neogenia/neo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: neogenia:managefields
Branches Tags
neogenia:master neogenia:aiprocessbuilder2 neogenia:copilot-worktree-2026-01-31T01-10-57 neogenia:list-view-search neogenia:codex/add-contact-and-contact-details-objects neogenia:drawer neogenia:managefields neogenia:feature/salesforce-authorization neogenia:feature/twilio neogenia:permissions neogenia:schemaoperations neogenia:pagelayouts
..
compare: neogenia:c21274c86f56d8cf09deee87a99be19d8d2bbbc1
Branches Tags
neogenia:aiprocessbuilder2 neogenia:master neogenia:copilot-worktree-2026-01-31T01-10-57 neogenia:list-view-search neogenia:codex/add-contact-and-contact-details-objects neogenia:drawer neogenia:managefields neogenia:feature/salesforce-authorization neogenia:feature/twilio neogenia:permissions neogenia:schemaoperations neogenia:pagelayouts

18 Commits
managefiel ... c21274c86f

Author SHA1 Message Date
Francisco Gaona
c21274c86f WIP - record sharing 2025-12-28 21:31:02 +01:00
Francisco Gaona
358a216015 WIP - fix check for default writable 2025-12-28 20:39:44 +01:00
Francisco Gaona
868ce596ba WIP - remove console logs 2025-12-28 07:20:58 +01:00
Francisco Gaona
9aeb6d2b6f WIP - more fix for permissions 2025-12-28 07:18:47 +01:00
Francisco Gaona
ac4a4b68cd WIP - more progress with permissions 2025-12-28 06:48:03 +01:00
Francisco Gaona
88f656c3f5 WIP - permissions 2025-12-28 05:43:03 +01:00
Francisco Gaona
f4143ab106 WIP - Fix objection and model registry 2025-12-27 06:08:25 +01:00
Francisco Gaona
516e132611 WIP - move docs 2025-12-24 21:46:05 +01:00
Francisco Gaona
c5305490c1 WIP - use objection and working lookup field to owner 2025-12-24 21:43:58 +01:00
Francisco Gaona
4520f94b69 WIP - using objection base model to handle objects operations 2025-12-24 20:18:43 +01:00
Francisco Gaona
e4f1ba96ad WIP - custom migrations when object is created 2025-12-24 19:54:13 +01:00
Francisco Gaona
52c0849de2 WIP - manage tenant users from central 2025-12-24 12:17:22 +01:00
Francisco Gaona
b9fa3bd008 WIP - improve login to tenants by domains 2025-12-24 11:42:44 +01:00
Francisco Gaona
2bc672e4c5 WIP - some fixes 2025-12-24 10:54:19 +01:00
Francisco Gaona
962c84e6d2 WIP - fix lookup field 2025-12-24 00:05:15 +01:00
Francisco Gaona
fc1bec4de7 WIP - related lists and look up field 2025-12-23 23:59:04 +01:00
Francisco Gaona
0275b96014 WIP - central operations 2025-12-23 23:38:45 +01:00
Francisco Gaona
e4f3bad971 WIp - fix login into central 2025-12-23 22:16:58 +01:00
104 changed files with 4913 additions and 11447 deletions
Expand all files Collapse all files

2
.env.web
View File

@@ -2,4 +2,4 @@ NUXT_PORT=3001
NUXT_HOST=0.0.0.0
# Point Nuxt to the API container (not localhost)
NUXT_PUBLIC_API_BASE_URL=https://tenant1.routebox.co
NUXT_PUBLIC_API_BASE_URL=http://jupiter.routebox.co:3000

83
DEBUG_INCOMING_CALL.md
View File

@@ -1,83 +0,0 @@
# Debugging Incoming Call Issue
## Current Problem
- Hear "Connecting to your call" message (TwiML is executing)
- No ring on mobile after "Connecting" message
- Click Accept button does nothing
- Call never connects
## Root Cause Hypothesis
The Twilio Device SDK is likely **NOT receiving the incoming call event** from Twilio's Signaling Server. This could be because:
1. **Identity Mismatch**: The Device's identity (from JWT token) doesn't match the `<Client>ID</Client>` in TwiML
2. **Device Not Registered**: Device registration isn't completing before the call arrives
3. **Twilio Signaling Issue**: Device isn't connected to Twilio Signaling Server
## How to Debug
### Step 1: Check Device Identity in Console
When you open the softphone dialog, **open Browser DevTools Console (F12)**
You should see logs like:
```
Token received, creating Device...
Token identity: e6d45fa3-a108-4085-81e5-a8e05e85e6fb
Token grants: {voice: {...}}
Registering Twilio Device...
✓ Twilio Device registered - ready to receive calls
Device identity: e6d45fa3-a108-4085-81e5-a8e05e85e6fb
Device state: ready
```
**Note the Device identity value** - e.g., "e6d45fa3-a108-4085-81e5-a8e05e85e6fb"
### Step 2: Check Backend Logs
When you make an inbound call, look for backend logs showing:
```
╔════════════════════════════════════════╗
║ === INBOUND CALL RECEIVED ===
╚════════════════════════════════════════╝
...
Client IDs to dial: e6d45fa3-a108-4085-81e5-a8e05e85e6fb
First Client ID format check: "e6d45fa3-a108-4085-81e5-a8e05e85e6fb" (length: 36)
```
### Step 3: Compare Identities
The Device identity from frontend console MUST MATCH the Client ID from backend logs.
**If they match**: The issue is with Twilio Signaling or Device SDK configuration
**If they don't match**: We found the bug - identity mismatch
### Step 4: Monitor Incoming Event
When you make the inbound call, keep watching the browser console for:
```
🔔 Twilio Device INCOMING event received: {...}
```
**If this appears**: The Device SDK IS receiving the call, so the Accept button issue is frontend
**If this doesn't appear**: The Device SDK is NOT receiving the call, so it's an identity/registration issue
## What Changed
- Frontend now relies on **Twilio Device SDK `incoming` event** (not Socket.IO) for showing incoming call
- Added comprehensive logging to Device initialization
- Added logging to Accept button handler
- Backend logs Device ID format for comparison
## Next Steps
1. Make an inbound call
2. Check browser console for the 5 logs above
3. Check backend logs for Client ID
4. Look for "🔔 Twilio Device INCOMING event" in browser console
5. Try clicking Accept and watch console for "📞 Accepting call" logs
6. Report back with:
- Device identity from console
- Client ID from backend logs
- Whether "🔔 Twilio Device INCOMING event" appears
- Whether any accept logs appear
## Important Files
- Backend: `/backend/src/voice/voice.controller.ts` (lines 205-210 show Client ID logging)
- Frontend: `/frontend/composables/useSoftphone.ts` (Device initialization and incoming handler)

251
IMPLEMENTATION_SUMMARY.md Normal file
View File

@@ -0,0 +1,251 @@
# Authorization System Implementation Summary
## ✅ Implementation Complete
A comprehensive polymorphic record sharing and authorization system has been implemented with CASL, Objection.js, and NestJS.
## What Was Built
### Backend (NestJS + Objection.js + CASL)
#### 1. Database Layer
- ✅ Migration for authorization tables (`20250128000001_add_authorization_system.js`)
- ✅ Updated Prisma schema with new models
- ✅ Objection.js models: `ObjectField`, `RoleRule`, `RecordShare`
- ✅ Updated existing models with new relations
#### 2. Authorization Core
-`AbilityFactory` - Builds CASL abilities from 3 layers (global, role, share)
- ✅ Query scoping utilities for SQL-level authorization
- ✅ Guards and decorators (`AbilitiesGuard`, `@CheckAbility()`, `@CurrentUser()`)
- ✅ Middleware for attaching abilities to requests
#### 3. API Endpoints
-**ShareController** - CRUD for record shares
- POST /shares - Create share
- GET /shares/record/:objectDefinitionId/:recordId - List shares
- GET /shares/granted - Shares granted by user
- GET /shares/received - Shares received by user
- PATCH /shares/:id - Update share
- DELETE /shares/:id - Revoke share
-**RoleController** - Role management
- Standard CRUD for roles
- RoleRuleController for CASL rules
-**ObjectAccessController** - Object-level permissions
- GET/PUT /setup/objects/:apiName/access
- POST /setup/objects/:apiName/fields/:fieldKey/permissions
- PUT /setup/objects/:apiName/field-permissions
### Frontend (Nuxt 3 + Vue 3)
#### 4. Object Management Enhancement
- ✅ Added "Access & Permissions" tab to object setup page
-`ObjectAccessSettings.vue` component:
- Configure access model (public/owner/mixed)
- Set public CRUD permissions
- Configure owner field
- Set field-level read/write permissions
#### 5. Role Management
- ✅ New page: `/setup/roles`
-`RolePermissionsEditor.vue` component:
- Configure CRUD permissions per object
- Apply conditions (e.g., own records only)
- Visual permission matrix
#### 6. Record Sharing
-`RecordShareDialog.vue` component:
- List current shares
- Add new shares with permissions
- Field-level scoping
- Expiration dates
- Revoke shares
## Key Features
### 🌍 Global Object Policies
- Public/private access models
- Default CRUD permissions per object
- Configurable owner field
- Field-level default permissions
### 👥 Role-Based Access
- CASL rules stored in database
- Per-object permissions
- Condition-based rules (e.g., ownerId matching)
- Multiple actions per rule
### 🔗 Per-Record Sharing
- Polymorphic design (works with any object type)
- Grant read/update access to specific users
- Optional field-level scoping
- Expiration and revocation support
- Track who granted each share
### 🔒 SQL Query Scoping
- Critical for list endpoints
- Ensures users only see authorized records
- Combines ownership + sharing logic
- Works with public access flags
## File Structure
```
backend/
├── migrations/tenant/
│ └── 20250128000001_add_authorization_system.js
├── src/
│ ├── auth/
│ │ ├── ability.factory.ts (CASL ability builder)
│ │ ├── query-scope.util.ts (SQL scoping utilities)
│ │ ├── guards/
│ │ │ └── abilities.guard.ts
│ │ ├── decorators/
│ │ │ ├── auth.decorators.ts
│ │ │ └── check-ability.decorator.ts
│ │ └── middleware/
│ │ └── ability.middleware.ts
│ ├── models/
│ │ ├── object-field.model.ts
│ │ ├── role-rule.model.ts
│ │ └── record-share.model.ts
│ ├── rbac/
│ │ ├── share.controller.ts
│ │ └── role.controller.ts
│ └── object/
│ └── object-access.controller.ts
frontend/
├── components/
│ ├── ObjectAccessSettings.vue
│ ├── RecordShareDialog.vue
│ └── RolePermissionsEditor.vue
└── pages/
├── setup/
│ ├── objects/[apiName].vue (enhanced with access tab)
│ └── roles.vue
└── ...
docs/
└── AUTHORIZATION_SYSTEM.md (comprehensive documentation)
```
## Next Steps
### 1. Run the Migration
```bash
cd backend
npm run migrate:latest
```
### 2. Initialize Existing Objects
Set default access models for existing object definitions:
```sql
UPDATE object_definitions
SET
access_model = 'owner',
public_read = false,
public_create = false,
public_update = false,
public_delete = false,
owner_field = 'ownerId'
WHERE access_model IS NULL;
```
### 3. Apply Query Scoping
Update existing controllers to use query scoping:
```typescript
import { applyReadScope } from '@/auth/query-scope.util';
// In your list endpoint
async findAll(@CurrentUser() user: User) {
const objectDef = await ObjectDefinition.query(this.knex)
.findOne({ apiName: 'YourObject' });
let query = YourModel.query(this.knex);
query = applyReadScope(query, user, objectDef, this.knex);
return query;
}
```
### 4. Add Route Protection
Use guards on sensitive endpoints:
```typescript
@UseGuards(JwtAuthGuard, AbilitiesGuard)
@CheckAbility({ action: 'update', subject: 'Post' })
async update(@Body() data: any) {
// Only users with 'update' permission on 'Post' can access
}
```
### 5. Frontend Integration
Add sharing button to record detail pages:
```vue
<template>
<div>
<!-- Your record details -->
<Button @click="showShareDialog = true">
<Share class="w-4 h-4 mr-2" />
Share
</Button>
<RecordShareDialog
:open="showShareDialog"
:object-definition-id="objectDefinition.id"
:record-id="record.id"
:fields="objectDefinition.fields"
@close="showShareDialog = false"
/>
</div>
</template>
```
## Testing Checklist
- [ ] Run database migration successfully
- [ ] Create a test role with permissions
- [ ] Configure object access settings via UI
- [ ] Share a record with another user
- [ ] Verify shared record appears in grantee's list
- [ ] Verify query scoping filters unauthorized records
- [ ] Test field-level permissions
- [ ] Test share expiration
- [ ] Test share revocation
- [ ] Test role-based access with conditions
## Performance Considerations
1. **Index Usage**: The migration creates proper indexes on foreign keys and commonly queried columns
2. **Query Scoping**: Uses SQL EXISTS subqueries for efficient filtering
3. **Ability Caching**: Consider caching abilities per request (already done via middleware)
4. **Batch Loading**: When checking multiple records, batch the share lookups
## Security Notes
⚠️ **Important**: Always use SQL query scoping for list endpoints. Never fetch all records and filter in application code.
**Best Practices**:
- Share creation requires ownership verification
- Only grantors can update/revoke shares
- Expired/revoked shares are excluded from queries
- Field-level permissions are enforced on write operations
## Documentation
Full documentation available in:
- [AUTHORIZATION_SYSTEM.md](./AUTHORIZATION_SYSTEM.md) - Comprehensive guide
- Inline code comments in all new files
- JSDoc comments on key functions
## Support
For questions or issues:
1. Check the documentation in `docs/AUTHORIZATION_SYSTEM.md`
2. Review example usage in the controllers
3. Examine the test cases (when added)

173
SOFTPHONE_AI_ASSISTANT.md
View File

@@ -1,173 +0,0 @@
# Softphone AI Assistant - Complete Implementation
## 🎉 Features Implemented
### ✅ Real-time AI Call Assistant
- **OpenAI Realtime API Integration** - Listens to live calls and provides suggestions
- **Audio Streaming** - Twilio Media Streams fork audio to backend for AI processing
- **Real-time Transcription** - Speech-to-text during calls
- **Smart Suggestions** - AI analyzes conversation and advises the agent
## 🔧 Architecture
### Backend Flow
```
Inbound Call → TwiML (<Start><Stream> + <Dial>)
→ Media Stream WebSocket → OpenAI Realtime API
→ AI Processing → Socket.IO → Frontend
```
### Key Components
1. **TwiML Structure** (`voice.controller.ts:226-234`)
- `<Start><Stream>` - Forks audio for AI processing
- `<Dial><Client>` - Connects call to agent's softphone
2. **OpenAI Integration** (`voice.service.ts:431-519`)
- WebSocket connection to `wss://api.openai.com/v1/realtime?model=gpt-4o-realtime-preview-2024-10-01`
- Session config with custom instructions for agent assistance
- Handles transcripts and generates suggestions
3. **AI Message Handler** (`voice.service.ts:609-707`)
- Processes OpenAI events (transcripts, suggestions, audio)
- Routes suggestions to frontend via Socket.IO
- Saves transcripts to database
4. **Voice Gateway** (`voice.gateway.ts:272-289`)
- `notifyAiTranscript()` - Real-time transcript chunks
- `notifyAiSuggestion()` - AI suggestions to agent
### Frontend Components
1. **Softphone Dialog** (`SoftphoneDialog.vue:104-135`)
- AI Assistant section with badge showing suggestion count
- Color-coded suggestions (blue=response, green=action, purple=insight)
- Animated highlight for newest suggestion
2. **Softphone Composable** (`useSoftphone.ts:515-535`)
- Socket.IO event handlers for `ai:suggestion` and `ai:transcript`
- Maintains history of last 10 suggestions
- Maintains history of last 50 transcript items
## 📋 AI Prompt Configuration
The AI is instructed to:
- **Listen, not talk** - It advises the agent, not the caller
- **Provide concise suggestions** - 1-2 sentences max
- **Use formatted output**:
- `💡 Suggestion: [advice]`
- `⚠️ Alert: [important notice]`
- `📋 Action: [CRM action]`
## 🎨 UI Features
### Suggestion Types
- **Response** (Blue) - Suggested replies or approaches
- **Action** (Green) - Recommended CRM actions
- **Insight** (Purple) - Important alerts or observations
### Visual Feedback
- Badge showing number of suggestions
- Newest suggestion pulses for attention
- Auto-scrolling suggestion list
- Timestamp on each suggestion
## 🔍 How to Monitor
### 1. Backend Logs
```bash
# Watch for AI events
docker logs -f neo-backend-1 | grep -E "AI|OpenAI|transcript|suggestion"
```
Key log markers:
- `📝 Transcript chunk:` - Real-time speech detection
- `✅ Final transcript:` - Complete transcript saved
- `💡 AI Suggestion:` - AI-generated advice
### 2. Database
```sql
-- View call transcripts
SELECT call_sid, ai_transcript, created_at
FROM calls
ORDER BY created_at DESC
LIMIT 5;
```
### 3. Frontend Console
- Open browser DevTools Console
- Watch for: "AI suggestion:", "AI transcript:"
## 🚀 Testing
1. **Make a test call** to your Twilio number
2. **Accept the call** in the softphone dialog
3. **Talk during the call** - Say something like "I need to schedule a follow-up"
4. **Watch the UI** - AI suggestions appear in real-time
5. **Check logs** - See transcription and suggestion generation
## 📊 Current Status
**Working**:
- Inbound calls ring softphone
- Media stream forks audio to backend
- OpenAI processes audio (1300+ packets/call)
- AI generates suggestions
- Suggestions appear in frontend
- Transcripts saved to database
## 🔧 Configuration
### Required Environment Variables
```env
# OpenAI API Key (set in tenant integrations config)
OPENAI_API_KEY=sk-...
# Optional overrides
OPENAI_MODEL=gpt-4o-realtime-preview-2024-10-01
OPENAI_VOICE=alloy
```
### Tenant Configuration
Set in Settings > Integrations:
- OpenAI API Key
- Model (optional)
- Voice (optional)
## 🎯 Next Steps (Optional Enhancements)
1. **CRM Tool Execution** - Implement actual tool calls (search contacts, create tasks)
2. **Audio Response** - Send OpenAI audio back to caller (two-way AI interaction)
3. **Sentiment Analysis** - Track call sentiment in real-time
4. **Call Summary** - Generate post-call summary automatically
5. **Custom Prompts** - Allow agents to customize AI instructions per call type
## 🐛 Troubleshooting
### No suggestions appearing?
1. Check OpenAI API key is configured
2. Verify WebSocket connection logs show "OpenAI Realtime connected"
3. Check frontend Socket.IO connection is established
4. Verify user ID matches between backend and frontend
### Transcripts not saving?
1. Check tenant database connection
2. Verify `calls` table has `ai_transcript` column
3. Check logs for "Failed to update transcript" errors
### OpenAI connection fails?
1. Verify API key is valid
2. Check model name is correct
3. Review WebSocket close codes in logs
## 📝 Files Modified
**Backend:**
- `/backend/src/voice/voice.service.ts` - OpenAI integration & AI message handling
- `/backend/src/voice/voice.controller.ts` - TwiML generation with stream fork
- `/backend/src/voice/voice.gateway.ts` - Socket.IO event emission
- `/backend/src/main.ts` - Media stream WebSocket handler
**Frontend:**
- `/frontend/components/SoftphoneDialog.vue` - AI suggestions UI
- `/frontend/composables/useSoftphone.ts` - Socket.IO event handlers

101
backend/migrations/tenant/20250128000001_add_authorization_system.js Normal file
View File

@@ -0,0 +1,101 @@
/**
* Migration: Add authorization system (CASL + polymorphic sharing)
*
* This migration adds:
* 1. Access control fields to object_definitions
* 2. Field-level permissions to field_definitions
* 3. role_rules table for CASL rules storage
* 4. record_shares table for polymorphic per-record sharing
*/
exports.up = async function(knex) {
// 1. Add access control fields to object_definitions
await knex.schema.table('object_definitions', (table) => {
table.enum('access_model', ['public', 'owner', 'mixed']).defaultTo('owner');
table.boolean('public_read').defaultTo(false);
table.boolean('public_create').defaultTo(false);
table.boolean('public_update').defaultTo(false);
table.boolean('public_delete').defaultTo(false);
table.string('owner_field', 100).defaultTo('ownerId');
});
// 2. Add field-level permission columns to field_definitions
await knex.schema.table('field_definitions', (table) => {
table.boolean('default_readable').defaultTo(true);
table.boolean('default_writable').defaultTo(true);
});
// 3. Create role_rules table for storing CASL rules per role
await knex.schema.createTable('role_rules', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('(UUID())'));
table.uuid('role_id').notNullable();
table.json('rules_json').notNullable(); // Array of CASL rules
table.timestamps(true, true);
// Foreign keys
table.foreign('role_id')
.references('id')
.inTable('roles')
.onDelete('CASCADE');
// Indexes
table.index('role_id');
});
// 4. Create record_shares table for polymorphic per-record sharing
await knex.schema.createTable('record_shares', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('(UUID())'));
table.uuid('object_definition_id').notNullable();
table.string('record_id', 255).notNullable(); // String to support UUID/int uniformly
table.uuid('grantee_user_id').notNullable();
table.uuid('granted_by_user_id').notNullable();
table.json('actions').notNullable(); // Array like ["read"], ["read","update"]
table.json('fields').nullable(); // Optional field scoping
table.timestamp('expires_at').nullable();
table.timestamp('revoked_at').nullable();
table.timestamp('created_at').defaultTo(knex.fn.now());
// Foreign keys
table.foreign('object_definition_id')
.references('id')
.inTable('object_definitions')
.onDelete('CASCADE');
table.foreign('grantee_user_id')
.references('id')
.inTable('users')
.onDelete('CASCADE');
table.foreign('granted_by_user_id')
.references('id')
.inTable('users')
.onDelete('CASCADE');
// Indexes for efficient querying
table.index(['grantee_user_id', 'object_definition_id']);
table.index(['object_definition_id', 'record_id']);
table.unique(['object_definition_id', 'record_id', 'grantee_user_id']);
});
};
exports.down = async function(knex) {
// Drop tables in reverse order
await knex.schema.dropTableIfExists('record_shares');
await knex.schema.dropTableIfExists('role_rules');
// Remove columns from field_definitions
await knex.schema.table('field_definitions', (table) => {
table.dropColumn('default_readable');
table.dropColumn('default_writable');
});
// Remove columns from object_definitions
await knex.schema.table('object_definitions', (table) => {
table.dropColumn('access_model');
table.dropColumn('public_read');
table.dropColumn('public_create');
table.dropColumn('public_update');
table.dropColumn('public_delete');
table.dropColumn('owner_field');
});
};

