npm - @open-mercato/core - Versions diffs - 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b - Mend

@open-mercato/core 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/dist/modules/customer_accounts/api/admin/roles/[id].js ADDED Viewed

@@ -0,0 +1,216 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { CustomerRole, CustomerRoleAcl, CustomerUserRole } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { updateRoleSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+async function GET(req, { params }) {
+  if (!UUID_RE.test(params.id)) {
+    return NextResponse.json({ ok: false, error: "Invalid role ID" }, { status: 400 });
+  }
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.view"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const em = container.resolve("em");
+  const role = await em.findOne(CustomerRole, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!role) {
+    return NextResponse.json({ ok: false, error: "Role not found" }, { status: 404 });
+  }
+  const acl = await em.findOne(CustomerRoleAcl, {
+    role: role.id,
+    tenantId: auth.tenantId
+  });
+  const features = acl && Array.isArray(acl.featuresJson) ? acl.featuresJson : [];
+  return NextResponse.json({
+    ok: true,
+    id: role.id,
+    name: role.name,
+    slug: role.slug,
+    description: role.description || null,
+    isDefault: role.isDefault,
+    isSystem: role.isSystem,
+    customerAssignable: role.customerAssignable,
+    createdAt: role.createdAt,
+    updatedAt: role.updatedAt || null,
+    features
+  });
+}
+async function PUT(req, { params }) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.roles.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = updateRoleSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const em = container.resolve("em");
+  const role = await em.findOne(CustomerRole, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!role) {
+    return NextResponse.json({ ok: false, error: "Role not found" }, { status: 404 });
+  }
+  if (role.isSystem && parsed.data.name !== void 0) {
+    return NextResponse.json({ ok: false, error: "Cannot change name of a system role" }, { status: 400 });
+  }
+  const updates = {};
+  if (parsed.data.name !== void 0) updates.name = parsed.data.name;
+  if (parsed.data.description !== void 0) updates.description = parsed.data.description;
+  if (parsed.data.isDefault !== void 0) updates.isDefault = parsed.data.isDefault;
+  if (parsed.data.customerAssignable !== void 0) updates.customerAssignable = parsed.data.customerAssignable;
+  if (Object.keys(updates).length > 0) {
+    await em.nativeUpdate(CustomerRole, { id: role.id }, updates);
+  }
+  void emitCustomerAccountsEvent("customer_accounts.role.updated", {
+    id: role.id,
+    name: updates.name || role.name,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+async function DELETE(req, { params }) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.roles.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const em = container.resolve("em");
+  const role = await em.findOne(CustomerRole, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!role) {
+    return NextResponse.json({ ok: false, error: "Role not found" }, { status: 404 });
+  }
+  if (role.isSystem) {
+    return NextResponse.json({ ok: false, error: "Cannot delete a system role" }, { status: 400 });
+  }
+  const assignedUsersCount = await em.count(CustomerUserRole, {
+    role: role.id,
+    deletedAt: null
+  });
+  if (assignedUsersCount > 0) {
+    return NextResponse.json({ ok: false, error: `Cannot delete role with ${assignedUsersCount} assigned user(s). Reassign users first.` }, { status: 400 });
+  }
+  await em.nativeUpdate(CustomerRole, { id: role.id }, { deletedAt: /* @__PURE__ */ new Date() });
+  await em.nativeUpdate(CustomerRoleAcl, { role: role.id }, { deletedAt: /* @__PURE__ */ new Date() });
+  void emitCustomerAccountsEvent("customer_accounts.role.deleted", {
+    id: role.id,
+    name: role.name,
+    slug: role.slug,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+const aclSchema = z.object({
+  features: z.array(z.string()),
+  isPortalAdmin: z.boolean()
+});
+const roleDetailSchema = z.object({
+  id: z.string().uuid(),
+  name: z.string(),
+  slug: z.string(),
+  description: z.string().nullable(),
+  isDefault: z.boolean(),
+  isSystem: z.boolean(),
+  customerAssignable: z.boolean(),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime().nullable(),
+  acl: aclSchema
+});
+const successSchema = z.object({ ok: z.literal(true) });
