npm - @open-mercato/core - Versions diffs - 0.4.2-canary-bdaa640a68 → 0.4.2-canary-3b5064ce72 - Mend

@open-mercato/core 0.4.2-canary-bdaa640a68 → 0.4.2-canary-3b5064ce72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (497) hide show

package/dist/modules/auth/api/sidebar/preferences/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/modules/auth/api/sidebar/preferences/route.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { sidebarPreferencesInputSchema } from '../../../data/validators'\nimport {\n  loadRoleSidebarPreferences,\n  loadSidebarPreference,\n  saveRoleSidebarPreference,\n  saveSidebarPreference,\n} from '../../../services/sidebarPreferencesService'\nimport { SIDEBAR_PREFERENCES_VERSION } from '@open-mercato/shared/modules/navigation/sidebarPreferences'\nimport { Role, RoleSidebarPreference } from '../../../data/entities'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { z } from 'zod'\n\nexport const metadata = {\n  GET: { requireAuth: true },\n  PUT: { requireAuth: true },\n}\n\nconst sidebarSettingsSchema = z.object({\n  version: z.number().int().positive(),\n  groupOrder: z.array(z.string()),\n  groupLabels: z.record(z.string(), z.string()),\n  itemLabels: z.record(z.string(), z.string()),\n  hiddenItems: z.array(z.string()),\n})\n\nconst sidebarRoleEntrySchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  hasPreference: z.boolean(),\n})\n\nconst sidebarPreferencesResponseSchema = z.object({\n  locale: z.string(),\n  settings: sidebarSettingsSchema,\n  canApplyToRoles: z.boolean(),\n  roles: z.array(sidebarRoleEntrySchema),\n})\n\nconst sidebarPreferencesUpdateResponseSchema = sidebarPreferencesResponseSchema.extend({\n  appliedRoles: z.array(z.string().uuid()),\n  clearedRoles: z.array(z.string().uuid()),\n})\n\nconst sidebarErrorSchema = z.object({\n  error: z.string(),\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  const { locale } = await resolveTranslations()\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as any\n  const rbac = resolve('rbacService') as any\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  const settings = await loadSidebarPreference(em, {\n    userId: auth.sub,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  })\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const roleScope = auth.tenantId\n      ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n      : { tenantId: null }\n    const roles = await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: roles.map((r: Role) => r.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = roles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings: {\n      version: settings.version ?? SIDEBAR_PREFERENCES_VERSION,\n      groupOrder: settings.groupOrder ?? [],\n      groupLabels: settings.groupLabels ?? {},\n      itemLabels: settings.itemLabels ?? {},\n      hiddenItems: settings.hiddenItems ?? [],\n    },\n    canApplyToRoles,\n    roles: rolesPayload,\n  })\n}\n\nexport async function PUT(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  let parsedBody: unknown\n  try {\n    parsedBody = await req.json()\n  } catch {\n    return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 })\n  }\n\n  const parsed = sidebarPreferencesInputSchema.safeParse(parsedBody)\n  if (!parsed.success) {\n    return NextResponse.json({ error: 'Invalid payload', details: parsed.error.flatten() }, { status: 400 })\n  }\n\n  const sanitizeRecord = (record?: Record<string, string>) => {\n    if (!record) return {}\n    const result: Record<string, string> = {}\n    for (const [key, value] of Object.entries(record)) {\n      const trimmedKey = key.trim()\n      const trimmedValue = value.trim()\n      if (!trimmedKey || !trimmedValue) continue\n      result[trimmedKey] = trimmedValue\n    }\n    return result\n  }\n\n  const groupOrderSource = parsed.data.groupOrder ?? []\n  const seen = new Set<string>()\n  const groupOrder: string[] = []\n  for (const id of groupOrderSource) {\n    const trimmed = id.trim()\n    if (!trimmed || seen.has(trimmed)) continue\n    seen.add(trimmed)\n    groupOrder.push(trimmed)\n  }\n\n  const payload = {\n    version: parsed.data.version ?? SIDEBAR_PREFERENCES_VERSION,\n    groupOrder,\n    groupLabels: sanitizeRecord(parsed.data.groupLabels),\n    itemLabels: sanitizeRecord(parsed.data.itemLabels),\n    hiddenItems: (() => {\n      const source = parsed.data.hiddenItems ?? []\n      const seenHidden = new Set<string>()\n      const values: string[] = []\n      for (const href of source) {\n        const trimmed = href.trim()\n        if (!trimmed || seenHidden.has(trimmed)) continue\n        seenHidden.add(trimmed)\n        values.push(trimmed)\n      }\n      return values\n    })(),\n  }\n\n  const { locale } = await resolveTranslations()\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as any\n  const rbac = container.resolve('rbacService') as any\n  const cache = container.resolve('cache') as { deleteByTags?: (tags: string[]) => Promise<unknown> } | undefined\n\n  const applyToRolesSource = parsed.data.applyToRoles ?? []\n  const applyToRoles = Array.from(new Set(applyToRolesSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n  const clearRoleIdsSource = parsed.data.clearRoleIds ?? []\n  const clearRoleIds = Array.from(new Set(clearRoleIdsSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  if ((applyToRoles.length > 0 || clearRoleIds.length > 0) && !canApplyToRoles) {\n    return NextResponse.json({ error: 'Forbidden', requiredFeatures: ['auth.sidebar.manage'] }, { status: 403 })\n  }\n\n  const settings = await saveSidebarPreference(em, {\n    userId: auth.sub,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  }, payload)\n\n  const roleScope = auth.tenantId\n    ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n    : { tenantId: null }\n  const availableRoles = canApplyToRoles\n    ? await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    : []\n  const roleMap = new Map<string, Role>(availableRoles.map((role: Role) => [String(role.id), role]))\n\n  let updatedRoleIds: string[] = []\n  if (applyToRoles.length > 0) {\n    const missing = applyToRoles.filter((id) => !roleMap.has(id))\n    if (missing.length) {\n      return NextResponse.json({ error: 'Invalid roles', missing }, { status: 400 })\n    }\n    for (const roleId of applyToRoles) {\n      const role = roleMap.get(roleId)!\n      await saveRoleSidebarPreference(em, {\n        roleId: role.id,\n        tenantId: auth.tenantId ?? null,\n        locale,\n      }, payload)\n      updatedRoleIds.push(role.id)\n    }\n  }\n\n  const filteredClearRoleIds = clearRoleIds.filter((id) => !updatedRoleIds.includes(id) && !applyToRoles.includes(id))\n\n  if (filteredClearRoleIds.length > 0) {\n    await em.nativeDelete(RoleSidebarPreference, {\n      role: { $in: filteredClearRoleIds },\n      locale,\n      tenantId: auth.tenantId ?? null,\n    })\n    if (cache?.deleteByTags) {\n      try {\n        await cache.deleteByTags(filteredClearRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`))\n      } catch {}\n    }\n  }\n\n  if (cache?.deleteByTags) {\n    const tags = [\n      `nav:sidebar:user:${auth.sub}`,\n      `nav:sidebar:scope:${auth.sub}:${auth.tenantId ?? 'null'}:${auth.orgId ?? 'null'}:${locale}`,\n      ...updatedRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`),\n    ]\n    try {\n      await cache.deleteByTags(tags)\n    } catch {}\n  }\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: availableRoles.map((role: Role) => role.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = availableRoles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings,\n    canApplyToRoles,\n    roles: rolesPayload,\n    appliedRoles: updatedRoleIds,\n    clearedRoles: filteredClearRoleIds,\n  })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Sidebar preferences',\n  methods: {\n    GET: {\n      summary: 'Get sidebar preferences',\n      description: 'Returns personal sidebar customization and any role-level preferences the user can manage.',\n      responses: [\n        { status: 200, description: 'Current sidebar configuration', schema: sidebarPreferencesResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update sidebar preferences',\n      description: 'Updates personal sidebar configuration and, optionally, applies the same settings to selected roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: sidebarPreferencesInputSchema,\n      },\n      responses: [\n        { status: 200, description: 'Preferences saved', schema: sidebarPreferencesUpdateResponseSchema },\n        { status: 400, description: 'Invalid payload', schema: sidebarErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n        { status: 403, description: 'Missing features for role-wide updates', schema: sidebarErrorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,0BAA0B;AACnC,SAAS,2BAA2B;AACpC,SAAS,8BAA8B;AACvC,SAAS,qCAAqC;AAC9C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,mCAAmC;AAC5C,SAAS,MAAM,6BAA6B;AAE5C,SAAS,SAAS;AAEX,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,KAAK;AAAA,EACzB,KAAK,EAAE,aAAa,KAAK;AAC3B;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACnC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC5C,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC3C,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC;AACjC,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,eAAe,EAAE,QAAQ;AAC3B,CAAC;AAED,MAAM,mCAAmC,EAAE,OAAO;AAAA,EAChD,QAAQ,EAAE,OAAO;AAAA,EACjB,UAAU;AAAA,EACV,iBAAiB,EAAE,QAAQ;AAAA,EAC3B,OAAO,EAAE,MAAM,sBAAsB;AACvC,CAAC;AAED,MAAM,yCAAyC,iCAAiC,OAAO;AAAA,EACrF,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AAAA,EACvC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AACzC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,OAAO,QAAQ,aAAa;AAElC,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAEL,QAAM,WAAW,MAAM,sBAAsB,IAAI;AAAA,IAC/C,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,CAAC;AAED,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,UAAM,QAAQ,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC;AAChF,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,MAAM,IAAI,CAAC,MAAY,EAAE,EAAE;AAAA,MACpC,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,MAAM,IAAI,CAAC,UAAgB;AAAA,MACxC,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA,UAAU;AAAA,MACR,SAAS,SAAS,WAAW;AAAA,MAC7B,YAAY,SAAS,cAAc,CAAC;AAAA,MACpC,aAAa,SAAS,eAAe,CAAC;AAAA,MACtC,YAAY,SAAS,cAAc,CAAC;AAAA,MACpC,aAAa,SAAS,eAAe,CAAC;AAAA,IACxC;AAAA,IACA;AAAA,IACA,OAAO;AAAA,EACT,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,SAAS,8BAA8B,UAAU,UAAU;AACjE,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,OAAO,mBAAmB,SAAS,OAAO,MAAM,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAEA,QAAM,iBAAiB,CAAC,WAAoC;AAC1D,QAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,YAAM,aAAa,IAAI,KAAK;AAC5B,YAAM,eAAe,MAAM,KAAK;AAChC,UAAI,CAAC,cAAc,CAAC,aAAc;AAClC,aAAO,UAAU,IAAI;AAAA,IACvB;AACA,WAAO;AAAA,EACT;AAEA,QAAM,mBAAmB,OAAO,KAAK,cAAc,CAAC;AACpD,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,aAAuB,CAAC;AAC9B,aAAW,MAAM,kBAAkB;AACjC,UAAM,UAAU,GAAG,KAAK;AACxB,QAAI,CAAC,WAAW,KAAK,IAAI,OAAO,EAAG;AACnC,SAAK,IAAI,OAAO;AAChB,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,QAAM,UAAU;AAAA,IACd,SAAS,OAAO,KAAK,WAAW;AAAA,IAChC;AAAA,IACA,aAAa,eAAe,OAAO,KAAK,WAAW;AAAA,IACnD,YAAY,eAAe,OAAO,KAAK,UAAU;AAAA,IACjD,cAAc,MAAM;AAClB,YAAM,SAAS,OAAO,KAAK,eAAe,CAAC;AAC3C,YAAM,aAAa,oBAAI,IAAY;AACnC,YAAM,SAAmB,CAAC;AAC1B,iBAAW,QAAQ,QAAQ;AACzB,cAAM,UAAU,KAAK,KAAK;AAC1B,YAAI,CAAC,WAAW,WAAW,IAAI,OAAO,EAAG;AACzC,mBAAW,IAAI,OAAO;AACtB,eAAO,KAAK,OAAO;AAAA,MACrB;AACA,aAAO;AAAA,IACT,GAAG;AAAA,EACL;AAEA,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,QAAQ,UAAU,QAAQ,OAAO;AAEvC,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAChH,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAEhH,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAEL,OAAK,aAAa,SAAS,KAAK,aAAa,SAAS,MAAM,CAAC,iBAAiB;AAC5E,WAAO,aAAa,KAAK,EAAE,OAAO,aAAa,kBAAkB,CAAC,qBAAqB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7G;AAEA,QAAM,WAAW,MAAM,sBAAsB,IAAI;AAAA,IAC/C,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,GAAG,OAAO;AAEV,QAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,QAAM,iBAAiB,kBACnB,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC,IAClE,CAAC;AACL,QAAM,UAAU,IAAI,IAAkB,eAAe,IAAI,CAAC,SAAe,CAAC,OAAO,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;AAEjG,MAAI,iBAA2B,CAAC;AAChC,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,UAAU,aAAa,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;AAC5D,QAAI,QAAQ,QAAQ;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,iBAAiB,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/E;AACA,eAAW,UAAU,cAAc;AACjC,YAAM,OAAO,QAAQ,IAAI,MAAM;AAC/B,YAAM,0BAA0B,IAAI;AAAA,QAClC,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK,YAAY;AAAA,QAC3B;AAAA,MACF,GAAG,OAAO;AACV,qBAAe,KAAK,KAAK,EAAE;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,uBAAuB,aAAa,OAAO,CAAC,OAAO,CAAC,eAAe,SAAS,EAAE,KAAK,CAAC,aAAa,SAAS,EAAE,CAAC;AAEnH,MAAI,qBAAqB,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,uBAAuB;AAAA,MAC3C,MAAM,EAAE,KAAK,qBAAqB;AAAA,MAClC;AAAA,MACA,UAAU,KAAK,YAAY;AAAA,IAC7B,CAAC;AACD,QAAI,OAAO,cAAc;AACvB,UAAI;AACF,cAAM,MAAM,aAAa,qBAAqB,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE,CAAC;AAAA,MAC7F,QAAQ;AAAA,MAAC;AAAA,IACX;AAAA,EACF;AAEA,MAAI,OAAO,cAAc;AACvB,UAAM,OAAO;AAAA,MACX,oBAAoB,KAAK,GAAG;AAAA,MAC5B,qBAAqB,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM,IAAI,MAAM;AAAA,MAC1F,GAAG,eAAe,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE;AAAA,IAChE;AACA,QAAI;AACF,YAAM,MAAM,aAAa,IAAI;AAAA,IAC/B,QAAQ;AAAA,IAAC;AAAA,EACX;AAEA,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,eAAe,IAAI,CAAC,SAAe,KAAK,EAAE;AAAA,MACnD,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,eAAe,IAAI,CAAC,UAAgB;AAAA,MACjD,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,cAAc;AAAA,IACd,cAAc;AAAA,EAChB,CAAC;AACH;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,iCAAiC;AAAA,QACtG,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,MACzE;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,uCAAuC;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,0CAA0C,QAAQ,mBAAmB;AAAA,MACnG;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { sidebarPreferencesInputSchema } from '../../../data/validators'\nimport {\n  loadRoleSidebarPreferences,\n  loadSidebarPreference,\n  saveRoleSidebarPreference,\n  saveSidebarPreference,\n} from '../../../services/sidebarPreferencesService'\nimport { SIDEBAR_PREFERENCES_VERSION } from '@open-mercato/shared/modules/navigation/sidebarPreferences'\nimport { Role, RoleSidebarPreference } from '../../../data/entities'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { z } from 'zod'\n\nexport const metadata = {\n  GET: { requireAuth: true },\n  PUT: { requireAuth: true },\n}\n\nconst sidebarSettingsSchema = z.object({\n  version: z.number().int().positive(),\n  groupOrder: z.array(z.string()),\n  groupLabels: z.record(z.string(), z.string()),\n  itemLabels: z.record(z.string(), z.string()),\n  hiddenItems: z.array(z.string()),\n})\n\nconst sidebarRoleEntrySchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  hasPreference: z.boolean(),\n})\n\nconst sidebarPreferencesResponseSchema = z.object({\n  locale: z.string(),\n  settings: sidebarSettingsSchema,\n  canApplyToRoles: z.boolean(),\n  roles: z.array(sidebarRoleEntrySchema),\n})\n\nconst sidebarPreferencesUpdateResponseSchema = sidebarPreferencesResponseSchema.extend({\n  appliedRoles: z.array(z.string().uuid()),\n  clearedRoles: z.array(z.string().uuid()),\n})\n\nconst sidebarErrorSchema = z.object({\n  error: z.string(),\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  const { locale } = await resolveTranslations()\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as any\n  const rbac = resolve('rbacService') as any\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  // For API key auth, use userId (the actual user) if available\n  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub\n  const settings = effectiveUserId\n    ? await loadSidebarPreference(em, {\n        userId: effectiveUserId,\n        tenantId: auth.tenantId ?? null,\n        organizationId: auth.orgId ?? null,\n        locale,\n      })\n    : null\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const roleScope = auth.tenantId\n      ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n      : { tenantId: null }\n    const roles = await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: roles.map((r: Role) => r.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = roles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings: {\n      version: settings?.version ?? SIDEBAR_PREFERENCES_VERSION,\n      groupOrder: settings?.groupOrder ?? [],\n      groupLabels: settings?.groupLabels ?? {},\n      itemLabels: settings?.itemLabels ?? {},\n      hiddenItems: settings?.hiddenItems ?? [],\n    },\n    canApplyToRoles,\n    roles: rolesPayload,\n  })\n}\n\nexport async function PUT(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  // For API key auth, use userId (the actual user) if available\n  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub\n  if (!effectiveUserId) {\n    return NextResponse.json({ error: 'Cannot save preferences: no user associated with this API key' }, { status: 403 })\n  }\n\n  let parsedBody: unknown\n  try {\n    parsedBody = await req.json()\n  } catch {\n    return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 })\n  }\n\n  const parsed = sidebarPreferencesInputSchema.safeParse(parsedBody)\n  if (!parsed.success) {\n    return NextResponse.json({ error: 'Invalid payload', details: parsed.error.flatten() }, { status: 400 })\n  }\n\n  const sanitizeRecord = (record?: Record<string, string>) => {\n    if (!record) return {}\n    const result: Record<string, string> = {}\n    for (const [key, value] of Object.entries(record)) {\n      const trimmedKey = key.trim()\n      const trimmedValue = value.trim()\n      if (!trimmedKey || !trimmedValue) continue\n      result[trimmedKey] = trimmedValue\n    }\n    return result\n  }\n\n  const groupOrderSource = parsed.data.groupOrder ?? []\n  const seen = new Set<string>()\n  const groupOrder: string[] = []\n  for (const id of groupOrderSource) {\n    const trimmed = id.trim()\n    if (!trimmed || seen.has(trimmed)) continue\n    seen.add(trimmed)\n    groupOrder.push(trimmed)\n  }\n\n  const payload = {\n    version: parsed.data.version ?? SIDEBAR_PREFERENCES_VERSION,\n    groupOrder,\n    groupLabels: sanitizeRecord(parsed.data.groupLabels),\n    itemLabels: sanitizeRecord(parsed.data.itemLabels),\n    hiddenItems: (() => {\n      const source = parsed.data.hiddenItems ?? []\n      const seenHidden = new Set<string>()\n      const values: string[] = []\n      for (const href of source) {\n        const trimmed = href.trim()\n        if (!trimmed || seenHidden.has(trimmed)) continue\n        seenHidden.add(trimmed)\n        values.push(trimmed)\n      }\n      return values\n    })(),\n  }\n\n  const { locale } = await resolveTranslations()\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as any\n  const rbac = container.resolve('rbacService') as any\n  const cache = container.resolve('cache') as { deleteByTags?: (tags: string[]) => Promise<unknown> } | undefined\n\n  const applyToRolesSource = parsed.data.applyToRoles ?? []\n  const applyToRoles = Array.from(new Set(applyToRolesSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n  const clearRoleIdsSource = parsed.data.clearRoleIds ?? []\n  const clearRoleIds = Array.from(new Set(clearRoleIdsSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  if ((applyToRoles.length > 0 || clearRoleIds.length > 0) && !canApplyToRoles) {\n    return NextResponse.json({ error: 'Forbidden', requiredFeatures: ['auth.sidebar.manage'] }, { status: 403 })\n  }\n\n  const settings = await saveSidebarPreference(em, {\n    userId: effectiveUserId,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  }, payload)\n\n  const roleScope = auth.tenantId\n    ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n    : { tenantId: null }\n  const availableRoles = canApplyToRoles\n    ? await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    : []\n  const roleMap = new Map<string, Role>(availableRoles.map((role: Role) => [String(role.id), role]))\n\n  let updatedRoleIds: string[] = []\n  if (applyToRoles.length > 0) {\n    const missing = applyToRoles.filter((id) => !roleMap.has(id))\n    if (missing.length) {\n      return NextResponse.json({ error: 'Invalid roles', missing }, { status: 400 })\n    }\n    for (const roleId of applyToRoles) {\n      const role = roleMap.get(roleId)!\n      await saveRoleSidebarPreference(em, {\n        roleId: role.id,\n        tenantId: auth.tenantId ?? null,\n        locale,\n      }, payload)\n      updatedRoleIds.push(role.id)\n    }\n  }\n\n  const filteredClearRoleIds = clearRoleIds.filter((id) => !updatedRoleIds.includes(id) && !applyToRoles.includes(id))\n\n  if (filteredClearRoleIds.length > 0) {\n    await em.nativeDelete(RoleSidebarPreference, {\n      role: { $in: filteredClearRoleIds },\n      locale,\n      tenantId: auth.tenantId ?? null,\n    })\n    if (cache?.deleteByTags) {\n      try {\n        await cache.deleteByTags(filteredClearRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`))\n      } catch {}\n    }\n  }\n\n  if (cache?.deleteByTags) {\n    const tags = [\n      `nav:sidebar:user:${auth.sub}`,\n      `nav:sidebar:scope:${auth.sub}:${auth.tenantId ?? 'null'}:${auth.orgId ?? 'null'}:${locale}`,\n      ...updatedRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`),\n    ]\n    try {\n      await cache.deleteByTags(tags)\n    } catch {}\n  }\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: availableRoles.map((role: Role) => role.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = availableRoles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings,\n    canApplyToRoles,\n    roles: rolesPayload,\n    appliedRoles: updatedRoleIds,\n    clearedRoles: filteredClearRoleIds,\n  })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Sidebar preferences',\n  methods: {\n    GET: {\n      summary: 'Get sidebar preferences',\n      description: 'Returns personal sidebar customization and any role-level preferences the user can manage.',\n      responses: [\n        { status: 200, description: 'Current sidebar configuration', schema: sidebarPreferencesResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update sidebar preferences',\n      description: 'Updates personal sidebar configuration and, optionally, applies the same settings to selected roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: sidebarPreferencesInputSchema,\n      },\n      responses: [\n        { status: 200, description: 'Preferences saved', schema: sidebarPreferencesUpdateResponseSchema },\n        { status: 400, description: 'Invalid payload', schema: sidebarErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n        { status: 403, description: 'Missing features for role-wide updates', schema: sidebarErrorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,0BAA0B;AACnC,SAAS,2BAA2B;AACpC,SAAS,8BAA8B;AACvC,SAAS,qCAAqC;AAC9C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,mCAAmC;AAC5C,SAAS,MAAM,6BAA6B;AAE5C,SAAS,SAAS;AAEX,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,KAAK;AAAA,EACzB,KAAK,EAAE,aAAa,KAAK;AAC3B;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACnC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC5C,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC3C,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC;AACjC,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,eAAe,EAAE,QAAQ;AAC3B,CAAC;AAED,MAAM,mCAAmC,EAAE,OAAO;AAAA,EAChD,QAAQ,EAAE,OAAO;AAAA,EACjB,UAAU;AAAA,EACV,iBAAiB,EAAE,QAAQ;AAAA,EAC3B,OAAO,EAAE,MAAM,sBAAsB;AACvC,CAAC;AAED,MAAM,yCAAyC,iCAAiC,OAAO;AAAA,EACrF,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AAAA,EACvC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AACzC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,OAAO,QAAQ,aAAa;AAElC,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAGL,QAAM,kBAAkB,KAAK,WAAW,KAAK,SAAS,KAAK;AAC3D,QAAM,WAAW,kBACb,MAAM,sBAAsB,IAAI;AAAA,IAC9B,QAAQ;AAAA,IACR,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,CAAC,IACD;AAEJ,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,UAAM,QAAQ,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC;AAChF,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,MAAM,IAAI,CAAC,MAAY,EAAE,EAAE;AAAA,MACpC,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,MAAM,IAAI,CAAC,UAAgB;AAAA,MACxC,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA,UAAU;AAAA,MACR,SAAS,UAAU,WAAW;AAAA,MAC9B,YAAY,UAAU,cAAc,CAAC;AAAA,MACrC,aAAa,UAAU,eAAe,CAAC;AAAA,MACvC,YAAY,UAAU,cAAc,CAAC;AAAA,MACrC,aAAa,UAAU,eAAe,CAAC;AAAA,IACzC;AAAA,IACA;AAAA,IACA,OAAO;AAAA,EACT,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,kBAAkB,KAAK,WAAW,KAAK,SAAS,KAAK;AAC3D,MAAI,CAAC,iBAAiB;AACpB,WAAO,aAAa,KAAK,EAAE,OAAO,gEAAgE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACtH;AAEA,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,SAAS,8BAA8B,UAAU,UAAU;AACjE,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,OAAO,mBAAmB,SAAS,OAAO,MAAM,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAEA,QAAM,iBAAiB,CAAC,WAAoC;AAC1D,QAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,YAAM,aAAa,IAAI,KAAK;AAC5B,YAAM,eAAe,MAAM,KAAK;AAChC,UAAI,CAAC,cAAc,CAAC,aAAc;AAClC,aAAO,UAAU,IAAI;AAAA,IACvB;AACA,WAAO;AAAA,EACT;AAEA,QAAM,mBAAmB,OAAO,KAAK,cAAc,CAAC;AACpD,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,aAAuB,CAAC;AAC9B,aAAW,MAAM,kBAAkB;AACjC,UAAM,UAAU,GAAG,KAAK;AACxB,QAAI,CAAC,WAAW,KAAK,IAAI,OAAO,EAAG;AACnC,SAAK,IAAI,OAAO;AAChB,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,QAAM,UAAU;AAAA,IACd,SAAS,OAAO,KAAK,WAAW;AAAA,IAChC;AAAA,IACA,aAAa,eAAe,OAAO,KAAK,WAAW;AAAA,IACnD,YAAY,eAAe,OAAO,KAAK,UAAU;AAAA,IACjD,cAAc,MAAM;AAClB,YAAM,SAAS,OAAO,KAAK,eAAe,CAAC;AAC3C,YAAM,aAAa,oBAAI,IAAY;AACnC,YAAM,SAAmB,CAAC;AAC1B,iBAAW,QAAQ,QAAQ;AACzB,cAAM,UAAU,KAAK,KAAK;AAC1B,YAAI,CAAC,WAAW,WAAW,IAAI,OAAO,EAAG;AACzC,mBAAW,IAAI,OAAO;AACtB,eAAO,KAAK,OAAO;AAAA,MACrB;AACA,aAAO;AAAA,IACT,GAAG;AAAA,EACL;AAEA,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,QAAQ,UAAU,QAAQ,OAAO;AAEvC,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAChH,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAEhH,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAEL,OAAK,aAAa,SAAS,KAAK,aAAa,SAAS,MAAM,CAAC,iBAAiB;AAC5E,WAAO,aAAa,KAAK,EAAE,OAAO,aAAa,kBAAkB,CAAC,qBAAqB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7G;AAEA,QAAM,WAAW,MAAM,sBAAsB,IAAI;AAAA,IAC/C,QAAQ;AAAA,IACR,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,GAAG,OAAO;AAEV,QAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,QAAM,iBAAiB,kBACnB,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC,IAClE,CAAC;AACL,QAAM,UAAU,IAAI,IAAkB,eAAe,IAAI,CAAC,SAAe,CAAC,OAAO,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;AAEjG,MAAI,iBAA2B,CAAC;AAChC,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,UAAU,aAAa,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;AAC5D,QAAI,QAAQ,QAAQ;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,iBAAiB,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/E;AACA,eAAW,UAAU,cAAc;AACjC,YAAM,OAAO,QAAQ,IAAI,MAAM;AAC/B,YAAM,0BAA0B,IAAI;AAAA,QAClC,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK,YAAY;AAAA,QAC3B;AAAA,MACF,GAAG,OAAO;AACV,qBAAe,KAAK,KAAK,EAAE;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,uBAAuB,aAAa,OAAO,CAAC,OAAO,CAAC,eAAe,SAAS,EAAE,KAAK,CAAC,aAAa,SAAS,EAAE,CAAC;AAEnH,MAAI,qBAAqB,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,uBAAuB;AAAA,MAC3C,MAAM,EAAE,KAAK,qBAAqB;AAAA,MAClC;AAAA,MACA,UAAU,KAAK,YAAY;AAAA,IAC7B,CAAC;AACD,QAAI,OAAO,cAAc;AACvB,UAAI;AACF,cAAM,MAAM,aAAa,qBAAqB,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE,CAAC;AAAA,MAC7F,QAAQ;AAAA,MAAC;AAAA,IACX;AAAA,EACF;AAEA,MAAI,OAAO,cAAc;AACvB,UAAM,OAAO;AAAA,MACX,oBAAoB,KAAK,GAAG;AAAA,MAC5B,qBAAqB,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM,IAAI,MAAM;AAAA,MAC1F,GAAG,eAAe,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE;AAAA,IAChE;AACA,QAAI;AACF,YAAM,MAAM,aAAa,IAAI;AAAA,IAC/B,QAAQ;AAAA,IAAC;AAAA,EACX;AAEA,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,eAAe,IAAI,CAAC,SAAe,KAAK,EAAE;AAAA,MACnD,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,eAAe,IAAI,CAAC,UAAgB;AAAA,MACjD,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,cAAc;AAAA,IACd,cAAc;AAAA,EAChB,CAAC;AACH;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,iCAAiC;AAAA,QACtG,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,MACzE;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,uCAAuC;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,0CAA0C,QAAQ,mBAAmB;AAAA,MACnG;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }

