tychat-contracts 1.6.81 → 1.6.82

package/.husky/commit-msg

@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+commit_msg=$(cat "$1")
+
+if ! echo "$commit_msg" | grep -Eq '\(TYC-[0-9]+\)$'; then
+  echo ""
+  echo "Commit inválido. Formato esperado: feat: descricao (TYC-123)"
+  exit 1
+fi
+
+exit 0

package/dist/users/create-user.dto.d.ts

@@ -7,6 +7,7 @@ export type CreatableUserRole = (typeof CREATABLE_USER_ROLES)[number];
 export declare class CreateUserDto {
     name: string;
     email: string;
-    role: CreatableUserRole;
+    roles?: CreatableUserRole[];
+    role?: CreatableUserRole;
 }
 //# sourceMappingURL=create-user.dto.d.ts.map

package/dist/users/create-user.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/create-user.dto.ts"],"names":[],"mappings":"AASA;;;GAGG;AACH,eAAO,MAAM,oBAAoB,+CAAgD,CAAC;AAClF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEtE,qBAAa,aAAa;IASxB,IAAI,EAAE,MAAM,CAAC;IAWb,KAAK,EAAE,MAAM,CAAC;IAWd,IAAI,EAAE,iBAAiB,CAAC;CACzB"}
+{"version":3,"file":"create-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/create-user.dto.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,eAAO,MAAM,oBAAoB,+CAAgD,CAAC;AAClF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEtE,qBAAa,aAAa;IASxB,IAAI,EAAE,MAAM,CAAC;IAWb,KAAK,EAAE,MAAM,CAAC;IAgBd,KAAK,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAa5B,IAAI,CAAC,EAAE,iBAAiB,CAAC;CAC1B"}

package/dist/users/create-user.dto.js

@@ -20,6 +20,7 @@ exports.CREATABLE_USER_ROLES = ['attendant', 'health_professional'];
 class CreateUserDto {
     name;
     email;
+    roles;
     role;
 }
 exports.CreateUserDto = CreateUserDto;
@@ -48,10 +49,27 @@ __decorate([
 ], CreateUserDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({
-        description: 'Papel do usuário. Apenas atendente ou profissional de saúde; administrador não pode criar outros administradores.',
+        description: 'Papéis do usuário. Pelo menos um: atendente e/ou profissional de saúde.',
+        enum: exports.CREATABLE_USER_ROLES,
+        isArray: true,
+        example: ['attendant'],
+    }),
+    (0, class_validator_1.ValidateIf)((o) => o.role == null),
+    (0, class_validator_1.IsArray)({ message: 'roles deve ser um array' }),
+    (0, class_validator_1.ArrayMinSize)(1, { message: 'roles deve conter ao menos um papel' }),
+    (0, class_validator_1.IsIn)(exports.CREATABLE_USER_ROLES, {
+        each: true,
+        message: 'cada role deve ser attendant ou health_professional',
+    }),
+    __metadata("design:type", Array)
+], CreateUserDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated: use roles[]. Papel único; convertido internamente para roles com um elemento.',
         enum: exports.CREATABLE_USER_ROLES,
         default: 'attendant',
     }),
+    (0, class_validator_1.IsOptional)(),
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsIn)(exports.CREATABLE_USER_ROLES, {
         message: 'role deve ser attendant ou health_professional',

package/dist/users/update-user-by-admin.dto.d.ts

@@ -1,10 +1,11 @@
 export declare const ALL_USER_ROLES: readonly ["administrator", "attendant", "health_professional"];
 export type AllUserRole = (typeof ALL_USER_ROLES)[number];
-/** Fields an administrator may change for any user (including role). */
+/** Fields an administrator may change for any user (including roles). */
 export declare class UpdateUserByAdminDto {
     _atLeastOne?: string;
     name?: string;
     email?: string;
+    roles?: AllUserRole[];
     role?: AllUserRole;
 }
 //# sourceMappingURL=update-user-by-admin.dto.d.ts.map

