npm - create-crm-tmp - Versions diffs - 1.1.2 → 2.0.0 - Mend

create-crm-tmp 1.1.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (220) hide show

package/template/src/app/api/contacts/[id]/route.ts CHANGED Viewed

@@ -1,8 +1,12 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 import { logStatusChange, logContactUpdate, logAssignmentChange } from '@/lib/contact-interactions';
-import { executeWorkflowsOnStatusChanged } from '@/lib/workflow-executor';
+import {
+  executeWorkflowsOnStatusChanged,
+  executeWorkflowsOnAssignmentChanged,
+} from '@/lib/workflow-executor';
 import { normalizePhoneNumber } from '@/lib/utils';
 // GET /api/contacts/[id] - Récupérer un contact spécifique avec ses interactions
@@ -16,18 +20,22 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const [canViewAll, canViewOwn] = await Promise.all([
+      checkPermission('contacts.view_all'),
+      checkPermission('contacts.view_own'),
+    ]);
+    if (!canViewAll && !canViewOwn) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
     const contact = await prisma.contact.findUnique({
       where: { id },
       include: {
         status: true,
-        companyRelation: {
-          select: { id: true, firstName: true, lastName: true, isCompany: true },
-        },
-        contacts: {
-          select: { id: true, firstName: true, lastName: true, isCompany: true },
-        },
+        company: { select: { id: true, name: true, phone: true, email: true } },
         assignedCommercial: {
           select: { id: true, name: true, email: true },
         },
@@ -37,6 +45,27 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
         createdBy: {
           select: { id: true, name: true, email: true },
         },
+        tourLinks: {
+          include: {
+            tour: {
+              select: {
+                id: true,
+                number: true,
+              },
+            },
+          },
+        },
+        transactions: {
+          select: {
+            id: true,
+            status: true,
+            totalAmountCents: true,
+            signedAt: true,
+            createdAt: true,
+            updatedAt: true,
+          },
+          orderBy: { createdAt: 'desc' },
+        },
         interactions: {
           include: {
             user: {
@@ -60,6 +89,19 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
+    // Vérifier l'accès si l'utilisateur ne peut voir que ses propres contacts
+    if (!canViewAll && canViewOwn) {
+      const isOwner =
+        contact.assignedCommercialId === session.user.id ||
+        contact.assignedTeleproId === session.user.id ||
+        contact.createdById === session.user.id;
+      const isUnassigned = !contact.assignedCommercialId && !contact.assignedTeleproId;
+      const canViewUnassigned = await checkPermission('contacts.view_unassigned');
+      if (!isOwner && !(isUnassigned && canViewUnassigned)) {
+        return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+      }
+    }
     return NextResponse.json(contact);
   } catch (error: any) {
     console.error('Erreur lors de la récupération du contact:', error);
@@ -78,6 +120,15 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const [canEditAll, canEditOwn] = await Promise.all([
+      checkPermission('contacts.edit_all'),
+      checkPermission('contacts.edit_own'),
+    ]);
+    if (!canEditAll && !canEditOwn) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
     const body = await request.json();
     const {
@@ -91,9 +142,8 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       city,
       postalCode,
       origin,
-      companyName,
-      isCompany,
       companyId,
+      jobTitle,
       statusId,
       closingReason,
       assignedCommercialId,
@@ -105,9 +155,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       where: { id },
       include: {
         status: true,
-        companyRelation: {
-          select: { id: true, firstName: true, lastName: true, isCompany: true },
-        },
+        company: { select: { id: true, name: true, phone: true, email: true } },
         assignedCommercial: {
           select: { id: true, name: true, email: true },
         },
@@ -121,6 +169,17 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
