npm - @open-mercato/core - Versions diffs - 0.5.1-develop.2975.ccbadc8198 → 0.5.1-develop.2996.ce62fd491c - Mend

@open-mercato/core 0.5.1-develop.2975.ccbadc8198 → 0.5.1-develop.2996.ce62fd491c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/src/modules/auth/api/sidebar/variants/route.ts ADDED Viewed

@@ -0,0 +1,157 @@
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import type { EntityManager } from '@mikro-orm/postgresql'
+import { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'
+import { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'
+import { createRequestContainer } from '@open-mercato/shared/lib/di/container'
+import { SIDEBAR_PREFERENCES_VERSION } from '@open-mercato/shared/modules/navigation/sidebarPreferences'
+import {
+  createSidebarVariant,
+  listSidebarVariants,
+  type SidebarVariantRecord,
+} from '../../../services/sidebarPreferencesService'
+import {
+  createSidebarVariantInputSchema,
+  sidebarVariantRecordSchema,
+} from '../../../data/validators'
+import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
+export const metadata = {
+  GET: { requireAuth: true },
+  POST: { requireAuth: true },
+}
+const variantListResponseSchema = z.object({
+  locale: z.string(),
+  variants: z.array(sidebarVariantRecordSchema),
+})
+const variantCreateResponseSchema = z.object({
+  locale: z.string(),
+  variant: sidebarVariantRecordSchema,
+})
+const errorSchema = z.object({ error: z.string() })
+function serializeVariant(record: SidebarVariantRecord) {
+  return {
+    id: record.id,
+    name: record.name,
+    isActive: record.isActive,
+    settings: {
+      version: record.settings.version ?? SIDEBAR_PREFERENCES_VERSION,
+      groupOrder: record.settings.groupOrder ?? [],
+      groupLabels: record.settings.groupLabels ?? {},
+      itemLabels: record.settings.itemLabels ?? {},
+      hiddenItems: record.settings.hiddenItems ?? [],
+      itemOrder: record.settings.itemOrder ?? {},
+    },
+    createdAt: record.createdAt.toISOString(),
+    updatedAt: record.updatedAt ? record.updatedAt.toISOString() : null,
+  }
+}
+export async function GET(req: Request) {
+  const auth = await getAuthFromRequest(req)
+  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub
+  if (!effectiveUserId) return NextResponse.json({ error: 'No user context' }, { status: 403 })
+  const { locale } = await resolveTranslations()
+  const { resolve } = await createRequestContainer()
+  const em = resolve('em') as EntityManager
+  const variants = await listSidebarVariants(em, {
+    userId: effectiveUserId,
+    tenantId: auth.tenantId ?? null,
+    organizationId: auth.orgId ?? null,
+    locale,
+  })
+  return NextResponse.json(
+    {
+      locale,
+      variants: variants.map(serializeVariant),
+    },
+    { headers: { 'cache-control': 'no-store, no-cache, must-revalidate' } },
+  )
+}
+export async function POST(req: Request) {
+  const auth = await getAuthFromRequest(req)
+  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub
+  if (!effectiveUserId) return NextResponse.json({ error: 'No user context' }, { status: 403 })
+  let parsedBody: unknown
+  try {
+    parsedBody = await req.json()
+  } catch {
+    parsedBody = {}
+  }
+  const parsed = createSidebarVariantInputSchema.safeParse(parsedBody)
+  if (!parsed.success) {
+    return NextResponse.json({ error: 'Invalid payload', details: parsed.error.flatten() }, { status: 400 })
+  }
+  try {
+    const { locale } = await resolveTranslations()
+    const { resolve } = await createRequestContainer()
+    const em = resolve('em') as EntityManager
+    const variant = await createSidebarVariant(em, {
+      userId: effectiveUserId,
+      tenantId: auth.tenantId ?? null,
+      organizationId: auth.orgId ?? null,
+      locale,
+    }, {
+      name: parsed.data.name ?? null,
+      settings: parsed.data.settings ?? null,
+      isActive: parsed.data.isActive,
+    })
+    return NextResponse.json({
+      locale,
+      variant: serializeVariant(variant),
+    })
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err)
+    // MikroORM throws UniqueConstraintViolationException for unique conflicts.
+    // The constraint name embeds the columns: (user_id, tenant_id, locale, name).
+    if (err instanceof Error && err.constructor?.name === 'UniqueConstraintViolationException') {
+      return NextResponse.json(
+        { error: 'A variant with this name already exists. Choose a different name.', code: 'duplicate_name' },
+        { status: 409 },
+      )
+    }
+    // eslint-disable-next-line no-console
+    console.error('[sidebar-variants POST] failed', err)
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}
+export const openApi: OpenApiRouteDoc = {
+  tag: 'Authentication & Accounts',
+  summary: 'Sidebar variants',
+  methods: {
+    GET: {
+      summary: 'List sidebar variants',
+      description: 'Returns the named sidebar variants saved by the current user for the current tenant + locale.',
+      responses: [
+        { status: 200, description: 'Variant list', schema: variantListResponseSchema },
+        { status: 401, description: 'Unauthorized', schema: errorSchema },
+      ],
+    },
+    POST: {
+      summary: 'Create a sidebar variant',
+      description: 'Creates a new variant. If `name` is omitted or blank, an auto-name like "My preferences", "My preferences 2", … is assigned.',
+      requestBody: { contentType: 'application/json', schema: createSidebarVariantInputSchema },
+      responses: [
+        { status: 200, description: 'Variant created', schema: variantCreateResponseSchema },
+        { status: 400, description: 'Invalid payload', schema: errorSchema },
+        { status: 401, description: 'Unauthorized', schema: errorSchema },
+      ],
+    },
+  },
+}