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const getMethodDoc = {
+  summary: "Get customer role detail (admin)",
+  description: "Returns full customer role details including ACL features.",
+  tags: ["Customer Accounts Admin"],
+  responses: [{
+    status: 200,
+    description: "Role detail with ACL",
+    schema: z.object({ ok: z.literal(true), role: roleDetailSchema })
+  }],
+  errors: [
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "Role not found", schema: errorSchema }
+  ]
+};
+const putMethodDoc = {
+  summary: "Update customer role (admin)",
+  description: "Updates a customer role. System roles are protected from name changes.",
+  tags: ["Customer Accounts Admin"],
+  requestBody: { schema: updateRoleSchema },
+  responses: [{ status: 200, description: "Role updated", schema: successSchema }],
+  errors: [
+    { status: 400, description: "Validation failed or system role restriction", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "Role not found", schema: errorSchema }
+  ]
+};
+const deleteMethodDoc = {
+  summary: "Delete customer role (admin)",
+  description: "Soft deletes a customer role and its ACL. System roles and roles with assigned users cannot be deleted.",
+  tags: ["Customer Accounts Admin"],
+  responses: [{ status: 200, description: "Role deleted", schema: successSchema }],
+  errors: [
+    { status: 400, description: "System role or has assigned users", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "Role not found", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Customer role detail management (admin)",
+  pathParams: z.object({ id: z.string().uuid() }),
+  methods: {
+    GET: getMethodDoc,
+    PUT: putMethodDoc,
+    DELETE: deleteMethodDoc
+  }
+};
+export {
+  DELETE,
+  GET,
+  PUT,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=%5Bid%5D.js.map

package/dist/modules/customer_accounts/api/admin/roles/[id].js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/modules/customer_accounts/api/admin/roles/%5Bid%5D.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerRole, CustomerRoleAcl, CustomerUserRole } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { updateRoleSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata = {}\n\nconst UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i\n\nexport async function GET(req: Request, { params }: { params: { id: string } }) {\n  if (!UUID_RE.test(params.id)) {\n    return NextResponse.json({ ok: false, error: 'Invalid role ID' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const role = await em.findOne(CustomerRole, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!role) {\n    return NextResponse.json({ ok: false, error: 'Role not found' }, { status: 404 })\n  }\n\n  const acl = await em.findOne(CustomerRoleAcl, {\n    role: role.id as any,\n    tenantId: auth.tenantId,\n  })\n\n  const features = acl && Array.isArray(acl.featuresJson) ? acl.featuresJson : []\n\n  return NextResponse.json({\n    ok: true,\n    id: role.id,\n    name: role.name,\n    slug: role.slug,\n    description: role.description || null,\n    isDefault: role.isDefault,\n    isSystem: role.isSystem,\n    customerAssignable: role.customerAssignable,\n    createdAt: role.createdAt,\n    updatedAt: role.updatedAt || null,\n    features,\n  })\n}\n\nexport async function PUT(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.roles.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = updateRoleSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const role = await em.findOne(CustomerRole, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!role) {\n    return NextResponse.json({ ok: false, error: 'Role not found' }, { status: 404 })\n  }\n\n  if (role.isSystem && parsed.data.name !== undefined) {\n    return NextResponse.json({ ok: false, error: 'Cannot change name of a system role' }, { status: 400 })\n  }\n\n  const updates: Record<string, unknown> = {}\n  if (parsed.data.name !== undefined) updates.name = parsed.data.name\n  if (parsed.data.description !== undefined) updates.description = parsed.data.description\n  if (parsed.data.isDefault !== undefined) updates.isDefault = parsed.data.isDefault\n  if (parsed.data.customerAssignable !== undefined) updates.customerAssignable = parsed.data.customerAssignable\n\n  if (Object.keys(updates).length > 0) {\n    await em.nativeUpdate(CustomerRole, { id: role.id }, updates)\n  }\n\n  void emitCustomerAccountsEvent('customer_accounts.role.updated', {\n    id: role.id,\n    name: updates.name as string || role.name,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nexport async function DELETE(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.roles.