAgB;AACjC,YAAM,aAAa,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AACjF,UAAI,QAAQ,IAAI;AAChB,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,eAA8C,CAAC;AACrD,QAAM,qBAAoD,CAAC;AAC3D,aAAW,KAAK,MAAM;AACpB,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,iBAAa,GAAG,IAAI,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AACtD,uBAAmB,GAAG,IAAI,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAAA,EAC1E;AACA,QAAM,WAAW,QAAQ,SACrB,MAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,UAAU,EAAE,KAAK;AAAA,IACjB,WAAW,QAAQ,IAAI,MAAM;AAAA,IAC7B,kBAAkB;AAAA,IAClB,wBAAwB;AAAA,IACxB,iBAAiB,KAAK,WAAW,CAAC,KAAK,QAAQ,IAAI,CAAC;AAAA,EACtD,CAAC,IACD,CAAC;AAEL,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAW;AACjC,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,UAAM,QAAQ,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAC5D,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO,OAAO,EAAE,KAAK;AAAA,MACrB,gBAAgB;AAAA,MAChB,kBAAkB,QAAQ,OAAO,KAAK,KAAK,QAAQ;AAAA,MACnD,UAAU,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC5C,YAAY,EAAE,WAAW,UAAU,OAAO,EAAE,QAAQ,CAAC,KAAK,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC/E,OAAO,QAAQ,GAAG,KAAK,CAAC;AAAA,MACxB,GAAI,SAAS,GAAG,KAAK,CAAC;AAAA,IACxB;AAAA,EACF,CAAC;AACD,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAC1D,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT,cAAc;AAAA,IACd,gBAAgB;AAAA,IAChB,UAAU,KAAK,YAAY;AAAA,IAC3B,OAAO,OAAO;AAAA,IACd,YAAY,KAAK,cAAc;AAAA,EACjC,CAAC;AACD,SAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,YAAY,aAAa,CAAC;AAC5E;AAEO,MAAM,OAAO,OAAO,QAAiB;AAC1C,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,KAAK,GAAG;AACtB;AAEO,MAAM,MAAM,OAAO,QAAiB;AACzC,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,IAAI,GAAG;AACrB;AAEO,MAAM,SAAS,KAAK;AAE3B,eAAe,qBAAqB,KAAc,OAAgB;AAChE,MAAI,CAAC,MAAM,QAAQ,KAAK,EAAG;AAC3B,QAAM,aAAa,MAChB,IAAI,CAAC,SAAU,OAAO,SAAS,WAAW,KAAK,KAAK,EAAE,YAAY,IAAI,IAAK,EAC3E,OAAO,CAAC,SAAyB,CAAC,CAAC,IAAI;AAC1C,MAAI,CAAC,WAAW,SAAS,YAAY,EAAG;AACxC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,cAAc;AACzC,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AAChH,MAAI,CAAC,KAAK,cAAc;AACtB,UAAM,UAAU,2DAA2D;AAAA,EAC7E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,uBAAuB;AAAA,MAChF;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,QAC5C;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sCAAsC,QAAQ,oBAAoB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,MAClG;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,QAC3E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,iBAAiB,EAAE,CAAC;AAAA,MACrE,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,0BAA0B,QAAQ,oBAAoB;AAAA,QAClF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-explicit-any */\nimport { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { logCrudAccess, makeCrudRoute } from '@open-mercato/shared/lib/crud/factory'\nimport { forbidden } from '@open-mercato/shared/lib/crud/errors'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { User, Role, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { Organization, Tenant } from '@open-mercato/core/modules/directory/data/entities'\nimport { E } from '#generated/entities.ids.generated'\nimport { loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { userCrudEvents, userCrudIndexer } from '@open-mercato/core/modules/auth/commands/users'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { escapeLikePattern } from '@open-mercato/shared/lib/db/escapeLikePattern'\n\nconst querySchema = z.object({\n  id: z.string().uuid().optional(),\n  page: z.coerce.number().min(1).default(1),\n  pageSize: z.coerce.number().min(1).max(100).default(50),\n  search: z.string().optional(),\n  organizationId: z.string().uuid().optional(),\n  roleIds: z.array(z.string().uuid()).optional(),\n}).passthrough()\n\nconst rawBodySchema = z.object({}).passthrough()\n\nconst userCreateSchema = z.object({\n  email: z.string().email(),\n  password: z.string().min(6),\n  organizationId: z.string().uuid(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userUpdateSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email().optional(),\n  password: z.string().min(6).optional(),\n  organizationId: z.string().uuid().optional(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userListItemSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email(),\n  organizationId: z.string().uuid().nullable(),\n  organizationName: z.string().nullable(),\n  tenantId: z.string().uuid().nullable(),\n  tenantName: z.string().nullable(),\n  roles: z.array(z.string()),\n})\n\nconst userListResponseSchema = z.object({\n  items: z.array(userListItemSchema),\n  total: z.number().int().nonnegative(),\n  totalPages: z.number().int().positive(),\n  isSuperAdmin: z.boolean().optional(),\n})\n\nconst okResponseSchema = z.object({ ok: z.literal(true) })\n\nconst errorResponseSchema = z.object({ error: z.string() })\n\ntype CrudInput = Record<string, unknown>\n\nconst routeMetadata = {\n  GET: { requireAuth: true, requireFeatures: ['auth.users.list'] },\n  POST: { requireAuth: true, requireFeatures: ['auth.users.create'] },\n  PUT: { requireAuth: true, requireFeatures: ['auth.users.edit'] },\n  DELETE: { requireAuth: true, requireFeatures: ['auth.users.delete'] },\n}\n\nexport const metadata = routeMetadata\n\nconst crud = makeCrudRoute<CrudInput, CrudInput, Record<string, unknown>>({\n  metadata: routeMetadata,\n  orm: {\n    entity: User,\n    idField: 'id',\n    orgField: null,\n    tenantField: null,\n    softDeleteField: 'deletedAt',\n  },\n  events: userCrudEvents,\n  indexer: userCrudIndexer,\n  actions: {\n    create: {\n      commandId: 'auth.users.create',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: ({ result }) => ({ id: String(result.id) }),\n      status: 201,\n    },\n    update: {\n      commandId: 'auth.users.update',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: () => ({ ok: true }),\n    },\n    delete: {\n      commandId: 'auth.users.delete',\n      response: () => ({ ok: true }),\n    },\n  },\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const url = new URL(req.url)\n  const rawRoleIds = url.searchParams.getAll('roleId').filter((id): id is string => typeof id === 'string' && id.trim().length > 0)\n  const parsed = querySchema.safeParse({\n    id: url.searchParams.get('id') || undefined,\n    page: url.searchParams.get('page') || undefined,\n    pageSize: url.searchParams.get('pageSize') || undefined,\n    search: url.searchParams.get('search') || undefined,\n    organizationId: url.searchParams.get('organizationId') || undefined,\n    roleIds: rawRoleIds.length ? rawRoleIds : undefined,\n  })\n  if (!parsed.success) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager)\n  let isSuperAdmin = false\n  try {\n    if (auth.sub) {\n      const rbacService = container.resolve('rbacService') as any\n      const acl = await rbacService.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n      isSuperAdmin = !!acl?.isSuperAdmin\n    }\n  } catch (err) {\n    console.error('users: failed to resolve rbac', err)\n  }\n  const { id, page, pageSize, search, organizationId, roleIds } = parsed.data\n  const where: any = { deletedAt: null }\n  if (!isSuperAdmin) {\n    if (!auth.tenantId) {\n      return NextResponse.json({ items: [], total: 0, totalPages: 1, isSuperAdmin })\n    }\n    where.tenantId = auth.tenantId\n  }\n  if (organizationId) where.organizationId = organizationId\n  if (search) where.email = { $ilike: `%${escapeLikePattern(search)}%` } as any\n  let idFilter: Set<string> | null = id ? new Set([id]) : null\n  if (Array.isArray(roleIds) && roleIds.length > 0) {\n    const uniqueRoleIds = Array.from(new Set(roleIds))\n    const linksForRoles = await em.find(UserRole, { role: { $in: uniqueRoleIds as any } } as any)\n    const roleUserIds = new Set<string>()\n    for (const link of linksForRoles) {\n      const uid = String((link as any).user?.id || (link as any).user || '')\n      if (uid) roleUserIds.add(uid)\n    }\n    if (roleUserIds.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n    if (idFilter) {\n      for (const uid of Array.from(idFilter)) {\n        if (!roleUserIds.has(uid)) idFilter.delete(uid)\n      }\n    } else {\n      idFilter = roleUserIds\n    }\n    if (!idFilter || idFilter.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  }\n  if (idFilter && idFilter.size) {\n    where.id = { $in: Array.from(idFilter) as any }\n  } else if (id) {\n    where.id = id\n  }\n  const [rows, count] = await em.findAndCount(User, where, { limit: pageSize, offset: (page - 1) * pageSize })\n  const userIds = rows.map((u: any) => u.id)\n  const links = userIds.length\n    ? await findWithDecryption(\n        em,\n        UserRole,\n        { user: { $in: userIds as any } } as any,\n        { populate: ['role'] },\n        { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n      )\n    : []\n  const roleMap: Record<string, string[]> = {}\n  for (const l of links) {\n    const uid = String((l as any).user?.id || (l as any).user)\n    const rname = String((l as any).role?.name || '')\n    if (!roleMap[uid]) roleMap[uid] = []\n    if (rname) roleMap[uid].push(rname)\n  }\n  const orgIds = rows\n    .map((u: any) => (u.organizationId ? String(u.organizationId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueOrgIds = Array.from(new Set(orgIds))\n  let orgMap: Record<string, string> = {}\n  if (uniqueOrgIds.length) {\n    const organizations = await em.find(\n      Organization,\n      { id: { $in: uniqueOrgIds as any }, deletedAt: null },\n    )\n    orgMap = organizations.reduce<Record<string, string>>((acc, org) => {\n      const orgId = org?.id ? String(org.id) : null\n      if (!orgId) return acc\n      const rawName = (org as any)?.name\n      const orgName = typeof rawName === 'string' && rawName.length > 0 ? rawName : orgId\n      acc[orgId] = orgName\n      return acc\n    }, {})\n  }\n  const tenantIds = rows\n    .map((u: any) => (u.tenantId ? String(u.tenantId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueTenantIds = Array.from(new Set(tenantIds))\n  let tenantMap: Record<string, string> = {}\n  if (uniqueTenantIds.length) {\n    const tenants = await em.find(\n      Tenant,\n      { id: { $in: uniqueTenantIds as any }, deletedAt: null },\n    )\n    tenantMap = tenants.reduce<Record<string, string>>((acc, tenant) => {\n      const tenantId = tenant?.id ? String(tenant.id) : null\n      if (!tenantId) return acc\n      const rawName = (tenant as any)?.name\n      const tenantName = typeof rawName === 'string' && rawName.length > 0 ? rawName : tenantId\n      acc[tenantId] = tenantName\n      return acc\n    }, {})\n  }\n  const tenantByUser: Record<string, string | null> = {}\n  const organizationByUser: Record<string, string | null> = {}\n  for (const u of rows) {\n    const uid = String(u.id)\n    tenantByUser[uid] = u.tenantId ? String(u.tenantId) : null\n    organizationByUser[uid] = u.organizationId ? String(u.organizationId) : null\n  }\n  const cfByUser = userIds.length\n    ? await loadCustomFieldValues({\n        em,\n        entityId: E.auth.user,\n        recordIds: userIds.map(String),\n        tenantIdByRecord: tenantByUser,\n        organizationIdByRecord: organizationByUser,\n        tenantFallbacks: auth.tenantId ? [auth.tenantId] : [],\n      })\n    : {}\n\n  const items = rows.map((u: any) => {\n    const uid = String(u.id)\n    const orgId = u.organizationId ? String(u.organizationId) : null\n    return {\n      id: uid,\n      email: String(u.email),\n      organizationId: orgId,\n      organizationName: orgId ? orgMap[orgId] ?? orgId : null,\n      tenantId: u.tenantId ? String(u.tenantId) : null,\n      tenantName: u.tenantId ? tenantMap[String(u.tenantId)] ?? String(u.tenantId) : null,\n      roles: roleMap[uid] || [],\n      ...(cfByUser[uid] || {}),\n    }\n  })\n  const totalPages = Math.max(1, Math.ceil(count / pageSize))\n  await logCrudAccess({\n    container,\n    auth,\n    request: req,\n    items,\n    idField: 'id',\n    resourceKind: 'auth.user',\n    organizationId: null,\n    tenantId: auth.tenantId ?? null,\n    query: parsed.data,\n    accessType: id ? 'read:item' : undefined,\n  })\n  return NextResponse.json({ items, total: count, totalPages, isSuperAdmin })\n}\n\nexport const POST = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.POST(req)\n}\n\nexport const PUT = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.PUT(req)\n}\n\nexport const DELETE = crud.DELETE\n\nasync function assertCanAssignRoles(req: Request, roles: unknown) {\n  if (!Array.isArray(roles)) return\n  const normalized = roles\n    .map((role) => (typeof role === 'string' ? role.trim().toLowerCase() : null))\n    .filter((role): role is string => !!role)\n  if (!normalized.includes('superadmin')) return\n  const auth = await getAuthFromRequest(req)\n  if (!auth) throw new Error('Unauthorized')\n  const container = await createRequestContainer()\n  const rbac = container.resolve('rbacService') as RbacService\n  const acl = await rbac.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n  if (!acl?.isSuperAdmin) {\n    throw forbidden('Only super administrators can assign the superadmin role.')\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'User management',\n  methods: {\n    GET: {\n      summary: 'List users',\n      description:\n        'Returns users for the current tenant. Super administrators may scope the response via organization or role filters.',\n      query: querySchema,\n      responses: [\n        { status: 200, description: 'User collection', schema: userListResponseSchema },\n      ],\n    },\n    POST: {\n      summary: 'Create user',\n      description: 'Creates a new confirmed user within the specified organization and optional roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userCreateSchema,\n      },\n      responses: [\n        {\n          status: 201,\n          description: 'User created',\n          schema: z.object({ id: z.string().uuid() }),\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload or duplicate email', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update user',\n      description: 'Updates profile fields, organization assignment, credentials, or role memberships.