@open-mercato/core 0.6.5-develop.5337.1.534b781eac → 0.6.5

package/src/modules/directory/i18n/de.json

@@ -5,6 +5,27 @@
   "directory.audit.tenants.create": "Mandanten anlegen",
   "directory.audit.tenants.delete": "Mandanten löschen",
   "directory.audit.tenants.update": "Mandanten aktualisieren",
+  "directory.branding.actions.reset": "Standardlogo verwenden",
+  "directory.branding.actions.save": "Branding speichern",
+  "directory.branding.currentScope": "Aktuelle Organisation",
+  "directory.branding.description": "Legen Sie das Logo fest, das in der Backend-Seitenleiste für die aktuell ausgewählte Organisation verwendet wird.",
+  "directory.branding.errors.blocked": "Das Speichern des Brandings wurde blockiert.",
+  "directory.branding.errors.invalidLogoUrl": "Geben Sie eine gültige Bild-URL ein.",
+  "directory.branding.errors.load": "Organisationsbranding konnte nicht geladen werden",
+  "directory.branding.errors.notFound": "Organisation nicht gefunden",
+  "directory.branding.errors.organizationRequired": "Wählen Sie eine einzelne Organisation aus, bevor Sie das Seitenleisten-Branding ändern.",
+  "directory.branding.errors.save": "Organisationsbranding konnte nicht aktualisiert werden",
+  "directory.branding.errors.upload": "Logo konnte nicht hochgeladen werden",
+  "directory.branding.file.hint": "PNG, JPG, WebP oder SVG funktioniert am besten. Hochgeladene Dateien werden als Organisationsanhänge gespeichert.",
+  "directory.branding.file.label": "Logo hochladen",
+  "directory.branding.flash.saved": "Organisationsbranding aktualisiert",
+  "directory.branding.loading": "Organisationsbranding wird geladen...",
+  "directory.branding.nav": "Organisationsbranding",
+  "directory.branding.previewAlt": "Logovorschau für {{name}}",
+  "directory.branding.title": "Organisationsbranding",
+  "directory.branding.url.hint": "Verwenden Sie eine externe Bild-URL oder lassen Sie das Feld leer, um auf das Standardlogo von Open Mercato zurückzufallen.",
+  "directory.branding.url.label": "Logo-URL",
+  "directory.branding.url.placeholder": "https://example.com/logo.svg",
   "directory.nav.group": "Verzeichnis",
   "directory.nav.organizations": "Organisationen",
   "directory.nav.organizations.create": "Organisation erstellen",

package/src/modules/directory/i18n/en.json

@@ -5,6 +5,27 @@
   "directory.audit.tenants.create": "Create tenant",
   "directory.audit.tenants.delete": "Delete tenant",
   "directory.audit.tenants.update": "Update tenant",
+  "directory.branding.actions.reset": "Use default logo",
+  "directory.branding.actions.save": "Save branding",
+  "directory.branding.currentScope": "Current organization",
+  "directory.branding.description": "Set the logo used in the backend sidebar for the currently selected organization.",
+  "directory.branding.errors.blocked": "Branding save was blocked.",
+  "directory.branding.errors.invalidLogoUrl": "Enter a valid image URL.",
+  "directory.branding.errors.load": "Failed to load organization branding",
+  "directory.branding.errors.notFound": "Organization not found",
+  "directory.branding.errors.organizationRequired": "Select a single organization before changing sidebar branding.",
+  "directory.branding.errors.save": "Failed to update organization branding",
+  "directory.branding.errors.upload": "Failed to upload logo",
+  "directory.branding.file.hint": "PNG, JPG, WebP, or SVG works best. Uploaded files are stored as organization attachments.",
+  "directory.branding.file.label": "Upload logo",
+  "directory.branding.flash.saved": "Organization branding updated",
+  "directory.branding.loading": "Loading organization branding...",
+  "directory.branding.nav": "Organization branding",
+  "directory.branding.previewAlt": "{{name}} logo preview",
+  "directory.branding.title": "Organization branding",
+  "directory.branding.url.hint": "Use an external image URL or leave empty to fall back to the default Open Mercato logo.",
+  "directory.branding.url.label": "Logo URL",
+  "directory.branding.url.placeholder": "https://example.com/logo.svg",
   "directory.nav.group": "Directory",
   "directory.nav.organizations": "Organizations",
   "directory.nav.organizations.create": "Create Organization",