+    // Vérifier la propriété si l'utilisateur ne peut modifier que ses contacts
+    if (!canEditAll && canEditOwn) {
+      const isOwner =
+        existing.assignedCommercialId === session.user.id ||
+        existing.assignedTeleproId === session.user.id ||
+        existing.createdById === session.user.id;
+      if (!isOwner) {
+        return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+      }
+    }
     // Validation : si phone est fourni, il ne peut pas être vide
     if (phone !== undefined && !phone) {
       return NextResponse.json({ error: 'Le téléphone ne peut pas être vide' }, { status: 400 });
@@ -141,9 +200,8 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       city: city !== undefined ? city || null : existing.city,
       postalCode: postalCode !== undefined ? postalCode || null : existing.postalCode,
       origin: origin !== undefined ? origin || null : existing.origin,
-      companyName: companyName !== undefined ? companyName || null : existing.companyName,
-      isCompany: isCompany !== undefined ? isCompany === true : existing.isCompany,
       companyId: companyId !== undefined ? companyId || null : existing.companyId,
+      jobTitle: jobTitle !== undefined ? jobTitle || null : existing.jobTitle,
       statusId: statusId !== undefined ? statusId || null : existing.statusId,
       closingReason: closingReason !== undefined ? closingReason || null : existing.closingReason,
       assignedCommercialId:
@@ -188,8 +246,8 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
     if (origin !== undefined && origin !== existing.origin) {
       changes.origin = { old: existing.origin, new: origin };
     }
-    if (companyName !== undefined && companyName !== existing.companyName) {
-      changes.companyName = { old: existing.companyName, new: companyName };
+    if (jobTitle !== undefined && jobTitle !== existing.jobTitle) {
+      changes.jobTitle = { old: existing.jobTitle, new: jobTitle };
     }
     if (closingReason !== undefined && closingReason !== existing.closingReason) {
       changes.closingReason = { old: existing.closingReason, new: closingReason };
@@ -272,6 +330,21 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
         );
       }
+      // Déclencher les workflows CONTACT_ASSIGNMENT_CHANGED si l'assignation a changé
+      const commercialChanged =
+        assignedCommercialId !== undefined &&
+        normalizedExistingCommercial !== normalizedNewCommercial;
+      const teleproChanged =
+        assignedTeleproId !== undefined && normalizedExistingTelepro !== normalizedNewTelepro;
+      if (commercialChanged || teleproChanged) {
+        try {
+          await executeWorkflowsOnAssignmentChanged(id);
+        } catch (workflowError) {
+          console.error("Erreur lors de l'exécution des workflows assignation:", workflowError);
+        }
+      }
       // Changements de champs de contact
       if (Object.keys(changes).length > 0) {
         await logContactUpdate(id, changes, session.user.id);
@@ -294,13 +367,21 @@ export async function DELETE(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
-    // Vérifier que l'utilisateur est administrateur
-    const { requireAdmin } = await import('@/lib/roles');
-    await requireAdmin(request.headers);
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+    const canDelete = await checkPermission('contacts.delete');
+    if (!canDelete) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
-    // Vérifier que le contact existe
     const existing = await prisma.contact.findUnique({
       where: { id },
     });
@@ -309,6 +390,16 @@ export async function DELETE(
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
+    const transactionsCount = await prisma.transaction.count({
+      where: { contactId: id },
+    });
+    if (transactionsCount > 0) {
+      return NextResponse.json(
+        { error: 'Impossible de supprimer un contact ayant des transactions' },
+        { status: 400 },
+      );
+    }
     await prisma.contact.delete({
       where: { id },
     });

package/template/src/app/api/contacts/[id]/send-email/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 import nodemailer from 'nodemailer';
 import { decrypt } from '@/lib/encryption';
