feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00
parent 00b936fa1f
commit 819345acfa
109 changed files with 26142 additions and 8081 deletions
@@ -80,6 +80,87 @@ export const roleRouter = createTRPCRouter({
      return attachPlanningEntryCounts(ctx.db, roles);
    }),

+  resolveByIdentifier: protectedProcedure
+    .input(z.object({ identifier: z.string().trim().min(1) }))
+    .query(async ({ ctx, input }) => {
+      const identifier = input.identifier.trim();
+      const select = {
+        id: true,
+        name: true,
+        color: true,
+        isActive: true,
+      } as const;
+
+      let role = await ctx.db.role.findUnique({
+        where: { id: identifier },
+        select,
+      });
+      if (!role) {
+        role = await ctx.db.role.findUnique({
+          where: { name: identifier },
+          select,
+        });
+      }
+      if (!role) {
+        role = await ctx.db.role.findFirst({
+          where: { name: { equals: identifier, mode: "insensitive" } },
+          select,
+        });
+      }
+      if (!role) {
+        role = await ctx.db.role.findFirst({
+          where: { name: { contains: identifier, mode: "insensitive" } },
+          select,
+        });
+      }
+      if (!role) {
+        throw new TRPCError({ code: "NOT_FOUND", message: "Role not found" });
+      }
+
+      return role;
+    }),
+
+  getByIdentifier: protectedProcedure
+    .input(z.object({ identifier: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const select = {
+        id: true,
+        name: true,
+        description: true,
+        color: true,
+        isActive: true,
+        _count: { select: { resourceRoles: true } },
+      } as const;
+
+      let role = await ctx.db.role.findUnique({
+        where: { id: input.identifier },
+        select,
+      });
+      if (!role) {
+        role = await ctx.db.role.findUnique({
+          where: { name: input.identifier },
+          select,
+        });
+      }
+      if (!role) {
+        role = await ctx.db.role.findFirst({
+          where: { name: { equals: input.identifier, mode: "insensitive" } },
+          select,
+        });
+      }
+      if (!role) {
+        role = await ctx.db.role.findFirst({
+          where: { name: { contains: input.identifier, mode: "insensitive" } },
+          select,
+        });
+      }
+      if (!role) {
+        throw new TRPCError({ code: "NOT_FOUND", message: "Role not found" });
+      }
+
+      return attachSinglePlanningEntryCount(ctx.db, role);
+    }),
+
  getById: protectedProcedure
    .input(z.object({ id: z.string() }))
    .query(async ({ ctx, input }) => {