103
backend/migrations/tenant/20250129000001_add_authorization_system.js
View File

@@ -1,103 +0,0 @@
exports.up = function (knex) {
return knex.schema
// Add orgWideDefault to object_definitions
.alterTable('object_definitions', (table) => {
table
.enum('orgWideDefault', ['private', 'public_read', 'public_read_write'])
.defaultTo('private')
.notNullable();
})
// Create role_object_permissions table
.createTable('role_object_permissions', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('(UUID())'));
table.uuid('roleId').notNullable();
table.uuid('objectDefinitionId').notNullable();
table.boolean('canCreate').defaultTo(false);
table.boolean('canRead').defaultTo(false);
table.boolean('canEdit').defaultTo(false);
table.boolean('canDelete').defaultTo(false);
table.boolean('canViewAll').defaultTo(false);
table.boolean('canModifyAll').defaultTo(false);
table.timestamps(true, true);
table
.foreign('roleId')
.references('id')
.inTable('roles')
.onDelete('CASCADE');
table
.foreign('objectDefinitionId')
.references('id')
.inTable('object_definitions')
.onDelete('CASCADE');
table.unique(['roleId', 'objectDefinitionId']);
table.index(['roleId']);
table.index(['objectDefinitionId']);
})
// Create role_field_permissions table
.createTable('role_field_permissions', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('(UUID())'));
table.uuid('roleId').notNullable();
table.uuid('fieldDefinitionId').notNullable();
table.boolean('canRead').defaultTo(true);
table.boolean('canEdit').defaultTo(true);
table.timestamps(true, true);
table
.foreign('roleId')
.references('id')
.inTable('roles')
.onDelete('CASCADE');
table
.foreign('fieldDefinitionId')
.references('id')
.inTable('field_definitions')
.onDelete('CASCADE');
table.unique(['roleId', 'fieldDefinitionId']);
table.index(['roleId']);
table.index(['fieldDefinitionId']);
})
// Create record_shares table for sharing specific records
.createTable('record_shares', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('(UUID())'));
table.uuid('objectDefinitionId').notNullable();
table.uuid('recordId').notNullable();
table.uuid('granteeUserId').notNullable();
table.uuid('grantedByUserId').notNullable();
table.json('accessLevel').notNullable(); // { canRead, canEdit, canDelete }
table.timestamp('expiresAt').nullable();
table.timestamp('revokedAt').nullable();
table.timestamp('createdAt').defaultTo(knex.fn.now());
table.timestamp('updatedAt').defaultTo(knex.fn.now());
table
.foreign('objectDefinitionId')
.references('id')
.inTable('object_definitions')
.onDelete('CASCADE');
table
.foreign('granteeUserId')
.references('id')
.inTable('users')
.onDelete('CASCADE');
table
.foreign('grantedByUserId')
.references('id')
.inTable('users')
.onDelete('CASCADE');
table.index(['objectDefinitionId', 'recordId']);
table.index(['granteeUserId']);
table.index(['expiresAt']);
table.index(['revokedAt']);
});
};
exports.down = function (knex) {
return knex.schema
.dropTableIfExists('record_shares')
.dropTableIfExists('role_field_permissions')
.dropTableIfExists('role_object_permissions')
.alterTable('object_definitions', (table) => {
table.dropColumn('orgWideDefault');
});
};

55
backend/migrations/tenant/20250203000001_create_calls_table.js
View File

@@ -1,55 +0,0 @@
/**
* @param { import("knex").Knex } knex
* @returns { Promise<void> }
*/
exports.up = async function (knex) {
// Create calls table for tracking voice calls
await knex.schema.createTable('calls', (table) => {
table.string('id', 36).primary();
table.string('call_sid', 100).unique().notNullable().comment('Twilio call SID');
table.enum('direction', ['inbound', 'outbound']).notNullable();
table.string('from_number', 20).notNullable();
table.string('to_number', 20).notNullable();
table.enum('status', [
'queued',
'ringing',
'in-progress',
'completed',
'busy',
'failed',
'no-answer',
'canceled'
]).notNullable().defaultTo('queued');
table.integer('duration_seconds').unsigned().nullable();
table.string('recording_url', 500).nullable();
table.text('ai_transcript').nullable().comment('Full transcript from OpenAI');
table.text('ai_summary').nullable().comment('AI-generated summary');
table.json('ai_insights').nullable().comment('Structured insights from AI');
table.string('user_id', 36).notNullable().comment('User who handled the call');
table.timestamp('started_at').nullable();
table.timestamp('ended_at').nullable();
table.timestamp('created_at').defaultTo(knex.fn.now());
table.timestamp('updated_at').defaultTo(knex.fn.now());
// Indexes
table.index('call_sid');
table.index('user_id');
table.index('status');
table.index('direction');
table.index(['created_at', 'user_id']);
// Foreign key to users table
table.foreign('user_id').references('id').inTable('users').onDelete('CASCADE');
});
console.log('✅ Created calls table');
};
/**
* @param { import("knex").Knex } knex
* @returns { Promise<void> }
*/
exports.down = async function (knex) {
await knex.schema.dropTableIfExists('calls');
console.log('✅ Dropped calls table');
};

764
backend/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

11
backend/package.json
View File

@@ -27,7 +27,6 @@
},
"dependencies": {
"@casl/ability": "^6.7.5",
"@fastify/websocket": "^10.0.1",
"@nestjs/bullmq": "^10.1.0",
"@nestjs/common": "^10.3.0",
"@nestjs/config": "^3.1.1",
@@ -35,9 +34,6 @@
"@nestjs/jwt": "^10.2.0",
"@nestjs/passport": "^10.0.3",
"@nestjs/platform-fastify": "^10.3.0",
"@nestjs/platform-socket.io": "^10.4.20",
"@nestjs/serve-static": "^4.0.2",
"@nestjs/websockets": "^10.4.20",
"@prisma/client": "^5.8.0",
"bcrypt": "^5.1.1",
"bullmq": "^5.1.0",
@@ -47,14 +43,11 @@
"knex": "^3.1.0",
"mysql2": "^3.15.3",
"objection": "^3.1.5",
"openai": "^6.15.0",
"objection-authorize": "^5.0.2",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
"reflect-metadata": "^0.2.1",
"rxjs": "^7.8.1",
"socket.io": "^4.8.3",
"twilio": "^5.11.1",
"ws": "^8.18.3"
"rxjs": "^7.8.1"
},
"devDependencies": {
"@nestjs/cli": "^10.3.0",

2
backend/prisma/migrations/20260103054426_add_integrations_config/migration.sql
View File

@@ -1,2 +0,0 @@
-- AlterTable
ALTER TABLE `tenants` ADD COLUMN `integrationsConfig` JSON NULL;

23
backend/prisma/schema-central.prisma
View File

@@ -24,18 +24,17 @@ model User {
}
model Tenant {
id String @id @default(cuid())
name String
slug String @unique // Used for identification
dbHost String // Database host
dbPort Int @default(3306)
dbName String // Database name
dbUsername String // Database username
dbPassword String // Encrypted database password
integrationsConfig Json? // Encrypted JSON config for external services (Twilio, OpenAI, etc.)
status String @default("active") // active, suspended, deleted
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
id String @id @default(cuid())
name String
slug String @unique // Used for identification
dbHost String // Database host
dbPort Int @default(3306)
dbName String // Database name
dbUsername String // Database username
dbPassword String // Encrypted database password
status String @default("active") // active, suspended, deleted
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
domains Domain[]

77
backend/prisma/schema.prisma
View File

@@ -24,8 +24,10 @@ model User {
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
userRoles UserRole[]
accounts Account[]
userRoles UserRole[]
accounts Account[]
sharesGranted RecordShare[] @relation("GrantedShares")
sharesReceived RecordShare[] @relation("ReceivedShares")
@@map("users")
}
@@ -41,6 +43,7 @@ model Role {
userRoles UserRole[]
rolePermissions RolePermission[]
roleRules RoleRule[]
@@unique([name, guardName])
@@map("roles")
@@ -90,20 +93,42 @@ model RolePermission {
@@map("role_permissions")
}
// CASL Rules for Roles
model RoleRule {
id String @id @default(uuid())
roleId String
rulesJson Json @map("rules_json")
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
role Role @relation(fields: [roleId], references: [id], onDelete: Cascade)
@@index([roleId])
@@map("role_rules")
}
// Object Definition (Metadata)
model ObjectDefinition {
id String @id @default(uuid())
apiName String @unique
label String
pluralLabel String?
description String? @db.Text
isSystem Boolean @default(false)
isCustom Boolean @default(true)
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
id String @id @default(uuid())
apiName String @unique
label String
pluralLabel String?
description String? @db.Text
isSystem Boolean @default(false)
isCustom Boolean @default(true)
// Authorization fields
accessModel String @default("owner") // 'public' | 'owner' | 'mixed'
publicRead Boolean @default(false)
publicCreate Boolean @default(false)
publicUpdate Boolean @default(false)
publicDelete Boolean @default(false)
ownerField String @default("ownerId")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
fields FieldDefinition[]
pages AppPage[]
fields FieldDefinition[]
pages AppPage[]
recordShares RecordShare[]
@@map("object_definitions")
}
@@ -126,6 +151,9 @@ model FieldDefinition {
isCustom Boolean @default(true)
displayOrder Int @default(0)
uiMetadata Json? @map("ui_metadata")
// Field-level permissions
defaultReadable Boolean @default(true)
defaultWritable Boolean @default(true)
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@ -136,6 +164,29 @@ model FieldDefinition {
@@map("field_definitions")
}
// Polymorphic per-record sharing
model RecordShare {
id String @id @default(uuid())
objectDefinitionId String
recordId String
granteeUserId String
grantedByUserId String
actions Json // Array like ["read"], ["read","update"]
fields Json? // Optional field scoping
expiresAt DateTime? @map("expires_at")
revokedAt DateTime? @map("revoked_at")
createdAt DateTime @default(now()) @map("created_at")
objectDefinition ObjectDefinition @relation(fields: [objectDefinitionId], references: [id], onDelete: Cascade)
granteeUser User @relation("ReceivedShares", fields: [granteeUserId], references: [id], onDelete: Cascade)
grantedByUser User @relation("GrantedShares", fields: [grantedByUserId], references: [id], onDelete: Cascade)
@@unique([objectDefinitionId, recordId, granteeUserId])
@@index([granteeUserId, objectDefinitionId])
@@index([objectDefinitionId, recordId])
@@map("record_shares")
}
// Example static object: Account
model Account {
id String @id @default(uuid())

181
backend/scripts/seed-default-roles.ts
View File

@@ -1,181 +0,0 @@
import { Knex } from 'knex';
import * as knexLib from 'knex';
/**
* Create a Knex connection for tenant database
*/
function createKnexConnection(database: string): Knex {
return knexLib.default({
client: 'mysql2',
connection: {
host: process.env.DB_HOST || 'db',
port: parseInt(process.env.DB_PORT || '3306'),
user: 'root',
password: 'asjdnfqTash37faggT',
database: database,
},
});
}
interface RoleWithPermissions {
name: string;
description: string;
objectPermissions: {
[objectApiName: string]: {
canCreate: boolean;
canRead: boolean;
canEdit: boolean;
canDelete: boolean;
canViewAll: boolean;
canModifyAll: boolean;
};
};
}
const DEFAULT_ROLES: RoleWithPermissions[] = [
{
name: 'System Administrator',
description: 'Full access to all objects and records. Can view and modify all data.',
objectPermissions: {
'*': {
canCreate: true,
canRead: true,
canEdit: true,
canDelete: true,
canViewAll: true,
canModifyAll: true,
},
},
},
{
name: 'Standard User',
description: 'Can create, read, edit, and delete own records. Respects OWD settings.',
objectPermissions: {
'*': {
canCreate: true,
canRead: true,
canEdit: true,
canDelete: true,
canViewAll: false,
canModifyAll: false,
},
},
},
{
name: 'Read Only',
description: 'Can only read records based on OWD settings. No create, edit, or delete.',
objectPermissions: {
'*': {
canCreate: false,
canRead: true,
canEdit: false,
canDelete: false,
canViewAll: false,
canModifyAll: false,
},
},
},
];
async function seedRolesForTenant(knex: Knex, tenantName: string) {
console.log(`\n🌱 Seeding roles for tenant: ${tenantName}`);
// Get all object definitions
const objectDefinitions = await knex('object_definitions').select('id', 'apiName');
for (const roleData of DEFAULT_ROLES) {
// Check if role already exists
const existingRole = await knex('roles')
.where({ name: roleData.name })
.first();
let roleId: string;
if (existingRole) {
console.log(` Role "${roleData.name}" already exists, skipping...`);
roleId = existingRole.id;
} else {
// Create role
await knex('roles').insert({
name: roleData.name,
guardName: 'api',
description: roleData.description,
});
// Get the inserted role
const newRole = await knex('roles')
.where({ name: roleData.name })
.first();
roleId = newRole.id;
console.log(` ✅ Created role: ${roleData.name}`);
}
// Create object permissions for all objects
const wildcardPermissions = roleData.objectPermissions['*'];
for (const objectDef of objectDefinitions) {
// Check if permission already exists
const existingPermission = await knex('role_object_permissions')
.where({
roleId: roleId,
objectDefinitionId: objectDef.id,
})
.first();
if (!existingPermission) {
await knex('role_object_permissions').insert({
roleId: roleId,
objectDefinitionId: objectDef.id,
canCreate: wildcardPermissions.canCreate,
canRead: wildcardPermissions.canRead,
canEdit: wildcardPermissions.canEdit,
canDelete: wildcardPermissions.canDelete,
canViewAll: wildcardPermissions.canViewAll,
canModifyAll: wildcardPermissions.canModifyAll,
});
}
}
console.log(` 📋 Set permissions for ${objectDefinitions.length} objects`);
}
}
async function seedAllTenants() {
console.log('🚀 Starting role seeding for all tenants...\n');
// For now, seed the main tenant database
const databases = ['tenant_tenant1'];
let successCount = 0;
let errorCount = 0;
for (const database of databases) {
try {
const knex = createKnexConnection(database);
await seedRolesForTenant(knex, database);
await knex.destroy();
successCount++;
} catch (error) {
console.error(`${database}: Seeding failed:`, error.message);
errorCount++;
}
}
console.log('\n============================================================');
console.log('📊 Seeding Summary');
console.log('============================================================');
console.log(`✅ Successful: ${successCount}`);
console.log(`❌ Failed: ${errorCount}`);
if (errorCount === 0) {
console.log('\n🎉 All tenant roles seeded successfully!');
}
}
seedAllTenants()
.then(() => process.exit(0))
.catch((error) => {
console.error('Unhandled error:', error);
process.exit(1);
});

2
backend/src/app.module.ts
View File

@@ -7,7 +7,6 @@ import { RbacModule } from './rbac/rbac.module';
import { ObjectModule } from './object/object.module';
import { AppBuilderModule } from './app-builder/app-builder.module';
import { PageLayoutModule } from './page-layout/page-layout.module';
import { VoiceModule } from './voice/voice.module';
@Module({
imports: [
@@ -21,7 +20,6 @@ import { VoiceModule } from './voice/voice.module';
ObjectModule,
AppBuilderModule,
PageLayoutModule,
VoiceModule,
],
})
export class AppModule {}

207
backend/src/auth/ability.factory.ts Normal file
View File

@@ -0,0 +1,207 @@
import { Injectable } from '@nestjs/common';
import { Ability, AbilityBuilder, AbilityClass, ExtractSubjectType, InferSubjects, createMongoAbility } from '@casl/ability';
import { User } from '../models/user.model';
import { ObjectDefinition } from '../models/object-definition.model';
import { FieldDefinition } from '../models/field-definition.model';
import { RoleRule } from '../models/role-rule.model';
import { RecordShare } from '../models/record-share.model';
import { UserRole } from '../models/user-role.model';
import { Knex } from 'knex';
// Define actions
export type Action = 'read' | 'create' | 'update' | 'delete' | 'share';
// Define subjects - can be string (object type key) or model class
export type Subjects = InferSubjects<any> | 'all';
export type AppAbility = Ability<[Action, Subjects]>;
@Injectable()
export class AbilityFactory {
/**
* Build CASL Ability for a user
* Rules come from 3 layers:
* 1. Global object rules (from object_definitions + object_fields)
* 2. Role rules (from role_rules)
* 3. Share rules (from record_shares for this user)
*/
async buildForUser(user: User, knex: Knex): Promise<AppAbility> {
const { can, cannot, build } = new AbilityBuilder<AppAbility>(
createMongoAbility as any,
);
// 1. Load global object rules
await this.addGlobalRules(user, knex, can, cannot);
// 2. Load role rules
await this.addRoleRules(user, knex, can);
// 3. Load share rules
await this.addShareRules(user, knex, can);
return build({
// Optional: detect subject type from instance
detectSubjectType: (item) => {
if (typeof item === 'string') return item;
return item.constructor?.name || 'unknown';
},
});
}
/**
* Add global rules from object_definitions and object_fields
*/
private async addGlobalRules(
user: User,
knex: Knex,
can: any,
cannot: any,
) {
const objectDefs = await knex<ObjectDefinition>('object_definitions').select('*');
for (const objDef of objectDefs) {
const subject = objDef.apiName;
// Handle public access
if (objDef.publicRead) {
can('read', subject);
}
if (objDef.publicCreate) {
can('create', subject);
}
if (objDef.publicUpdate) {
can('update', subject);
}
if (objDef.publicDelete) {
can('delete', subject);
}
// Handle owner-based access
if (objDef.accessModel === 'owner' || objDef.accessModel === 'mixed') {
const ownerCondition = { [objDef.ownerField]: user.id };
can('read', subject, ownerCondition);
can('update', subject, ownerCondition);
can('delete', subject, ownerCondition);
can('share', subject, ownerCondition); // Owner can share their records
}
// Load field-level permissions for this object
const fields = await knex<FieldDefinition>('field_definitions')
.where('objectDefinitionId', objDef.id)
.select('*');
// Build field lists
const readableFields = fields
.filter((f) => f.defaultReadable)
.map((f) => f.apiName);
const writableFields = fields
.filter((f) => f.defaultWritable)
.map((f) => f.apiName);
// Add field-level rules if we have field restrictions
if (fields.length > 0) {
// For read, limit to readable fields
if (readableFields.length > 0) {
can('read', subject, readableFields);
}
// For update/create, limit to writable fields
if (writableFields.length > 0) {
can(['update', 'create'], subject, writableFields);
}
}
}
}
/**
* Add role-based rules from role_rules
*/
private async addRoleRules(user: User, knex: Knex, can: any) {
// Get user's roles
const userRoles = await knex<UserRole>('user_roles')
.where('userId', user.id)
.select('roleId');
if (userRoles.length === 0) return;
const roleIds = userRoles.map((ur) => ur.roleId);
// Get all role rules for these roles
const roleRules = await knex<RoleRule>('role_rules')
.whereIn('roleId', roleIds)
.select('*');
for (const roleRule of roleRules) {
// Parse and add each rule from the JSON
const rules = roleRule.rulesJson;
if (Array.isArray(rules)) {
rules.forEach((rule) => {
if (rule.inverted) {
// Handle "cannot" rules
// CASL format: { action, subject, conditions?, fields?, inverted: true }
// We'd need to properly parse this - for now, skip inverted rules in factory
} else {
// Handle "can" rules
const { action, subject, conditions, fields } = rule;
if (fields && fields.length > 0) {
can(action, subject, fields, conditions);
} else if (conditions) {
can(action, subject, conditions);
} else {
can(action, subject);
}
}
});
}
}
}
/**
* Add per-record sharing rules from record_shares
*/
private async addShareRules(user: User, knex: Knex, can: any) {
const now = new Date();
// Get all active shares for this user (grantee)
const shares = await knex<RecordShare>('record_shares')
.where('granteeUserId', user.id)
.whereNull('revokedAt')
.where(function () {
this.whereNull('expiresAt').orWhere('expiresAt', '>', now);
})
.select('*');
// Also need to join with object_definitions to get the apiName (subject)
const sharesWithObjects = await knex('record_shares')
.join('object_definitions', 'record_shares.objectDefinitionId', 'object_definitions.id')
.where('record_shares.granteeUserId', user.id)
.whereNull('record_shares.revokedAt')
.where(function () {
this.whereNull('record_shares.expiresAt').orWhere('record_shares.expiresAt', '>', now);
})
.select(
'record_shares.*',
'object_definitions.apiName as objectApiName',
);
for (const share of sharesWithObjects) {
const subject = share.objectApiName;
const actions = Array.isArray(share.actions) ? share.actions : JSON.parse(share.actions);
const fields = share.fields ? (Array.isArray(share.fields) ? share.fields : JSON.parse(share.fields)) : null;
// Create condition: record must match the shared recordId
const condition = { id: share.recordId };
for (const action of actions) {
if (fields && fields.length > 0) {
// Field-scoped share
can(action, subject, fields, condition);
} else {
// Full record share
can(action, subject, condition);
}
}
}
}
}

6
backend/src/auth/auth.module.ts
View File

@@ -6,6 +6,8 @@ import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { JwtStrategy } from './jwt.strategy';
import { TenantModule } from '../tenant/tenant.module';
import { AbilityFactory } from './ability.factory';
import { AbilitiesGuard } from './guards/abilities.guard';
@Module({
imports: [
@@ -19,8 +21,8 @@ import { TenantModule } from '../tenant/tenant.module';
}),
}),
],
providers: [AuthService, JwtStrategy],
providers: [AuthService, JwtStrategy, AbilityFactory, AbilitiesGuard],
controllers: [AuthController],
exports: [AuthService],
exports: [AuthService, AbilityFactory, AbilitiesGuard],
})
export class AuthModule {}