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const role = await em.findOne(CustomerRole, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!role) {\n    return NextResponse.json({ ok: false, error: 'Role not found' }, { status: 404 })\n  }\n\n  if (role.isSystem) {\n    return NextResponse.json({ ok: false, error: 'Cannot delete a system role' }, { status: 400 })\n  }\n\n  const assignedUsersCount = await em.count(CustomerUserRole, {\n    role: role.id as any,\n    deletedAt: null,\n  })\n  if (assignedUsersCount > 0) {\n    return NextResponse.json({ ok: false, error: `Cannot delete role with ${assignedUsersCount} assigned user(s). Reassign users first.` }, { status: 400 })\n  }\n\n  await em.nativeUpdate(CustomerRole, { id: role.id }, { deletedAt: new Date() })\n  await em.nativeUpdate(CustomerRoleAcl, { role: role.id as any }, { deletedAt: new Date() })\n\n  void emitCustomerAccountsEvent('customer_accounts.role.deleted', {\n    id: role.id,\n    name: role.name,\n    slug: role.slug,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst aclSchema = z.object({\n  features: z.array(z.string()),\n  isPortalAdmin: z.boolean(),\n})\nconst roleDetailSchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  slug: z.string(),\n  description: z.string().nullable(),\n  isDefault: z.boolean(),\n  isSystem: z.boolean(),\n  customerAssignable: z.boolean(),\n  createdAt: z.string().datetime(),\n  updatedAt: z.string().datetime().nullable(),\n  acl: aclSchema,\n})\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'Get customer role detail (admin)',\n  description: 'Returns full customer role details including ACL features.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{\n    status: 200,\n    description: 'Role detail with ACL',\n    schema: z.object({ ok: z.literal(true), role: roleDetailSchema }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'Role not found', schema: errorSchema },\n  ],\n}\n\nconst putMethodDoc: OpenApiMethodDoc = {\n  summary: 'Update customer role (admin)',\n  description: 'Updates a customer role. System roles are protected from name changes.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: updateRoleSchema },\n  responses: [{ status: 200, description: 'Role updated', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed or system role restriction', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'Role not found', schema: errorSchema },\n  ],\n}\n\nconst deleteMethodDoc: OpenApiMethodDoc = {\n  summary: 'Delete customer role (admin)',\n  description: 'Soft deletes a customer role and its ACL. System roles and roles with assigned users cannot be deleted.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{ status: 200, description: 'Role deleted', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'System role or has assigned users', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'Role not found', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer role detail management (admin)',\n  pathParams: z.object({ id: z.string().uuid() }),\n  methods: {\n    GET: getMethodDoc,\n    PUT: putMethodDoc,\n    DELETE: deleteMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,cAAc,iBAAiB,wBAAwB;AAChE,SAAS,wBAAwB;AACjC,SAAS,iCAAiC;AAEnC,MAAM,WAAW,CAAC;AAEzB,MAAM,UAAU;AAEhB,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,MAAI,CAAC,QAAQ,KAAK,OAAO,EAAE,GAAG;AAC5B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACnF;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,MAAM,MAAM,GAAG,QAAQ,iBAAiB;AAAA,IAC5C,MAAM,KAAK;AAAA,IACX,UAAU,KAAK;AAAA,EACjB,CAAC;AAED,QAAM,WAAW,OAAO,MAAM,QAAQ,IAAI,YAAY,IAAI,IAAI,eAAe,CAAC;AAE9E,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,WAAW,KAAK;AAAA,IAChB,UAAU,KAAK;AAAA,IACf,oBAAoB,KAAK;AAAA,IACzB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK,aAAa;AAAA,IAC7B;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,gCAAgC,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AAC5J,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,iBAAiB,UAAU,IAAI;AAC9C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,MAAI,KAAK,YAAY,OAAO,KAAK,SAAS,QAAW;AACnD,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,sCAAsC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvG;AAEA,QAAM,UAAmC,CAAC;AAC1C,MAAI,OAAO,KAAK,SAAS,OAAW,SAAQ,OAAO,OAAO,KAAK;AAC/D,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK;AAC7E,MAAI,OAAO,KAAK,cAAc,OAAW,SAAQ,YAAY,OAAO,KAAK;AACzE,MAAI,OAAO,KAAK,uBAAuB,OAAW,SAAQ,qBAAqB,OAAO,KAAK;AAE3F,MAAI,OAAO,KAAK,OAAO,EAAE,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,OAAO;AAAA,EAC9D;AAEA,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,MAAM,QAAQ,QAAkB,KAAK;AAAA,IACrC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,eAAsB,OAAO,KAAc,EAAE,OAAO,GAA+B;AACjF,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,gCAAgC,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AAC5J,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,MAAI,KAAK,UAAU;AACjB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,8BAA8B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC/F;AAEA,QAAM,qBAAqB,MAAM,GAAG,MAAM,kBAAkB;AAAA,IAC1D,MAAM,KAAK;AAAA,IACX,WAAW;AAAA,EACb,CAAC;AACD,MAAI,qBAAqB,GAAG;AAC1B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,kBAAkB,2CAA2C,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzJ;AAEA,QAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,WAAW,oBAAI,KAAK,EAAE,CAAC;AAC9E,QAAM,GAAG,aAAa,iBAAiB,EAAE,MAAM,KAAK,GAAU,GAAG,EAAE,WAAW,oBAAI,KAAK,EAAE,CAAC;AAE1F,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,YAAY,EAAE,OAAO;AAAA,EACzB,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC5B,eAAe,EAAE,QAAQ;AAC3B,CAAC;AACD,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO;AAAA,EACf,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,WAAW,EAAE,QAAQ;AAAA,EACrB,UAAU,EAAE,QAAQ;AAAA,EACpB,oBAAoB,EAAE,QAAQ;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,KAAK;AACP,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,iBAAiB,CAAC;AAAA,EAClE,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,iBAAiB;AAAA,EACxC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,gDAAgD,QAAQ,YAAY;AAAA,IAChG,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,kBAAoC;AAAA,EACxC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qCAAqC,QAAQ,YAAY;AAAA,IACrF,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS;AAAA,IACP,KAAK;AAAA,IACL,KAAK;AAAA,IACL,QAAQ;AAAA,EACV;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/admin/roles.js ADDED Viewed

@@ -0,0 +1,189 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { CustomerRole, CustomerRoleAcl } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { createRoleSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+async function GET(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.view"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const url = new URL(req.url);
+  const page = Math.max(1, parseInt(url.searchParams.get("page") || "1", 10) || 1);
+  const pageSize = Math.min(100, Math.max(1, parseInt(url.searchParams.get("pageSize") || "50", 10) || 50));
+  const search = (url.searchParams.get("search") || "").trim();
+  const em = container.resolve("em");
+  const where = {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    deletedAt: null
+  };
+  if (search) {
+    const escapedSearch = search.replace(/[%_\\]/g, "\\$&");
+    where.$or = [
+      { name: { $ilike: `%${escapedSearch}%` } },
+      { slug: { $ilike: `%${escapedSearch}%` } }
+    ];
+  }
+  const offset = (page - 1) * pageSize;
+  const [paged, total] = await em.findAndCount(CustomerRole, where, {
+    orderBy: { createdAt: "ASC" },
+    limit: pageSize,
+    offset
+  });
+  const totalPages = Math.max(1, Math.ceil(total / pageSize));
+  const items = paged.map((role) => ({
+    id: role.id,
+    name: role.name,
+    slug: role.slug,
+    description: role.description || null,
+    isDefault: role.isDefault,
+    isSystem: role.isSystem,
+    customerAssignable: role.customerAssignable,
+    createdAt: role.createdAt
+  }));
+  return NextResponse.json({ ok: true, items, total, totalPages, page });
+}
+async function POST(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.roles.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = createRoleSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const em = container.resolve("em");
+  const existing = await em.findOne(CustomerRole, {
+    tenantId: auth.tenantId,
+    slug: parsed.data.slug,
+    deletedAt: null
+  });
+  if (existing) {
+    return NextResponse.json({ ok: false, error: "A role with this slug already exists" }, { status: 409 });
+  }
+  const role = em.create(CustomerRole, {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    name: parsed.data.name,
+    slug: parsed.data.slug,
+    description: parsed.data.description || null,
+    isDefault: parsed.data.isDefault ?? false,
+    customerAssignable: parsed.data.customerAssignable ?? false,
+    isSystem: false,
+    createdAt: /* @__PURE__ */ new Date()
+  });
+  em.persist(role);
+  const acl = em.create(CustomerRoleAcl, {
