valtech-components 2.0.725 → 2.0.727

package/fesm2022/valtech-components.mjs

@@ -41,7 +41,7 @@ import { takeUntilDestroyed, toSignal } from '@angular/core/rxjs-interop';
 import { filter, switchMap as switchMap$1, catchError as catchError$1, tap, map as map$1, finalize, take, debounceTime as debounceTime$1, takeUntil as takeUntil$1 } from 'rxjs/operators';
 import { ImageCropperComponent } from 'ngx-image-cropper';
 import * as i1$8 from '@angular/common/http';
-import { provideHttpClient, withInterceptors, HttpClient } from '@angular/common/http';
+import { provideHttpClient, withInterceptors, HttpErrorResponse, HttpClient } from '@angular/common/http';
 import { Capacitor } from '@capacitor/core';
 import 'prismjs/components/prism-scss';
 import 'prismjs/components/prism-json';
@@ -50,7 +50,7 @@ import 'prismjs/components/prism-json';
  * Current version of valtech-components.
  * This is automatically updated during the publish process.
  */
-const VERSION = '2.0.725';
+const VERSION = '2.0.727';
 
 /**
  * Servicio para gestionar presets de componentes.
@@ -17863,6 +17863,19 @@ function joinPath(...segments) {
  * Servicio genérico para operaciones CRUD en Firestore.
  * Soporta lecturas one-time, subscripciones real-time, paginación y queries complejas.
  */
+/**
+ * Internal sentinel used to mark a collection path as global cross-app —
+ * i.e. it should NOT be prefixed with `apps/{appId}/`.
+ *
+ * Apps consume this via `CollectionOptions.skipAppPrefix`; the sentinel
+ * stays in `TypedCollection` and is stripped here before Firestore sees it.
+ *
+ * Format keeps it impossible to collide with a real Firestore path (`:` is
+ * not allowed in collection segments).
+ *
+ * @internal
+ */
+const ABS_PATH_SENTINEL = '__abs__:';
 /**
  * Servicio para operaciones CRUD en Firestore.
  *
@@ -17905,9 +17918,17 @@ class FirestoreService {
      * Prefija el path de colección con el appId si está configurado.
      * Si no hay appId, retorna el path sin modificar (backward compatible).
      *
+     * Si el path empieza con `ABS_PATH_SENTINEL` (`__abs__:`), se asume que el
+     * caller quiere un path global cross-app (ej. `users/{uid}/notifications` —
+     * el inbox global de notificaciones). El sentinel se strippea y el resto
+     * del path se pasa verbatim, sin prefijo `apps/{appId}/`.
+     *
      * @internal
      */
     prefixCollectionPath(collectionPath) {
+        if (collectionPath.startsWith(ABS_PATH_SENTINEL)) {
+            return collectionPath.slice(ABS_PATH_SENTINEL.length);
+        }
         if (!this.config?.appId)
             return collectionPath;
         return `apps/${this.config.appId}/${collectionPath}`;
@@ -25930,57 +25951,90 @@ const DEFAULT_EMULATOR_CONFIG = {
 // STORAGE PATH BUILDERS
 // ============================================================================
 /**
- * Genera paths de Storage con namespace por app.
+ * Genera paths de Storage alineados con storage.rules.
+ *
+ * Convenciones (ver frontend/firebase/storage.rules):
+ * - Avatar global del user (cross-app): /users/{uid}/avatar.jpg
+ * - Files privados del user (cross-app): /users/{uid}/files/{path}
+ * - Avatar per-app del user: /apps/{appId}/users/{uid}/avatar.jpg
+ * - Files per-app del user: /apps/{appId}/users/{uid}/files/{path}
+ * - Public per-app: /apps/{appId}/public/{path}
+ * - Shared per-app (auth-only): /apps/{appId}/shared/{path}
+ * - Public global: /public/{path}
  *
  * @example
- * // Path específico de la app
- * storagePaths.forApp('showcase', 'uploads', 'image.jpg')
- * // => 'showcase/uploads/image.jpg'
+ * storagePaths.forApp('showcase', 'public', 'banner.jpg')
+ * // => 'apps/showcase/public/banner.jpg'
+ *
+ * storagePaths.userAvatar('user123')
+ * // => 'users/user123/avatar.jpg'
  *
- * // Path compartido
- * storagePaths.shared.profilePhoto('user123', 'avatar.jpg')
- * // => 'profile-photos/user123/avatar.jpg'
+ * storagePaths.appUserFile('showcase', 'user123', 'doc.pdf')
+ * // => 'apps/showcase/users/user123/files/doc.pdf'
  */
 const storagePaths = {
-    /** Carpeta específica de la app: {appId}/{...paths} */
-    forApp: (appId, ...paths) => [appId, ...paths].join('/'),
-    /** Carpetas compartidas (sin namespace) */
-    shared: {
-        /** Foto de perfil de usuario */
-        profilePhoto: (userId, fileName) => `profile-photos/${userId}/${fileName}`,
-        /** Archivos públicos accesibles sin autenticación */
-        public: (...paths) => `public/${paths.join('/')}`,
-    },
+    /** Path per-app: apps/{appId}/{...paths} */
+    forApp: (appId, ...paths) => ['apps', appId, ...paths].join('/'),
+    /** Avatar global del user (cross-app) */
+    userAvatar: (userId) => `users/${userId}/avatar.jpg`,
+    /** Thumbnail global del user (cross-app) */
+    userThumb: (userId) => `users/${userId}/thumb.jpg`,
+    /** File privado global del user (cross-app) */
+    userFile: (userId, ...paths) => ['users', userId, 'files', ...paths].join('/'),
+    /** Avatar per-app del user */
+    appUserAvatar: (appId, userId) => `apps/${appId}/users/${userId}/avatar.jpg`,
+    /** File per-app del user */
+    appUserFile: (appId, userId, ...paths) => ['apps', appId, 'users', userId, 'files', ...paths].join('/'),
+    /** Public global (acceso sin auth, write admin-only) */
+    public: (...paths) => `public/${paths.join('/')}`,
 };
 // ============================================================================
 // FIRESTORE COLLECTION BUILDERS
 // ============================================================================
 /**
- * Genera paths de colecciones con namespace por app.