24
backend/src/auth/decorators/auth.decorators.ts Normal file
View File

@@ -0,0 +1,24 @@
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { AppAbility } from '../ability.factory';
/**
* Decorator to inject the current user's ability into a route handler
* Usage: @CurrentAbility() ability: AppAbility
*/
export const CurrentAbility = createParamDecorator(
(data: unknown, ctx: ExecutionContext): AppAbility => {
const request = ctx.switchToHttp().getRequest();
return request.ability;
},
);
/**
* Decorator to inject the current user into a route handler
* Usage: @CurrentUser() user: User
*/
export const CurrentUser = createParamDecorator(
(data: unknown, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest();
return request.user;
},
);

10
backend/src/auth/decorators/check-ability.decorator.ts Normal file
View File

@@ -0,0 +1,10 @@
import { SetMetadata } from '@nestjs/common';
import { Action } from '../ability.factory';
import { CHECK_ABILITY_KEY, RequiredRule } from '../guards/abilities.guard';
/**
* Decorator to check abilities
* Usage: @CheckAbility({ action: 'read', subject: 'Post' })
*/
export const CheckAbility = (...rules: RequiredRule[]) =>
SetMetadata(CHECK_ABILITY_KEY, rules);

51
backend/src/auth/guards/abilities.guard.ts Normal file
View File

@@ -0,0 +1,51 @@
import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Action, AppAbility } from '../ability.factory';
export interface RequiredRule {
action: Action;
subject: string;
}
/**
* Key for metadata
*/
export const CHECK_ABILITY_KEY = 'check_ability';
/**
* Guard that checks CASL abilities
* Use with @CheckAbility() decorator
*/
@Injectable()
export class AbilitiesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const rules = this.reflector.get<RequiredRule[]>(
CHECK_ABILITY_KEY,
context.getHandler(),
) || [];
if (rules.length === 0) {
return true; // No rules specified, allow
}
const request = context.switchToHttp().getRequest();
const ability: AppAbility = request.ability;
if (!ability) {
throw new ForbiddenException('Ability not found on request');
}
// Check all rules
for (const rule of rules) {
if (!ability.can(rule.action, rule.subject)) {
throw new ForbiddenException(
`You don't have permission to ${rule.action} ${rule.subject}`,
);
}
}
return true;
}
}

24
backend/src/auth/middleware/ability.middleware.ts Normal file
View File

@@ -0,0 +1,24 @@
import { Injectable, NestMiddleware, Inject } from '@nestjs/common';
import { Request, Response, NextFunction } from 'express';
import { AbilityFactory } from '../ability.factory';
import { Knex } from 'knex';
/**
* Middleware to build and attach CASL ability to request
* Must run after authentication middleware
*/
@Injectable()
export class AbilityMiddleware implements NestMiddleware {
constructor(
private readonly abilityFactory: AbilityFactory,
@Inject('KnexConnection') private readonly knex: Knex,
) {}
async use(req: Request & { user?: any; ability?: any }, res: Response, next: NextFunction) {
if (req.user) {
// Build ability for authenticated user
req.ability = await this.abilityFactory.buildForUser(req.user, this.knex);
}
next();
}
}

145
backend/src/auth/query-scope.util.ts Normal file
View File

@@ -0,0 +1,145 @@
import { QueryBuilder, Model } from 'objection';
import { User } from '../models/user.model';
import { ObjectDefinition } from '../models/object-definition.model';
import { Knex } from 'knex';
/**
* Query scoping utilities for authorization
* Apply SQL-level filtering to ensure users only see records they have access to
*/
export interface AuthScopeOptions {
user: User;
objectDefinition: ObjectDefinition;
action: 'read' | 'update' | 'delete';
knex: Knex;
}
/**
* Apply authorization scope to a query builder
* This implements the SQL equivalent of the CASL ability checks
*
* Rules:
* 1. If object is public_{action} => allow all
* 2. If object is owner/mixed => allow owned OR shared
*/
export function applyAuthScope<M extends Model>(
query: QueryBuilder<M, M[]>,
options: AuthScopeOptions,
): QueryBuilder<M, M[]> {
const { user, objectDefinition, action, knex } = options;
// If public access for this action, no restrictions
if (
(action === 'read' && objectDefinition.publicRead) ||
(action === 'update' && objectDefinition.publicUpdate) ||
(action === 'delete' && objectDefinition.publicDelete)
) {
return query;
}
// Otherwise, apply owner + share logic
const ownerField = objectDefinition.ownerField || 'ownerId';
const tableName = query.modelClass().tableName;
return query.where((builder) => {
// Owner condition
builder.where(`${tableName}.${ownerField}`, user.id);
// OR shared condition
builder.orWhereExists((subquery) => {
subquery
.from('record_shares')
.join('object_definitions', 'record_shares.object_definition_id', 'object_definitions.id')
.whereRaw('record_shares.record_id = ??', [`${tableName}.id`])
.where('record_shares.grantee_user_id', user.id)
.where('object_definitions.id', objectDefinition.id)
.whereNull('record_shares.revoked_at')
.where(function () {
this.whereNull('record_shares.expires_at')
.orWhere('record_shares.expires_at', '>', knex.fn.now());
})
.whereRaw("JSON_CONTAINS(record_shares.actions, ?)", [JSON.stringify(action)]);
});
});
}
/**
* Apply read scope - most common use case
*/
export function applyReadScope<M extends Model>(
query: QueryBuilder<M, M[]>,
user: User,
objectDefinition: ObjectDefinition,
knex: Knex,
): QueryBuilder<M, M[]> {
return applyAuthScope(query, { user, objectDefinition, action: 'read', knex });
}
/**
* Apply update scope
*/
export function applyUpdateScope<M extends Model>(
query: QueryBuilder<M, M[]>,
user: User,
objectDefinition: ObjectDefinition,
knex: Knex,
): QueryBuilder<M, M[]> {
return applyAuthScope(query, { user, objectDefinition, action: 'update', knex });
}
/**
* Apply delete scope
*/
export function applyDeleteScope<M extends Model>(
query: QueryBuilder<M, M[]>,
user: User,
objectDefinition: ObjectDefinition,
knex: Knex,
): QueryBuilder<M, M[]> {
return applyAuthScope(query, { user, objectDefinition, action: 'delete', knex });
}
/**
* Check if user can access a specific record
* This is for single-record operations
*/
export async function canAccessRecord(
recordId: string,
user: User,
objectDefinition: ObjectDefinition,
action: 'read' | 'update' | 'delete',
knex: Knex,
): Promise<boolean> {
// If public access for this action
if (
(action === 'read' && objectDefinition.publicRead) ||
(action === 'update' && objectDefinition.publicUpdate) ||
(action === 'delete' && objectDefinition.publicDelete)
) {
return true;
}
const ownerField = objectDefinition.ownerField || 'ownerId';
// Check if user owns the record (we need the table name, which we can't easily get here)
// This function is meant to be used with a fetched record
// For now, we'll check shares only
// Check if there's a valid share
const now = new Date();
const share = await knex('record_shares')
.where({
objectDefinitionId: objectDefinition.id,
recordId: recordId,
granteeUserId: user.id,
})
.whereNull('revokedAt')
.where(function () {
this.whereNull('expiresAt').orWhere('expiresAt', '>', now);
})
.whereRaw("JSON_CONTAINS(actions, ?)", [JSON.stringify(action)])
.first();
return !!share;
}

145
backend/src/main.ts
View File

@@ -3,15 +3,13 @@ import {
FastifyAdapter,
NestFastifyApplication,
} from '@nestjs/platform-fastify';
import { ValidationPipe, Logger } from '@nestjs/common';
import { ValidationPipe } from '@nestjs/common';
import { AppModule } from './app.module';
import { VoiceService } from './voice/voice.service';
import { AudioConverterService } from './voice/audio-converter.service';
async function bootstrap() {
const app = await NestFactory.create<NestFastifyApplication>(
AppModule,
new FastifyAdapter({ logger: true }),
new FastifyAdapter(),
);
// Global validation pipe
@@ -35,145 +33,6 @@ async function bootstrap() {
const port = process.env.PORT || 3000;
await app.listen(port, '0.0.0.0');
// After app is listening, register WebSocket handler
const fastifyInstance = app.getHttpAdapter().getInstance();
const logger = new Logger('MediaStreamWS');
const voiceService = app.get(VoiceService);
const audioConverter = app.get(AudioConverterService);
const WebSocketServer = require('ws').Server;
const wss = new WebSocketServer({ noServer: true });
// Handle WebSocket upgrades at the server level
const server = (fastifyInstance.server as any);
// Track active Media Streams connections: streamSid -> WebSocket
const mediaStreams: Map<string, any> = new Map();
server.on('upgrade', (request: any, socket: any, head: any) => {
if (request.url === '/api/voice/media-stream') {
logger.log('=== MEDIA STREAM WEBSOCKET UPGRADE REQUEST ===');
logger.log(`Path: ${request.url}`);
wss.handleUpgrade(request, socket, head, (ws: any) => {
logger.log('=== MEDIA STREAM WEBSOCKET UPGRADED SUCCESSFULLY ===');
handleMediaStreamSocket(ws);
});
}
});
async function handleMediaStreamSocket(ws: any) {
let streamSid: string | null = null;
let callSid: string | null = null;
let tenantDomain: string | null = null;
let mediaPacketCount = 0;
ws.on('message', async (message: Buffer) => {
try {
const msg = JSON.parse(message.toString());
switch (msg.event) {
case 'connected':
logger.log('=== MEDIA STREAM EVENT: CONNECTED ===');
logger.log(`Protocol: ${msg.protocol}`);
logger.log(`Version: ${msg.version}`);
break;
case 'start':
streamSid = msg.streamSid;
callSid = msg.start.callSid;
tenantDomain = msg.start.customParameters?.tenantId || 'tenant1';
logger.log(`=== MEDIA STREAM EVENT: START ===`);
logger.log(`StreamSid: ${streamSid}`);
logger.log(`CallSid: ${callSid}`);
logger.log(`Tenant: ${tenantDomain}`);
logger.log(`MediaFormat: ${JSON.stringify(msg.start.mediaFormat)}`);
mediaStreams.set(streamSid, ws);
logger.log(`Stored WebSocket for streamSid: ${streamSid}. Total active streams: ${mediaStreams.size}`);
// Initialize OpenAI Realtime connection
logger.log(`Initializing OpenAI Realtime for call ${callSid}...`);
try {
await voiceService.initializeOpenAIRealtime({
callSid,
tenantId: tenantDomain,
userId: msg.start.customParameters?.userId || 'system',
});
logger.log(`✓ OpenAI Realtime initialized for call ${callSid}`);
} catch (error: any) {
logger.error(`Failed to initialize OpenAI: ${error.message}`);
}
break;
case 'media':
mediaPacketCount++;
// Only log every 500 packets to reduce noise
if (mediaPacketCount % 500 === 0) {
logger.log(`Received media packet #${mediaPacketCount} for StreamSid: ${streamSid}`);
}
if (!callSid || !tenantDomain) {
logger.warn('Received media before start event');
break;
}
try {
// Convert Twilio audio (μ-law 8kHz) to OpenAI format (PCM16 24kHz)
const twilioAudio = msg.media.payload;
const openaiAudio = audioConverter.twilioToOpenAI(twilioAudio);
// Send audio to OpenAI Realtime API
await voiceService.sendAudioToOpenAI(callSid, openaiAudio);
} catch (error: any) {
logger.error(`Error processing media: ${error.message}`);
}
break;
case 'stop':
logger.log(`=== MEDIA STREAM EVENT: STOP ===`);
logger.log(`StreamSid: ${streamSid}`);
logger.log(`Total media packets received: ${mediaPacketCount}`);
if (streamSid) {
mediaStreams.delete(streamSid);
logger.log(`Removed WebSocket for streamSid: ${streamSid}`);
}
// Clean up OpenAI connection
if (callSid) {
try {
logger.log(`Cleaning up OpenAI connection for call ${callSid}...`);
await voiceService.cleanupOpenAIConnection(callSid);
logger.log(`✓ OpenAI connection cleaned up`);
} catch (error: any) {
logger.error(`Failed to cleanup OpenAI: ${error.message}`);
}
}
break;
default:
logger.debug(`Unknown media stream event: ${msg.event}`);
}
} catch (error: any) {
logger.error(`Error processing media stream message: ${error.message}`);
}
});
ws.on('close', () => {
logger.log(`=== MEDIA STREAM WEBSOCKET CLOSED ===`);
if (streamSid) {
mediaStreams.delete(streamSid);
}
});
ws.on('error', (error: Error) => {
logger.error(`=== MEDIA STREAM WEBSOCKET ERROR ===`);
logger.error(`Error message: ${error.message}`);
});
}
console.log(`🚀 Application is running on: http://localhost:${port}/api`);
}

2
backend/src/migration/custom-migration.service.ts
View File

@@ -1,5 +1,5 @@
import { Injectable, Logger } from '@nestjs/common';
import { Knex } from 'knex';
import type { Knex } from 'knex';
export interface CustomMigrationRecord {
id: string;

11
backend/src/models/field-definition.model.ts
View File

@@ -64,6 +64,9 @@ export class FieldDefinition extends BaseModel {
isCustom!: boolean;
displayOrder!: number;
uiMetadata?: UIMetadata;
// Field-level permissions
defaultReadable!: boolean;
defaultWritable!: boolean;
static relationMappings = {
objectDefinition: {
@@ -74,13 +77,5 @@ export class FieldDefinition extends BaseModel {
to: 'object_definitions.id',
},
},
rolePermissions: {
relation: BaseModel.HasManyRelation,
modelClass: () => require('./role-field-permission.model').RoleFieldPermission,
join: {
from: 'field_definitions.id',
to: 'role_field_permissions.fieldDefinitionId',
},
},
};
}

25
backend/src/models/object-definition.model.ts
View File

@@ -10,11 +10,15 @@ export class ObjectDefinition extends BaseModel {
description?: string;
isSystem: boolean;
isCustom: boolean;
orgWideDefault: 'private' | 'public_read' | 'public_read_write';
// Authorization fields
accessModel: 'public' | 'owner' | 'mixed';
publicRead: boolean;
publicCreate: boolean;
publicUpdate: boolean;
publicDelete: boolean;
ownerField: string;
createdAt: Date;
updatedAt: Date;
fields?: any[];
rolePermissions?: any[];
static get jsonSchema() {
return {
@@ -28,14 +32,19 @@ export class ObjectDefinition extends BaseModel {
description: { type: 'string' },
isSystem: { type: 'boolean' },
isCustom: { type: 'boolean' },
orgWideDefault: { type: 'string', enum: ['private', 'public_read', 'public_read_write'] },
accessModel: { type: 'string', enum: ['public', 'owner', 'mixed'] },
publicRead: { type: 'boolean' },
publicCreate: { type: 'boolean' },
publicUpdate: { type: 'boolean' },
publicDelete: { type: 'boolean' },
ownerField: { type: 'string' },
},
};
}
static get relationMappings() {
const { FieldDefinition } = require('./field-definition.model');
const { RoleObjectPermission } = require('./role-object-permission.model');
const { RecordShare } = require('./record-share.model');
return {
fields: {
@@ -46,12 +55,12 @@ export class ObjectDefinition extends BaseModel {
to: 'field_definitions.objectDefinitionId',
},
},
rolePermissions: {
recordShares: {
relation: BaseModel.HasManyRelation,
modelClass: RoleObjectPermission,
modelClass: RecordShare,
join: {
from: 'object_definitions.id',
to: 'role_object_permissions.objectDefinitionId',
to: 'record_shares.objectDefinitionId',
},
},
};

70
backend/src/models/record-share.model.ts
View File

@@ -1,80 +1,39 @@
import { BaseModel } from './base.model';
export interface RecordShareAccessLevel {
canRead: boolean;
canEdit: boolean;
canDelete: boolean;
}
export class RecordShare extends BaseModel {
static tableName = 'record_shares';
// Don't use snake_case mapping since DB columns are already camelCase
static get columnNameMappers() {
return {
parse(obj: any) {
return obj;
},
format(obj: any) {
return obj;
},
};
}
// Don't auto-set timestamps - let DB defaults handle them
$beforeInsert() {
// Don't call super - skip BaseModel's timestamp logic
}
$beforeUpdate() {
// Don't call super - skip BaseModel's timestamp logic
}
id!: string;
objectDefinitionId!: string;
recordId!: string;
granteeUserId!: string;
grantedByUserId!: string;
accessLevel!: RecordShareAccessLevel;
actions!: any; // JSON field - will be string[] when parsed
fields?: any; // JSON field - will be string[] when parsed
expiresAt?: Date;
revokedAt?: Date;
createdAt!: Date;
updatedAt!: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['objectDefinitionId', 'recordId', 'granteeUserId', 'grantedByUserId', 'accessLevel'],
required: ['objectDefinitionId', 'recordId', 'granteeUserId', 'grantedByUserId', 'actions'],
properties: {
id: { type: 'string' },
objectDefinitionId: { type: 'string' },
recordId: { type: 'string' },
granteeUserId: { type: 'string' },
grantedByUserId: { type: 'string' },
accessLevel: {
type: 'object',
properties: {
canRead: { type: 'boolean' },
canEdit: { type: 'boolean' },
canDelete: { type: 'boolean' },
},
actions: {
type: 'array',
items: { type: 'string' },
},
expiresAt: {
anyOf: [
{ type: 'string', format: 'date-time' },
{ type: 'null' },
{ type: 'object' } // Allow Date objects
]
fields: {
type: ['array', 'null'],
items: { type: 'string' },
},
revokedAt: {
anyOf: [
{ type: 'string', format: 'date-time' },
{ type: 'null' },
{ type: 'object' } // Allow Date objects
]
},
createdAt: { type: ['string', 'object'], format: 'date-time' },
updatedAt: { type: ['string', 'object'], format: 'date-time' },
expiresAt: { type: ['string', 'null'], format: 'date-time' },
revokedAt: { type: ['string', 'null'], format: 'date-time' },
},
};
}
@@ -110,4 +69,11 @@ export class RecordShare extends BaseModel {
},
};
}
// Check if share is currently valid
isValid(): boolean {
if (this.revokedAt) return false;
if (this.expiresAt && new Date(this.expiresAt) < new Date()) return false;
return true;
}
}

51
backend/src/models/role-field-permission.model.ts
View File

@@ -1,51 +0,0 @@
import { BaseModel } from './base.model';
export class RoleFieldPermission extends BaseModel {
static tableName = 'role_field_permissions';
id!: string;
roleId!: string;
fieldDefinitionId!: string;
canRead!: boolean;
canEdit!: boolean;
createdAt!: Date;
updatedAt!: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['roleId', 'fieldDefinitionId'],
properties: {
id: { type: 'string' },
roleId: { type: 'string' },
fieldDefinitionId: { type: 'string' },
canRead: { type: 'boolean' },
canEdit: { type: 'boolean' },
},
};
}
static get relationMappings() {
const { Role } = require('./role.model');
const { FieldDefinition } = require('./field-definition.model');
return {
role: {
relation: BaseModel.BelongsToOneRelation,
modelClass: Role,
join: {
from: 'role_field_permissions.roleId',
to: 'roles.id',
},
},
fieldDefinition: {
relation: BaseModel.BelongsToOneRelation,
modelClass: FieldDefinition,
join: {
from: 'role_field_permissions.fieldDefinitionId',
to: 'field_definitions.id',
},
},
};
}
}

59
backend/src/models/role-object-permission.model.ts
View File

@@ -1,59 +0,0 @@
import { BaseModel } from './base.model';
export class RoleObjectPermission extends BaseModel {
static tableName = 'role_object_permissions';
id!: string;
roleId!: string;
objectDefinitionId!: string;
canCreate!: boolean;
canRead!: boolean;
canEdit!: boolean;
canDelete!: boolean;
canViewAll!: boolean;
canModifyAll!: boolean;
createdAt!: Date;
updatedAt!: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['roleId', 'objectDefinitionId'],
properties: {
id: { type: 'string' },
roleId: { type: 'string' },
objectDefinitionId: { type: 'string' },
canCreate: { type: 'boolean' },
canRead: { type: 'boolean' },
canEdit: { type: 'boolean' },
canDelete: { type: 'boolean' },
canViewAll: { type: 'boolean' },
canModifyAll: { type: 'boolean' },
},
};
}
static get relationMappings() {
const { Role } = require('./role.model');
const { ObjectDefinition } = require('./object-definition.model');
return {
role: {
relation: BaseModel.BelongsToOneRelation,
modelClass: Role,
join: {
from: 'role_object_permissions.roleId',
to: 'roles.id',
},
},
objectDefinition: {
relation: BaseModel.BelongsToOneRelation,
modelClass: ObjectDefinition,
join: {
from: 'role_object_permissions.objectDefinitionId',
to: 'object_definitions.id',
},
},
};
}
}

38
backend/src/models/role-rule.model.ts Normal file
View File

@@ -0,0 +1,38 @@
import { BaseModel } from './base.model';
export class RoleRule extends BaseModel {
static tableName = 'role_rules';
id: string;
roleId: string;
rulesJson: any[]; // Array of CASL rules
createdAt: Date;
updatedAt: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['roleId', 'rulesJson'],
properties: {
id: { type: 'string' },
roleId: { type: 'string' },
rulesJson: { type: 'array' },
},
};
}
static get relationMappings() {
const { Role } = require('./role.model');
return {
role: {
relation: BaseModel.BelongsToOneRelation,
modelClass: Role,
join: {
from: 'role_rules.roleId',
to: 'roles.id',
},
},
};
}
}

17
backend/src/models/role.model.ts
View File

@@ -27,8 +27,7 @@ export class Role extends BaseModel {
const { RolePermission } = require('./role-permission.model');
const { Permission } = require('./permission.model');
const { User } = require('./user.model');
const { RoleObjectPermission } = require('./role-object-permission.model');
const { RoleFieldPermission } = require('./role-field-permission.model');
const { RoleRule } = require('./role-rule.model');
return {
rolePermissions: {
@@ -63,20 +62,12 @@ export class Role extends BaseModel {
to: 'users.id',
},
},
objectPermissions: {
roleRules: {
relation: BaseModel.HasManyRelation,
modelClass: RoleObjectPermission,
modelClass: RoleRule,
join: {
from: 'roles.id',
to: 'role_object_permissions.roleId',
},
},
fieldPermissions: {
relation: BaseModel.HasManyRelation,
modelClass: RoleFieldPermission,
join: {
from: 'roles.id',
to: 'role_field_permissions.roleId',
to: 'role_rules.roleId',
},
},
};

