@open-mercato/core 0.6.6-develop.5503.1.6cdc4dda5f → 0.6.6-develop.5509.1.006f4d4f24

package/src/modules/directory/api/organization-branding/route.ts

@@ -0,0 +1,238 @@
+import { NextResponse } from 'next/server'
+import { z } from 'zod'
+import type { EntityManager } from '@mikro-orm/postgresql'
+import { runWithCacheTenant } from '@open-mercato/cache'
+import type { CommandBus, CommandRuntimeContext } from '@open-mercato/shared/lib/commands'
+import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
+import { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'
+import { createRequestContainer } from '@open-mercato/shared/lib/di/container'
+import { isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'
+import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
+import { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'
+import { Organization } from '@open-mercato/core/modules/directory/data/entities'
+import { organizationUpdateSchema } from '@open-mercato/core/modules/directory/data/validators'
+import { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'
+import '@open-mercato/core/modules/directory/commands/organizations'
+
+export const metadata = {
+  GET: { requireAuth: true, requireFeatures: ['directory.organizations.view'] },
+  PUT: { requireAuth: true, requireFeatures: ['directory.organizations.manage'] },
+}
+
+const brandingResponseSchema = z.object({
+  organizationId: z.string().uuid(),
+  organizationName: z.string(),
+  tenantId: z.string().uuid(),
+  logoUrl: z.string().nullable(),
+})
+
+const brandingUpdateSchema = z.object({
+  logoUrl: organizationUpdateSchema.shape.logoUrl,
+})
+
+const errorSchema = z.object({
+  error: z.string(),
+})
+
+type RequestContainer = Awaited<ReturnType<typeof createRequestContainer>>
+
+function buildCommandContext(
+  container: RequestContainer,
+  auth: NonNullable<Awaited<ReturnType<typeof getAuthFromRequest>>>,
+  req: Request,
+  organizationId: string,
+  tenantId: string,
+): CommandRuntimeContext {
+  return {
+    container,
+    auth,
+    organizationScope: {
+      selectedId: organizationId,
+      filterIds: [organizationId],
+      allowedIds: null,
+      tenantId,
+    },
+    selectedOrganizationId: organizationId,
+    organizationIds: [organizationId],
+    request: req,
+  }
+}
+
+async function resolveCurrentOrganization(req: Request) {
+  const { translate } = await resolveTranslations()
+  const auth = await getAuthFromRequest(req)
+  if (!auth?.sub) {
+    return {
+      response: NextResponse.json({ error: translate('api.errors.unauthorized', 'Unauthorized') }, { status: 401 }),
+    }
+  }
+
+  const container = await createRequestContainer()
+  const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req })
+  const organizationId = scope.selectedId ?? auth.orgId ?? null
+  const tenantId = scope.tenantId ?? auth.tenantId ?? null
+  if (!organizationId || !tenantId) {
+    return {
+      response: NextResponse.json(
+        {
+          error: translate(
+            'directory.branding.errors.organizationRequired',
+            'Select a single organization before changing sidebar branding.',
+          ),
+        },
+        { status: 400 },
+      ),
+    }
+  }
+
+  const em = container.resolve('em') as EntityManager
+  const organization = await findOneWithDecryption(
+    em,
+    Organization,
+    { id: organizationId, tenant: tenantId, deletedAt: null },
+    { populate: ['tenant'] },
+    { tenantId, organizationId },
+  )
+  if (!organization) {
+    return {
+      response: NextResponse.json(
+        { error: translate('directory.branding.errors.notFound', 'Organization not found') },
+        { status: 404 },
+      ),
+    }
+  }
+
+  return { auth, container, organization, organizationId, tenantId, translate }
+}
+
+function toResponsePayload(organization: Organization, tenantId: string) {
+  return {
+    organizationId: String(organization.id),
+    organizationName: organization.name,
+    tenantId,
+    logoUrl: organization.logoUrl ?? null,
+  }
+}
+
+async function invalidateSidebarBrandingCache(container: RequestContainer, organizationId: string, tenantId: string) {
+  try {
+    const cache = container.resolve('cache') as {