package/dist/users/update-user-by-admin.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"update-user-by-admin.dto.d.ts","sourceRoot":"","sources":["../../src/users/update-user-by-admin.dto.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,cAAc,gEAIjB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,wEAAwE;AACxE,qBAAa,oBAAoB;IAG/B,WAAW,CAAC,EAAE,MAAM,CAAC;IAWrB,IAAI,CAAC,EAAE,MAAM,CAAC;IAWd,KAAK,CAAC,EAAE,MAAM,CAAC;IAYf,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB"}
+{"version":3,"file":"update-user-by-admin.dto.d.ts","sourceRoot":"","sources":["../../src/users/update-user-by-admin.dto.ts"],"names":[],"mappings":"AAaA,eAAO,MAAM,cAAc,gEAIjB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,yEAAyE;AACzE,qBAAa,oBAAoB;IAG/B,WAAW,CAAC,EAAE,MAAM,CAAC;IAWrB,IAAI,CAAC,EAAE,MAAM,CAAC;IAWd,KAAK,CAAC,EAAE,MAAM,CAAC;IAef,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC;IAYtB,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB"}

package/dist/users/update-user-by-admin.dto.js

@@ -18,17 +18,18 @@ exports.ALL_USER_ROLES = [
     'attendant',
     'health_professional',
 ];
-/** Fields an administrator may change for any user (including role). */
+/** Fields an administrator may change for any user (including roles). */
 class UpdateUserByAdminDto {
     _atLeastOne;
     name;
     email;
+    roles;
     role;
 }
 exports.UpdateUserByAdminDto = UpdateUserByAdminDto;
 __decorate([
     (0, swagger_1.ApiHideProperty)(),
-    (0, at_least_one_of_decorator_1.AtLeastOneOf)(['name', 'email', 'role']),
+    (0, at_least_one_of_decorator_1.AtLeastOneOf)(['name', 'email', 'role', 'roles']),
     __metadata("design:type", String)
 ], UpdateUserByAdminDto.prototype, "_atLeastOne", void 0);
 __decorate([
@@ -56,7 +57,23 @@ __decorate([
 ], UpdateUserByAdminDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiPropertyOptional)({
-        description: 'User role',
+        description: 'User roles (replaces the full role set when provided)',
+        enum: exports.ALL_USER_ROLES,
+        isArray: true,
+        example: ['attendant', 'health_professional'],
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsArray)(),
+    (0, class_validator_1.ArrayMinSize)(1, { message: 'roles must contain at least one role when provided' }),
+    (0, class_validator_1.IsIn)(exports.ALL_USER_ROLES, {
+        each: true,
+        message: 'each role must be administrator, attendant, or health_professional',
+    }),
+    __metadata("design:type", Array)
+], UpdateUserByAdminDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated: use roles[]. Single role replacement.',
         enum: exports.ALL_USER_ROLES,
         example: 'attendant',
     }),

package/dist/users/updated-user.dto.d.ts

@@ -1,9 +1,11 @@
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 /** User payload returned after create or update (no password). */
 export declare class UpdatedUserDto {
     userId: string;
     name: string;
     email: string;
-    role: 'administrator' | 'attendant' | 'health_professional';
+    roles: (typeof ALL_USER_ROLES)[number][];
+    role?: (typeof ALL_USER_ROLES)[number];
     createdAt: Date;
     updatedAt: Date;
 }

package/dist/users/updated-user.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"updated-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/updated-user.dto.ts"],"names":[],"mappings":"AAEA,kEAAkE;AAClE,qBAAa,cAAc;IAMzB,MAAM,EAAE,MAAM,CAAC;IAGf,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAOd,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;IAG5D,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,IAAI,CAAC;CACjB"}
+{"version":3,"file":"updated-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/updated-user.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,kEAAkE;AAClE,qBAAa,cAAc;IAMzB,MAAM,EAAE,MAAM,CAAC;IAGf,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAQd,KAAK,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IAOzC,IAAI,CAAC,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;IAGvC,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,IAAI,CAAC;CACjB"}