package/src/modules/directory/i18n/es.json

@@ -5,6 +5,27 @@
   "directory.audit.tenants.create": "Crear inquilino",
   "directory.audit.tenants.delete": "Eliminar inquilino",
   "directory.audit.tenants.update": "Actualizar inquilino",
+  "directory.branding.actions.reset": "Usar logo predeterminado",
+  "directory.branding.actions.save": "Guardar marca",
+  "directory.branding.currentScope": "Organización actual",
+  "directory.branding.description": "Define el logo usado en la barra lateral del backend para la organización seleccionada.",
+  "directory.branding.errors.blocked": "Se bloqueó el guardado de la marca.",
+  "directory.branding.errors.invalidLogoUrl": "Introduce una URL de imagen válida.",
+  "directory.branding.errors.load": "No se pudo cargar la marca de la organización",
+  "directory.branding.errors.notFound": "Organización no encontrada",
+  "directory.branding.errors.organizationRequired": "Selecciona una sola organización antes de cambiar la marca de la barra lateral.",
+  "directory.branding.errors.save": "No se pudo actualizar la marca de la organización",
+  "directory.branding.errors.upload": "No se pudo subir el logo",
+  "directory.branding.file.hint": "PNG, JPG, WebP o SVG funcionan mejor. Los archivos subidos se guardan como adjuntos de la organización.",
+  "directory.branding.file.label": "Subir logo",
+  "directory.branding.flash.saved": "Marca de la organización actualizada",
+  "directory.branding.loading": "Cargando marca de la organización...",
+  "directory.branding.nav": "Marca de la organización",
+  "directory.branding.previewAlt": "Vista previa del logo de {{name}}",
+  "directory.branding.title": "Marca de la organización",
+  "directory.branding.url.hint": "Usa una URL de imagen externa o deja el campo vacío para volver al logo predeterminado de Open Mercato.",
+  "directory.branding.url.label": "URL del logo",
+  "directory.branding.url.placeholder": "https://example.com/logo.svg",
   "directory.nav.group": "Directorio",
   "directory.nav.organizations": "Organizaciones",
   "directory.nav.organizations.create": "Crear organización",

package/src/modules/directory/i18n/pl.json

@@ -5,6 +5,27 @@
   "directory.audit.tenants.create": "Utwórz najemcę",
   "directory.audit.tenants.delete": "Usuń najemcę",
   "directory.audit.tenants.update": "Aktualizuj najemcę",
+  "directory.branding.actions.reset": "Użyj domyślnego logo",
+  "directory.branding.actions.save": "Zapisz branding",
+  "directory.branding.currentScope": "Aktualna organizacja",
+  "directory.branding.description": "Ustaw logo używane w sidebarze backendu dla aktualnie wybranej organizacji.",
+  "directory.branding.errors.blocked": "Zapis brandingu został zablokowany.",
+  "directory.branding.errors.invalidLogoUrl": "Podaj poprawny adres URL obrazka.",
+  "directory.branding.errors.load": "Nie udało się wczytać brandingu organizacji",
+  "directory.branding.errors.notFound": "Nie znaleziono organizacji",
+  "directory.branding.errors.organizationRequired": "Wybierz pojedynczą organizację przed zmianą brandingu sidebara.",
+  "directory.branding.errors.save": "Nie udało się zaktualizować brandingu organizacji",
+  "directory.branding.errors.upload": "Nie udało się przesłać logo",
+  "directory.branding.file.hint": "Najlepiej sprawdzi się PNG, JPG, WebP albo SVG. Przesłane pliki są zapisywane jako załączniki organizacji.",
+  "directory.branding.file.label": "Prześlij logo",
+  "directory.branding.flash.saved": "Branding organizacji zaktualizowany",
+  "directory.branding.loading": "Ładowanie brandingu organizacji...",
+  "directory.branding.nav": "Branding organizacji",
+  "directory.branding.previewAlt": "Podgląd logo {{name}}",
+  "directory.branding.title": "Branding organizacji",
+  "directory.branding.url.hint": "Użyj zewnętrznego adresu obrazka albo zostaw puste, aby wrócić do domyślnego logo Open Mercato.",
+  "directory.branding.url.label": "Adres URL logo",
+  "directory.branding.url.placeholder": "https://example.com/logo.svg",
   "directory.nav.group": "Katalog",
   "directory.nav.organizations": "Organizacje",
   "directory.nav.organizations.create": "Utwórz organizację",