+      deleteByTags?: (tags: string[]) => Promise<unknown>
+    } | null
+    await runWithCacheTenant(tenantId, () =>
+      cache?.deleteByTags?.([
+        `nav:sidebar:organization:${organizationId}`,
+        `nav:sidebar:tenant:${tenantId}`,
+      ]),
+    )
+  } catch {
+    // Cache invalidation is best-effort; the persisted branding is the source of truth.
+  }
+}
+
+export async function GET(req: Request) {
+  const resolved = await resolveCurrentOrganization(req)
+  if ('response' in resolved) return resolved.response
+
+  return NextResponse.json(toResponsePayload(resolved.organization, resolved.tenantId))
+}
+
+export async function PUT(req: Request) {
+  const resolved = await resolveCurrentOrganization(req)
+  if ('response' in resolved) return resolved.response
+
+  let body: unknown
+  try {
+    body = await req.json()
+  } catch {
+    return NextResponse.json(
+      { error: resolved.translate('directory.branding.errors.invalidLogoUrl', 'Enter a valid image URL.') },
+      { status: 422 },
+    )
+  }
+  if (!body || typeof body !== 'object' || !Object.prototype.hasOwnProperty.call(body, 'logoUrl')) {
+    return NextResponse.json(
+      { error: resolved.translate('directory.branding.errors.invalidLogoUrl', 'Enter a valid image URL.') },
+      { status: 422 },
+    )
+  }
+
+  const parsed = brandingUpdateSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json(
+      {
+        error: resolved.translate('directory.branding.errors.invalidLogoUrl', 'Enter a valid image URL.'),
+        issues: parsed.error.issues,
+      },
+      { status: 422 },
+    )
+  }
+
+  try {
+    const commandBus = resolved.container.resolve('commandBus') as CommandBus
+    const ctx = buildCommandContext(
+      resolved.container,
+      resolved.auth,
+      req,
+      resolved.organizationId,
+      resolved.tenantId,
+    )
+    const { result } = await commandBus.execute<Record<string, unknown>, Organization>(
+      'directory.organizations.update',
+      {
+        input: {
+          id: resolved.organizationId,
+          tenantId: resolved.tenantId,
+          logoUrl: parsed.data.logoUrl ?? null,
+        },
+        ctx,
+      },
+    )
+    await invalidateSidebarBrandingCache(resolved.container, resolved.organizationId, resolved.tenantId)
+    return NextResponse.json(toResponsePayload(result, resolved.tenantId))
+  } catch (err) {
+    if (isCrudHttpError(err)) {
+      return NextResponse.json(err.body, { status: err.status })
+    }
+    console.error('directory.organization-branding.update failed', err)
+    return NextResponse.json(
+      { error: resolved.translate('directory.branding.errors.save', 'Failed to update organization branding.') },
+      { status: 400 },
+    )
+  }
+}
+
+export const openApi: OpenApiRouteDoc = {
+  tag: 'Directory',
+  summary: 'Current organization branding',
+  methods: {
+    GET: {
+      summary: 'Read sidebar branding for the selected organization',
+      description: 'Returns the logo URL used by the backend sidebar for the currently selected organization.',
+      responses: [
+        { status: 200, description: 'Organization branding', schema: brandingResponseSchema },
+      ],
+      errors: [
+        { status: 400, description: 'A concrete organization scope is required', schema: errorSchema },
+        { status: 401, description: 'Unauthorized', schema: errorSchema },
+        { status: 404, description: 'Organization not found', schema: errorSchema },
+      ],
+    },
+    PUT: {
+      summary: 'Update sidebar branding for the selected organization',
+      description: 'Stores an external image URL or an internal attachment image URL as the selected organization logo.',
+      requestBody: {
+        contentType: 'application/json',
+        schema: brandingUpdateSchema,
+      },
+      responses: [
+        { status: 200, description: 'Updated organization branding', schema: brandingResponseSchema },
+      ],
+      errors: [
+        { status: 400, description: 'Save failed', schema: errorSchema },
+        { status: 401, description: 'Unauthorized', schema: errorSchema },
+        { status: 422, description: 'Invalid logo URL', schema: errorSchema },
+      ],
+    },
+  },
+}