package/dist/modules/auth/api/users/route.js CHANGED Viewed

@@ -11,6 +11,7 @@ import { loadCustomFieldValues } from "@open-mercato/shared/lib/crud/custom-fiel
 import { userCrudEvents, userCrudIndexer } from "@open-mercato/core/modules/auth/commands/users";
 import { findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
 import { escapeLikePattern } from "@open-mercato/shared/lib/db/escapeLikePattern";
+import { buildPasswordSchema } from "@open-mercato/shared/lib/auth/passwordPolicy";
 const querySchema = z.object({
   id: z.string().uuid().optional(),
   page: z.coerce.number().min(1).default(1),
@@ -20,16 +21,17 @@ const querySchema = z.object({
   roleIds: z.array(z.string().uuid()).optional()
 }).passthrough();
 const rawBodySchema = z.object({}).passthrough();
+const passwordSchema = buildPasswordSchema();
 const userCreateSchema = z.object({
   email: z.string().email(),
-  password: z.string().min(6),
+  password: passwordSchema,
   organizationId: z.string().uuid(),
   roles: z.array(z.string()).optional()
 });
 const userUpdateSchema = z.object({
   id: z.string().uuid(),
   email: z.string().email().optional(),
-  password: z.string().min(6).optional(),
+  password: passwordSchema.optional(),
   organizationId: z.string().uuid().optional(),
   roles: z.array(z.string()).optional()
 });