package/src/modules/auth/backend/sidebar-customization/page.meta.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import React from 'react'
+const sidebarCustomizeIcon = React.createElement(
+  'svg',
+  { width: 16, height: 16, viewBox: '0 0 24 24', fill: 'none', stroke: 'currentColor', strokeWidth: 2, strokeLinecap: 'round', strokeLinejoin: 'round' },
+  React.createElement('rect', { x: 3, y: 3, width: 7, height: 18, rx: 1 }),
+  React.createElement('rect', { x: 14, y: 3, width: 7, height: 11, rx: 1 }),
+  React.createElement('path', { d: 'M14 17h7' }),
+  React.createElement('path', { d: 'M17.5 14v7' }),
+)
+// Page is reachable by any authenticated user — every staff user has
+// always been able to customize their PERSONAL sidebar (the variants /
+// preferences APIs gate only role-application via `auth.sidebar.manage`).
+// Inside the editor, the "Apply to roles" card and role variants picker are
+// already conditionally hidden via `canApplyToRoles` (server-checked against
+// `auth.sidebar.manage`), so non-admins see only the personal-scope flow,
+// matching the pre-PR inline-editor behavior. Restricting the whole page
+// to `auth.sidebar.manage` would be a stealth regression for non-admins.
+export const metadata = {
+  requireAuth: true,
+  pageTitle: 'Customize sidebar',
+  pageTitleKey: 'appShell.customizeSidebar',
+  pageGroup: 'Customization',
+  pageGroupKey: 'appShell.sidebarCustomizationGroup',
+  pageOrder: 1,
+  icon: sidebarCustomizeIcon,
+  pageContext: 'settings' as const,
+  breadcrumb: [
+    { label: 'Customize sidebar', labelKey: 'appShell.customizeSidebar' },
+  ],
+}
+export default metadata

package/src/modules/auth/backend/sidebar-customization/page.tsx ADDED Viewed

@@ -0,0 +1,17 @@
+'use client'
+import * as React from 'react'
+import { useRouter } from 'next/navigation'
+import { SidebarCustomizationEditor } from '@open-mercato/ui/backend/sidebar/SidebarCustomizationEditor'
+export default function SidebarCustomizationPage() {
+  const router = useRouter()
+  const goBack = React.useCallback(() => {
+    router.push('/backend/settings')
+  }, [router])
+  return (
+    <div className="space-y-4">
+      <SidebarCustomizationEditor onCanceled={goBack} />
+    </div>
+  )
+}