+ * Genera paths de colecciones alineados con firestore.rules.
  *
- * IMPORTANTE: La estructura es /apps/{appId}/{collection}/{docId}
- * Firestore requiere número impar de segmentos para paths de colección.
+ * Convenciones (ver frontend/firebase/firestore.rules):
+ * - Cross-app shared:
+ *   /users/{uid} (privado), /profiles/{uid} (público global),
+ *   /users/{uid}/notifications (INBOX GLOBAL cross-app cross-org)
+ * - Per-app:
+ *   /apps/{appId}/{collection}, /apps/{appId}/profiles/{uid}
+ * - Per-app per-user (notifications NO viven aquí):
+ *   /apps/{appId}/users/{uid}/{collection}
+ * - Per-app per-org:
+ *   /apps/{appId}/orgs/{orgId}/{collection}
  *
  * @example
- * // Colección específica de la app
  * collections.forApp('showcase', 'items')
  * // => 'apps/showcase/items'
  *
- * // Colección compartida
- * collections.shared.users
- * // => 'users'
+ * collections.appUser('showcase', 'user123', 'drafts')
+ * // => 'apps/showcase/users/user123/drafts'
+ *
+ * collections.appOrg('showcase', 'org_abc', 'posts')
+ * // => 'apps/showcase/orgs/org_abc/posts'
+ *
+ * collections.userNotifications('user123')
+ * // => 'users/user123/notifications'
  */
 const collections = {
-    /** Colección específica de la app: apps/{appId}/{collection} */
+    /** Per-app cross-user: apps/{appId}/{collection} */
     forApp: (appId, collectionName) => `apps/${appId}/${collectionName}`,
-    /** Colecciones compartidas (sin namespace, nivel raíz) */
+    /** Per-app per-user: apps/{appId}/users/{uid}/{collection} */
+    appUser: (appId, userId, collectionName) => `apps/${appId}/users/${userId}/${collectionName}`,
+    /** Per-app per-org: apps/{appId}/orgs/{orgId}/{collection} */
+    appOrg: (appId, orgId, collectionName) => `apps/${appId}/orgs/${orgId}/${collectionName}`,
+    /** Per-app perfil público del user: apps/{appId}/profiles/{uid} */
+    appProfile: (appId, userId) => `apps/${appId}/profiles/${userId}`,
+    /** Inbox global del user (cross-app cross-org) */
+    userNotifications: (userId) => `users/${userId}/notifications`,
+    /** Cross-app shared (sin namespace, nivel raíz) */
     shared: {
-        /** Usuarios del sistema */
+        /** Doc privado del user — /users/{uid} */
         users: 'users',
-        /** Perfiles públicos */
+        /** Perfiles públicos globales — /profiles/{uid} */
         profiles: 'profiles',
-        /** Notificaciones de usuarios */
-        notifications: 'notifications',
     },
 };
 /**
@@ -26541,12 +26595,19 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "18.2.14", ngImpo
 class TypedCollection {
     constructor(firestore, collectionPath, options = {}) {
         this.firestore = firestore;
-        this.collectionPath = collectionPath;
         this.options = {
             softDelete: false,
             timestamps: true,
+            skipAppPrefix: false,
             ...options,
         };
+        // Marcar el path con el sentinel cuando skipAppPrefix=true. FirestoreService
+        // detecta el sentinel y devuelve el path sin prefijo `apps/{appId}/`.
+        // Subcolecciones (subPath = `${this.collectionPath}/...`) heredan el sentinel
+        // automáticamente por concatenación.
+        this.collectionPath = this.options.skipAppPrefix
+            ? `${ABS_PATH_SENTINEL}${collectionPath}`
+            : collectionPath;
     }
     // ===========================================================================
     // LECTURAS ONE-TIME
@@ -28218,11 +28279,12 @@ class NotificationsService {
             return;
         }
         this.currentUserId = userId;
-        // Path relativo - FirestoreService agrega automáticamente apps/{appId}/
-        // NO agregar apps/ aquí para evitar doble prefijo
+        // Path global cross-app: /users/{uid}/notifications (sin prefijo apps/{appId}/).
+        // skipAppPrefix bypassa FirestoreService.prefixCollectionPath para fan-out compartido.
         const basePath = `users/${userId}/notifications`;
         this.collection = this.collectionFactory.create(basePath, {
             timestamps: true,
+            skipAppPrefix: true,
         });
         this.collectionReady$.next(this.collection);
         console.log('[Notifications] Initialized with path:', basePath);
@@ -30782,6 +30844,386 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "18.2.14", ngImpo
   `, styles: [".oauth-callback{display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,sans-serif}.oauth-callback__spinner{width:40px;height:40px;border:3px solid #f3f3f3;border-top:3px solid #3498db;border-radius:50%;animation:spin 1s linear infinite;margin-bottom:16px}@keyframes spin{0%{transform:rotate(0)}to{transform:rotate(360deg)}}.oauth-callback__text{color:#666;font-size:14px}\n"] }]
         }] });
 
+/**
+ * Name of the query param that carries the handoff token. Apps may override
+ * via `detectAndExchangeHandoff({ tokenParam })` but the default keeps the
+ * convention consistent across the factory.
+ */
+const HANDOFF_TOKEN_PARAM = 'handoff';
+/**
+ * Name of the query param that carries the post-exchange route.
+ */
+const HANDOFF_ROUTE_PARAM = 'route';
+/**
+ * HandoffService — cross-app session transfer.
+ *
+ * Implements the OAuth Authorization Code pattern, applied internally between
+ * apps that share the same backend.
