npm - create-crm-tmp - Versions diffs - 2.0.0 → 2.1.0 - Mend

create-crm-tmp 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/template/src/app/api/contacts/[id]/interactions/[interactionId]/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 // PUT /api/contacts/[id]/interactions/[interactionId] - Mettre à jour une interaction
 export async function PUT(
@@ -65,7 +66,32 @@ export async function DELETE(
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
-    const { interactionId } = await params;
+    const [canEditAll, canEditOwn] = await Promise.all([
+      checkPermission('contacts.edit_all'),
+      checkPermission('contacts.edit_own'),
+    ]);
+    if (!canEditAll && !canEditOwn) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+    const { id: contactId, interactionId } = await params;
+    // Vérifier la propriété si l'utilisateur ne peut modifier que ses contacts
+    if (!canEditAll && canEditOwn) {
+      const contact = await prisma.contact.findUnique({
+        where: { id: contactId },
+      });
+      if (contact) {
+        const isOwner =
+          contact.assignedCommercialId === session.user.id ||
+          contact.assignedTeleproId === session.user.id ||
+          contact.createdById === session.user.id;
+        if (!isOwner) {
+          return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+        }
+      }
+    }
     // Vérifier que l'interaction existe
     const existing = await prisma.interaction.findUnique({

package/template/src/app/api/contacts/[id]/interactions/route.ts CHANGED Viewed

@@ -16,19 +16,19 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     const { id } = await params;
-    // Vérifier que le contact existe
-    const contact = await prisma.contact.findUnique({
-      where: { id },
-    });
+    // Vérifier que le contact existe et les permissions en parallèle
+    const [contact, canViewAll, canViewOwn] = await Promise.all([
+      prisma.contact.findUnique({
+        where: { id },
+      }),
+      checkPermission('contacts.view_all'),
+      checkPermission('contacts.view_own'),
+    ]);
     if (!contact) {
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
-    // Vérifier les permissions
-    const canViewAll = await checkPermission('contacts.view_all');
-    const canViewOwn = await checkPermission('contacts.view_own');
     if (!canViewAll && !canViewOwn) {
       return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
     }
@@ -88,19 +88,19 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Le type et le contenu sont requis' }, { status: 400 });
     }
-    // Vérifier que le contact existe
-    const contact = await prisma.contact.findUnique({
-      where: { id },
-    });
+    // Vérifier que le contact existe et les permissions d'édition en parallèle
+    const [contact, canEditAll, canEditOwn] = await Promise.all([
+      prisma.contact.findUnique({
+        where: { id },
+      }),
+      checkPermission('contacts.edit_all'),
+      checkPermission('contacts.edit_own'),
+    ]);
     if (!contact) {
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
-    // Vérifier les permissions d'édition
-    const canEditAll = await checkPermission('contacts.edit_all');
-    const canEditOwn = await checkPermission('contacts.edit_own');
     if (!canEditAll && !canEditOwn) {
       return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
     }

package/template/src/app/api/contacts/[id]/kyc/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 // PUT /api/contacts/[id]/kyc - Mettre à jour les informations KYC d'un contact
 export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
@@ -13,6 +14,15 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const [canEditAll, canEditOwn] = await Promise.all([
+      checkPermission('contacts.edit_all'),
+      checkPermission('contacts.edit_own'),
+    ]);
+    if (!canEditAll && !canEditOwn) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
     const body = await request.json();
@@ -27,6 +37,17 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
+    // Vérifier la propriété si l'utilisateur ne peut modifier que ses contacts
+    if (!canEditAll && canEditOwn) {
+      const isOwner =
+        contact.assignedCommercialId === session.user.id ||
+        contact.assignedTeleproId === session.user.id ||
+        contact.createdById === session.user.id;
+      if (!isOwner) {
+        return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+      }
+    }
     // Mettre à jour les informations KYC
     const updatedContact = await prisma.contact.update({
       where: { id },
@@ -52,17 +73,6 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       },
     });
-    // Mettre à jour le statut des transactions en attente de vérification
-    await prisma.transaction.updateMany({
-      where: {
-        contactId: id,
-        status: 'PENDING_ID_VERIFICATION',
-      },
-      data: {
-        status: 'PENDING_ID_VERIFICATION', // Reste en attente jusqu'à vérification admin
-      },
-    });
     return NextResponse.json(updatedContact);
   } catch (error: any) {
     console.error('Erreur lors de la mise à jour des informations KYC:', error);