+    role,
+    tenantId: auth.tenantId,
+    featuresJson: [],
+    isPortalAdmin: false,
+    createdAt: /* @__PURE__ */ new Date()
+  });
+  em.persist(acl);
+  await em.flush();
+  void emitCustomerAccountsEvent("customer_accounts.role.created", {
+    id: role.id,
+    name: role.name,
+    slug: role.slug,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId
+  }).catch(() => void 0);
+  return NextResponse.json({
+    ok: true,
+    role: {
+      id: role.id,
+      name: role.name,
+      slug: role.slug,
+      description: role.description || null,
+      isDefault: role.isDefault,
+      isSystem: role.isSystem,
+      customerAssignable: role.customerAssignable,
+      createdAt: role.createdAt
+    }
+  }, { status: 201 });
+}
+const roleSchema = z.object({
+  id: z.string().uuid(),
+  name: z.string(),
+  slug: z.string(),
+  description: z.string().nullable(),
+  isDefault: z.boolean(),
+  isSystem: z.boolean(),
+  customerAssignable: z.boolean(),
+  createdAt: z.string().datetime()
+});
+const roleResponseSchema = z.object({
+  id: z.string().uuid(),
+  name: z.string(),
+  slug: z.string(),
+  description: z.string().nullable(),
+  isDefault: z.boolean(),
+  isSystem: z.boolean(),
+  customerAssignable: z.boolean(),
+  createdAt: z.string().datetime()
+});
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const getMethodDoc = {
+  summary: "List customer roles (admin)",
+  description: "Returns all customer roles for the tenant.",
+  tags: ["Customer Accounts Admin"],
+  responses: [{
+    status: 200,
+    description: "Role list",
+    schema: z.object({ ok: z.literal(true), items: z.array(roleSchema), total: z.number(), totalPages: z.number(), page: z.number() })
+  }],
+  errors: [
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema }
+  ]
+};
+const postMethodDoc = {
+  summary: "Create customer role (admin)",
+  description: "Creates a new customer role with an empty ACL.",
+  tags: ["Customer Accounts Admin"],
+  requestBody: { schema: createRoleSchema },
+  responses: [{ status: 201, description: "Role created", schema: z.object({ ok: z.literal(true), role: roleResponseSchema }) }],
+  errors: [
+    { status: 400, description: "Validation failed", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 409, description: "Slug already exists", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Customer role management (admin)",
+  methods: {
+    GET: getMethodDoc,
+    POST: postMethodDoc
+  }
+};
+export {
+  GET,
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=roles.js.map

package/dist/modules/customer_accounts/api/admin/roles.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/modules/customer_accounts/api/admin/roles.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerRole, CustomerRoleAcl } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { createRoleSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata = {}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const url = new URL(req.url)\n  const page = Math.max(1, parseInt(url.searchParams.get('page') || '1', 10) || 1)\n  const pageSize = Math.min(100, Math.max(1, parseInt(url.searchParams.get('pageSize') || '50', 10) || 50))\n  const search = (url.searchParams.get('search') || '').trim()\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const where: Record<string, unknown> = {\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedAt: null,\n  }\n\n  if (search) {\n    const escapedSearch = search.replace(/[%_\\\\]/g, '\\\\$&')\n    where.$or = [\n      { name: { $ilike: `%${escapedSearch}%` } },\n      { slug: { $ilike: `%${escapedSearch}%` } },\n    ]\n  }\n\n  const offset = (page - 1) * pageSize\n  const [paged, total] = await em.findAndCount(CustomerRole, where as any, {\n    orderBy: { createdAt: 'ASC' },\n    limit: pageSize,\n    offset,\n  })\n\n  const totalPages = Math.max(1, Math.ceil(total / pageSize))\n\n  const items = paged.map((role) => ({\n    id: role.id,\n    name: role.name,\n    slug: role.slug,\n    description: role.description || null,\n    isDefault: role.isDefault,\n    isSystem: role.isSystem,\n    customerAssignable: role.customerAssignable,\n    createdAt: role.createdAt,\n  }))\n\n  return NextResponse.json({ ok: true, items, total, totalPages, page })\n}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.roles.