17
backend/src/models/user.model.ts
View File

@@ -30,6 +30,7 @@ export class User extends BaseModel {
static get relationMappings() {
const { UserRole } = require('./user-role.model');
const { Role } = require('./role.model');
const { RecordShare } = require('./record-share.model');
return {
userRoles: {
@@ -52,6 +53,22 @@ export class User extends BaseModel {
to: 'roles.id',
},
},
sharesGranted: {
relation: BaseModel.HasManyRelation,
modelClass: RecordShare,
join: {
from: 'users.id',
to: 'record_shares.grantedByUserId',
},
},
sharesReceived: {
relation: BaseModel.HasManyRelation,
modelClass: RecordShare,
join: {
from: 'users.id',
to: 'record_shares.granteeUserId',
},
},
};
}
}

32
backend/src/object/models/base.model.ts
View File

@@ -1,5 +1,4 @@
import { Model } from 'objection';
import { randomUUID } from 'crypto';
/**
* Base model for all dynamic and system models
@@ -11,23 +10,26 @@ export class BaseModel extends Model {
tenantId?: string;
ownerId?: string;
name?: string;
created_at?: string;
updated_at?: string;
created_at?: Date;
updated_at?: Date;
// Hook to set system-managed fields
async $beforeInsert() {
if (!this.id) {
this.id = randomUUID();
}
if (!this.created_at) {
this.created_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
}
if (!this.updated_at) {
this.updated_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
}
$beforeInsert() {
// created_at and updated_at are handled by the database
// ownerId should be set by the controller/service
}
async $beforeUpdate() {
this.updated_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
$beforeUpdate() {
// updated_at is handled by the database
}
/**
* Get the API name for this object
* Override in subclasses
*/
static get objectApiName(): string {
return 'BaseModel';
}
}

42
backend/src/object/models/dynamic-model.factory.ts
View File

@@ -1,3 +1,4 @@
import { randomUUID } from 'crypto';
import { ModelClass, JSONSchema, RelationMappings, Model } from 'objection';
import { BaseModel } from './base.model';
@@ -27,14 +28,6 @@ export interface ObjectMetadata {
}
export class DynamicModelFactory {
/**
* Get relation name from lookup field API name
* Converts "ownerId" -> "owner", "customFieldId" -> "customfield"
*/
static getRelationName(lookupFieldApiName: string): string {
return lookupFieldApiName.replace(/Id$/, '').toLowerCase();
}
/**
* Create a dynamic model class from object metadata
* @param meta Object metadata
@@ -56,7 +49,8 @@ export class DynamicModelFactory {
updated_at: { type: 'string', format: 'date-time' },
};
// Don't require id or tenantId - they'll be set automatically
// Don't require system-managed fields (id, tenantId, ownerId, timestamps)
// These are auto-set by hooks or database
const required: string[] = [];
// Add custom fields
@@ -76,13 +70,20 @@ export class DynamicModelFactory {
// Store lookup fields metadata for later use
const lookupFieldsInfo = lookupFields.map(f => ({
apiName: f.apiName,
relationName: DynamicModelFactory.getRelationName(f.apiName),
relationName: f.apiName.replace(/Id$/, '').toLowerCase(),
referenceObject: f.referenceObject,
targetTable: this.getTableName(f.referenceObject),
}));
// Create the dynamic model class extending BaseModel
class DynamicModel extends BaseModel {
// Create the dynamic model class extending Model directly
class DynamicModel extends Model {
id?: string;
tenantId?: string;
ownerId?: string;
name?: string;
created_at?: string;
updated_at?: string;
static tableName = tableName;
static objectApiName = apiName;
@@ -129,6 +130,23 @@ export class DynamicModelFactory {
properties,
};
}
async $beforeInsert() {
if (!this.id) {
this.id = randomUUID();
}
if (!this.created_at) {
this.created_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
}
if (!this.updated_at) {
this.updated_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
}
}
async $beforeUpdate(opt: any, queryContext: any) {
await super.$beforeUpdate(opt, queryContext);
this.updated_at = new Date().toISOString().slice(0, 19).replace('T', ' ');
}
}
return DynamicModel as any;

2
backend/src/object/models/model.service.ts
View File

@@ -1,5 +1,5 @@
import { Injectable, Logger } from '@nestjs/common';
import { Knex } from 'knex';
import type { Knex } from 'knex';
import { ModelClass } from 'objection';
import { BaseModel } from './base.model';
import { ModelRegistry } from './model.registry';

3
backend/src/object/object.module.ts
View File

@@ -6,12 +6,11 @@ import { SchemaManagementService } from './schema-management.service';
import { FieldMapperService } from './field-mapper.service';
import { TenantModule } from '../tenant/tenant.module';
import { MigrationModule } from '../migration/migration.module';
import { RbacModule } from '../rbac/rbac.module';
import { ModelRegistry } from './models/model.registry';
import { ModelService } from './models/model.service';
@Module({
imports: [TenantModule, MigrationModule, RbacModule],
imports: [TenantModule, MigrationModule],
providers: [
ObjectService,
SchemaManagementService,

982
backend/src/object/object.service.ts
View File

File diff suppressed because it is too large Load Diff

69
backend/src/object/schema-management.service.ts
View File

@@ -1,5 +1,5 @@
import { Injectable, Logger } from '@nestjs/common';
import { Knex } from 'knex';
import type { Knex } from 'knex';
import { ObjectDefinition } from '../models/object-definition.model';
import { FieldDefinition } from '../models/field-definition.model';
@@ -71,37 +71,6 @@ export class SchemaManagementService {
this.logger.log(`Removed field ${fieldApiName} from table ${tableName}`);
}
/**
* Alter a field in an existing object table
* Handles safe updates like changing NOT NULL or constraints
* Warns about potentially destructive operations
*/
async alterFieldInTable(
knex: Knex,
objectApiName: string,
fieldApiName: string,
field: FieldDefinition,
options?: {
skipTypeChange?: boolean; // Skip if type change would lose data
},
) {
const tableName = this.getTableName(objectApiName);
const skipTypeChange = options?.skipTypeChange ?? true;
await knex.schema.alterTable(tableName, (table) => {
// Drop the existing column and recreate with new definition
// Note: This approach works for metadata changes, but type changes may need data migration
table.dropColumn(fieldApiName);
});
// Recreate the column with new definition
await knex.schema.alterTable(tableName, (table) => {
this.addFieldColumn(table, field);
});
this.logger.log(`Altered field ${fieldApiName} in table ${tableName}`);
}
/**
* Drop an object table
*/
@@ -125,30 +94,15 @@ export class SchemaManagementService {
let column: Knex.ColumnBuilder;
switch (field.type) {
// Text types
case 'String':
case 'TEXT':
case 'EMAIL':
case 'PHONE':
case 'URL':
column = table.string(columnName, field.length || 255);
break;
case 'Text':
case 'LONG_TEXT':
column = table.text(columnName);
break;
case 'PICKLIST':
case 'MULTI_PICKLIST':
column = table.string(columnName, 255);
break;
// Numeric types
case 'Number':
case 'NUMBER':
case 'CURRENCY':
case 'PERCENT':
if (field.scale && field.scale > 0) {
column = table.decimal(
columnName,
@@ -161,28 +115,18 @@ export class SchemaManagementService {
break;
case 'Boolean':
case 'BOOLEAN':
column = table.boolean(columnName).defaultTo(false);
break;
// Date types
case 'Date':
case 'DATE':
column = table.date(columnName);
break;
case 'DateTime':
case 'DATE_TIME':
column = table.datetime(columnName);
break;
case 'TIME':
column = table.time(columnName);
break;
// Relationship types
case 'Reference':
case 'LOOKUP':
column = table.uuid(columnName);
if (field.referenceObject) {
const refTableName = this.getTableName(field.referenceObject);
@@ -190,30 +134,19 @@ export class SchemaManagementService {
}
break;
// Email (legacy)
case 'Email':
column = table.string(columnName, 255);
break;
// Phone (legacy)
case 'Phone':
column = table.string(columnName, 50);
break;
// Url (legacy)
case 'Url':
column = table.string(columnName, 255);
break;
// File types
case 'FILE':
case 'IMAGE':
column = table.text(columnName); // Store file path or URL
break;
// JSON
case 'Json':
case 'JSON':
column = table.json(columnName);
break;

166
backend/src/object/setup-object.controller.ts
View File

@@ -2,18 +2,19 @@ import {
Controller,
Get,
Post,
Patch,
Put,
Delete,
Param,
Body,
UseGuards,
Inject,
} from '@nestjs/common';
import { ObjectService } from './object.service';
import { FieldMapperService } from './field-mapper.service';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { TenantId } from '../tenant/tenant.decorator';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
import { ObjectDefinition } from '../models/object-definition.model';
import { FieldDefinition } from '../models/field-definition.model';
import { Knex } from 'knex';
@Controller('setup/objects')
@UseGuards(JwtAuthGuard)
@@ -21,7 +22,7 @@ export class SetupObjectController {
constructor(
private objectService: ObjectService,
private fieldMapperService: FieldMapperService,
private tenantDbService: TenantDatabaseService,
@Inject('KnexConnection') private readonly knex: Knex,
) {}
@Get()
@@ -73,84 +74,121 @@ export class SetupObjectController {
return this.fieldMapperService.mapFieldToDTO(field);
}
@Put(':objectApiName/fields/:fieldApiName')
async updateFieldDefinition(
// Access & Permissions endpoints
/**
* Get object access configuration
*/
@Get(':objectApiName/access')
async getAccess(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Param('fieldApiName') fieldApiName: string,
@Body() data: any,
) {
const field = await this.objectService.updateFieldDefinition(
tenantId,
objectApiName,
fieldApiName,
data,
);
return this.fieldMapperService.mapFieldToDTO(field);
const objectDef = await ObjectDefinition.query(this.knex)
.findOne({ apiName: objectApiName })
.withGraphFetched('fields');
if (!objectDef) {
throw new Error('Object definition not found');
}
return {
accessModel: objectDef.accessModel,
publicRead: objectDef.publicRead,
publicCreate: objectDef.publicCreate,
publicUpdate: objectDef.publicUpdate,
publicDelete: objectDef.publicDelete,
ownerField: objectDef.ownerField,
fields: objectDef['fields'] || [],
};
}
@Delete(':objectApiName/fields/:fieldApiName')
async deleteFieldDefinition(
/**
* Update object access configuration
*/
@Put(':objectApiName/access')
async updateAccess(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Param('fieldApiName') fieldApiName: string,
@Body() dto: any,
) {
return this.objectService.deleteFieldDefinition(
tenantId,
objectApiName,
fieldApiName,
);
console.log('dto', JSON.stringify(dto));
const objectDef = await ObjectDefinition.query(this.knex)
.findOne({ apiName: objectApiName });
if (!objectDef) {
throw new Error('Object definition not found');
}
return ObjectDefinition.query(this.knex).patchAndFetchById(objectDef.id, dto);
}
@Patch(':objectApiName')
async updateObjectDefinition(
/**
* Create or update field-level permissions
*/
@Post(':objectApiName/fields/:fieldKey/permissions')
async setFieldPermissions(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Body() data: any,
@Param('fieldKey') fieldKey: string,
@Body() dto: any,
) {
return this.objectService.updateObjectDefinition(tenantId, objectApiName, data);
const objectDef = await ObjectDefinition.query(this.knex)
.findOne({ apiName: objectApiName });
if (!objectDef) {
throw new Error('Object definition not found');
}
// Find the field definition
const field = await FieldDefinition.query(this.knex)
.findOne({
objectDefinitionId: objectDef.id,
apiName: fieldKey,
});
if (!field) {
throw new Error('Field definition not found');
}
// Update field permissions
return FieldDefinition.query(this.knex).patchAndFetchById(field.id, {
defaultReadable: dto.defaultReadable ?? field.defaultReadable,
defaultWritable: dto.defaultWritable ?? field.defaultWritable,
});
}
@Get(':objectId/field-permissions')
async getFieldPermissions(
@TenantId() tenantId: string,
@Param('objectId') objectId: string,
) {
return this.objectService.getFieldPermissions(tenantId, objectId);
}
@Put(':objectId/field-permissions')
async updateFieldPermission(
@TenantId() tenantId: string,
@Param('objectId') objectId: string,
@Body() data: { roleId: string; fieldDefinitionId: string; canRead: boolean; canEdit: boolean },
) {
return this.objectService.updateFieldPermission(tenantId, data.roleId, data.fieldDefinitionId, data.canRead, data.canEdit);
}
@Get(':objectApiName/permissions/:roleId')
async getObjectPermissions(
/**
* Bulk set field permissions for an object
*/
@Put(':objectApiName/field-permissions')
async bulkSetFieldPermissions(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Param('roleId') roleId: string,
@Body() fields: { fieldKey: string; defaultReadable: boolean; defaultWritable: boolean }[],
) {
return this.objectService.getObjectPermissions(tenantId, objectApiName, roleId);
}
const objectDef = await ObjectDefinition.query(this.knex)
.findOne({ apiName: objectApiName });
@Put(':objectApiName/permissions')
async updateObjectPermissions(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Body() data: {
roleId: string;
canCreate: boolean;
canRead: boolean;
canEdit: boolean;
canDelete: boolean;
canViewAll: boolean;
canModifyAll: boolean;
},
) {
return this.objectService.updateObjectPermissions(tenantId, objectApiName, data);
if (!objectDef) {
throw new Error('Object definition not found');
}
// Update each field in the field_definitions table
for (const fieldUpdate of fields) {
await FieldDefinition.query(this.knex)
.where({
objectDefinitionId: objectDef.id,
apiName: fieldUpdate.fieldKey,
})
.patch({
defaultReadable: fieldUpdate.defaultReadable,
defaultWritable: fieldUpdate.defaultWritable,
});
}
return { success: true };
}
}

198
backend/src/rbac/ability.factory.ts
View File

@@ -1,198 +0,0 @@
import { AbilityBuilder, PureAbility, AbilityClass } from '@casl/ability';
import { Injectable } from '@nestjs/common';
import { User } from '../models/user.model';
import { RoleObjectPermission } from '../models/role-object-permission.model';
import { RoleFieldPermission } from '../models/role-field-permission.model';
import { RecordShare } from '../models/record-share.model';
// Define action types
export type Action = 'create' | 'read' | 'update' | 'delete' | 'view_all' | 'modify_all';
// Define subject types - can be string (object API name) or actual object with fields
export type Subject = string | { objectApiName: string; ownerId?: string; id?: string; [key: string]: any };
// Define field actions
export type FieldAction = 'read' | 'edit';
export type AppAbility = PureAbility<[Action, Subject], { field?: string }>;
@Injectable()
export class AbilityFactory {
/**
* Build CASL ability for a user based on their roles and permissions
* This aggregates permissions from all roles the user has
*/
async defineAbilityFor(
user: User & { roles?: Array<{ objectPermissions?: RoleObjectPermission[]; fieldPermissions?: RoleFieldPermission[] }> },
recordShares?: RecordShare[],
): Promise<AppAbility> {
const { can, cannot, build } = new AbilityBuilder<AppAbility>(PureAbility as AbilityClass<AppAbility>);
if (!user.roles || user.roles.length === 0) {
// No roles = no permissions
return build();
}
// Aggregate object permissions from all roles
const objectPermissionsMap = new Map<string, {
canCreate: boolean;
canRead: boolean;
canEdit: boolean;
canDelete: boolean;
canViewAll: boolean;
canModifyAll: boolean;
}>();
// Aggregate field permissions from all roles
const fieldPermissionsMap = new Map<string, {
canRead: boolean;
canEdit: boolean;
}>();
// Process all roles
for (const role of user.roles) {
// Aggregate object permissions
if (role.objectPermissions) {
for (const perm of role.objectPermissions) {
const existing = objectPermissionsMap.get(perm.objectDefinitionId) || {
canCreate: false,
canRead: false,
canEdit: false,
canDelete: false,
canViewAll: false,
canModifyAll: false,
};
// Union of permissions (if any role grants it, user has it)
objectPermissionsMap.set(perm.objectDefinitionId, {
canCreate: existing.canCreate || perm.canCreate,
canRead: existing.canRead || perm.canRead,
canEdit: existing.canEdit || perm.canEdit,
canDelete: existing.canDelete || perm.canDelete,
canViewAll: existing.canViewAll || perm.canViewAll,
canModifyAll: existing.canModifyAll || perm.canModifyAll,
});
}
}
// Aggregate field permissions
if (role.fieldPermissions) {
for (const perm of role.fieldPermissions) {
const existing = fieldPermissionsMap.get(perm.fieldDefinitionId) || {
canRead: false,
canEdit: false,
};
fieldPermissionsMap.set(perm.fieldDefinitionId, {
canRead: existing.canRead || perm.canRead,
canEdit: existing.canEdit || perm.canEdit,
});
}
}
}
// Convert aggregated permissions to CASL rules
for (const [objectId, perms] of objectPermissionsMap) {
// Create permission
if (perms.canCreate) {
can('create', objectId);
}
// Read permission
if (perms.canRead) {
can('read', objectId);
}
// View all permission (can see all records regardless of ownership)
if (perms.canViewAll) {
can('view_all', objectId);
}
// Edit permission
if (perms.canEdit) {
can('update', objectId);
}
// Modify all permission (can edit all records regardless of ownership)
if (perms.canModifyAll) {
can('modify_all', objectId);
}
// Delete permission
if (perms.canDelete) {
can('delete', objectId);
}
}
// Add record sharing permissions
if (recordShares) {
for (const share of recordShares) {
// Only add if share is active (not expired, not revoked)
const now = new Date();
const isExpired = share.expiresAt && share.expiresAt < now;
const isRevoked = share.revokedAt !== null;
if (!isExpired && !isRevoked) {
// Note: Record-level sharing will be checked in authorization service
// CASL abilities are primarily for object-level permissions
// Individual record access is validated in applyScopeToQuery
}
}
}
return build();
}
/**
* Check if user can access a specific field
* Returns true if user has permission or if no restriction exists
*/
canAccessField(
fieldDefinitionId: string,
action: FieldAction,
user: User & { roles?: Array<{ fieldPermissions?: RoleFieldPermission[] }> },
): boolean {
if (!user.roles || user.roles.length === 0) {
return false;
}
// Collect all field permissions from all roles
const allFieldPermissions: RoleFieldPermission[] = [];
for (const role of user.roles) {
if (role.fieldPermissions) {
allFieldPermissions.push(...role.fieldPermissions);
}
}
// If there are NO field permissions configured at all, allow by default
if (allFieldPermissions.length === 0) {
return true;
}
// If field permissions exist, check for explicit grants (union of all roles)
for (const role of user.roles) {
if (role.fieldPermissions) {
const fieldPerm = role.fieldPermissions.find(fp => fp.fieldDefinitionId === fieldDefinitionId);
if (fieldPerm) {
if (action === 'read' && fieldPerm.canRead) return true;
if (action === 'edit' && fieldPerm.canEdit) return true;
}
}
}
// Field permissions exist but this field is not explicitly granted → deny
return false;
}
/**
* Filter fields based on user permissions
* Returns array of field IDs the user can access with the specified action
*/
filterFields(
fieldDefinitionIds: string[],
action: FieldAction,
user: User & { roles?: Array<{ fieldPermissions?: RoleFieldPermission[] }> },
): string[] {
return fieldDefinitionIds.filter(fieldId => this.canAccessField(fieldId, action, user));
}
}