+ *
+ * **Origin app (user is authenticated):**
+ *
+ * ```typescript
+ * const { token, route } = await firstValueFrom(
+ *   handoff.createHandoff({ targetAppId: 'myvaltech', route: '/app/dashboard' })
+ * );
+ * window.location.href = `https://myvaltech.app/?handoff=${token}&route=${encodeURIComponent(route ?? '/')}`;
+ * ```
+ *
+ * **Target app (boot):** call `exchangeHandoff(token)`. On success, the session
+ * is installed (`AuthService.setExternalAuth`) and the user is authenticated.
+ * See `detectAndExchangeHandoff` helper for the typical bootstrap pattern.
+ *
+ * Security notes:
+ * - Token is single-use and short-lived (30s) — enforced server-side.
+ * - Token in URL must be removed from history after exchange to avoid log leakage.
+ * - The exchange endpoint is public; do NOT add auth header. The
+ *   `HttpClient` request below avoids triggering the auth interceptor since the
+ *   user isn't logged in yet on the target app.
+ */
+class HandoffService {
+    constructor(config, http, auth, router) {
+        this.config = config;
+        this.http = http;
+        this.auth = auth;
+        this.router = router;
+        this.detected = false;
+    }
+    /**
+     * Create a handoff token. Caller must be authenticated.
+     *
+     * @param request Optional metadata: target app id and intended route.
+     * @returns Observable emitting `{ token, expiresAt, route? }`.
+     */
+    createHandoff(request = {}) {
+        return this.http.post(`${this.baseUrl}/handoff`, request);
+    }
+    /**
+     * Exchange a handoff token for a session and install it.
+     *
+     * On success, the response is piped through `AuthService.setExternalAuth`
+     * so the user becomes authenticated. Subsequent navigation can proceed.
+     *
+     * On failure, the observable errors. The caller is responsible for
+     * showing an error and routing to `/login`.
+     *
+     * @param token Raw handoff token read from the URL.
+     */
+    exchangeHandoff(token) {
+        return this.http
+            .post(`${this.baseUrl}/handoff/exchange`, { token })
+            .pipe(tap(response => this.installSession(response)), catchError$1(err => {
+            // Surface the error untouched — the caller decides how to react
+            // (typically: redirect to /login + toast). Don't install a bad session.
+            throw err;
+        }));
+    }
+    /**
+     * Bootstrap helper — reads the handoff token from the current URL, exchanges
+     * it for a session, and navigates to the intended route with the token
+     * stripped from history.
+     *
+     * Idempotent: subsequent calls are no-ops. Wire from an
+     * `APP_INITIALIZER`/`provideAppInitializer` factory in `main.ts`.
+     *
+     * ```typescript
+     * // main.ts
+     * provideAppInitializer(() => inject(HandoffService).detectAndExchangeHandoff())
+     * ```
+     *
+     * On error (expired/used/invalid token), redirects to `errorRoute` (default:
+     * the app's configured `loginRoute`). The URL is always cleaned, even on
+     * error, so the token cannot be retried by refreshing the page.
+     *
+     * @returns `true` if a handoff was detected and processed (success or fail).
+     *          `false` if no token was present (cold boot, normal flow).
+     */
+    async detectAndExchangeHandoff(options = {}) {
+        if (this.detected || typeof window === 'undefined') {
+            return false;
+        }
+        this.detected = true;
+        const tokenParam = options.tokenParam ?? HANDOFF_TOKEN_PARAM;
+        const routeParam = options.routeParam ?? HANDOFF_ROUTE_PARAM;
+        const defaultRoute = options.defaultRoute ?? '/';
+        const errorRoute = options.errorRoute ?? this.config.loginRoute ?? '/login';
+        const params = new URLSearchParams(window.location.search);
+        const token = params.get(tokenParam);
+        if (!token) {
+            return false;
+        }
+        const targetRoute = params.get(routeParam) || defaultRoute;
+        try {
+            await firstValueFrom(this.exchangeHandoff(token));
+            await this.router.navigateByUrl(targetRoute, { replaceUrl: true });
+        }
+        catch (err) {
+            console.warn('[Handoff] Exchange failed, redirecting to login', err);
+            await this.router.navigateByUrl(errorRoute, { replaceUrl: true });
+        }
+        return true;
+    }
+    /**
+     * Persist the session in `AuthService`. Mirrors the install flow used by
+     * the normal signin path so timers, Firebase, and tab-sync all kick in.
+     */
+    installSession(response) {
+        this.auth.setExternalAuth({
+            accessToken: response.accessToken,
+            refreshToken: response.refreshToken,
+            firebaseToken: response.firebaseToken,
+            expiresIn: response.expiresIn,
+        });
+    }
+    get baseUrl() {
+        return `${this.config.apiUrl}${this.config.authPrefix}`;
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: HandoffService, deps: [{ token: VALTECH_AUTH_CONFIG }, { token: i1$8.HttpClient }, { token: AuthService }, { token: i1$1.Router }], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: HandoffService, providedIn: 'root' }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: HandoffService, decorators: [{
+            type: Injectable,
+            args: [{ providedIn: 'root' }]
+        }], ctorParameters: () => [{ type: undefined, decorators: [{
+                    type: Inject,
+                    args: [VALTECH_AUTH_CONFIG]
+                }] }, { type: i1$8.HttpClient }, { type: AuthService }, { type: i1$1.Router }] });
+
+/**
+ * OrgSwitchService — orchestrates active organization changes across the app.
+ *
+ * Built on top of `AuthService.switchOrg`, which already:
+ * - Hits `POST /v2/auth/switch-org` and receives a new Firebase custom token.
+ * - Re-authenticates Firebase Auth with the new token (RBAC claims update).
+ * - Broadcasts `ORG_SWITCH` to other tabs via `AuthSyncService` (multi-tab sync).
+ *
+ * What this service adds on top:
+ * - A `switching` signal so the UI can show a loading indicator (1-2s switch).