package/template/src/app/api/contacts/[id]/meet/route.ts CHANGED Viewed

@@ -1,10 +1,12 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 import {
   getValidAccessToken,
   createGoogleCalendarEvent,
   extractMeetLink,
+  assertWritableGoogleCalendar,
 } from '@/lib/google-calendar';
 import nodemailer from 'nodemailer';
 import { decrypt, encrypt } from '@/lib/encryption';
@@ -36,6 +38,11 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canCreateTask = await checkPermission('tasks.create');
+    if (!canCreateTask) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id: contactId } = await params;
     const body = await request.json();
     const {
@@ -46,6 +53,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       attendees = [],
       reminderMinutesBefore,
       internalNote,
+      googleCalendarId: bodyGoogleCalendarId,
     } = body;
     // Validation
@@ -73,7 +81,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
         {
           error:
             error.message ||
-            'Veuillez connecter votre compte Google dans les paramètres pour utiliser Google Calendar.',
+            'Veuillez connecter votre compte Google dans les paramètres pour créer une visioconférence.',
+          configLink: '/settings?section=integrations',
         },
         { status: 400 },
       );
@@ -115,10 +124,17 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       }
     });
+    const targetCalendarId =
+      typeof bodyGoogleCalendarId === 'string' && bodyGoogleCalendarId.trim() !== ''
+        ? bodyGoogleCalendarId.trim()
+        : googleAccount.defaultGoogleCalendarId?.trim() || 'primary';
+    await assertWritableGoogleCalendar(accessToken, targetCalendarId);
     // Créer l'évènement Google Calendar avec Meet
     let googleEvent;
     try {
-      googleEvent = await createGoogleCalendarEvent(accessToken, {
+      googleEvent = await createGoogleCalendarEvent(accessToken, targetCalendarId, {
         summary: title,
         description: description || '',
         start: {
@@ -159,6 +175,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
         assignedUserId: session.user.id,
         createdById: session.user.id,
         googleEventId: googleEvent.id,
+        googleCalendarId: targetCalendarId === 'primary' ? null : targetCalendarId,
         googleMeetLink: meetLink,
         durationMinutes,
         internalNote: internalNote || null,