package/dist/modules/auth/api/users/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/auth/api/users/route.ts"],
-  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-explicit-any */\nimport { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { logCrudAccess, makeCrudRoute } from '@open-mercato/shared/lib/crud/factory'\nimport { forbidden } from '@open-mercato/shared/lib/crud/errors'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { User, Role, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { Organization, Tenant } from '@open-mercato/core/modules/directory/data/entities'\nimport { E } from '#generated/entities.ids.generated'\nimport { loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { userCrudEvents, userCrudIndexer } from '@open-mercato/core/modules/auth/commands/users'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { escapeLikePattern } from '@open-mercato/shared/lib/db/escapeLikePattern'\n\nconst querySchema = z.object({\n  id: z.string().uuid().optional(),\n  page: z.coerce.number().min(1).default(1),\n  pageSize: z.coerce.number().min(1).max(100).default(50),\n  search: z.string().optional(),\n  organizationId: z.string().uuid().optional(),\n  roleIds: z.array(z.string().uuid()).optional(),\n}).passthrough()\n\nconst rawBodySchema = z.object({}).passthrough()\n\nconst userCreateSchema = z.object({\n  email: z.string().email(),\n  password: z.string().min(6),\n  organizationId: z.string().uuid(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userUpdateSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email().optional(),\n  password: z.string().min(6).optional(),\n  organizationId: z.string().uuid().optional(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userListItemSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email(),\n  organizationId: z.string().uuid().nullable(),\n  organizationName: z.string().nullable(),\n  tenantId: z.string().uuid().nullable(),\n  tenantName: z.string().nullable(),\n  roles: z.array(z.string()),\n})\n\nconst userListResponseSchema = z.object({\n  items: z.array(userListItemSchema),\n  total: z.number().int().nonnegative(),\n  totalPages: z.number().int().positive(),\n  isSuperAdmin: z.boolean().optional(),\n})\n\nconst okResponseSchema = z.object({ ok: z.literal(true) })\n\nconst errorResponseSchema = z.object({ error: z.string() })\n\ntype CrudInput = Record<string, unknown>\n\nconst routeMetadata = {\n  GET: { requireAuth: true, requireFeatures: ['auth.users.list'] },\n  POST: { requireAuth: true, requireFeatures: ['auth.users.create'] },\n  PUT: { requireAuth: true, requireFeatures: ['auth.users.edit'] },\n  DELETE: { requireAuth: true, requireFeatures: ['auth.users.delete'] },\n}\n\nexport const metadata = routeMetadata\n\nconst crud = makeCrudRoute<CrudInput, CrudInput, Record<string, unknown>>({\n  metadata: routeMetadata,\n  orm: {\n    entity: User,\n    idField: 'id',\n    orgField: null,\n    tenantField: null,\n    softDeleteField: 'deletedAt',\n  },\n  events: userCrudEvents,\n  indexer: userCrudIndexer,\n  actions: {\n    create: {\n      commandId: 'auth.users.create',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: ({ result }) => ({ id: String(result.id) }),\n      status: 201,\n    },\n    update: {\n      commandId: 'auth.users.update',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: () => ({ ok: true }),\n    },\n    delete: {\n      commandId: 'auth.users.delete',\n      response: () => ({ ok: true }),\n    },\n  },\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const url = new URL(req.url)\n  const rawRoleIds = url.searchParams.getAll('roleId').filter((id): id is string => typeof id === 'string' && id.trim().length > 0)\n  const parsed = querySchema.safeParse({\n    id: url.searchParams.get('id') || undefined,\n    page: url.searchParams.get('page') || undefined,\n    pageSize: url.searchParams.get('pageSize') || undefined,\n    search: url.searchParams.get('search') || undefined,\n    organizationId: url.searchParams.get('organizationId') || undefined,\n    roleIds: rawRoleIds.length ? rawRoleIds : undefined,\n  })\n  if (!parsed.success) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager)\n  let isSuperAdmin = false\n  try {\n    if (auth.sub) {\n      const rbacService = container.resolve('rbacService') as any\n      const acl = await rbacService.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n      isSuperAdmin = !!acl?.isSuperAdmin\n    }\n  } catch (err) {\n    console.error('users: failed to resolve rbac', err)\n  }\n  const { id, page, pageSize, search, organizationId, roleIds } = parsed.data\n  const where: any = { deletedAt: null }\n  if (!isSuperAdmin) {\n    if (!auth.tenantId) {\n      return NextResponse.json({ items: [], total: 0, totalPages: 1, isSuperAdmin })\n    }\n    where.tenantId = auth.tenantId\n  }\n  if (organizationId) where.organizationId = organizationId\n  if (search) where.email = { $ilike: `%${escapeLikePattern(search)}%` } as any\n  let idFilter: Set<string> | null = id ? new Set([id]) : null\n  if (Array.isArray(roleIds) && roleIds.length > 0) {\n    const uniqueRoleIds = Array.from(new Set(roleIds))\n    const linksForRoles = await em.find(UserRole, { role: { $in: uniqueRoleIds as any } } as any)\n    const roleUserIds = new Set<string>()\n    for (const link of linksForRoles) {\n      const uid = String((link as any).user?.id || (link as any).user || '')\n      if (uid) roleUserIds.add(uid)\n    }\n    if (roleUserIds.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n    if (idFilter) {\n      for (const uid of Array.from(idFilter)) {\n        if (!roleUserIds.has(uid)) idFilter.delete(uid)\n      }\n    } else {\n      idFilter = roleUserIds\n    }\n    if (!idFilter || idFilter.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  }\n  if (idFilter && idFilter.size) {\n    where.id = { $in: Array.from(idFilter) as any }\n  } else if (id) {\n    where.id = id\n  }\n  const [rows, count] = await em.findAndCount(User, where, { limit: pageSize, offset: (page - 1) * pageSize })\n  const userIds = rows.map((u: any) => u.id)\n  const links = userIds.length\n    ? await findWithDecryption(\n        em,\n        UserRole,\n        { user: { $in: userIds as any } } as any,\n        { populate: ['role'] },\n        { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n      )\n    : []\n  const roleMap: Record<string, string[]> = {}\n  for (const l of links) {\n    const uid = String((l as any).user?.id || (l as any).user)\n    const rname = String((l as any).role?.name || '')\n    if (!roleMap[uid]) roleMap[uid] = []\n    if (rname) roleMap[uid].push(rname)\n  }\n  const orgIds = rows\n    .map((u: any) => (u.organizationId ? String(u.organizationId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueOrgIds = Array.from(new Set(orgIds))\n  let orgMap: Record<string, string> = {}\n  if (uniqueOrgIds.length) {\n    const organizations = await em.find(\n      Organization,\n      { id: { $in: uniqueOrgIds as any }, deletedAt: null },\n    )\n    orgMap = organizations.reduce<Record<string, string>>((acc, org) => {\n      const orgId = org?.id ? String(org.id) : null\n      if (!orgId) return acc\n      const rawName = (org as any)?.name\n      const orgName = typeof rawName === 'string' && rawName.length > 0 ? rawName : orgId\n      acc[orgId] = orgName\n      return acc\n    }, {})\n  }\n  const tenantIds = rows\n    .map((u: any) => (u.tenantId ? String(u.tenantId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueTenantIds = Array.from(new Set(tenantIds))\n  let tenantMap: Record<string, string> = {}\n  if (uniqueTenantIds.length) {\n    const tenants = await em.find(\n      Tenant,\n      { id: { $in: uniqueTenantIds as any }, deletedAt: null },\n    )\n    tenantMap = tenants.reduce<Record<string, string>>((acc, tenant) => {\n      const tenantId = tenant?.id ? String(tenant.id) : null\n      if (!tenantId) return acc\n      const rawName = (tenant as any)?.name\n      const tenantName = typeof rawName === 'string' && rawName.length > 0 ? rawName : tenantId\n      acc[tenantId] = tenantName\n      return acc\n    }, {})\n  }\n  const tenantByUser: Record<string, string | null> = {}\n  const organizationByUser: Record<string, string | null> = {}\n  for (const u of rows) {\n    const uid = String(u.id)\n    tenantByUser[uid] = u.tenantId ? String(u.tenantId) : null\n    organizationByUser[uid] = u.organizationId ? String(u.organizationId) : null\n  }\n  const cfByUser = userIds.length\n    ? await loadCustomFieldValues({\n        em,\n        entityId: E.auth.user,\n        recordIds: userIds.map(String),\n        tenantIdByRecord: tenantByUser,\n        organizationIdByRecord: organizationByUser,\n        tenantFallbacks: auth.tenantId ? [auth.tenantId] : [],\n      })\n    : {}\n\n  const items = rows.map((u: any) => {\n    const uid = String(u.id)\n    const orgId = u.organizationId ? String(u.organizationId) : null\n    return {\n      id: uid,\n      email: String(u.email),\n      organizationId: orgId,\n      organizationName: orgId ? orgMap[orgId] ?? orgId : null,\n      tenantId: u.tenantId ? String(u.tenantId) : null,\n      tenantName: u.tenantId ? tenantMap[String(u.tenantId)] ?? String(u.tenantId) : null,\n      roles: roleMap[uid] || [],\n      ...(cfByUser[uid] || {}),\n    }\n  })\n  const totalPages = Math.max(1, Math.ceil(count / pageSize))\n  await logCrudAccess({\n    container,\n    auth,\n    request: req,\n    items,\n    idField: 'id',\n    resourceKind: 'auth.user',\n    organizationId: null,\n    tenantId: auth.tenantId ?? null,\n    query: parsed.data,\n    accessType: id ? 'read:item' : undefined,\n  })\n  return NextResponse.json({ items, total: count, totalPages, isSuperAdmin })\n}\n\nexport const POST = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.POST(req)\n}\n\nexport const PUT = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.PUT(req)\n}\n\nexport const DELETE = crud.DELETE\n\nasync function assertCanAssignRoles(req: Request, roles: unknown) {\n  if (!Array.isArray(roles)) return\n  const normalized = roles\n    .map((role) => (typeof role === 'string' ? role.trim().toLowerCase() : null))\n    .filter((role): role is string => !!role)\n  if (!normalized.includes('superadmin')) return\n  const auth = await getAuthFromRequest(req)\n  if (!auth) throw new Error('Unauthorized')\n  const container = await createRequestContainer()\n  const rbac = container.resolve('rbacService') as RbacService\n  const acl = await rbac.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n  if (!acl?.isSuperAdmin) {\n    throw forbidden('Only super administrators can assign the superadmin role.')\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'User management',\n  methods: {\n    GET: {\n      summary: 'List users',\n      description:\n        'Returns users for the current tenant. Super administrators may scope the response via organization or role filters.',\n      query: querySchema,\n      responses: [\n        { status: 200, description: 'User collection', schema: userListResponseSchema },\n      ],\n    },\n    POST: {\n      summary: 'Create user',\n      description: 'Creates a new confirmed user within the specified organization and optional roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userCreateSchema,\n      },\n      responses: [\n        {\n          status: 201,\n          description: 'User created',\n          schema: z.object({ id: z.string().uuid() }),\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload or duplicate email', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update user',\n      description: 'Updates profile fields, organization assignment, credentials, or role memberships.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userUpdateSchema,\n      },\n      responses: [\n        { status: 200, description: 'User updated', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete user',\n      description: 'Deletes a user by identifier. Undo support is provided via the command bus.',\n      query: z.object({ id: z.string().uuid().describe('User identifier') }),\n      responses: [\n        { status: 200, description: 'User deleted', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'User cannot be deleted', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AACA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,eAAe,qBAAqB;AAC7C,SAAS,iBAAiB;AAC1B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,MAAY,gBAAgB;AAErC,SAAS,cAAc,cAAc;AACrC,SAAS,SAAS;AAClB,SAAS,6BAA6B;AAEtC,SAAS,gBAAgB,uBAAuB;AAChD,SAAS,0BAA0B;AACnC,SAAS,yBAAyB;AAElC,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,EAAE;AAAA,EACtD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,SAAS;AAC/C,CAAC,EAAE,YAAY;AAEf,MAAM,gBAAgB,EAAE,OAAO,CAAC,CAAC,EAAE,YAAY;AAE/C,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,gBAAgB,EAAE,OAAO,EAAE,KAAK;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACnC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACrC,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,kBAAkB,EAAE,OAAO,EAAE,SAAS;AAAA,EACtC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EACrC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC;AAC3B,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,OAAO,EAAE,MAAM,kBAAkB;AAAA,EACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY;AAAA,EACpC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACtC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACrC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AAEzD,MAAM,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAI1D,MAAM,gBAAgB;AAAA,EACpB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AAAA,EAClE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AACtE;AAEO,MAAM,WAAW;AAExB,MAAM,OAAO,cAA6D;AAAA,EACxE,UAAU;AAAA,EACV,KAAK;AAAA,IACH,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,iBAAiB;AAAA,EACnB;AAAA,EACA,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,CAAC,EAAE,OAAO,OAAO,EAAE,IAAI,OAAO,OAAO,EAAE,EAAE;AAAA,MACnD,QAAQ;AAAA,IACV;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,EACF;AACF,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC1E,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,aAAa,IAAI,aAAa,OAAO,QAAQ,EAAE,OAAO,CAACA,QAAqB,OAAOA,QAAO,YAAYA,IAAG,KAAK,EAAE,SAAS,CAAC;AAChI,QAAM,SAAS,YAAY,UAAU;AAAA,IACnC,IAAI,IAAI,aAAa,IAAI,IAAI,KAAK;AAAA,IAClC,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,QAAQ,IAAI,aAAa,IAAI,QAAQ,KAAK;AAAA,IAC1C,gBAAgB,IAAI,aAAa,IAAI,gBAAgB,KAAK;AAAA,IAC1D,SAAS,WAAW,SAAS,aAAa;AAAA,EAC5C,CAAC;AACD,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AACpF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI;AAClC,MAAI,eAAe;AACnB,MAAI;AACF,QAAI,KAAK,KAAK;AACZ,YAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,YAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AACvH,qBAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,iCAAiC,GAAG;AAAA,EACpD;AACA,QAAM,EAAE,IAAI,MAAM,UAAU,QAAQ,gBAAgB,QAAQ,IAAI,OAAO;AACvE,QAAM,QAAa,EAAE,WAAW,KAAK;AACrC,MAAI,CAAC,cAAc;AACjB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,GAAG,aAAa,CAAC;AAAA,IAC/E;AACA,UAAM,WAAW,KAAK;AAAA,EACxB;AACA,MAAI,eAAgB,OAAM,iBAAiB;AAC3C,MAAI,OAAQ,OAAM,QAAQ,EAAE,QAAQ,IAAI,kBAAkB,MAAM,CAAC,IAAI;AACrE,MAAI,WAA+B,KAAK,oBAAI,IAAI,CAAC,EAAE,CAAC,IAAI;AACxD,MAAI,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,GAAG;AAChD,UAAM,gBAAgB,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC;AACjD,UAAM,gBAAgB,MAAM,GAAG,KAAK,UAAU,EAAE,MAAM,EAAE,KAAK,cAAqB,EAAE,CAAQ;AAC5F,UAAM,cAAc,oBAAI,IAAY;AACpC,eAAW,QAAQ,eAAe;AAChC,YAAM,MAAM,OAAQ,KAAa,MAAM,MAAO,KAAa,QAAQ,EAAE;AACrE,UAAI,IAAK,aAAY,IAAI,GAAG;AAAA,IAC9B;AACA,QAAI,YAAY,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC3F,QAAI,UAAU;AACZ,iBAAW,OAAO,MAAM,KAAK,QAAQ,GAAG;AACtC,YAAI,CAAC,YAAY,IAAI,GAAG,EAAG,UAAS,OAAO,GAAG;AAAA,MAChD;AAAA,IACF,OAAO;AACL,iBAAW;AAAA,IACb;AACA,QAAI,CAAC,YAAY,SAAS,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAAA,EACvG;AACA,MAAI,YAAY,SAAS,MAAM;AAC7B,UAAM,KAAK,EAAE,KAAK,MAAM,KAAK,QAAQ,EAAS;AAAA,EAChD,WAAW,IAAI;AACb,UAAM,KAAK;AAAA,EACb;AACA,QAAM,CAAC,MAAM,KAAK,IAAI,MAAM,GAAG,aAAa,MAAM,OAAO,EAAE,OAAO,UAAU,SAAS,OAAO,KAAK,SAAS,CAAC;AAC3G,QAAM,UAAU,KAAK,IAAI,CAAC,MAAW,EAAE,EAAE;AACzC,QAAM,QAAQ,QAAQ,SAClB,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,EAAE,MAAM,EAAE,KAAK,QAAe,EAAE;AAAA,IAChC,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,IACA,CAAC;AACL,QAAM,UAAoC,CAAC;AAC3C,aAAW,KAAK,OAAO;AACrB,UAAM,MAAM,OAAQ,EAAU,MAAM,MAAO,EAAU,IAAI;AACzD,UAAM,QAAQ,OAAQ,EAAU,MAAM,QAAQ,EAAE;AAChD,QAAI,CAAC,QAAQ,GAAG,EAAG,SAAQ,GAAG,IAAI,CAAC;AACnC,QAAI,MAAO,SAAQ,GAAG,EAAE,KAAK,KAAK;AAAA,EACpC;AACA,QAAM,SAAS,KACZ,IAAI,CAAC,MAAY,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI,IAAK,EACpE,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC;AAC/C,MAAI,SAAiC,CAAC;AACtC,MAAI,aAAa,QAAQ;AACvB,UAAM,gBAAgB,MAAM,GAAG;AAAA,MAC7B;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,aAAoB,GAAG,WAAW,KAAK;AAAA,IACtD;AACA,aAAS,cAAc,OAA+B,CAAC,KAAK,QAAQ;AAClE,YAAM,QAAQ,KAAK,KAAK,OAAO,IAAI,EAAE,IAAI;AACzC,UAAI,CAAC,MAAO,QAAO;AACnB,YAAM,UAAW,KAAa;AAC9B,YAAM,UAAU,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AAC9E,UAAI,KAAK,IAAI;AACb,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,YAAY,KACf,IAAI,CAAC,MAAY,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI,IAAK,EACxD,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,kBAAkB,MAAM,KAAK,IAAI,IAAI,SAAS,CAAC;AACrD,MAAI,YAAoC,CAAC;AACzC,MAAI,gBAAgB,QAAQ;AAC1B,UAAM,UAAU,MAAM,GAAG;AAAA,MACvB;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,gBAAuB,GAAG,WAAW,KAAK;AAAA,IACzD;AACA,gBAAY,QAAQ,OAA+B,CAAC,KAAK,WAAW;AAClE,YAAM,WAAW,QAAQ,KAAK,OAAO,OAAO,EAAE,IAAI;AAClD,UAAI,CAAC,SAAU,QAAO;AACtB,YAAM,UAAW,QAAgB;AACjC,YAAM,aAAa,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AACjF,UAAI,QAAQ,IAAI;AAChB,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,eAA8C,CAAC;AACrD,QAAM,qBAAoD,CAAC;AAC3D,aAAW,KAAK,MAAM;AACpB,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,iBAAa,GAAG,IAAI,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AACtD,uBAAmB,GAAG,IAAI,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAAA,EAC1E;AACA,QAAM,WAAW,QAAQ,SACrB,MAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,UAAU,EAAE,KAAK;AAAA,IACjB,WAAW,QAAQ,IAAI,MAAM;AAAA,IAC7B,kBAAkB;AAAA,IAClB,wBAAwB;AAAA,IACxB,iBAAiB,KAAK,WAAW,CAAC,KAAK,QAAQ,IAAI,CAAC;AAAA,EACtD,CAAC,IACD,CAAC;AAEL,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAW;AACjC,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,UAAM,QAAQ,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAC5D,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO,OAAO,EAAE,KAAK;AAAA,MACrB,gBAAgB;AAAA,MAChB,kBAAkB,QAAQ,OAAO,KAAK,KAAK,QAAQ;AAAA,MACnD,UAAU,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC5C,YAAY,EAAE,WAAW,UAAU,OAAO,EAAE,QAAQ,CAAC,KAAK,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC/E,OAAO,QAAQ,GAAG,KAAK,CAAC;AAAA,MACxB,GAAI,SAAS,GAAG,KAAK,CAAC;AAAA,IACxB;AAAA,EACF,CAAC;AACD,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAC1D,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT,cAAc;AAAA,IACd,gBAAgB;AAAA,IAChB,UAAU,KAAK,YAAY;AAAA,IAC3B,OAAO,OAAO;AAAA,IACd,YAAY,KAAK,cAAc;AAAA,EACjC,CAAC;AACD,SAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,YAAY,aAAa,CAAC;AAC5E;AAEO,MAAM,OAAO,OAAO,QAAiB;AAC1C,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,KAAK,GAAG;AACtB;AAEO,MAAM,MAAM,OAAO,QAAiB;AACzC,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,IAAI,GAAG;AACrB;AAEO,MAAM,SAAS,KAAK;AAE3B,eAAe,qBAAqB,KAAc,OAAgB;AAChE,MAAI,CAAC,MAAM,QAAQ,KAAK,EAAG;AAC3B,QAAM,aAAa,MAChB,IAAI,CAAC,SAAU,OAAO,SAAS,WAAW,KAAK,KAAK,EAAE,YAAY,IAAI,IAAK,EAC3E,OAAO,CAAC,SAAyB,CAAC,CAAC,IAAI;AAC1C,MAAI,CAAC,WAAW,SAAS,YAAY,EAAG;AACxC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,cAAc;AACzC,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AAChH,MAAI,CAAC,KAAK,cAAc;AACtB,UAAM,UAAU,2DAA2D;AAAA,EAC7E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,uBAAuB;AAAA,MAChF;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,QAC5C;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sCAAsC,QAAQ,oBAAoB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,MAClG;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,QAC3E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,iBAAiB,EAAE,CAAC;AAAA,MACrE,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,0BAA0B,QAAQ,oBAAoB;AAAA,QAClF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-explicit-any */\nimport { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { logCrudAccess, makeCrudRoute } from '@open-mercato/shared/lib/crud/factory'\nimport { forbidden } from '@open-mercato/shared/lib/crud/errors'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { User, Role, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { Organization, Tenant } from '@open-mercato/core/modules/directory/data/entities'\nimport { E } from '#generated/entities.ids.generated'\nimport { loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { userCrudEvents, userCrudIndexer } from '@open-mercato/core/modules/auth/commands/users'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { escapeLikePattern } from '@open-mercato/shared/lib/db/escapeLikePattern'\nimport { buildPasswordSchema } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\nconst querySchema = z.object({\n  id: z.string().uuid().optional(),\n  page: z.coerce.number().min(1).default(1),\n  pageSize: z.coerce.number().min(1).max(100).default(50),\n  search: z.string().optional(),\n  organizationId: z.string().uuid().optional(),\n  roleIds: z.array(z.string().uuid()).optional(),\n}).passthrough()\n\nconst rawBodySchema = z.object({}).passthrough()\n\nconst passwordSchema = buildPasswordSchema()\n\nconst userCreateSchema = z.object({\n  email: z.string().email(),\n  password: passwordSchema,\n  organizationId: z.string().uuid(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userUpdateSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email().optional(),\n  password: passwordSchema.optional(),\n  organizationId: z.string().uuid().optional(),\n  roles: z.array(z.string()).optional(),\n})\n\nconst userListItemSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string().email(),\n  organizationId: z.string().uuid().nullable(),\n  organizationName: z.string().nullable(),\n  tenantId: z.string().uuid().nullable(),\n  tenantName: z.string().nullable(),\n  roles: z.array(z.string()),\n})\n\nconst userListResponseSchema = z.object({\n  items: z.array(userListItemSchema),\n  total: z.number().int().nonnegative(),\n  totalPages: z.number().int().positive(),\n  isSuperAdmin: z.boolean().optional(),\n})\n\nconst okResponseSchema = z.object({ ok: z.literal(true) })\n\nconst errorResponseSchema = z.object({ error: z.string() })\n\ntype CrudInput = Record<string, unknown>\n\nconst routeMetadata = {\n  GET: { requireAuth: true, requireFeatures: ['auth.users.list'] },\n  POST: { requireAuth: true, requireFeatures: ['auth.users.create'] },\n  PUT: { requireAuth: true, requireFeatures: ['auth.users.edit'] },\n  DELETE: { requireAuth: true, requireFeatures: ['auth.users.delete'] },\n}\n\nexport const metadata = routeMetadata\n\nconst crud = makeCrudRoute<CrudInput, CrudInput, Record<string, unknown>>({\n  metadata: routeMetadata,\n  orm: {\n    entity: User,\n    idField: 'id',\n    orgField: null,\n    tenantField: null,\n    softDeleteField: 'deletedAt',\n  },\n  events: userCrudEvents,\n  indexer: userCrudIndexer,\n  actions: {\n    create: {\n      commandId: 'auth.users.create',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: ({ result }) => ({ id: String(result.id) }),\n      status: 201,\n    },\n    update: {\n      commandId: 'auth.users.update',\n      schema: rawBodySchema,\n      mapInput: async ({ parsed, ctx }) => {\n        if (ctx.request) {\n          await assertCanAssignRoles(ctx.request, parsed.roles)\n        }\n        return parsed\n      },\n      response: () => ({ ok: true }),\n    },\n    delete: {\n      commandId: 'auth.users.delete',\n      response: () => ({ ok: true }),\n    },\n  },\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const url = new URL(req.url)\n  const rawRoleIds = url.searchParams.getAll('roleId').filter((id): id is string => typeof id === 'string' && id.trim().length > 0)\n  const parsed = querySchema.safeParse({\n    id: url.searchParams.get('id') || undefined,\n    page: url.searchParams.get('page') || undefined,\n    pageSize: url.searchParams.get('pageSize') || undefined,\n    search: url.searchParams.get('search') || undefined,\n    organizationId: url.searchParams.get('organizationId') || undefined,\n    roleIds: rawRoleIds.length ? rawRoleIds : undefined,\n  })\n  if (!parsed.success) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager)\n  let isSuperAdmin = false\n  try {\n    if (auth.sub) {\n      const rbacService = container.resolve('rbacService') as any\n      const acl = await rbacService.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n      isSuperAdmin = !!acl?.isSuperAdmin\n    }\n  } catch (err) {\n    console.error('users: failed to resolve rbac', err)\n  }\n  const { id, page, pageSize, search, organizationId, roleIds } = parsed.data\n  const where: any = { deletedAt: null }\n  if (!isSuperAdmin) {\n    if (!auth.tenantId) {\n      return NextResponse.json({ items: [], total: 0, totalPages: 1, isSuperAdmin })\n    }\n    where.tenantId = auth.tenantId\n  }\n  if (organizationId) where.organizationId = organizationId\n  if (search) where.email = { $ilike: `%${escapeLikePattern(search)}%` } as any\n  let idFilter: Set<string> | null = id ? new Set([id]) : null\n  if (Array.isArray(roleIds) && roleIds.length > 0) {\n    const uniqueRoleIds = Array.from(new Set(roleIds))\n    const linksForRoles = await em.find(UserRole, { role: { $in: uniqueRoleIds as any } } as any)\n    const roleUserIds = new Set<string>()\n    for (const link of linksForRoles) {\n      const uid = String((link as any).user?.id || (link as any).user || '')\n      if (uid) roleUserIds.add(uid)\n    }\n    if (roleUserIds.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n    if (idFilter) {\n      for (const uid of Array.from(idFilter)) {\n        if (!roleUserIds.has(uid)) idFilter.delete(uid)\n      }\n    } else {\n      idFilter = roleUserIds\n    }\n    if (!idFilter || idFilter.size === 0) return NextResponse.json({ items: [], total: 0, totalPages: 1 })\n  }\n  if (idFilter && idFilter.size) {\n    where.id = { $in: Array.from(idFilter) as any }\n  } else if (id) {\n    where.id = id\n  }\n  const [rows, count] = await em.findAndCount(User, where, { limit: pageSize, offset: (page - 1) * pageSize })\n  const userIds = rows.map((u: any) => u.id)\n  const links = userIds.length\n    ? await findWithDecryption(\n        em,\n        UserRole,\n        { user: { $in: userIds as any } } as any,\n        { populate: ['role'] },\n        { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n      )\n    : []\n  const roleMap: Record<string, string[]> = {}\n  for (const l of links) {\n    const uid = String((l as any).user?.id || (l as any).user)\n    const rname = String((l as any).role?.name || '')\n    if (!roleMap[uid]) roleMap[uid] = []\n    if (rname) roleMap[uid].push(rname)\n  }\n  const orgIds = rows\n    .map((u: any) => (u.organizationId ? String(u.organizationId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueOrgIds = Array.from(new Set(orgIds))\n  let orgMap: Record<string, string> = {}\n  if (uniqueOrgIds.length) {\n    const organizations = await em.find(\n      Organization,\n      { id: { $in: uniqueOrgIds as any }, deletedAt: null },\n    )\n    orgMap = organizations.reduce<Record<string, string>>((acc, org) => {\n      const orgId = org?.id ? String(org.id) : null\n      if (!orgId) return acc\n      const rawName = (org as any)?.name\n      const orgName = typeof rawName === 'string' && rawName.length > 0 ? rawName : orgId\n      acc[orgId] = orgName\n      return acc\n    }, {})\n  }\n  const tenantIds = rows\n    .map((u: any) => (u.tenantId ? String(u.tenantId) : null))\n    .filter((id): id is string => !!id)\n  const uniqueTenantIds = Array.from(new Set(tenantIds))\n  let tenantMap: Record<string, string> = {}\n  if (uniqueTenantIds.length) {\n    const tenants = await em.find(\n      Tenant,\n      { id: { $in: uniqueTenantIds as any }, deletedAt: null },\n    )\n    tenantMap = tenants.reduce<Record<string, string>>((acc, tenant) => {\n      const tenantId = tenant?.id ? String(tenant.id) : null\n      if (!tenantId) return acc\n      const rawName = (tenant as any)?.name\n      const tenantName = typeof rawName === 'string' && rawName.length > 0 ? rawName : tenantId\n      acc[tenantId] = tenantName\n      return acc\n    }, {})\n  }\n  const tenantByUser: Record<string, string | null> = {}\n  const organizationByUser: Record<string, string | null> = {}\n  for (const u of rows) {\n    const uid = String(u.id)\n    tenantByUser[uid] = u.tenantId ? String(u.tenantId) : null\n    organizationByUser[uid] = u.organizationId ? String(u.organizationId) : null\n  }\n  const cfByUser = userIds.length\n    ? await loadCustomFieldValues({\n        em,\n        entityId: E.auth.user,\n        recordIds: userIds.map(String),\n        tenantIdByRecord: tenantByUser,\n        organizationIdByRecord: organizationByUser,\n        tenantFallbacks: auth.tenantId ? [auth.tenantId] : [],\n      })\n    : {}\n\n  const items = rows.map((u: any) => {\n    const uid = String(u.id)\n    const orgId = u.organizationId ? String(u.organizationId) : null\n    return {\n      id: uid,\n      email: String(u.email),\n      organizationId: orgId,\n      organizationName: orgId ? orgMap[orgId] ?? orgId : null,\n      tenantId: u.tenantId ? String(u.tenantId) : null,\n      tenantName: u.tenantId ? tenantMap[String(u.tenantId)] ?? String(u.tenantId) : null,\n      roles: roleMap[uid] || [],\n      ...(cfByUser[uid] || {}),\n    }\n  })\n  const totalPages = Math.max(1, Math.ceil(count / pageSize))\n  await logCrudAccess({\n    container,\n    auth,\n    request: req,\n    items,\n    idField: 'id',\n    resourceKind: 'auth.user',\n    organizationId: null,\n    tenantId: auth.tenantId ?? null,\n    query: parsed.data,\n    accessType: id ? 'read:item' : undefined,\n  })\n  return NextResponse.json({ items, total: count, totalPages, isSuperAdmin })\n}\n\nexport const POST = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.POST(req)\n}\n\nexport const PUT = async (req: Request) => {\n  const body = await req.clone().json().catch(() => ({}))\n  await assertCanAssignRoles(req, body?.roles)\n  return crud.PUT(req)\n}\n\nexport const DELETE = crud.DELETE\n\nasync function assertCanAssignRoles(req: Request, roles: unknown) {\n  if (!Array.isArray(roles)) return\n  const normalized = roles\n    .map((role) => (typeof role === 'string' ? role.trim().toLowerCase() : null))\n    .filter((role): role is string => !!role)\n  if (!normalized.includes('superadmin')) return\n  const auth = await getAuthFromRequest(req)\n  if (!auth) throw new Error('Unauthorized')\n  const container = await createRequestContainer()\n  const rbac = container.resolve('rbacService') as RbacService\n  const acl = await rbac.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n  if (!acl?.isSuperAdmin) {\n    throw forbidden('Only super administrators can assign the superadmin role.')\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'User management',\n  methods: {\n    GET: {\n      summary: 'List users',\n      description:\n        'Returns users for the current tenant. Super administrators may scope the response via organization or role filters.',\n      query: querySchema,\n      responses: [\n        { status: 200, description: 'User collection', schema: userListResponseSchema },\n      ],\n    },\n    POST: {\n      summary: 'Create user',\n      description: 'Creates a new confirmed user within the specified organization and optional roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userCreateSchema,\n      },\n      responses: [\n        {\n          status: 201,\n          description: 'User created',\n          schema: z.object({ id: z.string().uuid() }),\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload or duplicate email', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update user',\n      description: 'Updates profile fields, organization assignment, credentials, or role memberships.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: userUpdateSchema,\n      },\n      responses: [\n        { status: 200, description: 'User updated', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid payload', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 403, description: 'Attempted to assign privileged roles', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n    DELETE: {\n      summary: 'Delete user',\n      description: 'Deletes a user by identifier. Undo support is provided via the command bus.',\n      query: z.object({ id: z.string().uuid().describe('User identifier') }),\n      responses: [\n        { status: 200, description: 'User deleted', schema: okResponseSchema },\n      ],\n      errors: [\n        { status: 400, description: 'User cannot be deleted', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 404, description: 'User not found', schema: errorResponseSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AACA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,eAAe,qBAAqB;AAC7C,SAAS,iBAAiB;AAC1B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,MAAY,gBAAgB;AAErC,SAAS,cAAc,cAAc;AACrC,SAAS,SAAS;AAClB,SAAS,6BAA6B;AAEtC,SAAS,gBAAgB,uBAAuB;AAChD,SAAS,0BAA0B;AACnC,SAAS,yBAAyB;AAClC,SAAS,2BAA2B;AAEpC,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,QAAQ,EAAE;AAAA,EACtD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,SAAS;AAC/C,CAAC,EAAE,YAAY;AAEf,MAAM,gBAAgB,EAAE,OAAO,CAAC,CAAC,EAAE,YAAY;AAE/C,MAAM,iBAAiB,oBAAoB;AAE3C,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,UAAU;AAAA,EACV,gBAAgB,EAAE,OAAO,EAAE,KAAK;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACnC,UAAU,eAAe,SAAS;AAAA,EAClC,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACtC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,kBAAkB,EAAE,OAAO,EAAE,SAAS;AAAA,EACtC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EACrC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC;AAC3B,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,OAAO,EAAE,MAAM,kBAAkB;AAAA,EACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY;AAAA,EACpC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACtC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACrC,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AAEzD,MAAM,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAI1D,MAAM,gBAAgB;AAAA,EACpB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AAAA,EAClE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;AAAA,EAC/D,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AACtE;AAEO,MAAM,WAAW;AAExB,MAAM,OAAO,cAA6D;AAAA,EACxE,UAAU;AAAA,EACV,KAAK;AAAA,IACH,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,iBAAiB;AAAA,EACnB;AAAA,EACA,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,CAAC,EAAE,OAAO,OAAO,EAAE,IAAI,OAAO,OAAO,EAAE,EAAE;AAAA,MACnD,QAAQ;AAAA,IACV;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,UAAU,OAAO,EAAE,QAAQ,IAAI,MAAM;AACnC,YAAI,IAAI,SAAS;AACf,gBAAM,qBAAqB,IAAI,SAAS,OAAO,KAAK;AAAA,QACtD;AACA,eAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,IACA,QAAQ;AAAA,MACN,WAAW;AAAA,MACX,UAAU,OAAO,EAAE,IAAI,KAAK;AAAA,IAC9B;AAAA,EACF;AACF,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC1E,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,aAAa,IAAI,aAAa,OAAO,QAAQ,EAAE,OAAO,CAACA,QAAqB,OAAOA,QAAO,YAAYA,IAAG,KAAK,EAAE,SAAS,CAAC;AAChI,QAAM,SAAS,YAAY,UAAU;AAAA,IACnC,IAAI,IAAI,aAAa,IAAI,IAAI,KAAK;AAAA,IAClC,MAAM,IAAI,aAAa,IAAI,MAAM,KAAK;AAAA,IACtC,UAAU,IAAI,aAAa,IAAI,UAAU,KAAK;AAAA,IAC9C,QAAQ,IAAI,aAAa,IAAI,QAAQ,KAAK;AAAA,IAC1C,gBAAgB,IAAI,aAAa,IAAI,gBAAgB,KAAK;AAAA,IAC1D,SAAS,WAAW,SAAS,aAAa;AAAA,EAC5C,CAAC;AACD,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AACpF,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI;AAClC,MAAI,eAAe;AACnB,MAAI;AACF,QAAI,KAAK,KAAK;AACZ,YAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,YAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AACvH,qBAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,iCAAiC,GAAG;AAAA,EACpD;AACA,QAAM,EAAE,IAAI,MAAM,UAAU,QAAQ,gBAAgB,QAAQ,IAAI,OAAO;AACvE,QAAM,QAAa,EAAE,WAAW,KAAK;AACrC,MAAI,CAAC,cAAc;AACjB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,GAAG,aAAa,CAAC;AAAA,IAC/E;AACA,UAAM,WAAW,KAAK;AAAA,EACxB;AACA,MAAI,eAAgB,OAAM,iBAAiB;AAC3C,MAAI,OAAQ,OAAM,QAAQ,EAAE,QAAQ,IAAI,kBAAkB,MAAM,CAAC,IAAI;AACrE,MAAI,WAA+B,KAAK,oBAAI,IAAI,CAAC,EAAE,CAAC,IAAI;AACxD,MAAI,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,GAAG;AAChD,UAAM,gBAAgB,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC;AACjD,UAAM,gBAAgB,MAAM,GAAG,KAAK,UAAU,EAAE,MAAM,EAAE,KAAK,cAAqB,EAAE,CAAQ;AAC5F,UAAM,cAAc,oBAAI,IAAY;AACpC,eAAW,QAAQ,eAAe;AAChC,YAAM,MAAM,OAAQ,KAAa,MAAM,MAAO,KAAa,QAAQ,EAAE;AACrE,UAAI,IAAK,aAAY,IAAI,GAAG;AAAA,IAC9B;AACA,QAAI,YAAY,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAC3F,QAAI,UAAU;AACZ,iBAAW,OAAO,MAAM,KAAK,QAAQ,GAAG;AACtC,YAAI,CAAC,YAAY,IAAI,GAAG,EAAG,UAAS,OAAO,GAAG;AAAA,MAChD;AAAA,IACF,OAAO;AACL,iBAAW;AAAA,IACb;AACA,QAAI,CAAC,YAAY,SAAS,SAAS,EAAG,QAAO,aAAa,KAAK,EAAE,OAAO,CAAC,GAAG,OAAO,GAAG,YAAY,EAAE,CAAC;AAAA,EACvG;AACA,MAAI,YAAY,SAAS,MAAM;AAC7B,UAAM,KAAK,EAAE,KAAK,MAAM,KAAK,QAAQ,EAAS;AAAA,EAChD,WAAW,IAAI;AACb,UAAM,KAAK;AAAA,EACb;AACA,QAAM,CAAC,MAAM,KAAK,IAAI,MAAM,GAAG,aAAa,MAAM,OAAO,EAAE,OAAO,UAAU,SAAS,OAAO,KAAK,SAAS,CAAC;AAC3G,QAAM,UAAU,KAAK,IAAI,CAAC,MAAW,EAAE,EAAE;AACzC,QAAM,QAAQ,QAAQ,SAClB,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,EAAE,MAAM,EAAE,KAAK,QAAe,EAAE;AAAA,IAChC,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,IACA,CAAC;AACL,QAAM,UAAoC,CAAC;AAC3C,aAAW,KAAK,OAAO;AACrB,UAAM,MAAM,OAAQ,EAAU,MAAM,MAAO,EAAU,IAAI;AACzD,UAAM,QAAQ,OAAQ,EAAU,MAAM,QAAQ,EAAE;AAChD,QAAI,CAAC,QAAQ,GAAG,EAAG,SAAQ,GAAG,IAAI,CAAC;AACnC,QAAI,MAAO,SAAQ,GAAG,EAAE,KAAK,KAAK;AAAA,EACpC;AACA,QAAM,SAAS,KACZ,IAAI,CAAC,MAAY,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI,IAAK,EACpE,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC;AAC/C,MAAI,SAAiC,CAAC;AACtC,MAAI,aAAa,QAAQ;AACvB,UAAM,gBAAgB,MAAM,GAAG;AAAA,MAC7B;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,aAAoB,GAAG,WAAW,KAAK;AAAA,IACtD;AACA,aAAS,cAAc,OAA+B,CAAC,KAAK,QAAQ;AAClE,YAAM,QAAQ,KAAK,KAAK,OAAO,IAAI,EAAE,IAAI;AACzC,UAAI,CAAC,MAAO,QAAO;AACnB,YAAM,UAAW,KAAa;AAC9B,YAAM,UAAU,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AAC9E,UAAI,KAAK,IAAI;AACb,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,YAAY,KACf,IAAI,CAAC,MAAY,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI,IAAK,EACxD,OAAO,CAACA,QAAqB,CAAC,CAACA,GAAE;AACpC,QAAM,kBAAkB,MAAM,KAAK,IAAI,IAAI,SAAS,CAAC;AACrD,MAAI,YAAoC,CAAC;AACzC,MAAI,gBAAgB,QAAQ;AAC1B,UAAM,UAAU,MAAM,GAAG;AAAA,MACvB;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,gBAAuB,GAAG,WAAW,KAAK;AAAA,IACzD;AACA,gBAAY,QAAQ,OAA+B,CAAC,KAAK,WAAW;AAClE,YAAM,WAAW,QAAQ,KAAK,OAAO,OAAO,EAAE,IAAI;AAClD,UAAI,CAAC,SAAU,QAAO;AACtB,YAAM,UAAW,QAAgB;AACjC,YAAM,aAAa,OAAO,YAAY,YAAY,QAAQ,SAAS,IAAI,UAAU;AACjF,UAAI,QAAQ,IAAI;AAChB,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP;AACA,QAAM,eAA8C,CAAC;AACrD,QAAM,qBAAoD,CAAC;AAC3D,aAAW,KAAK,MAAM;AACpB,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,iBAAa,GAAG,IAAI,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AACtD,uBAAmB,GAAG,IAAI,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAAA,EAC1E;AACA,QAAM,WAAW,QAAQ,SACrB,MAAM,sBAAsB;AAAA,IAC1B;AAAA,IACA,UAAU,EAAE,KAAK;AAAA,IACjB,WAAW,QAAQ,IAAI,MAAM;AAAA,IAC7B,kBAAkB;AAAA,IAClB,wBAAwB;AAAA,IACxB,iBAAiB,KAAK,WAAW,CAAC,KAAK,QAAQ,IAAI,CAAC;AAAA,EACtD,CAAC,IACD,CAAC;AAEL,QAAM,QAAQ,KAAK,IAAI,CAAC,MAAW;AACjC,UAAM,MAAM,OAAO,EAAE,EAAE;AACvB,UAAM,QAAQ,EAAE,iBAAiB,OAAO,EAAE,cAAc,IAAI;AAC5D,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO,OAAO,EAAE,KAAK;AAAA,MACrB,gBAAgB;AAAA,MAChB,kBAAkB,QAAQ,OAAO,KAAK,KAAK,QAAQ;AAAA,MACnD,UAAU,EAAE,WAAW,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC5C,YAAY,EAAE,WAAW,UAAU,OAAO,EAAE,QAAQ,CAAC,KAAK,OAAO,EAAE,QAAQ,IAAI;AAAA,MAC/E,OAAO,QAAQ,GAAG,KAAK,CAAC;AAAA,MACxB,GAAI,SAAS,GAAG,KAAK,CAAC;AAAA,IACxB;AAAA,EACF,CAAC;AACD,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAC1D,QAAM,cAAc;AAAA,IAClB;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA,SAAS;AAAA,IACT,cAAc;AAAA,IACd,gBAAgB;AAAA,IAChB,UAAU,KAAK,YAAY;AAAA,IAC3B,OAAO,OAAO;AAAA,IACd,YAAY,KAAK,cAAc;AAAA,EACjC,CAAC;AACD,SAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,YAAY,aAAa,CAAC;AAC5E;AAEO,MAAM,OAAO,OAAO,QAAiB;AAC1C,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,KAAK,GAAG;AACtB;AAEO,MAAM,MAAM,OAAO,QAAiB;AACzC,QAAM,OAAO,MAAM,IAAI,MAAM,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,QAAM,qBAAqB,KAAK,MAAM,KAAK;AAC3C,SAAO,KAAK,IAAI,GAAG;AACrB;AAEO,MAAM,SAAS,KAAK;AAE3B,eAAe,qBAAqB,KAAc,OAAgB;AAChE,MAAI,CAAC,MAAM,QAAQ,KAAK,EAAG;AAC3B,QAAM,aAAa,MAChB,IAAI,CAAC,SAAU,OAAO,SAAS,WAAW,KAAK,KAAK,EAAE,YAAY,IAAI,IAAK,EAC3E,OAAO,CAAC,SAAyB,CAAC,CAAC,IAAI;AAC1C,MAAI,CAAC,WAAW,SAAS,YAAY,EAAG;AACxC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,cAAc;AACzC,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AAChH,MAAI,CAAC,KAAK,cAAc;AACtB,UAAM,UAAU,2DAA2D;AAAA,EAC7E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,uBAAuB;AAAA,MAChF;AAAA,IACF;AAAA,IACA,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,QAC5C;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sCAAsC,QAAQ,oBAAoB;AAAA,QAC9F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,MAClG;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,QAC3E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,iBAAiB,EAAE,CAAC;AAAA,MACrE,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,0BAA0B,QAAQ,oBAAoB;AAAA,QAClF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,oBAAoB;AAAA,MAC5E;AAAA,IACF;AAAA,EACF;AACF;",
   "names": ["id"]
 }