package/src/modules/directory/api/organizations/route.ts

@@ -250,6 +250,7 @@ export async function GET(req: Request) {
     const items = orgs.map((org) => ({
       id: stringId(org.id),
       name: org.name,
+      logoUrl: org.logoUrl ?? null,
       parentId: org.parentId ?? null,
       tenantId: tenantId,
       isActive: !!org.isActive,
@@ -341,8 +342,10 @@ export async function GET(req: Request) {
     }
 
     const slugByOrgId = new Map<string, string | null>()
+    const logoUrlByOrgId = new Map<string, string | null>()
     for (const org of allOrgs) {
       slugByOrgId.set(String(org.id), org.slug ?? null)
+      logoUrlByOrgId.set(String(org.id), org.logoUrl ?? null)
     }
 
     const tenantIds = Array.from(byTenant.keys())
@@ -426,6 +429,7 @@ export async function GET(req: Request) {
         id: node.id,
         name: node.name,
         slug: slugByOrgId.get(recordId) ?? null,
+        logoUrl: logoUrlByOrgId.get(recordId) ?? null,
         tenantId: tid,
         tenantName: tenantNameMap[tid] ?? tid,
         parentId: node.parentId,
@@ -467,9 +471,11 @@ export async function GET(req: Request) {
   const orgs = await em.find(Organization, orgListFilter, { orderBy: { name: 'ASC' } })
   const hierarchy = computeHierarchyForOrganizations(orgs, tenantId)
   const slugByOrgId = new Map<string, string | null>()
+  const logoUrlByOrgId = new Map<string, string | null>()
   const updatedAtByOrgId = new Map<string, string | null>()
   for (const org of orgs) {
     slugByOrgId.set(String(org.id), org.slug ?? null)
+    logoUrlByOrgId.set(String(org.id), org.logoUrl ?? null)
     updatedAtByOrgId.set(String(org.id), org.updatedAt instanceof Date ? org.updatedAt.toISOString() : null)
   }
 
@@ -533,6 +539,7 @@ export async function GET(req: Request) {
       id: node.id,
       name: node.name,
       slug: slugByOrgId.get(recordId) ?? null,
+      logoUrl: logoUrlByOrgId.get(recordId) ?? null,
       updatedAt: updatedAtByOrgId.get(recordId) ?? null,
       tenantId: node.tenantId,
       tenantName,

package/src/modules/directory/backend/directory/branding/page.meta.ts

@@ -0,0 +1,24 @@
+import React from 'react'
+
+const brandingIcon = React.createElement(
+  'svg',
+  { width: 16, height: 16, viewBox: '0 0 24 24', fill: 'none', stroke: 'currentColor', strokeWidth: 2, strokeLinecap: 'round', strokeLinejoin: 'round' },
+  React.createElement('rect', { x: 3, y: 5, width: 18, height: 14, rx: 2 }),
+  React.createElement('circle', { cx: 8, cy: 10, r: 1.5 }),
+  React.createElement('path', { d: 'm21 15-5-5L5 21' }),
+)
+
+export const metadata = {
+  requireAuth: true,
+  requireFeatures: ['directory.organizations.manage'],
+  pageTitle: 'Organization branding',
+  pageTitleKey: 'directory.branding.nav',
+  pageGroup: 'Directory',
+  pageGroupKey: 'settings.sections.directory',
+  pageOrder: 0,
+  icon: brandingIcon,
+  pageContext: 'settings' as const,
+  breadcrumb: [{ label: 'Organization branding', labelKey: 'directory.branding.nav' }],
+}
+
+export default metadata