282
backend/src/rbac/authorization.service.ts
View File

@@ -1,282 +0,0 @@
import { Injectable, ForbiddenException } from '@nestjs/common';
import { Knex } from 'knex';
import { User } from '../models/user.model';
import { ObjectDefinition } from '../models/object-definition.model';
import { FieldDefinition } from '../models/field-definition.model';
import { RecordShare } from '../models/record-share.model';
import { AbilityFactory, AppAbility, Action } from './ability.factory';
import { DynamicModelFactory } from '../object/models/dynamic-model.factory';
import { subject } from '@casl/ability';
@Injectable()
export class AuthorizationService {
constructor(private abilityFactory: AbilityFactory) {}
/**
* Apply authorization scope to a query based on OWD and user permissions
* This determines which records the user can see
* Modifies the query in place and returns void
*/
async applyScopeToQuery<T = any>(
query: any, // Accept both Knex and Objection query builders
objectDef: ObjectDefinition,
user: User & { roles?: any[] },
action: Action,
knex: Knex,
): Promise<void> {
// Get user's ability
const recordShares = await this.getActiveRecordShares(objectDef.id, user.id, knex);
const ability = await this.abilityFactory.defineAbilityFor(user, recordShares);
// Check if user has the base permission for this action
// Use object ID, not API name, since permissions are stored by object ID
if (!ability.can(action, objectDef.id)) {
// No permission at all - return empty result
query.where(knex.raw('1 = 0'));
return;
}
// Check special permissions
const hasViewAll = ability.can('view_all', objectDef.id);
const hasModifyAll = ability.can('modify_all', objectDef.id);
// If user has view_all or modify_all, they can see all records
if (hasViewAll || hasModifyAll) {
// No filtering needed
return;
}
// Apply OWD (Org-Wide Default) restrictions
switch (objectDef.orgWideDefault) {
case 'public_read_write':
// Everyone can see all records
return;
case 'public_read':
// Everyone can see all records (write operations checked separately)
return;
case 'private':
default:
// Only owner and explicitly shared records
await this.applyPrivateScope(query, objectDef, user, recordShares, knex);
return;
}
}
/**
* Apply private scope: owner + shared records
*/
private async applyPrivateScope<T = any>(
query: any, // Accept both Knex and Objection query builders
objectDef: ObjectDefinition,
user: User,
recordShares: RecordShare[],
knex: Knex,
): Promise<void> {
const tableName = this.getTableName(objectDef.apiName);
// Check if table has ownerId column
const hasOwner = await knex.schema.hasColumn(tableName, 'ownerId');
if (!hasOwner && recordShares.length === 0) {
// No ownership and no shares - user can't see anything
query.where(knex.raw('1 = 0'));
return;
}
// Build conditions: ownerId = user OR record shared with user
query.where((builder) => {
if (hasOwner) {
builder.orWhere(`${tableName}.ownerId`, user.id);
}
if (recordShares.length > 0) {
const sharedRecordIds = recordShares.map(share => share.recordId);
builder.orWhereIn(`${tableName}.id`, sharedRecordIds);
}
});
}
/**
* Check if user can perform action on a specific record
*/
async canPerformAction(
action: Action,
objectDef: ObjectDefinition,
record: any,
user: User & { roles?: any[] },
knex: Knex,
): Promise<boolean> {
const recordShares = await this.getActiveRecordShares(objectDef.id, user.id, knex);
const ability = await this.abilityFactory.defineAbilityFor(user, recordShares);
// Check base permission - use object ID not API name
if (!ability.can(action, objectDef.id)) {
return false;
}
// Check special permissions - use object ID not API name
const hasViewAll = ability.can('view_all', objectDef.id);
const hasModifyAll = ability.can('modify_all', objectDef.id);
// canViewAll only grants read access to all records
if (action === 'read' && hasViewAll) {
return true;
}
// canModifyAll grants edit/delete access to all records
if ((action === 'update' || action === 'delete') && hasModifyAll) {
return true;
}
// Check OWD
switch (objectDef.orgWideDefault) {
case 'public_read_write':
return true;
case 'public_read':
if (action === 'read') return true;
// For write actions, check ownership
return record.ownerId === user.id;
case 'private':
default:
// Check ownership
if (record.ownerId === user.id) return true;
// Check if record is shared with user
const share = recordShares.find(s => s.recordId === record.id);
if (share) {
if (action === 'read' && share.accessLevel.canRead) return true;
if (action === 'update' && share.accessLevel.canEdit) return true;
if (action === 'delete' && share.accessLevel.canDelete) return true;
}
return false;
}
}
/**
* Filter data based on field-level permissions
* Removes fields the user cannot read
*/
async filterReadableFields(
data: any,
fields: FieldDefinition[],
user: User & { roles?: any[] },
): Promise<any> {
const filtered: any = {};
// Always include id - it's required for navigation and record identification
if (data.id !== undefined) {
filtered.id = data.id;
}
for (const field of fields) {
if (this.abilityFactory.canAccessField(field.id, 'read', user)) {
if (data[field.apiName] !== undefined) {
filtered[field.apiName] = data[field.apiName];
}
// For lookup fields, also include the related object (e.g., ownerId -> owner)
if (field.type === 'LOOKUP') {
const relationName = DynamicModelFactory.getRelationName(field.apiName);
if (data[relationName] !== undefined) {
filtered[relationName] = data[relationName];
}
}
}
}
return filtered;
}
/**
* Filter data based on field-level permissions
* Removes fields the user cannot edit
*/
async filterEditableFields(
data: any,
fields: FieldDefinition[],
user: User & { roles?: any[] },
): Promise<any> {
const filtered: any = {};
for (const field of fields) {
if (this.abilityFactory.canAccessField(field.id, 'edit', user)) {
if (data[field.apiName] !== undefined) {
filtered[field.apiName] = data[field.apiName];
}
}
}
return filtered;
}
/**
* Get active record shares for a user on an object
*/
private async getActiveRecordShares(
objectDefinitionId: string,
userId: string,
knex: Knex,
): Promise<RecordShare[]> {
const now = new Date();
return await RecordShare.query(knex)
.where('objectDefinitionId', objectDefinitionId)
.where('granteeUserId', userId)
.whereNull('revokedAt')
.where((builder) => {
builder.whereNull('expiresAt').orWhere('expiresAt', '>', now);
});
}
/**
* Check if user has permission to create records
*/
async canCreate(
objectDef: ObjectDefinition,
user: User & { roles?: any[] },
): Promise<boolean> {
const ability = await this.abilityFactory.defineAbilityFor(user, []);
return ability.can('create', objectDef.id);
}
/**
* Throw exception if user cannot perform action
*/
async assertCanPerformAction(
action: Action,
objectDef: ObjectDefinition,
record: any,
user: User & { roles?: any[] },
knex: Knex,
): Promise<void> {
const can = await this.canPerformAction(action, objectDef, record, user, knex);
if (!can) {
throw new ForbiddenException(`You do not have permission to ${action} this record`);
}
}
/**
* Get table name from API name
*/
private getTableName(apiName: string): string {
// Convert CamelCase to snake_case and pluralize
const snakeCase = apiName
.replace(/([A-Z])/g, '_$1')
.toLowerCase()
.replace(/^_/, '');
// Simple pluralization
if (snakeCase.endsWith('y')) {
return snakeCase.slice(0, -1) + 'ies';
} else if (snakeCase.endsWith('s')) {
return snakeCase;
} else {
return snakeCase + 's';
}
}
}

19
backend/src/rbac/dto/create-record-share.dto.ts
View File

@@ -1,19 +0,0 @@
import { IsString, IsBoolean, IsOptional, IsDateString } from 'class-validator';
export class CreateRecordShareDto {
@IsString()
granteeUserId: string;
@IsBoolean()
canRead: boolean;
@IsBoolean()
canEdit: boolean;
@IsBoolean()
canDelete: boolean;
@IsOptional()
@IsDateString()
expiresAt?: string;
}

14
backend/src/rbac/rbac.module.ts
View File

@@ -1,16 +1,14 @@
import { Module } from '@nestjs/common';
import { RbacService } from './rbac.service';
import { AbilityFactory } from './ability.factory';
import { AuthorizationService } from './authorization.service';
import { SetupRolesController } from './setup-roles.controller';
import { SetupUsersController } from './setup-users.controller';
import { RecordSharingController } from './record-sharing.controller';
import { ShareController } from './share.controller';
import { RoleController, RoleRuleController } from './role.controller';
import { UserController } from './user.controller';
import { TenantModule } from '../tenant/tenant.module';
@Module({
imports: [TenantModule],
controllers: [SetupRolesController, SetupUsersController, RecordSharingController],
providers: [RbacService, AbilityFactory, AuthorizationService],
exports: [RbacService, AbilityFactory, AuthorizationService],
providers: [RbacService],
controllers: [ShareController, RoleController, RoleRuleController, UserController],
exports: [RbacService],
})
export class RbacModule {}

324
backend/src/rbac/record-sharing.controller.ts
View File

@@ -1,324 +0,0 @@
import {
Controller,
Get,
Post,
Delete,
Param,
Body,
UseGuards,
ForbiddenException,
} from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { TenantId } from '../tenant/tenant.decorator';
import { CurrentUser } from '../auth/current-user.decorator';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
import { RecordShare } from '../models/record-share.model';
import { ObjectDefinition } from '../models/object-definition.model';
import { User } from '../models/user.model';
import { AuthorizationService } from './authorization.service';
import { CreateRecordShareDto } from './dto/create-record-share.dto';
@Controller('runtime/objects/:objectApiName/records/:recordId/shares')
@UseGuards(JwtAuthGuard)
export class RecordSharingController {
constructor(
private tenantDbService: TenantDatabaseService,
private authService: AuthorizationService,
) {}
@Get()
async getRecordShares(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Param('recordId') recordId: string,
@CurrentUser() currentUser: any,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Get object definition
const objectDef = await ObjectDefinition.query(knex)
.findOne({ apiName: objectApiName });
if (!objectDef) {
throw new Error('Object not found');
}
// Get the record to check ownership
const tableName = this.getTableName(objectDef.apiName);
const record = await knex(tableName)
.where({ id: recordId })
.first();
if (!record) {
throw new Error('Record not found');
}
// Only owner can view shares
if (record.ownerId !== currentUser.userId) {
// Check if user has modify all permission
const user: any = await User.query(knex)
.findById(currentUser.userId)
.withGraphFetched('roles.objectPermissions');
if (!user) {
throw new ForbiddenException('User not found');
}
const hasModifyAll = user.roles?.some(role =>
role.objectPermissions?.some(
perm => perm.objectDefinitionId === objectDef.id && perm.canModifyAll
)
);
if (!hasModifyAll) {
throw new ForbiddenException('Only the record owner or users with Modify All permission can view shares');
}
}
// Get all active shares for this record
const shares = await RecordShare.query(knex)
.where({ objectDefinitionId: objectDef.id, recordId })
.whereNull('revokedAt')
.where(builder => {
builder.whereNull('expiresAt').orWhere('expiresAt', '>', new Date());
})
.withGraphFetched('[granteeUser]')
.orderBy('createdAt', 'desc');
return shares;
}
@Post()
async createRecordShare(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Param('recordId') recordId: string,
@CurrentUser() currentUser: any,
@Body() data: CreateRecordShareDto,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Get object definition
const objectDef = await ObjectDefinition.query(knex)
.findOne({ apiName: objectApiName });
if (!objectDef) {
throw new Error('Object not found');
}
// Get the record to check ownership
const tableName = this.getTableName(objectDef.apiName);
const record = await knex(tableName)
.where({ id: recordId })
.first();
if (!record) {
throw new Error('Record not found');
}
// Check if user can share - either owner or has modify permissions
const canShare = await this.canUserShareRecord(
currentUser.userId,
record,
objectDef,
knex,
);
if (!canShare) {
throw new ForbiddenException('You do not have permission to share this record');
}
// Cannot share with self
if (data.granteeUserId === currentUser.userId) {
throw new Error('Cannot share record with yourself');
}
// Check if share already exists
const existingShare = await RecordShare.query(knex)
.where({
objectDefinitionId: objectDef.id,
recordId,
granteeUserId: data.granteeUserId,
})
.whereNull('revokedAt')
.first();
if (existingShare) {
// Update existing share
const updated = await RecordShare.query(knex)
.patchAndFetchById(existingShare.id, {
accessLevel: {
canRead: data.canRead,
canEdit: data.canEdit,
canDelete: data.canDelete,
},
// Convert ISO string to MySQL datetime format
expiresAt: data.expiresAt
? knex.raw('?', [new Date(data.expiresAt).toISOString().slice(0, 19).replace('T', ' ')])
: null,
} as any);
return RecordShare.query(knex)
.findById(updated.id)
.withGraphFetched('[granteeUser]');
}
// Create new share
const share = await RecordShare.query(knex).insertAndFetch({
objectDefinitionId: objectDef.id,
recordId,
granteeUserId: data.granteeUserId,
grantedByUserId: currentUser.userId,
accessLevel: {
canRead: data.canRead,
canEdit: data.canEdit,
canDelete: data.canDelete,
},
// Convert ISO string to MySQL datetime format: YYYY-MM-DD HH:MM:SS
expiresAt: data.expiresAt
? knex.raw('?', [new Date(data.expiresAt).toISOString().slice(0, 19).replace('T', ' ')])
: null,
} as any);
return RecordShare.query(knex)
.findById(share.id)
.withGraphFetched('[granteeUser]');
}
@Delete(':shareId')
async deleteRecordShare(
@TenantId() tenantId: string,
@Param('objectApiName') objectApiName: string,
@Param('recordId') recordId: string,
@Param('shareId') shareId: string,
@CurrentUser() currentUser: any,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Get object definition
const objectDef = await ObjectDefinition.query(knex)
.findOne({ apiName: objectApiName });
if (!objectDef) {
throw new Error('Object not found');
}
// Get the record to check ownership
const tableName = this.getTableName(objectDef.apiName);
const record = await knex(tableName)
.where({ id: recordId })
.first();
if (!record) {
throw new Error('Record not found');
}
// Only owner can revoke shares
if (record.ownerId !== currentUser.userId) {
// Check if user has modify all permission
const user: any = await User.query(knex)
.findById(currentUser.userId)
.withGraphFetched('roles.objectPermissions');
if (!user) {
throw new ForbiddenException('User not found');
}
const hasModifyAll = user.roles?.some(role =>
role.objectPermissions?.some(
perm => perm.objectDefinitionId === objectDef.id && perm.canModifyAll
)
);
if (!hasModifyAll) {
throw new ForbiddenException('Only the record owner or users with Modify All permission can revoke shares');
}
}
// Revoke the share (soft delete)
await RecordShare.query(knex)
.patchAndFetchById(shareId, {
revokedAt: knex.fn.now() as any,
});
return { success: true };
}
private async canUserShareRecord(
userId: string,
record: any,
objectDef: ObjectDefinition,
knex: any,
): Promise<boolean> {
// Owner can always share
if (record.ownerId === userId) {
return true;
}
// Check if user has modify all or edit permissions
const user: any = await User.query(knex)
.findById(userId)
.withGraphFetched('roles.objectPermissions');
if (!user) {
return false;
}
// Check for canModifyAll permission
const hasModifyAll = user.roles?.some(role =>
role.objectPermissions?.some(
perm => perm.objectDefinitionId === objectDef.id && perm.canModifyAll
)
);
if (hasModifyAll) {
return true;
}
// Check for canEdit permission (user needs edit to share)
const hasEdit = user.roles?.some(role =>
role.objectPermissions?.some(
perm => perm.objectDefinitionId === objectDef.id && perm.canEdit
)
);
// If user has edit permission, check if they can actually edit this record
// by using the authorization service
if (hasEdit) {
try {
await this.authService.assertCanPerformAction(
'update',
objectDef,
record,
user,
knex,
);
return true;
} catch {
return false;
}
}
return false;
}
private getTableName(apiName: string): string {
// Convert CamelCase to snake_case and pluralize
const snakeCase = apiName
.replace(/([A-Z])/g, '_$1')
.toLowerCase()
.replace(/^_/, '');
// Simple pluralization
if (snakeCase.endsWith('y')) {
return snakeCase.slice(0, -1) + 'ies';
} else if (snakeCase.endsWith('s')) {
return snakeCase + 'es';
} else {
return snakeCase + 's';
}
}
}

137
backend/src/rbac/role.controller.ts Normal file
View File

@@ -0,0 +1,137 @@
import {
Controller,
Get,
Post,
Put,
Delete,
Body,
Param,
UseGuards,
Inject,
} from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { Role } from '../models/role.model';
import { RoleRule } from '../models/role-rule.model';
import { Knex } from 'knex';
export class CreateRoleDto {
name: string;
guardName?: string;
description?: string;
}
export class UpdateRoleDto {
name?: string;
description?: string;
}
export class CreateRoleRuleDto {
roleId: string;
rulesJson: any[]; // Array of CASL rules
}
export class UpdateRoleRuleDto {
rulesJson: any[];
}
@Controller('roles')
@UseGuards(JwtAuthGuard)
export class RoleController {
constructor(@Inject('KnexConnection') private readonly knex: Knex) {}
/**
* List all roles
*/
@Get()
async list() {
return Role.query(this.knex).withGraphFetched('[roleRules]');
}
/**
* Get a single role by ID
*/
@Get(':id')
async get(@Param('id') id: string) {
return Role.query(this.knex)
.findById(id)
.withGraphFetched('[roleRules, permissions]');
}
/**
* Create a new role
*/
@Post()
async create(@Body() createDto: CreateRoleDto) {
return Role.query(this.knex).insert({
name: createDto.name,
guardName: createDto.guardName || 'api',
description: createDto.description,
});
}
/**
* Update a role
*/
@Put(':id')
async update(@Param('id') id: string, @Body() updateDto: UpdateRoleDto) {
return Role.query(this.knex).patchAndFetchById(id, updateDto);
}
/**
* Delete a role
*/
@Delete(':id')
async delete(@Param('id') id: string) {
await Role.query(this.knex).deleteById(id);
return { success: true };
}
}
@Controller('role-rules')
@UseGuards(JwtAuthGuard)
export class RoleRuleController {
constructor(@Inject('KnexConnection') private readonly knex: Knex) {}
/**
* Get rules for a role
*/
@Get('role/:roleId')
async getForRole(@Param('roleId') roleId: string) {
return RoleRule.query(this.knex).where('roleId', roleId);
}
/**
* Create or update role rules
* This will replace existing rules for the role
*/
@Post()
async createOrUpdate(@Body() dto: CreateRoleRuleDto) {
// Delete existing rules for this role
await RoleRule.query(this.knex).where('roleId', dto.roleId).delete();
// Insert new rules
return RoleRule.query(this.knex).insert({
roleId: dto.roleId,
rulesJson: dto.rulesJson,
});
}
/**
* Update role rules by ID
*/
@Put(':id')
async update(@Param('id') id: string, @Body() dto: UpdateRoleRuleDto) {
return RoleRule.query(this.knex).patchAndFetchById(id, {
rulesJson: dto.rulesJson,
});
}
/**
* Delete role rules
*/
@Delete(':id')
async delete(@Param('id') id: string) {
await RoleRule.query(this.knex).deleteById(id);
return { success: true };
}
}

141
backend/src/rbac/setup-roles.controller.ts
View File

@@ -1,141 +0,0 @@
import {
Controller,
Get,
Post,
Patch,
Delete,
Param,
Body,
UseGuards,
} from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { TenantId } from '../tenant/tenant.decorator';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
import { Role } from '../models/role.model';
@Controller('setup/roles')
@UseGuards(JwtAuthGuard)
export class SetupRolesController {
constructor(private tenantDbService: TenantDatabaseService) {}
@Get()
async getRoles(@TenantId() tenantId: string) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
return await Role.query(knex).select('*').orderBy('name', 'asc');
}
@Get(':id')
async getRole(
@TenantId() tenantId: string,
@Param('id') id: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
return await Role.query(knex).findById(id).withGraphFetched('users');
}
@Post()
async createRole(
@TenantId() tenantId: string,
@Body() data: { name: string; description?: string; guardName?: string },
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
const role = await Role.query(knex).insert({
name: data.name,
description: data.description,
guardName: data.guardName || 'tenant',
});
return role;
}
@Patch(':id')
async updateRole(
@TenantId() tenantId: string,
@Param('id') id: string,
@Body() data: { name?: string; description?: string; guardName?: string },
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
const updateData: any = {};
if (data.name) updateData.name = data.name;
if (data.description !== undefined) updateData.description = data.description;
if (data.guardName) updateData.guardName = data.guardName;
const role = await Role.query(knex).patchAndFetchById(id, updateData);
return role;
}
@Delete(':id')
async deleteRole(
@TenantId() tenantId: string,
@Param('id') id: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Delete role user assignments first
await knex('user_roles').where({ roleId: id }).delete();
// Delete role permissions
await knex('role_permissions').where({ roleId: id }).delete();
await knex('role_object_permissions').where({ roleId: id }).delete();
// Delete the role
await Role.query(knex).deleteById(id);
return { success: true };
}
@Post(':roleId/users')
async addUserToRole(
@TenantId() tenantId: string,
@Param('roleId') roleId: string,
@Body() data: { userId: string },
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Check if assignment already exists
const existing = await knex('user_roles')
.where({ userId: data.userId, roleId })
.first();
if (existing) {
return { success: true, message: 'User already assigned' };
}
await knex('user_roles').insert({
id: knex.raw('(UUID())'),
userId: data.userId,
roleId,
created_at: knex.fn.now(),
updated_at: knex.fn.now(),
});
return { success: true };
}
@Delete(':roleId/users/:userId')
async removeUserFromRole(
@TenantId() tenantId: string,
@Param('roleId') roleId: string,
@Param('userId') userId: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
await knex('user_roles')
.where({ userId, roleId })
.delete();
return { success: true };
}
}

146
backend/src/rbac/setup-users.controller.ts
View File

@@ -1,146 +0,0 @@
import {
Controller,
Get,
Post,
Patch,
Delete,
Param,
Body,
UseGuards,
} from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { TenantId } from '../tenant/tenant.decorator';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
import { User } from '../models/user.model';
import * as bcrypt from 'bcrypt';
@Controller('setup/users')
@UseGuards(JwtAuthGuard)
export class SetupUsersController {
constructor(private tenantDbService: TenantDatabaseService) {}
@Get()
async getUsers(@TenantId() tenantId: string) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
return await User.query(knex).withGraphFetched('roles');
}
@Get(':id')
async getUser(
@TenantId() tenantId: string,
@Param('id') id: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
return await User.query(knex).findById(id).withGraphFetched('roles');
}
@Post()
async createUser(
@TenantId() tenantId: string,
@Body() data: { email: string; password: string; firstName?: string; lastName?: string },
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Hash password
const hashedPassword = await bcrypt.hash(data.password, 10);
const user = await User.query(knex).insert({
email: data.email,
password: hashedPassword,
firstName: data.firstName,
lastName: data.lastName,
isActive: true,
});
return user;
}
@Patch(':id')
async updateUser(
@TenantId() tenantId: string,
@Param('id') id: string,
@Body() data: { email?: string; password?: string; firstName?: string; lastName?: string },
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
const updateData: any = {};
if (data.email) updateData.email = data.email;
if (data.firstName !== undefined) updateData.firstName = data.firstName;
if (data.lastName !== undefined) updateData.lastName = data.lastName;
// Hash password if provided
if (data.password) {
updateData.password = await bcrypt.hash(data.password, 10);
}
const user = await User.query(knex).patchAndFetchById(id, updateData);
return user;
}
@Delete(':id')
async deleteUser(
@TenantId() tenantId: string,
@Param('id') id: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Delete user role assignments first
await knex('user_roles').where({ userId: id }).delete();
// Delete the user
await User.query(knex).deleteById(id);
return { success: true };
}
@Post(':userId/roles')
async addRoleToUser(
@TenantId() tenantId: string,
@Param('userId') userId: string,
@Body() data: { roleId: string },
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Check if assignment already exists
const existing = await knex('user_roles')
.where({ userId, roleId: data.roleId })
.first();
if (existing) {
return { success: true, message: 'Role already assigned' };
}
await knex('user_roles').insert({
id: knex.raw('(UUID())'),
userId,
roleId: data.roleId,
created_at: knex.fn.now(),
updated_at: knex.fn.now(),
});
return { success: true };
}
@Delete(':userId/roles/:roleId')
async removeRoleFromUser(
@TenantId() tenantId: string,
@Param('userId') userId: string,
@Param('roleId') roleId: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
await knex('user_roles')
.where({ userId, roleId })
.delete();
return { success: true };
}
}