package/dist/users/updated-user.dto.js

@@ -11,11 +11,13 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UpdatedUserDto = void 0;
 const swagger_1 = require("@nestjs/swagger");
+const update_user_by_admin_dto_1 = require("./update-user-by-admin.dto");
 /** User payload returned after create or update (no password). */
 class UpdatedUserDto {
     userId;
     name;
     email;
+    roles;
     role;
     createdAt;
     updatedAt;
@@ -39,11 +41,20 @@ __decorate([
 ], UpdatedUserDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({
-        description: 'User role',
-        enum: ['administrator', 'attendant', 'health_professional'],
+        description: 'All roles assigned to the user',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
+        isArray: true,
+        example: ['attendant'],
+    }),
+    __metadata("design:type", Array)
+], UpdatedUserDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated primary role alias (first role in roles[])',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
         example: 'attendant',
     }),
-    __metadata("design:type", String)
+    __metadata("design:type", Object)
 ], UpdatedUserDto.prototype, "role", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({ description: 'Creation timestamp' }),

package/dist/users/user-list-item.dto.d.ts

@@ -1,8 +1,10 @@
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 /** Public user summary returned when an administrator lists users (no password). */
 export declare class UserListItemDto {
     id: string;
     name: string;
     email: string;
-    role: 'administrator' | 'attendant' | 'health_professional';
+    roles: (typeof ALL_USER_ROLES)[number][];
+    role?: (typeof ALL_USER_ROLES)[number];
 }
 //# sourceMappingURL=user-list-item.dto.d.ts.map

package/dist/users/user-list-item.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user-list-item.dto.d.ts","sourceRoot":"","sources":["../../src/users/user-list-item.dto.ts"],"names":[],"mappings":"AAEA,oFAAoF;AACpF,qBAAa,eAAe;IAM1B,EAAE,EAAE,MAAM,CAAC;IAGX,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAOd,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC7D"}
+{"version":3,"file":"user-list-item.dto.d.ts","sourceRoot":"","sources":["../../src/users/user-list-item.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,oFAAoF;AACpF,qBAAa,eAAe;IAM1B,EAAE,EAAE,MAAM,CAAC;IAGX,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAQd,KAAK,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IAOzC,IAAI,CAAC,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;CACxC"}

package/dist/users/user-list-item.dto.js

@@ -11,11 +11,13 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UserListItemDto = void 0;
 const swagger_1 = require("@nestjs/swagger");
+const update_user_by_admin_dto_1 = require("./update-user-by-admin.dto");
 /** Public user summary returned when an administrator lists users (no password). */
 class UserListItemDto {
     id;
     name;
     email;
+    roles;
     role;
 }
 exports.UserListItemDto = UserListItemDto;
@@ -37,9 +39,18 @@ __decorate([
 ], UserListItemDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({
-        description: 'User role',
-        enum: ['administrator', 'attendant', 'health_professional'],
+        description: 'All roles assigned to the user',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
+        isArray: true,
+        example: ['attendant'],
+    }),
+    __metadata("design:type", Array)
+], UserListItemDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated primary role alias (first role in roles[])',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
         example: 'attendant',
     }),
-    __metadata("design:type", String)
+    __metadata("design:type", Object)
 ], UserListItemDto.prototype, "role", void 0);

package/dist/users/user-update-kafka-payloads.d.ts

@@ -19,6 +19,9 @@ export interface AuthUpdateUserAdminPayload {
     targetUserId: string;
     name?: string;
     email?: string;
+    /** Replaces the full role set when provided. */
+    roles?: ('administrator' | 'attendant' | 'health_professional')[];
+    /** @deprecated Use roles[] */
     role?: 'administrator' | 'attendant' | 'health_professional';
 }
 /**

package/dist/users/user-update-kafka-payloads.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user-update-kafka-payloads.d.ts","sourceRoot":"","sources":["../../src/users/user-update-kafka-payloads.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC9D;AAED;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB"}
+{"version":3,"file":"user-update-kafka-payloads.d.ts","sourceRoot":"","sources":["../../src/users/user-update-kafka-payloads.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,KAAK,CAAC,EAAE,CAAC,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC,EAAE,CAAC;IAClE,8BAA8B;IAC9B,IAAI,CAAC,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC9D;AAED;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/package.json