package/src/modules/directory/migrations/.snapshot-open-mercato.json

@@ -21,6 +21,7 @@
           "scale": null,
           "default": "'[]'",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "json"
         },
@@ -37,6 +38,7 @@
           "scale": null,
           "default": "'[]'",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "json"
         },
@@ -53,6 +55,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "datetime"
         },
@@ -69,6 +72,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "datetime"
         },
@@ -85,6 +89,7 @@
           "scale": null,
           "default": "0",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "integer"
         },
@@ -101,6 +106,7 @@
           "scale": null,
           "default": "'[]'",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "json"
         },
@@ -117,6 +123,7 @@
           "scale": null,
           "default": "gen_random_uuid()",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "uuid"
         },
@@ -133,9 +140,27 @@
           "scale": null,
           "default": "true",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "boolean"
         },
+        "logo_url": {
+          "name": "logo_url",
+          "type": "text",
+          "unsigned": false,
+          "autoincrement": false,
+          "primary": false,
+          "nullable": true,
+          "unique": false,
+          "length": null,
+          "precision": null,
+          "scale": null,
+          "default": null,
+          "comment": null,
+          "collation": null,
+          "enumItems": [],
+          "mappedType": "text"
+        },
         "name": {
           "name": "name",
           "type": "text",
@@ -149,6 +174,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "text"
         },
@@ -165,6 +191,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "uuid"
         },
@@ -181,6 +208,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "uuid"
         },
@@ -197,6 +225,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "text"
         },
@@ -213,6 +242,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "uuid"
         },
@@ -229,6 +259,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "text"
         },
@@ -245,6 +276,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "datetime"
         }
@@ -273,6 +305,7 @@
         }
       ],
       "checks": [],
+      "triggers": [],
       "foreignKeys": {
         "organizations_tenant_id_foreign": {
           "columnNames": [
@@ -305,6 +338,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "datetime"
         },
@@ -321,6 +355,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "datetime"
         },
@@ -337,6 +372,7 @@
           "scale": null,
           "default": "gen_random_uuid()",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "uuid"
         },
@@ -353,6 +389,7 @@
           "scale": null,
           "default": "true",
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "boolean"
         },
@@ -369,6 +406,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "text"
         },
@@ -385,6 +423,7 @@
           "scale": null,
           "default": null,
           "comment": null,
+          "collation": null,
           "enumItems": [],
           "mappedType": "datetime"
         }
@@ -402,6 +441,7 @@
         }
       ],
       "checks": [],
+      "triggers": [],
       "foreignKeys": {},
       "comment": null
     }

package/src/modules/directory/migrations/Migration20260607222259_directory.ts

@@ -0,0 +1,13 @@
+import { Migration } from '@mikro-orm/migrations';
+
+export class Migration20260607222259_directory extends Migration {
+
+  override up(): void | Promise<void> {
+    this.addSql(`alter table "organizations" add "logo_url" text null;`);
+  }
+
+  override down(): void | Promise<void> {
+    this.addSql(`alter table "organizations" drop column "logo_url";`);
+  }
+
+}

package/src/modules/directory/subscribers/invalidateOrgScopeCache.ts

@@ -7,6 +7,8 @@
 // drop every cache entry tagged for that tenant; the TTL is the backstop
 // for races where the event fires after a request reads the cache.
 
+import { buildOrgScopeTenantCacheTag } from '@open-mercato/core/modules/directory/utils/organizationScope'
+
 type CacheService = {
   deleteByTags(tags: string[]): Promise<number>
 }
@@ -32,7 +34,7 @@ export default async function handle(
   }
   if (!cache) return
   try {
-    await cache.deleteByTags([`org-scope:tenant:${tenantId}`])
+    await cache.deleteByTags([buildOrgScopeTenantCacheTag(tenantId)])
   } catch {
     // best-effort; TTL is the backstop.
   }

package/src/modules/directory/utils/organizationScope.ts

@@ -21,9 +21,11 @@ export type OrganizationScope = {
 // OrganizationScope is a pure function of (userId, tenantId, selectedOrgId,
 // requestedTenant) between membership changes; caching it bypasses 1
 // SELECT on `organizations` per CRUD request. TTL is short (60s default)
-// to keep staleness bounded for membership/visibility changes. Tag-based
-// invalidation kicks the cache when user_organizations or organizations
-// mutate (wired via invalidateOrganizationScopeCacheFor).
+// to keep staleness bounded as a backstop. Tag-based invalidation also fires
+// eagerly: per-user entries are dropped by RbacService.invalidateUserCache
+// (every ACL/role grant change goes through it — see buildOrgScopeUserCacheTag)
+// and per-tenant entries by the directory.organization.* subscriber plus
+// RbacService.invalidateTenantCache (role-ACL changes).
 const ORG_SCOPE_CACHE_KEY_PREFIX = 'org-scope'
 // Phase 4 default-off until the same readiness probe (`GET /api/customers/people`)
 // stays green with the cache layer engaged. Set `OM_ORG_SCOPE_CACHE_TTL_MS=60000`
@@ -49,10 +51,23 @@ function buildOrgScopeCacheKey(parts: {
   return `${ORG_SCOPE_CACHE_KEY_PREFIX}:${parts.userId}:${parts.effectiveTenantId}:${selected}:${requested}`
 }
 