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = createRoleSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const existing = await em.findOne(CustomerRole, {\n    tenantId: auth.tenantId,\n    slug: parsed.data.slug,\n    deletedAt: null,\n  })\n  if (existing) {\n    return NextResponse.json({ ok: false, error: 'A role with this slug already exists' }, { status: 409 })\n  }\n\n  const role = em.create(CustomerRole, {\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    name: parsed.data.name,\n    slug: parsed.data.slug,\n    description: parsed.data.description || null,\n    isDefault: parsed.data.isDefault ?? false,\n    customerAssignable: parsed.data.customerAssignable ?? false,\n    isSystem: false,\n    createdAt: new Date(),\n  } as any) as CustomerRole\n  em.persist(role)\n\n  const acl = em.create(CustomerRoleAcl, {\n    role,\n    tenantId: auth.tenantId,\n    featuresJson: [],\n    isPortalAdmin: false,\n    createdAt: new Date(),\n  } as any)\n  em.persist(acl)\n\n  await em.flush()\n\n  void emitCustomerAccountsEvent('customer_accounts.role.created', {\n    id: role.id,\n    name: role.name,\n    slug: role.slug,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  }).catch(() => undefined)\n\n  return NextResponse.json({\n    ok: true,\n    role: {\n      id: role.id,\n      name: role.name,\n      slug: role.slug,\n      description: role.description || null,\n      isDefault: role.isDefault,\n      isSystem: role.isSystem,\n      customerAssignable: role.customerAssignable,\n      createdAt: role.createdAt,\n    },\n  }, { status: 201 })\n}\n\nconst roleSchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  slug: z.string(),\n  description: z.string().nullable(),\n  isDefault: z.boolean(),\n  isSystem: z.boolean(),\n  customerAssignable: z.boolean(),\n  createdAt: z.string().datetime(),\n})\n\nconst roleResponseSchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  slug: z.string(),\n  description: z.string().nullable(),\n  isDefault: z.boolean(),\n  isSystem: z.boolean(),\n  customerAssignable: z.boolean(),\n  createdAt: z.string().datetime(),\n})\n\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'List customer roles (admin)',\n  description: 'Returns all customer roles for the tenant.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{\n    status: 200,\n    description: 'Role list',\n    schema: z.object({ ok: z.literal(true), items: z.array(roleSchema), total: z.number(), totalPages: z.number(), page: z.number() }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n  ],\n}\n\nconst postMethodDoc: OpenApiMethodDoc = {\n  summary: 'Create customer role (admin)',\n  description: 'Creates a new customer role with an empty ACL.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: createRoleSchema },\n  responses: [{ status: 201, description: 'Role created', schema: z.object({ ok: z.literal(true), role: roleResponseSchema }) }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 409, description: 'Slug already exists', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer role management (admin)',\n  methods: {\n    GET: getMethodDoc,\n    POST: postMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,cAAc,uBAAuB;AAC9C,SAAS,wBAAwB;AACjC,SAAS,iCAAiC;AAEnC,MAAM,WAAW,CAAC;AAEzB,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,KAAK,CAAC;AAC/E,QAAM,WAAW,KAAK,IAAI,KAAK,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,UAAU,KAAK,MAAM,EAAE,KAAK,EAAE,CAAC;AACxG,QAAM,UAAU,IAAI,aAAa,IAAI,QAAQ,KAAK,IAAI,KAAK;AAE3D,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,QAAiC;AAAA,IACrC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW;AAAA,EACb;AAEA,MAAI,QAAQ;AACV,UAAM,gBAAgB,OAAO,QAAQ,WAAW,MAAM;AACtD,UAAM,MAAM;AAAA,MACV,EAAE,MAAM,EAAE,QAAQ,IAAI,aAAa,IAAI,EAAE;AAAA,MACzC,EAAE,MAAM,EAAE,QAAQ,IAAI,aAAa,IAAI,EAAE;AAAA,IAC3C;AAAA,EACF;AAEA,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,CAAC,OAAO,KAAK,IAAI,MAAM,GAAG,aAAa,cAAc,OAAc;AAAA,IACvE,SAAS,EAAE,WAAW,MAAM;AAAA,IAC5B,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AAED,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAE1D,QAAM,QAAQ,MAAM,IAAI,CAAC,UAAU;AAAA,IACjC,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,WAAW,KAAK;AAAA,IAChB,UAAU,KAAK;AAAA,IACf,oBAAoB,KAAK;AAAA,IACzB,WAAW,KAAK;AAAA,EAClB,EAAE;AAEF,SAAO,aAAa,KAAK,EAAE,IAAI,MAAM,OAAO,OAAO,YAAY,KAAK,CAAC;AACvE;AAEA,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,gCAAgC,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AAC5J,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,iBAAiB,UAAU,IAAI;AAC9C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,WAAW,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC9C,UAAU,KAAK;AAAA,IACf,MAAM,OAAO,KAAK;AAAA,IAClB,WAAW;AAAA,EACb,CAAC;AACD,MAAI,UAAU;AACZ,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