@open-mercato/core 0.6.4-develop.4000.1.450e315cec → 0.6.4-develop.4011.1.4f3ed9ae3e

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@open-mercato/core",
-  "version": "0.6.4-develop.4000.1.450e315cec",
+  "version": "0.6.4-develop.4011.1.4f3ed9ae3e",
   "type": "module",
   "main": "./dist/index.js",
   "scripts": {
@@ -243,16 +243,16 @@
     "zod": "^4.4.3"
   },
   "peerDependencies": {
-    "@open-mercato/ai-assistant": "0.6.4-develop.4000.1.450e315cec",
-    "@open-mercato/shared": "0.6.4-develop.4000.1.450e315cec",
-    "@open-mercato/ui": "0.6.4-develop.4000.1.450e315cec",
+    "@open-mercato/ai-assistant": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/shared": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/ui": "0.6.4-develop.4011.1.4f3ed9ae3e",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
-    "@open-mercato/ai-assistant": "0.6.4-develop.4000.1.450e315cec",
-    "@open-mercato/shared": "0.6.4-develop.4000.1.450e315cec",
-    "@open-mercato/ui": "0.6.4-develop.4000.1.450e315cec",
+    "@open-mercato/ai-assistant": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/shared": "0.6.4-develop.4011.1.4f3ed9ae3e",
+    "@open-mercato/ui": "0.6.4-develop.4011.1.4f3ed9ae3e",
     "@testing-library/dom": "^10.4.1",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.3.1",

package/src/modules/auth/backend/users/[id]/edit/page.tsx

@@ -17,6 +17,7 @@ import { useT } from '@open-mercato/shared/lib/i18n/context'
 import { extractCustomFieldEntries } from '@open-mercato/shared/lib/crud/custom-fields-client'
 import { formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'
 import { UserConsentsPanel } from '@open-mercato/core/modules/auth/components/UserConsentsPanel'
+import { RecordNotFoundState, ErrorMessage } from '@open-mercato/ui/backend/detail'
 import { normalizeDisplayNameInput } from '@open-mercato/core/modules/auth/lib/displayName'
 
 type EditUserFormValues = {
@@ -119,6 +120,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
   const [selectedTenantId, setSelectedTenantId] = React.useState<string | null>(null)
   const [loading, setLoading] = React.useState(true)
   const [error, setError] = React.useState<string | null>(null)
+  const [isNotFound, setIsNotFound] = React.useState(false)
   const [canEditOrgs, setCanEditOrgs] = React.useState(false)
   const [aclData, setAclData] = React.useState<AclData>({ isSuperAdmin: false, features: [], organizations: null })
   const [customFieldValues, setCustomFieldValues] = React.useState<Record<string, unknown>>({})
@@ -171,6 +173,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
     async function load() {
       setLoading(true)
       setError(null)
+      setIsNotFound(false)
       setCustomFieldValues({})
       try {
         const { ok, result } = await apiCall<UserListResponse>(
@@ -182,7 +185,7 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
           setActorIsSuperAdmin(Boolean(result?.isSuperAdmin))
           setActorResolved(true)
           if (!item) {
-            setError(tRef.current('auth.users.form.errors.notFound', 'User not found'))
+            setIsNotFound(true)
             setCustomFieldValues({})
             setInitialUser(null)
             setSelectedTenantId(null)
@@ -404,14 +407,33 @@ export default function EditUserPage({ params }: { params?: { id?: string } }) {
     }
   }, [initialUser, customFieldValues, selectedTenantId])
 
+  if (isNotFound) {
+    return (
+      <Page>
+        <PageBody>
+          <RecordNotFoundState
+            label={t('auth.users.form.errors.notFound', 'User not found')}
+            backHref="/backend/users"
+            backLabel={t('auth.users.form.actions.backToList', 'Back to users')}
+          />
+        </PageBody>
+      </Page>
+    )
+  }
+
+  if (error && !loading) {
+    return (
+      <Page>
+        <PageBody>
+          <ErrorMessage label={error} />
+        </PageBody>
+      </Page>
+    )
+  }
+
   return (
     <Page>
       <PageBody>
-        {error && (
-          <div className="p-4 mb-4 bg-red-50 border border-red-200 rounded text-red-800">
-            {error}
-          </div>
-        )}
         <CrudForm<EditUserFormValues>
           title={t('auth.users.form.title.edit', 'Edit User')}
           backHref="/backend/users"

