@open-mercato/core 0.6.4-develop.4239.1.4a264a5828 → 0.6.4-develop.4264.1.53368d85fe

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/.turbo/turbo-build.log +1 -1
  2. package/dist/helpers/integration/authFixtures.js +70 -1
  3. package/dist/helpers/integration/authFixtures.js.map +2 -2
  4. package/dist/helpers/integration/dbFixtures.js +98 -0
  5. package/dist/helpers/integration/dbFixtures.js.map +7 -0
  6. package/dist/modules/business_rules/api/execute/route.js +2 -1
  7. package/dist/modules/business_rules/api/execute/route.js.map +2 -2
  8. package/dist/modules/business_rules/api/rules/route.js +10 -0
  9. package/dist/modules/business_rules/api/rules/route.js.map +2 -2
  10. package/dist/modules/business_rules/cli.js +6 -0
  11. package/dist/modules/business_rules/cli.js.map +2 -2
  12. package/dist/modules/business_rules/lib/rule-engine.js +116 -9
  13. package/dist/modules/business_rules/lib/rule-engine.js.map +2 -2
  14. package/dist/modules/business_rules/subscribers/crud-rule-trigger.js +3 -2
  15. package/dist/modules/business_rules/subscribers/crud-rule-trigger.js.map +2 -2
  16. package/dist/modules/catalog/api/products/route.js +21 -4
  17. package/dist/modules/catalog/api/products/route.js.map +2 -2
  18. package/dist/modules/catalog/lib/pricing.js +6 -0
  19. package/dist/modules/catalog/lib/pricing.js.map +2 -2
  20. package/dist/modules/catalog/services/catalogPricingService.js +5 -1
  21. package/dist/modules/catalog/services/catalogPricingService.js.map +2 -2
  22. package/dist/modules/customer_accounts/api/portal/events/stream.js +1 -0
  23. package/dist/modules/customer_accounts/api/portal/events/stream.js.map +2 -2
  24. package/dist/modules/customers/api/activities/route.js +15 -2
  25. package/dist/modules/customers/api/activities/route.js.map +2 -2
  26. package/dist/modules/customers/api/comments/route.js +15 -3
  27. package/dist/modules/customers/api/comments/route.js.map +2 -2
  28. package/dist/modules/customers/api/companies/[id]/people/route.js +2 -4
  29. package/dist/modules/customers/api/companies/[id]/people/route.js.map +2 -2
  30. package/dist/modules/customers/api/companies/[id]/route.js +2 -4
  31. package/dist/modules/customers/api/companies/[id]/route.js.map +2 -2
  32. package/dist/modules/customers/api/deals/[id]/companies/route.js +2 -4
  33. package/dist/modules/customers/api/deals/[id]/companies/route.js.map +2 -2
  34. package/dist/modules/customers/api/deals/[id]/people/route.js +2 -4
  35. package/dist/modules/customers/api/deals/[id]/people/route.js.map +2 -2
  36. package/dist/modules/customers/api/deals/[id]/route.js +2 -9
  37. package/dist/modules/customers/api/deals/[id]/route.js.map +2 -2
  38. package/dist/modules/customers/api/deals/[id]/stats/route.js +2 -9
  39. package/dist/modules/customers/api/deals/[id]/stats/route.js.map +2 -2
  40. package/dist/modules/customers/api/entity-roles-factory.js +2 -8
  41. package/dist/modules/customers/api/entity-roles-factory.js.map +2 -2
  42. package/dist/modules/customers/api/people/[id]/companies/context.js +2 -4
  43. package/dist/modules/customers/api/people/[id]/companies/context.js.map +2 -2
  44. package/dist/modules/customers/api/people/[id]/companies/enriched/route.js +2 -4
  45. package/dist/modules/customers/api/people/[id]/companies/enriched/route.js.map +2 -2
  46. package/dist/modules/customers/api/people/[id]/route.js +2 -4
  47. package/dist/modules/customers/api/people/[id]/route.js.map +2 -2
  48. package/dist/modules/directory/utils/organizationScopeGuard.js +22 -0
  49. package/dist/modules/directory/utils/organizationScopeGuard.js.map +7 -0
  50. package/dist/modules/workflows/cli.js +8 -0
  51. package/dist/modules/workflows/cli.js.map +2 -2
  52. package/dist/modules/workflows/lib/seeds.js +8 -4
  53. package/dist/modules/workflows/lib/seeds.js.map +2 -2
  54. package/dist/modules/workflows/setup.js +3 -1
  55. package/dist/modules/workflows/setup.js.map +2 -2
  56. package/package.json +7 -7
  57. package/src/helpers/integration/authFixtures.ts +98 -0
  58. package/src/helpers/integration/dbFixtures.ts +144 -0
  59. package/src/modules/business_rules/api/execute/route.ts +2 -1
  60. package/src/modules/business_rules/api/rules/route.ts +10 -0
  61. package/src/modules/business_rules/cli.ts +6 -0
  62. package/src/modules/business_rules/lib/rule-engine.ts +163 -9
  63. package/src/modules/business_rules/subscribers/crud-rule-trigger.ts +3 -2
  64. package/src/modules/catalog/api/products/route.ts +23 -4
  65. package/src/modules/catalog/lib/pricing.ts +9 -0
  66. package/src/modules/catalog/services/catalogPricingService.ts +6 -0
  67. package/src/modules/customer_accounts/api/portal/events/stream.ts +6 -0
  68. package/src/modules/customers/api/activities/route.ts +16 -5
  69. package/src/modules/customers/api/comments/route.ts +15 -5
  70. package/src/modules/customers/api/companies/[id]/people/route.ts +2 -4
  71. package/src/modules/customers/api/companies/[id]/route.ts +2 -5
  72. package/src/modules/customers/api/deals/[id]/companies/route.ts +2 -4
  73. package/src/modules/customers/api/deals/[id]/people/route.ts +2 -4
  74. package/src/modules/customers/api/deals/[id]/route.ts +2 -9
  75. package/src/modules/customers/api/deals/[id]/stats/route.ts +2 -9
  76. package/src/modules/customers/api/entity-roles-factory.ts +2 -12
  77. package/src/modules/customers/api/people/[id]/companies/context.ts +2 -5
  78. package/src/modules/customers/api/people/[id]/companies/enriched/route.ts +2 -5
  79. package/src/modules/customers/api/people/[id]/route.ts +2 -5
  80. package/src/modules/directory/utils/organizationScopeGuard.ts +39 -0
  81. package/src/modules/staff/i18n/de.json +23 -0
  82. package/src/modules/staff/i18n/en.json +23 -0
  83. package/src/modules/staff/i18n/es.json +23 -0
  84. package/src/modules/staff/i18n/pl.json +23 -0
  85. package/src/modules/workflows/cli.ts +8 -0
  86. package/src/modules/workflows/lib/seeds.ts +13 -3
  87. package/src/modules/workflows/setup.ts +3 -1
package/dist/modules/customers/api/deals/[id]/route.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../../../src/modules/customers/api/deals/%5Bid%5D/route.ts"],
4
- "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport {\n CustomerDeal,\n CustomerDealPersonLink,\n CustomerDealCompanyLink,\n CustomerDealStageTransition,\n CustomerDictionaryEntry,\n CustomerEntity,\n CustomerPipeline,\n CustomerPipelineStage,\n} from '../../../data/entities'\nimport { User } from '@open-mercato/core/modules/auth/data/entities'\nimport type { ActionLogService } from '@open-mercato/core/modules/audit_logs/services/actionLogService'\nimport { loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport { normalizeCustomFieldResponse } from '@open-mercato/shared/lib/custom-fields/normalize'\nimport { E } from '#generated/entities.ids.generated'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { findWithDecryption, findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { decryptEntitiesWithFallbackScope } from '@open-mercato/shared/lib/encryption/subscriber'\nimport { isMissingDealStageTransitionTable, warnMissingDealStageTransitionTable } from '../../../lib/dealStageTransitionTable'\n\nexport const metadata = {\n GET: { requireAuth: true, requireFeatures: ['customers.deals.view'] },\n}\n\nconst paramsSchema = z.object({\n id: z.string().uuid(),\n})\n\nfunction notFound(message: string) {\n return NextResponse.json({ error: message }, { status: 404 })\n}\n\nfunction forbidden(message: string) {\n return NextResponse.json({ error: message }, { status: 403 })\n}\n\ntype DealAssociation = {\n id: string\n label: string\n subtitle: string | null\n kind: 'person' | 'company'\n}\n\nfunction normalizePersonAssociation(entity: CustomerEntity): { label: string; subtitle: string | null } {\n const displayName = typeof entity.displayName === 'string' ? entity.displayName.trim() : ''\n const email =\n typeof entity.primaryEmail === 'string' && entity.primaryEmail.trim().length\n ? entity.primaryEmail.trim()\n : null\n const phone =\n typeof entity.primaryPhone === 'string' && entity.primaryPhone.trim().length\n ? entity.primaryPhone.trim()\n : null\n const jobTitle =\n entity.personProfile &&\n typeof (entity.personProfile as { jobTitle?: string | null })?.jobTitle === 'string' &&\n (entity.personProfile as { jobTitle?: string | null }).jobTitle?.trim().length\n ? ((entity.personProfile as { jobTitle?: string | null }).jobTitle as string).trim()\n : null\n const subtitle = jobTitle ?? email ?? phone ?? null\n const label = displayName.length ? displayName : email ?? phone ?? entity.id\n return { label, subtitle }\n}\n\nfunction normalizeCompanyAssociation(entity: CustomerEntity): { label: string; subtitle: string | null } {\n const displayName = typeof entity.displayName === 'string' ? entity.displayName.trim() : ''\n const domain =\n entity.companyProfile &&\n typeof (entity.companyProfile as { domain?: string | null })?.domain === 'string' &&\n (entity.companyProfile as { domain?: string | null }).domain?.trim().length\n ? ((entity.companyProfile as { domain?: string | null }).domain as string).trim()\n : null\n const website =\n entity.companyProfile &&\n typeof (entity.companyProfile as { websiteUrl?: string | null })?.websiteUrl === 'string' &&\n (entity.companyProfile as { websiteUrl?: string | null }).websiteUrl?.trim().length\n ? ((entity.companyProfile as { websiteUrl?: string | null }).websiteUrl as string).trim()\n : null\n const subtitle = domain ?? website ?? null\n const label = displayName.length ? displayName : domain ?? website ?? entity.id\n return { label, subtitle }\n}\n\nfunction readIncludeFlags(request: Request): Set<string> {\n const flags = new Set<string>()\n const url = new URL(request.url)\n for (const rawValue of url.searchParams.getAll('include')) {\n rawValue\n .split(',')\n .map((value) => value.trim().toLowerCase())\n .filter(Boolean)\n .forEach((value) => flags.add(value))\n }\n return flags\n}\n\nfunction readViewMode(request: Request): 'full' | 'lite' {\n const raw = new URL(request.url).searchParams.get('view')\n return raw === 'lite' || raw === 'detail-lite' ? 'lite' : 'full'\n}\n\nfunction normalizeStageLabel(value: string | null | undefined): string {\n return typeof value === 'string' ? value.trim().toLowerCase() : ''\n}\n\ntype StageTransitionPayload = {\n stageId: string\n stageLabel: string\n stageOrder: number\n transitionedAt: string\n}\n\ntype DealSnapshotStageInfo = {\n pipelineId: string | null\n stageId: string | null\n stageLabel: string | null\n}\n\nfunction asObject(value: unknown): Record<string, unknown> | null {\n return typeof value === 'object' && value !== null && !Array.isArray(value)\n ? value as Record<string, unknown>\n : null\n}\n\nfunction readRecordString(record: Record<string, unknown> | null, ...keys: string[]): string | null {\n if (!record) return null\n for (const key of keys) {\n const value = record[key]\n if (typeof value === 'string' && value.trim().length > 0) {\n return value.trim()\n }\n }\n return null\n}\n\nfunction readSnapshotDealRecord(snapshot: unknown): Record<string, unknown> | null {\n const root = asObject(snapshot)\n if (!root) return null\n return asObject(root.deal) ?? root\n}\n\nfunction readSnapshotStageInfo(snapshot: unknown): DealSnapshotStageInfo {\n const dealRecord = readSnapshotDealRecord(snapshot)\n return {\n pipelineId: readRecordString(dealRecord, 'pipelineId', 'pipeline_id'),\n stageId: readRecordString(dealRecord, 'pipelineStageId', 'pipeline_stage_id'),\n stageLabel: readRecordString(dealRecord, 'pipelineStage', 'pipeline_stage'),\n }\n}\n\nasync function loadAuditStageTransitionsFallback({\n container,\n deal,\n pipelineStages,\n}: {\n container: Awaited<ReturnType<typeof createRequestContainer>>\n deal: CustomerDeal\n pipelineStages: CustomerPipelineStage[]\n}): Promise<StageTransitionPayload[]> {\n if (!deal.tenantId || !deal.organizationId || !pipelineStages.length) return []\n\n let actionLogs: ActionLogService | null = null\n try {\n actionLogs = container.resolve('actionLogService') as ActionLogService\n } catch {\n return []\n }\n if (!actionLogs || typeof actionLogs.list !== 'function') return []\n const stageOrderById = new Map(pipelineStages.map((stage) => [stage.id, stage.order]))\n const stageLabelById = new Map(pipelineStages.map((stage) => [stage.id, stage.label]))\n const transitionsByStageId = new Map<string, StageTransitionPayload>()\n const logsResult = await actionLogs.list({\n tenantId: deal.tenantId,\n organizationId: deal.organizationId,\n resourceKind: 'customers.deal',\n resourceId: deal.id,\n limit: 200,\n offset: 0,\n sortField: 'createdAt',\n sortDir: 'asc',\n }).catch(() => null)\n const logs = logsResult?.items ?? []\n\n let previousStageId: string | null = null\n for (const log of logs) {\n if (log.executionState === 'failed' || log.executionState === 'undone') continue\n\n const before = readSnapshotStageInfo(log.snapshotBefore)\n const after = readSnapshotStageInfo(log.snapshotAfter)\n const nextStageId = after.stageId\n if (!nextStageId) continue\n\n const stageOrder = stageOrderById.get(nextStageId)\n if (typeof stageOrder !== 'number') {\n previousStageId = nextStageId\n continue\n }\n\n const effectivePreviousStageId: string | null = before.stageId ?? previousStageId\n if (effectivePreviousStageId === nextStageId && transitionsByStageId.has(nextStageId)) {\n previousStageId = nextStageId\n continue\n }\n\n transitionsByStageId.set(nextStageId, {\n stageId: nextStageId,\n stageLabel: after.stageLabel ?? stageLabelById.get(nextStageId) ?? nextStageId,\n stageOrder,\n transitionedAt: log.createdAt.toISOString(),\n })\n previousStageId = nextStageId\n }\n\n return Array.from(transitionsByStageId.values()).sort((left, right) => left.stageOrder - right.stageOrder)\n}\n\nfunction mergeStageTransitions({\n persisted,\n recovered,\n currentStage,\n fallbackTimestamp,\n}: {\n persisted: StageTransitionPayload[]\n recovered: StageTransitionPayload[]\n currentStage: { id: string; label: string; order: number } | null\n fallbackTimestamp: string\n}): StageTransitionPayload[] {\n const merged = new Map<string, StageTransitionPayload>()\n for (const transition of persisted) {\n merged.set(transition.stageId, transition)\n }\n for (const transition of recovered) {\n if (!merged.has(transition.stageId)) {\n merged.set(transition.stageId, transition)\n }\n }\n if (currentStage && !merged.has(currentStage.id)) {\n merged.set(currentStage.id, {\n stageId: currentStage.id,\n stageLabel: currentStage.label,\n stageOrder: currentStage.order,\n transitionedAt: fallbackTimestamp,\n })\n }\n return Array.from(merged.values()).sort((left, right) => left.stageOrder - right.stageOrder)\n}\n\nasync function loadPipelineStageAppearanceMap(\n em: EntityManager,\n stages: CustomerPipelineStage[],\n organizationId: string,\n tenantId: string,\n): Promise<Map<string, CustomerDictionaryEntry>> {\n const normalizedValues = stages\n .map((stage) => stage.label.trim().toLowerCase())\n .filter((value) => value.length > 0)\n if (!normalizedValues.length) return new Map<string, CustomerDictionaryEntry>()\n const entries = await findWithDecryption(\n em,\n CustomerDictionaryEntry,\n {\n organizationId,\n tenantId,\n kind: 'pipeline_stage',\n normalizedValue: { $in: normalizedValues },\n },\n undefined,\n { tenantId, organizationId },\n )\n const map = new Map<string, CustomerDictionaryEntry>()\n entries.forEach((entry) => map.set(entry.normalizedValue, entry))\n return map\n}\n\nasync function resolveEffectivePipelineStage(\n em: EntityManager,\n deal: CustomerDeal,\n decryptionScope: { tenantId: string | null; organizationId: string | null },\n): Promise<CustomerPipelineStage | null> {\n if (deal.pipelineStageId) {\n const exactStage = await findOneWithDecryption(\n em,\n CustomerPipelineStage,\n {\n id: deal.pipelineStageId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n {},\n decryptionScope,\n )\n if (exactStage) return exactStage\n }\n\n const normalizedStageLabel = normalizeStageLabel(deal.pipelineStage)\n if (!normalizedStageLabel) return null\n\n const scopedStages = await findWithDecryption(\n em,\n CustomerPipelineStage,\n {\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n ...(deal.pipelineId ? { pipelineId: deal.pipelineId } : {}),\n },\n { orderBy: { order: 'ASC' } },\n decryptionScope,\n )\n\n const matchingStages = scopedStages.filter((stage) => normalizeStageLabel(stage.label) === normalizedStageLabel)\n if (matchingStages.length === 1) return matchingStages[0] ?? null\n if (matchingStages.length > 1) {\n const distinctPipelineIds = new Set(matchingStages.map((stage) => stage.pipelineId))\n if (distinctPipelineIds.size === 1) return matchingStages[0] ?? null\n }\n return null\n}\n\nexport async function GET(request: Request, context: { params?: Record<string, unknown> }) {\n const parsedParams = paramsSchema.safeParse(context.params)\n if (!parsedParams.success) {\n return notFound('Deal not found')\n }\n\n const includeFlags = readIncludeFlags(request)\n const viewMode = readViewMode(request)\n const liteView = viewMode === 'lite'\n const includeStages = includeFlags.has('stages')\n const container = await createRequestContainer()\n const auth = await getAuthFromRequest(request)\n if (!auth?.sub && !auth?.isApiKey) {\n return NextResponse.json({ error: 'Authentication required' }, { status: 401 })\n }\n\n let rbac: RbacService | null = null\n try {\n rbac = (container.resolve('rbacService') as RbacService)\n } catch {\n rbac = null\n }\n\n if (!rbac || !auth?.sub) {\n return forbidden('Access denied')\n }\n const hasFeature = await rbac.userHasAllFeatures(auth.sub, ['customers.deals.view'], {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n })\n if (!hasFeature) {\n return forbidden('Access denied')\n }\n\n const scope = await resolveOrganizationScopeForRequest({ container, auth, request })\n const em = (container.resolve('em') as EntityManager)\n\n const deal = await findOneWithDecryption(\n em,\n CustomerDeal,\n { id: parsedParams.data.id, deletedAt: null },\n {\n populate: ['people.person', 'people.person.personProfile', 'companies.company', 'companies.company.companyProfile'],\n },\n { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n )\n if (!deal) {\n return notFound('Deal not found')\n }\n\n if (auth.tenantId && deal.tenantId && auth.tenantId !== deal.tenantId) {\n return notFound('Deal not found')\n }\n\n const allowedOrgIds = new Set<string>()\n if (Array.isArray(scope?.filterIds)) {\n scope.filterIds.forEach((id) => {\n if (typeof id === 'string' && id.trim().length) allowedOrgIds.add(id)\n })\n } else if (auth.orgId) {\n allowedOrgIds.add(auth.orgId)\n }\n if (allowedOrgIds.size && deal.organizationId && !allowedOrgIds.has(deal.organizationId)) {\n return forbidden('Access denied')\n }\n\n const decryptionScope = {\n tenantId: deal.tenantId ?? auth.tenantId ?? null,\n organizationId: deal.organizationId ?? auth.orgId ?? null,\n }\n let linkedPersonIds: string[] = []\n let linkedCompanyIds: string[] = []\n let people: DealAssociation[] = []\n let companies: DealAssociation[] = []\n\n if (liteView) {\n const personLinkRows = await findWithDecryption(\n em,\n CustomerDealPersonLink,\n { deal: deal.id },\n { orderBy: { createdAt: 'ASC' } },\n decryptionScope,\n )\n const companyLinkRows = await findWithDecryption(\n em,\n CustomerDealCompanyLink,\n { deal: deal.id },\n { orderBy: { createdAt: 'ASC' } },\n decryptionScope,\n )\n\n linkedPersonIds = Array.from(\n new Set(\n personLinkRows\n .map((link) => {\n const personRef = link.person\n if (!personRef) return null\n if (typeof personRef === 'string') return personRef\n const personIdValue = personRef.id\n return typeof personIdValue === 'string' ? personIdValue : null\n })\n .filter((value): value is string => typeof value === 'string' && value.trim().length > 0),\n ),\n )\n linkedCompanyIds = Array.from(\n new Set(\n companyLinkRows\n .map((link) => {\n const companyRef = link.company\n if (!companyRef) return null\n if (typeof companyRef === 'string') return companyRef\n const companyIdValue = companyRef.id\n return typeof companyIdValue === 'string' ? companyIdValue : null\n })\n .filter((value): value is string => typeof value === 'string' && value.trim().length > 0),\n ),\n )\n\n const previewPeople = linkedPersonIds.length\n ? await findWithDecryption(\n em,\n CustomerEntity,\n { id: { $in: linkedPersonIds.slice(0, 3) } },\n { populate: ['personProfile'] },\n decryptionScope,\n )\n : []\n const previewCompanies = linkedCompanyIds.length\n ? await findWithDecryption(\n em,\n CustomerEntity,\n { id: { $in: linkedCompanyIds.slice(0, 3) } },\n { populate: ['companyProfile'] },\n decryptionScope,\n )\n : []\n const previewPeopleMap = new Map(previewPeople.map((entity) => [entity.id, entity]))\n const previewCompaniesMap = new Map(previewCompanies.map((entity) => [entity.id, entity]))\n people = linkedPersonIds.slice(0, 3).reduce<DealAssociation[]>((acc, personId) => {\n const entity = previewPeopleMap.get(personId) ?? null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizePersonAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'person' })\n return acc\n }, [])\n companies = linkedCompanyIds.slice(0, 3).reduce<DealAssociation[]>((acc, companyId) => {\n const entity = previewCompaniesMap.get(companyId) ?? null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizeCompanyAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'company' })\n return acc\n }, [])\n } else {\n const personLinks = await findWithDecryption(\n em,\n CustomerDealPersonLink,\n { deal: deal.id },\n { populate: ['person', 'person.personProfile'] },\n decryptionScope,\n )\n const companyLinks = await findWithDecryption(\n em,\n CustomerDealCompanyLink,\n { deal: deal.id },\n { populate: ['company', 'company.companyProfile'] },\n decryptionScope,\n )\n const fallbackTenantId = deal.tenantId ?? auth.tenantId ?? null\n const fallbackOrgId = deal.organizationId ?? auth.orgId ?? null\n await decryptEntitiesWithFallbackScope(personLinks, {\n em,\n tenantId: fallbackTenantId,\n organizationId: fallbackOrgId,\n })\n await decryptEntitiesWithFallbackScope(companyLinks, {\n em,\n tenantId: fallbackTenantId,\n organizationId: fallbackOrgId,\n })\n\n people = personLinks.reduce<DealAssociation[]>((acc, link) => {\n const entity = link.person as CustomerEntity | null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizePersonAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'person' })\n return acc\n }, [])\n\n companies = companyLinks.reduce<DealAssociation[]>((acc, link) => {\n const entity = link.company as CustomerEntity | null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizeCompanyAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'company' })\n return acc\n }, [])\n linkedPersonIds = people.map((entry) => entry.id)\n linkedCompanyIds = companies.map((entry) => entry.id)\n }\n\n const customFieldValues = await loadCustomFieldValues({\n em,\n entityId: E.customers.customer_deal,\n recordIds: [deal.id],\n tenantIdByRecord: { [deal.id]: deal.tenantId ?? null },\n organizationIdByRecord: { [deal.id]: deal.organizationId ?? null },\n tenantFallbacks: [deal.tenantId ?? auth.tenantId ?? null].filter((value): value is string => !!value),\n })\n const customFields = normalizeCustomFieldResponse(customFieldValues[deal.id]) ?? {}\n\n const viewerUserId = auth.isApiKey ? null : auth.sub ?? null\n let viewerName: string | null = null\n let viewerEmail: string | null = auth.email ?? null\n if (viewerUserId) {\n const viewerScope = {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n }\n const viewer = await findOneWithDecryption(\n em,\n User,\n { id: viewerUserId, tenantId: auth.tenantId ?? null },\n {},\n viewerScope,\n )\n viewerName = viewer?.name ?? null\n viewerEmail = viewer?.email ?? viewerEmail ?? null\n }\n\n const owner = deal.ownerUserId\n ? await findOneWithDecryption(\n em,\n User,\n { id: deal.ownerUserId, tenantId: deal.tenantId ?? auth.tenantId ?? null },\n {},\n decryptionScope,\n )\n : null\n const ownerPayload = owner\n ? {\n id: owner.id,\n name: owner.name ?? owner.email ?? owner.id,\n email: owner.email ?? '',\n }\n : null\n\n const effectiveStage = includeStages\n ? await resolveEffectivePipelineStage(em, deal, decryptionScope)\n : null\n const effectivePipelineId = deal.pipelineId ?? effectiveStage?.pipelineId ?? null\n const effectivePipelineStageId = deal.pipelineStageId ?? effectiveStage?.id ?? null\n const effectivePipelineStageLabel = deal.pipelineStage ?? effectiveStage?.label ?? null\n\n const pipelineStages = includeStages && effectivePipelineId\n ? await findWithDecryption(\n em,\n CustomerPipelineStage,\n {\n pipelineId: effectivePipelineId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n { orderBy: { order: 'ASC' } },\n decryptionScope,\n )\n : []\n const pipeline = effectivePipelineId\n ? await findOneWithDecryption(\n em,\n CustomerPipeline,\n {\n id: effectivePipelineId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n {},\n decryptionScope,\n )\n : null\n const pipelineStageAppearanceMap = pipelineStages.length\n ? await loadPipelineStageAppearanceMap(em, pipelineStages, deal.organizationId, deal.tenantId)\n : new Map<string, CustomerDictionaryEntry>()\n let stageTransitions: CustomerDealStageTransition[] = []\n if (includeStages) {\n try {\n stageTransitions = await findWithDecryption(\n em,\n CustomerDealStageTransition,\n { deal: deal.id, deletedAt: null },\n { orderBy: { stageOrder: 'ASC', transitionedAt: 'ASC' } },\n decryptionScope,\n )\n } catch (error) {\n if (!isMissingDealStageTransitionTable(error)) {\n throw error\n }\n warnMissingDealStageTransitionTable('customers.api.deals.detail.GET')\n stageTransitions = []\n }\n }\n const persistedStageTransitions = stageTransitions.map((transition) => ({\n stageId: transition.stageId,\n stageLabel: transition.stageLabel,\n stageOrder: transition.stageOrder,\n transitionedAt: transition.transitionedAt.toISOString(),\n }))\n const recoveredStageTransitions = includeStages && persistedStageTransitions.length === 0\n ? await loadAuditStageTransitionsFallback({ container, deal, pipelineStages })\n : []\n const effectiveCurrentStage = (() => {\n if (!effectivePipelineStageId) return null\n const matchingStage = pipelineStages.find((stage) => stage.id === effectivePipelineStageId)\n if (matchingStage) {\n return {\n id: matchingStage.id,\n label: matchingStage.label,\n order: matchingStage.order,\n }\n }\n if (!effectivePipelineStageLabel) return null\n return {\n id: effectivePipelineStageId,\n label: effectivePipelineStageLabel,\n order: 0,\n }\n })()\n const stageTransitionPayload = mergeStageTransitions({\n persisted: persistedStageTransitions,\n recovered: recoveredStageTransitions,\n currentStage: effectiveCurrentStage,\n fallbackTimestamp: deal.createdAt.toISOString(),\n })\n\n return NextResponse.json({\n deal: {\n id: deal.id,\n title: deal.title,\n description: deal.description ?? null,\n status: deal.status ?? null,\n pipelineStage: effectivePipelineStageLabel,\n pipelineId: effectivePipelineId,\n pipelineStageId: effectivePipelineStageId,\n valueAmount: deal.valueAmount ?? null,\n valueCurrency: deal.valueCurrency ?? null,\n probability: deal.probability ?? null,\n expectedCloseAt: deal.expectedCloseAt ? deal.expectedCloseAt.toISOString() : null,\n ownerUserId: deal.ownerUserId ?? null,\n source: deal.source ?? null,\n closureOutcome: deal.closureOutcome ?? null,\n lossReasonId: deal.lossReasonId ?? null,\n lossNotes: deal.lossNotes ?? null,\n organizationId: deal.organizationId ?? null,\n tenantId: deal.tenantId ?? null,\n createdAt: deal.createdAt.toISOString(),\n updatedAt: deal.updatedAt.toISOString(),\n },\n people,\n companies,\n linkedPersonIds,\n linkedCompanyIds,\n counts: {\n people: linkedPersonIds.length,\n companies: linkedCompanyIds.length,\n },\n customFields,\n viewer: {\n userId: viewerUserId,\n name: viewerName,\n email: viewerEmail,\n },\n pipelineStages: pipelineStages.map((stage) => {\n const appearance = pipelineStageAppearanceMap.get(stage.label.trim().toLowerCase())\n return {\n id: stage.id,\n label: stage.label,\n order: stage.order,\n color: appearance?.color ?? null,\n icon: appearance?.icon ?? null,\n }\n }),\n pipelineName: pipeline?.name ?? null,\n stageTransitions: stageTransitionPayload,\n owner: ownerPayload,\n })\n}\n\nconst dealDetailQuerySchema = z.object({\n include: z.string().optional(),\n})\n\nconst pipelineStageInfoSchema = z.object({\n id: z.string().uuid(),\n label: z.string(),\n order: z.number().int(),\n color: z.string().nullable(),\n icon: z.string().nullable(),\n})\n\nconst stageTransitionInfoSchema = z.object({\n stageId: z.string().uuid(),\n stageLabel: z.string(),\n stageOrder: z.number().int(),\n transitionedAt: z.string(),\n})\n\nconst dealDetailResponseSchema = z.object({\n deal: z.object({\n id: z.string().uuid(),\n title: z.string().nullable().optional(),\n description: z.string().nullable().optional(),\n status: z.string().nullable().optional(),\n pipelineStage: z.string().nullable().optional(),\n pipelineId: z.string().uuid().nullable().optional(),\n pipelineStageId: z.string().uuid().nullable().optional(),\n valueAmount: z.string().nullable().optional(),\n valueCurrency: z.string().nullable().optional(),\n probability: z.number().nullable().optional(),\n expectedCloseAt: z.string().nullable().optional(),\n ownerUserId: z.string().uuid().nullable().optional(),\n source: z.string().nullable().optional(),\n closureOutcome: z.enum(['won', 'lost']).nullable().optional(),\n lossReasonId: z.string().uuid().nullable().optional(),\n lossNotes: z.string().nullable().optional(),\n organizationId: z.string().uuid().nullable().optional(),\n tenantId: z.string().uuid().nullable().optional(),\n createdAt: z.string(),\n updatedAt: z.string(),\n }),\n people: z.array(\n z.object({\n id: z.string().uuid(),\n label: z.string(),\n subtitle: z.string().nullable().optional(),\n kind: z.literal('person'),\n }),\n ),\n companies: z.array(\n z.object({\n id: z.string().uuid(),\n label: z.string(),\n subtitle: z.string().nullable().optional(),\n kind: z.literal('company'),\n }),\n ),\n customFields: z.record(z.string(), z.unknown()),\n viewer: z.object({\n userId: z.string().uuid().nullable(),\n name: z.string().nullable(),\n email: z.string().nullable(),\n }),\n pipelineStages: z.array(pipelineStageInfoSchema),\n stageTransitions: z.array(stageTransitionInfoSchema),\n owner: z.object({\n id: z.string().uuid(),\n name: z.string(),\n email: z.string(),\n }).nullable(),\n})\n\nconst dealDetailErrorSchema = z.object({\n error: z.string(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'Customers',\n summary: 'Fetch deal detail',\n methods: {\n GET: {\n summary: 'Fetch deal with associations and pipeline context',\n description: 'Returns a deal with linked people, companies, closure fields, optional pipeline history, custom fields, and viewer context.',\n query: dealDetailQuerySchema,\n responses: [\n { status: 200, description: 'Deal detail payload', schema: dealDetailResponseSchema },\n ],\n errors: [\n { status: 401, description: 'Unauthorized', schema: dealDetailErrorSchema },\n { status: 403, description: 'Forbidden for tenant/organization scope', schema: dealDetailErrorSchema },\n { status: 404, description: 'Deal not found', schema: dealDetailErrorSchema },\n ],\n },\n },\n}\n"],
5
- "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AAEnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,YAAY;AAErB,SAAS,6BAA6B;AACtC,SAAS,oCAAoC;AAC7C,SAAS,SAAS;AAGlB,SAAS,oBAAoB,6BAA6B;AAC1D,SAAS,wCAAwC;AACjD,SAAS,mCAAmC,2CAA2C;AAEhF,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,sBAAsB,EAAE;AACtE;AAEA,MAAM,eAAe,EAAE,OAAO;AAAA,EAC5B,IAAI,EAAE,OAAO,EAAE,KAAK;AACtB,CAAC;AAED,SAAS,SAAS,SAAiB;AACjC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AAEA,SAAS,UAAU,SAAiB;AAClC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AASA,SAAS,2BAA2B,QAAoE;AACtG,QAAM,cAAc,OAAO,OAAO,gBAAgB,WAAW,OAAO,YAAY,KAAK,IAAI;AACzF,QAAM,QACJ,OAAO,OAAO,iBAAiB,YAAY,OAAO,aAAa,KAAK,EAAE,SAClE,OAAO,aAAa,KAAK,IACzB;AACN,QAAM,QACJ,OAAO,OAAO,iBAAiB,YAAY,OAAO,aAAa,KAAK,EAAE,SAClE,OAAO,aAAa,KAAK,IACzB;AACN,QAAM,WACJ,OAAO,iBACP,OAAQ,OAAO,eAAgD,aAAa,YAC3E,OAAO,cAA+C,UAAU,KAAK,EAAE,SAClE,OAAO,cAA+C,SAAoB,KAAK,IACjF;AACN,QAAM,WAAW,YAAY,SAAS,SAAS;AAC/C,QAAM,QAAQ,YAAY,SAAS,cAAc,SAAS,SAAS,OAAO;AAC1E,SAAO,EAAE,OAAO,SAAS;AAC3B;AAEA,SAAS,4BAA4B,QAAoE;AACvG,QAAM,cAAc,OAAO,OAAO,gBAAgB,WAAW,OAAO,YAAY,KAAK,IAAI;AACzF,QAAM,SACJ,OAAO,kBACP,OAAQ,OAAO,gBAA+C,WAAW,YACxE,OAAO,eAA8C,QAAQ,KAAK,EAAE,SAC/D,OAAO,eAA8C,OAAkB,KAAK,IAC9E;AACN,QAAM,UACJ,OAAO,kBACP,OAAQ,OAAO,gBAAmD,eAAe,YAChF,OAAO,eAAkD,YAAY,KAAK,EAAE,SACvE,OAAO,eAAkD,WAAsB,KAAK,IACtF;AACN,QAAM,WAAW,UAAU,WAAW;AACtC,QAAM,QAAQ,YAAY,SAAS,cAAc,UAAU,WAAW,OAAO;AAC7E,SAAO,EAAE,OAAO,SAAS;AAC3B;AAEA,SAAS,iBAAiB,SAA+B;AACvD,QAAM,QAAQ,oBAAI,IAAY;AAC9B,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,aAAW,YAAY,IAAI,aAAa,OAAO,SAAS,GAAG;AACzD,aACG,MAAM,GAAG,EACT,IAAI,CAAC,UAAU,MAAM,KAAK,EAAE,YAAY,CAAC,EACzC,OAAO,OAAO,EACd,QAAQ,CAAC,UAAU,MAAM,IAAI,KAAK,CAAC;AAAA,EACxC;AACA,SAAO;AACT;AAEA,SAAS,aAAa,SAAmC;AACvD,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,MAAM;AACxD,SAAO,QAAQ,UAAU,QAAQ,gBAAgB,SAAS;AAC5D;AAEA,SAAS,oBAAoB,OAA0C;AACrE,SAAO,OAAO,UAAU,WAAW,MAAM,KAAK,EAAE,YAAY,IAAI;AAClE;AAeA,SAAS,SAAS,OAAgD;AAChE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK,IACtE,QACA;AACN;AAEA,SAAS,iBAAiB,WAA2C,MAA+B;AAClG,MAAI,CAAC,OAAQ,QAAO;AACpB,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,OAAO,GAAG;AACxB,QAAI,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,GAAG;AACxD,aAAO,MAAM,KAAK;AAAA,IACpB;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,uBAAuB,UAAmD;AACjF,QAAM,OAAO,SAAS,QAAQ;AAC9B,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,SAAS,KAAK,IAAI,KAAK;AAChC;AAEA,SAAS,sBAAsB,UAA0C;AACvE,QAAM,aAAa,uBAAuB,QAAQ;AAClD,SAAO;AAAA,IACL,YAAY,iBAAiB,YAAY,cAAc,aAAa;AAAA,IACpE,SAAS,iBAAiB,YAAY,mBAAmB,mBAAmB;AAAA,IAC5E,YAAY,iBAAiB,YAAY,iBAAiB,gBAAgB;AAAA,EAC5E;AACF;AAEA,eAAe,kCAAkC;AAAA,EAC/C;AAAA,EACA;AAAA,EACA;AACF,GAIsC;AACpC,MAAI,CAAC,KAAK,YAAY,CAAC,KAAK,kBAAkB,CAAC,eAAe,OAAQ,QAAO,CAAC;AAE9E,MAAI,aAAsC;AAC1C,MAAI;AACF,iBAAa,UAAU,QAAQ,kBAAkB;AAAA,EACnD,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACA,MAAI,CAAC,cAAc,OAAO,WAAW,SAAS,WAAY,QAAO,CAAC;AAClE,QAAM,iBAAiB,IAAI,IAAI,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,KAAK,CAAC,CAAC;AACrF,QAAM,iBAAiB,IAAI,IAAI,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,KAAK,CAAC,CAAC;AACrF,QAAM,uBAAuB,oBAAI,IAAoC;AACrE,QAAM,aAAa,MAAM,WAAW,KAAK;AAAA,IACvC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,cAAc;AAAA,IACd,YAAY,KAAK;AAAA,IACjB,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC,EAAE,MAAM,MAAM,IAAI;AACnB,QAAM,OAAO,YAAY,SAAS,CAAC;AAEnC,MAAI,kBAAiC;AACrC,aAAW,OAAO,MAAM;AACtB,QAAI,IAAI,mBAAmB,YAAY,IAAI,mBAAmB,SAAU;AAExE,UAAM,SAAS,sBAAsB,IAAI,cAAc;AACvD,UAAM,QAAQ,sBAAsB,IAAI,aAAa;AACrD,UAAM,cAAc,MAAM;AAC1B,QAAI,CAAC,YAAa;AAElB,UAAM,aAAa,eAAe,IAAI,WAAW;AACjD,QAAI,OAAO,eAAe,UAAU;AAClC,wBAAkB;AAClB;AAAA,IACF;AAEA,UAAM,2BAA0C,OAAO,WAAW;AAClE,QAAI,6BAA6B,eAAe,qBAAqB,IAAI,WAAW,GAAG;AACrF,wBAAkB;AAClB;AAAA,IACF;AAEA,yBAAqB,IAAI,aAAa;AAAA,MACpC,SAAS;AAAA,MACT,YAAY,MAAM,cAAc,eAAe,IAAI,WAAW,KAAK;AAAA,MACnE;AAAA,MACA,gBAAgB,IAAI,UAAU,YAAY;AAAA,IAC5C,CAAC;AACD,sBAAkB;AAAA,EACpB;AAEA,SAAO,MAAM,KAAK,qBAAqB,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,aAAa,MAAM,UAAU;AAC3G;AAEA,SAAS,sBAAsB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAK6B;AAC3B,QAAM,SAAS,oBAAI,IAAoC;AACvD,aAAW,cAAc,WAAW;AAClC,WAAO,IAAI,WAAW,SAAS,UAAU;AAAA,EAC3C;AACA,aAAW,cAAc,WAAW;AAClC,QAAI,CAAC,OAAO,IAAI,WAAW,OAAO,GAAG;AACnC,aAAO,IAAI,WAAW,SAAS,UAAU;AAAA,IAC3C;AAAA,EACF;AACA,MAAI,gBAAgB,CAAC,OAAO,IAAI,aAAa,EAAE,GAAG;AAChD,WAAO,IAAI,aAAa,IAAI;AAAA,MAC1B,SAAS,aAAa;AAAA,MACtB,YAAY,aAAa;AAAA,MACzB,YAAY,aAAa;AAAA,MACzB,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACA,SAAO,MAAM,KAAK,OAAO,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,aAAa,MAAM,UAAU;AAC7F;AAEA,eAAe,+BACb,IACA,QACA,gBACA,UAC+C;AAC/C,QAAM,mBAAmB,OACtB,IAAI,CAAC,UAAU,MAAM,MAAM,KAAK,EAAE,YAAY,CAAC,EAC/C,OAAO,CAAC,UAAU,MAAM,SAAS,CAAC;AACrC,MAAI,CAAC,iBAAiB,OAAQ,QAAO,oBAAI,IAAqC;AAC9E,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN,iBAAiB,EAAE,KAAK,iBAAiB;AAAA,IAC3C;AAAA,IACA;AAAA,IACA,EAAE,UAAU,eAAe;AAAA,EAC7B;AACA,QAAM,MAAM,oBAAI,IAAqC;AACrD,UAAQ,QAAQ,CAAC,UAAU,IAAI,IAAI,MAAM,iBAAiB,KAAK,CAAC;AAChE,SAAO;AACT;AAEA,eAAe,8BACb,IACA,MACA,iBACuC;AACvC,MAAI,KAAK,iBAAiB;AACxB,UAAM,aAAa,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,gBAAgB,KAAK;AAAA,QACrB,UAAU,KAAK;AAAA,MACjB;AAAA,MACA,CAAC;AAAA,MACD;AAAA,IACF;AACA,QAAI,WAAY,QAAO;AAAA,EACzB;AAEA,QAAM,uBAAuB,oBAAoB,KAAK,aAAa;AACnE,MAAI,CAAC,qBAAsB,QAAO;AAElC,QAAM,eAAe,MAAM;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,MACE,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,MACf,GAAI,KAAK,aAAa,EAAE,YAAY,KAAK,WAAW,IAAI,CAAC;AAAA,IAC3D;AAAA,IACA,EAAE,SAAS,EAAE,OAAO,MAAM,EAAE;AAAA,IAC5B;AAAA,EACF;AAEA,QAAM,iBAAiB,aAAa,OAAO,CAAC,UAAU,oBAAoB,MAAM,KAAK,MAAM,oBAAoB;AAC/G,MAAI,eAAe,WAAW,EAAG,QAAO,eAAe,CAAC,KAAK;AAC7D,MAAI,eAAe,SAAS,GAAG;AAC7B,UAAM,sBAAsB,IAAI,IAAI,eAAe,IAAI,CAAC,UAAU,MAAM,UAAU,CAAC;AACnF,QAAI,oBAAoB,SAAS,EAAG,QAAO,eAAe,CAAC,KAAK;AAAA,EAClE;AACA,SAAO;AACT;AAEA,eAAsB,IAAI,SAAkB,SAA+C;AACzF,QAAM,eAAe,aAAa,UAAU,QAAQ,MAAM;AAC1D,MAAI,CAAC,aAAa,SAAS;AACzB,WAAO,SAAS,gBAAgB;AAAA,EAClC;AAEA,QAAM,eAAe,iBAAiB,OAAO;AAC7C,QAAM,WAAW,aAAa,OAAO;AACrC,QAAM,WAAW,aAAa;AAC9B,QAAM,gBAAgB,aAAa,IAAI,QAAQ;AAC/C,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,MAAM,mBAAmB,OAAO;AAC7C,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChF;AAEA,MAAI,OAA2B;AAC/B,MAAI;AACF,WAAQ,UAAU,QAAQ,aAAa;AAAA,EACzC,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,CAAC,MAAM,KAAK;AACvB,WAAO,UAAU,eAAe;AAAA,EAClC;AACA,QAAM,aAAa,MAAM,KAAK,mBAAmB,KAAK,KAAK,CAAC,sBAAsB,GAAG;AAAA,IACnF,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,EAChC,CAAC;AACD,MAAI,CAAC,YAAY;AACf,WAAO,UAAU,eAAe;AAAA,EAClC;AAEA,QAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,QAAQ,CAAC;AACnF,QAAM,KAAM,UAAU,QAAQ,IAAI;AAElC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,aAAa,KAAK,IAAI,WAAW,KAAK;AAAA,IAC5C;AAAA,MACE,UAAU,CAAC,iBAAiB,+BAA+B,qBAAqB,kCAAkC;AAAA,IACpH;AAAA,IACA,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE;AACA,MAAI,CAAC,MAAM;AACT,WAAO,SAAS,gBAAgB;AAAA,EAClC;AAEA,MAAI,KAAK,YAAY,KAAK,YAAY,KAAK,aAAa,KAAK,UAAU;AACrE,WAAO,SAAS,gBAAgB;AAAA,EAClC;AAEA,QAAM,gBAAgB,oBAAI,IAAY;AACtC,MAAI,MAAM,QAAQ,OAAO,SAAS,GAAG;AACnC,UAAM,UAAU,QAAQ,CAAC,OAAO;AAC9B,UAAI,OAAO,OAAO,YAAY,GAAG,KAAK,EAAE,OAAQ,eAAc,IAAI,EAAE;AAAA,IACtE,CAAC;AAAA,EACH,WAAW,KAAK,OAAO;AACrB,kBAAc,IAAI,KAAK,KAAK;AAAA,EAC9B;AACA,MAAI,cAAc,QAAQ,KAAK,kBAAkB,CAAC,cAAc,IAAI,KAAK,cAAc,GAAG;AACxF,WAAO,UAAU,eAAe;AAAA,EAClC;AAEA,QAAM,kBAAkB;AAAA,IACtB,UAAU,KAAK,YAAY,KAAK,YAAY;AAAA,IAC5C,gBAAgB,KAAK,kBAAkB,KAAK,SAAS;AAAA,EACvD;AACA,MAAI,kBAA4B,CAAC;AACjC,MAAI,mBAA6B,CAAC;AAClC,MAAI,SAA4B,CAAC;AACjC,MAAI,YAA+B,CAAC;AAEpC,MAAI,UAAU;AACZ,UAAM,iBAAiB,MAAM;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,SAAS,EAAE,WAAW,MAAM,EAAE;AAAA,MAChC;AAAA,IACF;AACA,UAAM,kBAAkB,MAAM;AAAA,MAC5B;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,SAAS,EAAE,WAAW,MAAM,EAAE;AAAA,MAChC;AAAA,IACF;AAEA,sBAAkB,MAAM;AAAA,MACtB,IAAI;AAAA,QACF,eACG,IAAI,CAAC,SAAS;AACb,gBAAM,YAAY,KAAK;AACvB,cAAI,CAAC,UAAW,QAAO;AACvB,cAAI,OAAO,cAAc,SAAU,QAAO;AAC1C,gBAAM,gBAAgB,UAAU;AAChC,iBAAO,OAAO,kBAAkB,WAAW,gBAAgB;AAAA,QAC7D,CAAC,EACA,OAAO,CAAC,UAA2B,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,CAAC;AAAA,MAC5F;AAAA,IACF;AACA,uBAAmB,MAAM;AAAA,MACvB,IAAI;AAAA,QACF,gBACG,IAAI,CAAC,SAAS;AACb,gBAAM,aAAa,KAAK;AACxB,cAAI,CAAC,WAAY,QAAO;AACxB,cAAI,OAAO,eAAe,SAAU,QAAO;AAC3C,gBAAM,iBAAiB,WAAW;AAClC,iBAAO,OAAO,mBAAmB,WAAW,iBAAiB;AAAA,QAC/D,CAAC,EACA,OAAO,CAAC,UAA2B,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,CAAC;AAAA,MAC5F;AAAA,IACF;AAEA,UAAM,gBAAgB,gBAAgB,SAClC,MAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,gBAAgB,MAAM,GAAG,CAAC,EAAE,EAAE;AAAA,MAC3C,EAAE,UAAU,CAAC,eAAe,EAAE;AAAA,MAC9B;AAAA,IACF,IACA,CAAC;AACL,UAAM,mBAAmB,iBAAiB,SACtC,MAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,iBAAiB,MAAM,GAAG,CAAC,EAAE,EAAE;AAAA,MAC5C,EAAE,UAAU,CAAC,gBAAgB,EAAE;AAAA,MAC/B;AAAA,IACF,IACA,CAAC;AACL,UAAM,mBAAmB,IAAI,IAAI,cAAc,IAAI,CAAC,WAAW,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC;AACnF,UAAM,sBAAsB,IAAI,IAAI,iBAAiB,IAAI,CAAC,WAAW,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC;AACzF,aAAS,gBAAgB,MAAM,GAAG,CAAC,EAAE,OAA0B,CAAC,KAAK,aAAa;AAChF,YAAM,SAAS,iBAAiB,IAAI,QAAQ,KAAK;AACjD,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,2BAA2B,MAAM;AAC7D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,SAAS,CAAC;AAC3D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AACL,gBAAY,iBAAiB,MAAM,GAAG,CAAC,EAAE,OAA0B,CAAC,KAAK,cAAc;AACrF,YAAM,SAAS,oBAAoB,IAAI,SAAS,KAAK;AACrD,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,4BAA4B,MAAM;AAC9D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,UAAU,CAAC;AAC5D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP,OAAO;AACL,UAAM,cAAc,MAAM;AAAA,MACxB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,UAAU,CAAC,UAAU,sBAAsB,EAAE;AAAA,MAC/C;AAAA,IACF;AACA,UAAM,eAAe,MAAM;AAAA,MACzB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,UAAU,CAAC,WAAW,wBAAwB,EAAE;AAAA,MAClD;AAAA,IACF;AACA,UAAM,mBAAmB,KAAK,YAAY,KAAK,YAAY;AAC3D,UAAM,gBAAgB,KAAK,kBAAkB,KAAK,SAAS;AAC3D,UAAM,iCAAiC,aAAa;AAAA,MAClD;AAAA,MACA,UAAU;AAAA,MACV,gBAAgB;AAAA,IAClB,CAAC;AACD,UAAM,iCAAiC,cAAc;AAAA,MACnD;AAAA,MACA,UAAU;AAAA,MACV,gBAAgB;AAAA,IAClB,CAAC;AAED,aAAS,YAAY,OAA0B,CAAC,KAAK,SAAS;AAC5D,YAAM,SAAS,KAAK;AACpB,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,2BAA2B,MAAM;AAC7D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,SAAS,CAAC;AAC3D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAEL,gBAAY,aAAa,OAA0B,CAAC,KAAK,SAAS;AAChE,YAAM,SAAS,KAAK;AACpB,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,4BAA4B,MAAM;AAC9D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,UAAU,CAAC;AAC5D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AACL,sBAAkB,OAAO,IAAI,CAAC,UAAU,MAAM,EAAE;AAChD,uBAAmB,UAAU,IAAI,CAAC,UAAU,MAAM,EAAE;AAAA,EACtD;AAEA,QAAM,oBAAoB,MAAM,sBAAsB;AAAA,IACpD;AAAA,IACA,UAAU,EAAE,UAAU;AAAA,IACtB,WAAW,CAAC,KAAK,EAAE;AAAA,IACnB,kBAAkB,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,YAAY,KAAK;AAAA,IACrD,wBAAwB,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,kBAAkB,KAAK;AAAA,IACjE,iBAAiB,CAAC,KAAK,YAAY,KAAK,YAAY,IAAI,EAAE,OAAO,CAAC,UAA2B,CAAC,CAAC,KAAK;AAAA,EACtG,CAAC;AACD,QAAM,eAAe,6BAA6B,kBAAkB,KAAK,EAAE,CAAC,KAAK,CAAC;AAElF,QAAM,eAAe,KAAK,WAAW,OAAO,KAAK,OAAO;AACxD,MAAI,aAA4B;AAChC,MAAI,cAA6B,KAAK,SAAS;AAC/C,MAAI,cAAc;AAChB,UAAM,cAAc;AAAA,MAClB,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,SAAS;AAAA,IAChC;AACA,UAAM,SAAS,MAAM;AAAA,MACnB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,cAAc,UAAU,KAAK,YAAY,KAAK;AAAA,MACpD,CAAC;AAAA,MACD;AAAA,IACF;AACA,iBAAa,QAAQ,QAAQ;AAC7B,kBAAc,QAAQ,SAAS,eAAe;AAAA,EAChD;AAEA,QAAM,QAAQ,KAAK,cACf,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA,EAAE,IAAI,KAAK,aAAa,UAAU,KAAK,YAAY,KAAK,YAAY,KAAK;AAAA,IACzE,CAAC;AAAA,IACD;AAAA,EACF,IACE;AACJ,QAAM,eAAe,QACjB;AAAA,IACA,IAAI,MAAM;AAAA,IACV,MAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,IACzC,OAAO,MAAM,SAAS;AAAA,EACxB,IACE;AAEJ,QAAM,iBAAiB,gBACnB,MAAM,8BAA8B,IAAI,MAAM,eAAe,IAC7D;AACJ,QAAM,sBAAsB,KAAK,cAAc,gBAAgB,cAAc;AAC7E,QAAM,2BAA2B,KAAK,mBAAmB,gBAAgB,MAAM;AAC/E,QAAM,8BAA8B,KAAK,iBAAiB,gBAAgB,SAAS;AAEnF,QAAM,iBAAiB,iBAAiB,sBACpC,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,MACE,YAAY;AAAA,MACZ,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,IACjB;AAAA,IACA,EAAE,SAAS,EAAE,OAAO,MAAM,EAAE;AAAA,IAC5B;AAAA,EACF,IACE,CAAC;AACL,QAAM,WAAW,sBACb,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,IACjB;AAAA,IACA,CAAC;AAAA,IACD;AAAA,EACF,IACE;AACJ,QAAM,6BAA6B,eAAe,SAC9C,MAAM,+BAA+B,IAAI,gBAAgB,KAAK,gBAAgB,KAAK,QAAQ,IAC3F,oBAAI,IAAqC;AAC7C,MAAI,mBAAkD,CAAC;AACvD,MAAI,eAAe;AACjB,QAAI;AACF,yBAAmB,MAAM;AAAA,QACvB;AAAA,QACA;AAAA,QACA,EAAE,MAAM,KAAK,IAAI,WAAW,KAAK;AAAA,QACjC,EAAE,SAAS,EAAE,YAAY,OAAO,gBAAgB,MAAM,EAAE;AAAA,QACxD;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,CAAC,kCAAkC,KAAK,GAAG;AAC7C,cAAM;AAAA,MACR;AACA,0CAAoC,gCAAgC;AACpE,yBAAmB,CAAC;AAAA,IACtB;AAAA,EACF;AACA,QAAM,4BAA4B,iBAAiB,IAAI,CAAC,gBAAgB;AAAA,IACtE,SAAS,WAAW;AAAA,IACpB,YAAY,WAAW;AAAA,IACvB,YAAY,WAAW;AAAA,IACvB,gBAAgB,WAAW,eAAe,YAAY;AAAA,EACxD,EAAE;AACF,QAAM,4BAA4B,iBAAiB,0BAA0B,WAAW,IACpF,MAAM,kCAAkC,EAAE,WAAW,MAAM,eAAe,CAAC,IAC3E,CAAC;AACL,QAAM,yBAAyB,MAAM;AACnC,QAAI,CAAC,yBAA0B,QAAO;AACtC,UAAM,gBAAgB,eAAe,KAAK,CAAC,UAAU,MAAM,OAAO,wBAAwB;AAC1F,QAAI,eAAe;AACjB,aAAO;AAAA,QACL,IAAI,cAAc;AAAA,QAClB,OAAO,cAAc;AAAA,QACrB,OAAO,cAAc;AAAA,MACvB;AAAA,IACF;AACA,QAAI,CAAC,4BAA6B,QAAO;AACzC,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF,GAAG;AACH,QAAM,yBAAyB,sBAAsB;AAAA,IACnD,WAAW;AAAA,IACX,WAAW;AAAA,IACX,cAAc;AAAA,IACd,mBAAmB,KAAK,UAAU,YAAY;AAAA,EAChD,CAAC;AAED,SAAO,aAAa,KAAK;AAAA,IACvB,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK,eAAe;AAAA,MACjC,QAAQ,KAAK,UAAU;AAAA,MACvB,eAAe;AAAA,MACf,YAAY;AAAA,MACZ,iBAAiB;AAAA,MACjB,aAAa,KAAK,eAAe;AAAA,MACjC,eAAe,KAAK,iBAAiB;AAAA,MACrC,aAAa,KAAK,eAAe;AAAA,MACjC,iBAAiB,KAAK,kBAAkB,KAAK,gBAAgB,YAAY,IAAI;AAAA,MAC7E,aAAa,KAAK,eAAe;AAAA,MACjC,QAAQ,KAAK,UAAU;AAAA,MACvB,gBAAgB,KAAK,kBAAkB;AAAA,MACvC,cAAc,KAAK,gBAAgB;AAAA,MACnC,WAAW,KAAK,aAAa;AAAA,MAC7B,gBAAgB,KAAK,kBAAkB;AAAA,MACvC,UAAU,KAAK,YAAY;AAAA,MAC3B,WAAW,KAAK,UAAU,YAAY;AAAA,MACtC,WAAW,KAAK,UAAU,YAAY;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,MACN,QAAQ,gBAAgB;AAAA,MACxB,WAAW,iBAAiB;AAAA,IAC9B;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,MACN,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,IACA,gBAAgB,eAAe,IAAI,CAAC,UAAU;AAC5C,YAAM,aAAa,2BAA2B,IAAI,MAAM,MAAM,KAAK,EAAE,YAAY,CAAC;AAClF,aAAO;AAAA,QACL,IAAI,MAAM;AAAA,QACV,OAAO,MAAM;AAAA,QACb,OAAO,MAAM;AAAA,QACb,OAAO,YAAY,SAAS;AAAA,QAC5B,MAAM,YAAY,QAAQ;AAAA,MAC5B;AAAA,IACF,CAAC;AAAA,IACD,cAAc,UAAU,QAAQ;AAAA,IAChC,kBAAkB;AAAA,IAClB,OAAO;AAAA,EACT,CAAC;AACH;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,OAAO,EAAE,SAAS;AAC/B,CAAC;AAED,MAAM,0BAA0B,EAAE,OAAO;AAAA,EACvC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,OAAO,EAAE,OAAO,EAAE,IAAI;AAAA,EACtB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAED,MAAM,4BAA4B,EAAE,OAAO;AAAA,EACzC,SAAS,EAAE,OAAO,EAAE,KAAK;AAAA,EACzB,YAAY,EAAE,OAAO;AAAA,EACrB,YAAY,EAAE,OAAO,EAAE,IAAI;AAAA,EAC3B,gBAAgB,EAAE,OAAO;AAC3B,CAAC;AAED,MAAM,2BAA2B,EAAE,OAAO;AAAA,EACxC,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACtC,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5C,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACvC,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9C,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IAClD,iBAAiB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACvD,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5C,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5C,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,aAAa,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACnD,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACvC,gBAAgB,EAAE,KAAK,CAAC,OAAO,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5D,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,WAAW,EAAE,OAAO;AAAA,IACpB,WAAW,EAAE,OAAO;AAAA,EACtB,CAAC;AAAA,EACD,QAAQ,EAAE;AAAA,IACR,EAAE,OAAO;AAAA,MACP,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,MACpB,OAAO,EAAE,OAAO;AAAA,MAChB,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,MACzC,MAAM,EAAE,QAAQ,QAAQ;AAAA,IAC1B,CAAC;AAAA,EACH;AAAA,EACA,WAAW,EAAE;AAAA,IACX,EAAE,OAAO;AAAA,MACP,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,MACpB,OAAO,EAAE,OAAO;AAAA,MAChB,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,MACzC,MAAM,EAAE,QAAQ,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA,EACA,cAAc,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC;AAAA,EAC9C,QAAQ,EAAE,OAAO;AAAA,IACf,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IACnC,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,IAC1B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC;AAAA,EACD,gBAAgB,EAAE,MAAM,uBAAuB;AAAA,EAC/C,kBAAkB,EAAE,MAAM,yBAAyB;AAAA,EACnD,OAAO,EAAE,OAAO;AAAA,IACd,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,MAAM,EAAE,OAAO;AAAA,IACf,OAAO,EAAE,OAAO;AAAA,EAClB,CAAC,EAAE,SAAS;AACd,CAAC;AAED,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,OAAO,EAAE,OAAO;AAClB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,yBAAyB;AAAA,MACtF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,2CAA2C,QAAQ,sBAAsB;AAAA,QACrG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,sBAAsB;AAAA,MAC9E;AAAA,IACF;AAAA,EACF;AACF;",