@@ -1,30 +1,32 @@
-{
-  "name": "tychat-contracts",
-  "version": "1.6.81",
-  "description": "DTOs compartilhados com class-validator (API e microserviços)",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "private": false,
-  "scripts": {
-    "build": "tsc",
-    "release": "npm version patch && npm publish",
-    "prepublishOnly": "npm run build"
-  },
-  "dependencies": {
-    "class-transformer": "^0.5.1",
-    "class-validator": "^0.14.1",
-    "ioredis": "^5.10.0",
-    "jest": "^30.3.0",
-    "reflect-metadata": "*"
-  },
-  "devDependencies": {
-    "@nestjs/swagger": "^11.2.6",
-    "@types/jest": "^30.0.0",
-    "ts-jest": "^29.4.9",
-    "typescript": "^5.7.3"
-  },
-  "peerDependencies": {
-    "@nestjs/swagger": "^11.2.6",
-    "reflect-metadata": "*"
-  }
-}
+{
+  "name": "tychat-contracts",
+  "version": "1.6.82",
+  "description": "DTOs compartilhados com class-validator (API e microserviços)",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "private": false,
+  "scripts": {
+    "build": "tsc",
+    "release": "npm version patch && npm publish",
+    "prepublishOnly": "npm run build",
+    "prepare": "husky"
+  },
+  "dependencies": {
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.1",
+    "ioredis": "^5.10.0",
+    "jest": "^30.3.0",
+    "reflect-metadata": "*"
+  },
+  "devDependencies": {
+    "@nestjs/swagger": "^11.2.6",
+    "@types/jest": "^30.0.0",
+    "husky": "^9.1.7",
+    "ts-jest": "^29.4.9",
+    "typescript": "^5.7.3"
+  },
+  "peerDependencies": {
+    "@nestjs/swagger": "^11.2.6",
+    "reflect-metadata": "*"
+  }
+}

package/src/users/create-user.dto.ts

@@ -1,10 +1,14 @@
-import { ApiProperty } from '@nestjs/swagger';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import {
   IsEmail,
   IsString,
   IsIn,
   MinLength,
   MaxLength,
+  IsArray,
+  ArrayMinSize,
+  IsOptional,
+  ValidateIf,
 } from 'class-validator';
 
 /**
@@ -37,13 +41,31 @@ export class CreateUserDto {
   email: string;
 
   @ApiProperty({
-    description: 'Papel do usuário. Apenas atendente ou profissional de saúde; administrador não pode criar outros administradores.',
+    description:
+      'Papéis do usuário. Pelo menos um: atendente e/ou profissional de saúde.',
+    enum: CREATABLE_USER_ROLES,
+    isArray: true,
+    example: ['attendant'],
+  })
+  @ValidateIf((o: CreateUserDto) => o.role == null)
+  @IsArray({ message: 'roles deve ser um array' })
+  @ArrayMinSize(1, { message: 'roles deve conter ao menos um papel' })
+  @IsIn(CREATABLE_USER_ROLES, {
+    each: true,
+    message: 'cada role deve ser attendant ou health_professional',
+  })
+  roles?: CreatableUserRole[];
+
+  @ApiPropertyOptional({
+    description:
+      'Deprecated: use roles[]. Papel único; convertido internamente para roles com um elemento.',
     enum: CREATABLE_USER_ROLES,
     default: 'attendant',
   })
+  @IsOptional()
   @IsString()
   @IsIn(CREATABLE_USER_ROLES, {
     message: 'role deve ser attendant ou health_professional',
   })
-  role: CreatableUserRole;
+  role?: CreatableUserRole;
 }

package/src/users/update-user-by-admin.dto.ts

@@ -1,5 +1,14 @@
 import { ApiHideProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { IsEmail, IsIn, IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
+import {
+  IsEmail,
+  IsIn,
+  IsOptional,
+  IsString,
+  MaxLength,
+  MinLength,
+  IsArray,
+  ArrayMinSize,
+} from 'class-validator';
 import { AtLeastOneOf } from './at-least-one-of.decorator';
 
 export const ALL_USER_ROLES = [
@@ -9,10 +18,10 @@ export const ALL_USER_ROLES = [
 ] as const;
 export type AllUserRole = (typeof ALL_USER_ROLES)[number];
 