package/dist/modules/auth/backend/auth/profile/page.js ADDED Viewed

@@ -0,0 +1,141 @@
+"use client";
+import { jsx, jsxs } from "react/jsx-runtime";
+import * as React from "react";
+import { useRouter } from "next/navigation";
+import { z } from "zod";
+import { Save } from "lucide-react";
+import { Page, PageBody } from "@open-mercato/ui/backend/Page";
+import { CrudForm } from "@open-mercato/ui/backend/CrudForm";
+import { apiCall, readApiResultOrThrow } from "@open-mercato/ui/backend/utils/apiCall";
+import { createCrudFormError } from "@open-mercato/ui/backend/utils/serverErrors";
+import { flash } from "@open-mercato/ui/backend/FlashMessages";
+import { LoadingMessage, ErrorMessage } from "@open-mercato/ui/backend/detail";
+import { Button } from "@open-mercato/ui/primitives/button";
+import { useT } from "@open-mercato/shared/lib/i18n/context";
+import { buildPasswordSchema, formatPasswordRequirements, getPasswordPolicy } from "@open-mercato/shared/lib/auth/passwordPolicy";
+function AuthProfilePage() {
+  const t = useT();
+  const router = useRouter();
+  const [loading, setLoading] = React.useState(true);
+  const [error, setError] = React.useState(null);
+  const [email, setEmail] = React.useState("");
+  const [formKey, setFormKey] = React.useState(0);
+  const formId = React.useId();
+  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), []);
+  const passwordRequirements = React.useMemo(
+    () => formatPasswordRequirements(passwordPolicy, t),
+    [passwordPolicy, t]
+  );
+  const passwordDescription = React.useMemo(() => passwordRequirements ? t("auth.password.requirements.help", "Password requirements: {requirements}", { requirements: passwordRequirements }) : void 0, [passwordRequirements, t]);
+  React.useEffect(() => {
+    let cancelled = false;
+    async function load() {
+      setLoading(true);
+      setError(null);
+      try {
+        const { ok, result } = await apiCall("/api/auth/profile");
+        if (!ok) throw new Error("load_failed");
+        const resolvedEmail = typeof result?.email === "string" ? result.email : "";
+        if (!cancelled) setEmail(resolvedEmail);
+      } catch (err) {
+        console.error("Failed to load auth profile", err);
+        if (!cancelled) setError(t("auth.profile.form.errors.load", "Failed to load profile."));
+      } finally {
+        if (!cancelled) setLoading(false);
+      }
+    }
+    load();
+    return () => {
+      cancelled = true;
+    };
+  }, [t]);
+  const fields = React.useMemo(() => [
+    { id: "email", label: t("auth.profile.form.email", "Email"), type: "text", required: true },
+    {
+      id: "password",
+      label: t("auth.profile.form.password", "New password"),
+      type: "text",
+      description: passwordDescription
+    },
+    { id: "confirmPassword", label: t("auth.profile.form.confirmPassword", "Confirm new password"), type: "text" }
+  ], [passwordDescription, t]);
+  const schema = React.useMemo(() => {
+    const passwordSchema = buildPasswordSchema({
+      policy: passwordPolicy,
+      message: t("auth.profile.form.errors.passwordRequirements", "Password must meet the requirements.")
+    });
+    const optionalPasswordSchema = z.union([z.literal(""), passwordSchema]).optional();
+    return z.object({
+      email: z.string().trim().min(1, t("auth.profile.form.errors.emailRequired", "Email is required.")),
+      password: optionalPasswordSchema,
+      confirmPassword: z.string().optional()
+    }).superRefine((values, ctx) => {
+      const password = values.password?.trim() ?? "";
+      const confirmPassword = values.confirmPassword?.trim() ?? "";
+      if ((password || confirmPassword) && password !== confirmPassword) {
+        ctx.addIssue({
+          code: z.ZodIssueCode.custom,
+          message: t("auth.profile.form.errors.passwordMismatch", "Passwords do not match."),
+          path: ["confirmPassword"]
+        });
+      }
+    });
+  }, [passwordPolicy, t]);
+  const handleSubmit = React.useCallback(async (values) => {
+    const nextEmail = values.email?.trim() ?? "";
+    const password = values.password?.trim() ?? "";
+    if (!password && nextEmail === email) {
+      throw createCrudFormError(t("auth.profile.form.errors.noChanges", "No changes to save."));
+    }
+    const payload = { email: nextEmail };
+    if (password) payload.password = password;
+    const result = await readApiResultOrThrow(
+      "/api/auth/profile",
+      {
+        method: "PUT",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify(payload)
+      },
+      { errorMessage: t("auth.profile.form.errors.save", "Failed to update profile.") }
+    );
+    const resolvedEmail = typeof result?.email === "string" ? result.email : nextEmail;
+    setEmail(resolvedEmail);
+    setFormKey((prev) => prev + 1);
+    flash(t("auth.profile.form.success", "Profile updated."), "success");
+    router.refresh();
+  }, [email, router, t]);
+  return /* @__PURE__ */ jsx(Page, { children: /* @__PURE__ */ jsx(PageBody, { children: loading ? /* @__PURE__ */ jsx(LoadingMessage, { label: t("auth.profile.form.loading", "Loading profile...") }) : error ? /* @__PURE__ */ jsx(ErrorMessage, { label: error }) : /* @__PURE__ */ jsxs("section", { className: "space-y-6 rounded-lg border bg-background p-6", children: [
+    /* @__PURE__ */ jsxs("header", { className: "flex flex-col gap-4 sm:flex-row sm:items-start sm:justify-between", children: [
+      /* @__PURE__ */ jsxs("div", { className: "space-y-1", children: [
+        /* @__PURE__ */ jsx("h2", { className: "text-lg font-semibold", children: t("auth.profile.title", "Profile") }),
+        /* @__PURE__ */ jsx("p", { className: "text-sm text-muted-foreground", children: t("auth.profile.subtitle", "Change password") })
+      ] }),
+      /* @__PURE__ */ jsxs(Button, { type: "submit", form: formId, children: [
+        /* @__PURE__ */ jsx(Save, { className: "size-4 mr-2" }),
+        t("auth.profile.form.save", "Save changes")
+      ] })
+    ] }),
+    /* @__PURE__ */ jsx(
+      CrudForm,
+      {
+        formId,
+        schema,
+        fields,
+        initialValues: {
+          email,
+          password: "",
+          confirmPassword: ""
+        },
+        submitLabel: t("auth.profile.form.save", "Save changes"),
+        onSubmit: handleSubmit,
+        embedded: true,
+        hideFooterActions: true
+      },
+      formKey
+    )
+  ] }) }) });
+}
+export {
+  AuthProfilePage as default
+};
+//# sourceMappingURL=page.js.map