4
+ "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport {\n CustomerDeal,\n CustomerDealPersonLink,\n CustomerDealCompanyLink,\n CustomerDealStageTransition,\n CustomerDictionaryEntry,\n CustomerEntity,\n CustomerPipeline,\n CustomerPipelineStage,\n} from '../../../data/entities'\nimport { User } from '@open-mercato/core/modules/auth/data/entities'\nimport type { ActionLogService } from '@open-mercato/core/modules/audit_logs/services/actionLogService'\nimport { loadCustomFieldValues } from '@open-mercato/shared/lib/crud/custom-fields'\nimport { normalizeCustomFieldResponse } from '@open-mercato/shared/lib/custom-fields/normalize'\nimport { E } from '#generated/entities.ids.generated'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { findWithDecryption, findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { isOrganizationReadAccessAllowed } from '@open-mercato/core/modules/directory/utils/organizationScopeGuard'\nimport { decryptEntitiesWithFallbackScope } from '@open-mercato/shared/lib/encryption/subscriber'\nimport { isMissingDealStageTransitionTable, warnMissingDealStageTransitionTable } from '../../../lib/dealStageTransitionTable'\n\nexport const metadata = {\n GET: { requireAuth: true, requireFeatures: ['customers.deals.view'] },\n}\n\nconst paramsSchema = z.object({\n id: z.string().uuid(),\n})\n\nfunction notFound(message: string) {\n return NextResponse.json({ error: message }, { status: 404 })\n}\n\nfunction forbidden(message: string) {\n return NextResponse.json({ error: message }, { status: 403 })\n}\n\ntype DealAssociation = {\n id: string\n label: string\n subtitle: string | null\n kind: 'person' | 'company'\n}\n\nfunction normalizePersonAssociation(entity: CustomerEntity): { label: string; subtitle: string | null } {\n const displayName = typeof entity.displayName === 'string' ? entity.displayName.trim() : ''\n const email =\n typeof entity.primaryEmail === 'string' && entity.primaryEmail.trim().length\n ? entity.primaryEmail.trim()\n : null\n const phone =\n typeof entity.primaryPhone === 'string' && entity.primaryPhone.trim().length\n ? entity.primaryPhone.trim()\n : null\n const jobTitle =\n entity.personProfile &&\n typeof (entity.personProfile as { jobTitle?: string | null })?.jobTitle === 'string' &&\n (entity.personProfile as { jobTitle?: string | null }).jobTitle?.trim().length\n ? ((entity.personProfile as { jobTitle?: string | null }).jobTitle as string).trim()\n : null\n const subtitle = jobTitle ?? email ?? phone ?? null\n const label = displayName.length ? displayName : email ?? phone ?? entity.id\n return { label, subtitle }\n}\n\nfunction normalizeCompanyAssociation(entity: CustomerEntity): { label: string; subtitle: string | null } {\n const displayName = typeof entity.displayName === 'string' ? entity.displayName.trim() : ''\n const domain =\n entity.companyProfile &&\n typeof (entity.companyProfile as { domain?: string | null })?.domain === 'string' &&\n (entity.companyProfile as { domain?: string | null }).domain?.trim().length\n ? ((entity.companyProfile as { domain?: string | null }).domain as string).trim()\n : null\n const website =\n entity.companyProfile &&\n typeof (entity.companyProfile as { websiteUrl?: string | null })?.websiteUrl === 'string' &&\n (entity.companyProfile as { websiteUrl?: string | null }).websiteUrl?.trim().length\n ? ((entity.companyProfile as { websiteUrl?: string | null }).websiteUrl as string).trim()\n : null\n const subtitle = domain ?? website ?? null\n const label = displayName.length ? displayName : domain ?? website ?? entity.id\n return { label, subtitle }\n}\n\nfunction readIncludeFlags(request: Request): Set<string> {\n const flags = new Set<string>()\n const url = new URL(request.url)\n for (const rawValue of url.searchParams.getAll('include')) {\n rawValue\n .split(',')\n .map((value) => value.trim().toLowerCase())\n .filter(Boolean)\n .forEach((value) => flags.add(value))\n }\n return flags\n}\n\nfunction readViewMode(request: Request): 'full' | 'lite' {\n const raw = new URL(request.url).searchParams.get('view')\n return raw === 'lite' || raw === 'detail-lite' ? 'lite' : 'full'\n}\n\nfunction normalizeStageLabel(value: string | null | undefined): string {\n return typeof value === 'string' ? value.trim().toLowerCase() : ''\n}\n\ntype StageTransitionPayload = {\n stageId: string\n stageLabel: string\n stageOrder: number\n transitionedAt: string\n}\n\ntype DealSnapshotStageInfo = {\n pipelineId: string | null\n stageId: string | null\n stageLabel: string | null\n}\n\nfunction asObject(value: unknown): Record<string, unknown> | null {\n return typeof value === 'object' && value !== null && !Array.isArray(value)\n ? value as Record<string, unknown>\n : null\n}\n\nfunction readRecordString(record: Record<string, unknown> | null, ...keys: string[]): string | null {\n if (!record) return null\n for (const key of keys) {\n const value = record[key]\n if (typeof value === 'string' && value.trim().length > 0) {\n return value.trim()\n }\n }\n return null\n}\n\nfunction readSnapshotDealRecord(snapshot: unknown): Record<string, unknown> | null {\n const root = asObject(snapshot)\n if (!root) return null\n return asObject(root.deal) ?? root\n}\n\nfunction readSnapshotStageInfo(snapshot: unknown): DealSnapshotStageInfo {\n const dealRecord = readSnapshotDealRecord(snapshot)\n return {\n pipelineId: readRecordString(dealRecord, 'pipelineId', 'pipeline_id'),\n stageId: readRecordString(dealRecord, 'pipelineStageId', 'pipeline_stage_id'),\n stageLabel: readRecordString(dealRecord, 'pipelineStage', 'pipeline_stage'),\n }\n}\n\nasync function loadAuditStageTransitionsFallback({\n container,\n deal,\n pipelineStages,\n}: {\n container: Awaited<ReturnType<typeof createRequestContainer>>\n deal: CustomerDeal\n pipelineStages: CustomerPipelineStage[]\n}): Promise<StageTransitionPayload[]> {\n if (!deal.tenantId || !deal.organizationId || !pipelineStages.length) return []\n\n let actionLogs: ActionLogService | null = null\n try {\n actionLogs = container.resolve('actionLogService') as ActionLogService\n } catch {\n return []\n }\n if (!actionLogs || typeof actionLogs.list !== 'function') return []\n const stageOrderById = new Map(pipelineStages.map((stage) => [stage.id, stage.order]))\n const stageLabelById = new Map(pipelineStages.map((stage) => [stage.id, stage.label]))\n const transitionsByStageId = new Map<string, StageTransitionPayload>()\n const logsResult = await actionLogs.list({\n tenantId: deal.tenantId,\n organizationId: deal.organizationId,\n resourceKind: 'customers.deal',\n resourceId: deal.id,\n limit: 200,\n offset: 0,\n sortField: 'createdAt',\n sortDir: 'asc',\n }).catch(() => null)\n const logs = logsResult?.items ?? []\n\n let previousStageId: string | null = null\n for (const log of logs) {\n if (log.executionState === 'failed' || log.executionState === 'undone') continue\n\n const before = readSnapshotStageInfo(log.snapshotBefore)\n const after = readSnapshotStageInfo(log.snapshotAfter)\n const nextStageId = after.stageId\n if (!nextStageId) continue\n\n const stageOrder = stageOrderById.get(nextStageId)\n if (typeof stageOrder !== 'number') {\n previousStageId = nextStageId\n continue\n }\n\n const effectivePreviousStageId: string | null = before.stageId ?? previousStageId\n if (effectivePreviousStageId === nextStageId && transitionsByStageId.has(nextStageId)) {\n previousStageId = nextStageId\n continue\n }\n\n transitionsByStageId.set(nextStageId, {\n stageId: nextStageId,\n stageLabel: after.stageLabel ?? stageLabelById.get(nextStageId) ?? nextStageId,\n stageOrder,\n transitionedAt: log.createdAt.toISOString(),\n })\n previousStageId = nextStageId\n }\n\n return Array.from(transitionsByStageId.values()).sort((left, right) => left.stageOrder - right.stageOrder)\n}\n\nfunction mergeStageTransitions({\n persisted,\n recovered,\n currentStage,\n fallbackTimestamp,\n}: {\n persisted: StageTransitionPayload[]\n recovered: StageTransitionPayload[]\n currentStage: { id: string; label: string; order: number } | null\n fallbackTimestamp: string\n}): StageTransitionPayload[] {\n const merged = new Map<string, StageTransitionPayload>()\n for (const transition of persisted) {\n merged.set(transition.stageId, transition)\n }\n for (const transition of recovered) {\n if (!merged.has(transition.stageId)) {\n merged.set(transition.stageId, transition)\n }\n }\n if (currentStage && !merged.has(currentStage.id)) {\n merged.set(currentStage.id, {\n stageId: currentStage.id,\n stageLabel: currentStage.label,\n stageOrder: currentStage.order,\n transitionedAt: fallbackTimestamp,\n })\n }\n return Array.from(merged.values()).sort((left, right) => left.stageOrder - right.stageOrder)\n}\n\nasync function loadPipelineStageAppearanceMap(\n em: EntityManager,\n stages: CustomerPipelineStage[],\n organizationId: string,\n tenantId: string,\n): Promise<Map<string, CustomerDictionaryEntry>> {\n const normalizedValues = stages\n .map((stage) => stage.label.trim().toLowerCase())\n .filter((value) => value.length > 0)\n if (!normalizedValues.length) return new Map<string, CustomerDictionaryEntry>()\n const entries = await findWithDecryption(\n em,\n CustomerDictionaryEntry,\n {\n organizationId,\n tenantId,\n kind: 'pipeline_stage',\n normalizedValue: { $in: normalizedValues },\n },\n undefined,\n { tenantId, organizationId },\n )\n const map = new Map<string, CustomerDictionaryEntry>()\n entries.forEach((entry) => map.set(entry.normalizedValue, entry))\n return map\n}\n\nasync function resolveEffectivePipelineStage(\n em: EntityManager,\n deal: CustomerDeal,\n decryptionScope: { tenantId: string | null; organizationId: string | null },\n): Promise<CustomerPipelineStage | null> {\n if (deal.pipelineStageId) {\n const exactStage = await findOneWithDecryption(\n em,\n CustomerPipelineStage,\n {\n id: deal.pipelineStageId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n {},\n decryptionScope,\n )\n if (exactStage) return exactStage\n }\n\n const normalizedStageLabel = normalizeStageLabel(deal.pipelineStage)\n if (!normalizedStageLabel) return null\n\n const scopedStages = await findWithDecryption(\n em,\n CustomerPipelineStage,\n {\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n ...(deal.pipelineId ? { pipelineId: deal.pipelineId } : {}),\n },\n { orderBy: { order: 'ASC' } },\n decryptionScope,\n )\n\n const matchingStages = scopedStages.filter((stage) => normalizeStageLabel(stage.label) === normalizedStageLabel)\n if (matchingStages.length === 1) return matchingStages[0] ?? null\n if (matchingStages.length > 1) {\n const distinctPipelineIds = new Set(matchingStages.map((stage) => stage.pipelineId))\n if (distinctPipelineIds.size === 1) return matchingStages[0] ?? null\n }\n return null\n}\n\nexport async function GET(request: Request, context: { params?: Record<string, unknown> }) {\n const parsedParams = paramsSchema.safeParse(context.params)\n if (!parsedParams.success) {\n return notFound('Deal not found')\n }\n\n const includeFlags = readIncludeFlags(request)\n const viewMode = readViewMode(request)\n const liteView = viewMode === 'lite'\n const includeStages = includeFlags.has('stages')\n const container = await createRequestContainer()\n const auth = await getAuthFromRequest(request)\n if (!auth?.sub && !auth?.isApiKey) {\n return NextResponse.json({ error: 'Authentication required' }, { status: 401 })\n }\n\n let rbac: RbacService | null = null\n try {\n rbac = (container.resolve('rbacService') as RbacService)\n } catch {\n rbac = null\n }\n\n if (!rbac || !auth?.sub) {\n return forbidden('Access denied')\n }\n const hasFeature = await rbac.userHasAllFeatures(auth.sub, ['customers.deals.view'], {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n })\n if (!hasFeature) {\n return forbidden('Access denied')\n }\n\n const scope = await resolveOrganizationScopeForRequest({ container, auth, request })\n const em = (container.resolve('em') as EntityManager)\n\n const deal = await findOneWithDecryption(\n em,\n CustomerDeal,\n { id: parsedParams.data.id, deletedAt: null },\n {\n populate: ['people.person', 'people.person.personProfile', 'companies.company', 'companies.company.companyProfile'],\n },\n { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n )\n if (!deal) {\n return notFound('Deal not found')\n }\n\n if (auth.tenantId && deal.tenantId && auth.tenantId !== deal.tenantId) {\n return notFound('Deal not found')\n }\n\n if (!isOrganizationReadAccessAllowed({ scope, auth, organizationId: deal.organizationId })) {\n return forbidden('Access denied')\n }\n\n const decryptionScope = {\n tenantId: deal.tenantId ?? auth.tenantId ?? null,\n organizationId: deal.organizationId ?? auth.orgId ?? null,\n }\n let linkedPersonIds: string[] = []\n let linkedCompanyIds: string[] = []\n let people: DealAssociation[] = []\n let companies: DealAssociation[] = []\n\n if (liteView) {\n const personLinkRows = await findWithDecryption(\n em,\n CustomerDealPersonLink,\n { deal: deal.id },\n { orderBy: { createdAt: 'ASC' } },\n decryptionScope,\n )\n const companyLinkRows = await findWithDecryption(\n em,\n CustomerDealCompanyLink,\n { deal: deal.id },\n { orderBy: { createdAt: 'ASC' } },\n decryptionScope,\n )\n\n linkedPersonIds = Array.from(\n new Set(\n personLinkRows\n .map((link) => {\n const personRef = link.person\n if (!personRef) return null\n if (typeof personRef === 'string') return personRef\n const personIdValue = personRef.id\n return typeof personIdValue === 'string' ? personIdValue : null\n })\n .filter((value): value is string => typeof value === 'string' && value.trim().length > 0),\n ),\n )\n linkedCompanyIds = Array.from(\n new Set(\n companyLinkRows\n .map((link) => {\n const companyRef = link.company\n if (!companyRef) return null\n if (typeof companyRef === 'string') return companyRef\n const companyIdValue = companyRef.id\n return typeof companyIdValue === 'string' ? companyIdValue : null\n })\n .filter((value): value is string => typeof value === 'string' && value.trim().length > 0),\n ),\n )\n\n const previewPeople = linkedPersonIds.length\n ? await findWithDecryption(\n em,\n CustomerEntity,\n { id: { $in: linkedPersonIds.slice(0, 3) } },\n { populate: ['personProfile'] },\n decryptionScope,\n )\n : []\n const previewCompanies = linkedCompanyIds.length\n ? await findWithDecryption(\n em,\n CustomerEntity,\n { id: { $in: linkedCompanyIds.slice(0, 3) } },\n { populate: ['companyProfile'] },\n decryptionScope,\n )\n : []\n const previewPeopleMap = new Map(previewPeople.map((entity) => [entity.id, entity]))\n const previewCompaniesMap = new Map(previewCompanies.map((entity) => [entity.id, entity]))\n people = linkedPersonIds.slice(0, 3).reduce<DealAssociation[]>((acc, personId) => {\n const entity = previewPeopleMap.get(personId) ?? null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizePersonAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'person' })\n return acc\n }, [])\n companies = linkedCompanyIds.slice(0, 3).reduce<DealAssociation[]>((acc, companyId) => {\n const entity = previewCompaniesMap.get(companyId) ?? null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizeCompanyAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'company' })\n return acc\n }, [])\n } else {\n const personLinks = await findWithDecryption(\n em,\n CustomerDealPersonLink,\n { deal: deal.id },\n { populate: ['person', 'person.personProfile'] },\n decryptionScope,\n )\n const companyLinks = await findWithDecryption(\n em,\n CustomerDealCompanyLink,\n { deal: deal.id },\n { populate: ['company', 'company.companyProfile'] },\n decryptionScope,\n )\n const fallbackTenantId = deal.tenantId ?? auth.tenantId ?? null\n const fallbackOrgId = deal.organizationId ?? auth.orgId ?? null\n await decryptEntitiesWithFallbackScope(personLinks, {\n em,\n tenantId: fallbackTenantId,\n organizationId: fallbackOrgId,\n })\n await decryptEntitiesWithFallbackScope(companyLinks, {\n em,\n tenantId: fallbackTenantId,\n organizationId: fallbackOrgId,\n })\n\n people = personLinks.reduce<DealAssociation[]>((acc, link) => {\n const entity = link.person as CustomerEntity | null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizePersonAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'person' })\n return acc\n }, [])\n\n companies = companyLinks.reduce<DealAssociation[]>((acc, link) => {\n const entity = link.company as CustomerEntity | null\n if (!entity || entity.deletedAt) return acc\n const { label, subtitle } = normalizeCompanyAssociation(entity)\n acc.push({ id: entity.id, label, subtitle, kind: 'company' })\n return acc\n }, [])\n linkedPersonIds = people.map((entry) => entry.id)\n linkedCompanyIds = companies.map((entry) => entry.id)\n }\n\n const customFieldValues = await loadCustomFieldValues({\n em,\n entityId: E.customers.customer_deal,\n recordIds: [deal.id],\n tenantIdByRecord: { [deal.id]: deal.tenantId ?? null },\n organizationIdByRecord: { [deal.id]: deal.organizationId ?? null },\n tenantFallbacks: [deal.tenantId ?? auth.tenantId ?? null].filter((value): value is string => !!value),\n })\n const customFields = normalizeCustomFieldResponse(customFieldValues[deal.id]) ?? {}\n\n const viewerUserId = auth.isApiKey ? null : auth.sub ?? null\n let viewerName: string | null = null\n let viewerEmail: string | null = auth.email ?? null\n if (viewerUserId) {\n const viewerScope = {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n }\n const viewer = await findOneWithDecryption(\n em,\n User,\n { id: viewerUserId, tenantId: auth.tenantId ?? null },\n {},\n viewerScope,\n )\n viewerName = viewer?.name ?? null\n viewerEmail = viewer?.email ?? viewerEmail ?? null\n }\n\n const owner = deal.ownerUserId\n ? await findOneWithDecryption(\n em,\n User,\n { id: deal.ownerUserId, tenantId: deal.tenantId ?? auth.tenantId ?? null },\n {},\n decryptionScope,\n )\n : null\n const ownerPayload = owner\n ? {\n id: owner.id,\n name: owner.name ?? owner.email ?? owner.id,\n email: owner.email ?? '',\n }\n : null\n\n const effectiveStage = includeStages\n ? await resolveEffectivePipelineStage(em, deal, decryptionScope)\n : null\n const effectivePipelineId = deal.pipelineId ?? effectiveStage?.pipelineId ?? null\n const effectivePipelineStageId = deal.pipelineStageId ?? effectiveStage?.id ?? null\n const effectivePipelineStageLabel = deal.pipelineStage ?? effectiveStage?.label ?? null\n\n const pipelineStages = includeStages && effectivePipelineId\n ? await findWithDecryption(\n em,\n CustomerPipelineStage,\n {\n pipelineId: effectivePipelineId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n { orderBy: { order: 'ASC' } },\n decryptionScope,\n )\n : []\n const pipeline = effectivePipelineId\n ? await findOneWithDecryption(\n em,\n CustomerPipeline,\n {\n id: effectivePipelineId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n {},\n decryptionScope,\n )\n : null\n const pipelineStageAppearanceMap = pipelineStages.length\n ? await loadPipelineStageAppearanceMap(em, pipelineStages, deal.organizationId, deal.tenantId)\n : new Map<string, CustomerDictionaryEntry>()\n let stageTransitions: CustomerDealStageTransition[] = []\n if (includeStages) {\n try {\n stageTransitions = await findWithDecryption(\n em,\n CustomerDealStageTransition,\n { deal: deal.id, deletedAt: null },\n { orderBy: { stageOrder: 'ASC', transitionedAt: 'ASC' } },\n decryptionScope,\n )\n } catch (error) {\n if (!isMissingDealStageTransitionTable(error)) {\n throw error\n }\n warnMissingDealStageTransitionTable('customers.api.deals.detail.GET')\n stageTransitions = []\n }\n }\n const persistedStageTransitions = stageTransitions.map((transition) => ({\n stageId: transition.stageId,\n stageLabel: transition.stageLabel,\n stageOrder: transition.stageOrder,\n transitionedAt: transition.transitionedAt.toISOString(),\n }))\n const recoveredStageTransitions = includeStages && persistedStageTransitions.length === 0\n ? await loadAuditStageTransitionsFallback({ container, deal, pipelineStages })\n : []\n const effectiveCurrentStage = (() => {\n if (!effectivePipelineStageId) return null\n const matchingStage = pipelineStages.find((stage) => stage.id === effectivePipelineStageId)\n if (matchingStage) {\n return {\n id: matchingStage.id,\n label: matchingStage.label,\n order: matchingStage.order,\n }\n }\n if (!effectivePipelineStageLabel) return null\n return {\n id: effectivePipelineStageId,\n label: effectivePipelineStageLabel,\n order: 0,\n }\n })()\n const stageTransitionPayload = mergeStageTransitions({\n persisted: persistedStageTransitions,\n recovered: recoveredStageTransitions,\n currentStage: effectiveCurrentStage,\n fallbackTimestamp: deal.createdAt.toISOString(),\n })\n\n return NextResponse.json({\n deal: {\n id: deal.id,\n title: deal.title,\n description: deal.description ?? null,\n status: deal.status ?? null,\n pipelineStage: effectivePipelineStageLabel,\n pipelineId: effectivePipelineId,\n pipelineStageId: effectivePipelineStageId,\n valueAmount: deal.valueAmount ?? null,\n valueCurrency: deal.valueCurrency ?? null,\n