@@ -25,6 +26,11 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canSendEmail = await checkPermission('contacts.send_email');
+    if (!canSendEmail) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
     // Récupérer FormData

package/template/src/app/api/contacts/[id]/workflows/run/route.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+import { executeWorkflowManually } from '@/lib/workflow-executor';
+/**
+ * POST /api/contacts/[id]/workflows/run
+ * Déclenche manuellement un workflow sur un contact
+ * Body: { workflowId: string }
+ */
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+    const { id: contactId } = await params;
+    const { workflowId } = await request.json();
+    if (!workflowId) {
+      return NextResponse.json({ error: 'workflowId est requis' }, { status: 400 });
+    }
+    const contact = await prisma.contact.findUnique({ where: { id: contactId } });
+    if (!contact) {
+      return NextResponse.json({ error: 'Contact introuvable' }, { status: 404 });
+    }
+    await executeWorkflowManually(workflowId, contactId);
+    return NextResponse.json({ success: true, message: 'Workflow exécuté avec succès' });
+  } catch (error: any) {
+    console.error('Erreur lors du déclenchement manuel du workflow:', error);
+    return NextResponse.json({ error: error.message || 'Erreur serveur' }, { status: 500 });
+  }
+}
+/**
+ * GET /api/contacts/[id]/workflows/run
+ * Liste les workflows MANUAL actifs disponibles
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+    const workflows = await prisma.workflow.findMany({
+      where: { active: true, triggerType: 'MANUAL' },
+      select: { id: true, name: true, description: true },
+      orderBy: { name: 'asc' },
+    });
+    return NextResponse.json(workflows);
+  } catch (error: any) {
+    console.error('Erreur lors de la récupération des workflows manuels:', error);
+    return NextResponse.json({ error: error.message || 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/contacts/export/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 import { getFileInfo } from '@/lib/google-drive';
 // POST /api/contacts/export - Exporter des contacts en CSV ou Excel
@@ -14,17 +15,9 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
-    // Vérifier que l'utilisateur est admin
-    const user = await prisma.user.findUnique({
-      where: { id: session.user.id },
-      select: { role: true },
-    });
-    if (user?.role !== 'ADMIN') {
-      return NextResponse.json(
-        { error: 'Accès refusé. Seuls les administrateurs peuvent exporter des contacts.' },
-        { status: 403 },
-      );
+    const canExport = await checkPermission('contacts.export');
+    if (!canExport) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
     }
     const body = await request.json();
@@ -38,14 +31,13 @@ export async function POST(request: NextRequest) {
     }
     // Construire la requête pour récupérer les contacts
-    const where: any = { isCompany: false };
+    const where: any =
+      contactIds && Array.isArray(contactIds) && contactIds.length > 0
+        ? { id: { in: contactIds } }
+        : {};
-    // Si des IDs sont fournis, exporter seulement ces contacts
-    if (contactIds && Array.isArray(contactIds) && contactIds.length > 0) {
-      where.id = { in: contactIds };
-    }
+    const MAX_EXPORT = 10_000;
-    // Récupérer les contacts avec toutes les relations nécessaires (notes et fichiers inclus)
     const contacts = await prisma.contact.findMany({
       where,
       include: {
@@ -72,6 +64,7 @@ export async function POST(request: NextRequest) {
             },
           },
           orderBy: { createdAt: 'desc' },
+          take: 50,
         },
         files: {
           select: {
@@ -82,9 +75,11 @@ export async function POST(request: NextRequest) {
             createdAt: true,
           },
           orderBy: { createdAt: 'desc' },
+          take: 20,
         },
       },
       orderBy: { createdAt: 'desc' },
+      take: MAX_EXPORT,
     });
     if (contacts.length === 0) {

package/template/src/app/api/contacts/import/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 import { handleContactDuplicate } from '@/lib/contact-duplicate';
 import { normalizePhoneNumber } from '@/lib/utils';