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userUpdateSchema,\n      },\n      responses: [\n        { status: 200, description: 'User updated', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete user',\n      description: 'Deletes a user by identifier. Undo support is provided via the command bus.',\n      query: z.object({ id: z.string().uuid().describe('User identifier') }),\n      responses: [\n        { status: 200, description: 'User deleted', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'User cannot be deleted', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AACA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,eAAe,qBAAqB;AAC7C,SAAS,iBAAiB;AAC1B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,MAAY,gBAAgB;AAErC,SAAS,cAAc,cAAc;AACrC,SAAS,SAAS;AAClB,SAAS,6BAA6B;AAEtC,SAAS,gBAAgB,uBAAuB;AAChD,SAAS,0BAA0B;AACnC,SAAS,yBAAyB;AAElC,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,EAAE;AAAA,EACtD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,SAAS;AAC/C,CAAC,EAAE,YAAY;AAEf,MAAM,gBAAgB,EAAE,OAAO,CAAC,CAAC,EAAE,YAAY;AAE/C,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,gBAAgB,EAAE,OAAO,EAAE,KAAK;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACnC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACrC,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,kBAAkB,EAAE,OAAO,EAAE,SAAS;AAAA,EACtC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EACrC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC;AAC3B,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,OAAO,EAAE,MAAM,kBAAkB;AAAA,EACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY;AAAA,EACpC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACtC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACrC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AAEzD,MAAM,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAI1D,MAAM,gBAAgB;AAAA,EACpB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AAAA,EAClE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AACtE;AAEO,MAAM,WAAW;AAExB,MAAM,OAAO,cAA6D;AAAA,EACxE,UAAU;AAAA,EACV,KAAK;AAAA,IACH,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,iBAAiB;AAAA,EACnB;AAAA,EACA,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,CAAC,EAAE,OAAO,OAAO,EAAE,IAAI,OAAO,OAAO,EAAE,EAAE;AAAA,MACnD,QAAQ;AAAA,IACV;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,EACF;AACF,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC1E,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,aAAa,IAAI,aAAa,OAAO,QAAQ,EAAE,OAAO,CAACA,QAAqB,OAAOA,QAAO,YAAYA,IAAG,KAAK,EAAE,SAAS,CAAC;AAChI,QAAM,SAAS,YAAY,UAAU;AAAA,IACnC,IAAI,IAAI,aAAa,IAAI,IAAI,KAAK;AAAA,IAClC,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,QAAQ,IAAI,aAAa,IAAI,QAAQ,KAAK;AAAA,IAC1C,gBAAgB,IAAI,aAAa,IAAI,gBAAgB,KAAK;AAAA,IAC1D,SAAS,WAAW,SAAS,aAAa;AAAA,EAC5C,CAAC;AACD,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AACpF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI;AAClC,MAAI,eAAe;AACnB,MAAI;AACF,QAAI,KAAK,KAAK;AACZ,YAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,YAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AACvH,qBAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,iCAAiC,GAAG;AAAA,EACpD;AACA,QAAM,EAAE,IAAI,MAAM,UAAU,QAAQ,gBAAgB,QAAQ,IAAI,OAAO;AACvE,QAAM,QAAa,EAAE,WAAW,KAAK;AACrC,MAAI,CAAC,cAAc;AACjB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,GAAG,aAAa,CAAC;AAAA,IAC/E;AACA,UAAM,WAAW,KAAK;AAAA,EACxB;AACA,MAAI,eAAgB,OAAM,iBAAiB;AAC3C,MAAI,OAAQ,OAAM,QAAQ,EAAE,QAAQ,IAAI,kBAAkB,MAAM,CAAC,IAAI;AACrE,MAAI,WAA+B,KAAK,oBAAI,IAAI,CAAC,EAAE,CAAC,IAAI;AACxD,MAAI,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,GAAG;AAChD,UAAM,gBAAgB,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC;AACjD,UAAM,gBAAgB,MAAM,GAAG,KAAK,UAAU,EAAE,MAAM,EAAE,KAAK,cAAqB,EAAE,CAAQ;AAC5F,UAAM,cAAc,oBAAI,IAAY;AACpC,eAAW,QAAQ,eAAe;AAChC,YAAM,MAAM,OAAQ,KAAa,MAAM,MAAO,KAAa,QAAQ,EAAE;AACrE,UAAI,IAAK,aAAY,IAAI,GAAG;AAAA,IAC9B;AACA,QAAI,YAAY,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC3F,QAAI,UAAU;AACZ,iBAAW,OAAO,MAAM,KAAK,QAAQ,GAAG;AACtC,YAAI,CAAC,YAAY,IAAI,GAAG,EAAG,UAAS,OAAO,GAAG;AAAA,MAChD;AAAA,IACF,OAAO;AACL,iBAAW;AAAA,IACb;AACA,QAAI,CAAC,YAAY,SAAS,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAAA,EACvG;AACA,MAAI,YAAY,SAAS,MAAM;AAC7B,UAAM,KAAK,EAAE,KAAK,MAAM,KAAK,QAAQ,EAAS;AAAA,EAChD,WAAW,IAAI;AACb,UAAM,KAAK;AAAA,EACb;AACA,QAAM,CAAC,MAAM,KAAK,IAAI,MAAM,GAAG,aAAa,MAAM,OAAO,EAAE,OAAO,UAAU,SAAS,OAAO,KAAK,SAAS,CAAC;AAC3G,QAAM,UAAU,KAAK,IAAI,CAAC,MAAW,EAAE,EAAE;AACzC,QAAM,QAAQ,QAAQ,SAClB,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,EAAE,MAAM,EAAE,KAAK,QAAe,EAAE;AAAA,IAChC,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,IACA,CAAC;AACL,QAAM,UAAoC,CAAC;AAC3C,aAAW,KAAK,OAAO;AACrB,UAAM,MAAM,OAAQ,EAAU,MAAM,MAAO,EAAU,IAAI;AACzD,UAAM,QAAQ,OAAQ,EAAU,MAAM,QAAQ,EAAE;AAChD,QAAI,CAAC,QAAQ,GAAG,EAAG,SAAQ,GAAG,IAAI,CAAC;AACnC,QAAI,MAAO,SAAQ,GAAG,EAAE,KAAK,KAAK;AAAA,EACpC;AACA,QAAM,SAAS,KACZ,IAAI,CAAC,MAAY,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI,IAAK,EACpE,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC;AAC/C,MAAI,SAAiC,CAAC;AACtC,MAAI,aAAa,QAAQ;AACvB,UAAM,gBAAgB,MAAM,GAAG;AAAA,MAC7B;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,aAAoB,GAAG,WAAW,KAAK;AAAA,IACtD;AACA,aAAS,cAAc,OAA+B,CAAC,KAAK,QAAQ;AAClE,YAAM,QAAQ,KAAK,KAAK,OAAO,IAAI,EAAE,IAAI;AACzC,UAAI,CAAC,MAAO,QAAO;AACnB,YAAM,UAAW,KAAa;AAC9B,YAAM,UAAU,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AAC9E,UAAI,KAAK,IAAI;AACb,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,YAAY,KACf,IAAI,CAAC,MAAY,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI,IAAK,EACxD,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,kBAAkB,MAAM,KAAK,IAAI,IAAI,SAAS,CAAC;AACrD,MAAI,YAAoC,CAAC;AACzC,MAAI,gBAAgB,QAAQ;AAC1B,UAAM,UAAU,MAAM,GAAG;AAAA,MACvB;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,gBAAuB,GAAG,WAAW,KAAK;AAAA,IACzD;AACA,gBAAY,QAAQ,OAA+B,CAAC,KAAK,WAAW;AAClE,YAAM,WAAW,QAAQ,KAAK,OAAO,OAAO,EAAE,IAAI;AAClD,UAAI,CAAC,SAAU,QAAO;AACtB,YAAM,UAAW,QAAgB;AACjC,YAAM,aAAa,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AACjF,UAAI,QAAQ,IAAI;AAChB,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,eAA8C,CAAC;AACrD,QAAM,qBAAoD,CAAC;AAC3D,aAAW,KAAK,MAAM;AACpB,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,iBAAa,GAAG,IAAI,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AACtD,uBAAmB,GAAG,IAAI,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAAA,EAC1E;AACA,QAAM,WAAW,QAAQ,SACrB,MAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,UAAU,EAAE,KAAK;AAAA,IACjB,WAAW,QAAQ,IAAI,MAAM;AAAA,IAC7B,kBAAkB;AAAA,IAClB,wBAAwB;AAAA,IACxB,iBAAiB,KAAK,WAAW,CAAC,KAAK,QAAQ,IAAI,CAAC;AAAA,EACtD,CAAC,IACD,CAAC;AAEL,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAW;AACjC,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,UAAM,QAAQ,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAC5D,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO,OAAO,EAAE,KAAK;AAAA,MACrB,gBAAgB;AAAA,MAChB,kBAAkB,QAAQ,OAAO,KAAK,KAAK,QAAQ;AAAA,MACnD,UAAU,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC5C,YAAY,EAAE,WAAW,UAAU,OAAO,EAAE,QAAQ,CAAC,KAAK,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC/E,OAAO,QAAQ,GAAG,KAAK,CAAC;AAAA,MACxB,GAAI,SAAS,GAAG,KAAK,CAAC;AAAA,IACxB;AAAA,EACF,CAAC;AACD,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAC1D,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT,cAAc;AAAA,IACd,gBAAgB;AAAA,IAChB,UAAU,KAAK,YAAY;AAAA,IAC3B,OAAO,OAAO;AAAA,IACd,YAAY,KAAK,cAAc;AAAA,EACjC,CAAC;AACD,SAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,YAAY,aAAa,CAAC;AAC5E;AAEO,MAAM,OAAO,OAAO,QAAiB;AAC1C,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,KAAK,GAAG;AACtB;AAEO,MAAM,MAAM,OAAO,QAAiB;AACzC,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,IAAI,GAAG;AACrB;AAEO,MAAM,SAAS,KAAK;AAE3B,eAAe,qBAAqB,KAAc,OAAgB;AAChE,MAAI,CAAC,MAAM,QAAQ,KAAK,EAAG;AAC3B,QAAM,aAAa,MAChB,IAAI,CAAC,SAAU,OAAO,SAAS,WAAW,KAAK,KAAK,EAAE,YAAY,IAAI,IAAK,EAC3E,OAAO,CAAC,SAAyB,CAAC,CAAC,IAAI;AAC1C,MAAI,CAAC,WAAW,SAAS,YAAY,EAAG;AACxC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,cAAc;AACzC,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AAChH,MAAI,CAAC,KAAK,cAAc;AACtB,UAAM,UAAU,2DAA2D;AAAA,EAC7E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,uBAAuB;AAAA,MAChF;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,QAC5C;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sCAAsC,QAAQ,oBAAoB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,MAClG;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,QAC3E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,iBAAiB,EAAE,CAAC;AAAA,MACrE,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,0BAA0B,QAAQ,oBAAoB;AAAA,QAClF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,EACF;AACF;",
   "names": ["id"]
 }

package/dist/modules/auth/backend/roles/[id]/edit/page.js

@@ -19,7 +19,6 @@ function EditRolePage({ params }) {
   const [aclData, setAclData] = React.useState({ isSuperAdmin: false, features: [], organizations: null });
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false);
   const [selectedTenantId, setSelectedTenantId] = React.useState(null);
-  const widgetEditorRef = React.useRef(null);
   React.useEffect(() => {
     if (!id) return;
     const roleId = id;
@@ -128,8 +127,7 @@ function EditRolePage({ params }) {
         {
           kind: "role",
           targetId: String(id),
-          tenantId: selectedTenantId ?? (initial?.tenantId ?? null),
-          ref: widgetEditorRef
+          tenantId: selectedTenantId ?? (initial?.tenantId ?? null)
         }
       ) : null
     }
@@ -165,7 +163,6 @@ function EditRolePage({ params }) {
         await updateCrud("auth/roles/acl", { roleId: id, tenantId: effectiveTenantId, ...aclData }, {
           errorMessage: t("auth.roles.form.errors.aclUpdate", "Failed to update role access control")
         });
-        await widgetEditorRef.current?.save();
         try {
           window.dispatchEvent(new Event("om:refresh-sidebar"));
         } catch {

package/dist/modules/auth/backend/roles/[id]/edit/page.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../../src/modules/auth/backend/roles/%5Bid%5D/edit/page.tsx"],
-  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField, type CrudFormGroup } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'\nimport { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'\nimport { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'\nimport { WidgetVisibilityEditor, type WidgetVisibilityEditorHandle } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'\nimport { E } from '#generated/entities.ids.generated'\nimport { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype EditRoleFormValues = {\n  name?: string\n  tenantId?: string | null\n} & Record<string, unknown>\n\ntype RoleRecord = {\n  id: string\n  name: string\n  tenantId: string | null\n  tenantName?: string | null\n  usersCount?: number | null\n} & Record<string, unknown>\n\ntype RoleListResponse = {\n  items?: RoleRecord[]\n  isSuperAdmin?: boolean\n}\n\nexport default function EditRolePage({ params }: { params?: { id?: string } }) {\n  const id = params?.id\n  const t = useT()\n  const [initial, setInitial] = React.useState<RoleRecord | null>(null)\n  const [loading, setLoading] = React.useState(true)\n  const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })\n  const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)\n  const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)\n  const widgetEditorRef = React.useRef<WidgetVisibilityEditorHandle | null>(null)\n\n  React.useEffect(() => {\n    if (!id) return\n    const roleId = id\n    let cancelled = false\n    async function load() {\n      try {\n        const { ok, result } = await apiCall<RoleListResponse>(`/api/auth/roles?id=${encodeURIComponent(roleId)}`)\n        if (!ok) throw new Error(t('auth.roles.form.errors.load', 'Failed to load role'))\n        const foundList = Array.isArray(result?.items) ? result?.items : []\n        const found = (foundList?.[0] ?? null) as RoleRecord | null\n        if (!cancelled) {\n          setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))\n          setInitial(found || null)\n          const tenant = found && typeof found.tenantId === 'string' ? found.tenantId : null\n          setSelectedTenantId(tenant)\n        }\n      } catch {\n        if (!cancelled) {\n          setInitial(null)\n          setSelectedTenantId(null)\n        }\n      }\n      if (!cancelled) setLoading(false)\n    }\n    load()\n    return () => { cancelled = true }\n  }, [id, t])\n\n  const preloadedTenants = React.useMemo(() => {\n    if (!selectedTenantId) return null\n    const name = initial?.tenantId === selectedTenantId\n      ? (initial?.tenantName ?? selectedTenantId)\n      : selectedTenantId\n    return [{ id: selectedTenantId, name, isActive: true }]\n  }, [initial, selectedTenantId])\n\n  const fields = React.useMemo<CrudField[]>(() => {\n    const disabled = !!(initial && typeof initial.usersCount === 'number' && initial.usersCount > 0)\n    const list: CrudField[] = [\n      {\n        id: 'name',\n        label: t('auth.roles.form.field.name', 'Name'),\n        type: 'text',\n        required: true,\n        disabled,\n      },\n    ]\n    if (actorIsSuperAdmin) {\n      list.push({\n        id: 'tenantId',\n        label: t('auth.roles.form.field.tenant', 'Tenant'),\n        type: 'custom',\n        required: true,\n        component: ({ value, setValue }) => {\n          const normalizedValue = typeof value === 'string'\n            ? value\n            : (typeof selectedTenantId === 'string' ? selectedTenantId : null)\n          return (\n            <TenantSelect\n              id=\"tenantId\"\n              value={normalizedValue}\n              onChange={(next) => {\n                const resolved = next ?? null\n                setValue(resolved)\n                setSelectedTenantId(resolved)\n                setAclData({ isSuperAdmin: false, features: [], organizations: null })\n              }}\n              includeEmptyOption\n              className=\"w-full h-9 rounded border px-2 text-sm\"\n              tenants={preloadedTenants}\n            />\n          )\n        },\n      })\n    }\n    return list\n  }, [actorIsSuperAdmin, initial, preloadedTenants, selectedTenantId, t])\n\n  const detailFieldIds = React.useMemo(() => {\n    const base = ['name']\n    if (actorIsSuperAdmin) base.push('tenantId')\n    return base\n  }, [actorIsSuperAdmin])\n\n  const groups: CrudFormGroup[] = React.useMemo(() => ([\n    { id: 'details', title: t('auth.roles.form.group.details', 'Details'), column: 1, fields: detailFieldIds },\n    { id: 'customFields', title: t('entities.customFields.title', 'Custom Fields'), column: 2, kind: 'customFields' },\n    {\n      id: 'acl',\n      title: t('auth.roles.form.group.access', 'Access'),\n      column: 1,\n      component: () => (id\n        ? (\n          <AclEditor\n            kind=\"role\"\n            targetId={String(id)}\n            canEditOrganizations\n            value={aclData}\n            onChange={setAclData}\n            currentUserIsSuperAdmin={actorIsSuperAdmin}\n            tenantId={selectedTenantId ?? null}\n          />\n        )\n        : null),\n    },\n    {\n      id: 'dashboardWidgets',\n      title: t('auth.roles.form.group.widgets', 'Dashboard Widgets'),\n      column: 2,\n      component: () => (id && !loading\n        ? (\n          <WidgetVisibilityEditor\n            kind=\"role\"\n            targetId={String(id)}\n            tenantId={selectedTenantId ?? (initial?.tenantId ?? null)}\n            ref={widgetEditorRef}\n          />\n        )\n        : null),\n    },\n  ]), [aclData, actorIsSuperAdmin, detailFieldIds, id, initial, loading, selectedTenantId, t])\n\n  if (!id) return null\n  return (\n    <Page>\n      <PageBody>\n        <CrudForm<EditRoleFormValues>\n          title={t('auth.roles.form.title.edit', 'Edit Role')}\n          backHref=\"/backend/roles\"\n          entityId={E.auth.role}\n          fields={fields}\n          groups={groups}\n          initialValues={initial || { id, tenantId: null }}\n          isLoading={loading}\n          loadingMessage={t('auth.roles.form.loading', 'Loading data...')