probability: deal.probability ?? null,\n expectedCloseAt: deal.expectedCloseAt ? deal.expectedCloseAt.toISOString() : null,\n ownerUserId: deal.ownerUserId ?? null,\n source: deal.source ?? null,\n closureOutcome: deal.closureOutcome ?? null,\n lossReasonId: deal.lossReasonId ?? null,\n lossNotes: deal.lossNotes ?? null,\n organizationId: deal.organizationId ?? null,\n tenantId: deal.tenantId ?? null,\n createdAt: deal.createdAt.toISOString(),\n updatedAt: deal.updatedAt.toISOString(),\n },\n people,\n companies,\n linkedPersonIds,\n linkedCompanyIds,\n counts: {\n people: linkedPersonIds.length,\n companies: linkedCompanyIds.length,\n },\n customFields,\n viewer: {\n userId: viewerUserId,\n name: viewerName,\n email: viewerEmail,\n },\n pipelineStages: pipelineStages.map((stage) => {\n const appearance = pipelineStageAppearanceMap.get(stage.label.trim().toLowerCase())\n return {\n id: stage.id,\n label: stage.label,\n order: stage.order,\n color: appearance?.color ?? null,\n icon: appearance?.icon ?? null,\n }\n }),\n pipelineName: pipeline?.name ?? null,\n stageTransitions: stageTransitionPayload,\n owner: ownerPayload,\n })\n}\n\nconst dealDetailQuerySchema = z.object({\n include: z.string().optional(),\n})\n\nconst pipelineStageInfoSchema = z.object({\n id: z.string().uuid(),\n label: z.string(),\n order: z.number().int(),\n color: z.string().nullable(),\n icon: z.string().nullable(),\n})\n\nconst stageTransitionInfoSchema = z.object({\n stageId: z.string().uuid(),\n stageLabel: z.string(),\n stageOrder: z.number().int(),\n transitionedAt: z.string(),\n})\n\nconst dealDetailResponseSchema = z.object({\n deal: z.object({\n id: z.string().uuid(),\n title: z.string().nullable().optional(),\n description: z.string().nullable().optional(),\n status: z.string().nullable().optional(),\n pipelineStage: z.string().nullable().optional(),\n pipelineId: z.string().uuid().nullable().optional(),\n pipelineStageId: z.string().uuid().nullable().optional(),\n valueAmount: z.string().nullable().optional(),\n valueCurrency: z.string().nullable().optional(),\n probability: z.number().nullable().optional(),\n expectedCloseAt: z.string().nullable().optional(),\n ownerUserId: z.string().uuid().nullable().optional(),\n source: z.string().nullable().optional(),\n closureOutcome: z.enum(['won', 'lost']).nullable().optional(),\n lossReasonId: z.string().uuid().nullable().optional(),\n lossNotes: z.string().nullable().optional(),\n organizationId: z.string().uuid().nullable().optional(),\n tenantId: z.string().uuid().nullable().optional(),\n createdAt: z.string(),\n updatedAt: z.string(),\n }),\n people: z.array(\n z.object({\n id: z.string().uuid(),\n label: z.string(),\n subtitle: z.string().nullable().optional(),\n kind: z.literal('person'),\n }),\n ),\n companies: z.array(\n z.object({\n id: z.string().uuid(),\n label: z.string(),\n subtitle: z.string().nullable().optional(),\n kind: z.literal('company'),\n }),\n ),\n customFields: z.record(z.string(), z.unknown()),\n viewer: z.object({\n userId: z.string().uuid().nullable(),\n name: z.string().nullable(),\n email: z.string().nullable(),\n }),\n pipelineStages: z.array(pipelineStageInfoSchema),\n stageTransitions: z.array(stageTransitionInfoSchema),\n owner: z.object({\n id: z.string().uuid(),\n name: z.string(),\n email: z.string(),\n }).nullable(),\n})\n\nconst dealDetailErrorSchema = z.object({\n error: z.string(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'Customers',\n summary: 'Fetch deal detail',\n methods: {\n GET: {\n summary: 'Fetch deal with associations and pipeline context',\n description: 'Returns a deal with linked people, companies, closure fields, optional pipeline history, custom fields, and viewer context.',\n query: dealDetailQuerySchema,\n responses: [\n { status: 200, description: 'Deal detail payload', schema: dealDetailResponseSchema },\n ],\n errors: [\n { status: 401, description: 'Unauthorized', schema: dealDetailErrorSchema },\n { status: 403, description: 'Forbidden for tenant/organization scope', schema: dealDetailErrorSchema },\n { status: 404, description: 'Deal not found', schema: dealDetailErrorSchema },\n ],\n },\n },\n}\n"],
5
+ "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AAEnD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,YAAY;AAErB,SAAS,6BAA6B;AACtC,SAAS,oCAAoC;AAC7C,SAAS,SAAS;AAGlB,SAAS,oBAAoB,6BAA6B;AAC1D,SAAS,uCAAuC;AAChD,SAAS,wCAAwC;AACjD,SAAS,mCAAmC,2CAA2C;AAEhF,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,sBAAsB,EAAE;AACtE;AAEA,MAAM,eAAe,EAAE,OAAO;AAAA,EAC5B,IAAI,EAAE,OAAO,EAAE,KAAK;AACtB,CAAC;AAED,SAAS,SAAS,SAAiB;AACjC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AAEA,SAAS,UAAU,SAAiB;AAClC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AASA,SAAS,2BAA2B,QAAoE;AACtG,QAAM,cAAc,OAAO,OAAO,gBAAgB,WAAW,OAAO,YAAY,KAAK,IAAI;AACzF,QAAM,QACJ,OAAO,OAAO,iBAAiB,YAAY,OAAO,aAAa,KAAK,EAAE,SAClE,OAAO,aAAa,KAAK,IACzB;AACN,QAAM,QACJ,OAAO,OAAO,iBAAiB,YAAY,OAAO,aAAa,KAAK,EAAE,SAClE,OAAO,aAAa,KAAK,IACzB;AACN,QAAM,WACJ,OAAO,iBACP,OAAQ,OAAO,eAAgD,aAAa,YAC3E,OAAO,cAA+C,UAAU,KAAK,EAAE,SAClE,OAAO,cAA+C,SAAoB,KAAK,IACjF;AACN,QAAM,WAAW,YAAY,SAAS,SAAS;AAC/C,QAAM,QAAQ,YAAY,SAAS,cAAc,SAAS,SAAS,OAAO;AAC1E,SAAO,EAAE,OAAO,SAAS;AAC3B;AAEA,SAAS,4BAA4B,QAAoE;AACvG,QAAM,cAAc,OAAO,OAAO,gBAAgB,WAAW,OAAO,YAAY,KAAK,IAAI;AACzF,QAAM,SACJ,OAAO,kBACP,OAAQ,OAAO,gBAA+C,WAAW,YACxE,OAAO,eAA8C,QAAQ,KAAK,EAAE,SAC/D,OAAO,eAA8C,OAAkB,KAAK,IAC9E;AACN,QAAM,UACJ,OAAO,kBACP,OAAQ,OAAO,gBAAmD,eAAe,YAChF,OAAO,eAAkD,YAAY,KAAK,EAAE,SACvE,OAAO,eAAkD,WAAsB,KAAK,IACtF;AACN,QAAM,WAAW,UAAU,WAAW;AACtC,QAAM,QAAQ,YAAY,SAAS,cAAc,UAAU,WAAW,OAAO;AAC7E,SAAO,EAAE,OAAO,SAAS;AAC3B;AAEA,SAAS,iBAAiB,SAA+B;AACvD,QAAM,QAAQ,oBAAI,IAAY;AAC9B,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,aAAW,YAAY,IAAI,aAAa,OAAO,SAAS,GAAG;AACzD,aACG,MAAM,GAAG,EACT,IAAI,CAAC,UAAU,MAAM,KAAK,EAAE,YAAY,CAAC,EACzC,OAAO,OAAO,EACd,QAAQ,CAAC,UAAU,MAAM,IAAI,KAAK,CAAC;AAAA,EACxC;AACA,SAAO;AACT;AAEA,SAAS,aAAa,SAAmC;AACvD,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,MAAM;AACxD,SAAO,QAAQ,UAAU,QAAQ,gBAAgB,SAAS;AAC5D;AAEA,SAAS,oBAAoB,OAA0C;AACrE,SAAO,OAAO,UAAU,WAAW,MAAM,KAAK,EAAE,YAAY,IAAI;AAClE;AAeA,SAAS,SAAS,OAAgD;AAChE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK,IACtE,QACA;AACN;AAEA,SAAS,iBAAiB,WAA2C,MAA+B;AAClG,MAAI,CAAC,OAAQ,QAAO;AACpB,aAAW,OAAO,MAAM;AACtB,UAAM,QAAQ,OAAO,GAAG;AACxB,QAAI,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,GAAG;AACxD,aAAO,MAAM,KAAK;AAAA,IACpB;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,uBAAuB,UAAmD;AACjF,QAAM,OAAO,SAAS,QAAQ;AAC9B,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,SAAS,KAAK,IAAI,KAAK;AAChC;AAEA,SAAS,sBAAsB,UAA0C;AACvE,QAAM,aAAa,uBAAuB,QAAQ;AAClD,SAAO;AAAA,IACL,YAAY,iBAAiB,YAAY,cAAc,aAAa;AAAA,IACpE,SAAS,iBAAiB,YAAY,mBAAmB,mBAAmB;AAAA,IAC5E,YAAY,iBAAiB,YAAY,iBAAiB,gBAAgB;AAAA,EAC5E;AACF;AAEA,eAAe,kCAAkC;AAAA,EAC/C;AAAA,EACA;AAAA,EACA;AACF,GAIsC;AACpC,MAAI,CAAC,KAAK,YAAY,CAAC,KAAK,kBAAkB,CAAC,eAAe,OAAQ,QAAO,CAAC;AAE9E,MAAI,aAAsC;AAC1C,MAAI;AACF,iBAAa,UAAU,QAAQ,kBAAkB;AAAA,EACnD,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACA,MAAI,CAAC,cAAc,OAAO,WAAW,SAAS,WAAY,QAAO,CAAC;AAClE,QAAM,iBAAiB,IAAI,IAAI,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,KAAK,CAAC,CAAC;AACrF,QAAM,iBAAiB,IAAI,IAAI,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,MAAM,KAAK,CAAC,CAAC;AACrF,QAAM,uBAAuB,oBAAI,IAAoC;AACrE,QAAM,aAAa,MAAM,WAAW,KAAK;AAAA,IACvC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,cAAc;AAAA,IACd,YAAY,KAAK;AAAA,IACjB,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC,EAAE,MAAM,MAAM,IAAI;AACnB,QAAM,OAAO,YAAY,SAAS,CAAC;AAEnC,MAAI,kBAAiC;AACrC,aAAW,OAAO,MAAM;AACtB,QAAI,IAAI,mBAAmB,YAAY,IAAI,mBAAmB,SAAU;AAExE,UAAM,SAAS,sBAAsB,IAAI,cAAc;AACvD,UAAM,QAAQ,sBAAsB,IAAI,aAAa;AACrD,UAAM,cAAc,MAAM;AAC1B,QAAI,CAAC,YAAa;AAElB,UAAM,aAAa,eAAe,IAAI,WAAW;AACjD,QAAI,OAAO,eAAe,UAAU;AAClC,wBAAkB;AAClB;AAAA,IACF;AAEA,UAAM,2BAA0C,OAAO,WAAW;AAClE,QAAI,6BAA6B,eAAe,qBAAqB,IAAI,WAAW,GAAG;AACrF,wBAAkB;AAClB;AAAA,IACF;AAEA,yBAAqB,IAAI,aAAa;AAAA,MACpC,SAAS;AAAA,MACT,YAAY,MAAM,cAAc,eAAe,IAAI,WAAW,KAAK;AAAA,MACnE;AAAA,MACA,gBAAgB,IAAI,UAAU,YAAY;AAAA,IAC5C,CAAC;AACD,sBAAkB;AAAA,EACpB;AAEA,SAAO,MAAM,KAAK,qBAAqB,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,aAAa,MAAM,UAAU;AAC3G;AAEA,SAAS,sBAAsB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAK6B;AAC3B,QAAM,SAAS,oBAAI,IAAoC;AACvD,aAAW,cAAc,WAAW;AAClC,WAAO,IAAI,WAAW,SAAS,UAAU;AAAA,EAC3C;AACA,aAAW,cAAc,WAAW;AAClC,QAAI,CAAC,OAAO,IAAI,WAAW,OAAO,GAAG;AACnC,aAAO,IAAI,WAAW,SAAS,UAAU;AAAA,IAC3C;AAAA,EACF;AACA,MAAI,gBAAgB,CAAC,OAAO,IAAI,aAAa,EAAE,GAAG;AAChD,WAAO,IAAI,aAAa,IAAI;AAAA,MAC1B,SAAS,aAAa;AAAA,MACtB,YAAY,aAAa;AAAA,MACzB,YAAY,aAAa;AAAA,MACzB,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AACA,SAAO,MAAM,KAAK,OAAO,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,UAAU,KAAK,aAAa,MAAM,UAAU;AAC7F;AAEA,eAAe,+BACb,IACA,QACA,gBACA,UAC+C;AAC/C,QAAM,mBAAmB,OACtB,IAAI,CAAC,UAAU,MAAM,MAAM,KAAK,EAAE,YAAY,CAAC,EAC/C,OAAO,CAAC,UAAU,MAAM,SAAS,CAAC;AACrC,MAAI,CAAC,iBAAiB,OAAQ,QAAO,oBAAI,IAAqC;AAC9E,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN,iBAAiB,EAAE,KAAK,iBAAiB;AAAA,IAC3C;AAAA,IACA;AAAA,IACA,EAAE,UAAU,eAAe;AAAA,EAC7B;AACA,QAAM,MAAM,oBAAI,IAAqC;AACrD,UAAQ,QAAQ,CAAC,UAAU,IAAI,IAAI,MAAM,iBAAiB,KAAK,CAAC;AAChE,SAAO;AACT;AAEA,eAAe,8BACb,IACA,MACA,iBACuC;AACvC,MAAI,KAAK,iBAAiB;AACxB,UAAM,aAAa,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,gBAAgB,KAAK;AAAA,QACrB,UAAU,KAAK;AAAA,MACjB;AAAA,MACA,CAAC;AAAA,MACD;AAAA,IACF;AACA,QAAI,WAAY,QAAO;AAAA,EACzB;AAEA,QAAM,uBAAuB,oBAAoB,KAAK,aAAa;AACnE,MAAI,CAAC,qBAAsB,QAAO;AAElC,QAAM,eAAe,MAAM;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,MACE,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,MACf,GAAI,KAAK,aAAa,EAAE,YAAY,KAAK,WAAW,IAAI,CAAC;AAAA,IAC3D;AAAA,IACA,EAAE,SAAS,EAAE,OAAO,MAAM,EAAE;AAAA,IAC5B;AAAA,EACF;AAEA,QAAM,iBAAiB,aAAa,OAAO,CAAC,UAAU,oBAAoB,MAAM,KAAK,MAAM,oBAAoB;AAC/G,MAAI,eAAe,WAAW,EAAG,QAAO,eAAe,CAAC,KAAK;AAC7D,MAAI,eAAe,SAAS,GAAG;AAC7B,UAAM,sBAAsB,IAAI,IAAI,eAAe,IAAI,CAAC,UAAU,MAAM,UAAU,CAAC;AACnF,QAAI,oBAAoB,SAAS,EAAG,QAAO,eAAe,CAAC,KAAK;AAAA,EAClE;AACA,SAAO;AACT;AAEA,eAAsB,IAAI,SAAkB,SAA+C;AACzF,QAAM,eAAe,aAAa,UAAU,QAAQ,MAAM;AAC1D,MAAI,CAAC,aAAa,SAAS;AACzB,WAAO,SAAS,gBAAgB;AAAA,EAClC;AAEA,QAAM,eAAe,iBAAiB,OAAO;AAC7C,QAAM,WAAW,aAAa,OAAO;AACrC,QAAM,WAAW,aAAa;AAC9B,QAAM,gBAAgB,aAAa,IAAI,QAAQ;AAC/C,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,MAAM,mBAAmB,OAAO;AAC7C,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChF;AAEA,MAAI,OAA2B;AAC/B,MAAI;AACF,WAAQ,UAAU,QAAQ,aAAa;AAAA,EACzC,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,CAAC,MAAM,KAAK;AACvB,WAAO,UAAU,eAAe;AAAA,EAClC;AACA,QAAM,aAAa,MAAM,KAAK,mBAAmB,KAAK,KAAK,CAAC,sBAAsB,GAAG;AAAA,IACnF,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,EAChC,CAAC;AACD,MAAI,CAAC,YAAY;AACf,WAAO,UAAU,eAAe;AAAA,EAClC;AAEA,QAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,QAAQ,CAAC;AACnF,QAAM,KAAM,UAAU,QAAQ,IAAI;AAElC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,aAAa,KAAK,IAAI,WAAW,KAAK;AAAA,IAC5C;AAAA,MACE,UAAU,CAAC,iBAAiB,+BAA+B,qBAAqB,kCAAkC;AAAA,IACpH;AAAA,IACA,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE;AACA,MAAI,CAAC,MAAM;AACT,WAAO,SAAS,gBAAgB;AAAA,EAClC;AAEA,MAAI,KAAK,YAAY,KAAK,YAAY,KAAK,aAAa,KAAK,UAAU;AACrE,WAAO,SAAS,gBAAgB;AAAA,EAClC;AAEA,MAAI,CAAC,gCAAgC,EAAE,OAAO,MAAM,gBAAgB,KAAK,eAAe,CAAC,GAAG;AAC1F,WAAO,UAAU,eAAe;AAAA,EAClC;AAEA,QAAM,kBAAkB;AAAA,IACtB,UAAU,KAAK,YAAY,KAAK,YAAY;AAAA,IAC5C,gBAAgB,KAAK,kBAAkB,KAAK,SAAS;AAAA,EACvD;AACA,MAAI,kBAA4B,CAAC;AACjC,MAAI,mBAA6B,CAAC;AAClC,MAAI,SAA4B,CAAC;AACjC,MAAI,YAA+B,CAAC;AAEpC,MAAI,UAAU;AACZ,UAAM,iBAAiB,MAAM;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,SAAS,EAAE,WAAW,MAAM,EAAE;AAAA,MAChC;AAAA,IACF;AACA,UAAM,kBAAkB,MAAM;AAAA,MAC5B;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,SAAS,EAAE,WAAW,MAAM,EAAE;AAAA,MAChC;AAAA,IACF;AAEA,sBAAkB,MAAM;AAAA,MACtB,IAAI;AAAA,QACF,eACG,IAAI,CAAC,SAAS;AACb,gBAAM,YAAY,KAAK;AACvB,cAAI,CAAC,UAAW,QAAO;AACvB,cAAI,OAAO,cAAc,SAAU,QAAO;AAC1C,gBAAM,gBAAgB,UAAU;AAChC,iBAAO,OAAO,kBAAkB,WAAW,gBAAgB;AAAA,QAC7D,CAAC,EACA,OAAO,CAAC,UAA2B,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,CAAC;AAAA,MAC5F;AAAA,IACF;AACA,uBAAmB,MAAM;AAAA,MACvB,IAAI;AAAA,QACF,gBACG,IAAI,CAAC,SAAS;AACb,gBAAM,aAAa,KAAK;AACxB,cAAI,CAAC,WAAY,QAAO;AACxB,cAAI,OAAO,eAAe,SAAU,QAAO;AAC3C,gBAAM,iBAAiB,WAAW;AAClC,iBAAO,OAAO,mBAAmB,WAAW,iBAAiB;AAAA,QAC/D,CAAC,EACA,OAAO,CAAC,UAA2B,OAAO,UAAU,YAAY,MAAM,KAAK,EAAE,SAAS,CAAC;AAAA,MAC5F;AAAA,IACF;AAEA,UAAM,gBAAgB,gBAAgB,SAClC,MAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,gBAAgB,MAAM,GAAG,CAAC,EAAE,EAAE;AAAA,MAC3C,EAAE,UAAU,CAAC,eAAe,EAAE;AAAA,MAC9B;AAAA,IACF,IACA,CAAC;AACL,UAAM,mBAAmB,iBAAiB,SACtC,MAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA,EAAE,IAAI,EAAE,KAAK,iBAAiB,MAAM,GAAG,CAAC,EAAE,EAAE;AAAA,MAC5C,EAAE,UAAU,CAAC,gBAAgB,EAAE;AAAA,MAC/B;AAAA,IACF,IACA,CAAC;AACL,UAAM,mBAAmB,IAAI,IAAI,cAAc,IAAI,CAAC,WAAW,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC;AACnF,UAAM,sBAAsB,IAAI,IAAI,iBAAiB,IAAI,CAAC,WAAW,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC;AACzF,aAAS,gBAAgB,MAAM,GAAG,CAAC,EAAE,OAA0B,CAAC,KAAK,aAAa;AAChF,YAAM,SAAS,iBAAiB,IAAI,QAAQ,KAAK;AACjD,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,2BAA2B,MAAM;AAC7D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,SAAS,CAAC;AAC3D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AACL,gBAAY,iBAAiB,MAAM,GAAG,CAAC,EAAE,OAA0B,CAAC,KAAK,cAAc;AACrF,YAAM,SAAS,oBAAoB,IAAI,SAAS,KAAK;AACrD,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,4BAA4B,MAAM;AAC9D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,UAAU,CAAC;AAC5D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAAA,EACP,OAAO;AACL,UAAM,cAAc,MAAM;AAAA,MACxB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,UAAU,CAAC,UAAU,sBAAsB,EAAE;AAAA,MAC/C;AAAA,IACF;AACA,UAAM,eAAe,MAAM;AAAA,MACzB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,KAAK,GAAG;AAAA,MAChB,EAAE,UAAU,CAAC,WAAW,wBAAwB,EAAE;AAAA,MAClD;AAAA,IACF;AACA,UAAM,mBAAmB,KAAK,YAAY,KAAK,YAAY;AAC3D,UAAM,gBAAgB,KAAK,kBAAkB,KAAK,SAAS;AAC3D,UAAM,iCAAiC,aAAa;AAAA,MAClD;AAAA,MACA,UAAU;AAAA,MACV,gBAAgB;AAAA,IAClB,CAAC;AACD,UAAM,iCAAiC,cAAc;AAAA,MACnD;AAAA,MACA,UAAU;AAAA,MACV,gBAAgB;AAAA,IAClB,CAAC;AAED,aAAS,YAAY,OAA0B,CAAC,KAAK,SAAS;AAC5D,YAAM,SAAS,KAAK;AACpB,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,2BAA2B,MAAM;AAC7D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,SAAS,CAAC;AAC3D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AAEL,gBAAY,aAAa,OAA0B,CAAC,KAAK,SAAS;AAChE,YAAM,SAAS,KAAK;AACpB,UAAI,CAAC,UAAU,OAAO,UAAW,QAAO;AACxC,YAAM,EAAE,OAAO,SAAS,IAAI,4BAA4B,MAAM;AAC9D,UAAI,KAAK,EAAE,IAAI,OAAO,IAAI,OAAO,UAAU,MAAM,UAAU,CAAC;AAC5D,aAAO;AAAA,IACT,GAAG,CAAC,CAAC;AACL,sBAAkB,OAAO,IAAI,CAAC,UAAU,MAAM,EAAE;AAChD,uBAAmB,UAAU,IAAI,CAAC,UAAU,MAAM,EAAE;AAAA,EACtD;AAEA,QAAM,oBAAoB,MAAM,sBAAsB;AAAA,IACpD;AAAA,IACA,UAAU,EAAE,UAAU;AAAA,IACtB,WAAW,CAAC,KAAK,EAAE;AAAA,IACnB,kBAAkB,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,YAAY,KAAK;AAAA,IACrD,wBAAwB,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,kBAAkB,KAAK;AAAA,IACjE,iBAAiB,CAAC,KAAK,YAAY,KAAK,YAAY,IAAI,EAAE,OAAO,CAAC,UAA2B,CAAC,CAAC,KAAK;AAAA,EACtG,CAAC;AACD,QAAM,eAAe,6BAA6B,kBAAkB,KAAK,EAAE,CAAC,KAAK,CAAC;AAElF,QAAM,eAAe,KAAK,WAAW,OAAO,KAAK,OAAO;AACxD,MAAI,aAA4B;AAChC,MAAI,cAA6B,KAAK,SAAS;AAC/C,MAAI,cAAc;AAChB,UAAM,cAAc;AAAA,MAClB,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,SAAS;AAAA,IAChC;AACA,UAAM,SAAS,MAAM;AAAA,MACnB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,cAAc,UAAU,KAAK,YAAY,KAAK;AAAA,MACpD,CAAC;AAAA,MACD;AAAA,IACF;AACA,iBAAa,QAAQ,QAAQ;AAC7B,kBAAc,QAAQ,SAAS,eAAe;AAAA,EAChD;AAEA,QAAM,QAAQ,KAAK,cACf,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA,EAAE,IAAI,KAAK,aAAa,UAAU,KAAK,YAAY,KAAK,YAAY,KAAK;AAAA,IACzE,CAAC;AAAA,IACD;AAAA,EACF,IACE;AACJ,QAAM,eAAe,QACjB;AAAA,IACA,IAAI,MAAM;AAAA,IACV,MAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,IACzC,OAAO,MAAM,SAAS;AAAA,EACxB,IACE;AAEJ,QAAM,iBAAiB,gBACnB,MAAM,8BAA8B,IAAI,MAAM,eAAe,IAC7D;AACJ,QAAM,sBAAsB,KAAK,cAAc,gBAAgB,cAAc;AAC7E,QAAM,2BAA2B,KAAK,mBAAmB,gBAAgB,MAAM;AAC/E,QAAM,8BAA8B,KAAK,iBAAiB,gBAAgB,SAAS;AAEnF,QAAM,iBAAiB,iBAAiB,sBACpC,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,MACE,YAAY;AAAA,MACZ,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,IACjB;AAAA,IACA,EAAE,SAAS,EAAE,OAAO,MAAM,EAAE;AAAA,IAC5B;AAAA,EACF,IACE,CAAC;AACL,QAAM,WAAW,sBACb,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,IACjB;AAAA,IACA,CAAC;AAAA,IACD;AAAA,EACF,IACE;AACJ,QAAM,6BAA6B,eAAe,SAC9C,MAAM,+BAA+B,IAAI,gBAAgB,KAAK,gBAAgB,KAAK,QAAQ,IAC3F,oBAAI,IAAqC;AAC7C,MAAI,mBAAkD,CAAC;AACvD,MAAI,eAAe;AACjB,QAAI;AACF,yBAAmB,MAAM;AAAA,QACvB;AAAA,QACA;AAAA,QACA,EAAE,MAAM,KAAK,IAAI,WAAW,KAAK;AAAA,QACjC,EAAE,SAAS,EAAE,YAAY,OAAO,gBAAgB,MAAM,EAAE;AAAA,QACxD;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,CAAC,kCAAkC,KAAK,GAAG;AAC7C,cAAM;AAAA,MACR;AACA,0CAAoC,gCAAgC;AACpE,yBAAmB,CAAC;AAAA,IACtB;AAAA,EACF;AACA,QAAM,4BAA4B,iBAAiB,IAAI,CAAC,gBAAgB;AAAA,IACtE,SAAS,WAAW;AAAA,IACpB,YAAY,WAAW;AAAA,IACvB,YAAY,WAAW;AAAA,IACvB,gBAAgB,WAAW,eAAe,YAAY;AAAA,EACxD,EAAE;AACF,QAAM,4BAA4B,iBAAiB,0BAA0B,WAAW,IACpF,MAAM,kCAAkC,EAAE,WAAW,MAAM,eAAe,CAAC,IAC3E,CAAC;AACL,QAAM,yBAAyB,MAAM;AACnC,QAAI,CAAC,yBAA0B,QAAO;AACtC,UAAM,gBAAgB,eAAe,KAAK,CAAC,UAAU,MAAM,OAAO,wBAAwB;AAC1F,QAAI,eAAe;AACjB,aAAO;AAAA,QACL,IAAI,cAAc;AAAA,QAClB,OAAO,cAAc;AAAA,QACrB,OAAO,cAAc;AAAA,MACvB;AAAA,IACF;AACA,QAAI,CAAC,4BAA6B,QAAO;AACzC,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF,GAAG;AACH,QAAM,yBAAyB,sBAAsB;AAAA,IACnD,WAAW;AAAA,IACX,WAAW;AAAA,IACX,cAAc;AAAA,IACd,mBAAmB,KAAK,UAAU,YAAY;AAAA,EAChD,CAAC;AAED,SAAO,aAAa,KAAK;AAAA,IACvB,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK,eAAe;AAAA,MACjC,QAAQ,KAAK,UAAU;AAAA,MACvB,eAAe;AAAA,MACf,YAAY;AAAA,MACZ,iBAAiB;AAAA,MACjB,aAAa,KAAK,eAAe;AAAA,MACjC,eAAe,KAAK,iBAAiB;AAAA,MACrC,aAAa,KAAK,eAAe;AAAA,MACjC,iBAAiB,KAAK,kBAAkB,KAAK,gBAAgB,YAAY,IAAI;AAAA,MAC7E,aAAa,KAAK,eAAe;AAAA,MACjC,QAAQ,KAAK,UAAU;AAAA,MACvB,gBAAgB,KAAK,kBAAkB;AAAA,MACvC,cAAc,KAAK,gBAAgB;AAAA,MACnC,WAAW,KAAK,aAAa;AAAA,MAC7B,gBAAgB,KAAK,kBAAkB;AAAA,MACvC,UAAU,KAAK,YAAY;AAAA,MAC3B,WAAW,KAAK,UAAU,YAAY;AAAA,MACtC,WAAW,KAAK,UAAU,YAAY;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,MACN,QAAQ,gBAAgB;AAAA,MACxB,WAAW,iBAAiB;AAAA,IAC9B;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,MACN,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,OAAO;AAAA,IACT;AAAA,IACA,gBAAgB,eAAe,IAAI,CAAC,UAAU;AAC5C,YAAM,aAAa,2BAA2B,IAAI,MAAM,MAAM,KAAK,EAAE,YAAY,CAAC;AAClF,aAAO;AAAA,QACL,IAAI,MAAM;AAAA,QACV,OAAO,MAAM;AAAA,QACb,OAAO,MAAM;AAAA,QACb,OAAO,YAAY,SAAS;AAAA,QAC5B,MAAM,YAAY,QAAQ;AAAA,MAC5B;AAAA,IACF,CAAC;AAAA,IACD,cAAc,UAAU,QAAQ;AAAA,IAChC,kBAAkB;AAAA,IAClB,OAAO;AAAA,EACT,CAAC;AACH;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,OAAO,EAAE,SAAS;AAC/B,CAAC;AAED,MAAM,0BAA0B,EAAE,OAAO;AAAA,EACvC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,OAAO,EAAE,OAAO,EAAE,IAAI;AAAA,EACtB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAED,MAAM,4BAA4B,EAAE,OAAO;AAAA,EACzC,SAAS,EAAE,OAAO,EAAE,KAAK;AAAA,EACzB,YAAY,EAAE,OAAO;AAAA,EACrB,YAAY,EAAE,OAAO,EAAE,IAAI;AAAA,EAC3B,gBAAgB,EAAE,OAAO;AAC3B,CAAC;AAED,MAAM,2BAA2B,EAAE,OAAO;AAAA,EACxC,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACtC,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5C,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACvC,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9C,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IAClD,iBAAiB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACvD,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5C,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC9C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5C,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,aAAa,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACnD,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IACvC,gBAAgB,EAAE,KAAK,CAAC,OAAO,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,IAC5D,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACpD,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,IAC1C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IACtD,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,IAChD,WAAW,EAAE,OAAO;AAAA,IACpB,WAAW,EAAE,OAAO;AAAA,EACtB,CAAC;AAAA,EACD,QAAQ,EAAE;AAAA,IACR,EAAE,OAAO;AAAA,MACP,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,MACpB,OAAO,EAAE,OAAO;AAAA,MAChB,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,MACzC,MAAM,EAAE,QAAQ,QAAQ;AAAA,IAC1B,CAAC;AAAA,EACH;AAAA,EACA,WAAW,EAAE;AAAA,IACX,EAAE,OAAO;AAAA,MACP,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,MACpB,OAAO,EAAE,OAAO;AAAA,MAChB,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,MACzC,MAAM,EAAE,QAAQ,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AAAA,EACA,cAAc,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC;AAAA,EAC9C,QAAQ,EAAE,OAAO;AAAA,IACf,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IACnC,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,IAC1B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC;AAAA,EACD,gBAAgB,EAAE,MAAM,uBAAuB;AAAA,EAC/C,kBAAkB,EAAE,MAAM,yBAAyB;AAAA,EACnD,OAAO,EAAE,OAAO;AAAA,IACd,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,MAAM,EAAE,OAAO;AAAA,IACf,OAAO,EAAE,OAAO;AAAA,EAClB,CAAC,EAAE,SAAS;AACd,CAAC;AAED,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,OAAO,EAAE,OAAO;AAClB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,OAAO;AAAA,MACP,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,yBAAyB;AAAA,MACtF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,sBAAsB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,2CAA2C,QAAQ,sBAAsB;AAAA,QACrG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,sBAAsB;AAAA,MAC9E;AAAA,IACF;AAAA,EACF;AACF;",
6
6
  "names": []
7
7
  }
package/dist/modules/customers/api/deals/[id]/stats/route.js CHANGED
@@ -7,6 +7,7 @@ import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
7
7
  import { CustomerDeal, CustomerPipeline } from "../../../../data/entities.js";
8
8
  import { DictionaryEntry } from "@open-mercato/core/modules/dictionaries/data/entities";
9
9
  import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
10
+ import { isOrganizationReadAccessAllowed } from "@open-mercato/core/modules/directory/utils/organizationScopeGuard";
10
11
  const metadata = {
11
12
  GET: { requireAuth: true, requireFeatures: ["customers.deals.view"] }
12
13
  };
@@ -80,15 +81,7 @@ async function GET(request, context) {
80
81
  if (!deal) {
81
82
  return notFound(translate("customers.errors.deal_not_found", "Deal not found"));
82
83
  }
83
- const allowedOrgIds = /* @__PURE__ */ new Set();
84
- if (Array.isArray(scope?.filterIds)) {
85
- scope.filterIds.forEach((id) => {
86
- if (typeof id === "string" && id.trim().length) allowedOrgIds.add(id);
87
- });
88
- } else if (auth.orgId) {
89
- allowedOrgIds.add(auth.orgId);
90
- }
91
- if (allowedOrgIds.size && deal.organizationId && !allowedOrgIds.has(deal.organizationId)) {
84
+ if (!isOrganizationReadAccessAllowed({ scope, auth, organizationId: deal.organizationId })) {
92
85
  return forbidden(translate("customers.errors.access_denied", "Access denied"));
93
86
  }
94
87
  if (!deal.closureOutcome) {
package/dist/modules/customers/api/deals/[id]/stats/route.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../../../../src/modules/customers/api/deals/%5Bid%5D/stats/route.ts"],