package/dist/modules/auth/backend/auth/profile/page.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/modules/auth/backend/auth/profile/page.tsx"],
+  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { useRouter } from 'next/navigation'\nimport { z } from 'zod'\nimport { Save } from 'lucide-react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { createCrudFormError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { LoadingMessage, ErrorMessage } from '@open-mercato/ui/backend/detail'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { buildPasswordSchema, formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\ntype ProfileResponse = {\n  email?: string | null\n}\n\ntype ProfileUpdateResponse = {\n  ok?: boolean\n  email?: string | null\n}\n\ntype ProfileFormValues = {\n  email: string\n  password?: string\n  confirmPassword?: string\n}\n\nexport default function AuthProfilePage() {\n  const t = useT()\n  const router = useRouter()\n  const [loading, setLoading] = React.useState(true)\n  const [error, setError] = React.useState<string | null>(null)\n  const [email, setEmail] = React.useState('')\n  const [formKey, setFormKey] = React.useState(0)\n  const formId = React.useId()\n  const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])\n  const passwordRequirements = React.useMemo(\n    () => formatPasswordRequirements(passwordPolicy, t),\n    [passwordPolicy, t],\n  )\n  const passwordDescription = React.useMemo(() => (\n    passwordRequirements\n      ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })\n      : undefined\n  ), [passwordRequirements, t])\n\n  React.useEffect(() => {\n    let cancelled = false\n    async function load() {\n      setLoading(true)\n      setError(null)\n      try {\n        const { ok, result } = await apiCall<ProfileResponse>('/api/auth/profile')\n        if (!ok) throw new Error('load_failed')\n        const resolvedEmail = typeof result?.email === 'string' ? result.email : ''\n        if (!cancelled) setEmail(resolvedEmail)\n      } catch (err) {\n        console.error('Failed to load auth profile', err)\n        if (!cancelled) setError(t('auth.profile.form.errors.load', 'Failed to load profile.'))\n      } finally {\n        if (!cancelled) setLoading(false)\n      }\n    }\n    load()\n    return () => { cancelled = true }\n  }, [t])\n\n  const fields = React.useMemo<CrudField[]>(() => [\n    { id: 'email', label: t('auth.profile.form.email', 'Email'), type: 'text', required: true },\n    {\n      id: 'password',\n      label: t('auth.profile.form.password', 'New password'),\n      type: 'text',\n      description: passwordDescription,\n    },\n    { id: 'confirmPassword', label: t('auth.profile.form.confirmPassword', 'Confirm new password'), type: 'text' },\n  ], [passwordDescription, t])\n\n  const schema = React.useMemo(() => {\n    const passwordSchema = buildPasswordSchema({\n      policy: passwordPolicy,\n      message: t('auth.profile.form.errors.passwordRequirements', 'Password must meet the requirements.'),\n    })\n    const optionalPasswordSchema = z.union([z.literal(''), passwordSchema]).optional()\n    return z.object({\n      email: z.string().trim().min(1, t('auth.profile.form.errors.emailRequired', 'Email is required.')),\n      password: optionalPasswordSchema,\n      confirmPassword: z.string().optional(),\n    }).superRefine((values, ctx) => {\n      const password = values.password?.trim() ?? ''\n      const confirmPassword = values.confirmPassword?.trim() ?? ''\n      if ((password || confirmPassword) && password !== confirmPassword) {\n        ctx.addIssue({\n          code: z.ZodIssueCode.custom,\n          message: t('auth.profile.form.errors.passwordMismatch', 'Passwords do not match.'),\n          path: ['confirmPassword'],\n        })\n      }\n    })\n  }, [passwordPolicy, t])\n\n  const handleSubmit = React.useCallback(async (values: ProfileFormValues) => {\n    const nextEmail = values.email?.trim() ?? ''\n    const password = values.password?.trim() ?? ''\n\n    if (!password && nextEmail === email) {\n      throw createCrudFormError(t('auth.profile.form.errors.noChanges', 'No changes to save.'))\n    }\n\n    const payload: { email: string; password?: string } = { email: nextEmail }\n    if (password) payload.password = password\n\n    const result = await readApiResultOrThrow<ProfileUpdateResponse>(\n      '/api/auth/profile',\n      {\n        method: 'PUT',\n        headers: { 'content-type': 'application/json' },\n        body: JSON.stringify(payload),\n      },\n      { errorMessage: t('auth.profile.form.errors.save', 'Failed to update profile.') },\n    )\n\n    const resolvedEmail = typeof result?.email === 'string' ? result.email : nextEmail\n    setEmail(resolvedEmail)\n    setFormKey((prev) => prev + 1)\n    flash(t('auth.profile.form.success', 'Profile updated.'), 'success')\n    router.refresh()\n  }, [email, router, t])\n\n  return (\n    <Page>\n      <PageBody>\n        {loading ? (\n          <LoadingMessage label={t('auth.profile.form.loading', 'Loading profile...')} />\n        ) : error ? (\n          <ErrorMessage label={error} />\n        ) : (\n          <section className=\"space-y-6 rounded-lg border bg-background p-6\">\n            <header className=\"flex flex-col gap-4 sm:flex-row sm:items-start sm:justify-between\">\n              <div className=\"space-y-1\">\n                <h2 className=\"text-lg font-semibold\">{t('auth.profile.title', 'Profile')}</h2>\n                <p className=\"text-sm text-muted-foreground\">\n                  {t('auth.profile.subtitle', 'Change password')}\n                </p>\n              </div>\n              <Button type=\"submit\" form={formId}>\n                <Save className=\"size-4 mr-2\" />\n                {t('auth.profile.form.save', 'Save changes')}\n              </Button>\n            </header>\n            <CrudForm<ProfileFormValues>\n              key={formKey}\n              formId={formId}\n              schema={schema}\n              fields={fields}\n              initialValues={{\n                email,\n                password: '',\n                confirmPassword: '',\n              }}\n              submitLabel={t('auth.profile.form.save', 'Save changes')}\n              onSubmit={handleSubmit}\n              embedded\n              hideFooterActions\n            />\n          </section>\n        )}\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AAwIU,cAMI,YANJ;AAvIV,YAAY,WAAW;AACvB,SAAS,iBAAiB;AAC1B,SAAS,SAAS;AAClB,SAAS,YAAY;AACrB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAgC;AACzC,SAAS,SAAS,4BAA4B;AAC9C,SAAS,2BAA2B;AACpC,SAAS,aAAa;AACtB,SAAS,gBAAgB,oBAAoB;AAC7C,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,qBAAqB,4BAA4B,yBAAyB;AAiBpE,SAAR,kBAAmC;AACxC,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,EAAE;AAC3C,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,CAAC;AAC9C,QAAM,SAAS,MAAM,MAAM;AAC3B,QAAM,iBAAiB,MAAM,QAAQ,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAClE,QAAM,uBAAuB,MAAM;AAAA,IACjC,MAAM,2BAA2B,gBAAgB,CAAC;AAAA,IAClD,CAAC,gBAAgB,CAAC;AAAA,EACpB;AACA,QAAM,sBAAsB,MAAM,QAAQ,MACxC,uBACI,EAAE,mCAAmC,yCAAyC,EAAE,cAAc,qBAAqB,CAAC,IACpH,QACH,CAAC,sBAAsB,CAAC,CAAC;AAE5B,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAAyB,mBAAmB;AACzE,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,aAAa;AACtC,cAAM,gBAAgB,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ;AACzE,YAAI,CAAC,UAAW,UAAS,aAAa;AAAA,MACxC,SAAS,KAAK;AACZ,gBAAQ,MAAM,+BAA+B,GAAG;AAChD,YAAI,CAAC,UAAW,UAAS,EAAE,iCAAiC,yBAAyB,CAAC;AAAA,MACxF,UAAE;AACA,YAAI,CAAC,UAAW,YAAW,KAAK;AAAA,MAClC;AAAA,IACF;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,CAAC,CAAC;AAEN,QAAM,SAAS,MAAM,QAAqB,MAAM;AAAA,IAC9C,EAAE,IAAI,SAAS,OAAO,EAAE,2BAA2B,OAAO,GAAG,MAAM,QAAQ,UAAU,KAAK;AAAA,IAC1F;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,8BAA8B,cAAc;AAAA,MACrD,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA,EAAE,IAAI,mBAAmB,OAAO,EAAE,qCAAqC,sBAAsB,GAAG,MAAM,OAAO;AAAA,EAC/G,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAE3B,QAAM,SAAS,MAAM,QAAQ,MAAM;AACjC,UAAM,iBAAiB,oBAAoB;AAAA,MACzC,QAAQ;AAAA,MACR,SAAS,EAAE,iDAAiD,sCAAsC;AAAA,IACpG,CAAC;AACD,UAAM,yBAAyB,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC,EAAE,SAAS;AACjF,WAAO,EAAE,OAAO;AAAA,MACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,0CAA0C,oBAAoB,CAAC;AAAA,MACjG,UAAU;AAAA,MACV,iBAAiB,EAAE,OAAO,EAAE,SAAS;AAAA,IACvC,CAAC,EAAE,YAAY,CAAC,QAAQ,QAAQ;AAC9B,YAAM,WAAW,OAAO,UAAU,KAAK,KAAK;AAC5C,YAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,WAAK,YAAY,oBAAoB,aAAa,iBAAiB;AACjE,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,6CAA6C,yBAAyB;AAAA,UACjF,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,GAAG,CAAC,gBAAgB,CAAC,CAAC;AAEtB,QAAM,eAAe,MAAM,YAAY,OAAO,WAA8B;AAC1E,UAAM,YAAY,OAAO,OAAO,KAAK,KAAK;AAC1C,UAAM,WAAW,OAAO,UAAU,KAAK,KAAK;AAE5C,QAAI,CAAC,YAAY,cAAc,OAAO;AACpC,YAAM,oBAAoB,EAAE,sCAAsC,qBAAqB,CAAC;AAAA,IAC1F;AAEA,UAAM,UAAgD,EAAE,OAAO,UAAU;AACzE,QAAI,SAAU,SAAQ,WAAW;AAEjC,UAAM,SAAS,MAAM;AAAA,MACnB;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,OAAO;AAAA,MAC9B;AAAA,MACA,EAAE,cAAc,EAAE,iCAAiC,2BAA2B,EAAE;AAAA,IAClF;AAEA,UAAM,gBAAgB,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ;AACzE,aAAS,aAAa;AACtB,eAAW,CAAC,SAAS,OAAO,CAAC;AAC7B,UAAM,EAAE,6BAA6B,kBAAkB,GAAG,SAAS;AACnE,WAAO,QAAQ;AAAA,EACjB,GAAG,CAAC,OAAO,QAAQ,CAAC,CAAC;AAErB,SACE,oBAAC,QACC,8BAAC,YACE,oBACC,oBAAC,kBAAe,OAAO,EAAE,6BAA6B,oBAAoB,GAAG,IAC3E,QACF,oBAAC,gBAAa,OAAO,OAAO,IAE5B,qBAAC,aAAQ,WAAU,iDACjB;AAAA,yBAAC,YAAO,WAAU,qEAChB;AAAA,2BAAC,SAAI,WAAU,aACb;AAAA,4BAAC,QAAG,WAAU,yBAAyB,YAAE,sBAAsB,SAAS,GAAE;AAAA,QAC1E,oBAAC,OAAE,WAAU,iCACV,YAAE,yBAAyB,iBAAiB,GAC/C;AAAA,SACF;AAAA,MACA,qBAAC,UAAO,MAAK,UAAS,MAAM,QAC1B;AAAA,4BAAC,QAAK,WAAU,eAAc;AAAA,QAC7B,EAAE,0BAA0B,cAAc;AAAA,SAC7C;AAAA,OACF;AAAA,IACA;AAAA,MAAC;AAAA;AAAA,QAEC;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,UACb;AAAA,UACA,UAAU;AAAA,UACV,iBAAiB;AAAA,QACnB;AAAA,QACA,aAAa,EAAE,0BAA0B,cAAc;AAAA,QACvD,UAAU;AAAA,QACV,UAAQ;AAAA,QACR,mBAAiB;AAAA;AAAA,MAZZ;AAAA,IAaP;AAAA,KACF,GAEJ,GACF;AAEJ;",
+  "names": []
+}

package/dist/modules/auth/backend/auth/profile/page.meta.js ADDED Viewed

@@ -0,0 +1,13 @@
+const metadata = {
+  requireAuth: true,
+  navHidden: true,
+  pageTitle: "Profile",
+  pageTitleKey: "auth.profile.title",
+  breadcrumb: [
+    { label: "Profile", labelKey: "auth.profile.title" }
+  ]
+};
+export {
+  metadata
+};
+//# sourceMappingURL=page.meta.js.map

package/dist/modules/auth/backend/auth/profile/page.meta.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/modules/auth/backend/auth/profile/page.meta.ts"],
+  "sourcesContent": ["export const metadata = {\n  requireAuth: true,\n  navHidden: true,\n  pageTitle: 'Profile',\n  pageTitleKey: 'auth.profile.title',\n  breadcrumb: [\n    { label: 'Profile', labelKey: 'auth.profile.title' },\n  ],\n}\n"],
+  "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,aAAa;AAAA,EACb,WAAW;AAAA,EACX,WAAW;AAAA,EACX,cAAc;AAAA,EACd,YAAY;AAAA,IACV,EAAE,OAAO,WAAW,UAAU,qBAAqB;AAAA,EACrD;AACF;",
+  "names": []
+}