}\n          cancelHref=\"/backend/roles\"\n          successRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.updated', 'Role saved'))}&type=success`}\n          onSubmit={async (values) => {\n            const customFields = collectCustomFieldValues(values)\n            const payload: Record<string, unknown> = { id }\n            if (values.name !== undefined) payload.name = values.name\n            let effectiveTenantId: string | null = selectedTenantId ?? (initial?.tenantId ?? null)\n            if (actorIsSuperAdmin) {\n              const rawTenant = typeof values.tenantId === 'string' ? values.tenantId.trim() : selectedTenantId\n              effectiveTenantId = rawTenant && rawTenant.length ? rawTenant : null\n              payload.tenantId = effectiveTenantId\n            }\n            if (Object.keys(customFields).length) {\n              payload.customFields = customFields\n            }\n            await updateCrud('auth/roles', payload)\n            await updateCrud('auth/roles/acl', { roleId: id, tenantId: effectiveTenantId, ...aclData }, {\n              errorMessage: t('auth.roles.form.errors.aclUpdate', 'Failed to update role access control'),\n            })\n            await widgetEditorRef.current?.save()\n            try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}\n          }}\n          onDelete={async () => {\n            await deleteCrud('auth/roles', String(id), {\n              errorMessage: t('auth.roles.form.errors.delete', 'Failed to delete role'),\n            })\n          }}\n          deleteRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.deleted', 'Role deleted'))}&type=success`}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
-  "mappings": ";AAmGY;AAlGZ,YAAY,WAAW;AACvB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAoD;AAC7D,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AACvC,SAAS,gCAAgC;AACzC,SAAS,iBAA+B;AACxC,SAAS,8BAAiE;AAC1E,SAAS,SAAS;AAClB,SAAS,oBAAoB;AAC7B,SAAS,YAAY;AAoBN,SAAR,aAA8B,EAAE,OAAO,GAAiC;AAC7E,QAAM,KAAK,QAAQ;AACnB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAA4B,IAAI;AACpE,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAkB,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAChH,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAS,KAAK;AACtE,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,MAAM,SAAwB,IAAI;AAClF,QAAM,kBAAkB,MAAM,OAA4C,IAAI;AAE9E,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,GAAI;AACT,UAAM,SAAS;AACf,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAA0B,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AACzG,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,EAAE,+BAA+B,qBAAqB,CAAC;AAChF,cAAM,YAAY,MAAM,QAAQ,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC;AAClE,cAAM,QAAS,YAAY,CAAC,KAAK;AACjC,YAAI,CAAC,WAAW;AACd,+BAAqB,QAAQ,QAAQ,YAAY,CAAC;AAClD,qBAAW,SAAS,IAAI;AACxB,gBAAM,SAAS,SAAS,OAAO,MAAM,aAAa,WAAW,MAAM,WAAW;AAC9E,8BAAoB,MAAM;AAAA,QAC5B;AAAA,MACF,QAAQ;AACN,YAAI,CAAC,WAAW;AACd,qBAAW,IAAI;AACf,8BAAoB,IAAI;AAAA,QAC1B;AAAA,MACF;AACA,UAAI,CAAC,UAAW,YAAW,KAAK;AAAA,IAClC;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,IAAI,CAAC,CAAC;AAEV,QAAM,mBAAmB,MAAM,QAAQ,MAAM;AAC3C,QAAI,CAAC,iBAAkB,QAAO;AAC9B,UAAM,OAAO,SAAS,aAAa,mBAC9B,SAAS,cAAc,mBACxB;AACJ,WAAO,CAAC,EAAE,IAAI,kBAAkB,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD,GAAG,CAAC,SAAS,gBAAgB,CAAC;AAE9B,QAAM,SAAS,MAAM,QAAqB,MAAM;AAC9C,UAAM,WAAW,CAAC,EAAE,WAAW,OAAO,QAAQ,eAAe,YAAY,QAAQ,aAAa;AAC9F,UAAM,OAAoB;AAAA,MACxB;AAAA,QACE,IAAI;AAAA,QACJ,OAAO,EAAE,8BAA8B,MAAM;AAAA,QAC7C,MAAM;AAAA,QACN,UAAU;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,QAAI,mBAAmB;AACrB,WAAK,KAAK;AAAA,QACR,IAAI;AAAA,QACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,QACjD,MAAM;AAAA,QACN,UAAU;AAAA,QACV,WAAW,CAAC,EAAE,OAAO,SAAS,MAAM;AAClC,gBAAM,kBAAkB,OAAO,UAAU,WACrC,QACC,OAAO,qBAAqB,WAAW,mBAAmB;AAC/D,iBACE;AAAA,YAAC;AAAA;AAAA,cACC,IAAG;AAAA,cACH,OAAO;AAAA,cACP,UAAU,CAAC,SAAS;AAClB,sBAAM,WAAW,QAAQ;AACzB,yBAAS,QAAQ;AACjB,oCAAoB,QAAQ;AAC5B,2BAAW,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAAA,cACvE;AAAA,cACA,oBAAkB;AAAA,cAClB,WAAU;AAAA,cACV,SAAS;AAAA;AAAA,UACX;AAAA,QAEJ;AAAA,MACF,CAAC;AAAA,IACH;AACA,WAAO;AAAA,EACT,GAAG,CAAC,mBAAmB,SAAS,kBAAkB,kBAAkB,CAAC,CAAC;AAEtE,QAAM,iBAAiB,MAAM,QAAQ,MAAM;AACzC,UAAM,OAAO,CAAC,MAAM;AACpB,QAAI,kBAAmB,MAAK,KAAK,UAAU;AAC3C,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,CAAC;AAEtB,QAAM,SAA0B,MAAM,QAAQ,MAAO;AAAA,IACnD,EAAE,IAAI,WAAW,OAAO,EAAE,iCAAiC,SAAS,GAAG,QAAQ,GAAG,QAAQ,eAAe;AAAA,IACzG,EAAE,IAAI,gBAAgB,OAAO,EAAE,+BAA+B,eAAe,GAAG,QAAQ,GAAG,MAAM,eAAe;AAAA,IAChH;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,MACjD,QAAQ;AAAA,MACR,WAAW,MAAO,KAEd;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,sBAAoB;AAAA,UACpB,OAAO;AAAA,UACP,UAAU;AAAA,UACV,yBAAyB;AAAA,UACzB,UAAU,oBAAoB;AAAA;AAAA,MAChC,IAEA;AAAA,IACN;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,iCAAiC,mBAAmB;AAAA,MAC7D,QAAQ;AAAA,MACR,WAAW,MAAO,MAAM,CAAC,UAErB;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,UAAU,qBAAqB,SAAS,YAAY;AAAA,UACpD,KAAK;AAAA;AAAA,MACP,IAEA;AAAA,IACN;AAAA,EACF,GAAI,CAAC,SAAS,mBAAmB,gBAAgB,IAAI,SAAS,SAAS,kBAAkB,CAAC,CAAC;AAE3F,MAAI,CAAC,GAAI,QAAO;AAChB,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,8BAA8B,WAAW;AAAA,MAClD,UAAS;AAAA,MACT,UAAU,EAAE,KAAK;AAAA,MACjB;AAAA,MACA;AAAA,MACA,eAAe,WAAW,EAAE,IAAI,UAAU,KAAK;AAAA,MAC/C,WAAW;AAAA,MACX,gBAAgB,EAAE,2BAA2B,iBAAiB;AAAA,MAC9D,YAAW;AAAA,MACX,iBAAiB,wBAAwB,mBAAmB,EAAE,4BAA4B,YAAY,CAAC,CAAC;AAAA,MACxG,UAAU,OAAO,WAAW;AAC1B,cAAM,eAAe,yBAAyB,MAAM;AACpD,cAAM,UAAmC,EAAE,GAAG;AAC9C,YAAI,OAAO,SAAS,OAAW,SAAQ,OAAO,OAAO;AACrD,YAAI,oBAAmC,qBAAqB,SAAS,YAAY;AACjF,YAAI,mBAAmB;AACrB,gBAAM,YAAY,OAAO,OAAO,aAAa,WAAW,OAAO,SAAS,KAAK,IAAI;AACjF,8BAAoB,aAAa,UAAU,SAAS,YAAY;AAChE,kBAAQ,WAAW;AAAA,QACrB;AACA,YAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,kBAAQ,eAAe;AAAA,QACzB;AACA,cAAM,WAAW,cAAc,OAAO;AACtC,cAAM,WAAW,kBAAkB,EAAE,QAAQ,IAAI,UAAU,mBAAmB,GAAG,QAAQ,GAAG;AAAA,UAC1F,cAAc,EAAE,oCAAoC,sCAAsC;AAAA,QAC5F,CAAC;AACD,cAAM,gBAAgB,SAAS,KAAK;AACpC,YAAI;AAAE,iBAAO,cAAc,IAAI,MAAM,oBAAoB,CAAC;AAAA,QAAE,QAAQ;AAAA,QAAC;AAAA,MACvE;AAAA,MACA,UAAU,YAAY;AACpB,cAAM,WAAW,cAAc,OAAO,EAAE,GAAG;AAAA,UACzC,cAAc,EAAE,iCAAiC,uBAAuB;AAAA,QAC1E,CAAC;AAAA,MACH;AAAA,MACA,gBAAgB,wBAAwB,mBAAmB,EAAE,4BAA4B,cAAc,CAAC,CAAC;AAAA;AAAA,EAC3G,GACF,GACF;AAEJ;",
+  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField, type CrudFormGroup } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'\nimport { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'\nimport { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'\nimport { WidgetVisibilityEditor } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'\nimport { E } from '#generated/entities.ids.generated'\nimport { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype EditRoleFormValues = {\n  name?: string\n  tenantId?: string | null\n} & Record<string, unknown>\n\ntype RoleRecord = {\n  id: string\n  name: string\n  tenantId: string | null\n  tenantName?: string | null\n  usersCount?: number | null\n} & Record<string, unknown>\n\ntype RoleListResponse = {\n  items?: RoleRecord[]\n  isSuperAdmin?: boolean\n}\n\nexport default function EditRolePage({ params }: { params?: { id?: string } }) {\n  const id = params?.id\n  const t = useT()\n  const [initial, setInitial] = React.useState<RoleRecord | null>(null)\n  const [loading, setLoading] = React.useState(true)\n  const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })\n  const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)\n  const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)\n\n  React.useEffect(() => {\n    if (!id) return\n    const roleId = id\n    let cancelled = false\n    async function load() {\n      try {\n        const { ok, result } = await apiCall<RoleListResponse>(`/api/auth/roles?id=${encodeURIComponent(roleId)}`)\n        if (!ok) throw new Error(t('auth.roles.form.errors.load', 'Failed to load role'))\n        const foundList = Array.isArray(result?.items) ? result?.items : []\n        const found = (foundList?.[0] ?? null) as RoleRecord | null\n        if (!cancelled) {\n          setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))\n          setInitial(found || null)\n          const tenant = found && typeof found.tenantId === 'string' ? found.tenantId : null\n          setSelectedTenantId(tenant)\n        }\n      } catch {\n        if (!cancelled) {\n          setInitial(null)\n          setSelectedTenantId(null)\n        }\n      }\n      if (!cancelled) setLoading(false)\n    }\n    load()\n    return () => { cancelled = true }\n  }, [id, t])\n\n  const preloadedTenants = React.useMemo(() => {\n    if (!selectedTenantId) return null\n    const name = initial?.tenantId === selectedTenantId\n      ? (initial?.tenantName ?? selectedTenantId)\n      : selectedTenantId\n    return [{ id: selectedTenantId, name, isActive: true }]\n  }, [initial, selectedTenantId])\n\n  const fields = React.useMemo<CrudField[]>(() => {\n    const disabled = !!(initial && typeof initial.usersCount === 'number' && initial.usersCount > 0)\n    const list: CrudField[] = [\n      {\n        id: 'name',\n        label: t('auth.roles.form.field.name', 'Name'),\n        type: 'text',\n        required: true,\n        disabled,\n      },\n    ]\n    if (actorIsSuperAdmin) {\n      list.push({\n        id: 'tenantId',\n        label: t('auth.roles.form.field.tenant', 'Tenant'),\n        type: 'custom',\n        required: true,\n        component: ({ value, setValue }) => {\n          const normalizedValue = typeof value === 'string'\n            ? value\n            : (typeof selectedTenantId === 'string' ? selectedTenantId : null)\n          return (\n            <TenantSelect\n              id=\"tenantId\"\n              value={normalizedValue}\n              onChange={(next) => {\n                const resolved = next ?? null\n                setValue(resolved)\n                setSelectedTenantId(resolved)\n                setAclData({ isSuperAdmin: false, features: [], organizations: null })\n              }}\n              includeEmptyOption\n              className=\"w-full h-9 rounded border px-2 text-sm\"\n              tenants={preloadedTenants}\n            />\n          )\n        },\n      })\n    }\n    return list\n  }, [actorIsSuperAdmin, initial, preloadedTenants, selectedTenantId, t])\n\n  const detailFieldIds = React.useMemo(() => {\n    const base = ['name']\n    if (actorIsSuperAdmin) base.push('tenantId')\n    return base\n  }, [actorIsSuperAdmin])\n\n  const groups: CrudFormGroup[] = React.useMemo(() => ([\n    { id: 'details', title: t('auth.roles.form.group.details', 'Details'), column: 1, fields: detailFieldIds },\n    { id: 'customFields', title: t('entities.customFields.title', 'Custom Fields'), column: 2, kind: 'customFields' },\n    {\n      id: 'acl',\n      title: t('auth.roles.form.group.access', 'Access'),\n      column: 1,\n      component: () => (id\n        ? (\n          <AclEditor\n            kind=\"role\"\n            targetId={String(id)}\n            canEditOrganizations\n            value={aclData}\n            onChange={setAclData}\n            currentUserIsSuperAdmin={actorIsSuperAdmin}\n            tenantId={selectedTenantId ?? null}\n          />\n        )\n        : null),\n    },\n    {\n      id: 'dashboardWidgets',\n      title: t('auth.roles.form.group.widgets', 'Dashboard Widgets'),\n      column: 2,\n      component: () => (id && !loading\n        ? (\n          <WidgetVisibilityEditor\n            kind=\"role\"\n            targetId={String(id)}\n            tenantId={selectedTenantId ?? (initial?.tenantId ?? null)}\n          />\n        )\n        : null),\n    },\n  ]), [aclData, actorIsSuperAdmin, detailFieldIds, id, initial, loading, selectedTenantId, t])\n\n  if (!id) return null\n  return (\n    <Page>\n      <PageBody>\n        <CrudForm<EditRoleFormValues>\n          title={t('auth.roles.form.title.edit', 'Edit Role')}\n          backHref=\"/backend/roles\"\n          entityId={E.auth.role}\n          fields={fields}\n          groups={groups}\n          initialValues={initial || { id, tenantId: null }}\n          isLoading={loading}\n          loadingMessage={t('auth.roles.form.loading', 'Loading data...')}\n          cancelHref=\"/backend/roles\"\n          successRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.updated', 'Role saved'))}&type=success`}\n          onSubmit={async (values) => {\n            const customFields = collectCustomFieldValues(values)\n            const payload: Record<string, unknown> = { id }\n            if (values.name !