package/src/modules/auth/i18n/de.json

@@ -172,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Einladung erneut senden",
   "auth.users.form.action.resendingInvite": "Wird gesendet...",
   "auth.users.form.action.save": "Speichern",
+  "auth.users.form.actions.backToList": "Zurück zu Benutzern",
   "auth.users.form.errors.aclUpdate": "Aktualisierung der Benutzerberechtigungen fehlgeschlagen",
   "auth.users.form.errors.delete": "Benutzer konnte nicht gelöscht werden",
   "auth.users.form.errors.inviteResend": "Einladungs-E-Mail konnte nicht gesendet werden",

package/src/modules/auth/i18n/en.json

@@ -172,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Resend Invite",
   "auth.users.form.action.resendingInvite": "Sending...",
   "auth.users.form.action.save": "Save",
+  "auth.users.form.actions.backToList": "Back to users",
   "auth.users.form.errors.aclUpdate": "Failed to update user access control",
   "auth.users.form.errors.delete": "Failed to delete user",
   "auth.users.form.errors.inviteResend": "Failed to send invitation email",

package/src/modules/auth/i18n/es.json

@@ -172,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Reenviar invitación",
   "auth.users.form.action.resendingInvite": "Enviando...",
   "auth.users.form.action.save": "Guardar",
+  "auth.users.form.actions.backToList": "Volver a usuarios",
   "auth.users.form.errors.aclUpdate": "No se pudo actualizar el control de acceso del usuario",
   "auth.users.form.errors.delete": "No se pudo eliminar el usuario",
   "auth.users.form.errors.inviteResend": "No se pudo enviar el correo de invitación",

package/src/modules/auth/i18n/pl.json

@@ -172,6 +172,7 @@
   "auth.users.form.action.resendInvite": "Wyślij zaproszenie ponownie",
   "auth.users.form.action.resendingInvite": "Wysyłanie...",
   "auth.users.form.action.save": "Zapisz",
+  "auth.users.form.actions.backToList": "Powrót do listy użytkowników",
   "auth.users.form.errors.aclUpdate": "Nie udało się zaktualizować uprawnień użytkownika",
   "auth.users.form.errors.delete": "Nie udało się usunąć użytkownika",
   "auth.users.form.errors.inviteResend": "Nie udało się wysłać e-maila z zaproszeniem",

package/src/modules/catalog/acl.ts

@@ -1,10 +1,35 @@
 export const features = [
-  { id: 'catalog.products.view', title: 'View catalog products', module: 'catalog' },
-  { id: 'catalog.products.manage', title: 'Manage catalog products', module: 'catalog' },
+  {
+    id: 'catalog.products.view',
+    title: 'View catalog products',
+    module: 'catalog',
+    dependsOn: ['currencies.view', 'dictionaries.view'],
+  },
+  {
+    id: 'catalog.products.manage',
+    title: 'Manage catalog products',
+    module: 'catalog',
+    dependsOn: ['catalog.products.view'],
+  },
   { id: 'catalog.categories.view', title: 'View catalog categories', module: 'catalog' },
-  { id: 'catalog.categories.manage', title: 'Manage catalog categories', module: 'catalog' },
-  { id: 'catalog.variants.manage', title: 'Manage catalog variants', module: 'catalog' },
-  { id: 'catalog.pricing.manage', title: 'Manage catalog pricing', module: 'catalog' },
+  {
+    id: 'catalog.categories.manage',
+    title: 'Manage catalog categories',
+    module: 'catalog',
+    dependsOn: ['catalog.categories.view'],
+  },
+  {
+    id: 'catalog.variants.manage',
+    title: 'Manage catalog variants',
+    module: 'catalog',
+    dependsOn: ['catalog.products.view'],
+  },
+  {
+    id: 'catalog.pricing.manage',
+    title: 'Manage catalog pricing',
+    module: 'catalog',
+    dependsOn: ['catalog.products.view', 'currencies.view'],
+  },
   { id: 'catalog.settings.manage', title: 'Manage catalog settings', module: 'catalog' },
 ]
 