package/dist/modules/auth/backend/roles/[id]/edit/page.js CHANGED Viewed

@@ -19,6 +19,7 @@ function EditRolePage({ params }) {
   const [aclData, setAclData] = React.useState({ isSuperAdmin: false, features: [], organizations: null });
   const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false);
   const [selectedTenantId, setSelectedTenantId] = React.useState(null);
+  const widgetEditorRef = React.useRef(null);
   React.useEffect(() => {
     if (!id) return;
     const roleId = id;
@@ -127,7 +128,8 @@ function EditRolePage({ params }) {
         {
           kind: "role",
           targetId: String(id),
-          tenantId: selectedTenantId ?? (initial?.tenantId ?? null)
+          tenantId: selectedTenantId ?? (initial?.tenantId ?? null),
+          ref: widgetEditorRef
         }
       ) : null
     }
@@ -163,6 +165,7 @@ function EditRolePage({ params }) {
         await updateCrud("auth/roles/acl", { roleId: id, tenantId: effectiveTenantId, ...aclData }, {
           errorMessage: t("auth.roles.form.errors.aclUpdate", "Failed to update role access control")
         });
+        await widgetEditorRef.current?.save();
         try {
           window.dispatchEvent(new Event("om:refresh-sidebar"));
         } catch {

package/dist/modules/auth/backend/roles/[id]/edit/page.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../../src/modules/auth/backend/roles/%5Bid%5D/edit/page.tsx"],
-  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField, type CrudFormGroup } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'\nimport { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'\nimport { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'\nimport { WidgetVisibilityEditor } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'\nimport { E } from '#generated/entities.ids.generated'\nimport { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype EditRoleFormValues = {\n  name?: string\n  tenantId?: string | null\n} & Record<string, unknown>\n\ntype RoleRecord = {\n  id: string\n  name: string\n  tenantId: string | null\n  tenantName?: string | null\n  usersCount?: number | null\n} & Record<string, unknown>\n\ntype RoleListResponse = {\n  items?: RoleRecord[]\n  isSuperAdmin?: boolean\n}\n\nexport default function EditRolePage({ params }: { params?: { id?: string } }) {\n  const id = params?.id\n  const t = useT()\n  const [initial, setInitial] = React.useState<RoleRecord | null>(null)\n  const [loading, setLoading] = React.useState(true)\n  const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })\n  const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)\n  const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)\n\n  React.useEffect(() => {\n    if (!id) return\n    const roleId = id\n    let cancelled = false\n    async function load() {\n      try {\n        const { ok, result } = await apiCall<RoleListResponse>(`/api/auth/roles?id=${encodeURIComponent(roleId)}`)\n        if (!ok) throw new Error(t('auth.roles.form.errors.load', 'Failed to load role'))\n        const foundList = Array.isArray(result?.items) ? result?.items : []\n        const found = (foundList?.[0] ?? null) as RoleRecord | null\n        if (!cancelled) {\n          setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))\n          setInitial(found || null)\n          const tenant = found && typeof found.tenantId === 'string' ? found.tenantId : null\n          setSelectedTenantId(tenant)\n        }\n      } catch {\n        if (!cancelled) {\n          setInitial(null)\n          setSelectedTenantId(null)\n        }\n      }\n      if (!cancelled) setLoading(false)\n    }\n    load()\n    return () => { cancelled = true }\n  }, [id, t])\n\n  const preloadedTenants = React.useMemo(() => {\n    if (!selectedTenantId) return null\n    const name = initial?.tenantId === selectedTenantId\n      ? (initial?.tenantName ?? selectedTenantId)\n      : selectedTenantId\n    return [{ id: selectedTenantId, name, isActive: true }]\n  }, [initial, selectedTenantId])\n\n  const fields = React.useMemo<CrudField[]>(() => {\n    const disabled = !!(initial && typeof initial.usersCount === 'number' && initial.usersCount > 0)\n    const list: CrudField[] = [\n      {\n        id: 'name',\n        label: t('auth.roles.form.field.name', 'Name'),\n        type: 'text',\n        required: true,\n        disabled,\n      },\n    ]\n    if (actorIsSuperAdmin) {\n      list.push({\n        id: 'tenantId',\n        label: t('auth.roles.form.field.tenant', 'Tenant'),\n        type: 'custom',\n        required: true,\n        component: ({ value, setValue }) => {\n          const normalizedValue = typeof value === 'string'\n            ? value\n            : (typeof selectedTenantId === 'string' ? selectedTenantId : null)\n          return (\n            <TenantSelect\n              id=\"tenantId\"\n              value={normalizedValue}\n              onChange={(next) => {\n                const resolved = next ?? null\n                setValue(resolved)\n                setSelectedTenantId(resolved)\n                setAclData({ isSuperAdmin: false, features: [], organizations: null })\n              }}\n              includeEmptyOption\n              className=\"w-full h-9 rounded border px-2 text-sm\"\n              tenants={preloadedTenants}\n            />\n          )\n        },\n      })\n    }\n    return list\n  }, [actorIsSuperAdmin, initial, preloadedTenants, selectedTenantId, t])\n\n  const detailFieldIds = React.useMemo(() => {\n    const base = ['name']\n    if (actorIsSuperAdmin) base.push('tenantId')\n    return base\n  }, [actorIsSuperAdmin])\n\n  const groups: CrudFormGroup[] = React.useMemo(() => ([\n    { id: 'details', title: t('auth.roles.form.group.details', 'Details'), column: 1, fields: detailFieldIds },\n    { id: 'customFields', title: t('entities.customFields.title', 'Custom Fields'), column: 2, kind: 'customFields' },\n    {\n      id: 'acl',\n      title: t('auth.roles.form.group.access', 'Access'),\n      column: 1,\n      component: () => (id\n        ? (\n          <AclEditor\n            kind=\"role\"\n            targetId={String(id)}\n            canEditOrganizations\n            value={aclData}\n            onChange={setAclData}\n            currentUserIsSuperAdmin={actorIsSuperAdmin}\n            tenantId={selectedTenantId ?? null}\n          />\n        )\n        : null),\n    },\n    {\n      id: 'dashboardWidgets',\n      title: t('auth.roles.form.group.widgets', 'Dashboard Widgets'),\n      column: 2,\n      component: () => (id && !loading\n        ? (\n          <WidgetVisibilityEditor\n            kind=\"role\"\n            targetId={String(id)}\n            tenantId={selectedTenantId ?? (initial?.tenantId ?? null)}\n          />\n        )\n        : null),\n    },\n  ]), [aclData, actorIsSuperAdmin, detailFieldIds, id, initial, loading, selectedTenantId, t])\n\n  if (!id) return null\n  return (\n    <Page>\n      <PageBody>\n        <CrudForm<EditRoleFormValues>\n          title={t('auth.roles.form.title.edit', 'Edit Role')}\n          backHref=\"/backend/roles\"\n          entityId={E.auth.role}\n          fields={fields}\n          groups={groups}\n          initialValues={initial || { id, tenantId: null }}\n          isLoading={loading}\n          loadingMessage={t('auth.roles.form.loading', 'Loading data...')}\n          cancelHref=\"/backend/roles\"\n          successRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.updated', 'Role saved'))}&type=success`}\n          onSubmit={async (values) => {\n            const customFields = collectCustomFieldValues(values)\n            const payload: Record<string, unknown> = { id }\n            if (values.name !== undefined) payload.name = values.name\n            let effectiveTenantId: string | null = selectedTenantId ?? (initial?.tenantId ?? null)\n            if (actorIsSuperAdmin) {\n              const rawTenant = typeof values.tenantId === 'string' ? values.tenantId.trim() : selectedTenantId\n              effectiveTenantId = rawTenant && rawTenant.length ? rawTenant : null\n              payload.tenantId = effectiveTenantId\n            }\n            if (Object.keys(customFields).length) {\n              payload.customFields = customFields\n            }\n            await updateCrud('auth/roles', payload)\n            await updateCrud('auth/roles/acl', { roleId: id, tenantId: effectiveTenantId, ...aclData }, {\n              errorMessage: t('auth.roles.form.errors.aclUpdate', 'Failed to update role access control'),\n            })\n            try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}\n          }}\n          onDelete={async () => {\n            await deleteCrud('auth/roles', String(id), {\n              errorMessage: t('auth.roles.form.errors.delete', 'Failed to delete role'),\n            })\n          }}\n          deleteRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.deleted', 'Role deleted'))}&type=success`}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
-  "mappings": ";AAkGY;AAjGZ,YAAY,WAAW;AACvB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAoD;AAC7D,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AACvC,SAAS,gCAAgC;AACzC,SAAS,iBAA+B;AACxC,SAAS,8BAA8B;AACvC,SAAS,SAAS;AAClB,SAAS,oBAAoB;AAC7B,SAAS,YAAY;AAoBN,SAAR,aAA8B,EAAE,OAAO,GAAiC;AAC7E,QAAM,KAAK,QAAQ;AACnB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAA4B,IAAI;AACpE,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAkB,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAChH,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAS,KAAK;AACtE,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,MAAM,SAAwB,IAAI;AAElF,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,GAAI;AACT,UAAM,SAAS;AACf,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAA0B,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AACzG,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,EAAE,+BAA+B,qBAAqB,CAAC;AAChF,cAAM,YAAY,MAAM,QAAQ,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC;AAClE,cAAM,QAAS,YAAY,CAAC,KAAK;AACjC,YAAI,CAAC,WAAW;AACd,+BAAqB,QAAQ,QAAQ,YAAY,CAAC;AAClD,qBAAW,SAAS,IAAI;AACxB,gBAAM,SAAS,SAAS,OAAO,MAAM,aAAa,WAAW,MAAM,WAAW;AAC9E,8BAAoB,MAAM;AAAA,QAC5B;AAAA,MACF,QAAQ;AACN,YAAI,CAAC,WAAW;AACd,qBAAW,IAAI;AACf,8BAAoB,IAAI;AAAA,QAC1B;AAAA,MACF;AACA,UAAI,CAAC,UAAW,YAAW,KAAK;AAAA,IAClC;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,IAAI,CAAC,CAAC;AAEV,QAAM,mBAAmB,MAAM,QAAQ,MAAM;AAC3C,QAAI,CAAC,iBAAkB,QAAO;AAC9B,UAAM,OAAO,SAAS,aAAa,mBAC9B,SAAS,cAAc,mBACxB;AACJ,WAAO,CAAC,EAAE,IAAI,kBAAkB,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD,GAAG,CAAC,SAAS,gBAAgB,CAAC;AAE9B,QAAM,SAAS,MAAM,QAAqB,MAAM;AAC9C,UAAM,WAAW,CAAC,EAAE,WAAW,OAAO,QAAQ,eAAe,YAAY,QAAQ,aAAa;AAC9F,UAAM,OAAoB;AAAA,MACxB;AAAA,QACE,IAAI;AAAA,QACJ,OAAO,EAAE,8BAA8B,MAAM;AAAA,QAC7C,MAAM;AAAA,QACN,UAAU;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,QAAI,mBAAmB;AACrB,WAAK,KAAK;AAAA,QACR,IAAI;AAAA,QACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,QACjD,MAAM;AAAA,QACN,UAAU;AAAA,QACV,WAAW,CAAC,EAAE,OAAO,SAAS,MAAM;AAClC,gBAAM,kBAAkB,OAAO,UAAU,WACrC,QACC,OAAO,qBAAqB,WAAW,mBAAmB;AAC/D,iBACE;AAAA,YAAC;AAAA;AAAA,cACC,IAAG;AAAA,cACH,OAAO;AAAA,cACP,UAAU,CAAC,SAAS;AAClB,sBAAM,WAAW,QAAQ;AACzB,yBAAS,QAAQ;AACjB,oCAAoB,QAAQ;AAC5B,2BAAW,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAAA,cACvE;AAAA,cACA,oBAAkB;AAAA,cAClB,WAAU;AAAA,cACV,SAAS;AAAA;AAAA,UACX;AAAA,QAEJ;AAAA,MACF,CAAC;AAAA,IACH;AACA,WAAO;AAAA,EACT,GAAG,CAAC,mBAAmB,SAAS,kBAAkB,kBAAkB,CAAC,CAAC;AAEtE,QAAM,iBAAiB,MAAM,QAAQ,MAAM;AACzC,UAAM,OAAO,CAAC,MAAM;AACpB,QAAI,kBAAmB,MAAK,KAAK,UAAU;AAC3C,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,CAAC;AAEtB,QAAM,SAA0B,MAAM,QAAQ,MAAO;AAAA,IACnD,EAAE,IAAI,WAAW,OAAO,EAAE,iCAAiC,SAAS,GAAG,QAAQ,GAAG,QAAQ,eAAe;AAAA,IACzG,EAAE,IAAI,gBAAgB,OAAO,EAAE,+BAA+B,eAAe,GAAG,QAAQ,GAAG,MAAM,eAAe;AAAA,IAChH;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,MACjD,QAAQ;AAAA,MACR,WAAW,MAAO,KAEd;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,sBAAoB;AAAA,UACpB,OAAO;AAAA,UACP,UAAU;AAAA,UACV,yBAAyB;AAAA,UACzB,UAAU,oBAAoB;AAAA;AAAA,MAChC,IAEA;AAAA,IACN;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,iCAAiC,mBAAmB;AAAA,MAC7D,QAAQ;AAAA,MACR,WAAW,MAAO,MAAM,CAAC,UAErB;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,UAAU,qBAAqB,SAAS,YAAY;AAAA;AAAA,MACtD,IAEA;AAAA,IACN;AAAA,EACF,GAAI,CAAC,SAAS,mBAAmB,gBAAgB,IAAI,SAAS,SAAS,kBAAkB,CAAC,CAAC;AAE3F,MAAI,CAAC,GAAI,QAAO;AAChB,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,8BAA8B,WAAW;AAAA,MAClD,UAAS;AAAA,MACT,UAAU,EAAE,KAAK;AAAA,MACjB;AAAA,MACA;AAAA,MACA,eAAe,WAAW,EAAE,IAAI,UAAU,KAAK;AAAA,MAC/C,WAAW;AAAA,MACX,gBAAgB,EAAE,2BAA2B,iBAAiB;AAAA,MAC9D,YAAW;AAAA,MACX,iBAAiB,wBAAwB,mBAAmB,EAAE,4BAA4B,YAAY,CAAC,CAAC;AAAA,MACxG,UAAU,OAAO,WAAW;AAC1B,cAAM,eAAe,yBAAyB,MAAM;AACpD,cAAM,UAAmC,EAAE,GAAG;AAC9C,YAAI,OAAO,SAAS,OAAW,SAAQ,OAAO,OAAO;AACrD,YAAI,oBAAmC,qBAAqB,SAAS,YAAY;AACjF,YAAI,mBAAmB;AACrB,gBAAM,YAAY,OAAO,OAAO,aAAa,WAAW,OAAO,SAAS,KAAK,IAAI;AACjF,8BAAoB,aAAa,UAAU,SAAS,YAAY;AAChE,kBAAQ,WAAW;AAAA,QACrB;AACA,YAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,kBAAQ,eAAe;AAAA,QACzB;AACA,cAAM,WAAW,cAAc,OAAO;AACtC,cAAM,WAAW,kBAAkB,EAAE,QAAQ,IAAI,UAAU,mBAAmB,GAAG,QAAQ,GAAG;AAAA,UAC1F,cAAc,EAAE,oCAAoC,sCAAsC;AAAA,QAC5F,CAAC;AACD,YAAI;AAAE,iBAAO,cAAc,IAAI,MAAM,oBAAoB,CAAC;AAAA,QAAE,QAAQ;AAAA,QAAC;AAAA,MACvE;AAAA,MACA,UAAU,YAAY;AACpB,cAAM,WAAW,cAAc,OAAO,EAAE,GAAG;AAAA,UACzC,cAAc,EAAE,iCAAiC,uBAAuB;AAAA,QAC1E,CAAC;AAAA,MACH;AAAA,MACA,gBAAgB,wBAAwB,mBAAmB,EAAE,4BAA4B,cAAc,CAAC,CAAC;AAAA;AAAA,EAC3G,GACF,GACF;AAEJ;",
