create-crm-tmp 1.1.2 → 2.0.0

package/template/src/app/api/companies/route.ts

@@ -0,0 +1,166 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
+
+const createCompanySchema = z.object({
+  name: z.string().trim().min(1, 'Le nom est obligatoire'),
+  phone: z.string().trim().optional().nullable(),
+  email: z.string().email().optional().nullable(),
+  address: z.string().optional().nullable(),
+  city: z.string().optional().nullable(),
+  postalCode: z.string().optional().nullable(),
+  website: z.string().optional().nullable(),
+  siret: z.string().optional().nullable(),
+  industry: z.string().optional().nullable(),
+  notes: z.string().optional().nullable(),
+  assignedCommercialId: z.string().optional().nullable(),
+  assignedTeleproId: z.string().optional().nullable(),
+});
+
+export async function GET(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const [companiesViewAll, companiesViewOwn, contactsViewAll, contactsViewOwn] =
+      await Promise.all([
+        checkPermission('companies.view_all'),
+        checkPermission('companies.view_own'),
+        checkPermission('contacts.view_all'),
+        checkPermission('contacts.view_own'),
+      ]);
+    const canViewAll = companiesViewAll || contactsViewAll;
+    const canViewOwn = companiesViewOwn || contactsViewOwn;
+
+    if (!canViewAll && !canViewOwn) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const { searchParams } = new URL(request.url);
+    const search = searchParams.get('search') || '';
+    const page = Number.parseInt(searchParams.get('page') || '1');
+    const limit = Number.parseInt(searchParams.get('limit') || '50');
+    const all = searchParams.get('all') === 'true';
+    const skip = (page - 1) * limit;
+
+    const where: any = {};
+
+    if (!canViewAll && canViewOwn) {
+      where.OR = [
+        { assignedCommercialId: session.user.id },
+        { assignedTeleproId: session.user.id },
+        { createdById: session.user.id },
+      ];
+    }
+
+    if (search) {
+      where.AND = where.AND || [];
+      where.AND.push({
+        OR: [
+          { name: { contains: search, mode: 'insensitive' } },
+          { email: { contains: search, mode: 'insensitive' } },
+          { phone: { contains: search, mode: 'insensitive' } },
+          { siret: { contains: search, mode: 'insensitive' } },
+        ],
+      });
+    }
+
+    if (all) {
+      const companies = await prisma.company.findMany({
+        where,
+        select: { id: true, name: true },
+        orderBy: { name: 'asc' },
+      });
+      return NextResponse.json(companies);
+    }
+
+    const [companies, total] = await Promise.all([
+      prisma.company.findMany({
+        where,
+        include: {
+          _count: { select: { contacts: true } },
+          assignedCommercial: { select: { id: true, name: true, email: true } },
+          assignedTelepro: { select: { id: true, name: true, email: true } },
+          createdBy: { select: { id: true, name: true, email: true } },
+        },
+        orderBy: { createdAt: 'desc' },
+        skip,
+        take: limit,
+      }),
+      prisma.company.count({ where }),
+    ]);
+
+    return NextResponse.json({
+      companies,
+      pagination: {
+        total,
+        page,
+        limit,
+        totalPages: Math.ceil(total / limit),
+      },
+    });
+  } catch (error) {
+    console.error('Erreur lors de la récupération des entreprises:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const canCreate =
+      (await checkPermission('companies.create')) || (await checkPermission('contacts.create'));
+    if (!canCreate) {
+      return NextResponse.json({ error: 'Permission insuffisante' }, { status: 403 });
+    }
+
+    const json = await request.json();
+    const parseResult = createCompanySchema.safeParse(json);
+
+    if (!parseResult.success) {
+      return NextResponse.json(
+        { error: 'Données invalides', details: parseResult.error.flatten() },
+        { status: 400 },
+      );
+    }
+
+    const data = parseResult.data;
+
+    const company = await prisma.company.create({
+      data: {
+        name: data.name,
+        phone: data.phone || null,
+        email: data.email || null,
+        address: data.address || null,
+        city: data.city || null,
+        postalCode: data.postalCode || null,
+        website: data.website || null,
+        siret: data.siret || null,
+        industry: data.industry || null,