+ * - An `orgChanged$` Observable that components subscribe to in order to
+ *   invalidate their org-scoped caches (e.g. drop old query results, reset
+ *   page state) without a full page reload.
+ * - Optional `reload: true` for apps where invalidating in-memory state piece
+ *   by piece is impractical.
+ *
+ * **What this service does NOT do automatically:**
+ *
+ * 1. **Teardown Firestore listeners.** Listeners are owned by their subscribing
+ *    components (typically via `takeUntilDestroyed` or async pipe). When the
+ *    component re-renders or unsubscribes, the listener disposes. If a
+ *    component does NOT unsubscribe on org change, its listener will keep
+ *    pointing at the previous org's path and may start failing rules. The fix
+ *    is component-level: subscribe to `orgChanged$` and reset state, or use
+ *    the `reload: true` option.
+ *
+ * 2. **Re-instantiate routed components.** Angular keeps mounted components
+ *    alive across navigations. If you need fresh state, either subscribe to
+ *    `orgChanged$` in the component, or use `reload: true`.
+ *
+ * @example Basic switch with loading state
+ * ```typescript
+ * private orgSwitch = inject(OrgSwitchService);
+ *
+ * async onSwitchOrg(orgId: string) {
+ *   await this.orgSwitch.switchTo(orgId);
+ *   // Components subscribed to orgChanged$ have already reset their state.
+ * }
+ *
+ * // In template:
+ * @if (orgSwitch.switching()) { <val-loading /> }
+ * ```
+ *
+ * @example Component reacting to org change
+ * ```typescript
+ * private orgSwitch = inject(OrgSwitchService);
+ *
+ * constructor() {
+ *   this.orgSwitch.orgChanged$
+ *     .pipe(takeUntilDestroyed())
+ *     .subscribe(() => this.resetState());
+ * }
+ * ```
+ *
+ * @example Brutal reload mode
+ * ```typescript
+ * await this.orgSwitch.switchTo(orgId, { reload: true });
+ * // window.location.reload() — clean slate, loses scroll position
+ * ```
+ */
+class OrgSwitchService {
+    constructor(auth) {
+        this.auth = auth;
+        this._switching = signal(false);
+        this._orgChanged = new Subject();
+        /**
+         * `true` while a switch is in flight. UI should disable interactions
+         * with org-scoped data and show a loading indicator.
+         */
+        this.switching = this._switching.asReadonly();
+        /**
+         * Fires after a successful switch, with the previous and new org ids.
+         * Components subscribe to invalidate caches / reset state.
+         *
+         * Fires AFTER the Firebase re-auth completes — listeners attached here
+         * see the updated Firebase user / activeOrg claim.
+         */
+        this.orgChanged$ = this._orgChanged.asObservable();
+    }
+    /**
+     * Switch the user's active organization.
+     *
+     * Re-entrant safe: while a switch is in flight, additional calls are
+     * rejected silently (returns immediately). Inspect `switching()` to gate UI.
+     *
+     * @param orgId Target organization id. Must be one the user has a role in
+     *              — backend rejects otherwise with `PERMISSION_DENIED`.
+     * @param options See `SwitchOrgOptions`.
+     *
+     * @throws The error from `auth.switchOrg` if the backend call fails.
+     *         `switching` returns to `false` before the error propagates.
+     */
+    async switchTo(orgId, options = {}) {
+        if (this._switching()) {
+            return;
+        }
+        const previousOrg = this.currentActiveOrg();
+        if (previousOrg === orgId) {
+            // No-op — already on this org.
+            return;
+        }
+        this._switching.set(true);
+        try {
+            await firstValueFrom(this.auth.switchOrg(orgId));
+            this._orgChanged.next({ previousOrg, newOrg: orgId });
+            if (options.reload && typeof window !== 'undefined') {
+                window.location.reload();
+            }
+        }
+        finally {
+            this._switching.set(false);
+        }
+    }
+    /**
+     * Read the current `activeOrg` from the auth user signal.
+     * Falls back to empty string if the user isn't loaded yet.
+     */
+    currentActiveOrg() {
+        const user = this.auth.user();
+        // AuthUser may expose activeOrgId under different names depending on
+        // backend version — keep tolerant.
+        return (user?.activeOrgId ??
+            user?.activeOrg ??
+            '');
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: OrgSwitchService, deps: [{ token: AuthService }], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: OrgSwitchService, providedIn: 'root' }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: OrgSwitchService, decorators: [{
+            type: Injectable,
+            args: [{ providedIn: 'root' }]
+        }], ctorParameters: () => [{ type: AuthService }] });
+
+/**
+ * NotificationActionService — orquesta el "click en notificación" cross-app cross-org.
+ *
+ * Flujo:
+ *   1. markAsRead (best-effort, no bloquea)
+ *   2. Si appId destino !== appId actual → handoff token + redirect a app destino
+ *   3. Si orgId destino !== activeOrg → switchTo(orgId) (sin reload, navega después)
+ *   4. router.navigateByUrl(actionRoute)
+ *
+ * Requiere:
+ *   - ValtechAuthConfig.appId  (identifica la app actual)
+ *   - ValtechAuthConfig.appUrls (mapa baseUrl para handoff cross-app)
+ */
+class NotificationActionService {
+    constructor(config, auth, orgSwitch, handoff, notifications, router) {
+        this.config = config;
+        this.auth = auth;
+        this.orgSwitch = orgSwitch;
+        this.handoff = handoff;
+        this.notifications = notifications;
+        this.router = router;
+    }
+    /**
+     * Abre la notificación: marca como leída, switch-org si toca, navegación local o
+     * redirect cross-app vía handoff.
+     *
+     * No lanza errores hacia la UI — devuelve un resultado descriptivo. Errores
+     * técnicos quedan en console.warn.