243
backend/src/rbac/share.controller.ts Normal file
View File

@@ -0,0 +1,243 @@
import {
Controller,
Get,
Post,
Patch,
Delete,
Body,
Param,
Query,
UseGuards,
ForbiddenException,
NotFoundException,
} from '@nestjs/common';
import { IsString, IsArray, IsOptional, IsDateString } from 'class-validator';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { CurrentUser } from '../auth/current-user.decorator';
import { TenantId } from '../tenant/tenant.decorator';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
export class CreateShareDto {
@IsString()
objectApiName: string;
@IsString()
recordId: string;
@IsString()
granteeUserId: string;
@IsArray()
@IsString({ each: true })
actions: string[]; // ["read"], ["read", "update"], etc.
@IsOptional()
@IsArray()
@IsString({ each: true })
fields?: string[]; // Optional field scoping
@IsOptional()
@IsDateString()
expiresAt?: string;
}
export class UpdateShareDto {
@IsOptional()
@IsArray()
@IsString({ each: true })
actions?: string[];
@IsOptional()
@IsArray()
@IsString({ each: true })
fields?: string[];
@IsOptional()
@IsDateString()
expiresAt?: string;
}
@Controller('rbac/shares')
@UseGuards(JwtAuthGuard)
export class ShareController {
constructor(private tenantDbService: TenantDatabaseService) {}
/**
* Create a new share
* Only the owner (or users with share permission) can share a record
*/
@Post()
async create(
@TenantId() tenantId: string,
@CurrentUser() currentUser: any,
@Body() createDto: CreateShareDto,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Get object definition by apiName
const objectDef = await knex('object_definitions')
.where({ apiName: createDto.objectApiName })
.first();
if (!objectDef) {
throw new NotFoundException('Object definition not found');
}
// Get the table name for the object
const tableName = this.getTableName(createDto.objectApiName);
// Verify the user owns the record
const record = await knex(tableName)
.where({ id: createDto.recordId })
.first();
if (!record) {
throw new NotFoundException('Record not found');
}
if (record.ownerId !== currentUser.userId) {
throw new ForbiddenException('Only the record owner can share it');
}
// Create the share
const shareId = require('crypto').randomUUID();
await knex('record_shares').insert({
id: shareId,
object_definition_id: objectDef.id,
record_id: createDto.recordId,
grantee_user_id: createDto.granteeUserId,
granted_by_user_id: currentUser.userId,
actions: JSON.stringify(createDto.actions),
fields: createDto.fields ? JSON.stringify(createDto.fields) : null,
expires_at: createDto.expiresAt,
created_at: knex.fn.now(),
});
const share = await knex('record_shares').where({ id: shareId }).first();
return {
...share,
actions: typeof share.actions === 'string' ? JSON.parse(share.actions) : share.actions,
fields: share.fields ? (typeof share.fields === 'string' ? JSON.parse(share.fields) : share.fields) : null,
};
}
private getTableName(objectApiName: string): string {
const snakeCase = objectApiName
.replace(/([A-Z])/g, '_$1')
.toLowerCase()
.replace(/^_/, '');
if (snakeCase.endsWith('y')) {
return snakeCase.slice(0, -1) + 'ies';
} else if (snakeCase.endsWith('s')) {
return snakeCase;
} else {
return snakeCase + 's';
}
}
/**
* List shares for a specific record
* Only owner or users with access can see shares
*/
@Get(':objectApiName/:recordId')
async listForRecord(
@TenantId() tenantId: string,
@CurrentUser() currentUser: any,
@Param('objectApiName') objectApiName: string,
@Param('recordId') recordId: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Get object definition
const objectDef = await knex('object_definitions')
.where({ apiName: objectApiName })
.first();
if (!objectDef) {
throw new NotFoundException('Object definition not found');
}
// Get shares for this record
const shares = await knex('record_shares')
.where({
object_definition_id: objectDef.id,
record_id: recordId,
})
.whereNull('revoked_at')
.select('*');
// Fetch user details for each share
const sharesWithUsers = await Promise.all(
shares.map(async (share: any) => {
const granteeUser = await knex('users')
.where({ id: share.grantee_user_id })
.select('id', 'email', 'firstName', 'lastName', 'name')
.first();
const grantedByUser = await knex('users')
.where({ id: share.granted_by_user_id })
.select('id', 'email', 'firstName', 'lastName', 'name')
.first();
return {
id: share.id,
recordId: share.record_id,
actions: typeof share.actions === 'string' ? JSON.parse(share.actions) : share.actions,
fields: share.fields ? (typeof share.fields === 'string' ? JSON.parse(share.fields) : share.fields) : null,
expiresAt: share.expires_at,
createdAt: share.created_at,
granteeUser: {
id: granteeUser.id,
email: granteeUser.email,
name: granteeUser.firstName && granteeUser.lastName
? `${granteeUser.firstName} ${granteeUser.lastName}`
: granteeUser.name || granteeUser.email,
},
grantedByUser: {
id: grantedByUser.id,
email: grantedByUser.email,
name: grantedByUser.firstName && grantedByUser.lastName
? `${grantedByUser.firstName} ${grantedByUser.lastName}`
: grantedByUser.name || grantedByUser.email,
},
};
})
);
return sharesWithUsers;
}
/**
* Revoke a share (soft delete)
*/
@Delete(':id')
async revoke(
@TenantId() tenantId: string,
@CurrentUser() currentUser: any,
@Param('id') id: string,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
const share = await knex('record_shares').where({ id }).first();
if (!share) {
throw new NotFoundException('Share not found');
}
// Only the grantor can revoke
if (share.granted_by_user_id !== currentUser.userId) {
throw new ForbiddenException('Unauthorized');
}
await knex('record_shares')
.where({ id })
.update({ revoked_at: knex.fn.now() });
return { success: true };
}
}

41
backend/src/rbac/user.controller.ts Normal file
View File

@@ -0,0 +1,41 @@
import { Controller, Get, UseGuards } from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { TenantId } from '../tenant/tenant.decorator';
import { CurrentUser } from '../auth/current-user.decorator';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
import { User } from '../models/user.model';
@Controller('rbac/users')
@UseGuards(JwtAuthGuard)
export class UserController {
constructor(private tenantDbService: TenantDatabaseService) {}
@Get()
async getUsers(
@TenantId() tenantId: string,
@CurrentUser() currentUser: any,
) {
const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
// Get all active users from tenant database (excluding current user)
let query = User.query(knex)
.select('id', 'email', 'firstName', 'lastName')
.where('isActive', true);
// Exclude current user if we have their ID
if (currentUser?.userId) {
query = query.whereNot('id', currentUser.userId);
}
const users = await query;
return users.map((user) => ({
id: user.id,
email: user.email,
name: user.firstName && user.lastName
? `${user.firstName} ${user.lastName}`
: user.email,
}));
}
}

5
backend/src/tenant/central-database.service.ts
View File

@@ -1,14 +1,15 @@
import Knex from 'knex';
import type { Knex as KnexType } from 'knex';
import { Model } from 'objection';
import { CentralTenant, CentralDomain, CentralUser } from '../models/central.model';
let centralKnex: Knex.Knex | null = null;
let centralKnex: KnexType | null = null;
/**
* Get or create a Knex instance for the central database
* This is used for Objection models that work with central entities
*/
export function getCentralKnex(): Knex.Knex {
export function getCentralKnex(): KnexType {
if (!centralKnex) {
const centralDbUrl = process.env.CENTRAL_DATABASE_URL;

22
backend/src/tenant/tenant-database.service.ts
View File

@@ -242,26 +242,4 @@ export class TenantDatabaseService {
decrypted += decipher.final('utf8');
return decrypted;
}
/**
* Encrypt integrations config JSON object
* @param config - Plain object containing integration credentials
* @returns Encrypted JSON string
*/
encryptIntegrationsConfig(config: any): string {
if (!config) return null;
const jsonString = JSON.stringify(config);
return this.encryptPassword(jsonString);
}
/**
* Decrypt integrations config JSON string
* @param encryptedConfig - Encrypted JSON string
* @returns Plain object with integration credentials
*/
decryptIntegrationsConfig(encryptedConfig: string): any {
if (!encryptedConfig) return null;
const decrypted = this.decryptPassword(encryptedConfig);
return JSON.parse(decrypted);
}
}

2
backend/src/tenant/tenant-provisioning.service.ts
View File

@@ -176,7 +176,7 @@ export class TenantProvisioningService {
* Seed default data for new tenant
*/
private async seedDefaultData(tenantId: string) {
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
const tenantKnex = await this.tenantDbService.getTenantKnex(tenantId);
try {
// Create default roles

155
backend/src/tenant/tenant.controller.ts
View File

@@ -1,155 +0,0 @@
import {
Controller,
Get,
Put,
Body,
UseGuards,
Req,
} from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { TenantDatabaseService } from './tenant-database.service';
import { getCentralPrisma } from '../prisma/central-prisma.service';
import { TenantId } from './tenant.decorator';
@Controller('tenant')
@UseGuards(JwtAuthGuard)
export class TenantController {
constructor(private readonly tenantDbService: TenantDatabaseService) {}
/**
* Get integrations configuration for the current tenant
*/
@Get('integrations')
async getIntegrationsConfig(@TenantId() domain: string) {
const centralPrisma = getCentralPrisma();
// Look up tenant by domain
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
if (!domainRecord?.tenant || !domainRecord.tenant.integrationsConfig) {
return { data: null };
}
// Decrypt the config
const config = this.tenantDbService.decryptIntegrationsConfig(
domainRecord.tenant.integrationsConfig as any,
);
// Return config with sensitive fields masked
const maskedConfig = this.maskSensitiveFields(config);
return { data: maskedConfig };
}
/**
* Update integrations configuration for the current tenant
*/
@Put('integrations')
async updateIntegrationsConfig(
@TenantId() domain: string,
@Body() body: { integrationsConfig: any },
) {
const { integrationsConfig } = body;
if (!domain) {
throw new Error('Domain is missing from request');
}
// Look up tenant by domain
const centralPrisma = getCentralPrisma();
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
if (!domainRecord?.tenant) {
throw new Error(`Tenant with domain ${domain} not found`);
}
// Merge with existing config to preserve masked values
let finalConfig = integrationsConfig;
if (domainRecord.tenant.integrationsConfig) {
const existingConfig = this.tenantDbService.decryptIntegrationsConfig(
domainRecord.tenant.integrationsConfig as any,
);
// Replace masked values with actual values from existing config
finalConfig = this.unmaskConfig(integrationsConfig, existingConfig);
}
// Encrypt the config
const encryptedConfig = this.tenantDbService.encryptIntegrationsConfig(
finalConfig,
);
// Update in database
await centralPrisma.tenant.update({
where: { id: domainRecord.tenant.id },
data: {
integrationsConfig: encryptedConfig as any,
},
});
return {
success: true,
message: 'Integrations configuration updated successfully',
};
}
/**
* Unmask config by replacing masked values with actual values from existing config
*/
private unmaskConfig(newConfig: any, existingConfig: any): any {
const result = { ...newConfig };
// Unmask Twilio credentials
if (result.twilio && existingConfig.twilio) {
if (result.twilio.authToken === '••••••••' && existingConfig.twilio.authToken) {
result.twilio.authToken = existingConfig.twilio.authToken;
}
if (result.twilio.apiSecret === '••••••••' && existingConfig.twilio.apiSecret) {
result.twilio.apiSecret = existingConfig.twilio.apiSecret;
}
}
// Unmask OpenAI credentials
if (result.openai && existingConfig.openai) {
if (result.openai.apiKey === '••••••••' && existingConfig.openai.apiKey) {
result.openai.apiKey = existingConfig.openai.apiKey;
}
}
return result;
}
/**
* Mask sensitive fields for API responses
*/
private maskSensitiveFields(config: any): any {
if (!config) return null;
const masked = { ...config };
// Mask Twilio credentials
if (masked.twilio) {
masked.twilio = {
...masked.twilio,
authToken: masked.twilio.authToken ? '••••••••' : '',
apiSecret: masked.twilio.apiSecret ? '••••••••' : '',
};
}
// Mask OpenAI credentials
if (masked.openai) {
masked.openai = {
...masked.openai,
apiKey: masked.openai.apiKey ? '••••••••' : '',
};
}
return masked;
}
}

30
backend/src/tenant/tenant.module.ts
View File

@@ -1,21 +1,43 @@
import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
import { Module, NestModule, MiddlewareConsumer, Scope } from '@nestjs/common';
import { REQUEST } from '@nestjs/core';
import { TenantMiddleware } from './tenant.middleware';
import { TenantDatabaseService } from './tenant-database.service';
import { TenantProvisioningService } from './tenant-provisioning.service';
import { TenantProvisioningController } from './tenant-provisioning.controller';
import { CentralAdminController } from './central-admin.controller';
import { TenantController } from './tenant.controller';
import { PrismaModule } from '../prisma/prisma.module';
@Module({
imports: [PrismaModule],
controllers: [TenantProvisioningController, CentralAdminController, TenantController],
controllers: [TenantProvisioningController, CentralAdminController],
providers: [
TenantDatabaseService,
TenantProvisioningService,
TenantMiddleware,
{
provide: 'KnexConnection',
scope: Scope.REQUEST,
inject: [REQUEST, TenantDatabaseService],
useFactory: async (request: any, tenantDbService: TenantDatabaseService) => {
// Try to get subdomain first (for domain-based routing)
const subdomain = request.raw?.subdomain || request.subdomain;
const tenantId = request.raw?.tenantId || request.tenantId;
if (!subdomain && !tenantId) {
throw new Error('Neither subdomain nor tenant ID found in request');
}
// Prefer subdomain lookup (more reliable for domain-based routing)
if (subdomain) {
return await tenantDbService.getTenantKnexByDomain(subdomain);
}
// Fallback to tenant ID lookup
return await tenantDbService.getTenantKnexById(tenantId);
},
},
],
exports: [TenantDatabaseService, TenantProvisioningService],
exports: [TenantDatabaseService, TenantProvisioningService, 'KnexConnection'],
})
export class TenantModule implements NestModule {
configure(consumer: MiddlewareConsumer) {

214
backend/src/voice/audio-converter.service.ts
View File

@@ -1,214 +0,0 @@
import { Injectable, Logger } from '@nestjs/common';
/**
* Audio format converter for Twilio <-> OpenAI audio streaming
*
* Twilio Media Streams format:
* - Codec: μ-law (G.711)
* - Sample rate: 8kHz
* - Encoding: base64
* - Chunk size: 20ms (160 bytes)
*
* OpenAI Realtime API format:
* - Codec: PCM16
* - Sample rate: 24kHz
* - Encoding: base64
* - Mono channel
*/
@Injectable()
export class AudioConverterService {
private readonly logger = new Logger(AudioConverterService.name);
// μ-law decode lookup table
private readonly MULAW_DECODE_TABLE = this.buildMuLawDecodeTable();
// μ-law encode lookup table
private readonly MULAW_ENCODE_TABLE = this.buildMuLawEncodeTable();
/**
* Build μ-law to linear PCM16 decode table
*/
private buildMuLawDecodeTable(): Int16Array {
const table = new Int16Array(256);
for (let i = 0; i < 256; i++) {
const mulaw = ~i;
const exponent = (mulaw >> 4) & 0x07;
const mantissa = mulaw & 0x0f;
let sample = (mantissa << 3) + 0x84;
sample <<= exponent;
sample -= 0x84;
if ((mulaw & 0x80) === 0) {
sample = -sample;
}
table[i] = sample;
}
return table;
}
/**
* Build linear PCM16 to μ-law encode table
*/
private buildMuLawEncodeTable(): Uint8Array {
const table = new Uint8Array(65536);
for (let i = 0; i < 65536; i++) {
const sample = (i - 32768);
const sign = sample < 0 ? 0x80 : 0x00;
const magnitude = Math.abs(sample);
// Add bias
let biased = magnitude + 0x84;
// Find exponent
let exponent = 7;
for (let exp = 0; exp < 8; exp++) {
if (biased <= (0xff << exp)) {
exponent = exp;
break;
}
}
// Extract mantissa
const mantissa = (biased >> (exponent + 3)) & 0x0f;
// Combine sign, exponent, mantissa
const mulaw = ~(sign | (exponent << 4) | mantissa);
table[i] = mulaw & 0xff;
}
return table;
}
/**
* Decode μ-law audio to linear PCM16
* @param mulawData - Buffer containing μ-law encoded audio
* @returns Buffer containing PCM16 audio (16-bit little-endian)
*/
decodeMuLaw(mulawData: Buffer): Buffer {
const pcm16 = Buffer.allocUnsafe(mulawData.length * 2);
for (let i = 0; i < mulawData.length; i++) {
const sample = this.MULAW_DECODE_TABLE[mulawData[i]];
pcm16.writeInt16LE(sample, i * 2);
}
return pcm16;
}
/**
* Encode linear PCM16 to μ-law
* @param pcm16Data - Buffer containing PCM16 audio (16-bit little-endian)
* @returns Buffer containing μ-law encoded audio
*/
encodeMuLaw(pcm16Data: Buffer): Buffer {
const mulaw = Buffer.allocUnsafe(pcm16Data.length / 2);
for (let i = 0; i < pcm16Data.length; i += 2) {
const sample = pcm16Data.readInt16LE(i);
const index = (sample + 32768) & 0xffff;
mulaw[i / 2] = this.MULAW_ENCODE_TABLE[index];
}
return mulaw;
}
/**
* Resample audio from 8kHz to 24kHz (linear interpolation)
* @param pcm16Data - Buffer containing 8kHz PCM16 audio
* @returns Buffer containing 24kHz PCM16 audio
*/
resample8kTo24k(pcm16Data: Buffer): Buffer {
const inputSamples = pcm16Data.length / 2;
const outputSamples = Math.floor(inputSamples * 3); // 8k * 3 = 24k
const output = Buffer.allocUnsafe(outputSamples * 2);
for (let i = 0; i < outputSamples; i++) {
const srcIndex = i / 3;
const srcIndexFloor = Math.floor(srcIndex);
const srcIndexCeil = Math.min(srcIndexFloor + 1, inputSamples - 1);
const fraction = srcIndex - srcIndexFloor;
const sample1 = pcm16Data.readInt16LE(srcIndexFloor * 2);
const sample2 = pcm16Data.readInt16LE(srcIndexCeil * 2);
// Linear interpolation
const interpolated = Math.round(sample1 + (sample2 - sample1) * fraction);
output.writeInt16LE(interpolated, i * 2);
}
return output;
}
/**
* Resample audio from 24kHz to 8kHz (decimation with averaging)
* @param pcm16Data - Buffer containing 24kHz PCM16 audio
* @returns Buffer containing 8kHz PCM16 audio
*/
resample24kTo8k(pcm16Data: Buffer): Buffer {
const inputSamples = pcm16Data.length / 2;
const outputSamples = Math.floor(inputSamples / 3); // 24k / 3 = 8k
const output = Buffer.allocUnsafe(outputSamples * 2);
for (let i = 0; i < outputSamples; i++) {
// Average 3 samples for anti-aliasing
const idx1 = Math.min(i * 3, inputSamples - 1);
const idx2 = Math.min(i * 3 + 1, inputSamples - 1);
const idx3 = Math.min(i * 3 + 2, inputSamples - 1);
const sample1 = pcm16Data.readInt16LE(idx1 * 2);
const sample2 = pcm16Data.readInt16LE(idx2 * 2);
const sample3 = pcm16Data.readInt16LE(idx3 * 2);
const averaged = Math.round((sample1 + sample2 + sample3) / 3);
output.writeInt16LE(averaged, i * 2);
}
return output;
}
/**
* Convert Twilio μ-law 8kHz to OpenAI PCM16 24kHz
* @param twilioBase64 - Base64-encoded μ-law audio from Twilio
* @returns Base64-encoded PCM16 24kHz audio for OpenAI
*/
twilioToOpenAI(twilioBase64: string): string {
try {
// Decode base64
const mulawBuffer = Buffer.from(twilioBase64, 'base64');
// μ-law -> PCM16
const pcm16_8k = this.decodeMuLaw(mulawBuffer);
// 8kHz -> 24kHz
const pcm16_24k = this.resample8kTo24k(pcm16_8k);
// Encode to base64
return pcm16_24k.toString('base64');
} catch (error) {
this.logger.error('Error converting Twilio to OpenAI audio', error);
throw error;
}
}
/**
* Convert OpenAI PCM16 24kHz to Twilio μ-law 8kHz
* @param openaiBase64 - Base64-encoded PCM16 24kHz audio from OpenAI
* @returns Base64-encoded μ-law 8kHz audio for Twilio
*/
openAIToTwilio(openaiBase64: string): string {
try {
// Decode base64
const pcm16_24k = Buffer.from(openaiBase64, 'base64');
// 24kHz -> 8kHz
const pcm16_8k = this.resample24kTo8k(pcm16_24k);
// PCM16 -> μ-law
const mulawBuffer = this.encodeMuLaw(pcm16_8k);
// Encode to base64
return mulawBuffer.toString('base64');
} catch (error) {
this.logger.error('Error converting OpenAI to Twilio audio', error);
throw error;
}
}
}

25
backend/src/voice/dto/call-event.dto.ts
View File

@@ -1,25 +0,0 @@
export interface CallEventDto {
callSid: string;
direction: 'inbound' | 'outbound';
fromNumber: string;
toNumber: string;
status: string;
}
export interface DtmfEventDto {
callSid: string;
digit: string;
}
export interface TranscriptEventDto {
callSid: string;
transcript: string;
isFinal: boolean;
}
export interface AiSuggestionDto {
callSid: string;
suggestion: string;
type: 'response' | 'action' | 'insight';
data?: any;
}

10
backend/src/voice/dto/initiate-call.dto.ts
View File

@@ -1,10 +0,0 @@
import { IsString, IsNotEmpty, Matches } from 'class-validator';
export class InitiateCallDto {
@IsString()
@IsNotEmpty()
@Matches(/^\+?[1-9]\d{1,14}$/, {
message: 'Invalid phone number format (use E.164 format)',
})
toNumber: string;
}

20
backend/src/voice/interfaces/integration-config.interface.ts
View File

@@ -1,20 +0,0 @@
export interface TwilioConfig {
accountSid: string;
authToken: string;
phoneNumber: string;
apiKey?: string; // API Key SID for generating access tokens
apiSecret?: string; // API Key Secret
twimlAppSid?: string; // TwiML App SID for Voice SDK
}
export interface OpenAIConfig {
apiKey: string;
assistantId?: string;
model?: string;
voice?: string;
}
export interface IntegrationsConfig {
twilio?: TwilioConfig;
openai?: OpenAIConfig;
}

