Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
84094b363d6380410a4ffd22ebc8cd30a492d610
CapaKraken/packages/api/src/router/role-procedure-support.ts
T

154 lines
4.0 KiB
TypeScript
Raw Blame History

import { CreateRoleSchema, PermissionKey, UpdateRoleSchema } from "@capakraken/shared";
import { TRPCError } from "@trpc/server";
import { z } from "zod";
import { findUniqueOrThrow } from "../db/helpers.js";
import { emitRoleCreated, emitRoleDeleted, emitRoleUpdated } from "../sse/event-bus.js";
import type { TRPCContext } from "../trpc.js";
import { requirePermission } from "../trpc.js";
import {
appendZeroAllocationCount,
assertRoleNameAvailable,
attachSingleRolePlanningEntryCount,
buildRoleCreateData,
buildRoleUpdateData,
} from "./role-support.js";
export const RoleIdInputSchema = z.object({
id: z.string(),
});
export const UpdateRoleProcedureInputSchema = z.object({
id: z.string(),
data: UpdateRoleSchema,
});
type RoleMutationContext = Pick<TRPCContext, "db" | "dbUser"> & {
permissions: Set<PermissionKey>;
};
export async function createRole(
ctx: RoleMutationContext,
input: z.infer<typeof CreateRoleSchema>,
) {
requirePermission(ctx, PermissionKey.MANAGE_ROLES);
await assertRoleNameAvailable(ctx.db, input.name);
const role = await ctx.db.role.create({
data: buildRoleCreateData(input),
include: { _count: { select: { resourceRoles: true } } },
});
await ctx.db.auditLog.create({
data: {
entityType: "Role",
entityId: role.id,
action: "CREATE",
changes: { after: role },
},
});
emitRoleCreated({ id: role.id, name: role.name });
return appendZeroAllocationCount(role);
}
export async function updateRole(
ctx: RoleMutationContext,
input: z.infer<typeof UpdateRoleProcedureInputSchema>,
) {
requirePermission(ctx, PermissionKey.MANAGE_ROLES);
const existing = await findUniqueOrThrow(
ctx.db.role.findUnique({ where: { id: input.id } }),
"Role",
);
if (input.data.name && input.data.name !== existing.name) {
await assertRoleNameAvailable(ctx.db, input.data.name, input.id);
}
const updated = await ctx.db.role.update({
where: { id: input.id },
data: buildRoleUpdateData(input.data),
include: { _count: { select: { resourceRoles: true } } },
});
await ctx.db.auditLog.create({
data: {
entityType: "Role",
entityId: input.id,
action: "UPDATE",
changes: { before: existing, after: updated },
},
});
emitRoleUpdated({ id: updated.id, name: updated.name });
return attachSingleRolePlanningEntryCount(ctx.db, updated);
}
export async function deleteRole(
ctx: RoleMutationContext,
input: z.infer<typeof RoleIdInputSchema>,
) {
requirePermission(ctx, PermissionKey.MANAGE_ROLES);
const role = await findUniqueOrThrow(
ctx.db.role.findUnique({
where: { id: input.id },
include: { _count: { select: { resourceRoles: true } } },
}),
"Role",
);
const roleWithCounts = await attachSingleRolePlanningEntryCount(ctx.db, role);
if (
roleWithCounts._count.resourceRoles > 0 ||
roleWithCounts._count.allocations > 0
) {
throw new TRPCError({
code: "PRECONDITION_FAILED",
message: `Cannot delete role assigned to ${roleWithCounts._count.resourceRoles} resource(s) and ${roleWithCounts._count.allocations} allocation(s). Deactivate it instead.`,
});
}
await ctx.db.role.delete({ where: { id: input.id } });
await ctx.db.auditLog.create({
data: {
entityType: "Role",
entityId: input.id,
action: "DELETE",
changes: { before: role },
},
});
emitRoleDeleted(input.id);
return { success: true };
}
export async function deactivateRole(
ctx: RoleMutationContext,
input: z.infer<typeof RoleIdInputSchema>,
) {
requirePermission(ctx, PermissionKey.MANAGE_ROLES);
const role = await ctx.db.role.update({
where: { id: input.id },
data: { isActive: false },
include: { _count: { select: { resourceRoles: true } } },
});
await ctx.db.auditLog.create({
data: {
entityType: "Role",
entityId: input.id,
action: "UPDATE",
changes: { after: { isActive: false } },
},
});
emitRoleUpdated({ id: role.id, isActive: false });
return attachSingleRolePlanningEntryCount(ctx.db, role);
}
Reference in New Issue View Git Blame Copy Permalink