package/src/modules/directory/backend/directory/branding/page.tsx

@@ -0,0 +1,248 @@
+'use client'
+
+import * as React from 'react'
+import { useQuery, useQueryClient } from '@tanstack/react-query'
+import { ImagePlus, Loader2, RotateCcw, Save } from 'lucide-react'
+import { Page, PageBody, PageHeader } from '@open-mercato/ui/backend/Page'
+import { LoadingMessage, ErrorMessage } from '@open-mercato/ui/backend/detail'
+import { flash } from '@open-mercato/ui/backend/FlashMessages'
+import { useGuardedMutation } from '@open-mercato/ui/backend/injection/useGuardedMutation'
+import { apiCallOrThrow, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'
+import { Button } from '@open-mercato/ui/primitives/button'
+import { Input } from '@open-mercato/ui/primitives/input'
+import { useT } from '@open-mercato/shared/lib/i18n/context'
+
+type BrandingPayload = {
+  organizationId: string
+  organizationName: string
+  tenantId: string
+  logoUrl: string | null
+}
+
+type UploadPayload = {
+  ok: true
+  item: {
+    id: string
+    url: string
+    thumbnailUrl?: string
+  }
+}
+
+const BRANDING_API = '/api/directory/organization-branding'
+const BRANDING_ENTITY_ID = 'directory.organization'
+
+export default function OrganizationBrandingPage() {
+  const t = useT()
+  const queryClient = useQueryClient()
+  const [logoUrl, setLogoUrl] = React.useState('')
+  const [selectedFile, setSelectedFile] = React.useState<File | null>(null)
+  const [filePreviewUrl, setFilePreviewUrl] = React.useState<string | null>(null)
+  const [saving, setSaving] = React.useState(false)
+  const fileInputRef = React.useRef<HTMLInputElement | null>(null)
+  const { runMutation } = useGuardedMutation({
+    contextId: 'directory.organization-branding',
+    blockedMessage: t('directory.branding.errors.blocked', 'Branding save was blocked.'),
+  })
+
+  const { data, isLoading, error } = useQuery<BrandingPayload>({
+    queryKey: ['directory-organization-branding'],
+    queryFn: () => readApiResultOrThrow<BrandingPayload>(
+      BRANDING_API,
+      undefined,
+      { errorMessage: t('directory.branding.errors.load', 'Failed to load organization branding') },
+    ),
+  })
+
+  React.useEffect(() => {
+    setLogoUrl(data?.logoUrl ?? '')
+    setSelectedFile(null)
+  }, [data?.logoUrl])
+
+  React.useEffect(() => {
+    if (!selectedFile || typeof URL === 'undefined') {
+      setFilePreviewUrl(null)
+      return
+    }
+    const nextPreviewUrl = URL.createObjectURL(selectedFile)
+    setFilePreviewUrl(nextPreviewUrl)
+    return () => URL.revokeObjectURL(nextPreviewUrl)
+  }, [selectedFile])
+
+  const currentPreviewUrl = filePreviewUrl ?? logoUrl
+
+  const uploadLogo = React.useCallback(async (organizationId: string): Promise<string | null> => {
+    if (!selectedFile) return null
+    const form = new FormData()
+    form.set('entityId', BRANDING_ENTITY_ID)
+    form.set('recordId', organizationId)
+    form.set('file', selectedFile)
+    form.set('tags', JSON.stringify(['organization-logo']))
+
+    const upload = await readApiResultOrThrow<UploadPayload>(
+      '/api/attachments',
+      {
+        method: 'POST',
+        body: form,
+      },
+      { errorMessage: t('directory.branding.errors.upload', 'Failed to upload logo') },
+    )
+    return upload?.item.thumbnailUrl ?? upload?.item.url ?? null
+  }, [selectedFile, t])
+