@@ -15,10 +16,18 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canImport = await checkPermission('contacts.import');
+    if (!canImport) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const formData = await request.formData();
     const file = formData.get('file') as File;
     const fieldMappingsJson = formData.get('fieldMappings') as string;
     const skipFirstRow = formData.get('skipFirstRow') === 'true';
+    const selectedSheetName = (formData.get('sheetName') as string) || undefined;
+    const headerRowStr = formData.get('headerRow') as string | null;
+    const headerRow = headerRowStr ? Number.parseInt(headerRowStr, 10) : 0;
     // Récupérer les valeurs par défaut
     const defaultStatusId = formData.get('defaultStatusId') as string | null;
@@ -64,14 +73,16 @@ export async function POST(request: NextRequest) {
       const text = await file.text();
       rows = parseCSV(text);
     } else if (fileExtension === 'xlsx' || fileExtension === 'xls') {
-      // Parser Excel
       try {
         const XLSX = require('xlsx');
         const buffer = await file.arrayBuffer();
         const workbook = XLSX.read(buffer, { type: 'array' });
-        const sheetName = workbook.SheetNames[0];
+        const sheetName =
+          selectedSheetName && workbook.SheetNames.includes(selectedSheetName)
+            ? selectedSheetName
+            : workbook.SheetNames[0];
         const worksheet = workbook.Sheets[sheetName];
-        rows = XLSX.utils.sheet_to_json(worksheet, { raw: false });
+        rows = XLSX.utils.sheet_to_json(worksheet, { raw: false, range: headerRow });
       } catch (error) {
         return NextResponse.json(
           { error: 'Erreur lors du parsing Excel. Assurez-vous que xlsx est installé.' },
@@ -92,7 +103,11 @@ export async function POST(request: NextRequest) {
     // Ignorer la première ligne si c'est un en-tête
     const dataRows = skipFirstRow ? rows.slice(1) : rows;
-    // Valider et mapper les données
+    // Pré-charger tous les statuts pour éviter des requêtes N+1 dans la boucle
+    const allStatuses = await prisma.status.findMany();
+    const statusByName = new Map(allStatuses.map((s) => [s.name, s.id]));
+    const defaultNewStatusId = statusByName.get('Nouveau') || null;
     const contactsToCreate: any[] = [];
     const errors: string[] = [];
     const skipped: number[] = [];
@@ -102,38 +117,26 @@ export async function POST(request: NextRequest) {
       const rowNumber = skipFirstRow ? i + 2 : i + 1;
       try {
-        // Mapper les colonnes selon le mapping fourni
         const phone = getValueFromRow(row, mapping.phone);
         if (!phone) {
           skipped.push(rowNumber);
-          continue; // Le téléphone est obligatoire
+          continue;
         }
-        // Normaliser le numéro de téléphone au format : 0X XX XX XX XX
         const normalizedPhone = normalizePhoneNumber(phone.toString());
-        // Déterminer le statusId : utiliser le mapping si fourni, sinon le statut par défaut fourni
         let statusId = null;
         if (mapping.statusId) {
           const mappedStatus = getValueFromRow(row, mapping.statusId);
           if (mappedStatus) {
-            // Si une valeur est mappée, chercher le statut par nom
-            const status = await prisma.status.findUnique({
-              where: { name: mappedStatus },
-            });
-            statusId = status?.id || null;
+            statusId = statusByName.get(mappedStatus) || null;
           }
         }
-        // Si aucun statut n'a été trouvé via le mapping, utiliser le statut par défaut fourni
         if (!statusId && defaultStatusId) {
           statusId = defaultStatusId;
         }
-        // Si toujours aucun statut, utiliser "Nouveau" par défaut
         if (!statusId) {
-          const nouveauStatus = await prisma.status.findUnique({
-            where: { name: 'Nouveau' },
-          });
-          statusId = nouveauStatus?.id || null;
+          statusId = defaultNewStatusId;
         }
         // Déterminer l'origine : utiliser le mapping si fourni, sinon la valeur par défaut fournie

package/template/src/app/api/contacts/import-preview/route.ts ADDED Viewed

@@ -0,0 +1,139 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { checkPermission } from '@/lib/check-permission';