uCAAuC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxG;AAEA,QAAM,OAAO,GAAG,OAAO,cAAc;AAAA,IACnC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,MAAM,OAAO,KAAK;AAAA,IAClB,MAAM,OAAO,KAAK;AAAA,IAClB,aAAa,OAAO,KAAK,eAAe;AAAA,IACxC,WAAW,OAAO,KAAK,aAAa;AAAA,IACpC,oBAAoB,OAAO,KAAK,sBAAsB;AAAA,IACtD,UAAU;AAAA,IACV,WAAW,oBAAI,KAAK;AAAA,EACtB,CAAQ;AACR,KAAG,QAAQ,IAAI;AAEf,QAAM,MAAM,GAAG,OAAO,iBAAiB;AAAA,IACrC;AAAA,IACA,UAAU,KAAK;AAAA,IACf,cAAc,CAAC;AAAA,IACf,eAAe;AAAA,IACf,WAAW,oBAAI,KAAK;AAAA,EACtB,CAAQ;AACR,KAAG,QAAQ,GAAG;AAEd,QAAM,GAAG,MAAM;AAEf,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,aAAa,KAAK,eAAe;AAAA,MACjC,WAAW,KAAK;AAAA,MAChB,UAAU,KAAK;AAAA,MACf,oBAAoB,KAAK;AAAA,MACzB,WAAW,KAAK;AAAA,IAClB;AAAA,EACF,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO;AAAA,EACf,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,WAAW,EAAE,QAAQ;AAAA,EACrB,UAAU,EAAE,QAAQ;AAAA,EACpB,oBAAoB,EAAE,QAAQ;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO;AAAA,EACf,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,WAAW,EAAE,QAAQ;AAAA,EACrB,UAAU,EAAE,QAAQ;AAAA,EACpB,oBAAoB,EAAE,QAAQ;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAED,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,OAAO,EAAE,MAAM,UAAU,GAAG,OAAO,EAAE,OAAO,GAAG,YAAY,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AAAA,EACnI,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEA,MAAM,gBAAkC;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,iBAAiB;AAAA,EACxC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,mBAAmB,CAAC,EAAE,CAAC;AAAA,EAC7H,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,YAAY;AAAA,EACzE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/admin/users/[id]/reset-password.js ADDED Viewed

@@ -0,0 +1,69 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { adminResetPasswordSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+async function POST(req, { params }) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = adminResetPasswordSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const customerUserService = container.resolve("customerUserService");
+  const user = await customerUserService.findById(params.id, auth.tenantId);
+  if (!user) {
+    return NextResponse.json({ ok: false, error: "User not found" }, { status: 404 });
+  }
+  await customerUserService.updatePassword(user, parsed.data.newPassword);
+  void emitCustomerAccountsEvent("customer_accounts.password.reset", {
+    id: user.id,
+    email: user.email,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    resetBy: auth.sub
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+const successSchema = z.object({ ok: z.literal(true) });
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const methodDoc = {
+  summary: "Reset customer user password (admin)",
+  description: "Allows staff to set a new password for a customer user.",
+  tags: ["Customer Accounts Admin"],
+  requestBody: { schema: adminResetPasswordSchema },
+  responses: [{ status: 200, description: "Password reset", schema: successSchema }],
+  errors: [
+    { status: 400, description: "Validation failed", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "User not found", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Reset customer user password (admin)",
+  pathParams: z.object({ id: z.string().uuid() }),
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=reset-password.js.map

package/dist/modules/customer_accounts/api/admin/users/[id]/reset-password.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/customer_accounts/api/admin/users/%5Bid%5D/reset-password.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { adminResetPasswordSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata = {}\n\nexport async function POST(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminResetPasswordSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const user = await customerUserService.findById(params.id, auth.tenantId!)\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  await customerUserService.updatePassword(user, parsed.data.newPassword)\n\n  void emitCustomerAccountsEvent('customer_accounts.password.reset', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    resetBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Reset customer user password (admin)',\n  description: 'Allows staff to set a new password for a customer user.