+  const saveBranding = React.useCallback(async (nextLogoUrl?: string, options?: { skipUpload?: boolean }) => {
+    if (!data) return
+    const shouldUpload = Boolean(selectedFile && !options?.skipUpload)
+    setSaving(true)
+    try {
+      await runMutation({
+        operation: async () => {
+          const uploadedLogoUrl = shouldUpload ? await uploadLogo(data.organizationId) : null
+          const resolvedLogoUrl = uploadedLogoUrl ?? nextLogoUrl ?? logoUrl.trim()
+          // optimistic-lock-exempt: selected organization branding uses a scoped command endpoint without an exposed updatedAt token.
+          const response = await apiCallOrThrow<BrandingPayload>(
+            BRANDING_API,
+            {
+              method: 'PUT',
+              headers: { 'content-type': 'application/json' },
+              body: JSON.stringify({ logoUrl: resolvedLogoUrl || null }),
+            },
+            { errorMessage: t('directory.branding.errors.save', 'Failed to update organization branding') },
+          )
+          return response.result
+        },
+        context: {
+          entityId: BRANDING_ENTITY_ID,
+          recordId: data.organizationId,
+          operation: 'update-branding',
+        },
+        mutationPayload: {
+          organizationId: data.organizationId,
+          logoUrl: (nextLogoUrl ?? logoUrl.trim()) || null,
+          hasUpload: shouldUpload,
+        },
+      })
+      await queryClient.invalidateQueries({ queryKey: ['directory-organization-branding'] })
+      window.dispatchEvent(new Event('om:refresh-sidebar'))
+      setSelectedFile(null)
+      if (fileInputRef.current) fileInputRef.current.value = ''
+      flash(t('directory.branding.flash.saved', 'Organization branding updated'), 'success')
+    } catch (err: unknown) {
+      const fallback = t('directory.branding.errors.save', 'Failed to update organization branding')
+      const message = err instanceof Error ? err.message : fallback
+      flash(message, 'error')
+    } finally {
+      setSaving(false)
+    }
+  }, [data, logoUrl, queryClient, runMutation, selectedFile, t, uploadLogo])
+
+  const handleSubmit = React.useCallback((event: React.FormEvent<HTMLFormElement>) => {
+    event.preventDefault()
+    void saveBranding()
+  }, [saveBranding])
+
+  if (isLoading) {
+    return <LoadingMessage label={t('directory.branding.loading', 'Loading organization branding...')} />
+  }
+
+  if (error || !data) {
+    return (
+      <ErrorMessage
+        label={t('directory.branding.errors.load', 'Failed to load organization branding')}
+        description={error instanceof Error ? error.message : undefined}
+      />
+    )
+  }
+
+  return (
+    <Page>
+      <PageHeader
+        title={t('directory.branding.title', 'Organization branding')}
+        description={t(
+          'directory.branding.description',
+          'Set the logo used in the backend sidebar for the currently selected organization.',
+        )}
+      />
+      <PageBody>
+        <form className="space-y-5" onSubmit={handleSubmit}>
+          <div className="grid gap-5 lg:grid-cols-[260px_1fr]">
+            <div className="space-y-3">
+              <div className="flex aspect-square w-full max-w-[220px] items-center justify-center overflow-hidden rounded-lg border bg-muted/30">
+                {currentPreviewUrl ? (
+                  <img
+                    src={currentPreviewUrl}