package/template/src/app/api/contacts/[id]/route.ts CHANGED Viewed

@@ -45,27 +45,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
         createdBy: {
           select: { id: true, name: true, email: true },
         },
-        tourLinks: {
-          include: {
-            tour: {
-              select: {
-                id: true,
-                number: true,
-              },
-            },
-          },
-        },
-        transactions: {
-          select: {
-            id: true,
-            status: true,
-            totalAmountCents: true,
-            signedAt: true,
-            createdAt: true,
-            updatedAt: true,
-          },
-          orderBy: { createdAt: 'desc' },
-        },
         interactions: {
           include: {
             user: {
@@ -102,7 +81,11 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       }
     }
-    return NextResponse.json(contact);
+    return NextResponse.json(contact, {
+      headers: {
+        'Cache-Control': 'private, no-store, max-age=0, must-revalidate',
+      },
+    });
   } catch (error: any) {
     console.error('Erreur lors de la récupération du contact:', error);
     return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
@@ -142,8 +125,11 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       city,
       postalCode,
       origin,
+      companyName,
       companyId,
       jobTitle,
+      website,
+      socialNetworks,
       statusId,
       closingReason,
       assignedCommercialId,
@@ -180,6 +166,50 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       }
     }
+    const canAssignFull = await checkPermission('contacts.assign');
+    const canAssignToSales = await checkPermission('contacts.assign_to_sales');
+    const isChangingCommercial =
+      assignedCommercialId !== undefined &&
+      (assignedCommercialId || null) !== (existing.assignedCommercialId || null);
+    const isChangingTelepro =
+      assignedTeleproId !== undefined &&
+      (assignedTeleproId || null) !== (existing.assignedTeleproId || null);
+    if (isChangingCommercial || isChangingTelepro) {
+      if (!canAssignFull && !canAssignToSales) {
+        return NextResponse.json(
+          { error: "Vous n'avez pas le droit d'assigner des contacts" },
+          { status: 403 },
+        );
+      }
+      if (canAssignToSales && !canAssignFull) {
+        if (isChangingCommercial && assignedCommercialId) {
+          const commercialUser = await prisma.user.findUnique({
+            where: { id: assignedCommercialId },
+            select: { role: true },
+          });
+          if (!commercialUser || commercialUser.role !== 'COMMERCIAL') {
+            return NextResponse.json(
+              { error: "Vous ne pouvez assigner qu'à un commercial" },
+              { status: 403 },
+            );
+          }
+        }
+        if (isChangingTelepro && assignedTeleproId) {
+          const teleproUser = await prisma.user.findUnique({
+            where: { id: assignedTeleproId },
+            select: { role: true },
+          });
+          if (!teleproUser || teleproUser.role !== 'TELEPRO') {
+            return NextResponse.json(
+              { error: "Vous ne pouvez assigner qu'à un télépro" },
+              { status: 403 },
+            );
+          }
+        }
+      }
+    }
     // Validation : si phone est fourni, il ne peut pas être vide
     if (phone !== undefined && !phone) {
       return NextResponse.json({ error: 'Le téléphone ne peut pas être vide' }, { status: 400 });
@@ -200,8 +230,14 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       city: city !== undefined ? city || null : existing.city,
       postalCode: postalCode !== undefined ? postalCode || null : existing.postalCode,
       origin: origin !== undefined ? origin || null : existing.origin,
+      companyName: companyName !== undefined ? companyName || null : existing.companyName,
       companyId: companyId !== undefined ? companyId || null : existing.companyId,
       jobTitle: jobTitle !== undefined ? jobTitle || null : existing.jobTitle,
+      website: website !== undefined ? (website && website.trim() ? website : null) : existing.website,
+      socialNetworks:
+        socialNetworks !== undefined
+          ? (Array.isArray(socialNetworks) && socialNetworks.length > 0 ? socialNetworks : null)
+          : existing.socialNetworks,
       statusId: statusId !== undefined ? statusId || null : existing.statusId,
       closingReason: closingReason !== undefined ? closingReason || null : existing.closingReason,
       assignedCommercialId:
@@ -212,6 +248,47 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
         assignedTeleproId !== undefined ? assignedTeleproId || null : existing.assignedTeleproId,
     };
+    // Exclusivite mutuelle : companyName (texte libre) vs companyId (relation entreprise)
+    if (updateData.companyName) {
+      updateData.companyId = null;
+    } else if (updateData.companyId) {
+      updateData.companyName = null;
+    }
+    // Prisma 7 : relations via connect/disconnect au lieu des scalaires (companyId, statusId, assignedCommercialId, assignedTeleproId)
+    const {
+      companyId: _c,
+      statusId: _s,
+      assignedCommercialId: _ac,
+      assignedTeleproId: _at,
+      ...restUpdateData
+    } = updateData;
+    const dataForPrisma: Record<string, unknown> = { ...restUpdateData };
+    if (companyId !== undefined) {
+      dataForPrisma.company =
+        updateData.companyId != null && updateData.companyId !== ''
+          ? { connect: { id: updateData.companyId } }
+          : { disconnect: true };
+    }
+    if (statusId !== undefined) {
+      dataForPrisma.status =
+        updateData.statusId != null && updateData.statusId !== ''
+          ? { connect: { id: updateData.statusId } }
+          : { disconnect: true };
+    }
+    if (assignedCommercialId !== undefined) {
+      dataForPrisma.assignedCommercial =
+        updateData.assignedCommercialId != null && updateData.assignedCommercialId !== ''
+          ? { connect: { id: updateData.assignedCommercialId } }
+          : { disconnect: true };
+    }
+    if (assignedTeleproId !== undefined) {
+      dataForPrisma.assignedTelepro =
+        updateData.assignedTeleproId != null && updateData.assignedTeleproId !== ''
+          ? { connect: { id: updateData.assignedTeleproId } }
+          : { disconnect: true };
+    }
     // Détecter les changements pour créer les interactions
     const changes: Record<string, { old: any; new: any }> = {};
@@ -256,9 +333,10 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
     // Mettre à jour le contact
     const contact = await prisma.contact.update({
       where: { id },
-      data: updateData,
+      data: dataForPrisma,
       include: {
         status: true,
+        company: { select: { id: true, name: true, phone: true, email: true } },
         assignedCommercial: {
           select: { id: true, name: true, email: true },
         },
@@ -354,7 +432,11 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       console.error('Erreur lors de la création des interactions:', error);
     }
-    return NextResponse.json(contact);
+    return NextResponse.json(contact, {
+      headers: {
+        'Cache-Control': 'no-store',
+      },
+    });
   } catch (error: any) {
     console.error('Erreur lors de la mise à jour du contact:', error);
     return NextResponse.json({ error: error.message || 'Erreur serveur' }, { status: 500 });
@@ -390,16 +472,6 @@ export async function DELETE(
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
-    const transactionsCount = await prisma.transaction.count({
-      where: { contactId: id },
-    });
-    if (transactionsCount > 0) {
-      return NextResponse.json(
-        { error: 'Impossible de supprimer un contact ayant des transactions' },
-        { status: 400 },
-      );
-    }
     await prisma.contact.delete({
       where: { id },
     });