+     */
+    async open(notif) {
+        // 1) Mark as read (best-effort, no bloquea el flujo principal)
+        if (notif.id && !notif.isRead) {
+            this.notifications.markAsRead(notif.id).catch(err => {
+                console.warn('[NotificationAction] markAsRead failed', err);
+            });
+        }
+        const route = notif.actionRoute;
+        if (!route) {
+            return 'no-action-route';
+        }
+        const currentApp = this.config.appId;
+        const targetApp = notif.appId;
+        // 2) Cross-app: handoff + full redirect
+        if (targetApp && currentApp && targetApp !== currentApp) {
+            const baseUrl = this.config.appUrls?.[targetApp];
+            if (!baseUrl) {
+                console.warn(`[NotificationAction] Missing appUrls['${targetApp}'] — configure ValtechAuthConfig.appUrls`);
+                return 'cross-app-unconfigured';
+            }
+            try {
+                const resp = await firstValueFrom(this.handoff.createHandoff({ targetAppId: targetApp, route }));
+                const url = this.buildHandoffUrl(baseUrl, resp.token, route);
+                if (typeof window !== 'undefined') {
+                    window.location.href = url;
+                }
+                return 'redirected-cross-app';
+            }
+            catch (err) {
+                const msg = err instanceof HttpErrorResponse ? err.message : String(err);
+                console.warn('[NotificationAction] createHandoff failed:', msg);
+                return 'handoff-failed';
+            }
+        }
+        // 3) Same app — switch-org si toca (sin reload — la navegación posterior monta page fresh)
+        let switched = false;
+        if (notif.orgId) {
+            const active = this.activeOrg();
+            if (active && active !== notif.orgId) {
+                await this.orgSwitch.switchTo(notif.orgId);
+                switched = true;
+            }
+        }
+        // 4) Navigate local
+        await this.router.navigateByUrl(route);
+        return switched ? 'navigated-after-switch-org' : 'navigated';
+    }
+    activeOrg() {
+        const user = this.auth.user();
+        return (user?.activeOrgId ??
+            user?.activeOrg ??
+            '');
+    }
+    /**
+     * Construye URL absoluta para handoff cross-app preservando pathname y otros
+     * params existentes de la baseUrl.
+     */
+    buildHandoffUrl(baseUrl, token, route) {
+        const url = new URL(baseUrl);
+        url.searchParams.set('handoff', token);
+        url.searchParams.set('route', route);
+        return url.toString();
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: NotificationActionService, deps: [{ token: VALTECH_AUTH_CONFIG }, { token: AuthService }, { token: OrgSwitchService }, { token: HandoffService }, { token: NotificationsService }, { token: i1$1.Router }], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: NotificationActionService, providedIn: 'root' }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "18.2.14", ngImport: i0, type: NotificationActionService, decorators: [{
+            type: Injectable,
+            args: [{ providedIn: 'root' }]
+        }], ctorParameters: () => [{ type: undefined, decorators: [{
+                    type: Inject,
+                    args: [VALTECH_AUTH_CONFIG]
+                }] }, { type: AuthService }, { type: OrgSwitchService }, { type: HandoffService }, { type: NotificationsService }, { type: i1$1.Router }] });
+
 /**
  * Valtech Auth Service
  *
@@ -41627,5 +42069,5 @@ function buildFooterLinks(links, t) {
  * Generated bundle index. Do not edit.
  */
 
-export { ACTION_CARD_DEFAULTS, AD_SIZE_MAP, API_TABLE_COLUMN_LABELS, ARTICLE_SPACING, AVATAR_UPLOAD_DEFAULTS, AccordionComponent, ActionCardComponent, ActionHeaderComponent, ActionType, AdSlotComponent, AdsLoaderService, AdsService, AlertBoxComponent, AnalyticsErrorHandler, AnalyticsRouterTracker, AnalyticsService, AppConfigService, ArticleBuilder, ArticleComponent, AuthBackgroundComponent, AuthService, AuthStateService, AuthStorageService, AuthSyncService, AvatarComponent, AvatarUploadComponent, BOTTOM_NAV_DEFAULTS, BannerComponent, BaseDefault, BlogPostBuilder, BottomNavComponent, BoxComponent, BreadcrumbComponent, ButtonComponent, ButtonGroupComponent, COMMON_COUNTRY_CODES, COMMON_CURRENCIES, CURRENCY_INFO, CardComponent, CardSection, CardType, CardsCarouselComponent, CheckInputComponent, CheckboxRadioInputComponent, ChipGroupComponent, ClearDefault, ClearDefaultBlock, ClearDefaultFull, ClearDefaultRound, ClearDefaultRoundBlock, ClearDefaultRoundFull, CodeDisplayComponent, CommandDisplayComponent, CommentComponent, CommentInputComponent, CommentSectionComponent, CompanyFooterComponent, ComponentStates, ConfirmationDialogService, ContainerComponent, ContentLoaderComponent, ContentReactionComponent, ContentTransformer