== undefined) payload.name = values.name\n            let effectiveTenantId: string | null = selectedTenantId ?? (initial?.tenantId ?? null)\n            if (actorIsSuperAdmin) {\n              const rawTenant = typeof values.tenantId === 'string' ? values.tenantId.trim() : selectedTenantId\n              effectiveTenantId = rawTenant && rawTenant.length ? rawTenant : null\n              payload.tenantId = effectiveTenantId\n            }\n            if (Object.keys(customFields).length) {\n              payload.customFields = customFields\n            }\n            await updateCrud('auth/roles', payload)\n            await updateCrud('auth/roles/acl', { roleId: id, tenantId: effectiveTenantId, ...aclData }, {\n              errorMessage: t('auth.roles.form.errors.aclUpdate', 'Failed to update role access control'),\n            })\n            try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}\n          }}\n          onDelete={async () => {\n            await deleteCrud('auth/roles', String(id), {\n              errorMessage: t('auth.roles.form.errors.delete', 'Failed to delete role'),\n            })\n          }}\n          deleteRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.deleted', 'Role deleted'))}&type=success`}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AAkGY;AAjGZ,YAAY,WAAW;AACvB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAoD;AAC7D,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AACvC,SAAS,gCAAgC;AACzC,SAAS,iBAA+B;AACxC,SAAS,8BAA8B;AACvC,SAAS,SAAS;AAClB,SAAS,oBAAoB;AAC7B,SAAS,YAAY;AAoBN,SAAR,aAA8B,EAAE,OAAO,GAAiC;AAC7E,QAAM,KAAK,QAAQ;AACnB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAA4B,IAAI;AACpE,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAkB,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAChH,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAS,KAAK;AACtE,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,MAAM,SAAwB,IAAI;AAElF,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,GAAI;AACT,UAAM,SAAS;AACf,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAA0B,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AACzG,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,EAAE,+BAA+B,qBAAqB,CAAC;AAChF,cAAM,YAAY,MAAM,QAAQ,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC;AAClE,cAAM,QAAS,YAAY,CAAC,KAAK;AACjC,YAAI,CAAC,WAAW;AACd,+BAAqB,QAAQ,QAAQ,YAAY,CAAC;AAClD,qBAAW,SAAS,IAAI;AACxB,gBAAM,SAAS,SAAS,OAAO,MAAM,aAAa,WAAW,MAAM,WAAW;AAC9E,8BAAoB,MAAM;AAAA,QAC5B;AAAA,MACF,QAAQ;AACN,YAAI,CAAC,WAAW;AACd,qBAAW,IAAI;AACf,8BAAoB,IAAI;AAAA,QAC1B;AAAA,MACF;AACA,UAAI,CAAC,UAAW,YAAW,KAAK;AAAA,IAClC;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,IAAI,CAAC,CAAC;AAEV,QAAM,mBAAmB,MAAM,QAAQ,MAAM;AAC3C,QAAI,CAAC,iBAAkB,QAAO;AAC9B,UAAM,OAAO,SAAS,aAAa,mBAC9B,SAAS,cAAc,mBACxB;AACJ,WAAO,CAAC,EAAE,IAAI,kBAAkB,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD,GAAG,CAAC,SAAS,gBAAgB,CAAC;AAE9B,QAAM,SAAS,MAAM,QAAqB,MAAM;AAC9C,UAAM,WAAW,CAAC,EAAE,WAAW,OAAO,QAAQ,eAAe,YAAY,QAAQ,aAAa;AAC9F,UAAM,OAAoB;AAAA,MACxB;AAAA,QACE,IAAI;AAAA,QACJ,OAAO,EAAE,8BAA8B,MAAM;AAAA,QAC7C,MAAM;AAAA,QACN,UAAU;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,QAAI,mBAAmB;AACrB,WAAK,KAAK;AAAA,QACR,IAAI;AAAA,QACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,QACjD,MAAM;AAAA,QACN,UAAU;AAAA,QACV,WAAW,CAAC,EAAE,OAAO,SAAS,MAAM;AAClC,gBAAM,kBAAkB,OAAO,UAAU,WACrC,QACC,OAAO,qBAAqB,WAAW,mBAAmB;AAC/D,iBACE;AAAA,YAAC;AAAA;AAAA,cACC,IAAG;AAAA,cACH,OAAO;AAAA,cACP,UAAU,CAAC,SAAS;AAClB,sBAAM,WAAW,QAAQ;AACzB,yBAAS,QAAQ;AACjB,oCAAoB,QAAQ;AAC5B,2BAAW,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAAA,cACvE;AAAA,cACA,oBAAkB;AAAA,cAClB,WAAU;AAAA,cACV,SAAS;AAAA;AAAA,UACX;AAAA,QAEJ;AAAA,MACF,CAAC;AAAA,IACH;AACA,WAAO;AAAA,EACT,GAAG,CAAC,mBAAmB,SAAS,kBAAkB,kBAAkB,CAAC,CAAC;AAEtE,QAAM,iBAAiB,MAAM,QAAQ,MAAM;AACzC,UAAM,OAAO,CAAC,MAAM;AACpB,QAAI,kBAAmB,MAAK,KAAK,UAAU;AAC3C,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,CAAC;AAEtB,QAAM,SAA0B,MAAM,QAAQ,MAAO;AAAA,IACnD,EAAE,IAAI,WAAW,OAAO,EAAE,iCAAiC,SAAS,GAAG,QAAQ,GAAG,QAAQ,eAAe;AAAA,IACzG,EAAE,IAAI,gBAAgB,OAAO,EAAE,+BAA+B,eAAe,GAAG,QAAQ,GAAG,MAAM,eAAe;AAAA,IAChH;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,MACjD,QAAQ;AAAA,MACR,WAAW,MAAO,KAEd;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,sBAAoB;AAAA,UACpB,OAAO;AAAA,UACP,UAAU;AAAA,UACV,yBAAyB;AAAA,UACzB,UAAU,oBAAoB;AAAA;AAAA,MAChC,IAEA;AAAA,IACN;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,iCAAiC,mBAAmB;AAAA,MAC7D,QAAQ;AAAA,MACR,WAAW,MAAO,MAAM,CAAC,UAErB;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,UAAU,qBAAqB,SAAS,YAAY;AAAA;AAAA,MACtD,IAEA;AAAA,IACN;AAAA,EACF,GAAI,CAAC,SAAS,mBAAmB,gBAAgB,IAAI,SAAS,SAAS,kBAAkB,CAAC,CAAC;AAE3F,MAAI,CAAC,GAAI,QAAO;AAChB,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,8BAA8B,WAAW;AAAA,MAClD,UAAS;AAAA,MACT,UAAU,EAAE,KAAK;AAAA,MACjB;AAAA,MACA;AAAA,MACA,eAAe,WAAW,EAAE,IAAI,UAAU,KAAK;AAAA,MAC/C,WAAW;AAAA,MACX,gBAAgB,EAAE,2BAA2B,iBAAiB;AAAA,MAC9D,YAAW;AAAA,MACX,iBAAiB,wBAAwB,mBAAmB,EAAE,4BAA4B,YAAY,CAAC,CAAC;AAAA,MACxG,UAAU,OAAO,WAAW;AAC1B,cAAM,eAAe,yBAAyB,MAAM;AACpD,cAAM,UAAmC,EAAE,GAAG;AAC9C,YAAI,OAAO,SAAS,OAAW,SAAQ,OAAO,OAAO;AACrD,YAAI,oBAAmC,qBAAqB,SAAS,YAAY;AACjF,YAAI,mBAAmB;AACrB,gBAAM,YAAY,OAAO,OAAO,aAAa,WAAW,OAAO,SAAS,KAAK,IAAI;AACjF,8BAAoB,aAAa,UAAU,SAAS,YAAY;AAChE,kBAAQ,WAAW;AAAA,QACrB;AACA,YAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,kBAAQ,eAAe;AAAA,QACzB;AACA,cAAM,WAAW,cAAc,OAAO;AACtC,cAAM,WAAW,kBAAkB,EAAE,QAAQ,IAAI,UAAU,mBAAmB,GAAG,QAAQ,GAAG;AAAA,UAC1F,cAAc,EAAE,oCAAoC,sCAAsC;AAAA,QAC5F,CAAC;AACD,YAAI;AAAE,iBAAO,cAAc,IAAI,MAAM,oBAAoB,CAAC;AAAA,QAAE,QAAQ;AAAA,QAAC;AAAA,MACvE;AAAA,MACA,UAAU,YAAY;AACpB,cAAM,WAAW,cAAc,OAAO,EAAE,GAAG;AAAA,UACzC,cAAc,EAAE,iCAAiC,uBAAuB;AAAA,QAC1E,CAAC;AAAA,MACH;AAAA,MACA,gBAAgB,wBAAwB,mBAAmB,EAAE,4BAA4B,cAAc,CAAC,CAAC;AAAA;AAAA,EAC3G,GACF,GACF;AAEJ;",
   "names": []
 }

package/dist/modules/auth/backend/roles/page.js

@@ -97,9 +97,9 @@ function RolesListPage() {
         setPage(1);
       },
       rowActions: (row) => /* @__PURE__ */ jsx(RowActions, { items: [
-        { id: "edit", label: t("common.edit", "Edit"), href: `/backend/roles/${row.id}/edit` },
-        { id: "show-users", label: t("auth.roles.list.actions.showUsers", "Show users"), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },
-        { id: "delete", label: t("common.delete", "Delete"), destructive: true, onSelect: () => {
+        { label: t("common.edit", "Edit"), href: `/backend/roles/${row.id}/edit` },
+        { label: t("auth.roles.list.actions.showUsers", "Show users"), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },
+        { label: t("common.delete", "Delete"), destructive: true, onSelect: () => {
           void handleDelete(row);
         } }
       ] }),

package/dist/modules/auth/backend/roles/page.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/auth/backend/roles/page.tsx"],
-  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport Link from 'next/link'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { DataTable } from '@open-mercato/ui/backend/DataTable'\nimport type { ColumnDef, SortingState } from '@tanstack/react-table'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { RowActions } from '@open-mercato/ui/backend/RowActions'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { raiseCrudError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { useOrganizationScopeVersion } from '@open-mercato/shared/lib/frontend/useOrganizationScope'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype Row = {\n  id: string\n  name: string\n  usersCount: number\n  tenantId?: string | null\n  tenantIds?: string[]\n  tenantName?: string | null\n}\n\nexport default function RolesListPage() {\n  const [sorting, setSorting] = React.useState<SortingState>([{ id: 'name', desc: false }])\n  const [page, setPage] = React.useState(1)\n  const [total, setTotal] = React.useState(0)\n  const [totalPages, setTotalPages] = React.useState(1)\n  const [search, setSearch] = React.useState('')\n  const [rows, setRows] = React.useState<Row[]>([])\n  const [isLoading, setIsLoading] = React.useState(true)\n  const [reloadToken, setReloadToken] = React.useState(0)\n  const [isSuperAdmin, setIsSuperAdmin] = React.useState(false)\n  const scopeVersion = useOrganizationScopeVersion()\n  const t = useT()\n\n  React.useEffect(() => {\n    let cancelled = false\n    async function load() {\n      setIsLoading(true)\n      try {\n        const params = new URLSearchParams()\n        params.set('page', String(page))\n        params.set('pageSize', '50')\n        if (search) params.set('search', search)\n        const fallback = { items: [], total: 0, totalPages: 1, isSuperAdmin: false }\n        const j = await readApiResultOrThrow<{\n          items?: Row[]\n          total?: number\n          totalPages?: number\n          isSuperAdmin?: boolean\n        }>(\n          `/api/auth/roles?${params.toString()}`,\n          undefined,\n          { errorMessage: t('auth.roles.list.error.load', 'Failed to load roles'), fallback },\n        )\n        if (!cancelled) {\n          setRows(j.items || [])\n          setTotal(j.total || 0)\n          setTotalPages(j.totalPages || 1)\n          setIsSuperAdmin(!!j.isSuperAdmin)\n        }\n      } finally {\n        if (!cancelled) setIsLoading(false)\n      }\n    }\n    load()\n    return () => { cancelled = true }\n  }, [page, search, reloadToken, scopeVersion, t])\n\n  const handleDelete = React.useCallback(async (row: Row) => {\n    if (!window.confirm(t('auth.roles.list.confirmDelete', 'Delete role \"{{name}}\"?').replace('{{name}}', row.name))) return\n    try {\n      const call = await apiCall(\n        `/api/auth/roles?id=${encodeURIComponent(row.id)}`,\n        { method: 'DELETE' },\n      )\n      if (!call.ok) {\n        await raiseCrudError(call.response, t('auth.roles.list.error.delete', 'Failed to delete role'))\n      }\n      flash(t('auth.roles.list.success.delete', 'Role deleted'), 'success')\n      setReloadToken((token) => token + 1)\n    } catch (error) {\n      const message = error instanceof Error ? error.message : t('auth.roles.list.error.delete', 'Failed to delete role')\n      flash(message, 'error')\n    }\n  }, [t])\n\n  const showTenantColumn = React.useMemo(\n    () => isSuperAdmin && rows.some((row) => row.tenantName),\n    [isSuperAdmin, rows],\n  )\n  const columns = React.useMemo<ColumnDef<Row>[]>(() => {\n    const base: ColumnDef<Row>[] = [\n      { accessorKey: 'name', header: t('auth.roles.list.columns.role', 'Role') },\n      { accessorKey: 'usersCount', header: t('auth.roles.list.columns.users', 'Users') },\n    ]\n    if (showTenantColumn) {\n      base.splice(1, 0, { accessorKey: 'tenantName', header: t('auth.roles.list.columns.tenant', 'Tenant') })\n    }\n    return base\n  }, [showTenantColumn, t])\n\n  return (\n    <Page>\n      <PageBody>\n        <DataTable\n          title={t('auth.roles.list.title', 'Roles')}\n          actions={(\n            <Button asChild>\n              <Link href=\"/backend/roles/create\">{t('auth.roles.list.actions.create', 'Create')}</Link>\n            </Button>\n          )}\n          columns={columns}\n          data={rows}\n          searchValue={search}\n          onSearchChange={(v) => { setSearch(v); setPage(1) }}\n          rowActions={(row) => (\n            <RowActions items={[\n              { id: 'edit', label: t('common.edit', 'Edit'), href: `/backend/roles/${row.id}/edit` },\n              { id: 'show-users', label: t('auth.roles.list.actions.showUsers', 'Show users'), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },\n              { id: 'delete', label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },\n            ]} />\n          )}\n          sortable\n          sorting={sorting}\n          onSortingChange={setSorting}\n          perspective={{ tableId: 'auth.roles.list' }}\n          pagination={{ page, pageSize: 50, total, totalPages, onPageChange: setPage }}\n          isLoading={isLoading}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
-  "mappings": ";AA8Gc;AA7Gd,YAAY,WAAW;AACvB,OAAO,UAAU;AACjB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAE1B,SAAS,cAAc;AACvB,SAAS,kBAAkB;AAC3B,SAAS,SAAS,4BAA4B;AAC9C,SAAS,aAAa;AACtB,SAAS,sBAAsB;AAC/B,SAAS,mCAAmC;AAC5C,SAAS,YAAY;AAWN,SAAR,gBAAiC;AACtC,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAuB,CAAC,EAAE,IAAI,QAAQ,MAAM,MAAM,CAAC,CAAC;AACxF,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAS,CAAC;AACxC,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,CAAC;AAC1C,QAAM,CAAC,YAAY,aAAa,IAAI,MAAM,SAAS,CAAC;AACpD,QAAM,CAAC,QAAQ,SAAS,IAAI,MAAM,SAAS,EAAE;AAC7C,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAgB,CAAC,CAAC;AAChD,QAAM,CAAC,WAAW,YAAY,IAAI,MAAM,SAAS,IAAI;AACrD,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAAS,CAAC;AACtD,QAAM,CAAC,cAAc,eAAe,IAAI,MAAM,SAAS,KAAK;AAC5D,QAAM,eAAe,4BAA4B;AACjD,QAAM,IAAI,KAAK;AAEf,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,mBAAa,IAAI;AACjB,UAAI;AACF,cAAM,SAAS,IAAI,gBAAgB;AACnC,eAAO,IAAI,QAAQ,OAAO,IAAI,CAAC;AAC/B,eAAO,IAAI,YAAY,IAAI;AAC3B,YAAI,OAAQ,QAAO,IAAI,UAAU,MAAM;AACvC,cAAM,WAAW,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,GAAG,cAAc,MAAM;AAC3E,cAAM,IAAI,MAAM;AAAA,UAMd,mBAAmB,OAAO,SAAS,CAAC;AAAA,UACpC;AAAA,UACA,EAAE,cAAc,EAAE,8BAA8B,sBAAsB,GAAG,SAAS;AAAA,QACpF;AACA,YAAI,CAAC,WAAW;AACd,kBAAQ,EAAE,SAAS,CAAC,CAAC;AACrB,mBAAS,EAAE,SAAS,CAAC;AACrB,wBAAc,EAAE,cAAc,CAAC;AAC/B,0BAAgB,CAAC,CAAC,EAAE,YAAY;AAAA,QAClC;AAAA,MACF,UAAE;AACA,YAAI,CAAC,UAAW,cAAa,KAAK;AAAA,MACpC;AAAA,IACF;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,MAAM,QAAQ,aAAa,cAAc,CAAC,CAAC;AAE/C,QAAM,eAAe,MAAM,YAAY,OAAO,QAAa;AACzD,QAAI,CAAC,OAAO,QAAQ,EAAE,iCAAiC,yBAAyB,EAAE,QAAQ,YAAY,IAAI,IAAI,CAAC,EAAG;AAClH,QAAI;AACF,YAAM,OAAO,MAAM;AAAA,QACjB,sBAAsB,mBAAmB,IAAI,EAAE,CAAC;AAAA,QAChD,EAAE,QAAQ,SAAS;AAAA,MACrB;AACA,UAAI,CAAC,KAAK,IAAI;AACZ,cAAM,eAAe,KAAK,UAAU,EAAE,gCAAgC,uBAAuB,CAAC;AAAA,MAChG;AACA,YAAM,EAAE,kCAAkC,cAAc,GAAG,SAAS;AACpE,qBAAe,CAAC,UAAU,QAAQ,CAAC;AAAA,IACrC,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,EAAE,gCAAgC,uBAAuB;AAClH,YAAM,SAAS,OAAO;AAAA,IACxB;AAAA,EACF,GAAG,CAAC,CAAC,CAAC;AAEN,QAAM,mBAAmB,MAAM;AAAA,IAC7B,MAAM,gBAAgB,KAAK,KAAK,CAAC,QAAQ,IAAI,UAAU;AAAA,IACvD,CAAC,cAAc,IAAI;AAAA,EACrB;AACA,QAAM,UAAU,MAAM,QAA0B,MAAM;AACpD,UAAM,OAAyB;AAAA,MAC7B,EAAE,aAAa,QAAQ,QAAQ,EAAE,gCAAgC,MAAM,EAAE;AAAA,MACzE,EAAE,aAAa,cAAc,QAAQ,EAAE,iCAAiC,OAAO,EAAE;AAAA,IACnF;AACA,QAAI,kBAAkB;AACpB,WAAK,OAAO,GAAG,GAAG,EAAE,aAAa,cAAc,QAAQ,EAAE,kCAAkC,QAAQ,EAAE,CAAC;AAAA,IACxG;AACA,WAAO;AAAA,EACT,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAExB,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,yBAAyB,OAAO;AAAA,MACzC,SACE,oBAAC,UAAO,SAAO,MACb,8BAAC,QAAK,MAAK,yBAAyB,YAAE,kCAAkC,QAAQ,GAAE,GACpF;AAAA,MAEF;AAAA,MACA,MAAM;AAAA,MACN,aAAa;AAAA,MACb,gBAAgB,CAAC,MAAM;AAAE,kBAAU,CAAC;AAAG,gBAAQ,CAAC;AAAA,MAAE;AAAA,MAClD,YAAY,CAAC,QACX,oBAAC,cAAW,OAAO;AAAA,QACjB,EAAE,IAAI,QAAQ,OAAO,EAAE,eAAe,MAAM,GAAG,MAAM,kBAAkB,IAAI,EAAE,QAAQ;AAAA,QACrF,EAAE,IAAI,cAAc,OAAO,EAAE,qCAAqC,YAAY,GAAG,MAAM,yBAAyB,mBAAmB,IAAI,EAAE,CAAC,GAAG;AAAA,QAC7I,EAAE,IAAI,UAAU,OAAO,EAAE,iBAAiB,QAAQ,GAAG,aAAa,MAAM,UAAU,MAAM;AAAE,eAAK,aAAa,GAAG;AAAA,QAAE,EAAE;AAAA,MACrH,GAAG;AAAA,MAEL,UAAQ;AAAA,MACR;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa,EAAE,SAAS,kBAAkB;AAAA,MAC1C,YAAY,EAAE,MAAM,UAAU,IAAI,OAAO,YAAY,cAAc,QAAQ;AAAA,MAC3E;AAAA;AAAA,EACF,GACF,GACF;AAEJ;",