package/src/modules/catalog/backend/catalog/products/[id]/page.tsx

@@ -4,7 +4,7 @@ import * as React from "react";
 import Link from "next/link";
 import dynamic from "next/dynamic";
 import { Page, PageBody } from "@open-mercato/ui/backend/Page";
-import { ErrorMessage } from "@open-mercato/ui/backend/detail";
+import { ErrorMessage, RecordNotFoundState } from "@open-mercato/ui/backend/detail";
 import {
   CrudForm,
   type CrudFormGroup,
@@ -327,6 +327,7 @@ export default function EditCatalogProductPage({
     React.useState<Partial<ProductFormValues> | null>(null);
   const [loading, setLoading] = React.useState(true);
   const [error, setError] = React.useState<string | null>(null);
+  const [isNotFound, setIsNotFound] = React.useState(false);
   const offerSnapshotsRef = React.useRef<OfferSnapshot[]>([]);
   const initialConversionsRef = React.useRef<ProductUnitConversionDraft[]>([]);
   const [categorizeOptions, setCategorizeOptions] = React.useState<{
@@ -552,6 +553,7 @@ export default function EditCatalogProductPage({
     async function loadProduct() {
       setLoading(true);
       setError(null);
+      setIsNotFound(false);
       try {
         const productRes = await apiCall<ProductResponse>(
           `/api/catalog/products?id=${encodeURIComponent(productId!)}&page=1&pageSize=1&withDeleted=false`,
@@ -567,10 +569,10 @@ export default function EditCatalogProductPage({
         const record = Array.isArray(productRes.result?.items)
           ? productRes.result?.items?.[0]
           : undefined;
-        if (!record)
-          throw new Error(
-            t("catalog.products.edit.errors.notFound", "Product not found."),
-          );
+        if (!record) {
+          if (!cancelled) setIsNotFound(true);
+          return;
+        }
         const rawMetadata = isRecord(record.metadata)
           ? (record.metadata as Record<string, unknown>)
           : null;
@@ -1341,6 +1343,20 @@ export default function EditCatalogProductPage({
     );
   }
 
+  if (isNotFound && !loading) {
+    return (
+      <Page>
+        <PageBody>
+          <RecordNotFoundState
+            label={t("catalog.products.edit.errors.notFound", "Product not found.")}
+            backHref="/backend/catalog/products"
+            backLabel={t("catalog.products.edit.actions.backToList", "Back to products")}
+          />
+        </PageBody>
+      </Page>
+    );
+  }
+
   if (error && !loading) {
     return (
       <Page>

package/src/modules/catalog/commands/offers.ts

@@ -14,6 +14,7 @@ import {
 } from '../data/validators'
 import {
   cloneJson,
+  commandActorScope,
   ensureOrganizationScope,
   ensureSameScope,
   ensureTenantScope,
@@ -98,7 +99,10 @@ const createOfferCommand: CommandHandler<OfferCreateInput, { offerId: string }>
     ensureTenantScope(ctx, parsed.tenantId)
     ensureOrganizationScope(ctx, parsed.organizationId)
     const em = (ctx.container.resolve('em') as EntityManager).fork()
-    const product = await requireProduct(em, parsed.productId)
+    const product = await requireProduct(em, parsed.productId, {
+      tenantId: parsed.tenantId,
+      organizationId: parsed.organizationId,
+    })
     if (
       product.organizationId !== parsed.organizationId ||
       product.tenantId !== parsed.tenantId
@@ -224,10 +228,16 @@ const updateOfferCommand: CommandHandler<OfferUpdateInput, { offerId: string }>
     ensureOrganizationScope(ctx, record.organizationId)
     let productEntity =
       typeof record.product === 'string'
-        ? await requireProduct(em, record.product)
+        ? await requireProduct(em, record.product, {
+            tenantId: record.tenantId,
+            organizationId: record.organizationId,
+          })
         : record.product
     if (parsed.productId && parsed.productId !== record.product.id) {
-      const nextProduct = await requireProduct(em, parsed.productId)
+      const nextProduct = await requireProduct(em, parsed.productId, {
+        tenantId: record.tenantId,
+        organizationId: record.organizationId,
+      })
       ensureSameScope(nextProduct, record.organizationId, record.tenantId)
       productEntity = nextProduct
     }
@@ -322,9 +332,15 @@ const updateOfferCommand: CommandHandler<OfferUpdateInput, { offerId: string }>
     const before = payload?.before
     if (!before) return
     const em = (ctx.container.resolve('em') as EntityManager).fork()
-    const record = await requireOffer(em, before.id).catch(() => null)
+    const record = await requireOffer(em, before.id, {
+      tenantId: before.tenantId,
+      organizationId: before.organizationId,
+    }).catch(() => null)
     if (!record) {
-      const product = await requireProduct(em, before.productId)
+      const product = await requireProduct(em, before.productId, {
+        tenantId: before.tenantId,
+        organizationId: before.organizationId,
+      })
       ensureSameScope(product, before.organizationId, before.tenantId)
       const restored = em.create(CatalogOffer, {
         id: before.id,
@@ -384,7 +400,7 @@ const deleteOfferCommand: CommandHandler<{ id?: string }, { offerId: string }> =
   async execute(input, ctx) {
     const parsed = { id: requireId(input, 'Offer id is required.') }
     const em = (ctx.container.resolve('em') as EntityManager).fork()
-    const record = await requireOffer(em, parsed.id)
+    const record = await requireOffer(em, parsed.id, commandActorScope(ctx))
     ensureTenantScope(ctx, record.tenantId)
     ensureOrganizationScope(ctx, record.organizationId)
     const baseEm = ctx.container.resolve('em') as EntityManager
@@ -436,7 +452,10 @@ const deleteOfferCommand: CommandHandler<{ id?: string }, { offerId: string }> =
     const em = (ctx.container.resolve('em') as EntityManager).fork()
     const existing = await em.findOne(CatalogOffer, { id: before.id })
     if (existing) return
-    const product = await requireProduct(em, before.productId)
+    const product = await requireProduct(em, before.productId, {
+      tenantId: before.tenantId,
+      organizationId: before.organizationId,
+    })
     ensureSameScope(product, before.organizationId, before.tenantId)
     const restored = em.create(CatalogOffer, {
       id: before.id,