, CountdownComponent, CurrencyInputComponent, DEFAULT_ADS_CONFIG, DEFAULT_APP_CONFIG_SERVICE_CONFIG, DEFAULT_AUTH_CONFIG, DEFAULT_BACK_HEADER, DEFAULT_CANCEL_BUTTON, DEFAULT_CONFIRM_BUTTON, DEFAULT_COUNTDOWN_LABELS, DEFAULT_COUNTDOWN_LABELS_EN, DEFAULT_EMPTY_STATE, DEFAULT_EMULATOR_CONFIG, DEFAULT_FEEDBACK_CONFIG, DEFAULT_FEEDBACK_TYPE_OPTIONS, DEFAULT_HOME_HEADER, DEFAULT_INFINITE_LIST_METADATA, DEFAULT_MODAL_CANCEL_BUTTON, DEFAULT_MODAL_CONFIRM_BUTTON, DEFAULT_PAGE_SIZE_OPTIONS, DEFAULT_PLATFORMS, DEFAULT_REFRESHER_METADATA, DEFAULT_SKELETON_CONFIG, DataTableComponent, DateInputComponent, DateRangeInputComponent, DetailSkeletonComponent, DeviceService, DisplayComponent, DividerComponent, DocsApiTableComponent, DocsBreadcrumbComponent, DocsBuilder, DocsCalloutComponent, DocsCodeExampleComponent, DocsLayoutComponent, DocsNavLinksComponent, DocsNavigationService, DocsPageComponent, DocsSearchComponent, DocsSectionComponent, DocsShellComponent, DocsSidebarComponent, DocsTocComponent, DownloadService, EmailInputComponent, ExpandableTextComponent, FEATURES_LIST_DEFAULTS, FabComponent, FeaturesListComponent, FeedbackFormComponent, FeedbackService, FileInputComponent, FirebaseService, FirestoreCollectionFactory, FirestoreService, FooterComponent, FooterLinksComponent, FormComponent, FormFooterComponent, FormSkeletonComponent, FunHeaderComponent, GlowCardComponent, GridSkeletonComponent, HeaderComponent, HintComponent, HorizontalScrollComponent, HourInputComponent, HrefComponent, I18nService, IMAGE_DEFAULTS, INITIAL_AUTH_STATE, INITIAL_MFA_STATE, Icon, IconComponent, IconService, ImageComponent, ImageCropComponent, ImageService, InAppBrowserService, InfiniteListComponent, InfoComponent, InputI18nHelper, InputType, ItemListComponent, LANG_STORAGE_KEY$1 as LANG_STORAGE_KEY, LOGIN_DEFAULTS, LanguageSelectorComponent, LayeredCardComponent, LinkComponent, LinkProcessorService, LinkedProvidersComponent, LinksAccordionComponent, LinksCakeComponent, ListSkeletonComponent, LoadingDirective, LocalStorageService, LocaleService, LoginComponent, MODAL_SIZES, MOTION, MaintenancePageComponent, MenuComponent, MessagingService, MetaService, ModalService, MultiSelectSearchComponent, NavigationService, NewsBuilder, NoContentComponent, NotesBoxComponent, NotificationsService, NumberFromToComponent, NumberInputComponent, NumberStepperComponent, OAUTH_PROVIDERS_INFO, OAuthCallbackComponent, OAuthService, OutlineDefault, OutlineDefaultBlock, OutlineDefaultFull, OutlineDefaultRound, OutlineDefaultRoundBlock, OutlineDefaultRoundFull, PLATFORM_CONFIGS, PageContentComponent, PageTemplateComponent, PageWrapperComponent, PaginationComponent, PaginationService, PasswordInputComponent, PhoneInputComponent, PillComponent, PinInputComponent, PlainCodeBoxComponent, PopoverSelectorComponent, PresetService, PriceTagComponent, PrimarySolidBlockButton, PrimarySolidBlockHrefButton, PrimarySolidBlockIconButton, PrimarySolidBlockIconHrefButton, PrimarySolidDefaultRoundButton, PrimarySolidDefaultRoundHrefButton, PrimarySolidDefaultRoundIconButton, PrimarySolidDefaultRoundIconHrefButton, PrimarySolidFullButton, PrimarySolidFullHrefButton, PrimarySolidFullIconButton, PrimarySolidFullIconHrefButton, PrimarySolidLargeRoundButton, PrimarySolidLargeRoundHrefButton, PrimarySolidLargeRoundIconButton, PrimarySolidLargeRoundIconHrefButton, PrimarySolidSmallRoundButton, PrimarySolidSmallRoundHrefButton, PrimarySolidSmallRoundIconButton, PrimarySolidSmallRoundIconHrefButton, ProcessLinksPipe, ProfileSkeletonComponent, ProgressBarComponent, ProgressRingComponent, ProgressStatusComponent, PrompterComponent, QR_PRESETS, QrCodeComponent, QrGeneratorService, QueryBuilder, QuoteBoxComponent, RadioInputComponent, RangeInputComponent, RatingComponent, RefresherComponent, RightsFooterComponent, RotatingTextComponent, SKELETON_PRESETS, SearchSelectorComponent, SearchbarComponent, SecondarySolidBlockButton, SecondarySolidBlockHrefButton, SecondarySolidBlockIconButton, SecondarySolidBlockIconHrefButton, SecondarySolidDefaultRoundButton, SecondarySolidDefaultRoundHrefButton, SecondarySolidDefaultRoundIconButton, SecondarySolidDefaultRoundIconHrefButton, SecondarySolidFullButton, SecondarySolidFullHrefButton, SecondarySolidFullIconButton, SecondarySolidFullIconHrefButton, SecondarySolidLargeRoundButton, SecondarySolidLargeRoundHrefButton, SecondarySolidLargeRoundIconButton, SecondarySolidLargeRoundIconHrefButton, SecondarySolidSmallRoundButton, SecondarySolidSmallRoundHrefButton, SecondarySolidSmallRoundIconButton, SecondarySolidSmallRoundIconHrefButton, SegmentControlComponent, SelectSearchComponent, SessionService, ShareButtonsComponent, SimpleComponent, SkeletonComponent, SkeletonService, SolidBlockButton, SolidDefault, SolidDefaultBlock, SolidDefaultButton, SolidDefaultFull, SolidDefaultRound, SolidDefaultRoundBlock, SolidDefaultRoundButton, SolidDefaultRoundFull, SolidFullButton, SolidLargeButton, SolidLargeRoundButton, SolidSmallButton, SolidSmallRoundButton, StatsCardComponent, StepperComponent, StorageService, SwipeCarouselComponent, TabbedContentComponent, TableSkeletonComponent, TabsComponent, Terminal404Component, TestimonialCardComponent, TestimonialCarouselComponent, TextComponent, TextInputComponent, TextareaInputComponent, ThemeOption, ThemeService, TimelineComponent, TitleBlockComponent, TitleComponent, ToastService, ToggleInputComponent, TokenService, ToolbarActionType, ToolbarComponent, TranslatePipe, TypedCollection, UpdateBannerComponent, UsernameInputComponent, VALTECH_ADS_CONFIG, VALTECH_APP_CONFIG, VALTECH_AUTH_CONFIG, VALTECH_COMPANY_LINKS, VALTECH_DEFAULT_CONTENT, VALTECH_FEEDBACK_CONFIG, VALTECH_FIREBASE_CONFIG, VALTECH_FOOTER_I18N, VALTECH_FOOTER_LOGO, VALTECH_LANGUAGE_SELECTOR, VALTECH_SOCIAL_LINKS, VERSION, WizardComponent, WizardFooterComponent, applyDefaultValueToControl, authGuard, authInterceptor, blogPost, buildFooterLinks, buildPath, collections, createFirebaseConfig, createGlowCardProps, createInitialPaginationState, createNumberFromToField, createTitleProps, docs, extractPathParams, getAppInfo, getAppVersion, getCollectionPath, getDocumentId, getTimeOfDayKey, goToTop, guestGuard, hasEmulators, isAtEnd, isCollectionPath, isDocumentPath, isEmulatorMode, isValidPath, joinPath, maxLength, news, permissionGuard, permissionGuardFromRoute, provideValtechAds, provideValtechAppConfig, provideValtechAuth, provideValtechAuthInterceptor, provideValtechFeedback, provideValtechFirebase, provideValtechI18n, provideValtechPresets, provideValtechSkeleton, query, replaceSpecialChars, resolveColor, resolveInputDefaultValue, roleGuard, storagePaths, superAdminGuard, toArticle };
+export { ACTION_CARD_DEFAULTS, AD_SIZE_MAP, API_TABLE_COLUMN_LABELS, ARTICLE_SPACING, AVATAR_UPLOAD_DEFAULTS, AccordionComponent, ActionCardComponent, ActionHeaderComponent, ActionType, AdSlotComponent, AdsLoaderService, AdsService, AlertBoxComponent, AnalyticsErrorHandler, AnalyticsRouterTracker, AnalyticsService, AppConfigService, ArticleBuilder, ArticleComponent, AuthBackgroundComponent, AuthService, AuthStateService, AuthStorageService, AuthSyncService, AvatarComponent, AvatarUploadComponent, BOTTOM_NAV_DEFAULTS, BannerComponent, BaseDefault, BlogPostBuilder, BottomNavComponent, BoxComponent, BreadcrumbComponent, ButtonComponent, ButtonGroupComponent, COMMON_COUNTRY_CODES, COMMON_CURRENCIES, CURRENCY_INFO, CardComponent, CardSection, CardType, CardsCarouselComponent, CheckInputComponent, CheckboxRadioInputComponent, ChipGroupComponent, ClearDefault, ClearDefaultBlock, ClearDefaultFull, ClearDefaultRound, ClearDefaultRoundBlock, ClearDefaultRoundFull, CodeDisplayComponent, CommandDisplayComponent, CommentComponent, CommentInputComponent, CommentSectionComponent, CompanyFooterComponent, ComponentStates, ConfirmationDialogService, ContainerComponent, ContentLoaderComponent, ContentReactionComponent, ContentTransformer, CountdownComponent, CurrencyInputComponent, DEFAULT_ADS_CONFIG, DEFAULT_APP_CONFIG_SERVICE_CONFIG, DEFAULT_AUTH_CONFIG, DEFAULT_BACK_HEADER, DEFAULT_CANCEL_BUTTON, DEFAULT_CONFIRM_BUTTON, DEFAULT_COUNTDOWN_LABELS, DEFAULT_COUNTDOWN_LABELS_EN, DEFAULT_EMPTY_STATE, DEFAULT_EMULATOR_CONFIG, DEFAULT_FEEDBACK_CONFIG, DEFAULT_FEEDBACK_TYPE_OPTIONS, DEFAULT_HOME_HEADER, DEFAULT_INFINITE_LIST_METADATA, DEFAULT_MODAL_CANCEL_BUTTON, DEFAULT_MODAL_CONFIRM_BUTTON, DEFAULT_PAGE_SIZE_OPTIONS, DEFAULT_PLATFORMS, DEFAULT_REFRESHER_METADATA, DEFAULT_SKELETON_CONFIG, DataTableComponent, DateInputComponent, DateRangeInputComponent, DetailSkeletonComponent, DeviceService, DisplayComponent, DividerComponent, DocsApiTableComponent, DocsBreadcrumbComponent, DocsBuilder, DocsCalloutComponent, DocsCodeExampleComponent, DocsLayoutComponent, DocsNavLinksComponent, DocsNavigationService, DocsPageComponent, DocsSearchComponent, DocsSectionComponent, DocsShellComponent, DocsSidebarComponent, DocsTocComponent, DownloadService, EmailInputComponent, ExpandableTextComponent, FEATURES_LIST_DEFAULTS, FabComponent, FeaturesListComponent, FeedbackFormComponent, FeedbackService, FileInputComponent, FirebaseService, FirestoreCollectionFactory, FirestoreService, FooterComponent, FooterLinksComponent, FormComponent, FormFooterComponent, FormSkeletonComponent, FunHeaderComponent, GlowCardComponent, GridSkeletonComponent, HANDOFF_ROUTE_PARAM, HANDOFF_TOKEN_PARAM, HandoffService, HeaderComponent, HintComponent, HorizontalScrollComponent, HourInputComponent, HrefComponent, I18nService, IMAGE_DEFAULTS, INITIAL_AUTH_STATE, INITIAL_MFA_STATE, Icon, IconComponent, IconService, ImageComponent, ImageCropComponent, ImageService, InAppBrowserService, InfiniteListComponent, InfoComponent, InputI18nHelper, InputType, ItemListComponent, LANG_STORAGE_KEY$1 as