+  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport Link from 'next/link'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { DataTable } from '@open-mercato/ui/backend/DataTable'\nimport type { ColumnDef, SortingState } from '@tanstack/react-table'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { RowActions } from '@open-mercato/ui/backend/RowActions'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { raiseCrudError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { useOrganizationScopeVersion } from '@open-mercato/shared/lib/frontend/useOrganizationScope'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype Row = {\n  id: string\n  name: string\n  usersCount: number\n  tenantId?: string | null\n  tenantIds?: string[]\n  tenantName?: string | null\n}\n\nexport default function RolesListPage() {\n  const [sorting, setSorting] = React.useState<SortingState>([{ id: 'name', desc: false }])\n  const [page, setPage] = React.useState(1)\n  const [total, setTotal] = React.useState(0)\n  const [totalPages, setTotalPages] = React.useState(1)\n  const [search, setSearch] = React.useState('')\n  const [rows, setRows] = React.useState<Row[]>([])\n  const [isLoading, setIsLoading] = React.useState(true)\n  const [reloadToken, setReloadToken] = React.useState(0)\n  const [isSuperAdmin, setIsSuperAdmin] = React.useState(false)\n  const scopeVersion = useOrganizationScopeVersion()\n  const t = useT()\n\n  React.useEffect(() => {\n    let cancelled = false\n    async function load() {\n      setIsLoading(true)\n      try {\n        const params = new URLSearchParams()\n        params.set('page', String(page))\n        params.set('pageSize', '50')\n        if (search) params.set('search', search)\n        const fallback = { items: [], total: 0, totalPages: 1, isSuperAdmin: false }\n        const j = await readApiResultOrThrow<{\n          items?: Row[]\n          total?: number\n          totalPages?: number\n          isSuperAdmin?: boolean\n        }>(\n          `/api/auth/roles?${params.toString()}`,\n          undefined,\n          { errorMessage: t('auth.roles.list.error.load', 'Failed to load roles'), fallback },\n        )\n        if (!cancelled) {\n          setRows(j.items || [])\n          setTotal(j.total || 0)\n          setTotalPages(j.totalPages || 1)\n          setIsSuperAdmin(!!j.isSuperAdmin)\n        }\n      } finally {\n        if (!cancelled) setIsLoading(false)\n      }\n    }\n    load()\n    return () => { cancelled = true }\n  }, [page, search, reloadToken, scopeVersion, t])\n\n  const handleDelete = React.useCallback(async (row: Row) => {\n    if (!window.confirm(t('auth.roles.list.confirmDelete', 'Delete role \"{{name}}\"?').replace('{{name}}', row.name))) return\n    try {\n      const call = await apiCall(\n        `/api/auth/roles?id=${encodeURIComponent(row.id)}`,\n        { method: 'DELETE' },\n      )\n      if (!call.ok) {\n        await raiseCrudError(call.response, t('auth.roles.list.error.delete', 'Failed to delete role'))\n      }\n      flash(t('auth.roles.list.success.delete', 'Role deleted'), 'success')\n      setReloadToken((token) => token + 1)\n    } catch (error) {\n      const message = error instanceof Error ? error.message : t('auth.roles.list.error.delete', 'Failed to delete role')\n      flash(message, 'error')\n    }\n  }, [t])\n\n  const showTenantColumn = React.useMemo(\n    () => isSuperAdmin && rows.some((row) => row.tenantName),\n    [isSuperAdmin, rows],\n  )\n  const columns = React.useMemo<ColumnDef<Row>[]>(() => {\n    const base: ColumnDef<Row>[] = [\n      { accessorKey: 'name', header: t('auth.roles.list.columns.role', 'Role') },\n      { accessorKey: 'usersCount', header: t('auth.roles.list.columns.users', 'Users') },\n    ]\n    if (showTenantColumn) {\n      base.splice(1, 0, { accessorKey: 'tenantName', header: t('auth.roles.list.columns.tenant', 'Tenant') })\n    }\n    return base\n  }, [showTenantColumn, t])\n\n  return (\n    <Page>\n      <PageBody>\n        <DataTable\n          title={t('auth.roles.list.title', 'Roles')}\n          actions={(\n            <Button asChild>\n              <Link href=\"/backend/roles/create\">{t('auth.roles.list.actions.create', 'Create')}</Link>\n            </Button>\n          )}\n          columns={columns}\n          data={rows}\n          searchValue={search}\n          onSearchChange={(v) => { setSearch(v); setPage(1) }}\n          rowActions={(row) => (\n            <RowActions items={[\n              { label: t('common.edit', 'Edit'), href: `/backend/roles/${row.id}/edit` },\n              { label: t('auth.roles.list.actions.showUsers', 'Show users'), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },\n              { label: t('common.delete', 'Delete'), destructive: true, onSelect: () => { void handleDelete(row) } },\n            ]} />\n          )}\n          sortable\n          sorting={sorting}\n          onSortingChange={setSorting}\n          perspective={{ tableId: 'auth.roles.list' }}\n          pagination={{ page, pageSize: 50, total, totalPages, onPageChange: setPage }}\n          isLoading={isLoading}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AA8Gc;AA7Gd,YAAY,WAAW;AACvB,OAAO,UAAU;AACjB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAE1B,SAAS,cAAc;AACvB,SAAS,kBAAkB;AAC3B,SAAS,SAAS,4BAA4B;AAC9C,SAAS,aAAa;AACtB,SAAS,sBAAsB;AAC/B,SAAS,mCAAmC;AAC5C,SAAS,YAAY;AAWN,SAAR,gBAAiC;AACtC,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAuB,CAAC,EAAE,IAAI,QAAQ,MAAM,MAAM,CAAC,CAAC;AACxF,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAS,CAAC;AACxC,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,CAAC;AAC1C,QAAM,CAAC,YAAY,aAAa,IAAI,MAAM,SAAS,CAAC;AACpD,QAAM,CAAC,QAAQ,SAAS,IAAI,MAAM,SAAS,EAAE;AAC7C,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAgB,CAAC,CAAC;AAChD,QAAM,CAAC,WAAW,YAAY,IAAI,MAAM,SAAS,IAAI;AACrD,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAAS,CAAC;AACtD,QAAM,CAAC,cAAc,eAAe,IAAI,MAAM,SAAS,KAAK;AAC5D,QAAM,eAAe,4BAA4B;AACjD,QAAM,IAAI,KAAK;AAEf,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,mBAAa,IAAI;AACjB,UAAI;AACF,cAAM,SAAS,IAAI,gBAAgB;AACnC,eAAO,IAAI,QAAQ,OAAO,IAAI,CAAC;AAC/B,eAAO,IAAI,YAAY,IAAI;AAC3B,YAAI,OAAQ,QAAO,IAAI,UAAU,MAAM;AACvC,cAAM,WAAW,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,GAAG,cAAc,MAAM;AAC3E,cAAM,IAAI,MAAM;AAAA,UAMd,mBAAmB,OAAO,SAAS,CAAC;AAAA,UACpC;AAAA,UACA,EAAE,cAAc,EAAE,8BAA8B,sBAAsB,GAAG,SAAS;AAAA,QACpF;AACA,YAAI,CAAC,WAAW;AACd,kBAAQ,EAAE,SAAS,CAAC,CAAC;AACrB,mBAAS,EAAE,SAAS,CAAC;AACrB,wBAAc,EAAE,cAAc,CAAC;AAC/B,0BAAgB,CAAC,CAAC,EAAE,YAAY;AAAA,QAClC;AAAA,MACF,UAAE;AACA,YAAI,CAAC,UAAW,cAAa,KAAK;AAAA,MACpC;AAAA,IACF;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,MAAM,QAAQ,aAAa,cAAc,CAAC,CAAC;AAE/C,QAAM,eAAe,MAAM,YAAY,OAAO,QAAa;AACzD,QAAI,CAAC,OAAO,QAAQ,EAAE,iCAAiC,yBAAyB,EAAE,QAAQ,YAAY,IAAI,IAAI,CAAC,EAAG;AAClH,QAAI;AACF,YAAM,OAAO,MAAM;AAAA,QACjB,sBAAsB,mBAAmB,IAAI,EAAE,CAAC;AAAA,QAChD,EAAE,QAAQ,SAAS;AAAA,MACrB;AACA,UAAI,CAAC,KAAK,IAAI;AACZ,cAAM,eAAe,KAAK,UAAU,EAAE,gCAAgC,uBAAuB,CAAC;AAAA,MAChG;AACA,YAAM,EAAE,kCAAkC,cAAc,GAAG,SAAS;AACpE,qBAAe,CAAC,UAAU,QAAQ,CAAC;AAAA,IACrC,SAAS,OAAO;AACd,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,EAAE,gCAAgC,uBAAuB;AAClH,YAAM,SAAS,OAAO;AAAA,IACxB;AAAA,EACF,GAAG,CAAC,CAAC,CAAC;AAEN,QAAM,mBAAmB,MAAM;AAAA,IAC7B,MAAM,gBAAgB,KAAK,KAAK,CAAC,QAAQ,IAAI,UAAU;AAAA,IACvD,CAAC,cAAc,IAAI;AAAA,EACrB;AACA,QAAM,UAAU,MAAM,QAA0B,MAAM;AACpD,UAAM,OAAyB;AAAA,MAC7B,EAAE,aAAa,QAAQ,QAAQ,EAAE,gCAAgC,MAAM,EAAE;AAAA,MACzE,EAAE,aAAa,cAAc,QAAQ,EAAE,iCAAiC,OAAO,EAAE;AAAA,IACnF;AACA,QAAI,kBAAkB;AACpB,WAAK,OAAO,GAAG,GAAG,EAAE,aAAa,cAAc,QAAQ,EAAE,kCAAkC,QAAQ,EAAE,CAAC;AAAA,IACxG;AACA,WAAO;AAAA,EACT,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAExB,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,yBAAyB,OAAO;AAAA,MACzC,SACE,oBAAC,UAAO,SAAO,MACb,8BAAC,QAAK,MAAK,yBAAyB,YAAE,kCAAkC,QAAQ,GAAE,GACpF;AAAA,MAEF;AAAA,MACA,MAAM;AAAA,MACN,aAAa;AAAA,MACb,gBAAgB,CAAC,MAAM;AAAE,kBAAU,CAAC;AAAG,gBAAQ,CAAC;AAAA,MAAE;AAAA,MAClD,YAAY,CAAC,QACX,oBAAC,cAAW,OAAO;AAAA,QACjB,EAAE,OAAO,EAAE,eAAe,MAAM,GAAG,MAAM,kBAAkB,IAAI,EAAE,QAAQ;AAAA,QACzE,EAAE,OAAO,EAAE,qCAAqC,YAAY,GAAG,MAAM,yBAAyB,mBAAmB,IAAI,EAAE,CAAC,GAAG;AAAA,QAC3H,EAAE,OAAO,EAAE,iBAAiB,QAAQ,GAAG,aAAa,MAAM,UAAU,MAAM;AAAE,eAAK,aAAa,GAAG;AAAA,QAAE,EAAE;AAAA,MACvG,GAAG;AAAA,MAEL,UAAQ;AAAA,MACR;AAAA,MACA,iBAAiB;AAAA,MACjB,aAAa,EAAE,SAAS,kBAAkB;AAAA,MAC1C,YAAY,EAAE,MAAM,UAAU,IAAI,OAAO,YAAY,cAAc,QAAQ;AAAA,MAC3E;AAAA;AAAA,EACF,GACF,GACF;AAEJ;",
   "names": []
 }

package/dist/modules/auth/backend/users/[id]/edit/page.js

@@ -13,7 +13,6 @@ import { TenantSelect } from "@open-mercato/core/modules/directory/components/Te
 import { fetchRoleOptions } from "@open-mercato/core/modules/auth/backend/users/roleOptions";
 import { WidgetVisibilityEditor } from "@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor";
 import { useT } from "@open-mercato/shared/lib/i18n/context";
-import { formatPasswordRequirements, getPasswordPolicy } from "@open-mercato/shared/lib/auth/passwordPolicy";
 function TenantAwareOrganizationSelectInput({
   fieldId,
   value,
@@ -62,13 +61,6 @@ function EditUserPage({ params }) {
   const [aclData, setAclData] = React.useState({ isSuperAdmin: false, features: [], organizations: null });
   const [customFieldValues, setCustomFieldValues] = React.useState({});
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false);
-  const widgetEditorRef = React.useRef(null);
-  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), []);
-  const passwordRequirements = React.useMemo(
-    () => formatPasswordRequirements(passwordPolicy, t),
-    [passwordPolicy, t]
-  );
-  const passwordDescription = React.useMemo(() => passwordRequirements ? t("auth.password.requirements.help", "Password requirements: {requirements}", { requirements: passwordRequirements }) : void 0, [passwordRequirements, t]);
   React.useEffect(() => {
     if (!id) {
       setLoading(false);
@@ -154,12 +146,7 @@ function EditUserPage({ params }) {
   const fields = React.useMemo(() => {
     const items = [
       { id: "email", label: t("auth.users.form.field.email", "Email"), type: "text", required: true },
-      {
-        id: "password",
-        label: t("auth.users.form.field.password", "Password"),
-        type: "text",
-        description: passwordDescription
-      }
+      { id: "password", label: t("auth.users.form.field.password", "Password"), type: "text" }
     ];
     if (actorIsSuperAdmin) {
       items.push({
@@ -209,7 +196,7 @@ function EditUserPage({ params }) {
     });
     items.push({ id: "roles", label: t("auth.users.form.field.roles", "Roles"), type: "tags", loadOptions: loadRoleOptions });
     return items;
-  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, preloadedTenants, selectedOrgId, selectedTenantId, t]);
+  }, [actorIsSuperAdmin, loadRoleOptions, preloadedTenants, selectedOrgId, selectedTenantId, t]);
   const detailFieldIds = React.useMemo(() => {
     const base = ["email", "password", "organizationId", "roles"];
     if (actorIsSuperAdmin) base.splice(2, 0, "tenantId");
@@ -246,8 +233,7 @@ function EditUserPage({ params }) {
           kind: "user",
           targetId: String(id),
           tenantId: selectedTenantId ?? null,
-          organizationId: initialUser?.organizationId ?? null,
-          ref: widgetEditorRef
+          organizationId: initialUser?.organizationId ?? null
         }
       ) : null
     }
@@ -303,7 +289,6 @@ function EditUserPage({ params }) {
           await updateCrud("auth/users/acl", { userId: id, ...aclData }, {
             errorMessage: t("auth.users.form.errors.aclUpdate", "Failed to update user access control")
           });
-          await widgetEditorRef.current?.save();
           try {
             window.dispatchEvent(new Event("om:refresh-sidebar"));
           } catch {

package/dist/modules/auth/backend/users/[id]/edit/page.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../../src/modules/auth/backend/users/%5Bid%5D/edit/page.tsx"],
-  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { E } from '#generated/entities.ids.generated'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField, type CrudFormGroup, type CrudFieldOption } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'\nimport { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'\nimport { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'\nimport { OrganizationSelect } from '@open-mercato/core/modules/directory/components/OrganizationSelect'\nimport { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'\nimport { fetchRoleOptions } from '@open-mercato/core/modules/auth/backend/users/roleOptions'\nimport { WidgetVisibilityEditor, type WidgetVisibilityEditorHandle } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\ntype EditUserFormValues = {\n  email: string\n  password: string\n  tenantId: string | null\n  organizationId: string | null\n  roles: string[]\n} & Record<string, unknown>\n\ntype LoadedUser = {\n  id: string\n  email: string\n  organizationId: string | null\n  tenantId: string | null\n  tenantName: string | null\n  organizationName: string | null\n  roles: string[]\n}\n\ntype UserApiItem = {\n  id?: string | null\n  email?: string | null\n  organizationId?: string | null\n  tenantId?: string | null\n  tenantName?: string | null\n  organizationName?: string | null\n  roles?: unknown\n}\n\ntype UserListResponse = {\n  items?: UserApiItem[]\n  isSuperAdmin?: boolean\n}\n\ntype FeatureCheckResponse = {\n  ok?: boolean\n}\n\ntype TenantAwareOrganizationSelectProps = {\n  fieldId: string\n  value: string | null\n  setValue: (value: string | null) => void\n  tenantId: string | null\n  includeInactiveIds?: Iterable<string | null | undefined>\n}\n\nfunction TenantAwareOrganizationSelectInput({\n  fieldId,\n  value,\n  setValue,\n  tenantId,\n  includeInactiveIds,\n}: TenantAwareOrganizationSelectProps) {\n  const prevTenantRef = React.useRef<string | null>(tenantId)\n  const hydratedRef = React.useRef(false)\n  const handleChange = React.useCallback((next: string | null) => {\n    setValue(next ?? null)\n  }, [setValue])\n\n  React.useEffect(() => {\n    if (!hydratedRef.current) {\n      hydratedRef.current = true\n      prevTenantRef.current = tenantId\n      return\n    }\n    if (prevTenantRef.current !