+        notes: data.notes || null,
+        assignedCommercialId: data.assignedCommercialId || null,
+        assignedTeleproId: data.assignedTeleproId || null,
+        createdById: session.user.id,
+      },
+      include: {
+        _count: { select: { contacts: true } },
+        assignedCommercial: { select: { id: true, name: true, email: true } },
+        assignedTelepro: { select: { id: true, name: true, email: true } },
+        createdBy: { select: { id: true, name: true, email: true } },
+      },
+    });
+
+    return NextResponse.json(company, { status: 201 });
+  } catch (error) {
+    console.error("Erreur lors de la création de l'entreprise:", error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/contact-views/[id]/pin/route.ts

@@ -0,0 +1,69 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const { id: viewId } = await params;
+
+    const view = await prisma.contactView.findUnique({ where: { id: viewId } });
+    if (!view) {
+      return NextResponse.json({ error: 'Vue non trouvée' }, { status: 404 });
+    }
+
+    if (view.userId !== session.user.id && !view.isPublic) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const maxPin = await prisma.contactViewPin.aggregate({
+      where: { userId: session.user.id },
+      _max: { pinOrder: true },
+    });
+    const nextOrder = (maxPin._max.pinOrder ?? -1) + 1;
+
+    const pin = await prisma.contactViewPin.upsert({
+      where: {
+        userId_viewId: { userId: session.user.id, viewId },
+      },
+      update: { pinOrder: nextOrder },
+      create: {
+        userId: session.user.id,
+        viewId,
+        pinOrder: nextOrder,
+      },
+    });
+
+    return NextResponse.json(pin, { status: 201 });
+  } catch (error) {
+    console.error("Erreur lors de l'épinglage:", error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const { id: viewId } = await params;
+
+    await prisma.contactViewPin.deleteMany({
+      where: { userId: session.user.id, viewId },
+    });
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Erreur lors du désépinglage:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/contact-views/[id]/route.ts

@@ -0,0 +1,197 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+
+async function getUserPermissions(userId: string): Promise<string[]> {
+  const user = await prisma.user.findUnique({
+    where: { id: userId },
+    include: { customRole: true },
+  });
+  return (user?.customRole?.permissions as string[]) ?? [];
+}
+
+const updateViewSchema = z.object({
+  name: z.string().trim().min(1).optional(),
+  isPublic: z.boolean().optional(),
+  filters: z.array(z.any()).optional(),
+  columns: z
+    .array(
+      z.object({
+        id: z.string(),
+        visible: z.boolean(),
+        order: z.number(),
+      }),
+    )
+    .optional()
+    .nullable(),
+  sortConfig: z
+    .object({
+      field: z.string(),
+      direction: z.enum(['asc', 'desc']),
+    })
+    .optional()
+    .nullable(),
+  isDefault: z.boolean().optional(),
+});
+
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const { id } = await params;
+
+    const view = await prisma.contactView.findUnique({
+      where: { id },
+      include: { user: { select: { id: true, name: true } } },
+    });
+
+    if (!view) {
+      return NextResponse.json({ error: 'Vue non trouvée' }, { status: 404 });
+    }
+
+    if (view.userId !== session.user.id && !view.isPublic) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const pin = await prisma.contactViewPin.findUnique({
+      where: { userId_viewId: { userId: session.user.id, viewId: id } },
+    });
+
+    return NextResponse.json({ ...view, pinOrder: pin?.pinOrder ?? null });
+  } catch (error) {
+    console.error('Erreur lors de la récupération de la vue:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const { id } = await params;
+
+    const existing = await prisma.contactView.findUnique({
+      where: { id },
+    });
+
+    if (!existing) {
+      return NextResponse.json({ error: 'Vue non trouvée' }, { status: 404 });
+    }
+
+    const isOwner = existing.userId === session.user.id;
+    const permissions = await getUserPermissions(session.user.id);
+
+    const canEdit = isOwner
+      ? permissions.includes('contacts.views.edit_own')
+      : permissions.includes('contacts.views.edit_all');
+
+    if (!canEdit) {
+      return NextResponse.json(
+        { error: 'Permission insuffisante pour modifier cette vue' },