+  "sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField, type CrudFormGroup } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { deleteCrud, updateCrud } from '@open-mercato/ui/backend/utils/crud'\nimport { collectCustomFieldValues } from '@open-mercato/ui/backend/utils/customFieldValues'\nimport { AclEditor, type AclData } from '@open-mercato/core/modules/auth/components/AclEditor'\nimport { WidgetVisibilityEditor, type WidgetVisibilityEditorHandle } from '@open-mercato/core/modules/dashboards/components/WidgetVisibilityEditor'\nimport { E } from '#generated/entities.ids.generated'\nimport { TenantSelect } from '@open-mercato/core/modules/directory/components/TenantSelect'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ntype EditRoleFormValues = {\n  name?: string\n  tenantId?: string | null\n} & Record<string, unknown>\n\ntype RoleRecord = {\n  id: string\n  name: string\n  tenantId: string | null\n  tenantName?: string | null\n  usersCount?: number | null\n} & Record<string, unknown>\n\ntype RoleListResponse = {\n  items?: RoleRecord[]\n  isSuperAdmin?: boolean\n}\n\nexport default function EditRolePage({ params }: { params?: { id?: string } }) {\n  const id = params?.id\n  const t = useT()\n  const [initial, setInitial] = React.useState<RoleRecord | null>(null)\n  const [loading, setLoading] = React.useState(true)\n  const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })\n  const [actorIsSuperAdmin, setActorIsSuperAdmin] = React.useState(false)\n  const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)\n  const widgetEditorRef = React.useRef<WidgetVisibilityEditorHandle | null>(null)\n\n  React.useEffect(() => {\n    if (!id) return\n    const roleId = id\n    let cancelled = false\n    async function load() {\n      try {\n        const { ok, result } = await apiCall<RoleListResponse>(`/api/auth/roles?id=${encodeURIComponent(roleId)}`)\n        if (!ok) throw new Error(t('auth.roles.form.errors.load', 'Failed to load role'))\n        const foundList = Array.isArray(result?.items) ? result?.items : []\n        const found = (foundList?.[0] ?? null) as RoleRecord | null\n        if (!cancelled) {\n          setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))\n          setInitial(found || null)\n          const tenant = found && typeof found.tenantId === 'string' ? found.tenantId : null\n          setSelectedTenantId(tenant)\n        }\n      } catch {\n        if (!cancelled) {\n          setInitial(null)\n          setSelectedTenantId(null)\n        }\n      }\n      if (!cancelled) setLoading(false)\n    }\n    load()\n    return () => { cancelled = true }\n  }, [id, t])\n\n  const preloadedTenants = React.useMemo(() => {\n    if (!selectedTenantId) return null\n    const name = initial?.tenantId === selectedTenantId\n      ? (initial?.tenantName ?? selectedTenantId)\n      : selectedTenantId\n    return [{ id: selectedTenantId, name, isActive: true }]\n  }, [initial, selectedTenantId])\n\n  const fields = React.useMemo<CrudField[]>(() => {\n    const disabled = !!(initial && typeof initial.usersCount === 'number' && initial.usersCount > 0)\n    const list: CrudField[] = [\n      {\n        id: 'name',\n        label: t('auth.roles.form.field.name', 'Name'),\n        type: 'text',\n        required: true,\n        disabled,\n      },\n    ]\n    if (actorIsSuperAdmin) {\n      list.push({\n        id: 'tenantId',\n        label: t('auth.roles.form.field.tenant', 'Tenant'),\n        type: 'custom',\n        required: true,\n        component: ({ value, setValue }) => {\n          const normalizedValue = typeof value === 'string'\n            ? value\n            : (typeof selectedTenantId === 'string' ? selectedTenantId : null)\n          return (\n            <TenantSelect\n              id=\"tenantId\"\n              value={normalizedValue}\n              onChange={(next) => {\n                const resolved = next ?? null\n                setValue(resolved)\n                setSelectedTenantId(resolved)\n                setAclData({ isSuperAdmin: false, features: [], organizations: null })\n              }}\n              includeEmptyOption\n              className=\"w-full h-9 rounded border px-2 text-sm\"\n              tenants={preloadedTenants}\n            />\n          )\n        },\n      })\n    }\n    return list\n  }, [actorIsSuperAdmin, initial, preloadedTenants, selectedTenantId, t])\n\n  const detailFieldIds = React.useMemo(() => {\n    const base = ['name']\n    if (actorIsSuperAdmin) base.push('tenantId')\n    return base\n  }, [actorIsSuperAdmin])\n\n  const groups: CrudFormGroup[] = React.useMemo(() => ([\n    { id: 'details', title: t('auth.roles.form.group.details', 'Details'), column: 1, fields: detailFieldIds },\n    { id: 'customFields', title: t('entities.customFields.title', 'Custom Fields'), column: 2, kind: 'customFields' },\n    {\n      id: 'acl',\n      title: t('auth.roles.form.group.access', 'Access'),\n      column: 1,\n      component: () => (id\n        ? (\n          <AclEditor\n            kind=\"role\"\n            targetId={String(id)}\n            canEditOrganizations\n            value={aclData}\n            onChange={setAclData}\n            currentUserIsSuperAdmin={actorIsSuperAdmin}\n            tenantId={selectedTenantId ?? null}\n          />\n        )\n        : null),\n    },\n    {\n      id: 'dashboardWidgets',\n      title: t('auth.roles.form.group.widgets', 'Dashboard Widgets'),\n      column: 2,\n      component: () => (id && !loading\n        ? (\n          <WidgetVisibilityEditor\n            kind=\"role\"\n            targetId={String(id)}\n            tenantId={selectedTenantId ?? (initial?.tenantId ?? null)}\n            ref={widgetEditorRef}\n          />\n        )\n        : null),\n    },\n  ]), [aclData, actorIsSuperAdmin, detailFieldIds, id, initial, loading, selectedTenantId, t])\n\n  if (!id) return null\n  return (\n    <Page>\n      <PageBody>\n        <CrudForm<EditRoleFormValues>\n          title={t('auth.roles.form.title.edit', 'Edit Role')}\n          backHref=\"/backend/roles\"\n          entityId={E.auth.role}\n          fields={fields}\n          groups={groups}\n          initialValues={initial || { id, tenantId: null }}\n          isLoading={loading}\n          loadingMessage={t('auth.roles.form.loading', 'Loading data...')}\n          cancelHref=\"/backend/roles\"\n          successRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.updated', 'Role saved'))}&type=success`}\n          onSubmit={async (values) => {\n            const customFields = collectCustomFieldValues(values)\n            const payload: Record<string, unknown> = { id }\n            if (values.name !== undefined) payload.name = values.name\n            let effectiveTenantId: string | null = selectedTenantId ?? (initial?.tenantId ?? null)\n            if (actorIsSuperAdmin) {\n              const rawTenant = typeof values.tenantId === 'string' ? values.tenantId.trim() : selectedTenantId\n              effectiveTenantId = rawTenant && rawTenant.length ? rawTenant : null\n              payload.tenantId = effectiveTenantId\n            }\n            if (Object.keys(customFields).length) {\n              payload.customFields = customFields\n            }\n            await updateCrud('auth/roles', payload)\n            await updateCrud('auth/roles/acl', { roleId: id, tenantId: effectiveTenantId, ...aclData }, {\n              errorMessage: t('auth.roles.form.errors.aclUpdate', 'Failed to update role access control'),\n            })\n            await widgetEditorRef.current?.save()\n            try { window.dispatchEvent(new Event('om:refresh-sidebar')) } catch {}\n          }}\n          onDelete={async () => {\n            await deleteCrud('auth/roles', String(id), {\n              errorMessage: t('auth.roles.form.errors.delete', 'Failed to delete role'),\n            })\n          }}\n          deleteRedirect={`/backend/roles?flash=${encodeURIComponent(t('auth.roles.flash.deleted', 'Role deleted'))}&type=success`}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AAmGY;AAlGZ,YAAY,WAAW;AACvB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAoD;AAC7D,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AACvC,SAAS,gCAAgC;AACzC,SAAS,iBAA+B;AACxC,SAAS,8BAAiE;AAC1E,SAAS,SAAS;AAClB,SAAS,oBAAoB;AAC7B,SAAS,YAAY;AAoBN,SAAR,aAA8B,EAAE,OAAO,GAAiC;AAC7E,QAAM,KAAK,QAAQ;AACnB,QAAM,IAAI,KAAK;AACf,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAA4B,IAAI;AACpE,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAkB,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAChH,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,MAAM,SAAS,KAAK;AACtE,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,MAAM,SAAwB,IAAI;AAClF,QAAM,kBAAkB,MAAM,OAA4C,IAAI;AAE9E,QAAM,UAAU,MAAM;AACpB,QAAI,CAAC,GAAI;AACT,UAAM,SAAS;AACf,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAA0B,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AACzG,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,EAAE,+BAA+B,qBAAqB,CAAC;AAChF,cAAM,YAAY,MAAM,QAAQ,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC;AAClE,cAAM,QAAS,YAAY,CAAC,KAAK;AACjC,YAAI,CAAC,WAAW;AACd,+BAAqB,QAAQ,QAAQ,YAAY,CAAC;AAClD,qBAAW,SAAS,IAAI;AACxB,gBAAM,SAAS,SAAS,OAAO,MAAM,aAAa,WAAW,MAAM,WAAW;AAC9E,8BAAoB,MAAM;AAAA,QAC5B;AAAA,MACF,QAAQ;AACN,YAAI,CAAC,WAAW;AACd,qBAAW,IAAI;AACf,8BAAoB,IAAI;AAAA,QAC1B;AAAA,MACF;AACA,UAAI,CAAC,UAAW,YAAW,KAAK;AAAA,IAClC;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,IAAI,CAAC,CAAC;AAEV,QAAM,mBAAmB,MAAM,QAAQ,MAAM;AAC3C,QAAI,CAAC,iBAAkB,QAAO;AAC9B,UAAM,OAAO,SAAS,aAAa,mBAC9B,SAAS,cAAc,mBACxB;AACJ,WAAO,CAAC,EAAE,IAAI,kBAAkB,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD,GAAG,CAAC,SAAS,gBAAgB,CAAC;AAE9B,QAAM,SAAS,MAAM,QAAqB,MAAM;AAC9C,UAAM,WAAW,CAAC,EAAE,WAAW,OAAO,QAAQ,eAAe,YAAY,QAAQ,aAAa;AAC9F,UAAM,OAAoB;AAAA,MACxB;AAAA,QACE,IAAI;AAAA,QACJ,OAAO,EAAE,8BAA8B,MAAM;AAAA,QAC7C,MAAM;AAAA,QACN,UAAU;AAAA,QACV;AAAA,MACF;AAAA,IACF;AACA,QAAI,mBAAmB;AACrB,WAAK,KAAK;AAAA,QACR,IAAI;AAAA,QACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,QACjD,MAAM;AAAA,QACN,UAAU;AAAA,QACV,WAAW,CAAC,EAAE,OAAO,SAAS,MAAM;AAClC,gBAAM,kBAAkB,OAAO,UAAU,WACrC,QACC,OAAO,qBAAqB,WAAW,mBAAmB;AAC/D,iBACE;AAAA,YAAC;AAAA;AAAA,cACC,IAAG;AAAA,cACH,OAAO;AAAA,cACP,UAAU,CAAC,SAAS;AAClB,sBAAM,WAAW,QAAQ;AACzB,yBAAS,QAAQ;AACjB,oCAAoB,QAAQ;AAC5B,2BAAW,EAAE,cAAc,OAAO,UAAU,CAAC,GAAG,eAAe,KAAK,CAAC;AAAA,cACvE;AAAA,cACA,oBAAkB;AAAA,cAClB,WAAU;AAAA,cACV,SAAS;AAAA;AAAA,UACX;AAAA,QAEJ;AAAA,MACF,CAAC;AAAA,IACH;AACA,WAAO;AAAA,EACT,GAAG,CAAC,mBAAmB,SAAS,kBAAkB,kBAAkB,CAAC,CAAC;AAEtE,QAAM,iBAAiB,MAAM,QAAQ,MAAM;AACzC,UAAM,OAAO,CAAC,MAAM;AACpB,QAAI,kBAAmB,MAAK,KAAK,UAAU;AAC3C,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,CAAC;AAEtB,QAAM,SAA0B,MAAM,QAAQ,MAAO;AAAA,IACnD,EAAE,IAAI,WAAW,OAAO,EAAE,iCAAiC,SAAS,GAAG,QAAQ,GAAG,QAAQ,eAAe;AAAA,IACzG,EAAE,IAAI,gBAAgB,OAAO,EAAE,+BAA+B,eAAe,GAAG,QAAQ,GAAG,MAAM,eAAe;AAAA,IAChH;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,gCAAgC,QAAQ;AAAA,MACjD,QAAQ;AAAA,MACR,WAAW,MAAO,KAEd;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,sBAAoB;AAAA,UACpB,OAAO;AAAA,UACP,UAAU;AAAA,UACV,yBAAyB;AAAA,UACzB,UAAU,oBAAoB;AAAA;AAAA,MAChC,IAEA;AAAA,IACN;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,iCAAiC,mBAAmB;AAAA,MAC7D,QAAQ;AAAA,MACR,WAAW,MAAO,MAAM,CAAC,UAErB;AAAA,QAAC;AAAA;AAAA,UACC,MAAK;AAAA,UACL,UAAU,OAAO,EAAE;AAAA,UACnB,UAAU,qBAAqB,SAAS,YAAY;AAAA,UACpD,KAAK;AAAA;AAAA,MACP,IAEA;AAAA,IACN;AAAA,EACF,GAAI,CAAC,SAAS,mBAAmB,gBAAgB,IAAI,SAAS,SAAS,kBAAkB,CAAC,CAAC;AAE3F,MAAI,CAAC,GAAI,QAAO;AAChB,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,8BAA8B,WAAW;AAAA,MAClD,UAAS;AAAA,MACT,UAAU,EAAE,KAAK;AAAA,MACjB;AAAA,MACA;AAAA,MACA,eAAe,WAAW,EAAE,IAAI,UAAU,KAAK;AAAA,MAC/C,WAAW;AAAA,MACX,gBAAgB,EAAE,2BAA2B,iBAAiB;AAAA,MAC9D,YAAW;AAAA,MACX,iBAAiB,wBAAwB,mBAAmB,EAAE,4BAA4B,YAAY,CAAC,CAAC;AAAA,MACxG,UAAU,OAAO,WAAW;AAC1B,cAAM,eAAe,yBAAyB,MAAM;AACpD,cAAM,UAAmC,EAAE,GAAG;AAC9C,YAAI,OAAO,SAAS,OAAW,SAAQ,OAAO,OAAO;AACrD,YAAI,oBAAmC,qBAAqB,SAAS,YAAY;AACjF,YAAI,mBAAmB;AACrB,gBAAM,YAAY,OAAO,OAAO,aAAa,WAAW,OAAO,SAAS,KAAK,IAAI;AACjF,8BAAoB,aAAa,UAAU,SAAS,YAAY;AAChE,kBAAQ,WAAW;AAAA,QACrB;AACA,YAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,kBAAQ,eAAe;AAAA,QACzB;AACA,cAAM,WAAW,cAAc,OAAO;AACtC,cAAM,WAAW,kBAAkB,EAAE,QAAQ,IAAI,UAAU,mBAAmB,GAAG,QAAQ,GAAG;AAAA,UAC1F,cAAc,EAAE,oCAAoC,sCAAsC;AAAA,QAC5F,CAAC;AACD,cAAM,gBAAgB,SAAS,KAAK;AACpC,YAAI;AAAE,iBAAO,cAAc,IAAI,MAAM,oBAAoB,CAAC;AAAA,QAAE,QAAQ;AAAA,QAAC;AAAA,MACvE;AAAA,MACA,UAAU,YAAY;AACpB,cAAM,WAAW,cAAc,OAAO,EAAE,GAAG;AAAA,UACzC,cAAc,EAAE,iCAAiC,uBAAuB;AAAA,QAC1E,CAAC;AAAA,MACH;AAAA,MACA,gBAAgB,wBAAwB,mBAAmB,EAAE,4BAA4B,cAAc,CAAC,CAAC;AAAA;AAAA,EAC3G,GACF,GACF;AAEJ;",
   "names": []
 }

package/dist/modules/auth/backend/roles/page.js CHANGED Viewed

@@ -97,9 +97,9 @@ function RolesListPage() {
         setPage(1);
       },
       rowActions: (row) => /* @__PURE__ */ jsx(RowActions, { items: [
-        { label: t("common.edit", "Edit"), href: `/backend/roles/${row.id}/edit` },
-        { label: t("auth.roles.list.actions.showUsers", "Show users"), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },
-        { label: t("common.delete", "Delete"), destructive: true, onSelect: () => {
+        { id: "edit", label: t("common.edit", "Edit"), href: `/backend/roles/${row.id}/edit` },
+        { id: "show-users", label: t("auth.roles.list.actions.showUsers", "Show users"), href: `/backend/users?roleId=${encodeURIComponent(row.id)}` },
+        { id: "delete", label: t("common.delete", "Delete"), destructive: true, onSelect: () => {
           void handleDelete(row);
         } }
       ] }),