== tenantId) {\n      prevTenantRef.current = tenantId\n      setValue(null)\n    }\n  }, [tenantId, setValue])\n\n  return (\n    <OrganizationSelect\n      id={fieldId}\n      value={value}\n      onChange={handleChange}\n      required\n      includeEmptyOption\n      className=\"w-full h-9 rounded border px-2 text-sm\"\n      includeInactiveIds={includeInactiveIds}\n      tenantId={tenantId}\n    />\n  )\n}\n\nexport default function EditUserPage({ params }: { params?: { id?: string } }) {\n  const id = params?.id\n  const t = useT()\n  const [initialUser, setInitialUser] = React.useState<LoadedUser | null>(null)\n  const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)\n  const [loading, setLoading] = React.useState(true)\n  const [error, setError] = React.useState<string | null>(null)\n  const [canEditOrgs, setCanEditOrgs] = React.useState(false)\n  const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })\n  const [customFieldValues, setCustomFieldValues] = React.useState<Record<string, unknown>>({})\n  const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)\n  const widgetEditorRef = React.useRef<WidgetVisibilityEditorHandle | null>(null)\n  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])\n  const passwordRequirements = React.useMemo(\n    () => formatPasswordRequirements(passwordPolicy, t),\n    [passwordPolicy, t],\n  )\n  const passwordDescription = React.useMemo(() => (\n    passwordRequirements\n      ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })\n      : undefined\n  ), [passwordRequirements, t])\n\n  React.useEffect(() => {\n    if (!id) {\n      setLoading(false)\n      setError(t('auth.users.form.errors.noId', 'No user ID provided'))\n      return\n    }\n    let cancelled = false\n    async function load() {\n      setLoading(true)\n      setError(null)\n      setCustomFieldValues({})\n      try {\n        const { ok, result } = await apiCall<UserListResponse>(\n          `/api/auth/users?id=${encodeURIComponent(String(id))}&page=1&pageSize=1`,\n        )\n        if (!ok) throw new Error('load_failed')\n        const item = Array.isArray(result?.items) ? result?.items?.[0] : undefined\n        if (!cancelled) {\n          setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))\n          if (!item) {\n            setError(t('auth.users.form.errors.notFound', 'User not found'))\n            setCustomFieldValues({})\n            setInitialUser(null)\n            setSelectedTenantId(null)\n          } else {\n            setInitialUser({\n              id: item.id ? String(item.id) : String(id),\n              email: item.email ? String(item.email) : '',\n              organizationId: item.organizationId ? String(item.organizationId) : null,\n              tenantId: item.tenantId ? String(item.tenantId) : null,\n              tenantName: item.tenantName ? String(item.tenantName) : null,\n              organizationName: item.organizationName ? String(item.organizationName) : null,\n              roles: Array.isArray(item.roles)\n                ? item.roles\n                    .map((role) => (typeof role === 'string' ? role : role == null ? '' : String(role)))\n                    .filter((role) => role.trim().length > 0)\n                : [],\n            })\n            setSelectedTenantId(item.tenantId ? String(item.tenantId) : null)\n            const custom: Record<string, unknown> = {}\n            for (const [key, value] of Object.entries(item)) {\n              if (key.startsWith('cf_')) custom[key] = value as unknown\n              else if (key.startsWith('cf:')) custom[`cf_${key.slice(3)}`] = value as unknown\n            }\n            setCustomFieldValues(custom)\n          }\n        }\n      } catch (err) {\n        console.error('Failed to load user:', err)\n        if (!cancelled) setError(t('auth.users.form.errors.load', 'Failed to load user data'))\n        if (!cancelled) setCustomFieldValues({})\n      }\n      try {\n        const featureCheck = await apiCall<FeatureCheckResponse>(\n          '/api/auth/feature-check',\n          {\n            method: 'POST',\n            headers: { 'content-type': 'application/json' },\n            body: JSON.stringify({ features: ['directory.organizations.view'] }),\n          },\n          { fallback: { ok: false } },\n        )\n        if (!cancelled) setCanEditOrgs(Boolean(featureCheck.result?.ok))\n      } catch (err) {\n        console.error('Failed to check features:', err)\n      }\n      if (!cancelled) setLoading(false)\n    }\n    load()\n    return () => { cancelled = true }\n  }, [id, t])\n\n  const selectedOrgId = initialUser?.organizationId ? String(initialUser.organizationId) : null\n  const preloadedTenants = React.useMemo(() => {\n    if (!selectedTenantId) return null\n    const name = initialUser?.tenantId === selectedTenantId\n      ? (initialUser?.tenantName ?? selectedTenantId)\n      : selectedTenantId\n    return [{ id: selectedTenantId, name, isActive: true }]\n  }, [initialUser, selectedTenantId])\n\n  const loadRoleOptions = React.useCallback(async (query?: string): Promise<CrudFieldOption[]> => {\n    if (actorIsSuperAdmin) {\n      if (!selectedTenantId) return []\n      return fetchRoleOptions(query, { tenantId: selectedTenantId })\n    }\n    return fetchRoleOptions(query)\n  }, [actorIsSuperAdmin, selectedTenantId])\n\n  const fields: CrudField[] = React.useMemo(() => {\n    const items: CrudField[] = [\n      { id: 'email', label: t('auth.users.form.field.email', 'Email'), type: 'text', required: true },\n      {\n        id: 'password',\n        label: t('auth.users.form.field.password', 'Password'),\n        type: 'text',\n        description: passwordDescription,\n      },\n    ]\n    if (actorIsSuperAdmin) {\n      items.push({\n        id: 'tenantId',\n        label: t('auth.users.form.field.tenant', 'Tenant'),\n        type: 'custom',\n        required: true,\n        component: ({ value, setValue }) => {\n          const normalizedValue = typeof value === 'string'\n            ? value\n            : (typeof selectedTenantId === 'string' ? selectedTenantId : null)\n          return (\n            <TenantSelect\n              id=\"tenantId\"\n              value={normalizedValue}\n              onChange={(next) => {\n                const resolved = next ?? null\n                setValue(resolved)\n                setSelectedTenantId(resolved)\n                setAclData({ isSuperAdmin: false, features: [], organizations: null })\n              }}\n              includeEmptyOption\n              className=\"w-full h-9 rounded border px-2 text-sm\"\n              required\n              tenants={preloadedTenants}\n            />\n          )\n        },\n      })\n    }\n    items.push({\n      id: 'organizationId',\n      label: t('auth.users.form.field.organization', 'Organization'),\n      type: 'custom',\n      component: ({ id, value, setValue }) => {\n        const normalizedValue = typeof value === 'string' ? (value.length > 0 ? value : null) : null\n        return (\n          <TenantAwareOrganizationSelectInput\n            fieldId={id}\n            value={normalizedValue}\n            setValue={(next) => setValue(next ?? null)}\n            tenantId={selectedTenantId}\n            includeInactiveIds={selectedOrgId ? [selectedOrgId] : undefined}\n          />\n        )\n      },\n    })\n    items.push({ id: 'roles', label: t('auth.users.form.field.roles', 'Roles'), type: 'tags', loadOptions: loadRoleOptions })\n    return items\n  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, preloadedTenants, selectedOrgId, selectedTenantId, t])\n\n  const detailFieldIds = React.useMemo(() => {\n    const base: string[] = ['email', 'password', 'organizationId', 'roles']\n    if (actorIsSuperAdmin) base.splice(2, 0, 'tenantId')\n    return base\n  }, [actorIsSuperAdmin])\n\n  const groups: CrudFormGroup[] = React.useMemo(() => [\n    { id: 'details', title: t('auth.users.form.group.details', 'Details'), column: 1, fields: detailFieldIds },\n    { id: 'custom', title: t('auth.users.form.group.customFields', 'Custom Data'), column: 2, kind: 'customFields' },\n    {\n      id: 'acl',\n      title: t('auth.users.form.group.access', 'Access'),\n      column: 1,\n      component: () => (id\n        ? (\n          <AclEditor\n            kind=\"user\"\n            targetId={String(id)}\n            canEditOrganizations={canEditOrgs}\n            value={aclData}\n            onChange={setAclData}\n            userRoles={initialUser?.roles || []}\n            currentUserIsSuperAdmin={actorIsSuperAdmin}\n            tenantId={selectedTenantId ?? null}\n          />\n        )\n        : null),\n    },\n    {\n      id: 'dashboardWidgets',\n      title: t('auth.users.form.group.widgets', 'Dashboard Widgets'),\n      column: 2,\n      component: () => (id && initialUser\n        ? (\n          <WidgetVisibilityEditor\n            kind=\"user\"\n            targetId={String(id)}\n            tenantId={selectedTenantId ?? null}\n            organizationId={initialUser?.organizationId ?? null}\n            ref={widgetEditorRef}\n          />\n        ) : null\n      ),\n    },\n  ], [aclData, actorIsSuperAdmin, canEditOrgs, detailFieldIds, id, initialUser, selectedTenantId, t])\n\n  const initialValues = React.useMemo(() => {\n    if (initialUser) {\n      return {\n        email: initialUser.email,\n        password: '',\n        tenantId: initialUser.tenantId,\n        organizationId: initialUser.organizationId,\n        roles: initialUser.roles,\n        ...customFieldValues,\n      }\n    }\n    return {\n      email: '',\n      password: '',\n      tenantId: selectedTenantId ?? null,\n      organizationId: null,\n      roles: [],\n      ...customFieldValues,\n    }\n  }, [initialUser, customFieldValues, selectedTenantId])\n\n  return (\n    <Page>\n      <PageBody>\n        {error && (\n          <div className=\"p-4 mb-4 bg-red-50 border border-red-200 rounded text-red-800\">\n            {error}\n          </div>\n        )}\n        <CrudForm<EditUserFormValues>\n          title={t('auth.users.form.title.edit', 'Edit User')}\n          backHref=\"/backend/users\"\n          fields={fields}\n          groups={groups}\n          entityId={E.auth.user}\n          initialValues={initialValues}\n          isLoading={loading}\n          loadingMessage={t('auth.users.form.loading', 'Loading user data...')}\n          submitLabel={t('auth.users.form.action.save', 'Save')}\n          cancelHref=\"/backend/users\"\n          successRedirect={`/backend/users?flash=${encodeURIComponent(t('auth.users.flash.updated', 'User saved'))}&type=success`}\n          onSubmit={async (values) => {\n            if (!id) return\n            const customFields = collectCustomFieldValues(values)\n            const payload = {\n              id: id ? String(id) : '',\n              email: values.email,\n              password: values.password && values.password.trim() ? values.password : undefined,\n              organizationId: values.organizationId ? values.organizationId : undefined,\n              roles: Array.isArray(values.roles) ? values.roles : [],\n              ...(Object.keys(customFields).length ? { customFields } : {}),\n            }\n            await updateCrud('auth/users', payload)\n            await updateCrud('auth/users/acl', { userId: id, ...aclData }, {\n              errorMessage: t('auth.users.form.errors.aclUpdate', 'Failed to update user access control'),\n            })\n            await widgetEditorRef.current?.save()\n            try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}\n          }}\n          onDelete={async () => {\n            await deleteCrud('auth/users', String(id), {\n              errorMessage: t('auth.users.form.errors.delete', 'Failed to delete user'),\n            })\n          }}\n          deleteRedirect={`/backend/users?flash=${encodeURIComponent(t('auth.users.flash.deleted', 'User deleted'))}&type=success`}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
-  "mappings": ";AAuFI,cA8PE,YA9PF;AAtFJ,YAAY,WAAW;AACvB,SAAS,SAAS;AAClB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAA0E;AACnF,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AACvC,SAAS,gCAAgC;AACzC,SAAS,iBAA+B;AACxC,SAAS,0BAA0B;AACnC,SAAS,oBAAoB;AAC7B,SAAS,wBAAwB;AACjC,SAAS,8BAAiE;AAC1E,SAAS,YAAY;AACrB,SAAS,4BAA4B,yBAAyB;AA+C9D,SAAS,mCAAmC;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAuC;AACrC,QAAM,gBAAgB,MAAM,OAAsB,QAAQ;AAC1D,QAAM,cAAc,MAAM,OAAO,KAAK;AACtC,QAAM,eAAe,MAAM,YAAY,CAAC,SAAwB;AAC9D,aAAS,QAAQ,IAAI;AAAA,EACvB,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,YAAY,SAAS;AACxB,kBAAY,UAAU;AACtB,oBAAc,UAAU;AACxB;AAAA,IACF;AACA,QAAI,cAAc,YAAY,UAAU;AACtC,oBAAc,UAAU;AACxB,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,SACE;AAAA,IAAC;AAAA;AAAA,MACC,IAAI;AAAA,MACJ;AAAA,MACA,UAAU;AAAA,MACV,UAAQ;AAAA,MACR,oBAAkB;AAAA,MAClB,WAAU;AAAA,MACV;AAAA,MACA;AAAA;AAAA,EACF;AAEJ;AAEe,SAAR,aAA8B,EAAE,OAAO,GAAiC;AAC7E,QAAM,KAAK,QAAQ;AACnB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAA4B,IAAI;AAC5E,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,MAAM,SAAwB,IAAI;AAClF,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAAS,KAAK;AAC1D,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAkB,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAChH,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAkC,CAAC,CAAC;AAC5F,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAS,KAAK;AACtE,QAAM,kBAAkB,MAAM,OAA4C,IAAI;AAC9E,QAAM,iBAAiB,MAAM,QAAQ,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAClE,QAAM,uBAAuB,MAAM;AAAA,IACjC,MAAM,2BAA2B,gBAAgB,CAAC;AAAA,IAClD,CAAC,gBAAgB,CAAC;AAAA,EACpB;AACA,QAAM,sBAAsB,MAAM,QAAQ,MACxC,uBACI,EAAE,mCAAmC,yCAAyC,EAAE,cAAc,qBAAqB,CAAC,IACpH,QACH,CAAC,sBAAsB,CAAC,CAAC;AAE5B,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,IAAI;AACP,iBAAW,KAAK;AAChB,eAAS,EAAE,+BAA+B,qBAAqB,CAAC;AAChE;AAAA,IACF;AACA,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,2BAAqB,CAAC,CAAC;AACvB,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM;AAAA,UAC3B,sBAAsB,mBAAmB,OAAO,EAAE,CAAC,CAAC;AAAA,QACtD;AACA,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,aAAa;AACtC,cAAM,OAAO,MAAM,QAAQ,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC,IAAI;AACjE,YAAI,CAAC,WAAW;AACd,+BAAqB,QAAQ,QAAQ,YAAY,CAAC;AAClD,cAAI,CAAC,MAAM;AACT,qBAAS,EAAE,mCAAmC,gBAAgB,CAAC;AAC/D,iCAAqB,CAAC,CAAC;AACvB,2BAAe,IAAI;AACnB,gCAAoB,IAAI;AAAA,UAC1B,OAAO;AACL,2BAAe;AAAA,cACb,IAAI,KAAK,KAAK,OAAO,KAAK,EAAE,IAAI,OAAO,EAAE;AAAA,cACzC,OAAO,KAAK,QAAQ,OAAO,KAAK,KAAK,IAAI;AAAA,cACzC,gBAAgB,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,cACpE,UAAU,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AAAA,cAClD,YAAY,KAAK,aAAa,OAAO,KAAK,UAAU,IAAI;AAAA,cACxD,kBAAkB,KAAK,mBAAmB,OAAO,KAAK,gBAAgB,IAAI;AAAA,cAC1E,OAAO,MAAM,QAAQ,KAAK,KAAK,IAC3B,KAAK,MACF,IAAI,CAAC,SAAU,OAAO,SAAS,WAAW,OAAO,QAAQ,OAAO,KAAK,OAAO,IAAI,CAAE,EAClF,OAAO,CAAC,SAAS,KAAK,KAAK,EAAE,SAAS,CAAC,IAC1C,CAAC;AAAA,YACP,CAAC;AACD,gCAAoB,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI,IAAI;AAChE,kBAAM,SAAkC,CAAC;AACzC,uBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