+        { status: 403 },
+      );
+    }
+
+    const json = await request.json();
+    const parseResult = updateViewSchema.safeParse(json);
+
+    if (!parseResult.success) {
+      return NextResponse.json(
+        { error: 'Données invalides', details: parseResult.error.flatten() },
+        { status: 400 },
+      );
+    }
+
+    const data = parseResult.data;
+
+    if (data.isPublic !== undefined && !permissions.includes('contacts.views.share')) {
+      return NextResponse.json(
+        { error: 'Permission insuffisante pour modifier la visibilité' },
+        { status: 403 },
+      );
+    }
+
+    if (data.isDefault) {
+      await prisma.contactView.updateMany({
+        where: { userId: session.user.id, isDefault: true },
+        data: { isDefault: false },
+      });
+    }
+
+    const view = await prisma.contactView.update({
+      where: { id },
+      data: {
+        ...(data.name !== undefined && { name: data.name }),
+        ...(data.isPublic !== undefined && { isPublic: data.isPublic }),
+        ...(data.filters !== undefined && { filters: data.filters as any }),
+        ...(data.columns !== undefined && { columns: data.columns as any }),
+        ...(data.sortConfig !== undefined && {
+          sortConfig: data.sortConfig as any,
+        }),
+        ...(data.isDefault !== undefined && { isDefault: data.isDefault }),
+      },
+      include: {
+        user: { select: { id: true, name: true } },
+      },
+    });
+
+    const pin = await prisma.contactViewPin.findUnique({
+      where: { userId_viewId: { userId: session.user.id, viewId: id } },
+    });
+
+    return NextResponse.json({ ...view, pinOrder: pin?.pinOrder ?? null });
+  } catch (error) {
+    console.error('Erreur lors de la modification de la vue:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const { id } = await params;
+
+    const existing = await prisma.contactView.findUnique({
+      where: { id },
+    });
+
+    if (!existing) {
+      return NextResponse.json({ error: 'Vue non trouvée' }, { status: 404 });
+    }
+
+    const isOwner = existing.userId === session.user.id;
+    const permissions = await getUserPermissions(session.user.id);
+
+    const canDelete = isOwner
+      ? permissions.includes('contacts.views.delete_own')
+      : permissions.includes('contacts.views.delete_all');
+
+    if (!canDelete) {
+      return NextResponse.json(
+        { error: 'Permission insuffisante pour supprimer cette vue' },
+        { status: 403 },
+      );
+    }
+
+    await prisma.contactView.delete({ where: { id } });
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Erreur lors de la suppression de la vue:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/contact-views/route.ts

@@ -0,0 +1,146 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+
+async function getUserPermissions(userId: string): Promise<string[]> {
+  const user = await prisma.user.findUnique({
+    where: { id: userId },
+    include: { customRole: true },
+  });
+  return (user?.customRole?.permissions as string[]) ?? [];
+}
+
+const createViewSchema = z.object({
+  name: z.string().trim().min(1, 'Le nom est obligatoire'),
+  isPublic: z.boolean().optional().default(false),
+  entityType: z.enum(['contacts', 'companies']).optional().default('contacts'),
+  filters: z.array(z.any()).optional().default([]),
+  columns: z
+    .array(
+      z.object({
+        id: z.string(),
+        visible: z.boolean(),
+        order: z.number(),
+      }),
+    )
+    .optional()
+    .nullable(),
+  sortConfig: z
+    .object({
+      field: z.string(),
+      direction: z.enum(['asc', 'desc']),
+    })
+    .optional()
+    .nullable(),
+});
+
+export async function GET(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const userId = session.user.id;
+    const { searchParams } = new URL(request.url);
+    const entityType = searchParams.get('entityType') || 'contacts';
+
+    const [views, pins] = await Promise.all([
+      prisma.contactView.findMany({
+        where: {
+          entityType,
+          OR: [{ userId }, { isPublic: true }],
+        },
+        include: {
+          user: { select: { id: true, name: true } },
+        },
+        orderBy: { createdAt: 'asc' },
+      }),
+      prisma.contactViewPin.findMany({
+        where: { userId },
+        orderBy: { pinOrder: 'asc' },
+      }),
+    ]);
+
+    const pinMap = new Map(pins.map((p) => [p.viewId, p.pinOrder]));
+