4
- "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { CustomerDeal, CustomerPipeline } from '../../../../data/entities'\nimport { DictionaryEntry } from '@open-mercato/core/modules/dictionaries/data/entities'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport const metadata = {\n GET: { requireAuth: true, requireFeatures: ['customers.deals.view'] },\n}\n\nconst paramsSchema = z.object({\n id: z.string().uuid(),\n})\n\nfunction notFound(message: string) {\n return NextResponse.json({ error: message }, { status: 404 })\n}\n\nfunction forbidden(message: string) {\n return NextResponse.json({ error: message }, { status: 403 })\n}\n\nfunction badRequest(message: string, code?: string) {\n return NextResponse.json(\n code ? { error: message, code } : { error: message },\n { status: 400 },\n )\n}\n\nfunction startOfIsoWeek(date: Date): Date {\n const value = new Date(date)\n const day = value.getDay()\n const diff = day === 0 ? -6 : 1 - day\n value.setHours(0, 0, 0, 0)\n value.setDate(value.getDate() + diff)\n return value\n}\n\nfunction startOfQuarter(date: Date): Date {\n return new Date(date.getFullYear(), Math.floor(date.getMonth() / 3) * 3, 1)\n}\n\nfunction calculateSalesCycleDays(createdAt: Date, closedAt: Date): number {\n const diffMs = closedAt.getTime() - createdAt.getTime()\n if (diffMs <= 0) return 0\n return Math.floor(diffMs / 86400000)\n}\n\nexport async function GET(request: Request, context: { params?: Record<string, unknown> }) {\n const { translate } = await resolveTranslations()\n const parsedParams = paramsSchema.safeParse(context.params)\n if (!parsedParams.success) {\n return notFound(translate('customers.errors.deal_not_found', 'Deal not found'))\n }\n\n const container = await createRequestContainer()\n const auth = await getAuthFromRequest(request)\n if (!auth?.sub && !auth?.isApiKey) {\n return NextResponse.json({ error: translate('customers.errors.authentication_required', 'Authentication required') }, { status: 401 })\n }\n\n let rbac: RbacService | null = null\n try {\n rbac = (container.resolve('rbacService') as RbacService)\n } catch {\n rbac = null\n }\n\n if (!rbac || !auth?.sub) {\n return forbidden(translate('customers.errors.access_denied', 'Access denied'))\n }\n const hasFeature = await rbac.userHasAllFeatures(auth.sub, ['customers.deals.view'], {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n })\n if (!hasFeature) {\n return forbidden(translate('customers.errors.access_denied', 'Access denied'))\n }\n\n const scope = await resolveOrganizationScopeForRequest({ container, auth, request })\n const em = (container.resolve('em') as EntityManager)\n const deal = await findOneWithDecryption(\n em,\n CustomerDeal,\n { id: parsedParams.data.id, tenantId: auth.tenantId ?? null, deletedAt: null },\n {},\n { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n )\n if (!deal) {\n return notFound(translate('customers.errors.deal_not_found', 'Deal not found'))\n }\n\n const allowedOrgIds = new Set<string>()\n if (Array.isArray(scope?.filterIds)) {\n scope.filterIds.forEach((id) => {\n if (typeof id === 'string' && id.trim().length) allowedOrgIds.add(id)\n })\n } else if (auth.orgId) {\n allowedOrgIds.add(auth.orgId)\n }\n if (allowedOrgIds.size && deal.organizationId && !allowedOrgIds.has(deal.organizationId)) {\n return forbidden(translate('customers.errors.access_denied', 'Access denied'))\n }\n\n if (!deal.closureOutcome) {\n return badRequest(translate('customers.errors.deal_not_closed', 'Deal is not closed'), 'DEAL_NOT_CLOSED')\n }\n\n const now = new Date()\n const weekStart = startOfIsoWeek(now)\n const quarterStart = startOfQuarter(now)\n const dealsClosedThisPeriod = await em.count(CustomerDeal, {\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n closureOutcome: deal.closureOutcome,\n deletedAt: null,\n updatedAt: { $gte: weekStart },\n })\n\n let dealRankInQuarter: number | null = null\n if (deal.closureOutcome === 'won' && deal.valueAmount !== null) {\n const higherValueDeals = await em.count(CustomerDeal, {\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n closureOutcome: 'won',\n deletedAt: null,\n updatedAt: { $gte: quarterStart },\n valueAmount: { $gt: deal.valueAmount },\n })\n dealRankInQuarter = higherValueDeals + 1\n }\n\n const pipeline = deal.pipelineId\n ? await findOneWithDecryption(\n em,\n CustomerPipeline,\n { id: deal.pipelineId, tenantId: deal.tenantId, organizationId: deal.organizationId },\n {},\n { tenantId: deal.tenantId, organizationId: deal.organizationId },\n )\n : null\n\n let lossReasonLabel: string | null = null\n if (deal.lossReasonId) {\n const dictionaryEntry = await findOneWithDecryption(\n em,\n DictionaryEntry,\n {\n id: deal.lossReasonId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n { populate: ['dictionary'] },\n { tenantId: deal.tenantId, organizationId: deal.organizationId },\n )\n const dictionaryKey =\n dictionaryEntry?.dictionary &&\n typeof (dictionaryEntry.dictionary as { key?: unknown }).key === 'string'\n ? (dictionaryEntry.dictionary as { key: string }).key\n : null\n if (dictionaryKey === 'sales.deal_loss_reason') {\n lossReasonLabel = dictionaryEntry?.label ?? dictionaryEntry?.value ?? null\n }\n }\n\n return NextResponse.json({\n dealValue: deal.valueAmount !== null ? Number(deal.valueAmount) : null,\n dealCurrency: deal.valueCurrency ?? null,\n closureOutcome: deal.closureOutcome,\n closedAt: deal.updatedAt.toISOString(),\n pipelineName: pipeline?.name ?? null,\n dealsClosedThisPeriod,\n salesCycleDays: calculateSalesCycleDays(deal.createdAt, deal.updatedAt),\n dealRankInQuarter,\n lossReason: lossReasonLabel,\n })\n}\n\nconst dealStatsResponseSchema = z.object({\n dealValue: z.number().nullable(),\n dealCurrency: z.string().nullable(),\n closureOutcome: z.enum(['won', 'lost']),\n closedAt: z.string(),\n pipelineName: z.string().nullable(),\n dealsClosedThisPeriod: z.number().int(),\n salesCycleDays: z.number().int().nullable(),\n dealRankInQuarter: z.number().int().nullable(),\n lossReason: z.string().nullable(),\n})\n\nconst dealStatsErrorSchema = z.object({\n error: z.string(),\n code: z.string().optional(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'Customers',\n summary: 'Fetch deal closure stats',\n methods: {\n GET: {\n summary: 'Fetch analytics for a closed deal',\n description: 'Returns week-to-date closure counts, sales cycle length, quarter ranking, and loss reason context for a closed deal.',\n responses: [\n { status: 200, description: 'Deal closure stats payload', schema: dealStatsResponseSchema },\n ],\n errors: [\n { status: 400, description: 'Deal is not closed', schema: dealStatsErrorSchema },\n { status: 401, description: 'Unauthorized', schema: dealStatsErrorSchema },\n { status: 403, description: 'Forbidden for tenant/organization scope', schema: dealStatsErrorSchema },\n { status: 404, description: 'Deal not found', schema: dealStatsErrorSchema },\n ],\n },\n },\n}\n"],
5
- "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AACnD,SAAS,2BAA2B;AAEpC,SAAS,cAAc,wBAAwB;AAC/C,SAAS,uBAAuB;AAGhC,SAAS,6BAA6B;AAE/B,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,sBAAsB,EAAE;AACtE;AAEA,MAAM,eAAe,EAAE,OAAO;AAAA,EAC5B,IAAI,EAAE,OAAO,EAAE,KAAK;AACtB,CAAC;AAED,SAAS,SAAS,SAAiB;AACjC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AAEA,SAAS,UAAU,SAAiB;AAClC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AAEA,SAAS,WAAW,SAAiB,MAAe;AAClD,SAAO,aAAa;AAAA,IAClB,OAAO,EAAE,OAAO,SAAS,KAAK,IAAI,EAAE,OAAO,QAAQ;AAAA,IACnD,EAAE,QAAQ,IAAI;AAAA,EAChB;AACF;AAEA,SAAS,eAAe,MAAkB;AACxC,QAAM,QAAQ,IAAI,KAAK,IAAI;AAC3B,QAAM,MAAM,MAAM,OAAO;AACzB,QAAM,OAAO,QAAQ,IAAI,KAAK,IAAI;AAClC,QAAM,SAAS,GAAG,GAAG,GAAG,CAAC;AACzB,QAAM,QAAQ,MAAM,QAAQ,IAAI,IAAI;AACpC,SAAO;AACT;AAEA,SAAS,eAAe,MAAkB;AACxC,SAAO,IAAI,KAAK,KAAK,YAAY,GAAG,KAAK,MAAM,KAAK,SAAS,IAAI,CAAC,IAAI,GAAG,CAAC;AAC5E;AAEA,SAAS,wBAAwB,WAAiB,UAAwB;AACxE,QAAM,SAAS,SAAS,QAAQ,IAAI,UAAU,QAAQ;AACtD,MAAI,UAAU,EAAG,QAAO;AACxB,SAAO,KAAK,MAAM,SAAS,KAAQ;AACrC;AAEA,eAAsB,IAAI,SAAkB,SAA+C;AACzF,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,eAAe,aAAa,UAAU,QAAQ,MAAM;AAC1D,MAAI,CAAC,aAAa,SAAS;AACzB,WAAO,SAAS,UAAU,mCAAmC,gBAAgB,CAAC;AAAA,EAChF;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,MAAM,mBAAmB,OAAO;AAC7C,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,UAAU,4CAA4C,yBAAyB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvI;AAEA,MAAI,OAA2B;AAC/B,MAAI;AACF,WAAQ,UAAU,QAAQ,aAAa;AAAA,EACzC,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,CAAC,MAAM,KAAK;AACvB,WAAO,UAAU,UAAU,kCAAkC,eAAe,CAAC;AAAA,EAC/E;AACA,QAAM,aAAa,MAAM,KAAK,mBAAmB,KAAK,KAAK,CAAC,sBAAsB,GAAG;AAAA,IACnF,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,EAChC,CAAC;AACD,MAAI,CAAC,YAAY;AACf,WAAO,UAAU,UAAU,kCAAkC,eAAe,CAAC;AAAA,EAC/E;AAEA,QAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,QAAQ,CAAC;AACnF,QAAM,KAAM,UAAU,QAAQ,IAAI;AAClC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,aAAa,KAAK,IAAI,UAAU,KAAK,YAAY,MAAM,WAAW,KAAK;AAAA,IAC7E,CAAC;AAAA,IACD,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE;AACA,MAAI,CAAC,MAAM;AACT,WAAO,SAAS,UAAU,mCAAmC,gBAAgB,CAAC;AAAA,EAChF;AAEA,QAAM,gBAAgB,oBAAI,IAAY;AACtC,MAAI,MAAM,QAAQ,OAAO,SAAS,GAAG;AACnC,UAAM,UAAU,QAAQ,CAAC,OAAO;AAC9B,UAAI,OAAO,OAAO,YAAY,GAAG,KAAK,EAAE,OAAQ,eAAc,IAAI,EAAE;AAAA,IACtE,CAAC;AAAA,EACH,WAAW,KAAK,OAAO;AACrB,kBAAc,IAAI,KAAK,KAAK;AAAA,EAC9B;AACA,MAAI,cAAc,QAAQ,KAAK,kBAAkB,CAAC,cAAc,IAAI,KAAK,cAAc,GAAG;AACxF,WAAO,UAAU,UAAU,kCAAkC,eAAe,CAAC;AAAA,EAC/E;AAEA,MAAI,CAAC,KAAK,gBAAgB;AACxB,WAAO,WAAW,UAAU,oCAAoC,oBAAoB,GAAG,iBAAiB;AAAA,EAC1G;AAEA,QAAM,MAAM,oBAAI,KAAK;AACrB,QAAM,YAAY,eAAe,GAAG;AACpC,QAAM,eAAe,eAAe,GAAG;AACvC,QAAM,wBAAwB,MAAM,GAAG,MAAM,cAAc;AAAA,IACzD,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW;AAAA,IACX,WAAW,EAAE,MAAM,UAAU;AAAA,EAC/B,CAAC;AAED,MAAI,oBAAmC;AACvC,MAAI,KAAK,mBAAmB,SAAS,KAAK,gBAAgB,MAAM;AAC9D,UAAM,mBAAmB,MAAM,GAAG,MAAM,cAAc;AAAA,MACpD,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,MACf,gBAAgB;AAAA,MAChB,WAAW;AAAA,MACX,WAAW,EAAE,MAAM,aAAa;AAAA,MAChC,aAAa,EAAE,KAAK,KAAK,YAAY;AAAA,IACvC,CAAC;AACD,wBAAoB,mBAAmB;AAAA,EACzC;AAEA,QAAM,WAAW,KAAK,aAClB,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA,EAAE,IAAI,KAAK,YAAY,UAAU,KAAK,UAAU,gBAAgB,KAAK,eAAe;AAAA,IACpF,CAAC;AAAA,IACD,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,eAAe;AAAA,EACjE,IACE;AAEJ,MAAI,kBAAiC;AACrC,MAAI,KAAK,cAAc;AACrB,UAAM,kBAAkB,MAAM;AAAA,MAC5B;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,gBAAgB,KAAK;AAAA,QACrB,UAAU,KAAK;AAAA,MACjB;AAAA,MACA,EAAE,UAAU,CAAC,YAAY,EAAE;AAAA,MAC3B,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,eAAe;AAAA,IACjE;AACA,UAAM,gBACJ,iBAAiB,cACjB,OAAQ,gBAAgB,WAAiC,QAAQ,WAC5D,gBAAgB,WAA+B,MAChD;AACN,QAAI,kBAAkB,0BAA0B;AAC9C,wBAAkB,iBAAiB,SAAS,iBAAiB,SAAS;AAAA,IACxE;AAAA,EACF;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,WAAW,KAAK,gBAAgB,OAAO,OAAO,KAAK,WAAW,IAAI;AAAA,IAClE,cAAc,KAAK,iBAAiB;AAAA,IACpC,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK,UAAU,YAAY;AAAA,IACrC,cAAc,UAAU,QAAQ;AAAA,IAChC;AAAA,IACA,gBAAgB,wBAAwB,KAAK,WAAW,KAAK,SAAS;AAAA,IACtE;AAAA,IACA,YAAY;AAAA,EACd,CAAC;AACH;AAEA,MAAM,0BAA0B,EAAE,OAAO;AAAA,EACvC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,gBAAgB,EAAE,KAAK,CAAC,OAAO,MAAM,CAAC;AAAA,EACtC,UAAU,EAAE,OAAO;AAAA,EACnB,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,uBAAuB,EAAE,OAAO,EAAE,IAAI;AAAA,EACtC,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAC1C,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAC7C,YAAY,EAAE,OAAO,EAAE,SAAS;AAClC,CAAC;AAED,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,OAAO,EAAE,OAAO;AAAA,EAChB,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,8BAA8B,QAAQ,wBAAwB;AAAA,MAC5F;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,qBAAqB;AAAA,QAC/E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,qBAAqB;AAAA,QACzE,EAAE,QAAQ,KAAK,aAAa,2CAA2C,QAAQ,qBAAqB;AAAA,QACpG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,qBAAqB;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACF;",
4
+ "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { CustomerDeal, CustomerPipeline } from '../../../../data/entities'\nimport { DictionaryEntry } from '@open-mercato/core/modules/dictionaries/data/entities'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { isOrganizationReadAccessAllowed } from '@open-mercato/core/modules/directory/utils/organizationScopeGuard'\n\nexport const metadata = {\n GET: { requireAuth: true, requireFeatures: ['customers.deals.view'] },\n}\n\nconst paramsSchema = z.object({\n id: z.string().uuid(),\n})\n\nfunction notFound(message: string) {\n return NextResponse.json({ error: message }, { status: 404 })\n}\n\nfunction forbidden(message: string) {\n return NextResponse.json({ error: message }, { status: 403 })\n}\n\nfunction badRequest(message: string, code?: string) {\n return NextResponse.json(\n code ? { error: message, code } : { error: message },\n { status: 400 },\n )\n}\n\nfunction startOfIsoWeek(date: Date): Date {\n const value = new Date(date)\n const day = value.getDay()\n const diff = day === 0 ? -6 : 1 - day\n value.setHours(0, 0, 0, 0)\n value.setDate(value.getDate() + diff)\n return value\n}\n\nfunction startOfQuarter(date: Date): Date {\n return new Date(date.getFullYear(), Math.floor(date.getMonth() / 3) * 3, 1)\n}\n\nfunction calculateSalesCycleDays(createdAt: Date, closedAt: Date): number {\n const diffMs = closedAt.getTime() - createdAt.getTime()\n if (diffMs <= 0) return 0\n return Math.floor(diffMs / 86400000)\n}\n\nexport async function GET(request: Request, context: { params?: Record<string, unknown> }) {\n const { translate } = await resolveTranslations()\n const parsedParams = paramsSchema.safeParse(context.params)\n if (!parsedParams.success) {\n return notFound(translate('customers.errors.deal_not_found', 'Deal not found'))\n }\n\n const container = await createRequestContainer()\n const auth = await getAuthFromRequest(request)\n if (!auth?.sub && !auth?.isApiKey) {\n return NextResponse.json({ error: translate('customers.errors.authentication_required', 'Authentication required') }, { status: 401 })\n }\n\n let rbac: RbacService | null = null\n try {\n rbac = (container.resolve('rbacService') as RbacService)\n } catch {\n rbac = null\n }\n\n if (!rbac || !auth?.sub) {\n return forbidden(translate('customers.errors.access_denied', 'Access denied'))\n }\n const hasFeature = await rbac.userHasAllFeatures(auth.sub, ['customers.deals.view'], {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n })\n if (!hasFeature) {\n return forbidden(translate('customers.errors.access_denied', 'Access denied'))\n }\n\n const scope = await resolveOrganizationScopeForRequest({ container, auth, request })\n const em = (container.resolve('em') as EntityManager)\n const deal = await findOneWithDecryption(\n em,\n CustomerDeal,\n { id: parsedParams.data.id, tenantId: auth.tenantId ?? null, deletedAt: null },\n {},\n { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n )\n if (!deal) {\n return notFound(translate('customers.errors.deal_not_found', 'Deal not found'))\n }\n\n if (!isOrganizationReadAccessAllowed({ scope, auth, organizationId: deal.organizationId })) {\n return forbidden(translate('customers.errors.access_denied', 'Access denied'))\n }\n\n if (!deal.closureOutcome) {\n return badRequest(translate('customers.errors.deal_not_closed', 'Deal is not closed'), 'DEAL_NOT_CLOSED')\n }\n\n const now = new Date()\n const weekStart = startOfIsoWeek(now)\n const quarterStart = startOfQuarter(now)\n const dealsClosedThisPeriod = await em.count(CustomerDeal, {\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n closureOutcome: deal.closureOutcome,\n deletedAt: null,\n updatedAt: { $gte: weekStart },\n })\n\n let dealRankInQuarter: number | null = null\n if (deal.closureOutcome === 'won' && deal.valueAmount !== null) {\n const higherValueDeals = await em.count(CustomerDeal, {\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n closureOutcome: 'won',\n deletedAt: null,\n updatedAt: { $gte: quarterStart },\n valueAmount: { $gt: deal.valueAmount },\n })\n dealRankInQuarter = higherValueDeals + 1\n }\n\n const pipeline = deal.pipelineId\n ? await findOneWithDecryption(\n em,\n CustomerPipeline,\n { id: deal.pipelineId, tenantId: deal.tenantId, organizationId: deal.organizationId },\n {},\n { tenantId: deal.tenantId, organizationId: deal.organizationId },\n )\n : null\n\n let lossReasonLabel: string | null = null\n if (deal.lossReasonId) {\n const dictionaryEntry = await findOneWithDecryption(\n em,\n DictionaryEntry,\n {\n id: deal.lossReasonId,\n organizationId: deal.organizationId,\n tenantId: deal.tenantId,\n },\n { populate: ['dictionary'] },\n { tenantId: deal.tenantId, organizationId: deal.organizationId },\n )\n const dictionaryKey =\n dictionaryEntry?.dictionary &&\n typeof (dictionaryEntry.dictionary as { key?: unknown }).key === 'string'\n ? (dictionaryEntry.dictionary as { key: string }).key\n : null\n if (dictionaryKey === 'sales.deal_loss_reason') {\n lossReasonLabel = dictionaryEntry?.label ?? dictionaryEntry?.value ?? null\n }\n }\n\n return NextResponse.json({\n dealValue: deal.valueAmount !== null ? Number(deal.valueAmount) : null,\n dealCurrency: deal.valueCurrency ?? null,\n closureOutcome: deal.closureOutcome,\n closedAt: deal.updatedAt.toISOString(),\n pipelineName: pipeline?.name ?? null,\n dealsClosedThisPeriod,\n salesCycleDays: calculateSalesCycleDays(deal.createdAt, deal.updatedAt),\n dealRankInQuarter,\n lossReason: lossReasonLabel,\n })\n}\n\nconst dealStatsResponseSchema = z.object({\n dealValue: z.number().nullable(),\n dealCurrency: z.string().nullable(),\n closureOutcome: z.enum(['won', 'lost']),\n closedAt: z.string(),\n pipelineName: z.string().nullable(),\n dealsClosedThisPeriod: z.number().int(),\n salesCycleDays: z.number().int().nullable(),\n dealRankInQuarter: z.number().int().nullable(),\n lossReason: z.string().nullable(),\n})\n\nconst dealStatsErrorSchema = z.object({\n error: z.string(),\n code: z.string().optional(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'Customers',\n summary: 'Fetch deal closure stats',\n methods: {\n GET: {\n summary: 'Fetch analytics for a closed deal',\n description: 'Returns week-to-date closure counts, sales cycle length, quarter ranking, and loss reason context for a closed deal.',\n responses: [\n { status: 200, description: 'Deal closure stats payload', schema: dealStatsResponseSchema },\n ],\n errors: [\n { status: 400, description: 'Deal is not closed', schema: dealStatsErrorSchema },\n { status: 401, description: 'Unauthorized', schema: dealStatsErrorSchema },\n { status: 403, description: 'Forbidden for tenant/organization scope', schema: dealStatsErrorSchema },\n { status: 404, description: 'Deal not found', schema: dealStatsErrorSchema },\n ],\n },\n },\n}\n"],
5
+ "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AACnD,SAAS,2BAA2B;AAEpC,SAAS,cAAc,wBAAwB;AAC/C,SAAS,uBAAuB;AAGhC,SAAS,6BAA6B;AACtC,SAAS,uCAAuC;AAEzC,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,sBAAsB,EAAE;AACtE;AAEA,MAAM,eAAe,EAAE,OAAO;AAAA,EAC5B,IAAI,EAAE,OAAO,EAAE,KAAK;AACtB,CAAC;AAED,SAAS,SAAS,SAAiB;AACjC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AAEA,SAAS,UAAU,SAAiB;AAClC,SAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC9D;AAEA,SAAS,WAAW,SAAiB,MAAe;AAClD,SAAO,aAAa;AAAA,IAClB,OAAO,EAAE,OAAO,SAAS,KAAK,IAAI,EAAE,OAAO,QAAQ;AAAA,IACnD,EAAE,QAAQ,IAAI;AAAA,EAChB;AACF;AAEA,SAAS,eAAe,MAAkB;AACxC,QAAM,QAAQ,IAAI,KAAK,IAAI;AAC3B,QAAM,MAAM,MAAM,OAAO;AACzB,QAAM,OAAO,QAAQ,IAAI,KAAK,IAAI;AAClC,QAAM,SAAS,GAAG,GAAG,GAAG,CAAC;AACzB,QAAM,QAAQ,MAAM,QAAQ,IAAI,IAAI;AACpC,SAAO;AACT;AAEA,SAAS,eAAe,MAAkB;AACxC,SAAO,IAAI,KAAK,KAAK,YAAY,GAAG,KAAK,MAAM,KAAK,SAAS,IAAI,CAAC,IAAI,GAAG,CAAC;AAC5E;AAEA,SAAS,wBAAwB,WAAiB,UAAwB;AACxE,QAAM,SAAS,SAAS,QAAQ,IAAI,UAAU,QAAQ;AACtD,MAAI,UAAU,EAAG,QAAO;AACxB,SAAO,KAAK,MAAM,SAAS,KAAQ;AACrC;AAEA,eAAsB,IAAI,SAAkB,SAA+C;AACzF,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,eAAe,aAAa,UAAU,QAAQ,MAAM;AAC1D,MAAI,CAAC,aAAa,SAAS;AACzB,WAAO,SAAS,UAAU,mCAAmC,gBAAgB,CAAC;AAAA,EAChF;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAO,MAAM,mBAAmB,OAAO;AAC7C,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,UAAU,4CAA4C,yBAAyB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvI;AAEA,MAAI,OAA2B;AAC/B,MAAI;AACF,WAAQ,UAAU,QAAQ,aAAa;AAAA,EACzC,QAAQ;AACN,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,CAAC,MAAM,KAAK;AACvB,WAAO,UAAU,UAAU,kCAAkC,eAAe,CAAC;AAAA,EAC/E;AACA,QAAM,aAAa,MAAM,KAAK,mBAAmB,KAAK,KAAK,CAAC,sBAAsB,GAAG;AAAA,IACnF,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,EAChC,CAAC;AACD,MAAI,CAAC,YAAY;AACf,WAAO,UAAU,UAAU,kCAAkC,eAAe,CAAC;AAAA,EAC/E;AAEA,QAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,QAAQ,CAAC;AACnF,QAAM,KAAM,UAAU,QAAQ,IAAI;AAClC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,aAAa,KAAK,IAAI,UAAU,KAAK,YAAY,MAAM,WAAW,KAAK;AAAA,IAC7E,CAAC;AAAA,IACD,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE;AACA,MAAI,CAAC,MAAM;AACT,WAAO,SAAS,UAAU,mCAAmC,gBAAgB,CAAC;AAAA,EAChF;AAEA,MAAI,CAAC,gCAAgC,EAAE,OAAO,MAAM,gBAAgB,KAAK,eAAe,CAAC,GAAG;AAC1F,WAAO,UAAU,UAAU,kCAAkC,eAAe,CAAC;AAAA,EAC/E;AAEA,MAAI,CAAC,KAAK,gBAAgB;AACxB,WAAO,WAAW,UAAU,oCAAoC,oBAAoB,GAAG,iBAAiB;AAAA,EAC1G;AAEA,QAAM,MAAM,oBAAI,KAAK;AACrB,QAAM,YAAY,eAAe,GAAG;AACpC,QAAM,eAAe,eAAe,GAAG;AACvC,QAAM,wBAAwB,MAAM,GAAG,MAAM,cAAc;AAAA,IACzD,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW;AAAA,IACX,WAAW,EAAE,MAAM,UAAU;AAAA,EAC/B,CAAC;AAED,MAAI,oBAAmC;AACvC,MAAI,KAAK,mBAAmB,SAAS,KAAK,gBAAgB,MAAM;AAC9D,UAAM,mBAAmB,MAAM,GAAG,MAAM,cAAc;AAAA,MACpD,gBAAgB,KAAK;AAAA,MACrB,UAAU,KAAK;AAAA,MACf,gBAAgB;AAAA,MAChB,WAAW;AAAA,MACX,WAAW,EAAE,MAAM,aAAa;AAAA,MAChC,aAAa,EAAE,KAAK,KAAK,YAAY;AAAA,IACvC,CAAC;AACD,wBAAoB,mBAAmB;AAAA,EACzC;AAEA,QAAM,WAAW,KAAK,aAClB,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA,EAAE,IAAI,KAAK,YAAY,UAAU,KAAK,UAAU,gBAAgB,KAAK,eAAe;AAAA,IACpF,CAAC;AAAA,IACD,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,eAAe;AAAA,EACjE,IACE;AAEJ,MAAI,kBAAiC;AACrC,MAAI,KAAK,cAAc;AACrB,UAAM,kBAAkB,MAAM;AAAA,MAC5B;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,gBAAgB,KAAK;AAAA,QACrB,UAAU,KAAK;AAAA,MACjB;AAAA,MACA,EAAE,UAAU,CAAC,YAAY,EAAE;AAAA,MAC3B,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,eAAe;AAAA,IACjE;AACA,UAAM,gBACJ,iBAAiB,cACjB,OAAQ,gBAAgB,WAAiC,QAAQ,WAC5D,gBAAgB,WAA+B,MAChD;AACN,QAAI,kBAAkB,0BAA0B;AAC9C,wBAAkB,iBAAiB,SAAS,iBAAiB,SAAS;AAAA,IACxE;AAAA,EACF;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,WAAW,KAAK,gBAAgB,OAAO,OAAO,KAAK,WAAW,IAAI;AAAA,IAClE,cAAc,KAAK,iBAAiB;AAAA,IACpC,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK,UAAU,YAAY;AAAA,IACrC,cAAc,UAAU,QAAQ;AAAA,IAChC;AAAA,IACA,gBAAgB,wBAAwB,KAAK,WAAW,KAAK,SAAS;AAAA,IACtE;AAAA,IACA,YAAY;AAAA,EACd,CAAC;AACH;AAEA,MAAM,0BAA0B,EAAE,OAAO;AAAA,EACvC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,gBAAgB,EAAE,KAAK,CAAC,OAAO,MAAM,CAAC;AAAA,EACtC,UAAU,EAAE,OAAO;AAAA,EACnB,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,uBAAuB,EAAE,OAAO,EAAE,IAAI;AAAA,EACtC,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAC1C,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAC7C,YAAY,EAAE,OAAO,EAAE,SAAS;AAClC,CAAC;AAED,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,OAAO,EAAE,OAAO;AAAA,EAChB,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,8BAA8B,QAAQ,wBAAwB;AAAA,MAC5F;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,qBAAqB;AAAA,QAC/E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,qBAAqB;AAAA,QACzE,EAAE,QAAQ,KAAK,aAAa,2CAA2C,QAAQ,qBAAqB;AAAA,QACpG,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,qBAAqB;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACF;",