+// Tag builders are exported so the modules that own the "this user's scope
+// changed" / "this tenant's org tree changed" signals (auth RBAC invalidation,
+// the directory.organization.* subscriber) can drop the matching cross-request
+// cache entries without re-deriving the tag format. Keeping the format in one
+// place is what lets the TTL be enabled safely (issue #2259).
+export function buildOrgScopeUserCacheTag(userId: string): string {
+  return `${ORG_SCOPE_CACHE_KEY_PREFIX}:user:${userId}`
+}
+
+export function buildOrgScopeTenantCacheTag(tenantId: string): string {
+  return `${ORG_SCOPE_CACHE_KEY_PREFIX}:tenant:${tenantId}`
+}
+
 function buildOrgScopeCacheTags(parts: { userId: string; effectiveTenantId: string }): string[] {
   return [
-    `${ORG_SCOPE_CACHE_KEY_PREFIX}:user:${parts.userId}`,
-    `${ORG_SCOPE_CACHE_KEY_PREFIX}:tenant:${parts.effectiveTenantId}`,
+    buildOrgScopeUserCacheTag(parts.userId),
+    buildOrgScopeTenantCacheTag(parts.effectiveTenantId),
   ]
 }
 
@@ -82,7 +97,7 @@ export async function invalidateOrganizationScopeCacheForUser(
   const cache = resolveCacheFromContainer(container)
   if (!cache?.deleteByTags) return
   try {
-    await cache.deleteByTags([`${ORG_SCOPE_CACHE_KEY_PREFIX}:user:${userId}`])
+    await cache.deleteByTags([buildOrgScopeUserCacheTag(userId)])
   } catch (err) {
     console.warn('[org-scope:cache] invalidate user failed', err)
   }
@@ -95,12 +110,36 @@ export async function invalidateOrganizationScopeCacheForTenant(
   const cache = resolveCacheFromContainer(container)
   if (!cache?.deleteByTags) return
   try {
-    await cache.deleteByTags([`${ORG_SCOPE_CACHE_KEY_PREFIX}:tenant:${tenantId}`])
+    await cache.deleteByTags([buildOrgScopeTenantCacheTag(tenantId)])
   } catch (err) {
     console.warn('[org-scope:cache] invalidate tenant failed', err)
   }
 }
 
+// Issue #2259 — per-request memoization. resolveOrganizationScopeForRequest
+// runs at least twice per CRUD request: once for the route-level feature check
+// (resolveFeatureCheckContext) and once inside the shared factory's withCtx.
+// Those two call sites use different request-scoped DI containers but are handed
+// the SAME Request instance, so memoizing the resolved scope on a WeakMap keyed
+// by that request collapses the duplicate work — and the duplicate
+// `organizations` SELECT — into a single resolution. The inner map is keyed by
+// the same identity tuple as the cross-request cache key, so distinct explicit
+// selectedId/tenant overrides on one request stay independent. There is no
+// staleness risk: the memo lives only for the lifetime of one request and is
+// dropped with the request object by the GC.
+const orgScopeRequestMemo = new WeakMap<object, Map<string, Promise<OrganizationScope>>>()
+
+function getRequestScopeMemo(request: unknown): Map<string, Promise<OrganizationScope>> | null {
+  if (!request || (typeof request !== 'object' && typeof request !== 'function')) return null
+  const key = request as object
+  let memo = orgScopeRequestMemo.get(key)
+  if (!memo) {
+    memo = new Map<string, Promise<OrganizationScope>>()
+    orgScopeRequestMemo.set(key, memo)
+  }
+  return memo
+}
+
 function normalizeOrganizationId(value: unknown): string | null {
   if (typeof value !== 'string') return null
   const trimmed = value.trim()
@@ -402,35 +441,51 @@ export async function resolveOrganizationScopeForRequest({
       })
     : null
 