package/src/modules/auth/data/entities.ts CHANGED Viewed

@@ -57,7 +57,10 @@ export class Role {
 }
 @Entity({ tableName: 'user_sidebar_preferences' })
-@Unique({ properties: ['user', 'tenantId', 'organizationId', 'locale'] })
+// Uniqueness is enforced by a partial unique index (`user_sidebar_preferences_active_unique_idx`)
+// scoped to live rows (`WHERE deleted_at IS NULL`) and owned by raw SQL in
+// Migration20260427143311. A `@Unique` decorator can't express a partial index,
+// so the entity intentionally omits it — the migration is the source of truth.
 export class UserSidebarPreference {
   @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })
   id!: string
@@ -88,7 +91,10 @@ export class UserSidebarPreference {
 }
 @Entity({ tableName: 'role_sidebar_preferences' })
-@Unique({ properties: ['role', 'tenantId', 'locale'] })
+// Uniqueness is enforced by a partial unique index (`role_sidebar_preferences_active_unique_idx`)
+// scoped to live rows (`WHERE deleted_at IS NULL`) and owned by raw SQL in
+// Migration20260427143311. A `@Unique` decorator can't express a partial index,
+// so the entity intentionally omits it — the migration is the source of truth.
 export class RoleSidebarPreference {
   @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })
   id!: string
@@ -115,6 +121,46 @@ export class RoleSidebarPreference {
   deletedAt?: Date | null
 }
+@Entity({ tableName: 'sidebar_variants' })
+// Uniqueness is enforced by a partial unique index (`sidebar_variants_active_name_unique_idx`)
+// scoped to live rows (`WHERE deleted_at IS NULL`) and owned by raw SQL in
+// Migration20260427143311. A `@Unique` decorator can't express a partial index,
+// so the entity intentionally omits it — the migration is the source of truth.
+export class SidebarVariant {
+  @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })
+  id!: string
+  @ManyToOne(() => User)
+  user!: User
+  @Property({ name: 'tenant_id', type: 'uuid', nullable: true })
+  tenantId?: string | null
+  @Property({ name: 'organization_id', type: 'uuid', nullable: true })
+  organizationId?: string | null
+  @Property({ type: 'text' })
+  locale!: string
+  @Property({ type: 'text' })
+  name!: string
+  @Property({ name: 'settings_json', type: 'json', nullable: true })
+  settingsJson?: unknown
+  @Property({ name: 'is_active', type: 'boolean', default: false })
+  isActive: boolean = false
+  @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })
+  createdAt: Date = new Date()
+  @Property({ name: 'updated_at', type: Date, onUpdate: () => new Date(), nullable: true })
+  updatedAt?: Date
+  @Property({ name: 'deleted_at', type: Date, nullable: true })
+  deletedAt?: Date | null
+}
 @Entity({ tableName: 'user_roles' })
 export class UserRole {
   @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })

package/src/modules/auth/data/validators.ts CHANGED Viewed

@@ -24,14 +24,80 @@ export const refreshSessionRequestSchema = z.object({
   refreshToken: z.string().min(1),
 })
+export const sidebarPreferencesScopeSchema = z.union([
+  z.object({ type: z.literal('user') }),
+  z.object({ type: z.literal('role'), roleId: z.string().uuid() }),
+])
+// Sidebar settings shape shared by both `sidebarPreferencesInputSchema` (which
+// adds role-targeting fields) and the variants API (which uses just the
+// settings + name + isActive). Keeping the field constraints in one place
+// prevents drift between the preferences and variants surfaces.
+export const sidebarVariantSettingsSchema = z.object({
+  version: z.number().int().positive().optional(),
+  groupOrder: z.array(z.string().min(1)).max(200).optional(),
+  groupLabels: z.record(z.string().min(1), z.string().min(1).max(120)).optional(),
+  itemLabels: z.record(z.string().min(1), z.string().min(1).max(120)).optional(),
+  hiddenItems: z.array(z.string().min(1)).max(500).optional(),
+  itemOrder: z.record(z.string().min(1), z.array(z.string().min(1)).max(500)).optional(),
+})
+export const createSidebarVariantInputSchema = z.object({
+  name: z.string().trim().min(1).max(120).optional(),
+  settings: sidebarVariantSettingsSchema.optional(),
+  isActive: z.boolean().optional(),
+})
+export const updateSidebarVariantInputSchema = z.object({
+  name: z.string().trim().min(1).max(120).optional(),
+  settings: sidebarVariantSettingsSchema.optional(),
+  isActive: z.boolean().optional(),
+})
+export const sidebarVariantRecordSchema = z.object({
+  id: z.string().uuid(),
+  name: z.string(),
+  isActive: z.boolean(),
+  settings: z.object({
+    version: z.number().int().positive(),
+    groupOrder: z.array(z.string()),
+    groupLabels: z.record(z.string(), z.string()),
+    itemLabels: z.record(z.string(), z.string()),
+    hiddenItems: z.array(z.string()),
+    itemOrder: z.record(z.string(), z.array(z.string())),
+  }),
+  createdAt: z.string(),
+  updatedAt: z.string().nullable(),
+})
 export const sidebarPreferencesInputSchema = z.object({
   version: z.number().int().positive().optional(),
   groupOrder: z.array(z.string().min(1)).max(200).optional(),
   groupLabels: z.record(z.string().min(1), z.string().min(1).max(120)).optional(),
   itemLabels: z.record(z.string().min(1), z.string().min(1).max(120)).optional(),
   hiddenItems: z.array(z.string().min(1)).max(500).optional(),
+  itemOrder: z.record(z.string().min(1), z.array(z.string().min(1)).max(500)).optional(),
   applyToRoles: z.array(z.string().uuid()).optional(),
   clearRoleIds: z.array(z.string().uuid()).optional(),
+  scope: sidebarPreferencesScopeSchema.optional(),
+}).superRefine((value, ctx) => {
+  const scopeType = value.scope?.type ?? 'user'
+  if (scopeType === 'role') {
+    if ((value.applyToRoles?.length ?? 0) > 0) {
+      ctx.addIssue({
+        code: z.ZodIssueCode.custom,
+        path: ['applyToRoles'],
+        message: 'applyToRoles is only valid when scope.type === "user"',
+      })
+    }
+    if ((value.clearRoleIds?.length ?? 0) > 0) {
+      ctx.addIssue({
+        code: z.ZodIssueCode.custom,
+        path: ['clearRoleIds'],
+        message: 'clearRoleIds is only valid when scope.type === "user"',
+      })
+    }
+  }
 })
 // Optional helpers for CLI or admin forms
@@ -56,5 +122,9 @@ export type RequestPasswordResetInput = z.infer<typeof requestPasswordResetSchem
 export type ConfirmPasswordResetInput = z.infer<typeof confirmPasswordResetSchema>
 export type RefreshSessionRequestInput = z.infer<typeof refreshSessionRequestSchema>
 export type SidebarPreferencesInput = z.infer<typeof sidebarPreferencesInputSchema>
+export type SidebarVariantSettingsInput = z.infer<typeof sidebarVariantSettingsSchema>
+export type CreateSidebarVariantInput = z.infer<typeof createSidebarVariantInputSchema>
+export type UpdateSidebarVariantInput = z.infer<typeof updateSidebarVariantInputSchema>
+export type SidebarVariantRecordResponse = z.infer<typeof sidebarVariantRecordSchema>
 export type UserCreateInput = z.infer<typeof userCreateSchema>
 export type FeatureCheckRequestInput = z.infer<typeof featureCheckRequestSchema>