6
6
  "names": []
7
7
  }
package/dist/modules/customers/api/entity-roles-factory.js CHANGED
@@ -5,6 +5,7 @@ import { validateCrudMutationGuard, runCrudMutationGuardAfterSuccess } from "@op
5
5
  import { CrudHttpError, isCrudHttpError } from "@open-mercato/shared/lib/crud/errors";
6
6
  import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
7
7
  import { findOneWithDecryption, findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
8
+ import { isOrganizationReadAccessAllowed } from "@open-mercato/core/modules/directory/utils/organizationScopeGuard";
8
9
  import { User } from "@open-mercato/core/modules/auth/data/entities";
9
10
  import { CustomerEntity, CustomerEntityRole } from "../data/entities.js";
10
11
  import { entityRoleCreateSchema, entityRoleUpdateSchema, entityRoleDeleteSchema } from "../data/validators.js";
@@ -54,15 +55,8 @@ async function buildContext(request) {
54
55
  ctx: context.commandContext
55
56
  };
56
57
  }
57
- function collectAllowedOrganizationIds(scope, auth) {
58
- const allowedOrgIds = /* @__PURE__ */ new Set();
59
- if (scope?.filterIds?.length) scope.filterIds.forEach((id) => allowedOrgIds.add(id));
60
- else if (auth.orgId) allowedOrgIds.add(auth.orgId);
61
- return allowedOrgIds;
62
- }
63
58
  function ensureRouteOrganizationAccess(organizationId, scope, auth, translate) {
64
- const allowedOrgIds = collectAllowedOrganizationIds(scope, auth);
65
- if (allowedOrgIds.size > 0 && !allowedOrgIds.has(organizationId)) {
59
+ if (!isOrganizationReadAccessAllowed({ scope, auth, organizationId })) {
66
60
  throw new CrudHttpError(403, { error: translate("customers.errors.access_denied", "Access denied") });
67
61
  }
68
62
  }
package/dist/modules/customers/api/entity-roles-factory.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../src/modules/customers/api/entity-roles-factory.ts"],
4
- "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'\nimport { validateCrudMutationGuard, runCrudMutationGuardAfterSuccess } from '@open-mercato/shared/lib/crud/mutation-guard'\nimport { CrudHttpError, isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { User } from '@open-mercato/core/modules/auth/data/entities'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerEntity, CustomerEntityRole } from '../data/entities'\nimport { entityRoleCreateSchema, entityRoleUpdateSchema, entityRoleDeleteSchema, type EntityRoleCreateInput, type EntityRoleUpdateInput, type EntityRoleDeleteInput } from '../data/validators'\nimport { withScopedPayload } from './utils'\nimport { resolveCustomersRequestContext, resolveAuthActorId } from '../lib/interactionRequestContext'\nimport { deriveDisplayNameFromEmail } from '../lib/displayName'\nimport { withOperationMetadata } from '../lib/operationMetadata'\n\nconst paramsSchema = z.object({ id: z.string().uuid() })\nconst roleIdQuerySchema = z.object({ roleId: z.string().uuid() })\n\nconst createBodySchema = z.object({\n roleType: z.string().trim().min(1).max(100),\n userId: z.string().uuid(),\n})\nconst updateBodySchema = z.object({\n userId: z.string().uuid(),\n})\n\nconst listItemSchema = z.object({\n id: z.string().uuid(),\n entityType: z.enum(['company', 'person']),\n entityId: z.string().uuid(),\n userId: z.string().uuid(),\n userName: z.string().nullable().optional(),\n userEmail: z.string().nullable().optional(),\n userPhone: z.string().nullable().optional(),\n roleType: z.string(),\n createdAt: z.string(),\n updatedAt: z.string(),\n})\n\nconst listResponseSchema = z.object({ items: z.array(listItemSchema) })\nconst okResponseSchema = z.object({ ok: z.boolean() })\nconst createResponseSchema = z.object({ id: z.string().uuid() })\nconst errorSchema = z.object({ error: z.string() })\n\ntype EntityType = 'company' | 'person'\n\ntype Translator = Awaited<ReturnType<typeof resolveTranslations>>['translate']\n\nfunction getRoleContext(entityType: EntityType, entityId: string) {\n const resourceKind = entityType === 'company' ? 'customers.company' : 'customers.person'\n return { entityType, entityId, resourceKind, resourceId: entityId }\n}\n\nfunction buildValidationErrorResponse(error: z.ZodError, translate: Translator) {\n return NextResponse.json(\n { error: translate('customers.errors.validationFailed', 'Validation failed'), fieldErrors: error.flatten().fieldErrors },\n { status: 400 },\n )\n}\n\nasync function buildContext(request: Request) {\n const context = await resolveCustomersRequestContext(request)\n return {\n ...context,\n ctx: context.commandContext,\n }\n}\n\nfunction collectAllowedOrganizationIds(\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n) {\n const allowedOrgIds = new Set<string>()\n if (scope?.filterIds?.length) scope.filterIds.forEach((id) => allowedOrgIds.add(id))\n else if (auth.orgId) allowedOrgIds.add(auth.orgId)\n return allowedOrgIds\n}\n\nfunction ensureRouteOrganizationAccess(\n organizationId: string,\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n translate: Translator,\n) {\n const allowedOrgIds = collectAllowedOrganizationIds(scope, auth)\n if (allowedOrgIds.size > 0 && !allowedOrgIds.has(organizationId)) {\n throw new CrudHttpError(403, { error: translate('customers.errors.access_denied', 'Access denied') })\n }\n}\n\nasync function ensureFeatureOnOrganization(\n container: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['container'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n feature: string,\n organizationId: string,\n translate: Translator,\n) {\n const actorId = resolveAuthActorId(auth)\n if (!actorId) {\n throw new CrudHttpError(401, { error: translate('customers.errors.unauthorized', 'Unauthorized') })\n }\n let rbac: RbacService | undefined\n try {\n rbac = container.resolve('rbacService') as RbacService | undefined\n } catch (err) {\n console.error('[customers.entity-roles-factory] rbacService resolve failed', err)\n rbac = undefined\n }\n if (!rbac) {\n throw new CrudHttpError(500, { error: translate('customers.errors.internal', 'Internal error') })\n }\n const hasFeature = await rbac.userHasAllFeatures(actorId, [feature], {\n tenantId: auth.tenantId,\n organizationId,\n })\n if (!hasFeature) {\n throw new CrudHttpError(403, { error: translate('customers.errors.access_denied', 'Access denied') })\n }\n}\n\nasync function resolveEntityRouteScope(\n em: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['em'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n entityType: EntityType,\n entityId: string,\n translate: Translator,\n) {\n const entity = await findOneWithDecryption(\n em,\n CustomerEntity,\n { id: entityId, kind: entityType, tenantId: auth.tenantId, deletedAt: null },\n undefined,\n { tenantId: auth.tenantId, organizationId: scope?.selectedId ?? auth.orgId ?? null },\n )\n if (!entity || entity.tenantId !== auth.tenantId) {\n throw new CrudHttpError(404, { error: translate('customers.errors.customer_not_found', 'Customer not found') })\n }\n ensureRouteOrganizationAccess(entity.organizationId, scope, auth, translate)\n return {\n entity,\n organizationId: entity.organizationId,\n tenantId: entity.tenantId,\n }\n}\n\nasync function resolveRoleRouteScope(\n em: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['em'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n entityType: EntityType,\n entityId: string,\n roleId: string,\n translate: Translator,\n) {\n const role = await findOneWithDecryption(\n em,\n CustomerEntityRole,\n { id: roleId, tenantId: auth.tenantId, entityType, entityId, deletedAt: null },\n undefined,\n { tenantId: auth.tenantId, organizationId: scope?.selectedId ?? auth.orgId ?? null },\n )\n if (\n !role ||\n role.tenantId !== auth.tenantId ||\n role.entityType !== entityType ||\n role.entityId !== entityId\n ) {\n throw new CrudHttpError(404, { error: translate('customers.errors.role_not_found', 'Role not found') })\n }\n ensureRouteOrganizationAccess(role.organizationId, scope, auth, translate)\n return {\n role,\n organizationId: role.organizationId,\n tenantId: role.tenantId,\n }\n}\n\nfunction createScopedCommandContext(\n ctx: Awaited<ReturnType<typeof buildContext>>['ctx'],\n organizationId: string,\n) {\n return {\n ...ctx,\n selectedOrganizationId: organizationId,\n organizationIds: [organizationId],\n }\n}\n\nexport const entityRolesMetadata = {\n GET: { requireAuth: true, requireFeatures: ['customers.roles.view'] },\n POST: { requireAuth: true, requireFeatures: ['customers.roles.manage'] },\n PUT: { requireAuth: true, requireFeatures: ['customers.roles.manage'] },\n DELETE: { requireAuth: true, requireFeatures: ['customers.roles.manage'] },\n}\n\nexport function buildEntityRolesOpenApi(entityType: EntityType): OpenApiRouteDoc {\n const label = entityType === 'company' ? 'company' : 'person'\n return {\n tag: 'Customers',\n summary: `${label.charAt(0).toUpperCase() + label.slice(1)} role assignments`,\n pathParams: paramsSchema,\n methods: {\n GET: {\n summary: `List roles for a ${label}`,\n responses: [{ status: 200, description: 'Role assignments', schema: listResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n ],\n },\n POST: {\n summary: `Assign a role to a ${label}`,\n requestBody: { contentType: 'application/json', schema: createBodySchema },\n responses: [{ status: 201, description: 'Role created', schema: createResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n { status: 409, description: 'Role already assigned', schema: errorSchema },\n ],\n },\n PUT: {\n summary: `Update a ${label} role assignment`,\n query: roleIdQuerySchema,\n requestBody: { contentType: 'application/json', schema: updateBodySchema },\n responses: [{ status: 200, description: 'Role updated', schema: okResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n { status: 404, description: 'Role not found', schema: errorSchema },\n ],\n },\n DELETE: {\n summary: `Remove a ${label} role assignment`,\n query: roleIdQuerySchema,\n responses: [{ status: 200, description: 'Role deleted', schema: okResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n { status: 404, description: 'Role not found', schema: errorSchema },\n ],\n },\n },\n }\n}\n\nexport function createEntityRolesHandlers(entityType: EntityType) {\n const resourceKind = entityType === 'company' ? 'customers.company' : 'customers.person'\n const logPrefix = entityType === 'company' ? 'customers.company.roles' : 'customers.person.roles'\n\n async function GET(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { container, em, auth, scope } = await buildContext(request)\n const targetScope = await resolveEntityRouteScope(em, auth, scope, entityType, entityId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.view', targetScope.organizationId, translate)\n\n const roles = await findWithDecryption(\n em,\n CustomerEntityRole,\n {\n entityType,\n entityId,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n deletedAt: null,\n },\n { orderBy: { roleType: 'asc' } },\n {\n tenantId: targetScope.tenantId,\n organizationId: targetScope.organizationId,\n },\n )\n\n const userIds = Array.from(new Set(roles.map((role) => role.userId).filter((value): value is string => typeof value === 'string' && value.length > 0)))\n const users = userIds.length\n ? await findWithDecryption(\n em,\n User,\n {\n id: { $in: userIds },\n deletedAt: null,\n ...(targetScope.tenantId ? { tenantId: targetScope.tenantId } : {}),\n },\n undefined,\n {\n tenantId: targetScope.tenantId,\n organizationId: targetScope.organizationId,\n },\n )\n : []\n const userMap = new Map(users.map((user) => [user.id, {\n name: user.name ?? deriveDisplayNameFromEmail(user.email) ?? null,\n email: user.email ?? null,\n phone: null,\n }]))\n\n return NextResponse.json({\n items: roles.map((role) => ({\n ...(userMap.has(role.userId)\n ? {\n userName: userMap.get(role.userId)?.name ?? null,\n userEmail: userMap.get(role.userId)?.email ?? null,\n userPhone: userMap.get(role.userId)?.phone ?? null,\n }\n : {}),\n id: role.id,\n entityType: role.entityType,\n entityId: role.entityId,\n userId: role.userId,\n roleType: role.roleType,\n createdAt: role.createdAt.toISOString(),\n updatedAt: role.updatedAt.toISOString(),\n })),\n })\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.get failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_load_roles', 'Failed to load roles') }, { status: 500 })\n }\n }\n\n async function POST(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { container, em, auth, scope, ctx } = await buildContext(request)\n const targetScope = await resolveEntityRouteScope(em, auth, scope, entityType, entityId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.manage', targetScope.organizationId, translate)\n const commandCtx = createScopedCommandContext(ctx, targetScope.organizationId)\n\n const rawBody = await readJsonSafe<Record<string, unknown>>(request, {})\n const scoped = withScopedPayload(\n {\n ...rawBody,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n ...getRoleContext(entityType, entityId),\n },\n commandCtx,\n translate,\n )\n const parsed = entityRoleCreateSchema.parse(scoped)\n\n const guardUserId = resolveAuthActorId(auth)\n const guardResult = await validateCrudMutationGuard(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, mutationPayload: rawBody,\n })\n if (guardResult && !guardResult.ok) return NextResponse.json(guardResult.body, { status: guardResult.status })\n\n const commandBus = container.resolve('commandBus') as CommandBus\n const { result, logEntry } = await commandBus.execute<EntityRoleCreateInput, { roleId: string }>(\n 'customers.entityRoles.create',\n { input: parsed, ctx: commandCtx },\n )\n\n if (guardResult?.ok && guardResult.shouldRunAfterSuccess) {\n await runCrudMutationGuardAfterSuccess(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, metadata: guardResult.metadata ?? null,\n })\n }\n\n return withOperationMetadata(\n NextResponse.json({ id: result?.roleId ?? null }, { status: 201 }),\n logEntry,\n { resourceKind, resourceId: entityId },\n )\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.post failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_assign_role', 'Failed to assign role') }, { status: 500 })\n }\n }\n\n async function PUT(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { roleId } = roleIdQuerySchema.parse(Object.fromEntries(new URL(request.url).searchParams))\n const { container, em, auth, scope, ctx } = await buildContext(request)\n const targetScope = await resolveRoleRouteScope(em, auth, scope, entityType, entityId, roleId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.manage', targetScope.organizationId, translate)\n const commandCtx = createScopedCommandContext(ctx, targetScope.organizationId)\n\n const rawBody = await readJsonSafe<Record<string, unknown>>(request, {})\n const scoped = withScopedPayload(\n {\n ...rawBody,\n id: roleId,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n },\n commandCtx,\n translate,\n )\n const parsed = entityRoleUpdateSchema.parse(scoped)\n\n const guardUserId = resolveAuthActorId(auth)\n const guardResult = await validateCrudMutationGuard(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, mutationPayload: { roleId, ...rawBody },\n })\n if (guardResult && !guardResult.ok) return NextResponse.json(guardResult.body, { status: guardResult.status })\n\n const commandBus = container.resolve('commandBus') as CommandBus\n const { logEntry } = await commandBus.execute<EntityRoleUpdateInput, { roleId: string }>(\n 'customers.entityRoles.update',\n { input: parsed, ctx: commandCtx },\n )\n\n if (guardResult?.ok && guardResult.shouldRunAfterSuccess) {\n await runCrudMutationGuardAfterSuccess(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, metadata: guardResult.metadata ?? null,\n })\n }\n\n return withOperationMetadata(\n NextResponse.json({ ok: true }),\n logEntry,\n { resourceKind, resourceId: entityId },\n )\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.put failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_update_role', 'Failed to update role') }, { status: 500 })\n }\n }\n\n async function DELETE(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { roleId } = roleIdQuerySchema.parse(Object.fromEntries(new URL(request.url).searchParams))\n const { container, em, auth, scope, ctx } = await buildContext(request)\n const targetScope = await resolveRoleRouteScope(em, auth, scope, entityType, entityId, roleId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.manage', targetScope.organizationId, translate)\n const commandCtx = createScopedCommandContext(ctx, targetScope.organizationId)\n\n const parsed = entityRoleDeleteSchema.parse(\n withScopedPayload(\n {\n id: roleId,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n },\n commandCtx,\n translate,\n ),\n )\n const guardUserId = resolveAuthActorId(auth)\n const guardResult = await validateCrudMutationGuard(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, mutationPayload: { roleId },\n })\n if (guardResult && !guardResult.ok) return NextResponse.json(guardResult.body, { status: guardResult.status })\n\n const commandBus = container.resolve('commandBus') as CommandBus\n const { logEntry } = await commandBus.execute<EntityRoleDeleteInput, { roleId: string }>(\n 'customers.entityRoles.delete',\n { input: parsed, ctx: commandCtx },\n )\n\n if (guardResult?.ok && guardResult.shouldRunAfterSuccess) {\n await runCrudMutationGuardAfterSuccess(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, metadata: guardResult.metadata ?? null,\n })\n }\n\n return withOperationMetadata(\n NextResponse.json({ ok: true }),\n logEntry,\n { resourceKind, resourceId: entityId },\n )\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.delete failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_delete_role', 'Failed to delete role') }, { status: 500 })\n }\n }\n\n return { GET, POST, PUT, DELETE }\n}\n"],
5
- "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAGlB,SAAS,oBAAoB;AAC7B,SAAS,2BAA2B,wCAAwC;AAC5E,SAAS,eAAe,uBAAuB;AAC/C,SAAS,2BAA2B;AACpC,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,YAAY;AAErB,SAAS,gBAAgB,0BAA0B;AACnD,SAAS,wBAAwB,wBAAwB,8BAAkH;AAC3K,SAAS,yBAAyB;AAClC,SAAS,gCAAgC,0BAA0B;AACnE,SAAS,kCAAkC;AAC3C,SAAS,6BAA6B;AAEtC,MAAM,eAAe,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACvD,MAAM,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAEhE,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC1C,QAAQ,EAAE,OAAO,EAAE,KAAK;AAC1B,CAAC;AACD,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,QAAQ,EAAE,OAAO,EAAE,KAAK;AAC1B,CAAC;AAED,MAAM,iBAAiB,EAAE,OAAO;AAAA,EAC9B,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,YAAY,EAAE,KAAK,CAAC,WAAW,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,EAAE,KAAK;AAAA,EAC1B,QAAQ,EAAE,OAAO,EAAE,KAAK;AAAA,EACxB,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,UAAU,EAAE,OAAO;AAAA,EACnB,WAAW,EAAE,OAAO;AAAA,EACpB,WAAW,EAAE,OAAO;AACtB,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,EAAE,CAAC;AACtE,MAAM,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACrD,MAAM,uBAAuB,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC/D,MAAM,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAMlD,SAAS,eAAe,YAAwB,UAAkB;AAChE,QAAM,eAAe,eAAe,YAAY,sBAAsB;AACtE,SAAO,EAAE,YAAY,UAAU,cAAc,YAAY,SAAS;AACpE;AAEA,SAAS,6BAA6B,OAAmB,WAAuB;AAC9E,SAAO,aAAa;AAAA,IAClB,EAAE,OAAO,UAAU,qCAAqC,mBAAmB,GAAG,aAAa,MAAM,QAAQ,EAAE,YAAY;AAAA,IACvH,EAAE,QAAQ,IAAI;AAAA,EAChB;AACF;AAEA,eAAe,aAAa,SAAkB;AAC5C,QAAM,UAAU,MAAM,+BAA+B,OAAO;AAC5D,SAAO;AAAA,IACL,GAAG;AAAA,IACH,KAAK,QAAQ;AAAA,EACf;AACF;AAEA,SAAS,8BACP,OACA,MACA;AACA,QAAM,gBAAgB,oBAAI,IAAY;AACtC,MAAI,OAAO,WAAW,OAAQ,OAAM,UAAU,QAAQ,CAAC,OAAO,cAAc,IAAI,EAAE,CAAC;AAAA,WAC1E,KAAK,MAAO,eAAc,IAAI,KAAK,KAAK;AACjD,SAAO;AACT;AAEA,SAAS,8BACP,gBACA,OACA,MACA,WACA;AACA,QAAM,gBAAgB,8BAA8B,OAAO,IAAI;AAC/D,MAAI,cAAc,OAAO,KAAK,CAAC,cAAc,IAAI,cAAc,GAAG;AAChE,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,kCAAkC,eAAe,EAAE,CAAC;AAAA,EACtG;AACF;AAEA,eAAe,4BACb,WACA,MACA,SACA,gBACA,WACA;AACA,QAAM,UAAU,mBAAmB,IAAI;AACvC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,iCAAiC,cAAc,EAAE,CAAC;AAAA,EACpG;AACA,MAAI;AACJ,MAAI;AACF,WAAO,UAAU,QAAQ,aAAa;AAAA,EACxC,SAAS,KAAK;AACZ,YAAQ,MAAM,+DAA+D,GAAG;AAChF,WAAO;AAAA,EACT;AACA,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,gBAAgB,EAAE,CAAC;AAAA,EAClG;AACA,QAAM,aAAa,MAAM,KAAK,mBAAmB,SAAS,CAAC,OAAO,GAAG;AAAA,IACnE,UAAU,KAAK;AAAA,IACf;AAAA,EACF,CAAC;AACD,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,kCAAkC,eAAe,EAAE,CAAC;AAAA,EACtG;AACF;AAEA,eAAe,wBACb,IACA,MACA,OACA,YACA,UACA,WACA;AACA,QAAM,SAAS,MAAM;AAAA,IACnB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,UAAU,MAAM,YAAY,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC3E;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,OAAO,cAAc,KAAK,SAAS,KAAK;AAAA,EACrF;AACA,MAAI,CAAC,UAAU,OAAO,aAAa,KAAK,UAAU;AAChD,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,uCAAuC,oBAAoB,EAAE,CAAC;AAAA,EAChH;AACA,gCAA8B,OAAO,gBAAgB,OAAO,MAAM,SAAS;AAC3E,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB,OAAO;AAAA,IACvB,UAAU,OAAO;AAAA,EACnB;AACF;AAEA,eAAe,sBACb,IACA,MACA,OACA,YACA,UACA,QACA,WACA;AACA,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,QAAQ,UAAU,KAAK,UAAU,YAAY,UAAU,WAAW,KAAK;AAAA,IAC7E;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,OAAO,cAAc,KAAK,SAAS,KAAK;AAAA,EACrF;AACA,MACE,CAAC,QACD,KAAK,aAAa,KAAK,YACvB,KAAK,eAAe,cACpB,KAAK,aAAa,UAClB;AACA,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,mCAAmC,gBAAgB,EAAE,CAAC;AAAA,EACxG;AACA,gCAA8B,KAAK,gBAAgB,OAAO,MAAM,SAAS;AACzE,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK;AAAA,EACjB;AACF;AAEA,SAAS,2BACP,KACA,gBACA;AACA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,wBAAwB;AAAA,IACxB,iBAAiB,CAAC,cAAc;AAAA,EAClC;AACF;AAEO,MAAM,sBAAsB;AAAA,EACjC,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,sBAAsB,EAAE;AAAA,EACpE,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AAAA,EACvE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AAAA,EACtE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AAC3E;AAEO,SAAS,wBAAwB,YAAyC;AAC/E,QAAM,QAAQ,eAAe,YAAY,YAAY;AACrD,SAAO;AAAA,IACL,KAAK;AAAA,IACL,SAAS,GAAG,MAAM,OAAO,CAAC,EAAE,YAAY,IAAI,MAAM,MAAM,CAAC,CAAC;AAAA,IAC1D,YAAY;AAAA,IACZ,SAAS;AAAA,MACP,KAAK;AAAA,QACH,SAAS,oBAAoB,KAAK;AAAA,QAClC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,mBAAmB,CAAC;AAAA,QACxF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,QAClE;AAAA,MACF;AAAA,MACA,MAAM;AAAA,QACJ,SAAS,sBAAsB,KAAK;AAAA,QACpC,aAAa,EAAE,aAAa,oBAAoB,QAAQ,iBAAiB;AAAA,QACzE,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,qBAAqB,CAAC;AAAA,QACtF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,UAChE,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,YAAY;AAAA,QAC3E;AAAA,MACF;AAAA,MACA,KAAK;AAAA,QACH,SAAS,YAAY,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,aAAa,EAAE,aAAa,oBAAoB,QAAQ,iBAAiB;AAAA,QACzE,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB,CAAC;AAAA,QAClF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