+                    alt={t('directory.branding.previewAlt', '{{name}} logo preview', { name: data.organizationName })}
+                    className="h-full w-full object-contain"
+                  />
+                ) : (
+                  <ImagePlus className="size-10 text-muted-foreground" aria-hidden />
+                )}
+              </div>
+              <p className="text-sm font-medium text-foreground">{data.organizationName}</p>
+              <p className="text-xs text-muted-foreground">
+                {t('directory.branding.currentScope', 'Current organization')}
+              </p>
+            </div>
+
+            <div className="space-y-4">
+              <div className="space-y-2">
+                <label htmlFor="organization-logo-file" className="text-sm font-medium">
+                  {t('directory.branding.file.label', 'Upload logo')}
+                </label>
+                <Input
+                  ref={fileInputRef}
+                  id="organization-logo-file"
+                  type="file"
+                  accept="image/png,image/jpeg,image/webp,image/svg+xml"
+                  onChange={(event) => {
+                    const file = event.currentTarget.files?.[0]
+                    if (!file) return
+                    setSelectedFile(file)
+                  }}
+                />
+                <p className="text-xs text-muted-foreground">
+                  {t('directory.branding.file.hint', 'PNG, JPG, WebP, or SVG works best. Uploaded files are stored as organization attachments.')}
+                </p>
+              </div>
+
+              <div className="space-y-2">
+                <label htmlFor="organization-logo-url" className="text-sm font-medium">
+                  {t('directory.branding.url.label', 'Logo URL')}
+                </label>
+                <Input
+                  id="organization-logo-url"
+                  value={logoUrl}
+                  onChange={(event) => setLogoUrl(event.currentTarget.value)}
+                  placeholder={t('directory.branding.url.placeholder', 'https://example.com/logo.svg')}
+                />
+                <p className="text-xs text-muted-foreground">
+                  {t('directory.branding.url.hint', 'Use an external image URL or leave empty to fall back to the default Open Mercato logo.')}
+                </p>
+              </div>
+
+              <div className="flex flex-wrap items-center gap-2">
+                <Button type="submit" disabled={saving}>
+                  {saving ? <Loader2 className="mr-2 size-4 animate-spin" aria-hidden /> : <Save className="mr-2 size-4" aria-hidden />}
+                  {t('directory.branding.actions.save', 'Save branding')}
+                </Button>
+                <Button
+                  type="button"
+                  variant="outline"
+                  disabled={saving}
+                  onClick={() => {
+                    setSelectedFile(null)
+                    if (fileInputRef.current) fileInputRef.current.value = ''
+                    setLogoUrl('')
+                    void saveBranding('', { skipUpload: true })
+                  }}
+                >
+                  <RotateCcw className="mr-2 size-4" aria-hidden />
+                  {t('directory.branding.actions.reset', 'Use default logo')}
+                </Button>
+              </div>
+            </div>
+          </div>
+        </form>
+      </PageBody>
+    </Page>
+  )
+}