+function parseCsv(
+  text: string,
+  headerRow = 0,
+): {
+  headers: string[];
+  preview: Record<string, string>[];
+  rawRows: string[][];
+} | null {
+  const lines = text.split('\n').filter((line) => line.trim() !== '');
+  if (lines.length === 0) return null;
+  const delimiter = lines[0].includes(';') ? ';' : ',';
+  const strip = (s: string) => s.trim().replaceAll(/(^")|("$)/g, '');
+  const rawRows: string[][] = lines.slice(0, 20).map((line) => line.split(delimiter).map(strip));
+  if (headerRow >= lines.length) return null;
+  const headers = lines[headerRow].split(delimiter).map(strip);
+  const preview: Record<string, string>[] = [];
+  for (let i = headerRow + 1; i < Math.min(headerRow + 6, lines.length); i++) {
+    const values = lines[i].split(delimiter).map(strip);
+    const row: Record<string, string> = {};
+    headers.forEach((header, index) => {
+      row[header] = values[index] || '';
+    });
+    preview.push(row);
+  }
+  return { headers, preview, rawRows };
+}
+function parseExcel(
+  buffer: ArrayBuffer,
+  sheetName?: string,
+  headerRow = 0,
+): {
+  sheetNames: string[];
+  headers: string[];
+  preview: Record<string, string>[];
+  rawRows: string[][];
+} | null {
+  const XLSX = require('xlsx');
+  const workbook = XLSX.read(buffer, { type: 'array' });
+  const sheetNames: string[] = workbook.SheetNames;
+  const targetSheet = sheetName && sheetNames.includes(sheetName) ? sheetName : sheetNames[0];
+  const worksheet = workbook.Sheets[targetSheet];
+  const allRows: string[][] = XLSX.utils.sheet_to_json(worksheet, {
+    header: 1,
+    raw: false,
+    defval: '',
+  });
+  if (allRows.length === 0) return null;
+  const rawRows = allRows
+    .slice(0, 20)
+    .map((row: unknown[]) => row.map((cell) => String(cell ?? '')));
+  if (headerRow >= allRows.length) return null;
+  const headers = allRows[headerRow]
+    .map((cell: unknown) => String(cell ?? '').trim())
+    .filter(Boolean);
+  const preview: Record<string, string>[] = [];
+  for (let i = headerRow + 1; i < Math.min(headerRow + 6, allRows.length); i++) {
+    const values = allRows[i];
+    const row: Record<string, string> = {};
+    headers.forEach((header, index) => {
+      row[header] = String(values[index] ?? '');
+    });
+    preview.push(row);
+  }
+  return { sheetNames, headers, preview, rawRows };
+}
+export async function POST(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+    const hasPermission = await checkPermission('contacts.create');
+    if (!hasPermission) {
+      return NextResponse.json({ error: 'Permission refusée' }, { status: 403 });
+    }
+    const formData = await request.formData();
+    const file = formData.get('file') as File | null;
+    const sheetName = (formData.get('sheetName') as string) || undefined;
+    const headerRowStr = formData.get('headerRow') as string | null;
+    const headerRow = headerRowStr ? Number.parseInt(headerRowStr, 10) : 0;
+    if (!file) {
+      return NextResponse.json({ error: 'Aucun fichier fourni' }, { status: 400 });
+    }
+    const fileExtension = file.name.toLowerCase().split('.').pop();
+    if (fileExtension === 'csv') {
+      const result = parseCsv(await file.text(), headerRow);
+      if (!result) {
+        return NextResponse.json({ error: 'Le fichier est vide' }, { status: 400 });
+      }
+      return NextResponse.json(result);
+    }
+    if (fileExtension === 'xlsx' || fileExtension === 'xls') {
+      try {
+        const result = parseExcel(await file.arrayBuffer(), sheetName, headerRow);
+        if (!result) {
+          return NextResponse.json({ error: 'Le fichier est vide' }, { status: 400 });
+        }
+        return NextResponse.json(result);
+      } catch {
+        return NextResponse.json({ error: 'Erreur lors du parsing Excel.' }, { status: 400 });
+      }
+    }
+    return NextResponse.json(
+      { error: 'Format de fichier non supporté. Utilisez CSV ou Excel (.xlsx, .xls)' },
+      { status: 400 },
+    );
+  } catch (error: unknown) {
+    console.error('Erreur import-preview:', error);
+    const message = error instanceof Error ? error.message : 'Erreur serveur';
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}