,UAChE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,QACpE;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,SAAS,YAAY,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB,CAAC;AAAA,QAClF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,UAChE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,QACpE;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,0BAA0B,YAAwB;AAChE,QAAM,eAAe,eAAe,YAAY,sBAAsB;AACtE,QAAM,YAAY,eAAe,YAAY,4BAA4B;AAEzE,iBAAe,IAAI,SAAkB,EAAE,OAAO,GAA+B;AAC3E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,WAAW,IAAI,MAAM,MAAM,IAAI,MAAM,aAAa,OAAO;AACjE,YAAM,cAAc,MAAM,wBAAwB,IAAI,MAAM,OAAO,YAAY,UAAU,SAAS;AAClG,YAAM,4BAA4B,WAAW,MAAM,wBAAwB,YAAY,gBAAgB,SAAS;AAEhH,YAAM,QAAQ,MAAM;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA,UACE;AAAA,UACA;AAAA,UACA,gBAAgB,YAAY;AAAA,UAC5B,UAAU,YAAY;AAAA,UACtB,WAAW;AAAA,QACb;AAAA,QACA,EAAE,SAAS,EAAE,UAAU,MAAM,EAAE;AAAA,QAC/B;AAAA,UACE,UAAU,YAAY;AAAA,UACtB,gBAAgB,YAAY;AAAA,QAC9B;AAAA,MACF;AAEA,YAAM,UAAU,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,OAAO,CAAC,UAA2B,OAAO,UAAU,YAAY,MAAM,SAAS,CAAC,CAAC,CAAC;AACtJ,YAAM,QAAQ,QAAQ,SAClB,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA;AAAA,UACE,IAAI,EAAE,KAAK,QAAQ;AAAA,UACnB,WAAW;AAAA,UACX,GAAI,YAAY,WAAW,EAAE,UAAU,YAAY,SAAS,IAAI,CAAC;AAAA,QACnE;AAAA,QACA;AAAA,QACA;AAAA,UACE,UAAU,YAAY;AAAA,UACtB,gBAAgB,YAAY;AAAA,QAC9B;AAAA,MACF,IACA,CAAC;AACL,YAAM,UAAU,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;AAAA,QACpD,MAAM,KAAK,QAAQ,2BAA2B,KAAK,KAAK,KAAK;AAAA,QAC7D,OAAO,KAAK,SAAS;AAAA,QACrB,OAAO;AAAA,MACT,CAAC,CAAC,CAAC;AAEH,aAAO,aAAa,KAAK;AAAA,QACvB,OAAO,MAAM,IAAI,CAAC,UAAU;AAAA,UAC1B,GAAI,QAAQ,IAAI,KAAK,MAAM,IACvB;AAAA,YACE,UAAU,QAAQ,IAAI,KAAK,MAAM,GAAG,QAAQ;AAAA,YAC5C,WAAW,QAAQ,IAAI,KAAK,MAAM,GAAG,SAAS;AAAA,YAC9C,WAAW,QAAQ,IAAI,KAAK,MAAM,GAAG,SAAS;AAAA,UAChD,IACA,CAAC;AAAA,UACL,IAAI,KAAK;AAAA,UACT,YAAY,KAAK;AAAA,UACjB,UAAU,KAAK;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,UAAU,KAAK;AAAA,UACf,WAAW,KAAK,UAAU,YAAY;AAAA,UACtC,WAAW,KAAK,UAAU,YAAY;AAAA,QACxC,EAAE;AAAA,MACJ,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,eAAe,GAAG;AAC5C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,yCAAyC,sBAAsB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACjI;AAAA,EACF;AAEA,iBAAe,KAAK,SAAkB,EAAE,OAAO,GAA+B;AAC5E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,IAAI,IAAI,MAAM,aAAa,OAAO;AACtE,YAAM,cAAc,MAAM,wBAAwB,IAAI,MAAM,OAAO,YAAY,UAAU,SAAS;AAClG,YAAM,4BAA4B,WAAW,MAAM,0BAA0B,YAAY,gBAAgB,SAAS;AAClH,YAAM,aAAa,2BAA2B,KAAK,YAAY,cAAc;AAE7E,YAAM,UAAU,MAAM,aAAsC,SAAS,CAAC,CAAC;AACvE,YAAM,SAAS;AAAA,QACb;AAAA,UACE,GAAG;AAAA,UACH,gBAAgB,YAAY;AAAA,UAC5B,UAAU,YAAY;AAAA,UACtB,GAAG,eAAe,YAAY,QAAQ;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,SAAS,uBAAuB,MAAM,MAAM;AAElD,YAAM,cAAc,mBAAmB,IAAI;AAC3C,YAAM,cAAc,MAAM,0BAA0B,WAAW;AAAA,QAC7D,UAAU,YAAY;AAAA,QAAU,gBAAgB,YAAY;AAAA,QAAgB,QAAQ;AAAA,QACpF;AAAA,QAAc,YAAY;AAAA,QAAU,WAAW;AAAA,QAC/C,eAAe,QAAQ;AAAA,QAAQ,gBAAgB,QAAQ;AAAA,QAAS,iBAAiB;AAAA,MACnF,CAAC;AACD,UAAI,eAAe,CAAC,YAAY,GAAI,QAAO,aAAa,KAAK,YAAY,MAAM,EAAE,QAAQ,YAAY,OAAO,CAAC;AAE7G,YAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,YAAM,EAAE,QAAQ,SAAS,IAAI,MAAM,WAAW;AAAA,QAC5C;AAAA,QACA,EAAE,OAAO,QAAQ,KAAK,WAAW;AAAA,MACnC;AAEA,UAAI,aAAa,MAAM,YAAY,uBAAuB;AACxD,cAAM,iCAAiC,WAAW;AAAA,UAChD,UAAU,YAAY;AAAA,UAAU,gBAAgB,YAAY;AAAA,UAAgB,QAAQ;AAAA,UACpF;AAAA,UAAc,YAAY;AAAA,UAAU,WAAW;AAAA,UAC/C,eAAe,QAAQ;AAAA,UAAQ,gBAAgB,QAAQ;AAAA,UAAS,UAAU,YAAY,YAAY;AAAA,QACpG,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,aAAa,KAAK,EAAE,IAAI,QAAQ,UAAU,KAAK,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,QACjE;AAAA,QACA,EAAE,cAAc,YAAY,SAAS;AAAA,MACvC;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,gBAAgB,GAAG;AAC7C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,0CAA0C,uBAAuB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACnI;AAAA,EACF;AAEA,iBAAe,IAAI,SAAkB,EAAE,OAAO,GAA+B;AAC3E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,OAAO,IAAI,kBAAkB,MAAM,OAAO,YAAY,IAAI,IAAI,QAAQ,GAAG,EAAE,YAAY,CAAC;AAChG,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,IAAI,IAAI,MAAM,aAAa,OAAO;AACtE,YAAM,cAAc,MAAM,sBAAsB,IAAI,MAAM,OAAO,YAAY,UAAU,QAAQ,SAAS;AACxG,YAAM,4BAA4B,WAAW,MAAM,0BAA0B,YAAY,gBAAgB,SAAS;AAClH,YAAM,aAAa,2BAA2B,KAAK,YAAY,cAAc;AAE7E,YAAM,UAAU,MAAM,aAAsC,SAAS,CAAC,CAAC;AACvE,YAAM,SAAS;AAAA,QACb;AAAA,UACE,GAAG;AAAA,UACH,IAAI;AAAA,UACJ,gBAAgB,YAAY;AAAA,UAC5B,UAAU,YAAY;AAAA,QACxB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,SAAS,uBAAuB,MAAM,MAAM;AAElD,YAAM,cAAc,mBAAmB,IAAI;AAC3C,YAAM,cAAc,MAAM,0BAA0B,WAAW;AAAA,QAC7D,UAAU,YAAY;AAAA,QAAU,gBAAgB,YAAY;AAAA,QAAgB,QAAQ;AAAA,QACpF;AAAA,QAAc,YAAY;AAAA,QAAU,WAAW;AAAA,QAC/C,eAAe,QAAQ;AAAA,QAAQ,gBAAgB,QAAQ;AAAA,QAAS,iBAAiB,EAAE,QAAQ,GAAG,QAAQ;AAAA,MACxG,CAAC;AACD,UAAI,eAAe,CAAC,YAAY,GAAI,QAAO,aAAa,KAAK,YAAY,MAAM,EAAE,QAAQ,YAAY,OAAO,CAAC;AAE7G,YAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,YAAM,EAAE,SAAS,IAAI,MAAM,WAAW;AAAA,QACpC;AAAA,QACA,EAAE,OAAO,QAAQ,KAAK,WAAW;AAAA,MACnC;AAEA,UAAI,aAAa,MAAM,YAAY,uBAAuB;AACxD,cAAM,iCAAiC,WAAW;AAAA,UAChD,UAAU,YAAY;AAAA,UAAU,gBAAgB,YAAY;AAAA,UAAgB,QAAQ;AAAA,UACpF;AAAA,UAAc,YAAY;AAAA,UAAU,WAAW;AAAA,UAC/C,eAAe,QAAQ;AAAA,UAAQ,gBAAgB,QAAQ;AAAA,UAAS,UAAU,YAAY,YAAY;AAAA,QACpG,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,QAC9B;AAAA,QACA,EAAE,cAAc,YAAY,SAAS;AAAA,MACvC;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,eAAe,GAAG;AAC5C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,0CAA0C,uBAAuB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACnI;AAAA,EACF;AAEA,iBAAe,OAAO,SAAkB,EAAE,OAAO,GAA+B;AAC9E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,OAAO,IAAI,kBAAkB,MAAM,OAAO,YAAY,IAAI,IAAI,QAAQ,GAAG,EAAE,YAAY,CAAC;AAChG,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,IAAI,IAAI,MAAM,aAAa,OAAO;AACtE,YAAM,cAAc,MAAM,sBAAsB,IAAI,MAAM,OAAO,YAAY,UAAU,QAAQ,SAAS;AACxG,YAAM,4BAA4B,WAAW,MAAM,0BAA0B,YAAY,gBAAgB,SAAS;AAClH,YAAM,aAAa,2BAA2B,KAAK,YAAY,cAAc;AAE7E,YAAM,SAAS,uBAAuB;AAAA,QACpC;AAAA,UACE;AAAA,YACE,IAAI;AAAA,YACJ,gBAAgB,YAAY;AAAA,YAC5B,UAAU,YAAY;AAAA,UACxB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,YAAM,cAAc,mBAAmB,IAAI;AAC3C,YAAM,cAAc,MAAM,0BAA0B,WAAW;AAAA,QAC7D,UAAU,YAAY;AAAA,QAAU,gBAAgB,YAAY;AAAA,QAAgB,QAAQ;AAAA,QACpF;AAAA,QAAc,YAAY;AAAA,QAAU,WAAW;AAAA,QAC/C,eAAe,QAAQ;AAAA,QAAQ,gBAAgB,QAAQ;AAAA,QAAS,iBAAiB,EAAE,OAAO;AAAA,MAC5F,CAAC;AACD,UAAI,eAAe,CAAC,YAAY,GAAI,QAAO,aAAa,KAAK,YAAY,MAAM,EAAE,QAAQ,YAAY,OAAO,CAAC;AAE7G,YAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,YAAM,EAAE,SAAS,IAAI,MAAM,WAAW;AAAA,QACpC;AAAA,QACA,EAAE,OAAO,QAAQ,KAAK,WAAW;AAAA,MACnC;AAEA,UAAI,aAAa,MAAM,YAAY,uBAAuB;AACxD,cAAM,iCAAiC,WAAW;AAAA,UAChD,UAAU,YAAY;AAAA,UAAU,gBAAgB,YAAY;AAAA,UAAgB,QAAQ;AAAA,UACpF;AAAA,UAAc,YAAY;AAAA,UAAU,WAAW;AAAA,UAC/C,eAAe,QAAQ;AAAA,UAAQ,gBAAgB,QAAQ;AAAA,UAAS,UAAU,YAAY,YAAY;AAAA,QACpG,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,QAC9B;AAAA,QACA,EAAE,cAAc,YAAY,SAAS;AAAA,MACvC;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,kBAAkB,GAAG;AAC/C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,0CAA0C,uBAAuB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACnI;AAAA,EACF;AAEA,SAAO,EAAE,KAAK,MAAM,KAAK,OAAO;AAClC;",
4
+ "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'\nimport { validateCrudMutationGuard, runCrudMutationGuardAfterSuccess } from '@open-mercato/shared/lib/crud/mutation-guard'\nimport { CrudHttpError, isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { isOrganizationReadAccessAllowed } from '@open-mercato/core/modules/directory/utils/organizationScopeGuard'\nimport { User } from '@open-mercato/core/modules/auth/data/entities'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerEntity, CustomerEntityRole } from '../data/entities'\nimport { entityRoleCreateSchema, entityRoleUpdateSchema, entityRoleDeleteSchema, type EntityRoleCreateInput, type EntityRoleUpdateInput, type EntityRoleDeleteInput } from '../data/validators'\nimport { withScopedPayload } from './utils'\nimport { resolveCustomersRequestContext, resolveAuthActorId } from '../lib/interactionRequestContext'\nimport { deriveDisplayNameFromEmail } from '../lib/displayName'\nimport { withOperationMetadata } from '../lib/operationMetadata'\n\nconst paramsSchema = z.object({ id: z.string().uuid() })\nconst roleIdQuerySchema = z.object({ roleId: z.string().uuid() })\n\nconst createBodySchema = z.object({\n roleType: z.string().trim().min(1).max(100),\n userId: z.string().uuid(),\n})\nconst updateBodySchema = z.object({\n userId: z.string().uuid(),\n})\n\nconst listItemSchema = z.object({\n id: z.string().uuid(),\n entityType: z.enum(['company', 'person']),\n entityId: z.string().uuid(),\n userId: z.string().uuid(),\n userName: z.string().nullable().optional(),\n userEmail: z.string().nullable().optional(),\n userPhone: z.string().nullable().optional(),\n roleType: z.string(),\n createdAt: z.string(),\n updatedAt: z.string(),\n})\n\nconst listResponseSchema = z.object({ items: z.array(listItemSchema) })\nconst okResponseSchema = z.object({ ok: z.boolean() })\nconst createResponseSchema = z.object({ id: z.string().uuid() })\nconst errorSchema = z.object({ error: z.string() })\n\ntype EntityType = 'company' | 'person'\n\ntype Translator = Awaited<ReturnType<typeof resolveTranslations>>['translate']\n\nfunction getRoleContext(entityType: EntityType, entityId: string) {\n const resourceKind = entityType === 'company' ? 'customers.company' : 'customers.person'\n return { entityType, entityId, resourceKind, resourceId: entityId }\n}\n\nfunction buildValidationErrorResponse(error: z.ZodError, translate: Translator) {\n return NextResponse.json(\n { error: translate('customers.errors.validationFailed', 'Validation failed'), fieldErrors: error.flatten().fieldErrors },\n { status: 400 },\n )\n}\n\nasync function buildContext(request: Request) {\n const context = await resolveCustomersRequestContext(request)\n return {\n ...context,\n ctx: context.commandContext,\n }\n}\n\nfunction ensureRouteOrganizationAccess(\n organizationId: string,\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n translate: Translator,\n) {\n if (!isOrganizationReadAccessAllowed({ scope, auth, organizationId })) {\n throw new CrudHttpError(403, { error: translate('customers.errors.access_denied', 'Access denied') })\n }\n}\n\nasync function ensureFeatureOnOrganization(\n container: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['container'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n feature: string,\n organizationId: string,\n translate: Translator,\n) {\n const actorId = resolveAuthActorId(auth)\n if (!actorId) {\n throw new CrudHttpError(401, { error: translate('customers.errors.unauthorized', 'Unauthorized') })\n }\n let rbac: RbacService | undefined\n try {\n rbac = container.resolve('rbacService') as RbacService | undefined\n } catch (err) {\n console.error('[customers.entity-roles-factory] rbacService resolve failed', err)\n rbac = undefined\n }\n if (!rbac) {\n throw new CrudHttpError(500, { error: translate('customers.errors.internal', 'Internal error') })\n }\n const hasFeature = await rbac.userHasAllFeatures(actorId, [feature], {\n tenantId: auth.tenantId,\n organizationId,\n })\n if (!hasFeature) {\n throw new CrudHttpError(403, { error: translate('customers.errors.access_denied', 'Access denied') })\n }\n}\n\nasync function resolveEntityRouteScope(\n em: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['em'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n entityType: EntityType,\n entityId: string,\n translate: Translator,\n) {\n const entity = await findOneWithDecryption(\n em,\n CustomerEntity,\n { id: entityId, kind: entityType, tenantId: auth.tenantId, deletedAt: null },\n undefined,\n { tenantId: auth.tenantId, organizationId: scope?.selectedId ?? auth.orgId ?? null },\n )\n if (!entity || entity.tenantId !== auth.tenantId) {\n throw new CrudHttpError(404, { error: translate('customers.errors.customer_not_found', 'Customer not found') })\n }\n ensureRouteOrganizationAccess(entity.organizationId, scope, auth, translate)\n return {\n entity,\n organizationId: entity.organizationId,\n tenantId: entity.tenantId,\n }\n}\n\nasync function resolveRoleRouteScope(\n em: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['em'],\n auth: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['auth'],\n scope: Awaited<ReturnType<typeof resolveCustomersRequestContext>>['scope'],\n entityType: EntityType,\n entityId: string,\n roleId: string,\n translate: Translator,\n) {\n const role = await findOneWithDecryption(\n em,\n CustomerEntityRole,\n { id: roleId, tenantId: auth.tenantId, entityType, entityId, deletedAt: null },\n undefined,\n { tenantId: auth.tenantId, organizationId: scope?.selectedId ?? auth.orgId ?? null },\n )\n if (\n !role ||\n role.tenantId !== auth.tenantId ||\n role.entityType !== entityType ||\n role.entityId !== entityId\n ) {\n throw new CrudHttpError(404, { error: translate('customers.errors.role_not_found', 'Role not found') })\n }\n ensureRouteOrganizationAccess(role.organizationId, scope, auth, translate)\n return {\n role,\n organizationId: role.organizationId,\n tenantId: role.tenantId,\n }\n}\n\nfunction createScopedCommandContext(\n ctx: Awaited<ReturnType<typeof buildContext>>['ctx'],\n organizationId: string,\n) {\n return {\n ...ctx,\n selectedOrganizationId: organizationId,\n organizationIds: [organizationId],\n }\n}\n\nexport const entityRolesMetadata = {\n GET: { requireAuth: true, requireFeatures: ['customers.roles.view'] },\n POST: { requireAuth: true, requireFeatures: ['customers.roles.manage'] },\n PUT: { requireAuth: true, requireFeatures: ['customers.roles.manage'] },\n DELETE: { requireAuth: true, requireFeatures: ['customers.roles.manage'] },\n}\n\nexport function buildEntityRolesOpenApi(entityType: EntityType): OpenApiRouteDoc {\n const label = entityType === 'company' ? 'company' : 'person'\n return {\n tag: 'Customers',\n summary: `${label.charAt(0).toUpperCase() + label.slice(1)} role assignments`,\n pathParams: paramsSchema,\n methods: {\n GET: {\n summary: `List roles for a ${label}`,\n responses: [{ status: 200, description: 'Role assignments', schema: listResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n ],\n },\n POST: {\n summary: `Assign a role to a ${label}`,\n requestBody: { contentType: 'application/json', schema: createBodySchema },\n responses: [{ status: 201, description: 'Role created', schema: createResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n { status: 409, description: 'Role already assigned', schema: errorSchema },\n ],\n },\n PUT: {\n summary: `Update a ${label} role assignment`,\n query: roleIdQuerySchema,\n requestBody: { contentType: 'application/json', schema: updateBodySchema },\n responses: [{ status: 200, description: 'Role updated', schema: okResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n { status: 404, description: 'Role not found', schema: errorSchema },\n ],\n },\n DELETE: {\n summary: `Remove a ${label} role assignment`,\n query: roleIdQuerySchema,\n responses: [{ status: 200, description: 'Role deleted', schema: okResponseSchema }],\n errors: [\n { status: 400, description: 'Invalid request', schema: errorSchema },\n { status: 401, description: 'Unauthorized', schema: errorSchema },\n { status: 404, description: 'Role not found', schema: errorSchema },\n ],\n },\n },\n }\n}\n\nexport function createEntityRolesHandlers(entityType: EntityType) {\n const resourceKind = entityType === 'company' ? 'customers.company' : 'customers.person'\n const logPrefix = entityType === 'company' ? 'customers.company.roles' : 'customers.person.roles'\n\n async function GET(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { container, em, auth, scope } = await buildContext(request)\n const targetScope = await resolveEntityRouteScope(em, auth, scope, entityType, entityId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.view', targetScope.organizationId, translate)\n\n const roles = await findWithDecryption(\n em,\n CustomerEntityRole,\n {\n entityType,\n entityId,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n deletedAt: null,\n },\n { orderBy: { roleType: 'asc' } },\n {\n tenantId: targetScope.tenantId,\n organizationId: targetScope.organizationId,\n },\n )\n\n const userIds = Array.from(new Set(roles.map((role) => role.userId).filter((value): value is string => typeof value === 'string' && value.length > 0)))\n const users = userIds.length\n ? await findWithDecryption(\n em,\n User,\n {\n id: { $in: userIds },\n deletedAt: null,\n ...(targetScope.tenantId ? { tenantId: targetScope.tenantId } : {}),\n },\n undefined,\n {\n tenantId: targetScope.tenantId,\n organizationId: targetScope.organizationId,\n },\n )\n : []\n const userMap = new Map(users.map((user) => [user.id, {\n name: user.name ?? deriveDisplayNameFromEmail(user.email) ?? null,\n email: user.email ?? null,\n phone: null,\n }]))\n\n return NextResponse.json({\n items: roles.map((role) => ({\n ...(userMap.has(role.userId)\n ? {\n userName: userMap.get(role.userId)?.name ?? null,\n userEmail: userMap.get(role.userId)?.email ?? null,\n userPhone: userMap.get(role.userId)?.phone ?? null,\n }\n : {}),\n id: role.id,\n entityType: role.entityType,\n entityId: role.entityId,\n userId: role.userId,\n roleType: role.roleType,\n createdAt: role.createdAt.toISOString(),\n updatedAt: role.updatedAt.toISOString(),\n })),\n })\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.get failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_load_roles', 'Failed to load roles') }, { status: 500 })\n }\n }\n\n async function POST(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { container, em, auth, scope, ctx } = await buildContext(request)\n const targetScope = await resolveEntityRouteScope(em, auth, scope, entityType, entityId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.manage', targetScope.organizationId, translate)\n const commandCtx = createScopedCommandContext(ctx, targetScope.organizationId)\n\n const rawBody = await readJsonSafe<Record<string, unknown>>(request, {})\n const scoped = withScopedPayload(\n {\n ...rawBody,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n ...getRoleContext(entityType, entityId),\n },\n commandCtx,\n translate,\n )\n const parsed = entityRoleCreateSchema.parse(scoped)\n\n const guardUserId = resolveAuthActorId(auth)\n const guardResult = await validateCrudMutationGuard(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, mutationPayload: rawBody,\n })\n if (guardResult && !guardResult.ok) return NextResponse.json(guardResult.body, { status: guardResult.status })\n\n const commandBus = container.resolve('commandBus') as CommandBus\n const { result, logEntry } = await commandBus.execute<EntityRoleCreateInput, { roleId: string }>(\n 'customers.entityRoles.create',\n { input: parsed, ctx: commandCtx },\n )\n\n if (guardResult?.ok && guardResult.shouldRunAfterSuccess) {\n await runCrudMutationGuardAfterSuccess(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, metadata: guardResult.metadata ?? null,\n })\n }\n\n return withOperationMetadata(\n NextResponse.json({ id: result?.roleId ?? null }, { status: 201 }),\n logEntry,\n { resourceKind, resourceId: entityId },\n )\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.post failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_assign_role', 'Failed to assign role') }, { status: 500 })\n }\n }\n\n async function PUT(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { roleId } = roleIdQuerySchema.parse(Object.fromEntries(new URL(request.url).searchParams))\n const { container, em, auth, scope, ctx } = await buildContext(request)\n const targetScope = await resolveRoleRouteScope(em, auth, scope, entityType, entityId, roleId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.manage', targetScope.organizationId, translate)\n const commandCtx = createScopedCommandContext(ctx, targetScope.organizationId)\n\n const rawBody = await readJsonSafe<Record<string, unknown>>(request, {})\n const scoped = withScopedPayload(\n {\n ...rawBody,\n id: roleId,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n },\n commandCtx,\n translate,\n )\n const parsed = entityRoleUpdateSchema.parse(scoped)\n\n const guardUserId = resolveAuthActorId(auth)\n const guardResult = await validateCrudMutationGuard(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, mutationPayload: { roleId, ...rawBody },\n })\n if (guardResult && !guardResult.ok) return NextResponse.json(guardResult.body, { status: guardResult.status })\n\n const commandBus = container.resolve('commandBus') as CommandBus\n const { logEntry } = await commandBus.execute<EntityRoleUpdateInput, { roleId: string }>(\n 'customers.entityRoles.update',\n { input: parsed, ctx: commandCtx },\n )\n\n if (guardResult?.ok && guardResult.shouldRunAfterSuccess) {\n await runCrudMutationGuardAfterSuccess(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, metadata: guardResult.metadata ?? null,\n })\n }\n\n return withOperationMetadata(\n NextResponse.json({ ok: true }),\n logEntry,\n { resourceKind, resourceId: entityId },\n )\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.put failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_update_role', 'Failed to update role') }, { status: 500 })\n }\n }\n\n async function DELETE(request: Request, { params }: { params: { id: string } }) {\n const { translate } = await resolveTranslations()\n try {\n const { id: entityId } = paramsSchema.parse(params)\n const { roleId } = roleIdQuerySchema.parse(Object.fromEntries(new URL(request.url).searchParams))\n const { container, em, auth, scope, ctx } = await buildContext(request)\n const targetScope = await resolveRoleRouteScope(em, auth, scope, entityType, entityId, roleId, translate)\n await ensureFeatureOnOrganization(container, auth, 'customers.roles.manage', targetScope.organizationId, translate)\n const commandCtx = createScopedCommandContext(ctx, targetScope.organizationId)\n\n const parsed = entityRoleDeleteSchema.parse(\n withScopedPayload(\n {\n id: roleId,\n organizationId: targetScope.organizationId,\n tenantId: targetScope.tenantId,\n },\n commandCtx,\n translate,\n ),\n )\n const guardUserId = resolveAuthActorId(auth)\n const guardResult = await validateCrudMutationGuard(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, mutationPayload: { roleId },\n })\n if (guardResult && !guardResult.ok) return NextResponse.json(guardResult.body, { status: guardResult.status })\n\n const commandBus = container.resolve('commandBus') as CommandBus\n const { logEntry } = await commandBus.execute<EntityRoleDeleteInput, { roleId: string }>(\n 'customers.entityRoles.delete',\n { input: parsed, ctx: commandCtx },\n )\n\n if (guardResult?.ok && guardResult.shouldRunAfterSuccess) {\n await runCrudMutationGuardAfterSuccess(container, {\n tenantId: targetScope.tenantId, organizationId: targetScope.organizationId, userId: guardUserId,\n resourceKind, resourceId: entityId, operation: 'custom',\n requestMethod: request.method, requestHeaders: request.headers, metadata: guardResult.metadata ?? null,\n })\n }\n\n return withOperationMetadata(\n NextResponse.json({ ok: true }),\n logEntry,\n { resourceKind, resourceId: entityId },\n )\n } catch (err) {\n if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n if (err instanceof z.ZodError) return buildValidationErrorResponse(err, translate)\n console.error(`${logPrefix}.delete failed`, err)\n return NextResponse.json({ error: translate('customers.errors.failed_to_delete_role', 'Failed to delete role') }, { status: 500 })\n }\n }\n\n return { GET, POST, PUT, DELETE }\n}\n"],