,kBAAI,IAAI,WAAW,KAAK,EAAG,QAAO,GAAG,IAAI;AAAA,uBAChC,IAAI,WAAW,KAAK,EAAG,QAAO,MAAM,IAAI,MAAM,CAAC,CAAC,EAAE,IAAI;AAAA,YACjE;AACA,iCAAqB,MAAM;AAAA,UAC7B;AAAA,QACF;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,MAAM,wBAAwB,GAAG;AACzC,YAAI,CAAC,UAAW,UAAS,EAAE,+BAA+B,0BAA0B,CAAC;AACrF,YAAI,CAAC,UAAW,sBAAqB,CAAC,CAAC;AAAA,MACzC;AACA,UAAI;AACF,cAAM,eAAe,MAAM;AAAA,UACzB;AAAA,UACA;AAAA,YACE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,YAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,CAAC,8BAA8B,EAAE,CAAC;AAAA,UACrE;AAAA,UACA,EAAE,UAAU,EAAE,IAAI,MAAM,EAAE;AAAA,QAC5B;AACA,YAAI,CAAC,UAAW,gBAAe,QAAQ,aAAa,QAAQ,EAAE,CAAC;AAAA,MACjE,SAAS,KAAK;AACZ,gBAAQ,MAAM,6BAA6B,GAAG;AAAA,MAChD;AACA,UAAI,CAAC,UAAW,YAAW,KAAK;AAAA,IAClC;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,IAAI,CAAC,CAAC;AAEV,QAAM,gBAAgB,aAAa,iBAAiB,OAAO,YAAY,cAAc,IAAI;AACzF,QAAM,mBAAmB,MAAM,QAAQ,MAAM;AAC3C,QAAI,CAAC,iBAAkB,QAAO;AAC9B,UAAM,OAAO,aAAa,aAAa,mBAClC,aAAa,cAAc,mBAC5B;AACJ,WAAO,CAAC,EAAE,IAAI,kBAAkB,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD,GAAG,CAAC,aAAa,gBAAgB,CAAC;AAElC,QAAM,kBAAkB,MAAM,YAAY,OAAO,UAA+C;AAC9F,QAAI,mBAAmB;AACrB,UAAI,CAAC,iBAAkB,QAAO,CAAC;AAC/B,aAAO,iBAAiB,OAAO,EAAE,UAAU,iBAAiB,CAAC;AAAA,IAC/D;AACA,WAAO,iBAAiB,KAAK;AAAA,EAC/B,GAAG,CAAC,mBAAmB,gBAAgB,CAAC;AAExC,QAAM,SAAsB,MAAM,QAAQ,MAAM;AAC9C,UAAM,QAAqB;AAAA,MACzB,EAAE,IAAI,SAAS,OAAO,EAAE,+BAA+B,OAAO,GAAG,MAAM,QAAQ,UAAU,KAAK;AAAA,MAC9F;AAAA,QACE,IAAI;AAAA,QACJ,OAAO,EAAE,kCAAkC,UAAU;AAAA,QACrD,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,IACF;AACA,QAAI,mBAAmB;AACrB,YAAM,KAAK;AAAA,QACT,IAAI;AAAA,QACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,QACjD,MAAM;AAAA,QACN,UAAU;AAAA,QACV,WAAW,CAAC,EAAE,OAAO,SAAS,MAAM;AAClC,gBAAM,kBAAkB,OAAO,UAAU,WACrC,QACC,OAAO,qBAAqB,WAAW,mBAAmB;AAC/D,iBACE;AAAA,YAAC;AAAA;AAAA,cACC,IAAG;AAAA,cACH,OAAO;AAAA,cACP,UAAU,CAAC,SAAS;AAClB,sBAAM,WAAW,QAAQ;AACzB,yBAAS,QAAQ;AACjB,oCAAoB,QAAQ;AAC5B,2BAAW,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAAA,cACvE;AAAA,cACA,oBAAkB;AAAA,cAClB,WAAU;AAAA,cACV,UAAQ;AAAA,cACR,SAAS;AAAA;AAAA,UACX;AAAA,QAEJ;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,KAAK;AAAA,MACT,IAAI;AAAA,MACJ,OAAO,EAAE,sCAAsC,cAAc;AAAA,MAC7D,MAAM;AAAA,MACN,WAAW,CAAC,EAAE,IAAAA,KAAI,OAAO,SAAS,MAAM;AACtC,cAAM,kBAAkB,OAAO,UAAU,WAAY,MAAM,SAAS,IAAI,QAAQ,OAAQ;AACxF,eACE;AAAA,UAAC;AAAA;AAAA,YACC,SAASA;AAAA,YACT,OAAO;AAAA,YACP,UAAU,CAAC,SAAS,SAAS,QAAQ,IAAI;AAAA,YACzC,UAAU;AAAA,YACV,oBAAoB,gBAAgB,CAAC,aAAa,IAAI;AAAA;AAAA,QACxD;AAAA,MAEJ;AAAA,IACF,CAAC;AACD,UAAM,KAAK,EAAE,IAAI,SAAS,OAAO,EAAE,+BAA+B,OAAO,GAAG,MAAM,QAAQ,aAAa,gBAAgB,CAAC;AACxH,WAAO;AAAA,EACT,GAAG,CAAC,mBAAmB,iBAAiB,qBAAqB,kBAAkB,eAAe,kBAAkB,CAAC,CAAC;AAElH,QAAM,iBAAiB,MAAM,QAAQ,MAAM;AACzC,UAAM,OAAiB,CAAC,SAAS,YAAY,kBAAkB,OAAO;AACtE,QAAI,kBAAmB,MAAK,OAAO,GAAG,GAAG,UAAU;AACnD,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,CAAC;AAEtB,QAAM,SAA0B,MAAM,QAAQ,MAAM;AAAA,IAClD,EAAE,IAAI,WAAW,OAAO,EAAE,iCAAiC,SAAS,GAAG,QAAQ,GAAG,QAAQ,eAAe;AAAA,IACzG,EAAE,IAAI,UAAU,OAAO,EAAE,sCAAsC,aAAa,GAAG,QAAQ,GAAG,MAAM,eAAe;AAAA,IAC/G;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,MACjD,QAAQ;AAAA,MACR,WAAW,MAAO,KAEd;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,sBAAsB;AAAA,UACtB,OAAO;AAAA,UACP,UAAU;AAAA,UACV,WAAW,aAAa,SAAS,CAAC;AAAA,UAClC,yBAAyB;AAAA,UACzB,UAAU,oBAAoB;AAAA;AAAA,MAChC,IAEA;AAAA,IACN;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,iCAAiC,mBAAmB;AAAA,MAC7D,QAAQ;AAAA,MACR,WAAW,MAAO,MAAM,cAEpB;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,UAAU,oBAAoB;AAAA,UAC9B,gBAAgB,aAAa,kBAAkB;AAAA,UAC/C,KAAK;AAAA;AAAA,MACP,IACE;AAAA,IAER;AAAA,EACF,GAAG,CAAC,SAAS,mBAAmB,aAAa,gBAAgB,IAAI,aAAa,kBAAkB,CAAC,CAAC;AAElG,QAAM,gBAAgB,MAAM,QAAQ,MAAM;AACxC,QAAI,aAAa;AACf,aAAO;AAAA,QACL,OAAO,YAAY;AAAA,QACnB,UAAU;AAAA,QACV,UAAU,YAAY;AAAA,QACtB,gBAAgB,YAAY;AAAA,QAC5B,OAAO,YAAY;AAAA,QACnB,GAAG;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU,oBAAoB;AAAA,MAC9B,gBAAgB;AAAA,MAChB,OAAO,CAAC;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF,GAAG,CAAC,aAAa,mBAAmB,gBAAgB,CAAC;AAErD,SACE,oBAAC,QACC,+BAAC,YACE;AAAA,aACC,oBAAC,SAAI,WAAU,iEACZ,iBACH;AAAA,IAEF;AAAA,MAAC;AAAA;AAAA,QACC,OAAO,EAAE,8BAA8B,WAAW;AAAA,QAClD,UAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,UAAU,EAAE,KAAK;AAAA,QACjB;AAAA,QACA,WAAW;AAAA,QACX,gBAAgB,EAAE,2BAA2B,sBAAsB;AAAA,QACnE,aAAa,EAAE,+BAA+B,MAAM;AAAA,QACpD,YAAW;AAAA,QACX,iBAAiB,wBAAwB,mBAAmB,EAAE,4BAA4B,YAAY,CAAC,CAAC;AAAA,QACxG,UAAU,OAAO,WAAW;AAC1B,cAAI,CAAC,GAAI;AACT,gBAAM,eAAe,yBAAyB,MAAM;AACpD,gBAAM,UAAU;AAAA,YACd,IAAI,KAAK,OAAO,EAAE,IAAI;AAAA,YACtB,OAAO,OAAO;AAAA,YACd,UAAU,OAAO,YAAY,OAAO,SAAS,KAAK,IAAI,OAAO,WAAW;AAAA,YACxE,gBAAgB,OAAO,iBAAiB,OAAO,iBAAiB;AAAA,YAChE,OAAO,MAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,QAAQ,CAAC;AAAA,YACrD,GAAI,OAAO,KAAK,YAAY,EAAE,SAAS,EAAE,aAAa,IAAI,CAAC;AAAA,UAC7D;AACA,gBAAM,WAAW,cAAc,OAAO;AACtC,gBAAM,WAAW,kBAAkB,EAAE,QAAQ,IAAI,GAAG,QAAQ,GAAG;AAAA,YAC7D,cAAc,EAAE,oCAAoC,sCAAsC;AAAA,UAC5F,CAAC;AACD,gBAAM,gBAAgB,SAAS,KAAK;AACpC,cAAI;AAAE,mBAAO,cAAc,IAAI,MAAM,oBAAoB,CAAC;AAAA,UAAE,QAAQ;AAAA,UAAC;AAAA,QACvE;AAAA,QACA,UAAU,YAAY;AACpB,gBAAM,WAAW,cAAc,OAAO,EAAE,GAAG;AAAA,YACzC,cAAc,EAAE,iCAAiC,uBAAuB;AAAA,UAC1E,CAAC;AAAA,QACH;AAAA,QACA,gBAAgB,wBAAwB,mBAAmB,EAAE,4BAA4B,cAAc,CAAC,CAAC;AAAA;AAAA,IAC3G;AAAA,KACF,GACF;AAEJ;",
+  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { E } from '#generated/entities.ids.generated'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField, type CrudFormGroup, type CrudFieldOption } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'\nimport { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'\nimport { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'\nimport { OrganizationSelect } from '@open-mercato/core/modules/directory/components/OrganizationSelect'\nimport { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'\nimport { fetchRoleOptions } from '@open-mercato/core/modules/auth/backend/users/roleOptions'\nimport { WidgetVisibilityEditor } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype EditUserFormValues = {\n  email: string\n  password: string\n  tenantId: string | null\n  organizationId: string | null\n  roles: string[]\n} & Record<string, unknown>\n\ntype LoadedUser = {\n  id: string\n  email: string\n  organizationId: string | null\n  tenantId: string | null\n  tenantName: string | null\n  organizationName: string | null\n  roles: string[]\n}\n\ntype UserApiItem = {\n  id?: string | null\n  email?: string | null\n  organizationId?: string | null\n  tenantId?: string | null\n  tenantName?: string | null\n  organizationName?: string | null\n  roles?: unknown\n}\n\ntype UserListResponse = {\n  items?: UserApiItem[]\n  isSuperAdmin?: boolean\n}\n\ntype FeatureCheckResponse = {\n  ok?: boolean\n}\n\ntype TenantAwareOrganizationSelectProps = {\n  fieldId: string\n  value: string | null\n  setValue: (value: string | null) => void\n  tenantId: string | null\n  includeInactiveIds?: Iterable<string | null | undefined>\n}\n\nfunction TenantAwareOrganizationSelectInput({\n  fieldId,\n  value,\n  setValue,\n  tenantId,\n  includeInactiveIds,\n}: TenantAwareOrganizationSelectProps) {\n  const prevTenantRef = React.useRef<string | null>(tenantId)\n  const hydratedRef = React.useRef(false)\n  const handleChange = React.useCallback((next: string | null) => {\n    setValue(next ?? null)\n  }, [setValue])\n\n  React.useEffect(() => {\n    if (!hydratedRef.current) {\n      hydratedRef.current = true\n      prevTenantRef.current = tenantId\n      return\n    }\n    if (prevTenantRef.current !== tenantId) {\n      prevTenantRef.current = tenantId\n      setValue(null)\n    }\n  }, [tenantId, setValue])\n\n  return (\n    <OrganizationSelect\n      id={fieldId}\n      value={value}\n      onChange={handleChange}\n      required\n      includeEmptyOption\n      className=\"w-full h-9 rounded border px-2 text-sm\"\n      includeInactiveIds={includeInactiveIds}\n      tenantId={tenantId}\n    />\n  )\n}\n\nexport default function EditUserPage({ params }: { params?: { id?: string } }) {\n  const id = params?.id\n  const t = useT()\n  const [initialUser, setInitialUser] = React.useState<LoadedUser | null>(null)\n  const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)\n  const [loading, setLoading] = React.useState(true)\n  const [error, setError] = React.useState<string | null>(null)\n  const [canEditOrgs, setCanEditOrgs] = React.useState(false)\n  const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })\n  const [customFieldValues, setCustomFieldValues] = React.useState<Record<string, unknown>>({})\n  const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)\n\n  React.useEffect(() => {\n    if (!id) {\n      setLoading(false)\n      setError(t('auth.users.form.errors.noId', 'No user ID provided'))\n      return\n    }\n    let cancelled = false\n    async function load() {\n      setLoading(true)\n      setError(null)\n      setCustomFieldValues({})\n      try {\n        const { ok, result } = await apiCall<UserListResponse>(\n          `/api/auth/users?id=${encodeURIComponent(String(id))}&page=1&pageSize=1`,\n        )\n        if (!ok) throw new Error('load_failed')\n        const item = Array.isArray(result?.items) ? result?.items?.[0] : undefined\n        if (!cancelled) {\n          setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))\n          if (!item) {\n            setError(t('auth.users.form.errors.notFound', 'User not found'))\n            setCustomFieldValues({})\n            setInitialUser(null)\n            setSelectedTenantId(null)\n          } else {\n            setInitialUser({\n              id: item.id ? String(item.id) : String(id),\n              email: item.email ? String(item.email) : '',\n              organizationId: item.organizationId ? String(item.organizationId) : null,\n              tenantId: item.tenantId ? String(item.tenantId) : null,\n              tenantName: item.tenantName ? String(item.tenantName) : null,\n              organizationName: item.organizationName ? String(item.organizationName) : null,\n              roles: Array.isArray(item.roles)\n                ? item.roles\n                    .map((role) => (typeof role === 'string' ? role : role == null ? '' : String(role)))\n                    .filter((role) => role.trim().length > 0)\n                : [],\n            })\n            setSelectedTenantId(item.tenantId ? String(item.tenantId) : null)\n            const custom: Record<string, unknown> = {}\n            for (const [key, value] of Object.entries(item)) {\n              if (key.startsWith('cf_')) custom[key] = value as unknown\n              else if (key.startsWith('cf:')) custom[`cf_${key.slice(3)}`] = value as unknown\n            }\n            setCustomFieldValues(custom)\n          }\n        }\n      } catch (err) {\n        console.error('Failed to load user:', err)\n        if (!cancelled) setError(t('auth.users.form.errors.load', 'Failed to load user data'))\n        if (!cancelled) setCustomFieldValues({})\n      }\n      try {\n        const featureCheck = await apiCall<FeatureCheckResponse>(\n          '/api/auth/feature-check',\n          {\n            method: 'POST',\n            headers: { 'content-type': 'application/json' },\n            body: JSON.stringify({ features: ['directory.organizations.view'] }),\n          },\n          { fallback: { ok: false } },\n        )\n        if (!cancelled) setCanEditOrgs(Boolean(featureCheck.result?.ok))\n      } catch (err) {\n        console.error('Failed to check features:', err)\n      }\n      if (!cancelled) setLoading(false)\n    }\n    load()\n    return () => { cancelled = true }\n  }, [id, t])\n\n  const selectedOrgId = initialUser?.organizationId ? String(initialUser.organizationId) : null\n  const preloadedTenants = React.useMemo(() => {\n    if (!selectedTenantId) return null\n    const name = initialUser?.tenantId === selectedTenantId\n      ? (initialUser?.tenantName ?? selectedTenantId)\n      : selectedTenantId\n    return [{ id: selectedTenantId, name, isActive: true }]\n  }, [initialUser, selectedTenantId])\n\n  const loadRoleOptions = React.useCallback(async (query?: string): Promise<CrudFieldOption[]> => {\n    if (actorIsSuperAdmin) {\n      if (!selectedTenantId) return []\n      return fetchRoleOptions(query, { tenantId: selectedTenantId })\n    }\n    return fetchRoleOptions(query)\n  }, [actorIsSuperAdmin, selectedTenantId])\n\n  const fields: CrudField[] = React.useMemo(() => {\n    const items: CrudField[] = [\n      { id: 'email', label: t('auth.users.form.field.email', 'Email'), type: 'text', required: true },\n      { id: 'password', label: t('auth.users.form.field.password', 'Password'), type: 'text' },\n    ]\n    if (actorIsSuperAdmin) {\n      items.push({\n        id: 'tenantId',\n        label: t('auth.users.form.field.tenant', 'Tenant'),\n        type: 'custom',\n        required: true,\n        component: ({ value, setValue }) => {\n          const normalizedValue = typeof value === 'string'\n            ? value\n            : (typeof selectedTenantId === 'string' ? selectedTenantId : null)\n          return (\n            <TenantSelect\n              id=\"tenantId\"\n              value={normalizedValue}\n              onChange={(next) => {\n                const resolved = next ?? null\n                setValue(resolved)\n                setSelectedTenantId(resolved)\n                setAclData({ isSuperAdmin: false, features: [], organizations: null })\n              }}\n              includeEmptyOption\n              className=\"w-full h-9 rounded border px-2 text-sm\"\n              required\n              tenants={preloadedTenants}\n            />\n          )\n        },\n      })\n    }\n    items.push({\n      id: 'organizationId',\n      label: t('auth.users.form.field.organization', 'Organization'),\n      type: 'custom',\n      component: ({ id, value, setValue }) => {\n        const normalizedValue = typeof value === 'string' ? (value.length > 0 ? value : null) : null\n        return (\n          <TenantAwareOrganizationSelectInput\n            fieldId={id}\n            value={normalizedValue}\n            setValue={(next) => setValue(next ?? null)}\n            tenantId={selectedTenantId}\n            includeInactiveIds={selectedOrgId ? [selectedOrgId] : undefined}\n          />\n        )\n      },\n    })\n    items.push({ id: 'roles', label: t('auth.users.form.field.roles', 'Roles'), type: 'tags', loadOptions: loadRoleOptions })\n    return items\n  }, [actorIsSuperAdmin, loadRoleOptions, preloadedTenants, selectedOrgId, selectedTenantId, t])\n\n  const detailFieldIds = React.useMemo(() => {\n    