LANG_STORAGE_KEY, LOGIN_DEFAULTS, LanguageSelectorComponent, LayeredCardComponent, LinkComponent, LinkProcessorService, LinkedProvidersComponent, LinksAccordionComponent, LinksCakeComponent, ListSkeletonComponent, LoadingDirective, LocalStorageService, LocaleService, LoginComponent, MODAL_SIZES, MOTION, MaintenancePageComponent, MenuComponent, MessagingService, MetaService, ModalService, MultiSelectSearchComponent, NavigationService, NewsBuilder, NoContentComponent, NotesBoxComponent, NotificationActionService, NotificationsService, NumberFromToComponent, NumberInputComponent, NumberStepperComponent, OAUTH_PROVIDERS_INFO, OAuthCallbackComponent, OAuthService, OrgSwitchService, OutlineDefault, OutlineDefaultBlock, OutlineDefaultFull, OutlineDefaultRound, OutlineDefaultRoundBlock, OutlineDefaultRoundFull, PLATFORM_CONFIGS, PageContentComponent, PageTemplateComponent, PageWrapperComponent, PaginationComponent, PaginationService, PasswordInputComponent, PhoneInputComponent, PillComponent, PinInputComponent, PlainCodeBoxComponent, PopoverSelectorComponent, PresetService, PriceTagComponent, PrimarySolidBlockButton, PrimarySolidBlockHrefButton, PrimarySolidBlockIconButton, PrimarySolidBlockIconHrefButton, PrimarySolidDefaultRoundButton, PrimarySolidDefaultRoundHrefButton, PrimarySolidDefaultRoundIconButton, PrimarySolidDefaultRoundIconHrefButton, PrimarySolidFullButton, PrimarySolidFullHrefButton, PrimarySolidFullIconButton, PrimarySolidFullIconHrefButton, PrimarySolidLargeRoundButton, PrimarySolidLargeRoundHrefButton, PrimarySolidLargeRoundIconButton, PrimarySolidLargeRoundIconHrefButton, PrimarySolidSmallRoundButton, PrimarySolidSmallRoundHrefButton, PrimarySolidSmallRoundIconButton, PrimarySolidSmallRoundIconHrefButton, ProcessLinksPipe, ProfileSkeletonComponent, ProgressBarComponent, ProgressRingComponent, ProgressStatusComponent, PrompterComponent, QR_PRESETS, QrCodeComponent, QrGeneratorService, QueryBuilder, QuoteBoxComponent, RadioInputComponent, RangeInputComponent, RatingComponent, RefresherComponent, RightsFooterComponent, RotatingTextComponent, SKELETON_PRESETS, SearchSelectorComponent, SearchbarComponent, SecondarySolidBlockButton, SecondarySolidBlockHrefButton, SecondarySolidBlockIconButton, SecondarySolidBlockIconHrefButton, SecondarySolidDefaultRoundButton, SecondarySolidDefaultRoundHrefButton, SecondarySolidDefaultRoundIconButton, SecondarySolidDefaultRoundIconHrefButton, SecondarySolidFullButton, SecondarySolidFullHrefButton, SecondarySolidFullIconButton, SecondarySolidFullIconHrefButton, SecondarySolidLargeRoundButton, SecondarySolidLargeRoundHrefButton, SecondarySolidLargeRoundIconButton, SecondarySolidLargeRoundIconHrefButton, SecondarySolidSmallRoundButton, SecondarySolidSmallRoundHrefButton, SecondarySolidSmallRoundIconButton, SecondarySolidSmallRoundIconHrefButton, SegmentControlComponent, SelectSearchComponent, SessionService, ShareButtonsComponent, SimpleComponent, SkeletonComponent, SkeletonService, SolidBlockButton, SolidDefault, SolidDefaultBlock, SolidDefaultButton, SolidDefaultFull, SolidDefaultRound, SolidDefaultRoundBlock, SolidDefaultRoundButton, SolidDefaultRoundFull, SolidFullButton, SolidLargeButton, SolidLargeRoundButton, SolidSmallButton, SolidSmallRoundButton, StatsCardComponent, StepperComponent, StorageService, SwipeCarouselComponent, TabbedContentComponent, TableSkeletonComponent, TabsComponent, Terminal404Component, TestimonialCardComponent, TestimonialCarouselComponent, TextComponent, TextInputComponent, TextareaInputComponent, ThemeOption, ThemeService, TimelineComponent, TitleBlockComponent, TitleComponent, ToastService, ToggleInputComponent, TokenService, ToolbarActionType, ToolbarComponent, TranslatePipe, TypedCollection, UpdateBannerComponent, UsernameInputComponent, VALTECH_ADS_CONFIG, VALTECH_APP_CONFIG, VALTECH_AUTH_CONFIG, VALTECH_COMPANY_LINKS, VALTECH_DEFAULT_CONTENT, VALTECH_FEEDBACK_CONFIG, VALTECH_FIREBASE_CONFIG, VALTECH_FOOTER_I18N, VALTECH_FOOTER_LOGO, VALTECH_LANGUAGE_SELECTOR, VALTECH_SOCIAL_LINKS, VERSION, WizardComponent, WizardFooterComponent, applyDefaultValueToControl, authGuard, authInterceptor, blogPost, buildFooterLinks, buildPath, collections, createFirebaseConfig, createGlowCardProps, createInitialPaginationState, createNumberFromToField, createTitleProps, docs, extractPathParams, getAppInfo, getAppVersion, getCollectionPath, getDocumentId, getTimeOfDayKey, goToTop, guestGuard, hasEmulators, isAtEnd, isCollectionPath, isDocumentPath, isEmulatorMode, isValidPath, joinPath, maxLength, news, permissionGuard, permissionGuardFromRoute, provideValtechAds, provideValtechAppConfig, provideValtechAuth, provideValtechAuthInterceptor, provideValtechFeedback, provideValtechFirebase, provideValtechI18n, provideValtechPresets, provideValtechSkeleton, query, replaceSpecialChars, resolveColor, resolveInputDefaultValue, roleGuard, storagePaths, superAdminGuard, toArticle };
 //# sourceMappingURL=valtech-components.mjs.map