495
backend/src/voice/voice.controller.ts
View File

@@ -1,495 +0,0 @@
import {
Controller,
Post,
Get,
Body,
Req,
Res,
UseGuards,
Logger,
Query,
} from '@nestjs/common';
import { FastifyRequest, FastifyReply } from 'fastify';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { VoiceService } from './voice.service';
import { VoiceGateway } from './voice.gateway';
import { AudioConverterService } from './audio-converter.service';
import { InitiateCallDto } from './dto/initiate-call.dto';
import { TenantId } from '../tenant/tenant.decorator';
@Controller('voice')
export class VoiceController {
private readonly logger = new Logger(VoiceController.name);
// Track active Media Streams connections: streamSid -> WebSocket
private mediaStreams: Map<string, any> = new Map();
constructor(
private readonly voiceService: VoiceService,
private readonly voiceGateway: VoiceGateway,
private readonly audioConverter: AudioConverterService,
) {}
/**
* Initiate outbound call via REST
*/
@Post('call')
@UseGuards(JwtAuthGuard)
async initiateCall(
@Body() body: InitiateCallDto,
@Req() req: any,
@TenantId() tenantId: string,
) {
const userId = req.user?.userId || req.user?.sub;
const result = await this.voiceService.initiateCall({
tenantId,
userId,
toNumber: body.toNumber,
});
return {
success: true,
data: result,
};
}
/**
* Generate Twilio access token for browser client
*/
@Get('token')
@UseGuards(JwtAuthGuard)
async getAccessToken(
@Req() req: any,
@TenantId() tenantId: string,
) {
const userId = req.user?.userId || req.user?.sub;
const token = await this.voiceService.generateAccessToken(tenantId, userId);
return {
success: true,
data: { token },
};
}
/**
* Get call history
*/
@Get('calls')
@UseGuards(JwtAuthGuard)
async getCallHistory(
@Req() req: any,
@TenantId() tenantId: string,
@Query('limit') limit?: string,
) {
const userId = req.user?.userId || req.user?.sub;
const calls = await this.voiceService.getCallHistory(
tenantId,
userId,
limit ? parseInt(limit) : 50,
);
return {
success: true,
data: calls,
};
}
/**
* TwiML for outbound calls from browser (Twilio Device)
*/
@Post('twiml/outbound')
async outboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) {
const body = req.body as any;
const to = body.To;
const from = body.From;
const callSid = body.CallSid;
this.logger.log(`=== TwiML OUTBOUND REQUEST RECEIVED ===`);
this.logger.log(`CallSid: ${callSid}, Body From: ${from}, Body To: ${to}`);
this.logger.log(`Full body: ${JSON.stringify(body)}`);
try {
// Extract tenant domain from Host header
const host = req.headers.host || '';
const tenantDomain = host.split('.')[0]; // e.g., "tenant1" from "tenant1.routebox.co"
this.logger.log(`Extracted tenant domain: ${tenantDomain}`);
// Look up tenant's Twilio phone number from config
let callerId = to; // Fallback (will cause error if not found)
try {
// Get Twilio config to find the phone number
const { config } = await this.voiceService['getTwilioClient'](tenantDomain);
callerId = config.phoneNumber;
this.logger.log(`Retrieved Twilio phone number for tenant: ${callerId}`);
} catch (error: any) {
this.logger.error(`Failed to get Twilio config: ${error.message}`);
}
const dialNumber = to;
this.logger.log(`Using callerId: ${callerId}, dialNumber: ${dialNumber}`);
// Return TwiML to DIAL the phone number with proper callerId
const twiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Dial callerId="${callerId}">
<Number>${dialNumber}</Number>
</Dial>
</Response>`;
this.logger.log(`Returning TwiML with Dial verb - callerId: ${callerId}, to: ${dialNumber}`);
res.type('text/xml').send(twiml);
} catch (error: any) {
this.logger.error(`=== ERROR GENERATING TWIML ===`);
this.logger.error(`Error: ${error.message}`);
this.logger.error(`Stack: ${error.stack}`);
const errorTwiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Say>An error occurred while processing your call.</Say>
</Response>`;
res.type('text/xml').send(errorTwiml);
}
}
/**
* TwiML for inbound calls
*/
@Post('twiml/inbound')
async inboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) {
const body = req.body as any;
const callSid = body.CallSid;
const fromNumber = body.From;
const toNumber = body.To;
this.logger.log(`\n\n╔════════════════════════════════════════╗`);
this.logger.log(`║ === INBOUND CALL RECEIVED ===`);
this.logger.log(`╚════════════════════════════════════════╝`);
this.logger.log(`CallSid: ${callSid}`);
this.logger.log(`From: ${fromNumber}`);
this.logger.log(`To: ${toNumber}`);
this.logger.log(`Full body: ${JSON.stringify(body)}`);
try {
// Extract tenant domain from Host header
const host = req.headers.host || '';
const tenantDomain = host.split('.')[0]; // e.g., "tenant1" from "tenant1.routebox.co"
this.logger.log(`Extracted tenant domain: ${tenantDomain}`);
// Get all connected users for this tenant
const connectedUsers = this.voiceGateway.getConnectedUsers(tenantDomain);
this.logger.log(`Connected users for tenant ${tenantDomain}: ${connectedUsers.length}`);
if (connectedUsers.length > 0) {
this.logger.log(`Connected user IDs: ${connectedUsers.join(', ')}`);
}
if (connectedUsers.length === 0) {
// No users online - send to voicemail or play message
const twiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Say>Sorry, no agents are currently available. Please try again later.</Say>
<Hangup/>
</Response>`;
this.logger.log(`❌ No users online - returning unavailable message`);
return res.type('text/xml').send(twiml);
}
// Build TwiML to dial all connected clients with Media Streams for AI
const clientElements = connectedUsers.map(userId => ` <Client>${userId}</Client>`).join('\n');
// Use wss:// for secure WebSocket (Traefik handles HTTPS)
const streamUrl = `wss://${host}/api/voice/media-stream`;
this.logger.log(`Stream URL: ${streamUrl}`);
this.logger.log(`Dialing ${connectedUsers.length} client(s)...`);
this.logger.log(`Client IDs to dial: ${connectedUsers.join(', ')}`);
// Verify we have client IDs in proper format
if (connectedUsers.length > 0) {
this.logger.log(`First Client ID format check: "${connectedUsers[0]}" (length: ${connectedUsers[0].length})`);
}
// Notify connected users about incoming call via Socket.IO
connectedUsers.forEach(userId => {
this.voiceGateway.notifyIncomingCall(userId, {
callSid,
fromNumber,
toNumber,
tenantDomain,
});
});
const twiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Start>
<Stream url="${streamUrl}">
<Parameter name="tenantId" value="${tenantDomain}"/>
<Parameter name="userId" value="${connectedUsers[0]}"/>
</Stream>
</Start>
<Dial timeout="30">
${clientElements}
</Dial>
</Response>`;
this.logger.log(`✓ Returning inbound TwiML with Media Streams - dialing ${connectedUsers.length} client(s)`);
this.logger.log(`Generated TwiML:\n${twiml}\n`);
res.type('text/xml').send(twiml);
} catch (error: any) {
this.logger.error(`Error generating inbound TwiML: ${error.message}`);
const errorTwiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Say>Sorry, we are unable to connect your call at this time.</Say>
<Hangup/>
</Response>`;
res.type('text/xml').send(errorTwiml);
}
}
/**
* Twilio status webhook
*/
@Post('webhook/status')
async statusWebhook(@Req() req: FastifyRequest) {
const body = req.body as any;
const callSid = body.CallSid;
const status = body.CallStatus;
const duration = body.CallDuration ? parseInt(body.CallDuration) : undefined;
this.logger.log(`Call status webhook - CallSid: ${callSid}, Status: ${status}, Duration: ${duration}`);
this.logger.log(`Full status webhook body:`, JSON.stringify(body));
return { success: true };
}
/**
* Twilio recording webhook
*/
@Post('webhook/recording')
async recordingWebhook(@Req() req: FastifyRequest) {
const body = req.body as any;
const callSid = body.CallSid;
const recordingSid = body.RecordingSid;
const recordingStatus = body.RecordingStatus;
this.logger.log(`Recording webhook - CallSid: ${callSid}, RecordingSid: ${recordingSid}, Status: ${recordingStatus}`);
return { success: true };
}
/**
* Twilio Media Streams WebSocket endpoint
* Receives real-time audio from Twilio and forwards to OpenAI Realtime API
*
* This handles the HTTP GET request and upgrades it to WebSocket manually.
*/
@Get('media-stream')
mediaStream(@Req() req: FastifyRequest) {
// For WebSocket upgrade, we need to access the raw socket
let socket: any;
try {
this.logger.log(`=== MEDIA STREAM REQUEST ===`);
this.logger.log(`URL: ${req.url}`);
this.logger.log(`Headers keys: ${Object.keys(req.headers).join(', ')}`);
this.logger.log(`Headers: ${JSON.stringify(req.headers)}`);
// Check if this is a WebSocket upgrade request
const hasWebSocketKey = 'sec-websocket-key' in req.headers;
const hasWebSocketVersion = 'sec-websocket-version' in req.headers;
this.logger.log(`hasWebSocketKey: ${hasWebSocketKey}`);
this.logger.log(`hasWebSocketVersion: ${hasWebSocketVersion}`);
if (!hasWebSocketKey || !hasWebSocketVersion) {
this.logger.log('Not a WebSocket upgrade request - returning');
return;
}
this.logger.log('✓ WebSocket upgrade detected');
// Get the socket - try different ways
socket = (req.raw as any).socket;
this.logger.log(`Socket obtained: ${!!socket}`);
if (!socket) {
this.logger.error('Failed to get socket from req.raw');
return;
}
const rawRequest = req.raw;
const head = Buffer.alloc(0);
this.logger.log('Creating WebSocketServer...');
const WebSocketServer = require('ws').Server;
const wss = new WebSocketServer({ noServer: true });
this.logger.log('Calling handleUpgrade...');
// handleUpgrade will send the 101 response and take over the socket
wss.handleUpgrade(rawRequest, socket, head, (ws: any) => {
this.logger.log('=== TWILIO MEDIA STREAM WEBSOCKET UPGRADED SUCCESSFULLY ===');
this.handleMediaStreamSocket(ws);
});
this.logger.log('handleUpgrade completed');
} catch (error: any) {
this.logger.error(`=== FAILED TO UPGRADE TO WEBSOCKET ===`);
this.logger.error(`Error message: ${error.message}`);
this.logger.error(`Error stack: ${error.stack}`);
}
}
/**
* Handle incoming Media Stream WebSocket messages
*/
private handleMediaStreamSocket(ws: any) {
let streamSid: string | null = null;
let callSid: string | null = null;
let tenantDomain: string | null = null;
let mediaPacketCount = 0;
// WebSocket message handler
ws.on('message', async (message: Buffer) => {
try {
const msg = JSON.parse(message.toString());
switch (msg.event) {
case 'connected':
this.logger.log('=== MEDIA STREAM EVENT: CONNECTED ===');
this.logger.log(`Protocol: ${msg.protocol}`);
this.logger.log(`Version: ${msg.version}`);
break;
case 'start':
streamSid = msg.streamSid;
callSid = msg.start.callSid;
// Extract tenant from customParameters if available
tenantDomain = msg.start.customParameters?.tenantId || 'tenant1';
this.logger.log(`=== MEDIA STREAM EVENT: START ===`);
this.logger.log(`StreamSid: ${streamSid}`);
this.logger.log(`CallSid: ${callSid}`);
this.logger.log(`Tenant: ${tenantDomain}`);
this.logger.log(`AccountSid: ${msg.start.accountSid}`);
this.logger.log(`MediaFormat: ${JSON.stringify(msg.start.mediaFormat)}`);
this.logger.log(`Custom Parameters: ${JSON.stringify(msg.start.customParameters)}`);
// Store WebSocket connection
this.mediaStreams.set(streamSid, ws);
this.logger.log(`Stored WebSocket for streamSid: ${streamSid}. Total active streams: ${this.mediaStreams.size}`);
// Initialize OpenAI Realtime connection for this call
this.logger.log(`Initializing OpenAI Realtime for call ${callSid}...`);
await this.voiceService.initializeOpenAIRealtime({
callSid,
tenantId: tenantDomain,
userId: msg.start.customParameters?.userId || 'system',
});
this.logger.log(`✓ OpenAI Realtime initialized for call ${callSid}`);
break;
case 'media':
mediaPacketCount++;
if (mediaPacketCount % 50 === 0) {
// Log every 50th packet to avoid spam
this.logger.log(`Received media packet #${mediaPacketCount} for StreamSid: ${streamSid}, CallSid: ${callSid}, PayloadSize: ${msg.media.payload?.length || 0} bytes`);
}
if (!callSid || !tenantDomain) {
this.logger.warn('Received media before start event');
break;
}
// msg.media.payload is base64-encoded μ-law audio from Twilio
const twilioAudio = msg.media.payload;
// Convert Twilio audio (μ-law 8kHz) to OpenAI format (PCM16 24kHz)
const openaiAudio = this.audioConverter.twilioToOpenAI(twilioAudio);
// Send audio to OpenAI Realtime API
await this.voiceService.sendAudioToOpenAI(callSid, openaiAudio);
break;
case 'stop':
this.logger.log(`=== MEDIA STREAM EVENT: STOP ===`);
this.logger.log(`StreamSid: ${streamSid}`);
this.logger.log(`Total media packets received: ${mediaPacketCount}`);
if (streamSid) {
this.mediaStreams.delete(streamSid);
this.logger.log(`Removed WebSocket for streamSid: ${streamSid}. Remaining active streams: ${this.mediaStreams.size}`);
}
// Clean up OpenAI connection
if (callSid) {
this.logger.log(`Cleaning up OpenAI connection for call ${callSid}...`);
await this.voiceService.cleanupOpenAIConnection(callSid);
this.logger.log(`✓ OpenAI connection cleaned up for call ${callSid}`);
}
break;
default:
this.logger.debug(`Unknown media stream event: ${msg.event}`);
}
} catch (error: any) {
this.logger.error(`Error processing media stream message: ${error.message}`);
this.logger.error(`Stack: ${error.stack}`);
}
});
ws.on('close', () => {
this.logger.log(`=== MEDIA STREAM WEBSOCKET CLOSED ===`);
this.logger.log(`StreamSid: ${streamSid}`);
this.logger.log(`Total media packets in this stream: ${mediaPacketCount}`);
if (streamSid) {
this.mediaStreams.delete(streamSid);
this.logger.log(`Cleaned up streamSid on close. Remaining active streams: ${this.mediaStreams.size}`);
}
});
ws.on('error', (error: Error) => {
this.logger.error(`=== MEDIA STREAM WEBSOCKET ERROR ===`);
this.logger.error(`StreamSid: ${streamSid}`);
this.logger.error(`Error message: ${error.message}`);
this.logger.error(`Error stack: ${error.stack}`);
});
}
/**
* Send audio from OpenAI back to Twilio Media Stream
*/
async sendAudioToTwilio(streamSid: string, openaiAudioBase64: string) {
const ws = this.mediaStreams.get(streamSid);
if (!ws) {
this.logger.warn(`No Media Stream found for streamSid: ${streamSid}`);
return;
}
try {
// Convert OpenAI audio (PCM16 24kHz) to Twilio format (μ-law 8kHz)
const twilioAudio = this.audioConverter.openAIToTwilio(openaiAudioBase64);
// Send to Twilio Media Stream
const message = {
event: 'media',
streamSid,
media: {
payload: twilioAudio,
},
};
ws.send(JSON.stringify(message));
} catch (error: any) {
this.logger.error(`Error sending audio to Twilio: ${error.message}`);
}
}
}

319
backend/src/voice/voice.gateway.ts
View File

@@ -1,319 +0,0 @@
import {
WebSocketGateway,
WebSocketServer,
SubscribeMessage,
OnGatewayConnection,
OnGatewayDisconnect,
ConnectedSocket,
MessageBody,
} from '@nestjs/websockets';
import { Server, Socket } from 'socket.io';
import { Logger, UseGuards } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { VoiceService } from './voice.service';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
interface AuthenticatedSocket extends Socket {
tenantId?: string;
userId?: string;
tenantSlug?: string;
}
@WebSocketGateway({
namespace: 'voice',
cors: {
origin: true,
credentials: true,
},
})
export class VoiceGateway
implements OnGatewayConnection, OnGatewayDisconnect
{
@WebSocketServer()
server: Server;
private readonly logger = new Logger(VoiceGateway.name);
private connectedUsers: Map<string, AuthenticatedSocket> = new Map();
private activeCallsByUser: Map<string, string> = new Map(); // userId -> callSid
constructor(
private readonly jwtService: JwtService,
private readonly voiceService: VoiceService,
private readonly tenantDbService: TenantDatabaseService,
) {
// Set gateway reference in service to avoid circular dependency
this.voiceService.setGateway(this);
}
async handleConnection(client: AuthenticatedSocket) {
try {
// Extract token from handshake auth
const token =
client.handshake.auth.token || client.handshake.headers.authorization?.split(' ')[1];
if (!token) {
this.logger.warn('❌ Client connection rejected: No token provided');
client.disconnect();
return;
}
// Verify JWT token
const payload = await this.jwtService.verifyAsync(token);
// Extract domain from origin header (e.g., http://tenant1.routebox.co:3001)
// The domains table stores just the subdomain part (e.g., "tenant1")
const origin = client.handshake.headers.origin || client.handshake.headers.referer;
let domain = 'localhost';
if (origin) {
try {
const url = new URL(origin);
const hostname = url.hostname; // e.g., tenant1.routebox.co or localhost
// Extract first part of subdomain as domain
// tenant1.routebox.co -> tenant1
// localhost -> localhost
domain = hostname.split('.')[0];
} catch (error) {
this.logger.warn(`Failed to parse origin: ${origin}`);
}
}
client.tenantId = domain; // Store the subdomain as tenantId
client.userId = payload.sub;
client.tenantSlug = domain; // Same as subdomain
this.connectedUsers.set(client.userId, client);
this.logger.log(
`✓ Client connected: ${client.id} (User: ${client.userId}, Domain: ${domain})`,
);
this.logger.log(`Total connected users in ${domain}: ${this.getConnectedUsers(domain).length}`);
// Send current call state if any active call
const activeCallSid = this.activeCallsByUser.get(client.userId);
if (activeCallSid) {
const callState = await this.voiceService.getCallState(
activeCallSid,
client.tenantId,
);
client.emit('call:state', callState);
}
} catch (error) {
this.logger.error('❌ Authentication failed', error);
client.disconnect();
}
}
handleDisconnect(client: AuthenticatedSocket) {
if (client.userId) {
this.connectedUsers.delete(client.userId);
this.logger.log(`✓ Client disconnected: ${client.id} (User: ${client.userId})`);
this.logger.log(`Remaining connected users: ${this.connectedUsers.size}`);
}
}
/**
* Initiate outbound call
*/
@SubscribeMessage('call:initiate')
async handleInitiateCall(
@ConnectedSocket() client: AuthenticatedSocket,
@MessageBody() data: { toNumber: string },
) {
try {
this.logger.log(`Initiating call from user ${client.userId} to ${data.toNumber}`);
const result = await this.voiceService.initiateCall({
tenantId: client.tenantId,
userId: client.userId,
toNumber: data.toNumber,
});
this.activeCallsByUser.set(client.userId, result.callSid);
client.emit('call:initiated', {
callSid: result.callSid,
toNumber: data.toNumber,
status: 'queued',
});
return { success: true, callSid: result.callSid };
} catch (error) {
this.logger.error('Failed to initiate call', error);
client.emit('call:error', {
message: error.message || 'Failed to initiate call',
});
return { success: false, error: error.message };
}
}
/**
* Accept incoming call
*/
@SubscribeMessage('call:accept')
async handleAcceptCall(
@ConnectedSocket() client: AuthenticatedSocket,
@MessageBody() data: { callSid: string },
) {
try {
this.logger.log(`User ${client.userId} accepting call ${data.callSid}`);
await this.voiceService.acceptCall({
callSid: data.callSid,
tenantId: client.tenantId,
userId: client.userId,
});
this.activeCallsByUser.set(client.userId, data.callSid);
client.emit('call:accepted', { callSid: data.callSid });
return { success: true };
} catch (error) {
this.logger.error('Failed to accept call', error);
return { success: false, error: error.message };
}
}
/**
* Reject incoming call
*/
@SubscribeMessage('call:reject')
async handleRejectCall(
@ConnectedSocket() client: AuthenticatedSocket,
@MessageBody() data: { callSid: string },
) {
try {
this.logger.log(`User ${client.userId} rejecting call ${data.callSid}`);
await this.voiceService.rejectCall(data.callSid, client.tenantId);
client.emit('call:rejected', { callSid: data.callSid });
return { success: true };
} catch (error) {
this.logger.error('Failed to reject call', error);
return { success: false, error: error.message };
}
}
/**
* End active call
*/
@SubscribeMessage('call:end')
async handleEndCall(
@ConnectedSocket() client: AuthenticatedSocket,
@MessageBody() data: { callSid: string },
) {
try {
this.logger.log(`User ${client.userId} ending call ${data.callSid}`);
await this.voiceService.endCall(data.callSid, client.tenantId);
this.activeCallsByUser.delete(client.userId);
client.emit('call:ended', { callSid: data.callSid });
return { success: true };
} catch (error) {
this.logger.error('Failed to end call', error);
return { success: false, error: error.message };
}
}
/**
* Send DTMF tones
*/
@SubscribeMessage('call:dtmf')
async handleDtmf(
@ConnectedSocket() client: AuthenticatedSocket,
@MessageBody() data: { callSid: string; digit: string },
) {
try {
await this.voiceService.sendDtmf(
data.callSid,
data.digit,
client.tenantId,
);
return { success: true };
} catch (error) {
this.logger.error('Failed to send DTMF', error);
return { success: false, error: error.message };
}
}
/**
* Emit incoming call notification to specific user
*/
async notifyIncomingCall(userId: string, callData: any) {
const socket = this.connectedUsers.get(userId);
if (socket) {
socket.emit('call:incoming', callData);
this.logger.log(`Notified user ${userId} of incoming call`);
} else {
this.logger.warn(`User ${userId} not connected to receive call notification`);
}
}
/**
* Emit call status update to user
*/
async notifyCallUpdate(userId: string, callData: any) {
const socket = this.connectedUsers.get(userId);
if (socket) {
socket.emit('call:update', callData);
}
}
/**
* Emit AI transcript to user
*/
async notifyAiTranscript(userId: string, data: { callSid: string; transcript: string; isFinal: boolean }) {
const socket = this.connectedUsers.get(userId);
if (socket) {
socket.emit('ai:transcript', data);
}
}
/**
* Emit AI suggestion to user
*/
async notifyAiSuggestion(userId: string, data: any) {
const socket = this.connectedUsers.get(userId);
this.logger.log(`notifyAiSuggestion - userId: ${userId}, socket connected: ${!!socket}, total connected users: ${this.connectedUsers.size}`);
if (socket) {
this.logger.log(`Emitting ai:suggestion event with data:`, JSON.stringify(data));
socket.emit('ai:suggestion', data);
} else {
this.logger.warn(`No socket connection found for userId: ${userId}`);
this.logger.log(`Connected users: ${Array.from(this.connectedUsers.keys()).join(', ')}`);
}
}
/**
* Emit AI action result to user
*/
async notifyAiAction(userId: string, data: any) {
const socket = this.connectedUsers.get(userId);
if (socket) {
socket.emit('ai:action', data);
}
}
/**
* Get connected users for a tenant
*/
getConnectedUsers(tenantDomain?: string): string[] {
const userIds: string[] = [];
for (const [userId, socket] of this.connectedUsers.entries()) {
// If tenantDomain specified, filter by tenant
if (!tenantDomain || socket.tenantSlug === tenantDomain) {
userIds.push(userId);
}
}
return userIds;
}
}