-  if (cache && cacheKey && typeof cache.get === 'function') {
-    try {
-      const cached = await cache.get(cacheKey)
-      if (isValidCachedScope(cached)) return cached
-    } catch (err) {
-      console.warn('[org-scope:cache] read failed', err)
-    }
+  const requestMemo = getRequestScopeMemo(request)
+  if (requestMemo && cacheKey) {
+    const memoized = requestMemo.get(cacheKey)
+    if (memoized) return memoized
   }
 
-  const baseScope = await resolveOrganizationScope({
-    em,
-    rbac,
-    auth: scopedAuth,
-    selectedId: rawSelected,
-    tenantId: effectiveTenantId,
-  })
+  const resolveScope = async (): Promise<OrganizationScope> => {
+    if (cache && cacheKey && typeof cache.get === 'function') {
+      try {
+        const cached = await cache.get(cacheKey)
+        if (isValidCachedScope(cached)) return cached
+      } catch (err) {
+        console.warn('[org-scope:cache] read failed', err)
+      }
+    }
 
-  if (cache && cacheKey && userId && typeof cache.set === 'function') {
-    try {
-      await cache.set(cacheKey, baseScope, {
-        ttl: ttlMs,
-        tags: buildOrgScopeCacheTags({ userId, effectiveTenantId }),
-      })
-    } catch (err) {
-      console.warn('[org-scope:cache] write failed', err)
+    const baseScope = await resolveOrganizationScope({
+      em,
+      rbac,
+      auth: scopedAuth,
+      selectedId: rawSelected,
+      tenantId: effectiveTenantId,
+    })
+
+    if (cache && cacheKey && userId && typeof cache.set === 'function') {
+      try {
+        await cache.set(cacheKey, baseScope, {
+          ttl: ttlMs,
+          tags: buildOrgScopeCacheTags({ userId, effectiveTenantId }),
+        })
+      } catch (err) {
+        console.warn('[org-scope:cache] write failed', err)
+      }
     }
+
+    return baseScope
+  }
+
+  if (requestMemo && cacheKey) {
+    const pending = resolveScope()
+    requestMemo.set(cacheKey, pending)
+    return pending
   }
 
-  return baseScope
+  return resolveScope()
 }
 
 export type FeatureCheckContext = {

package/src/modules/entities/api/definitions.batch.ts

@@ -13,16 +13,20 @@ export const metadata = {
   POST: { requireAuth: true, requireFeatures: ['entities.definitions.manage'] },
 }
 
+const MAX_DEFINITIONS_PER_BATCH = 1000
+
 const batchSchema = z
   .object({
     entityId: z.string().regex(/^[a-z0-9_]+:[a-z0-9_]+$/),
-    definitions: z.array(
-      upsertCustomFieldDefSchema
-        .omit({ entityId: true })
-        .extend({
-          configJson: z.any().optional(),
-        })
-    ),
+    definitions: z
+      .array(
+        upsertCustomFieldDefSchema
+          .omit({ entityId: true })
+          .extend({
+            configJson: z.any().optional(),
+          })
+      )
+      .max(MAX_DEFINITIONS_PER_BATCH),
   })
   .extend(customFieldEntityConfigSchema.shape)
 

package/src/modules/entities/api/entities.ts

@@ -7,6 +7,7 @@ import { getEntityIds } from '@open-mercato/shared/lib/encryption/entityIds'
 import { upsertCustomEntitySchema } from '@open-mercato/core/modules/entities/data/validators'
 import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
 import { isSystemEntitySelectable } from '@open-mercato/shared/lib/entities/system-entities'
+import { SYSTEM_ENTITY_RECORDS_BLOCKED_CODE, isOrmBackedSystemEntityId } from '@open-mercato/shared/lib/data/engine'
 
 export const metadata = {
   GET: { requireAuth: true },
@@ -107,6 +108,16 @@ export async function POST(req: Request) {
   const { resolve } = await createRequestContainer()
   const em = resolve('em') as any
 
+  // A registration for a module-declared, table-backed system entity would flip
+  // query-engine classification to doc storage for the whole entity type (#2939's
+  // failure mode via another door) — refuse to create one.
+  if (isOrmBackedSystemEntityId(em, input.entityId)) {
+    return NextResponse.json(
+      { error: 'System entities cannot be registered as custom entities', code: SYSTEM_ENTITY_RECORDS_BLOCKED_CODE, entityId: input.entityId },
+      { status: 400 },
+    )
+  }
+
   const where: any = { entityId: input.entityId, organizationId: auth.orgId ?? null, tenantId: auth.tenantId ?? null }
   let ent = await em.findOne(CustomEntity, where)
   if (!ent) ent = em.create(CustomEntity, { ...where, createdAt: new Date() })