package/src/modules/catalog/commands/prices.ts

@@ -16,6 +16,7 @@ import {
 import type { TaxCalculationService } from '@open-mercato/core/modules/sales/services/taxCalculationService'
 import {
   cloneJson,
+  commandActorScope,
   ensureOrganizationScope,
   ensureSameScope,
   ensureSameTenant,
@@ -105,17 +106,18 @@ async function resolveSnapshotAssociations(
   product: CatalogProduct
   offer: CatalogOffer | null
 }> {
+  const scope = { tenantId: snapshot.tenantId, organizationId: snapshot.organizationId }
   let variant: CatalogProductVariant | null = null
   if (snapshot.variantId) {
-    variant = await requireVariant(em, snapshot.variantId)
+    variant = await requireVariant(em, snapshot.variantId, scope)
   }
   let product: CatalogProduct | null = null
   if (snapshot.productId) {
-    product = await requireProduct(em, snapshot.productId)
+    product = await requireProduct(em, snapshot.productId, scope)
   } else if (variant) {
     product =
       typeof variant.product === 'string'
-        ? await requireProduct(em, variant.product)
+        ? await requireProduct(em, variant.product, scope)
         : variant.product
   }
   if (!product) {
@@ -123,7 +125,7 @@ async function resolveSnapshotAssociations(
   }
   let offer: CatalogOffer | null = null
   if (snapshot.offerId) {
-    offer = await requireOffer(em, snapshot.offerId)
+    offer = await requireOffer(em, snapshot.offerId, scope)
   }
   return { variant, product, offer }
 }
@@ -262,17 +264,21 @@ const createPriceCommand: CommandHandler<PriceCreateInput, { priceId: string }>
   async execute(rawInput, ctx) {
     const { parsed, custom } = parseWithCustomFields(priceCreateSchema, rawInput)
     const em = (ctx.container.resolve('em') as EntityManager).fork()
+    const actorScope = commandActorScope(ctx)
     let variant: CatalogProductVariant | null = null
     let product: CatalogProduct | null = null
     if (parsed.variantId) {
-      variant = await requireVariant(em, parsed.variantId)
+      variant = await requireVariant(em, parsed.variantId, actorScope)
       product =
         typeof variant.product === 'string'
-          ? await requireProduct(em, variant.product)
+          ? await requireProduct(em, variant.product, {
+              tenantId: variant.tenantId,
+              organizationId: variant.organizationId,
+            })
           : variant.product
     }
     if (parsed.productId) {
-      const explicitProduct = await requireProduct(em, parsed.productId)
+      const explicitProduct = await requireProduct(em, parsed.productId, actorScope)
       if (product && explicitProduct.id !== product.id) {
         throw new CrudHttpError(400, { error: 'Variant does not belong to the provided product.' })
       }
@@ -284,17 +290,24 @@ const createPriceCommand: CommandHandler<PriceCreateInput, { priceId: string }>
     const scopeSource = variant ?? product!
     ensureTenantScope(ctx, scopeSource.tenantId)
     ensureOrganizationScope(ctx, scopeSource.organizationId)
+    const scopeSourceScope = {
+      tenantId: scopeSource.tenantId,
+      organizationId: scopeSource.organizationId,
+    }
 