-/** Fields an administrator may change for any user (including role). */
+/** Fields an administrator may change for any user (including roles). */
 export class UpdateUserByAdminDto {
   @ApiHideProperty()
-  @AtLeastOneOf(['name', 'email', 'role'])
+  @AtLeastOneOf(['name', 'email', 'role', 'roles'])
   _atLeastOne?: string;
 
   @ApiPropertyOptional({
@@ -38,7 +47,22 @@ export class UpdateUserByAdminDto {
   email?: string;
 
   @ApiPropertyOptional({
-    description: 'User role',
+    description: 'User roles (replaces the full role set when provided)',
+    enum: ALL_USER_ROLES,
+    isArray: true,
+    example: ['attendant', 'health_professional'],
+  })
+  @IsOptional()
+  @IsArray()
+  @ArrayMinSize(1, { message: 'roles must contain at least one role when provided' })
+  @IsIn(ALL_USER_ROLES, {
+    each: true,
+    message: 'each role must be administrator, attendant, or health_professional',
+  })
+  roles?: AllUserRole[];
+
+  @ApiPropertyOptional({
+    description: 'Deprecated: use roles[]. Single role replacement.',
     enum: ALL_USER_ROLES,
     example: 'attendant',
   })

package/src/users/updated-user.dto.ts

@@ -1,4 +1,5 @@
-import { ApiProperty } from '@nestjs/swagger';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 
 /** User payload returned after create or update (no password). */
 export class UpdatedUserDto {
@@ -16,11 +17,19 @@ export class UpdatedUserDto {
   email: string;
 
   @ApiProperty({
-    description: 'User role',
-    enum: ['administrator', 'attendant', 'health_professional'],
+    description: 'All roles assigned to the user',
+    enum: ALL_USER_ROLES,
+    isArray: true,
+    example: ['attendant'],
+  })
+  roles: (typeof ALL_USER_ROLES)[number][];
+
+  @ApiPropertyOptional({
+    description: 'Deprecated primary role alias (first role in roles[])',
+    enum: ALL_USER_ROLES,
     example: 'attendant',
   })
-  role: 'administrator' | 'attendant' | 'health_professional';
+  role?: (typeof ALL_USER_ROLES)[number];
 
   @ApiProperty({ description: 'Creation timestamp' })
   createdAt: Date;

package/src/users/user-list-item.dto.ts

@@ -1,4 +1,5 @@
-import { ApiProperty } from '@nestjs/swagger';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 
 /** Public user summary returned when an administrator lists users (no password). */
 export class UserListItemDto {
@@ -16,9 +17,17 @@ export class UserListItemDto {
   email: string;
 
   @ApiProperty({
-    description: 'User role',
-    enum: ['administrator', 'attendant', 'health_professional'],
+    description: 'All roles assigned to the user',
+    enum: ALL_USER_ROLES,
+    isArray: true,
+    example: ['attendant'],
+  })
+  roles: (typeof ALL_USER_ROLES)[number][];
+
+  @ApiPropertyOptional({
+    description: 'Deprecated primary role alias (first role in roles[])',
+    enum: ALL_USER_ROLES,
     example: 'attendant',
   })
-  role: 'administrator' | 'attendant' | 'health_professional';
+  role?: (typeof ALL_USER_ROLES)[number];
 }

package/src/users/user-update-kafka-payloads.ts

@@ -20,6 +20,9 @@ export interface AuthUpdateUserAdminPayload {
   targetUserId: string;
   name?: string;
   email?: string;
+  /** Replaces the full role set when provided. */
+  roles?: ('administrator' | 'attendant' | 'health_professional')[];
+  /** @deprecated Use roles[] */
   role?: 'administrator' | 'attendant' | 'health_professional';
 }