+    const viewsWithPins = views.map((v) => ({
+      ...v,
+      pinOrder: pinMap.get(v.id) ?? null,
+    }));
+
+    viewsWithPins.sort((a, b) => {
+      const aPinned = a.pinOrder != null;
+      const bPinned = b.pinOrder != null;
+      if (aPinned && !bPinned) return -1;
+      if (!aPinned && bPinned) return 1;
+      if (aPinned && bPinned) return a.pinOrder! - b.pinOrder!;
+      // Vues non épinglées : ordre stable par date de création puis par nom
+      const createdCmp = new Date(a.createdAt).getTime() - new Date(b.createdAt).getTime();
+      if (createdCmp !== 0) return createdCmp;
+      return (a.name || '').localeCompare(b.name || '', 'fr');
+    });
+
+    return NextResponse.json(viewsWithPins);
+  } catch (error) {
+    console.error('Erreur lors de la récupération des vues:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const permissions = await getUserPermissions(session.user.id);
+    if (!permissions.includes('contacts.views.create')) {
+      return NextResponse.json(
+        { error: 'Permission insuffisante pour créer une vue' },
+        { status: 403 },
+      );
+    }
+
+    const json = await request.json();
+    const parseResult = createViewSchema.safeParse(json);
+
+    if (!parseResult.success) {
+      return NextResponse.json(
+        { error: 'Données invalides', details: parseResult.error.flatten() },
+        { status: 400 },
+      );
+    }
+
+    const { name, isPublic, entityType, filters, columns, sortConfig } = parseResult.data;
+
+    if (isPublic && !permissions.includes('contacts.views.share')) {
+      return NextResponse.json(
+        { error: 'Permission insuffisante pour partager une vue' },
+        { status: 403 },
+      );
+    }
+
+    const view = await prisma.contactView.create({
+      data: {
+        name,
+        userId: session.user.id,
+        isPublic,
+        entityType,
+        filters: filters as any,
+        columns: columns as any,
+        sortConfig: sortConfig as any,
+      },
+      include: {
+        user: { select: { id: true, name: true } },
+      },
+    });
+
+    return NextResponse.json({ ...view, pinOrder: null }, { status: 201 });
+  } catch (error) {
+    console.error('Erreur lors de la création de la vue:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/contacts/[id]/files/[fileId]/preview/route.ts

@@ -0,0 +1,77 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
+import { downloadFileFromDrive } from '@/lib/google-drive';
+
+// GET /api/contacts/[id]/files/[fileId]/preview - Prévisualiser une image de fichier contact
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string; fileId: string }> },
+) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const canViewFiles = await checkPermission('contacts.view_files');
+    if (!canViewFiles) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const { id: contactId, fileId } = await params;
+
+    const contact = await prisma.contact.findUnique({
+      where: { id: contactId },
+      select: { id: true },
+    });
+
+    if (!contact) {
+      return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
+    }
+
+    const file = await prisma.contactFile.findUnique({
+      where: { id: fileId },
+      select: {
+        id: true,
+        contactId: true,
+        fileName: true,
+        mimeType: true,
+        googleDriveFileId: true,
+      },
+    });
+
+    if (!file) {
+      return NextResponse.json({ error: 'Fichier non trouvé' }, { status: 404 });
+    }
+
+    if (file.contactId !== contactId) {
+      return NextResponse.json({ error: 'Fichier non associé à ce contact' }, { status: 403 });
+    }
+
+    if (!file.mimeType.startsWith('image/')) {
+      return NextResponse.json({ error: 'Prévisualisation disponible uniquement pour les images' }, { status: 404 });
+    }
+
+    const downloaded = await downloadFileFromDrive(session.user.id, file.googleDriveFileId);
+
+    return new NextResponse(new Uint8Array(downloaded.buffer), {
+      status: 200,
+      headers: {
+        'Content-Type': file.mimeType,
+        'Cache-Control': 'private, max-age=300',
+        'Content-Disposition': `inline; filename="${encodeURIComponent(file.fileName)}"`,
+      },
+    });
+  } catch (error: any) {
+    console.error("Erreur lors de la prévisualisation d'image:", error);
+    return NextResponse.json(
+      { error: error.message || "Erreur lors de la prévisualisation de l'image" },
+      { status: 500 },
+    );
+  }
+}