-    const priceKind = await requirePriceKind(em, parsed.priceKindId)
+    const priceKind = await requirePriceKind(em, parsed.priceKindId, scopeSourceScope)
     ensureSameTenant(priceKind, scopeSource.tenantId)
 
     let offer: CatalogOffer | null = null
     if (parsed.offerId) {
-      offer = await requireOffer(em, parsed.offerId)
+      offer = await requireOffer(em, parsed.offerId, scopeSourceScope)
       ensureSameScope(offer, scopeSource.organizationId, scopeSource.tenantId)
       const offerProduct =
         typeof offer.product === 'string'
-          ? await requireProduct(em, offer.product)
+          ? await requireProduct(em, offer.product, {
+              tenantId: offer.tenantId,
+              organizationId: offer.organizationId,
+            })
           : offer.product
       if (product && offerProduct.id !== product.id) {
         throw new CrudHttpError(400, { error: 'Offer does not belong to the selected product.' })
@@ -445,17 +458,18 @@ const updatePriceCommand: CommandHandler<PriceUpdateInput, { priceId: string }>
       { tenantId: parsed.tenantId, organizationId: parsed.organizationId },
     )
     if (!record) throw new CrudHttpError(404, { error: 'Catalog price not found' })
+    const recordScope = { tenantId: record.tenantId, organizationId: record.organizationId }
     const currentVariantRef = record.variant
     let targetVariant: CatalogProductVariant | null = null
     if (typeof currentVariantRef === 'string') {
-      targetVariant = await requireVariant(em, currentVariantRef)
+      targetVariant = await requireVariant(em, currentVariantRef, recordScope)
     } else if (currentVariantRef) {
       targetVariant = currentVariantRef
     }
     const currentProductRef = record.product ?? (targetVariant ? targetVariant.product : null)
     let targetProduct: CatalogProduct | null = null
     if (typeof currentProductRef === 'string') {
-      targetProduct = await requireProduct(em, currentProductRef)
+      targetProduct = await requireProduct(em, currentProductRef, recordScope)
     } else if (currentProductRef) {
       targetProduct = currentProductRef
     }
@@ -464,23 +478,23 @@ const updatePriceCommand: CommandHandler<PriceUpdateInput, { priceId: string }>
       if (!parsed.variantId) {
         targetVariant = null
       } else {
-        targetVariant = await requireVariant(em, parsed.variantId)
+        targetVariant = await requireVariant(em, parsed.variantId, recordScope)
         targetProduct =
           typeof targetVariant.product === 'string'
-            ? await requireProduct(em, targetVariant.product)
+            ? await requireProduct(em, targetVariant.product, recordScope)
             : targetVariant.product
       }
     }
 
     if (targetVariant && (targetVariant as CatalogProductVariant | null)?.product === undefined) {
-      targetVariant = await requireVariant(em, targetVariant.id)
+      targetVariant = await requireVariant(em, targetVariant.id, recordScope)
     }
 