5
+ "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAGlB,SAAS,oBAAoB;AAC7B,SAAS,2BAA2B,wCAAwC;AAC5E,SAAS,eAAe,uBAAuB;AAC/C,SAAS,2BAA2B;AACpC,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,uCAAuC;AAChD,SAAS,YAAY;AAErB,SAAS,gBAAgB,0BAA0B;AACnD,SAAS,wBAAwB,wBAAwB,8BAAkH;AAC3K,SAAS,yBAAyB;AAClC,SAAS,gCAAgC,0BAA0B;AACnE,SAAS,kCAAkC;AAC3C,SAAS,6BAA6B;AAEtC,MAAM,eAAe,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACvD,MAAM,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAEhE,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAC1C,QAAQ,EAAE,OAAO,EAAE,KAAK;AAC1B,CAAC;AACD,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,QAAQ,EAAE,OAAO,EAAE,KAAK;AAC1B,CAAC;AAED,MAAM,iBAAiB,EAAE,OAAO;AAAA,EAC9B,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,YAAY,EAAE,KAAK,CAAC,WAAW,QAAQ,CAAC;AAAA,EACxC,UAAU,EAAE,OAAO,EAAE,KAAK;AAAA,EAC1B,QAAQ,EAAE,OAAO,EAAE,KAAK;AAAA,EACxB,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,UAAU,EAAE,OAAO;AAAA,EACnB,WAAW,EAAE,OAAO;AAAA,EACpB,WAAW,EAAE,OAAO;AACtB,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,EAAE,CAAC;AACtE,MAAM,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AACrD,MAAM,uBAAuB,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC/D,MAAM,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAMlD,SAAS,eAAe,YAAwB,UAAkB;AAChE,QAAM,eAAe,eAAe,YAAY,sBAAsB;AACtE,SAAO,EAAE,YAAY,UAAU,cAAc,YAAY,SAAS;AACpE;AAEA,SAAS,6BAA6B,OAAmB,WAAuB;AAC9E,SAAO,aAAa;AAAA,IAClB,EAAE,OAAO,UAAU,qCAAqC,mBAAmB,GAAG,aAAa,MAAM,QAAQ,EAAE,YAAY;AAAA,IACvH,EAAE,QAAQ,IAAI;AAAA,EAChB;AACF;AAEA,eAAe,aAAa,SAAkB;AAC5C,QAAM,UAAU,MAAM,+BAA+B,OAAO;AAC5D,SAAO;AAAA,IACL,GAAG;AAAA,IACH,KAAK,QAAQ;AAAA,EACf;AACF;AAEA,SAAS,8BACP,gBACA,OACA,MACA,WACA;AACA,MAAI,CAAC,gCAAgC,EAAE,OAAO,MAAM,eAAe,CAAC,GAAG;AACrE,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,kCAAkC,eAAe,EAAE,CAAC;AAAA,EACtG;AACF;AAEA,eAAe,4BACb,WACA,MACA,SACA,gBACA,WACA;AACA,QAAM,UAAU,mBAAmB,IAAI;AACvC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,iCAAiC,cAAc,EAAE,CAAC;AAAA,EACpG;AACA,MAAI;AACJ,MAAI;AACF,WAAO,UAAU,QAAQ,aAAa;AAAA,EACxC,SAAS,KAAK;AACZ,YAAQ,MAAM,+DAA+D,GAAG;AAChF,WAAO;AAAA,EACT;AACA,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,gBAAgB,EAAE,CAAC;AAAA,EAClG;AACA,QAAM,aAAa,MAAM,KAAK,mBAAmB,SAAS,CAAC,OAAO,GAAG;AAAA,IACnE,UAAU,KAAK;AAAA,IACf;AAAA,EACF,CAAC;AACD,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,kCAAkC,eAAe,EAAE,CAAC;AAAA,EACtG;AACF;AAEA,eAAe,wBACb,IACA,MACA,OACA,YACA,UACA,WACA;AACA,QAAM,SAAS,MAAM;AAAA,IACnB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,UAAU,MAAM,YAAY,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC3E;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,OAAO,cAAc,KAAK,SAAS,KAAK;AAAA,EACrF;AACA,MAAI,CAAC,UAAU,OAAO,aAAa,KAAK,UAAU;AAChD,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,uCAAuC,oBAAoB,EAAE,CAAC;AAAA,EAChH;AACA,gCAA8B,OAAO,gBAAgB,OAAO,MAAM,SAAS;AAC3E,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB,OAAO;AAAA,IACvB,UAAU,OAAO;AAAA,EACnB;AACF;AAEA,eAAe,sBACb,IACA,MACA,OACA,YACA,UACA,QACA,WACA;AACA,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,QAAQ,UAAU,KAAK,UAAU,YAAY,UAAU,WAAW,KAAK;AAAA,IAC7E;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,OAAO,cAAc,KAAK,SAAS,KAAK;AAAA,EACrF;AACA,MACE,CAAC,QACD,KAAK,aAAa,KAAK,YACvB,KAAK,eAAe,cACpB,KAAK,aAAa,UAClB;AACA,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,mCAAmC,gBAAgB,EAAE,CAAC;AAAA,EACxG;AACA,gCAA8B,KAAK,gBAAgB,OAAO,MAAM,SAAS;AACzE,SAAO;AAAA,IACL;AAAA,IACA,gBAAgB,KAAK;AAAA,IACrB,UAAU,KAAK;AAAA,EACjB;AACF;AAEA,SAAS,2BACP,KACA,gBACA;AACA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,wBAAwB;AAAA,IACxB,iBAAiB,CAAC,cAAc;AAAA,EAClC;AACF;AAEO,MAAM,sBAAsB;AAAA,EACjC,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,sBAAsB,EAAE;AAAA,EACpE,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AAAA,EACvE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AAAA,EACtE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AAC3E;AAEO,SAAS,wBAAwB,YAAyC;AAC/E,QAAM,QAAQ,eAAe,YAAY,YAAY;AACrD,SAAO;AAAA,IACL,KAAK;AAAA,IACL,SAAS,GAAG,MAAM,OAAO,CAAC,EAAE,YAAY,IAAI,MAAM,MAAM,CAAC,CAAC;AAAA,IAC1D,YAAY;AAAA,IACZ,SAAS;AAAA,MACP,KAAK;AAAA,QACH,SAAS,oBAAoB,KAAK;AAAA,QAClC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,mBAAmB,CAAC;AAAA,QACxF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,QAClE;AAAA,MACF;AAAA,MACA,MAAM;AAAA,QACJ,SAAS,sBAAsB,KAAK;AAAA,QACpC,aAAa,EAAE,aAAa,oBAAoB,QAAQ,iBAAiB;AAAA,QACzE,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,qBAAqB,CAAC;AAAA,QACtF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,UAChE,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,YAAY;AAAA,QAC3E;AAAA,MACF;AAAA,MACA,KAAK;AAAA,QACH,SAAS,YAAY,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,aAAa,EAAE,aAAa,oBAAoB,QAAQ,iBAAiB;AAAA,QACzE,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB,CAAC;AAAA,QAClF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,UAChE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,QACpE;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,SAAS,YAAY,KAAK;AAAA,QAC1B,OAAO;AAAA,QACP,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,iBAAiB,CAAC;AAAA,QAClF,QAAQ;AAAA,UACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,YAAY;AAAA,UACnE,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,YAAY;AAAA,UAChE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,QACpE;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,0BAA0B,YAAwB;AAChE,QAAM,eAAe,eAAe,YAAY,sBAAsB;AACtE,QAAM,YAAY,eAAe,YAAY,4BAA4B;AAEzE,iBAAe,IAAI,SAAkB,EAAE,OAAO,GAA+B;AAC3E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,WAAW,IAAI,MAAM,MAAM,IAAI,MAAM,aAAa,OAAO;AACjE,YAAM,cAAc,MAAM,wBAAwB,IAAI,MAAM,OAAO,YAAY,UAAU,SAAS;AAClG,YAAM,4BAA4B,WAAW,MAAM,wBAAwB,YAAY,gBAAgB,SAAS;AAEhH,YAAM,QAAQ,MAAM;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA,UACE;AAAA,UACA;AAAA,UACA,gBAAgB,YAAY;AAAA,UAC5B,UAAU,YAAY;AAAA,UACtB,WAAW;AAAA,QACb;AAAA,QACA,EAAE,SAAS,EAAE,UAAU,MAAM,EAAE;AAAA,QAC/B;AAAA,UACE,UAAU,YAAY;AAAA,UACtB,gBAAgB,YAAY;AAAA,QAC9B;AAAA,MACF;AAEA,YAAM,UAAU,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,OAAO,CAAC,UAA2B,OAAO,UAAU,YAAY,MAAM,SAAS,CAAC,CAAC,CAAC;AACtJ,YAAM,QAAQ,QAAQ,SAClB,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA;AAAA,UACE,IAAI,EAAE,KAAK,QAAQ;AAAA,UACnB,WAAW;AAAA,UACX,GAAI,YAAY,WAAW,EAAE,UAAU,YAAY,SAAS,IAAI,CAAC;AAAA,QACnE;AAAA,QACA;AAAA,QACA;AAAA,UACE,UAAU,YAAY;AAAA,UACtB,gBAAgB,YAAY;AAAA,QAC9B;AAAA,MACF,IACA,CAAC;AACL,YAAM,UAAU,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;AAAA,QACpD,MAAM,KAAK,QAAQ,2BAA2B,KAAK,KAAK,KAAK;AAAA,QAC7D,OAAO,KAAK,SAAS;AAAA,QACrB,OAAO;AAAA,MACT,CAAC,CAAC,CAAC;AAEH,aAAO,aAAa,KAAK;AAAA,QACvB,OAAO,MAAM,IAAI,CAAC,UAAU;AAAA,UAC1B,GAAI,QAAQ,IAAI,KAAK,MAAM,IACvB;AAAA,YACE,UAAU,QAAQ,IAAI,KAAK,MAAM,GAAG,QAAQ;AAAA,YAC5C,WAAW,QAAQ,IAAI,KAAK,MAAM,GAAG,SAAS;AAAA,YAC9C,WAAW,QAAQ,IAAI,KAAK,MAAM,GAAG,SAAS;AAAA,UAChD,IACA,CAAC;AAAA,UACL,IAAI,KAAK;AAAA,UACT,YAAY,KAAK;AAAA,UACjB,UAAU,KAAK;AAAA,UACf,QAAQ,KAAK;AAAA,UACb,UAAU,KAAK;AAAA,UACf,WAAW,KAAK,UAAU,YAAY;AAAA,UACtC,WAAW,KAAK,UAAU,YAAY;AAAA,QACxC,EAAE;AAAA,MACJ,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,eAAe,GAAG;AAC5C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,yCAAyC,sBAAsB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACjI;AAAA,EACF;AAEA,iBAAe,KAAK,SAAkB,EAAE,OAAO,GAA+B;AAC5E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,IAAI,IAAI,MAAM,aAAa,OAAO;AACtE,YAAM,cAAc,MAAM,wBAAwB,IAAI,MAAM,OAAO,YAAY,UAAU,SAAS;AAClG,YAAM,4BAA4B,WAAW,MAAM,0BAA0B,YAAY,gBAAgB,SAAS;AAClH,YAAM,aAAa,2BAA2B,KAAK,YAAY,cAAc;AAE7E,YAAM,UAAU,MAAM,aAAsC,SAAS,CAAC,CAAC;AACvE,YAAM,SAAS;AAAA,QACb;AAAA,UACE,GAAG;AAAA,UACH,gBAAgB,YAAY;AAAA,UAC5B,UAAU,YAAY;AAAA,UACtB,GAAG,eAAe,YAAY,QAAQ;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,SAAS,uBAAuB,MAAM,MAAM;AAElD,YAAM,cAAc,mBAAmB,IAAI;AAC3C,YAAM,cAAc,MAAM,0BAA0B,WAAW;AAAA,QAC7D,UAAU,YAAY;AAAA,QAAU,gBAAgB,YAAY;AAAA,QAAgB,QAAQ;AAAA,QACpF;AAAA,QAAc,YAAY;AAAA,QAAU,WAAW;AAAA,QAC/C,eAAe,QAAQ;AAAA,QAAQ,gBAAgB,QAAQ;AAAA,QAAS,iBAAiB;AAAA,MACnF,CAAC;AACD,UAAI,eAAe,CAAC,YAAY,GAAI,QAAO,aAAa,KAAK,YAAY,MAAM,EAAE,QAAQ,YAAY,OAAO,CAAC;AAE7G,YAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,YAAM,EAAE,QAAQ,SAAS,IAAI,MAAM,WAAW;AAAA,QAC5C;AAAA,QACA,EAAE,OAAO,QAAQ,KAAK,WAAW;AAAA,MACnC;AAEA,UAAI,aAAa,MAAM,YAAY,uBAAuB;AACxD,cAAM,iCAAiC,WAAW;AAAA,UAChD,UAAU,YAAY;AAAA,UAAU,gBAAgB,YAAY;AAAA,UAAgB,QAAQ;AAAA,UACpF;AAAA,UAAc,YAAY;AAAA,UAAU,WAAW;AAAA,UAC/C,eAAe,QAAQ;AAAA,UAAQ,gBAAgB,QAAQ;AAAA,UAAS,UAAU,YAAY,YAAY;AAAA,QACpG,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,aAAa,KAAK,EAAE,IAAI,QAAQ,UAAU,KAAK,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,QACjE;AAAA,QACA,EAAE,cAAc,YAAY,SAAS;AAAA,MACvC;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,gBAAgB,GAAG;AAC7C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,0CAA0C,uBAAuB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACnI;AAAA,EACF;AAEA,iBAAe,IAAI,SAAkB,EAAE,OAAO,GAA+B;AAC3E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,OAAO,IAAI,kBAAkB,MAAM,OAAO,YAAY,IAAI,IAAI,QAAQ,GAAG,EAAE,YAAY,CAAC;AAChG,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,IAAI,IAAI,MAAM,aAAa,OAAO;AACtE,YAAM,cAAc,MAAM,sBAAsB,IAAI,MAAM,OAAO,YAAY,UAAU,QAAQ,SAAS;AACxG,YAAM,4BAA4B,WAAW,MAAM,0BAA0B,YAAY,gBAAgB,SAAS;AAClH,YAAM,aAAa,2BAA2B,KAAK,YAAY,cAAc;AAE7E,YAAM,UAAU,MAAM,aAAsC,SAAS,CAAC,CAAC;AACvE,YAAM,SAAS;AAAA,QACb;AAAA,UACE,GAAG;AAAA,UACH,IAAI;AAAA,UACJ,gBAAgB,YAAY;AAAA,UAC5B,UAAU,YAAY;AAAA,QACxB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,SAAS,uBAAuB,MAAM,MAAM;AAElD,YAAM,cAAc,mBAAmB,IAAI;AAC3C,YAAM,cAAc,MAAM,0BAA0B,WAAW;AAAA,QAC7D,UAAU,YAAY;AAAA,QAAU,gBAAgB,YAAY;AAAA,QAAgB,QAAQ;AAAA,QACpF;AAAA,QAAc,YAAY;AAAA,QAAU,WAAW;AAAA,QAC/C,eAAe,QAAQ;AAAA,QAAQ,gBAAgB,QAAQ;AAAA,QAAS,iBAAiB,EAAE,QAAQ,GAAG,QAAQ;AAAA,MACxG,CAAC;AACD,UAAI,eAAe,CAAC,YAAY,GAAI,QAAO,aAAa,KAAK,YAAY,MAAM,EAAE,QAAQ,YAAY,OAAO,CAAC;AAE7G,YAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,YAAM,EAAE,SAAS,IAAI,MAAM,WAAW;AAAA,QACpC;AAAA,QACA,EAAE,OAAO,QAAQ,KAAK,WAAW;AAAA,MACnC;AAEA,UAAI,aAAa,MAAM,YAAY,uBAAuB;AACxD,cAAM,iCAAiC,WAAW;AAAA,UAChD,UAAU,YAAY;AAAA,UAAU,gBAAgB,YAAY;AAAA,UAAgB,QAAQ;AAAA,UACpF;AAAA,UAAc,YAAY;AAAA,UAAU,WAAW;AAAA,UAC/C,eAAe,QAAQ;AAAA,UAAQ,gBAAgB,QAAQ;AAAA,UAAS,UAAU,YAAY,YAAY;AAAA,QACpG,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,QAC9B;AAAA,QACA,EAAE,cAAc,YAAY,SAAS;AAAA,MACvC;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,eAAe,GAAG;AAC5C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,0CAA0C,uBAAuB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACnI;AAAA,EACF;AAEA,iBAAe,OAAO,SAAkB,EAAE,OAAO,GAA+B;AAC9E,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI;AACF,YAAM,EAAE,IAAI,SAAS,IAAI,aAAa,MAAM,MAAM;AAClD,YAAM,EAAE,OAAO,IAAI,kBAAkB,MAAM,OAAO,YAAY,IAAI,IAAI,QAAQ,GAAG,EAAE,YAAY,CAAC;AAChG,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,IAAI,IAAI,MAAM,aAAa,OAAO;AACtE,YAAM,cAAc,MAAM,sBAAsB,IAAI,MAAM,OAAO,YAAY,UAAU,QAAQ,SAAS;AACxG,YAAM,4BAA4B,WAAW,MAAM,0BAA0B,YAAY,gBAAgB,SAAS;AAClH,YAAM,aAAa,2BAA2B,KAAK,YAAY,cAAc;AAE7E,YAAM,SAAS,uBAAuB;AAAA,QACpC;AAAA,UACE;AAAA,YACE,IAAI;AAAA,YACJ,gBAAgB,YAAY;AAAA,YAC5B,UAAU,YAAY;AAAA,UACxB;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,YAAM,cAAc,mBAAmB,IAAI;AAC3C,YAAM,cAAc,MAAM,0BAA0B,WAAW;AAAA,QAC7D,UAAU,YAAY;AAAA,QAAU,gBAAgB,YAAY;AAAA,QAAgB,QAAQ;AAAA,QACpF;AAAA,QAAc,YAAY;AAAA,QAAU,WAAW;AAAA,QAC/C,eAAe,QAAQ;AAAA,QAAQ,gBAAgB,QAAQ;AAAA,QAAS,iBAAiB,EAAE,OAAO;AAAA,MAC5F,CAAC;AACD,UAAI,eAAe,CAAC,YAAY,GAAI,QAAO,aAAa,KAAK,YAAY,MAAM,EAAE,QAAQ,YAAY,OAAO,CAAC;AAE7G,YAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,YAAM,EAAE,SAAS,IAAI,MAAM,WAAW;AAAA,QACpC;AAAA,QACA,EAAE,OAAO,QAAQ,KAAK,WAAW;AAAA,MACnC;AAEA,UAAI,aAAa,MAAM,YAAY,uBAAuB;AACxD,cAAM,iCAAiC,WAAW;AAAA,UAChD,UAAU,YAAY;AAAA,UAAU,gBAAgB,YAAY;AAAA,UAAgB,QAAQ;AAAA,UACpF;AAAA,UAAc,YAAY;AAAA,UAAU,WAAW;AAAA,UAC/C,eAAe,QAAQ;AAAA,UAAQ,gBAAgB,QAAQ;AAAA,UAAS,UAAU,YAAY,YAAY;AAAA,QACpG,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,QAC9B;AAAA,QACA,EAAE,cAAc,YAAY,SAAS;AAAA,MACvC;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAI,eAAe,EAAE,SAAU,QAAO,6BAA6B,KAAK,SAAS;AACjF,cAAQ,MAAM,GAAG,SAAS,kBAAkB,GAAG;AAC/C,aAAO,aAAa,KAAK,EAAE,OAAO,UAAU,0CAA0C,uBAAuB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACnI;AAAA,EACF;AAEA,SAAO,EAAE,KAAK,MAAM,KAAK,OAAO;AAClC;",
6
6
  "names": []
7
7
  }
package/dist/modules/customers/api/people/[id]/companies/context.js CHANGED
@@ -6,6 +6,7 @@ import {
6
6
  CustomerPersonProfile
7
7
  } from "@open-mercato/core/modules/customers/data/entities";
8
8
  import { resolveOrganizationScopeForRequest } from "@open-mercato/core/modules/directory/utils/organizationScope";
9
+ import { isOrganizationReadAccessAllowed } from "@open-mercato/core/modules/directory/utils/organizationScopeGuard";
9
10
  import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
10
11
  import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
11
12
  async function loadPersonContext(req, personId) {
@@ -32,10 +33,7 @@ async function loadPersonContext(req, personId) {
32
33
  if (!person) {
33
34
  throw new CrudHttpError(404, { error: translate("customers.errors.person_not_found", "Person not found") });
34
35
  }
35
- const allowedOrgIds = /* @__PURE__ */ new Set();
36
- if (scope?.filterIds?.length) scope.filterIds.forEach((entry) => allowedOrgIds.add(entry));
37
- else if (authenticatedAuth.orgId) allowedOrgIds.add(authenticatedAuth.orgId);
38
- if (allowedOrgIds.size > 0 && !allowedOrgIds.has(person.organizationId)) {
36
+ if (!isOrganizationReadAccessAllowed({ scope, auth: authenticatedAuth, organizationId: person.organizationId })) {
39
37
  throw new CrudHttpError(403, { error: translate("customers.errors.access_denied", "Access denied") });
40
38
  }
41
39
  const profile = await findOneWithDecryption(
package/dist/modules/customers/api/people/[id]/companies/context.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../../../../src/modules/customers/api/people/%5Bid%5D/companies/context.ts"],
4
- "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport {\n CustomerEntity,\n CustomerPersonProfile,\n} from '@open-mercato/core/modules/customers/data/entities'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport async function loadPersonContext(req: Request, personId: string) {\n const { translate } = await resolveTranslations()\n const auth = await getAuthFromRequest(req)\n if (!auth?.tenantId) {\n throw new CrudHttpError(401, { error: translate('customers.errors.unauthorized', 'Unauthorized') })\n }\n const authenticatedAuth = auth as typeof auth & { tenantId: string }\n\n const container = await createRequestContainer()\n const scope = await resolveOrganizationScopeForRequest({ container, auth: authenticatedAuth, request: req })\n const em = (container.resolve('em') as EntityManager).fork()\n const decryptionScope = {\n tenantId: authenticatedAuth.tenantId,\n organizationId: scope?.selectedId ?? authenticatedAuth.orgId ?? null,\n }\n const person = await findOneWithDecryption(\n em,\n CustomerEntity,\n { id: personId, kind: 'person', tenantId: authenticatedAuth.tenantId, deletedAt: null },\n {},\n decryptionScope,\n )\n\n if (!person) {\n throw new CrudHttpError(404, { error: translate('customers.errors.person_not_found', 'Person not found') })\n }\n\n const allowedOrgIds = new Set<string>()\n if (scope?.filterIds?.length) scope.filterIds.forEach((entry) => allowedOrgIds.add(entry))\n else if (authenticatedAuth.orgId) allowedOrgIds.add(authenticatedAuth.orgId)\n\n if (allowedOrgIds.size > 0 && !allowedOrgIds.has(person.organizationId)) {\n throw new CrudHttpError(403, { error: translate('customers.errors.access_denied', 'Access denied') })\n }\n\n const profile = await findOneWithDecryption(\n em,\n CustomerPersonProfile,\n { entity: person, tenantId: person.tenantId, organizationId: person.organizationId },\n { populate: ['company'] },\n {\n tenantId: person.tenantId,\n organizationId: person.organizationId,\n },\n )\n if (!profile) {\n throw new CrudHttpError(404, { error: translate('customers.errors.person_profile_not_found', 'Person profile not found') })\n }\n\n return {\n container,\n auth: authenticatedAuth,\n selectedOrganizationId: scope?.selectedId ?? authenticatedAuth.orgId ?? null,\n em,\n person,\n profile,\n }\n}\n"],
5
- "mappings": "AACA,SAAS,qBAAqB;AAC9B,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,0CAA0C;AACnD,SAAS,2BAA2B;AACpC,SAAS,6BAA6B;AAEtC,eAAsB,kBAAkB,KAAc,UAAkB;AACtE,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,UAAU;AACnB,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,iCAAiC,cAAc,EAAE,CAAC;AAAA,EACpG;AACA,QAAM,oBAAoB;AAE1B,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,mBAAmB,SAAS,IAAI,CAAC;AAC3G,QAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,QAAM,kBAAkB;AAAA,IACtB,UAAU,kBAAkB;AAAA,IAC5B,gBAAgB,OAAO,cAAc,kBAAkB,SAAS;AAAA,EAClE;AACA,QAAM,SAAS,MAAM;AAAA,IACnB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,UAAU,MAAM,UAAU,UAAU,kBAAkB,UAAU,WAAW,KAAK;AAAA,IACtF,CAAC;AAAA,IACD;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,qCAAqC,kBAAkB,EAAE,CAAC;AAAA,EAC5G;AAEA,QAAM,gBAAgB,oBAAI,IAAY;AACtC,MAAI,OAAO,WAAW,OAAQ,OAAM,UAAU,QAAQ,CAAC,UAAU,cAAc,IAAI,KAAK,CAAC;AAAA,WAChF,kBAAkB,MAAO,eAAc,IAAI,kBAAkB,KAAK;AAE3E,MAAI,cAAc,OAAO,KAAK,CAAC,cAAc,IAAI,OAAO,cAAc,GAAG;AACvE,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,kCAAkC,eAAe,EAAE,CAAC;AAAA,EACtG;AAEA,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA,EAAE,QAAQ,QAAQ,UAAU,OAAO,UAAU,gBAAgB,OAAO,eAAe;AAAA,IACnF,EAAE,UAAU,CAAC,SAAS,EAAE;AAAA,IACxB;AAAA,MACE,UAAU,OAAO;AAAA,MACjB,gBAAgB,OAAO;AAAA,IACzB;AAAA,EACF;AACA,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6CAA6C,0BAA0B,EAAE,CAAC;AAAA,EAC5H;AAEA,SAAO;AAAA,IACL;AAAA,IACA,MAAM;AAAA,IACN,wBAAwB,OAAO,cAAc,kBAAkB,SAAS;AAAA,IACxE;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
4
+ "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport {\n CustomerEntity,\n CustomerPersonProfile,\n} from '@open-mercato/core/modules/customers/data/entities'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { isOrganizationReadAccessAllowed } from '@open-mercato/core/modules/directory/utils/organizationScopeGuard'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport async function loadPersonContext(req: Request, personId: string) {\n const { translate } = await resolveTranslations()\n const auth = await getAuthFromRequest(req)\n if (!auth?.tenantId) {\n throw new CrudHttpError(401, { error: translate('customers.errors.unauthorized', 'Unauthorized') })\n }\n const authenticatedAuth = auth as typeof auth & { tenantId: string }\n\n const container = await createRequestContainer()\n const scope = await resolveOrganizationScopeForRequest({ container, auth: authenticatedAuth, request: req })\n const em = (container.resolve('em') as EntityManager).fork()\n const decryptionScope = {\n tenantId: authenticatedAuth.tenantId,\n organizationId: scope?.selectedId ?? authenticatedAuth.orgId ?? null,\n }\n const person = await findOneWithDecryption(\n em,\n CustomerEntity,\n { id: personId, kind: 'person', tenantId: authenticatedAuth.tenantId, deletedAt: null },\n {},\n decryptionScope,\n )\n\n if (!person) {\n throw new CrudHttpError(404, { error: translate('customers.errors.person_not_found', 'Person not found') })\n }\n\n if (!isOrganizationReadAccessAllowed({ scope, auth: authenticatedAuth, organizationId: person.organizationId })) {\n throw new CrudHttpError(403, { error: translate('customers.errors.access_denied', 'Access denied') })\n }\n\n const profile = await findOneWithDecryption(\n em,\n CustomerPersonProfile,\n { entity: person, tenantId: person.tenantId, organizationId: person.organizationId },\n { populate: ['company'] },\n {\n tenantId: person.tenantId,\n organizationId: person.organizationId,\n },\n )\n if (!profile) {\n throw new CrudHttpError(404, { error: translate('customers.errors.person_profile_not_found', 'Person profile not found') })\n }\n\n return {\n container,\n auth: authenticatedAuth,\n selectedOrganizationId: scope?.selectedId ?? authenticatedAuth.orgId ?? null,\n em,\n person,\n profile,\n }\n}\n"],
5
+ "mappings": "AACA,SAAS,qBAAqB;AAC9B,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,0CAA0C;AACnD,SAAS,uCAAuC;AAChD,SAAS,2BAA2B;AACpC,SAAS,6BAA6B;AAEtC,eAAsB,kBAAkB,KAAc,UAAkB;AACtE,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,UAAU;AACnB,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,iCAAiC,cAAc,EAAE,CAAC;AAAA,EACpG;AACA,QAAM,oBAAoB;AAE1B,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,mBAAmB,SAAS,IAAI,CAAC;AAC3G,QAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,QAAM,kBAAkB;AAAA,IACtB,UAAU,kBAAkB;AAAA,IAC5B,gBAAgB,OAAO,cAAc,kBAAkB,SAAS;AAAA,EAClE;AACA,QAAM,SAAS,MAAM;AAAA,IACnB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,UAAU,MAAM,UAAU,UAAU,kBAAkB,UAAU,WAAW,KAAK;AAAA,IACtF,CAAC;AAAA,IACD;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,qCAAqC,kBAAkB,EAAE,CAAC;AAAA,EAC5G;AAEA,MAAI,CAAC,gCAAgC,EAAE,OAAO,MAAM,mBAAmB,gBAAgB,OAAO,eAAe,CAAC,GAAG;AAC/G,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,kCAAkC,eAAe,EAAE,CAAC;AAAA,EACtG;AAEA,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA,EAAE,QAAQ,QAAQ,UAAU,OAAO,UAAU,gBAAgB,OAAO,eAAe;AAAA,IACnF,EAAE,UAAU,CAAC,SAAS,EAAE;AAAA,IACxB;AAAA,MACE,UAAU,OAAO;AAAA,MACjB,gBAAgB,OAAO;AAAA,IACzB;AAAA,EACF;AACA,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6CAA6C,0BAA0B,EAAE,CAAC;AAAA,EAC5H;AAEA,SAAO;AAAA,IACL;AAAA,IACA,MAAM;AAAA,IACN,wBAAwB,OAAO,cAAc,kBAAkB,SAAS;AAAA,IACxE;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
6
6
  "names": []
7
7
  }
package/dist/modules/customers/api/people/[id]/companies/enriched/route.js CHANGED
@@ -6,6 +6,7 @@ import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
6
6
  import { resolveOrganizationScopeForRequest } from "@open-mercato/core/modules/directory/utils/organizationScope";
7
7
  import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
8
8
  import { findWithDecryption, findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
9
+ import { isOrganizationReadAccessAllowed } from "@open-mercato/core/modules/directory/utils/organizationScopeGuard";
9
10
  import {
10
11
  CustomerEntity,
11
12
  CustomerCompanyProfile,
@@ -148,10 +149,7 @@ async function GET(req, ctx) {
148
149
  if (!person) {
149
150
  throw new CrudHttpError(404, { error: translate("customers.errors.person_not_found", "Person not found") });
150
151
  }
151
- const allowedOrgIds = /* @__PURE__ */ new Set();
152
- if (scope?.filterIds?.length) scope.filterIds.forEach((entry) => allowedOrgIds.add(entry));
153
- else if (auth.orgId) allowedOrgIds.add(auth.orgId);
154
- if (allowedOrgIds.size > 0 && !allowedOrgIds.has(person.organizationId)) {
152
+ if (!isOrganizationReadAccessAllowed({ scope, auth, organizationId: person.organizationId })) {
155
153
  throw new CrudHttpError(403, { error: translate("customers.errors.access_denied", "Access denied") });
156
154
  }
157
155
  const entityScope = { tenantId: auth.tenantId, organizationId: person.organizationId };