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminResetPasswordSchema },\n  responses: [{ status: 200, description: 'Password reset', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Reset customer user password (admin)',\n  pathParams: z.object({ id: z.string().uuid() }),\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,gCAAgC;AACzC,SAAS,iCAAiC;AAEnC,MAAM,WAAW,CAAC;AAEzB,eAAsB,KAAK,KAAc,EAAE,OAAO,GAA+B;AAC/E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,yBAAyB,UAAU,IAAI;AACtD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,OAAO,MAAM,oBAAoB,SAAS,OAAO,IAAI,KAAK,QAAS;AACzE,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,oBAAoB,eAAe,MAAM,OAAO,KAAK,WAAW;AAEtE,OAAK,0BAA0B,oCAAoC;AAAA,IACjE,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,SAAS,KAAK;AAAA,EAChB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,yBAAyB;AAAA,EAChD,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,cAAc,CAAC;AAAA,EACjF,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/admin/users/[id]/verify-email.js ADDED Viewed

@@ -0,0 +1,64 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { CustomerUser } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+async function POST(req, { params }) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const em = container.resolve("em");
+  const user = await em.findOne(CustomerUser, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!user) {
+    return NextResponse.json({ ok: false, error: "User not found" }, { status: 404 });
+  }
+  if (user.emailVerifiedAt) {
+    return NextResponse.json({ ok: true, alreadyVerified: true });
+  }
+  await em.nativeUpdate(CustomerUser, { id: user.id }, { emailVerifiedAt: /* @__PURE__ */ new Date() });
+  void emitCustomerAccountsEvent("customer_accounts.email.verified", {
+    id: user.id,
+    email: user.email,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    verifiedBy: auth.sub
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+const successSchema = z.object({ ok: z.literal(true), alreadyVerified: z.boolean().optional() });
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const methodDoc = {
+  summary: "Verify customer user email (admin)",
+  description: "Allows staff to manually mark a customer user email as verified.",
+  tags: ["Customer Accounts Admin"],
+  responses: [{ status: 200, description: "Email verified", schema: successSchema }],
+  errors: [
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "User not found", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Verify customer user email (admin)",
+  pathParams: z.object({ id: z.string().uuid() }),
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=verify-email.js.map

package/dist/modules/customer_accounts/api/admin/users/[id]/verify-email.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/customer_accounts/api/admin/users/%5Bid%5D/verify-email.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUser } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata = {}\n\nexport async function POST(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await em.findOne(CustomerUser, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  if (user.emailVerifiedAt) {\n    return NextResponse.json({ ok: true, alreadyVerified: true })\n  }\n\n  await em.nativeUpdate(CustomerUser, { id: user.id }, { emailVerifiedAt: new Date() })\n\n  void emitCustomerAccountsEvent('customer_accounts.email.verified', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    verifiedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst successSchema = z.object({ ok: z.literal(true), alreadyVerified: z.boolean().optional() })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Verify customer user email (admin)',\n  description: 'Allows staff to manually mark a customer user email as verified.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{ status: 200, description: 'Email verified', schema: successSchema }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Verify customer user email (admin)',\n  pathParams: z.object({ id: z.string().uuid() }),\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,oBAAoB;AAC7B,SAAS,iCAAiC;AAEnC,MAAM,WAAW,CAAC;AAEzB,eAAsB,KAAK,KAAc,EAAE,OAAO,GAA+B;AAC/E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,MAAI,KAAK,iBAAiB;AACxB,WAAO,aAAa,KAAK,EAAE,IAAI,MAAM,iBAAiB,KAAK,CAAC;AAAA,EAC9D;AAEA,QAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,iBAAiB,oBAAI,KAAK,EAAE,CAAC;AAEpF,OAAK,0BAA0B,oCAAoC;AAAA,IACjE,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,YAAY,KAAK;AAAA,EACnB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AAC/F,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,cAAc,CAAC;AAAA,EACjF,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}