package/src/modules/directory/commands/organizations.ts

@@ -84,6 +84,7 @@ type OrganizationUndoSnapshot = {
   tenantId: string | null
   name: string
   slug?: string | null
+  logoUrl?: string | null
   isActive: boolean
   parentId: string | null
   childParents: ChildParentSnapshot[]
@@ -120,6 +121,7 @@ function serializeOrganization(entity: Organization, custom?: Record<string, unk
     tenantId: resolveTenantIdFromEntity(entity),
     name: entity.name,
     slug: entity.slug ?? null,
+    logoUrl: entity.logoUrl ?? null,
     isActive: !!entity.isActive,
     parentId: entity.parentId ?? null,
     ancestorIds: Array.isArray(entity.ancestorIds) ? [...entity.ancestorIds] : [],
@@ -144,6 +146,7 @@ function captureOrganizationSnapshots(
       tenantId,
       name: entity.name,
       slug: entity.slug ?? null,
+      logoUrl: entity.logoUrl ?? null,
       isActive: !!entity.isActive,
       parentId: entity.parentId ?? null,
       childParents: (childParents ?? []).map((entry) => ({
@@ -303,6 +306,7 @@ const createOrganizationCommand: CommandHandler<Record<string, unknown>, Organiz
             tenant: tenantRef,
             name: parsed.name,
             slug,
+            logoUrl: parsed.logoUrl ?? null,
             isActive: parsed.isActive ?? true,
             parentId,
           },
@@ -429,6 +433,7 @@ const createOrganizationCommand: CommandHandler<Record<string, unknown>, Organiz
           existing.deletedAt = null
           existing.name = after.name
           if (after.slug !== undefined) existing.slug = after.slug ?? null
+          if (after.logoUrl !== undefined) existing.logoUrl = after.logoUrl ?? null
           existing.isActive = after.isActive
           existing.parentId = after.parentId
           await em.flush()
@@ -440,6 +445,7 @@ const createOrganizationCommand: CommandHandler<Record<string, unknown>, Organiz
               id: after.id,
               name: after.name,
               slug: after.slug ?? null,
+              logoUrl: after.logoUrl ?? null,
               tenant: em.getReference(Tenant, tenantId),
               isActive: after.isActive,
               parentId: after.parentId,
@@ -564,6 +570,7 @@ const updateOrganizationCommand: CommandHandler<Record<string, unknown>, Organiz
           apply: (entity) => {
             if (parsed.name !== undefined) entity.name = parsed.name
             if (resolvedSlug !== undefined) entity.slug = resolvedSlug
+            if (parsed.logoUrl !== undefined) entity.logoUrl = parsed.logoUrl ?? null
             if (parsed.isActive !== undefined) entity.isActive = parsed.isActive
             entity.parentId = parentId
           },
@@ -630,7 +637,7 @@ const updateOrganizationCommand: CommandHandler<Record<string, unknown>, Organiz
       organizationId: String(result.id),
     })
     const after = serializeOrganization(result, custom)
-    const changes = buildChanges(beforeRecord, after as Record<string, unknown>, ['name', 'slug', 'isActive', 'parentId'])
+    const changes = buildChanges(beforeRecord, after as Record<string, unknown>, ['name', 'slug', 'logoUrl', 'isActive', 'parentId'])
     const customDiff = diffCustomFieldChanges(beforeRecord?.custom, custom)
     for (const [key, diff] of Object.entries(customDiff)) {
       changes[`cf_${key}`] = diff
@@ -667,6 +674,7 @@ const updateOrganizationCommand: CommandHandler<Record<string, unknown>, Organiz
           apply: (entity) => {
             entity.name = before.name
             if (before.slug !== undefined) entity.slug = before.slug
+            if (before.logoUrl !== undefined) entity.logoUrl = before.logoUrl ?? null
             entity.isActive = before.isActive
             entity.parentId = before.parentId
           },

package/src/modules/directory/data/entities.ts

@@ -40,6 +40,9 @@ export class Organization {
   @Property({ type: 'text', nullable: true })
   slug?: string | null
 
+  @Property({ name: 'logo_url', type: 'text', nullable: true })
+  logoUrl?: string | null
+
   @Property({ name: 'is_active', type: 'boolean', default: true })
   isActive: boolean = true
 

package/src/modules/directory/data/validators.ts

@@ -12,11 +12,22 @@ export const tenantUpdateSchema = z.object({
 })
 
 const slugField = z.string().trim().toLowerCase().regex(/^[a-z0-9\-_]+$/).max(150).optional().nullable()
+const logoUrlField = z
+  .union([
+    z.string().trim().url().max(2048).refine(
+      (value) => value.startsWith('https://') || value.startsWith('http://'),
+      { message: 'Logo URL must use http or https.' },
+    ),
+    z.string().trim().regex(/^\/api\/attachments\/(?:image|file)\/[A-Za-z0-9%_.~/?=&-]+$/).max(2048),
+  ])
+  .optional()
+  .nullable()
 
 export const organizationCreateSchema = z.object({
   tenantId: z.string().uuid().optional(),
   name: z.string().min(1).max(200),
   slug: slugField,
+  logoUrl: logoUrlField,
   isActive: z.boolean().optional(),
   parentId: z.string().uuid().nullable().optional(),
   childIds: z.array(z.string().uuid()).optional(),
@@ -27,6 +38,7 @@ export const organizationUpdateSchema = z.object({
   tenantId: z.string().uuid().optional(),
   name: z.string().min(1).max(200).optional(),
   slug: slugField,
+  logoUrl: logoUrlField,
   isActive: z.boolean().optional(),
   parentId: z.string().uuid().nullable().optional(),
   childIds: z.array(z.string().uuid()).optional(),