package/template/src/app/api/contacts/[id]/send-email/route.ts CHANGED Viewed

@@ -50,25 +50,26 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       );
     }
-    // Récupérer le contact
-    const contact = await prisma.contact.findUnique({
-      where: { id },
-    });
+    // Récupérer le contact et la configuration SMTP en parallèle
+    const [contact, smtpConfig] = await Promise.all([
+      prisma.contact.findUnique({
+        where: { id },
+      }),
+      prisma.smtpConfig.findUnique({
+        where: { userId: session.user.id },
+      }),
+    ]);
     if (!contact) {
       return NextResponse.json({ error: 'Contact non trouvé' }, { status: 404 });
     }
-    // Récupérer la configuration SMTP de l'utilisateur
-    const smtpConfig = await prisma.smtpConfig.findUnique({
-      where: { userId: session.user.id },
-    });
     if (!smtpConfig) {
       return NextResponse.json(
         {
           error:
-            'Configuration SMTP non trouvée. Veuillez configurer votre SMTP dans les paramètres.',
+            'Configuration SMTP non trouvée. Veuillez configurer votre SMTP dans les paramètres pour envoyer des emails.',
+          configLink: '/settings?section=system',
         },
         { status: 400 },
       );
@@ -245,9 +246,24 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     console.error("Erreur lors de l'envoi de l'email:", error);
     // Gérer les erreurs spécifiques de nodemailer
+    if (error.code === 'EDNS' || error.syscall === 'getaddrinfo') {
+      return NextResponse.json(
+        {
+          error:
+            `Impossible de résoudre le serveur SMTP "${error.hostname || ''}". Vérifiez le nom d'hôte dans votre configuration SMTP (ex: smtp.ionos.fr).`,
+          configLink: '/settings?section=system',
+        },
+        { status: 400 },
+      );
+    }
     if (error.code === 'EAUTH' || error.code === 'ECONNECTION') {
       return NextResponse.json(
-        { error: "Erreur d'authentification SMTP. Vérifiez votre configuration." },
+        {
+          error:
+            "Erreur d'authentification SMTP. Veuillez vérifier votre configuration SMTP pour envoyer des emails.",
+          configLink: '/settings?section=system',
+        },
         { status: 400 },
       );
     }

package/template/src/app/api/contacts/[id]/workflows/run/route.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
 import { executeWorkflowManually } from '@/lib/workflow-executor';
+import { checkPermission } from '@/lib/check-permission';
 /**
  * POST /api/contacts/[id]/workflows/run
@@ -15,6 +16,11 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canViewWorkflows = await checkPermission('workflows.view');
+    if (!canViewWorkflows) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id: contactId } = await params;
     const { workflowId } = await request.json();

package/template/src/app/api/contacts/export/route.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
 import { checkPermission } from '@/lib/check-permission';
-import { getFileInfo } from '@/lib/google-drive';
+import { BUCKETS, createSignedDownloadUrl } from '@/lib/supabase-storage';
 // POST /api/contacts/export - Exporter des contacts en CSV ou Excel
 export async function POST(request: NextRequest) {
@@ -69,7 +69,7 @@ export async function POST(request: NextRequest) {
         files: {
           select: {
             fileName: true,
-            googleDriveFileId: true,
+            storagePath: true,
             fileSize: true,
             mimeType: true,
             createdAt: true,
@@ -133,21 +133,17 @@ export async function POST(request: NextRequest) {
         .join('\n\n');
     };
-    // Fonction pour formater les fichiers (essayer de récupérer les liens si possible)
-    const formatFiles = async (files: any[], userId: string) => {
+    const formatFiles = async (files: any[]) => {
       if (!files || files.length === 0) return '';
       const fileInfos = await Promise.allSettled(
         files.map(async (file) => {
+          const sizeKB = (file.fileSize / 1024).toFixed(2);
           try {
-            // Essayer de récupérer le lien depuis Google Drive
-            const fileInfo = await getFileInfo(userId, file.googleDriveFileId);
-            const sizeKB = (file.fileSize / 1024).toFixed(2);
-            return `${file.fileName} (${sizeKB} KB) - ${fileInfo.webViewLink}`;
-          } catch (error) {
-            // Si échec, utiliser un lien basique
-            const sizeKB = (file.fileSize / 1024).toFixed(2);
-            return `${file.fileName} (${sizeKB} KB) - https://drive.google.com/file/d/${file.googleDriveFileId}/view`;
+            const url = await createSignedDownloadUrl(BUCKETS.CONTACTS, file.storagePath);
+            return `${file.fileName} (${sizeKB} KB) - ${url}`;
+          } catch {
+            return `${file.fileName} (${sizeKB} KB)`;
           }
         }),
       );
@@ -163,7 +159,7 @@ export async function POST(request: NextRequest) {
     const rows = await Promise.all(
       contacts.map(async (contact) => {
         const notes = formatNotes(contact.interactions || []);
-        const files = await formatFiles(contact.files || [], session.user.id);
+        const files = await formatFiles(contact.files || []);
         return [
           contact.civility || '',