const base: string[] = ['email', 'password', 'organizationId', 'roles']\n    if (actorIsSuperAdmin) base.splice(2, 0, 'tenantId')\n    return base\n  }, [actorIsSuperAdmin])\n\n  const groups: CrudFormGroup[] = React.useMemo(() => [\n    { id: 'details', title: t('auth.users.form.group.details', 'Details'), column: 1, fields: detailFieldIds },\n    { id: 'custom', title: t('auth.users.form.group.customFields', 'Custom Data'), column: 2, kind: 'customFields' },\n    {\n      id: 'acl',\n      title: t('auth.users.form.group.access', 'Access'),\n      column: 1,\n      component: () => (id\n        ? (\n          <AclEditor\n            kind=\"user\"\n            targetId={String(id)}\n            canEditOrganizations={canEditOrgs}\n            value={aclData}\n            onChange={setAclData}\n            userRoles={initialUser?.roles || []}\n            currentUserIsSuperAdmin={actorIsSuperAdmin}\n            tenantId={selectedTenantId ?? null}\n          />\n        )\n        : null),\n    },\n    {\n      id: 'dashboardWidgets',\n      title: t('auth.users.form.group.widgets', 'Dashboard Widgets'),\n      column: 2,\n      component: () => (id && initialUser\n        ? (\n          <WidgetVisibilityEditor\n            kind=\"user\"\n            targetId={String(id)}\n            tenantId={selectedTenantId ?? null}\n            organizationId={initialUser?.organizationId ?? null}\n          />\n        ) : null\n      ),\n    },\n  ], [aclData, actorIsSuperAdmin, canEditOrgs, detailFieldIds, id, initialUser, selectedTenantId, t])\n\n  const initialValues = React.useMemo(() => {\n    if (initialUser) {\n      return {\n        email: initialUser.email,\n        password: '',\n        tenantId: initialUser.tenantId,\n        organizationId: initialUser.organizationId,\n        roles: initialUser.roles,\n        ...customFieldValues,\n      }\n    }\n    return {\n      email: '',\n      password: '',\n      tenantId: selectedTenantId ?? null,\n      organizationId: null,\n      roles: [],\n      ...customFieldValues,\n    }\n  }, [initialUser, customFieldValues, selectedTenantId])\n\n  return (\n    <Page>\n      <PageBody>\n        {error && (\n          <div className=\"p-4 mb-4 bg-red-50 border border-red-200 rounded text-red-800\">\n            {error}\n          </div>\n        )}\n        <CrudForm<EditUserFormValues>\n          title={t('auth.users.form.title.edit', 'Edit User')}\n          backHref=\"/backend/users\"\n          fields={fields}\n          groups={groups}\n          entityId={E.auth.user}\n          initialValues={initialValues}\n          isLoading={loading}\n          loadingMessage={t('auth.users.form.loading', 'Loading user data...')}\n          submitLabel={t('auth.users.form.action.save', 'Save')}\n          cancelHref=\"/backend/users\"\n          successRedirect={`/backend/users?flash=${encodeURIComponent(t('auth.users.flash.updated', 'User saved'))}&type=success`}\n          onSubmit={async (values) => {\n            if (!id) return\n            const customFields = collectCustomFieldValues(values)\n            const payload = {\n              id: id ? String(id) : '',\n              email: values.email,\n              password: values.password && values.password.trim() ? values.password : undefined,\n              organizationId: values.organizationId ? values.organizationId : undefined,\n              roles: Array.isArray(values.roles) ? values.roles : [],\n              ...(Object.keys(customFields).length ? { customFields } : {}),\n            }\n            await updateCrud('auth/users', payload)\n            await updateCrud('auth/users/acl', { userId: id, ...aclData }, {\n              errorMessage: t('auth.users.form.errors.aclUpdate', 'Failed to update user access control'),\n            })\n            try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}\n          }}\n          onDelete={async () => {\n            await deleteCrud('auth/users', String(id), {\n              errorMessage: t('auth.users.form.errors.delete', 'Failed to delete user'),\n            })\n          }}\n          deleteRedirect={`/backend/users?flash=${encodeURIComponent(t('auth.users.flash.deleted', 'User deleted'))}&type=success`}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AAsFI,cA6OE,YA7OF;AArFJ,YAAY,WAAW;AACvB,SAAS,SAAS;AAClB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAA0E;AACnF,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AACvC,SAAS,gCAAgC;AACzC,SAAS,iBAA+B;AACxC,SAAS,0BAA0B;AACnC,SAAS,oBAAoB;AAC7B,SAAS,wBAAwB;AACjC,SAAS,8BAA8B;AACvC,SAAS,YAAY;AA+CrB,SAAS,mCAAmC;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAuC;AACrC,QAAM,gBAAgB,MAAM,OAAsB,QAAQ;AAC1D,QAAM,cAAc,MAAM,OAAO,KAAK;AACtC,QAAM,eAAe,MAAM,YAAY,CAAC,SAAwB;AAC9D,aAAS,QAAQ,IAAI;AAAA,EACvB,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,YAAY,SAAS;AACxB,kBAAY,UAAU;AACtB,oBAAc,UAAU;AACxB;AAAA,IACF;AACA,QAAI,cAAc,YAAY,UAAU;AACtC,oBAAc,UAAU;AACxB,eAAS,IAAI;AAAA,IACf;AAAA,EACF,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,SACE;AAAA,IAAC;AAAA;AAAA,MACC,IAAI;AAAA,MACJ;AAAA,MACA,UAAU;AAAA,MACV,UAAQ;AAAA,MACR,oBAAkB;AAAA,MAClB,WAAU;AAAA,MACV;AAAA,MACA;AAAA;AAAA,EACF;AAEJ;AAEe,SAAR,aAA8B,EAAE,OAAO,GAAiC;AAC7E,QAAM,KAAK,QAAQ;AACnB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAA4B,IAAI;AAC5E,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,MAAM,SAAwB,IAAI;AAClF,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,aAAa,cAAc,IAAI,MAAM,SAAS,KAAK;AAC1D,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAkB,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAChH,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAkC,CAAC,CAAC;AAC5F,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAS,KAAK;AAEtE,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,IAAI;AACP,iBAAW,KAAK;AAChB,eAAS,EAAE,+BAA+B,qBAAqB,CAAC;AAChE;AAAA,IACF;AACA,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,2BAAqB,CAAC,CAAC;AACvB,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM;AAAA,UAC3B,sBAAsB,mBAAmB,OAAO,EAAE,CAAC,CAAC;AAAA,QACtD;AACA,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,aAAa;AACtC,cAAM,OAAO,MAAM,QAAQ,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC,IAAI;AACjE,YAAI,CAAC,WAAW;AACd,+BAAqB,QAAQ,QAAQ,YAAY,CAAC;AAClD,cAAI,CAAC,MAAM;AACT,qBAAS,EAAE,mCAAmC,gBAAgB,CAAC;AAC/D,iCAAqB,CAAC,CAAC;AACvB,2BAAe,IAAI;AACnB,gCAAoB,IAAI;AAAA,UAC1B,OAAO;AACL,2BAAe;AAAA,cACb,IAAI,KAAK,KAAK,OAAO,KAAK,EAAE,IAAI,OAAO,EAAE;AAAA,cACzC,OAAO,KAAK,QAAQ,OAAO,KAAK,KAAK,IAAI;AAAA,cACzC,gBAAgB,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,cACpE,UAAU,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AAAA,cAClD,YAAY,KAAK,aAAa,OAAO,KAAK,UAAU,IAAI;AAAA,cACxD,kBAAkB,KAAK,mBAAmB,OAAO,KAAK,gBAAgB,IAAI;AAAA,cAC1E,OAAO,MAAM,QAAQ,KAAK,KAAK,IAC3B,KAAK,MACF,IAAI,CAAC,SAAU,OAAO,SAAS,WAAW,OAAO,QAAQ,OAAO,KAAK,OAAO,IAAI,CAAE,EAClF,OAAO,CAAC,SAAS,KAAK,KAAK,EAAE,SAAS,CAAC,IAC1C,CAAC;AAAA,YACP,CAAC;AACD,gCAAoB,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI,IAAI;AAChE,kBAAM,SAAkC,CAAC;AACzC,uBAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,kBAAI,IAAI,WAAW,KAAK,EAAG,QAAO,GAAG,IAAI;AAAA,uBAChC,IAAI,WAAW,KAAK,EAAG,QAAO,MAAM,IAAI,MAAM,CAAC,CAAC,EAAE,IAAI;AAAA,YACjE;AACA,iCAAqB,MAAM;AAAA,UAC7B;AAAA,QACF;AAAA,MACF,SAAS,KAAK;AACZ,gBAAQ,MAAM,wBAAwB,GAAG;AACzC,YAAI,CAAC,UAAW,UAAS,EAAE,+BAA+B,0BAA0B,CAAC;AACrF,YAAI,CAAC,UAAW,sBAAqB,CAAC,CAAC;AAAA,MACzC;AACA,UAAI;AACF,cAAM,eAAe,MAAM;AAAA,UACzB;AAAA,UACA;AAAA,YACE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,YAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,CAAC,8BAA8B,EAAE,CAAC;AAAA,UACrE;AAAA,UACA,EAAE,UAAU,EAAE,IAAI,MAAM,EAAE;AAAA,QAC5B;AACA,YAAI,CAAC,UAAW,gBAAe,QAAQ,aAAa,QAAQ,EAAE,CAAC;AAAA,MACjE,SAAS,KAAK;AACZ,gBAAQ,MAAM,6BAA6B,GAAG;AAAA,MAChD;AACA,UAAI,CAAC,UAAW,YAAW,KAAK;AAAA,IAClC;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,IAAI,CAAC,CAAC;AAEV,QAAM,gBAAgB,aAAa,iBAAiB,OAAO,YAAY,cAAc,IAAI;AACzF,QAAM,mBAAmB,MAAM,QAAQ,MAAM;AAC3C,QAAI,CAAC,iBAAkB,QAAO;AAC9B,UAAM,OAAO,aAAa,aAAa,mBAClC,aAAa,cAAc,mBAC5B;AACJ,WAAO,CAAC,EAAE,IAAI,kBAAkB,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD,GAAG,CAAC,aAAa,gBAAgB,CAAC;AAElC,QAAM,kBAAkB,MAAM,YAAY,OAAO,UAA+C;AAC9F,QAAI,mBAAmB;AACrB,UAAI,CAAC,iBAAkB,QAAO,CAAC;AAC/B,aAAO,iBAAiB,OAAO,EAAE,UAAU,iBAAiB,CAAC;AAAA,IAC/D;AACA,WAAO,iBAAiB,KAAK;AAAA,EAC/B,GAAG,CAAC,mBAAmB,gBAAgB,CAAC;AAExC,QAAM,SAAsB,MAAM,QAAQ,MAAM;AAC9C,UAAM,QAAqB;AAAA,MACzB,EAAE,IAAI,SAAS,OAAO,EAAE,+BAA+B,OAAO,GAAG,MAAM,QAAQ,UAAU,KAAK;AAAA,MAC9F,EAAE,IAAI,YAAY,OAAO,EAAE,kCAAkC,UAAU,GAAG,MAAM,OAAO;AAAA,IACzF;AACA,QAAI,mBAAmB;AACrB,YAAM,KAAK;AAAA,QACT,IAAI;AAAA,QACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,QACjD,MAAM;AAAA,QACN,UAAU;AAAA,QACV,WAAW,CAAC,EAAE,OAAO,SAAS,MAAM;AAClC,gBAAM,kBAAkB,OAAO,UAAU,WACrC,QACC,OAAO,qBAAqB,WAAW,mBAAmB;AAC/D,iBACE;AAAA,YAAC;AAAA;AAAA,cACC,IAAG;AAAA,cACH,OAAO;AAAA,cACP,UAAU,CAAC,SAAS;AAClB,sBAAM,WAAW,QAAQ;AACzB,yBAAS,QAAQ;AACjB,oCAAoB,QAAQ;AAC5B,2BAAW,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAAA,cACvE;AAAA,cACA,oBAAkB;AAAA,cAClB,WAAU;AAAA,cACV,UAAQ;AAAA,cACR,SAAS;AAAA;AAAA,UACX;AAAA,QAEJ;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,KAAK;AAAA,MACT,IAAI;AAAA,MACJ,OAAO,EAAE,sCAAsC,cAAc;AAAA,MAC7D,MAAM;AAAA,MACN,WAAW,CAAC,EAAE,IAAAA,KAAI,OAAO,SAAS,MAAM;AACtC,cAAM,kBAAkB,OAAO,UAAU,WAAY,MAAM,SAAS,IAAI,QAAQ,OAAQ;AACxF,eACE;AAAA,UAAC;AAAA;AAAA,YACC,SAASA;AAAA,YACT,OAAO;AAAA,YACP,UAAU,CAAC,SAAS,SAAS,QAAQ,IAAI;AAAA,YACzC,UAAU;AAAA,YACV,oBAAoB,gBAAgB,CAAC,aAAa,IAAI;AAAA;AAAA,QACxD;AAAA,MAEJ;AAAA,IACF,CAAC;AACD,UAAM,KAAK,EAAE,IAAI,SAAS,OAAO,EAAE,+BAA+B,OAAO,GAAG,MAAM,QAAQ,aAAa,gBAAgB,CAAC;AACxH,WAAO;AAAA,EACT,GAAG,CAAC,mBAAmB,iBAAiB,kBAAkB,eAAe,kBAAkB,CAAC,CAAC;AAE7F,QAAM,iBAAiB,MAAM,QAAQ,MAAM;AACzC,UAAM,OAAiB,CAAC,SAAS,YAAY,kBAAkB,OAAO;AACtE,QAAI,kBAAmB,MAAK,OAAO,GAAG,GAAG,UAAU;AACnD,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,CAAC;AAEtB,QAAM,SAA0B,MAAM,QAAQ,MAAM;AAAA,IAClD,EAAE,IAAI,WAAW,OAAO,EAAE,iCAAiC,SAAS,GAAG,QAAQ,GAAG,QAAQ,eAAe;AAAA,IACzG,EAAE,IAAI,UAAU,OAAO,EAAE,sCAAsC,aAAa,GAAG,QAAQ,GAAG,MAAM,eAAe;AAAA,IAC/G;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,MACjD,QAAQ;AAAA,MACR,WAAW,MAAO,KAEd;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,sBAAsB;AAAA,UACtB,OAAO;AAAA,UACP,UAAU;AAAA,UACV,WAAW,aAAa,SAAS,CAAC;AAAA,UAClC,yBAAyB;AAAA,UACzB,UAAU,oBAAoB;AAAA;AAAA,MAChC,IAEA;AAAA,IACN;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,iCAAiC,mBAAmB;AAAA,MAC7D,QAAQ;AAAA,MACR,WAAW,MAAO,MAAM,cAEpB;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,UAAU,oBAAoB;AAAA,UAC9B,gBAAgB,aAAa,kBAAkB;AAAA;AAAA,MACjD,IACE;AAAA,IAER;AAAA,EACF,GAAG,CAAC,SAAS,mBAAmB,aAAa,gBAAgB,IAAI,aAAa,kBAAkB,CAAC,CAAC;AAElG,QAAM,gBAAgB,MAAM,QAAQ,MAAM;AACxC,QAAI,aAAa;AACf,aAAO;AAAA,QACL,OAAO,YAAY;AAAA,QACnB,UAAU;AAAA,QACV,UAAU,YAAY;AAAA,QACtB,gBAAgB,YAAY;AAAA,QAC5B,OAAO,YAAY;AAAA,QACnB,GAAG;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU,oBAAoB;AAAA,MAC9B,gBAAgB;AAAA,MAChB,OAAO,CAAC;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF,GAAG,CAAC,aAAa,mBAAmB,gBAAgB,CAAC;AAErD,SACE,oBAAC,QACC,+BAAC,YACE;AAAA,aACC,oBAAC,SAAI,WAAU,iEACZ,iBACH;AAAA,IAEF;AAAA,MAAC;AAAA;AAAA,QACC,OAAO,EAAE,8BAA8B,WAAW;AAAA,QAClD,UAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,UAAU,EAAE,KAAK;AAAA,QACjB;AAAA,QACA,WAAW;AAAA,QACX,gBAAgB,EAAE,2BAA2B,sBAAsB;AAAA,QACnE,aAAa,EAAE,+BAA+B,MAAM;AAAA,QACpD,YAAW;AAAA,QACX,iBAAiB,wBAAwB,mBAAmB,EAAE,4BAA4B,YAAY,CAAC,CAAC;AAAA,QACxG,UAAU,OAAO,WAAW;AAC1B,cAAI,CAAC,GAAI;AACT,gBAAM,eAAe,yBAAyB,MAAM;AACpD,gBAAM,UAAU;AAAA,YACd,IAAI,KAAK,OAAO,EAAE,IAAI;AAAA,YACtB,OAAO,OAAO;AAAA,YACd,UAAU,OAAO,YAAY,OAAO,SAAS,KAAK,IAAI,OAAO,WAAW;AAAA,YACxE,gBAAgB,OAAO,iBAAiB,OAAO,iBAAiB;AAAA,YAChE,OAAO,MAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,QAAQ,CAAC;AAAA,YACrD,GAAI,OAAO,KAAK,YAAY,EAAE,SAAS,EAAE,aAAa,IAAI,CAAC;AAAA,UAC7D;AACA,gBAAM,WAAW,cAAc,OAAO;AACtC,gBAAM,WAAW,kBAAkB,EAAE,QAAQ,IAAI,GAAG,QAAQ,GAAG;AAAA,YAC7D,cAAc,EAAE,oCAAoC,sCAAsC;AAAA,UAC5F,CAAC;AACD,cAAI;AAAE,mBAAO,cAAc,IAAI,MAAM,oBAAoB,CAAC;AAAA,UAAE,QAAQ;AAAA,UAAC;AAAA,QACvE;AAAA,QACA,UAAU,YAAY;AACpB,gBAAM,WAAW,cAAc,OAAO,EAAE,GAAG;AAAA,YACzC,cAAc,EAAE,iCAAiC,uBAAuB;AAAA,UAC1E,CAAC;AAAA,QACH;AAAA,QACA,gBAAgB,wBAAwB,mBAAmB,EAAE,4BAA4B,cAAc,CAAC,CAAC;AAAA;AAAA,IAC3G;AAAA,KACF,GACF;AAEJ;",
   "names": ["id"]
 }

package/dist/modules/auth/backend/users/create/page.js

@@ -12,7 +12,6 @@ import { TenantSelect } from "@open-mercato/core/modules/directory/components/Te
 import { fetchRoleOptions } from "@open-mercato/core/modules/auth/backend/users/roleOptions";
 import { Spinner } from "@open-mercato/ui/primitives/spinner";
 import { useT } from "@open-mercato/shared/lib/i18n/context";
-import { formatPasswordRequirements, getPasswordPolicy } from "@open-mercato/shared/lib/auth/passwordPolicy";
 function TenantAwareOrganizationSelectInput({
   fieldId,
   value,
@@ -59,12 +58,6 @@ function CreateUserPage() {
   const [selectedWidgets, setSelectedWidgets] = React.useState([]);
   const [selectedTenantId, setSelectedTenantId] = React.useState(null);
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false);
-  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), []);
-  const passwordRequirements = React.useMemo(
-    () => formatPasswordRequirements(passwordPolicy, t),
-    [passwordPolicy, t]
-  );
-  const passwordDescription = React.useMemo(() => passwordRequirements ? t("auth.password.requirements.help", "Password requirements: {requirements}", { requirements: passwordRequirements }) : void 0, [passwordRequirements, t]);
   React.useEffect(() => {
     let cancelled = false;
     async function loadCatalog() {
@@ -134,13 +127,7 @@ function CreateUserPage() {
   const fields = React.useMemo(() => {
     const items = [
       { id: "email", label: t("auth.users.form.field.email", "Email"), type: "text", required: true },
-      {
-        id: "password",
-        label: t("auth.users.form.field.password", "Password"),
-        type: "text",
-        required: true,
-        description: passwordDescription
-      }
+      { id: "password", label: t("auth.users.form.field.password", "Password"), type: "text", required: true }
     ];
     if (actorIsSuperAdmin) {
       items.push({
@@ -187,7 +174,7 @@ function CreateUserPage() {
     });
     items.push({ id: "roles", label: t("auth.users.form.field.roles", "Roles"), type: "tags", loadOptions: loadRoleOptions });
     return items;
-  }, [actorIsSuperAdmin, loadRoleOptions, passwordDescription, selectedTenantId, t]);
+  }, [actorIsSuperAdmin, loadRoleOptions, selectedTenantId, t]);
   const detailFieldIds = React.useMemo(() => {
     const base = ["email", "password", "organizationId", "roles"];
     if (actorIsSuperAdmin) base.splice(2, 0, "tenantId");