     if (parsed.productId !== undefined) {
       if (!parsed.productId) {
         targetProduct = null
       } else {
-        const explicitProduct = await requireProduct(em, parsed.productId)
+        const explicitProduct = await requireProduct(em, parsed.productId, recordScope)
         if (targetVariant) {
           const variantProductId =
             typeof targetVariant.product === 'string'
@@ -500,7 +514,7 @@ const updatePriceCommand: CommandHandler<PriceUpdateInput, { priceId: string }>
     if (!targetProduct && targetVariant) {
       targetProduct =
         typeof targetVariant.product === 'string'
-          ? await requireProduct(em, targetVariant.product)
+          ? await requireProduct(em, targetVariant.product, recordScope)
           : targetVariant.product
     }
     if (!targetProduct) {
@@ -511,14 +525,14 @@ const updatePriceCommand: CommandHandler<PriceUpdateInput, { priceId: string }>
     if (record.offer) {
       targetOffer =
         typeof record.offer === 'string'
-          ? await requireOffer(em, record.offer)
+          ? await requireOffer(em, record.offer, recordScope)
           : record.offer
     }
     if (parsed.offerId !== undefined) {
       if (!parsed.offerId) {
         targetOffer = null
       } else {
-        const explicitOffer = await requireOffer(em, parsed.offerId)
+        const explicitOffer = await requireOffer(em, parsed.offerId, recordScope)
         ensureSameScope(explicitOffer, targetProduct.organizationId, targetProduct.tenantId)
         const offerProductId =
           typeof explicitOffer.product === 'string'
@@ -538,14 +552,14 @@ const updatePriceCommand: CommandHandler<PriceUpdateInput, { priceId: string }>
     if (record.priceKind) {
       targetPriceKind =
         typeof record.priceKind === 'string'
-          ? await requirePriceKind(em, record.priceKind)
+          ? await requirePriceKind(em, record.priceKind, recordScope)
           : record.priceKind
     }
     if (parsed.priceKindId !== undefined) {
       if (!parsed.priceKindId) {
         throw new CrudHttpError(400, { error: 'Price kind is required.' })
       }
-      targetPriceKind = await requirePriceKind(em, parsed.priceKindId)
+      targetPriceKind = await requirePriceKind(em, parsed.priceKindId, recordScope)
     }
     if (!targetPriceKind) {
       throw new CrudHttpError(400, { error: 'Price kind is required.' })
@@ -881,15 +895,16 @@ async function resolvePriceRecordAssociations(
   em: EntityManager,
   record: CatalogProductPrice,
 ): Promise<{ product: CatalogProduct; variant: CatalogProductVariant | null }> {
+  const scope = { tenantId: record.tenantId, organizationId: record.organizationId }
   const variant = record.variant
     ? (typeof record.variant === 'string'
-        ? await requireVariant(em, record.variant)
+        ? await requireVariant(em, record.variant, scope)
         : record.variant)
     : null
   if (record.product) {
     const product =
       typeof record.product === 'string'
-        ? await requireProduct(em, record.product)
+        ? await requireProduct(em, record.product, scope)
         : record.product
     return { product, variant }
   }
@@ -897,20 +912,20 @@ async function resolvePriceRecordAssociations(
     const productRef = variant.product
     const product =
       typeof productRef === 'string'
-        ? await requireProduct(em, productRef)
+        ? await requireProduct(em, productRef, scope)
         : productRef
     return { product, variant }
   }
   if (record.offer) {
     const offer =
       typeof record.offer === 'string'
-        ? await requireOffer(em, record.offer)
+        ? await requireOffer(em, record.offer, scope)
         : record.offer
     const productRef = offer?.product ?? null
     if (productRef) {
       const product =
         typeof productRef === 'string'
-          ? await requireProduct(em, productRef)
+          ? await requireProduct(em, productRef, scope)
           : productRef
       return { product, variant }
     }

package/src/modules/catalog/commands/productUnitConversions.ts

@@ -247,6 +247,7 @@ const createProductUnitConversionCommand: CommandHandler<
     const product = await requireProduct(
       em,
       parsed.productId,
+      { tenantId: parsed.tenantId, organizationId: parsed.organizationId },
       translate("catalog.errors.productNotFound", "Catalog product not found"),
     );
     ensureSameScope(product, parsed.organizationId, parsed.tenantId);
@@ -373,7 +374,12 @@ const updateProductUnitConversionCommand: CommandHandler<
       });
     const product =
       typeof record.product === "string"
-        ? await requireProduct(em, record.product, translate("catalog.errors.productNotFound", "Catalog product not found"))
+        ? await requireProduct(
+            em,
+            record.product,
+            { tenantId: record.tenantId, organizationId: record.organizationId },
+            translate("catalog.errors.productNotFound", "Catalog product not found"),
+          )
         : record.product;
     ensureTenantScope(ctx, record.tenantId);
     ensureOrganizationScope(ctx, record.organizationId);

package/src/modules/catalog/commands/products.ts

@@ -1288,6 +1288,7 @@ const createProductCommand: CommandHandler<
       optionSchemaTemplate = await requireOptionSchemaTemplate(
         em,
         parsed.optionSchemaId,
+        { tenantId: parsed.tenantId, organizationId: parsed.organizationId },
         translate("catalog.errors.optionSchemaNotFound", "Option schema not found"),
       );
       ensureSameScope(
@@ -1591,6 +1592,7 @@ const updateProductCommand: CommandHandler<
         const optionTemplate = await requireOptionSchemaTemplate(
           lookupEm,
           parsed.optionSchemaId,
+          { tenantId, organizationId },
           translate("catalog.errors.optionSchemaNotFound", "Option schema not found"),
         );
         ensureSameScope(optionTemplate, organizationId, tenantId);