23
backend/src/voice/voice.module.ts
View File

@@ -1,23 +0,0 @@
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { VoiceGateway } from './voice.gateway';
import { VoiceService } from './voice.service';
import { VoiceController } from './voice.controller';
import { AudioConverterService } from './audio-converter.service';
import { TenantModule } from '../tenant/tenant.module';
import { AuthModule } from '../auth/auth.module';
@Module({
imports: [
TenantModule,
AuthModule,
JwtModule.register({
secret: process.env.JWT_SECRET || 'your-jwt-secret',
signOptions: { expiresIn: process.env.JWT_EXPIRES_IN || '24h' },
}),
],
providers: [VoiceGateway, VoiceService, AudioConverterService],
controllers: [VoiceController],
exports: [VoiceService],
})
export class VoiceModule {}

826
backend/src/voice/voice.service.ts
View File

@@ -1,826 +0,0 @@
import { Injectable, Logger } from '@nestjs/common';
import { TenantDatabaseService } from '../tenant/tenant-database.service';
import { getCentralPrisma } from '../prisma/central-prisma.service';
import { IntegrationsConfig, TwilioConfig, OpenAIConfig } from './interfaces/integration-config.interface';
import * as Twilio from 'twilio';
import { WebSocket } from 'ws';
import { v4 as uuidv4 } from 'uuid';
const AccessToken = Twilio.jwt.AccessToken;
const VoiceGrant = AccessToken.VoiceGrant;
@Injectable()
export class VoiceService {
private readonly logger = new Logger(VoiceService.name);
private twilioClients: Map<string, Twilio.Twilio> = new Map();
private openaiConnections: Map<string, WebSocket> = new Map(); // callSid -> WebSocket
private callStates: Map<string, any> = new Map(); // callSid -> call state
private voiceGateway: any; // Reference to gateway (to avoid circular dependency)
constructor(
private readonly tenantDbService: TenantDatabaseService,
) {}
/**
* Set gateway reference (called by gateway on init)
*/
setGateway(gateway: any) {
this.voiceGateway = gateway;
}
/**
* Get Twilio client for a tenant
*/
private async getTwilioClient(tenantIdOrDomain: string): Promise<{ client: Twilio.Twilio; config: TwilioConfig; tenantId: string }> {
// Check cache first
if (this.twilioClients.has(tenantIdOrDomain)) {
const centralPrisma = getCentralPrisma();
// Look up tenant by domain
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain: tenantIdOrDomain },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
const config = this.getIntegrationConfig(domainRecord?.tenant?.integrationsConfig as any);
return {
client: this.twilioClients.get(tenantIdOrDomain),
config: config.twilio,
tenantId: domainRecord.tenant.id
};
}
// Fetch tenant integrations config
const centralPrisma = getCentralPrisma();
this.logger.log(`Looking up domain: ${tenantIdOrDomain}`);
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain: tenantIdOrDomain },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
this.logger.log(`Domain record found: ${!!domainRecord}, Tenant: ${!!domainRecord?.tenant}, Config: ${!!domainRecord?.tenant?.integrationsConfig}`);
if (!domainRecord?.tenant) {
throw new Error(`Domain ${tenantIdOrDomain} not found`);
}
if (!domainRecord.tenant.integrationsConfig) {
throw new Error('Tenant integrations config not found. Please configure Twilio credentials in Settings > Integrations');
}
const config = this.getIntegrationConfig(domainRecord.tenant.integrationsConfig as any);
this.logger.log(`Config decrypted: ${!!config.twilio}, AccountSid: ${config.twilio?.accountSid?.substring(0, 10)}..., AuthToken: ${config.twilio?.authToken?.substring(0, 10)}..., Phone: ${config.twilio?.phoneNumber}`);
if (!config.twilio?.accountSid || !config.twilio?.authToken) {
throw new Error('Twilio credentials not configured for tenant');
}
const client = Twilio.default(config.twilio.accountSid, config.twilio.authToken);
this.twilioClients.set(tenantIdOrDomain, client);
return { client, config: config.twilio, tenantId: domainRecord.tenant.id };
}
/**
* Decrypt and parse integrations config
*/
private getIntegrationConfig(encryptedConfig: any): IntegrationsConfig {
if (!encryptedConfig) {
return {};
}
// If it's already decrypted (object), return it
if (typeof encryptedConfig === 'object' && encryptedConfig.twilio) {
return encryptedConfig;
}
// If it's encrypted (string), decrypt it
if (typeof encryptedConfig === 'string') {
return this.tenantDbService.decryptIntegrationsConfig(encryptedConfig);
}
return {};
}
/**
* Generate Twilio access token for browser Voice SDK
*/
async generateAccessToken(tenantDomain: string, userId: string): Promise<string> {
const { config, tenantId } = await this.getTwilioClient(tenantDomain);
if (!config.accountSid || !config.apiKey || !config.apiSecret) {
throw new Error('Twilio API credentials not configured. Please add API Key and Secret in Settings > Integrations');
}
// Create an access token
const token = new AccessToken(
config.accountSid,
config.apiKey,
config.apiSecret,
{ identity: userId, ttl: 3600 } // 1 hour expiry
);
// Create a Voice grant
const voiceGrant = new VoiceGrant({
outgoingApplicationSid: config.twimlAppSid, // TwiML App SID for outbound calls
incomingAllow: true, // Allow incoming calls
});
token.addGrant(voiceGrant);
return token.toJwt();
}
/**
* Initiate outbound call
*/
async initiateCall(params: {
tenantId: string;
userId: string;
toNumber: string;
}) {
const { tenantId: tenantDomain, userId, toNumber } = params;
try {
this.logger.log(`=== INITIATING CALL ===`);
this.logger.log(`Domain: ${tenantDomain}, To: ${toNumber}, User: ${userId}`);
// Validate phone number
if (!toNumber.match(/^\+?[1-9]\d{1,14}$/)) {
throw new Error(`Invalid phone number format: ${toNumber}. Use E.164 format (e.g., +1234567890)`);
}
const { client, config, tenantId } = await this.getTwilioClient(tenantDomain);
this.logger.log(`Twilio client obtained for tenant: ${tenantId}`);
// Get from number
const fromNumber = config.phoneNumber;
if (!fromNumber) {
throw new Error('Twilio phone number not configured');
}
this.logger.log(`From number: ${fromNumber}`);
// Construct tenant-specific webhook URLs using HTTPS (for Traefik)
const backendUrl = `https://${tenantDomain}`;
const twimlUrl = `${backendUrl}/api/voice/twiml/outbound?phoneNumber=${encodeURIComponent(fromNumber)}&toNumber=${encodeURIComponent(toNumber)}`;
const statusUrl = `${backendUrl}/api/voice/webhook/status`;
this.logger.log(`TwiML URL: ${twimlUrl}`);
this.logger.log(`Status URL: ${statusUrl}`);
// Create call record in database
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
const callId = uuidv4();
// Initiate call via Twilio
this.logger.log(`Calling Twilio API...`);
// For Device-to-Number calls, we need to use a TwiML App SID
// The Twilio SDK will handle the Device connection, and we return TwiML with Dial
const call = await client.calls.create({
to: toNumber,
from: fromNumber, // Your Twilio phone number
url: twimlUrl,
statusCallback: statusUrl,
statusCallbackEvent: ['initiated', 'ringing', 'answered', 'completed'],
statusCallbackMethod: 'POST',
record: false,
machineDetection: 'Enable', // Optional: detect answering machines
});
this.logger.log(`Call created successfully: ${call.sid}, Status: ${call.status}`);
// Store call in database
await tenantKnex('calls').insert({
id: callId,
call_sid: call.sid,
direction: 'outbound',
from_number: fromNumber,
to_number: toNumber,
status: 'queued',
user_id: userId,
created_at: tenantKnex.fn.now(),
updated_at: tenantKnex.fn.now(),
});
// Store call state in memory
this.callStates.set(call.sid, {
callId,
callSid: call.sid,
tenantId,
userId,
direction: 'outbound',
status: 'queued',
});
this.logger.log(`Outbound call initiated: ${call.sid}`);
return {
callId,
callSid: call.sid,
status: 'queued',
};
} catch (error) {
this.logger.error('Failed to initiate call', error);
throw error;
}
}
/**
* Accept incoming call
*/
async acceptCall(params: {
callSid: string;
tenantId: string;
userId: string;
}) {
const { callSid, tenantId, userId } = params;
try {
// Note: Twilio doesn't support updating call to 'in-progress' via API
// Call status is managed by TwiML and call flow
// We'll update our database status instead
// Update database
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
await tenantKnex('calls')
.where({ call_sid: callSid })
.update({
status: 'in-progress',
user_id: userId,
started_at: tenantKnex.fn.now(),
updated_at: tenantKnex.fn.now(),
});
// Update state
const state = this.callStates.get(callSid) || {};
this.callStates.set(callSid, {
...state,
status: 'in-progress',
userId,
});
this.logger.log(`Call accepted: ${callSid} by user ${userId}`);
} catch (error) {
this.logger.error('Failed to accept call', error);
throw error;
}
}
/**
* Reject incoming call
*/
async rejectCall(callSid: string, tenantId: string) {
try {
const { client } = await this.getTwilioClient(tenantId);
// End the call
await client.calls(callSid).update({
status: 'completed',
});
// Update database
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
await tenantKnex('calls')
.where({ call_sid: callSid })
.update({
status: 'canceled',
updated_at: tenantKnex.fn.now(),
});
// Clean up state
this.callStates.delete(callSid);
this.logger.log(`Call rejected: ${callSid}`);
} catch (error) {
this.logger.error('Failed to reject call', error);
throw error;
}
}
/**
* End active call
*/
async endCall(callSid: string, tenantId: string) {
try {
const { client } = await this.getTwilioClient(tenantId);
// End the call
await client.calls(callSid).update({
status: 'completed',
});
// Clean up OpenAI connection if exists
const openaiWs = this.openaiConnections.get(callSid);
if (openaiWs) {
openaiWs.close();
this.openaiConnections.delete(callSid);
}
// Update database
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
await tenantKnex('calls')
.where({ call_sid: callSid })
.update({
status: 'completed',
ended_at: tenantKnex.fn.now(),
updated_at: tenantKnex.fn.now(),
});
// Clean up state
this.callStates.delete(callSid);
this.logger.log(`Call ended: ${callSid}`);
} catch (error) {
this.logger.error('Failed to end call', error);
throw error;
}
}
/**
* Send DTMF tones
*/
async sendDtmf(callSid: string, digit: string, tenantId: string) {
try {
const { client } = await this.getTwilioClient(tenantId);
// Twilio doesn't support sending DTMF directly via API
// This would need to be handled via TwiML <Play> of DTMF tones
this.logger.log(`DTMF requested for call ${callSid}: ${digit}`);
// TODO: Implement DTMF sending via TwiML update
} catch (error) {
this.logger.error('Failed to send DTMF', error);
throw error;
}
}
/**
* Get call state
*/
async getCallState(callSid: string, tenantId: string) {
// Try memory first
if (this.callStates.has(callSid)) {
return this.callStates.get(callSid);
}
// Fallback to database
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
const call = await tenantKnex('calls')
.where({ call_sid: callSid })
.first();
return call || null;
}
/**
* Update call status from webhook
*/
async updateCallStatus(params: {
callSid: string;
tenantId: string;
status: string;
duration?: number;
recordingUrl?: string;
}) {
const { callSid, tenantId, status, duration, recordingUrl } = params;
try {
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
const updateData: any = {
status,
updated_at: tenantKnex.fn.now(),
};
if (duration !== undefined) {
updateData.duration_seconds = duration;
}
if (recordingUrl) {
updateData.recording_url = recordingUrl;
}
if (status === 'completed') {
updateData.ended_at = tenantKnex.fn.now();
}
await tenantKnex('calls')
.where({ call_sid: callSid })
.update(updateData);
// Update state
const state = this.callStates.get(callSid);
if (state) {
this.callStates.set(callSid, { ...state, status });
}
this.logger.log(`Call status updated: ${callSid} -> ${status}`);
} catch (error) {
this.logger.error('Failed to update call status', error);
throw error;
}
}
/**
* Initialize OpenAI Realtime connection for call
*/
async initializeOpenAIRealtime(params: {
callSid: string;
tenantId: string;
userId: string;
}) {
const { callSid, tenantId, userId } = params;
try {
// Get OpenAI config - tenantId might be a domain, so look it up
const centralPrisma = getCentralPrisma();
// Try to find tenant by domain first (if tenantId is like "tenant1")
let tenant;
if (!tenantId.match(/^[0-9a-f]{8}-[0-9a-f]{4}-/i)) {
// Looks like a domain, not a UUID
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain: tenantId },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
tenant = domainRecord?.tenant;
} else {
// It's a UUID
tenant = await centralPrisma.tenant.findUnique({
where: { id: tenantId },
select: { id: true, integrationsConfig: true },
});
}
if (!tenant) {
this.logger.warn(`Tenant not found for identifier: ${tenantId}`);
return;
}
const config = this.getIntegrationConfig(tenant?.integrationsConfig as any);
if (!config.openai?.apiKey) {
this.logger.warn('OpenAI not configured for tenant, skipping AI features');
return;
}
// Connect to OpenAI Realtime API
const model = config.openai.model || 'gpt-4o-realtime-preview-2024-10-01';
const ws = new WebSocket(`wss://api.openai.com/v1/realtime?model=${model}`, {
headers: {
'Authorization': `Bearer ${config.openai.apiKey}`,
'OpenAI-Beta': 'realtime=v1',
},
});
ws.on('open', () => {
this.logger.log(`OpenAI Realtime connected for call ${callSid}`);
// Add to connections map only after it's open
this.openaiConnections.set(callSid, ws);
// Store call state with userId for later use
this.callStates.set(callSid, {
callSid,
tenantId: tenant.id,
userId,
status: 'in-progress',
});
this.logger.log(`📝 Stored call state for ${callSid} with userId: ${userId}`);
// Initialize session
ws.send(JSON.stringify({
type: 'session.update',
session: {
model: config.openai.model || 'gpt-4o-realtime-preview',
voice: config.openai.voice || 'alloy',
instructions: `You are an AI assistant in LISTENING MODE, helping a sales/support agent during their phone call.
IMPORTANT: You are NOT talking to the caller. You are advising the agent who is handling the call.
Your role:
- Listen to the conversation between the agent and the caller
- Provide concise, actionable suggestions to help the agent
- Recommend CRM actions (search contacts, create tasks, update records)
- Alert the agent to important information or next steps
- Keep suggestions brief (1-2 sentences max)
Format your suggestions like:
"💡 Suggestion: [your advice]"
"⚠️ Alert: [important notice]"
"📋 Action: [recommended CRM action]"`,
turn_detection: {
type: 'server_vad',
},
tools: this.getOpenAITools(),
},
}));
});
ws.on('message', (data: Buffer) => {
// Pass the tenant UUID (tenant.id) instead of the domain string
this.handleOpenAIMessage(callSid, tenant.id, userId, JSON.parse(data.toString()));
});
ws.on('error', (error) => {
this.logger.error(`OpenAI WebSocket error for call ${callSid}:`, error);
this.openaiConnections.delete(callSid);
});
ws.on('close', (code, reason) => {
this.logger.log(`OpenAI Realtime disconnected for call ${callSid} - Code: ${code}, Reason: ${reason.toString()}`);
this.openaiConnections.delete(callSid);
});
// Don't add to connections here - wait for 'open' event
} catch (error) {
this.logger.error('Failed to initialize OpenAI Realtime', error);
}
}
/**
* Send audio data to OpenAI Realtime API
*/
async sendAudioToOpenAI(callSid: string, audioBase64: string) {
const ws = this.openaiConnections.get(callSid);
if (!ws) {
this.logger.warn(`No OpenAI connection for call ${callSid}`);
return;
}
try {
// Send audio chunk to OpenAI
ws.send(JSON.stringify({
type: 'input_audio_buffer.append',
audio: audioBase64,
}));
} catch (error) {
this.logger.error(`Failed to send audio to OpenAI for call ${callSid}`, error);
}
}
/**
* Commit audio buffer to OpenAI (trigger processing)
*/
async commitAudioBuffer(callSid: string) {
const ws = this.openaiConnections.get(callSid);
if (!ws) {
return;
}
try {
ws.send(JSON.stringify({
type: 'input_audio_buffer.commit',
}));
} catch (error) {
this.logger.error(`Failed to commit audio buffer for call ${callSid}`, error);
}
}
/**
* Clean up OpenAI connection for a call
*/
async cleanupOpenAIConnection(callSid: string) {
const ws = this.openaiConnections.get(callSid);
if (ws) {
try {
ws.close();
this.openaiConnections.delete(callSid);
this.logger.log(`Cleaned up OpenAI connection for call ${callSid}`);
} catch (error) {
this.logger.error(`Error cleaning up OpenAI connection for call ${callSid}`, error);
}
}
}
/**
* Handle OpenAI Realtime messages
*/
private async handleOpenAIMessage(
callSid: string,
tenantId: string,
userId: string,
message: any,
) {
try {
switch (message.type) {
case 'conversation.item.created':
// Skip logging for now
break;
case 'response.audio.delta':
// OpenAI is sending audio response (skip logging)
const state = this.callStates.get(callSid);
if (state?.streamSid && message.delta) {
if (!state.pendingAudio) {
state.pendingAudio = [];
}
state.pendingAudio.push(message.delta);
}
break;
case 'response.audio.done':
// Skip logging
break;
case 'response.audio_transcript.delta':
// Skip - not transmitting individual words to frontend
break;
case 'response.audio_transcript.done':
// Final transcript - this contains the AI's actual text suggestions!
const transcript = message.transcript;
this.logger.log(`💡 AI Suggestion: "${transcript}"`);
// Save to database
await this.updateCallTranscript(callSid, tenantId, transcript);
// Also send as suggestion to frontend if it looks like a suggestion
if (transcript && transcript.length > 0) {
// Determine suggestion type
let suggestionType: 'response' | 'action' | 'insight' = 'insight';
if (transcript.includes('💡') || transcript.toLowerCase().includes('suggest')) {
suggestionType = 'response';
} else if (transcript.includes('📋') || transcript.toLowerCase().includes('action')) {
suggestionType = 'action';
} else if (transcript.includes('⚠️') || transcript.toLowerCase().includes('alert')) {
suggestionType = 'insight';
}
// Emit to frontend
const state = this.callStates.get(callSid);
this.logger.log(`📊 Call state - userId: ${state?.userId}, gateway: ${!!this.voiceGateway}`);
if (state?.userId && this.voiceGateway) {
this.logger.log(`📤 Sending to user ${state.userId}`);
await this.voiceGateway.notifyAiSuggestion(state.userId, {
type: suggestionType,
text: transcript,
callSid,
timestamp: new Date().toISOString(),
});
this.logger.log(`✅ Suggestion sent to agent`);
} else {
this.logger.warn(`❌ Cannot send - userId: ${state?.userId}, gateway: ${!!this.voiceGateway}, callStates has ${this.callStates.size} entries`);
}
}
break;
case 'response.function_call_arguments.done':
// Tool call completed
await this.handleToolCall(callSid, tenantId, userId, message);
break;
case 'session.created':
case 'session.updated':
case 'response.created':
case 'response.output_item.added':
case 'response.content_part.added':
case 'response.content_part.done':
case 'response.output_item.done':
case 'response.done':
case 'input_audio_buffer.speech_started':
case 'input_audio_buffer.speech_stopped':
case 'input_audio_buffer.committed':
// Skip logging for these (too noisy)
break;
case 'error':
this.logger.error(`OpenAI error for call ${callSid}: ${JSON.stringify(message.error)}`);
break;
default:
// Only log unhandled types occasionally
break;
}
} catch (error) {
this.logger.error('Failed to handle OpenAI message', error);
}
}
/**
* Define OpenAI tools for CRM actions
*/
private getOpenAITools(): any[] {
return [
{
type: 'function',
name: 'search_contact',
description: 'Search for a contact by name, email, or phone number',
parameters: {
type: 'object',
properties: {
query: {
type: 'string',
description: 'Search query (name, email, or phone)',
},
},
required: ['query'],
},
},
{
type: 'function',
name: 'create_task',
description: 'Create a follow-up task based on the call',
parameters: {
type: 'object',
properties: {
title: {
type: 'string',
description: 'Task title',
},
description: {
type: 'string',
description: 'Task description',
},
dueDate: {
type: 'string',
description: 'Due date (ISO format)',
},
},
required: ['title'],
},
},
{
type: 'function',
name: 'update_contact',
description: 'Update contact information',
parameters: {
type: 'object',
properties: {
contactId: {
type: 'string',
description: 'Contact ID',
},
fields: {
type: 'object',
description: 'Fields to update',
},
},
required: ['contactId', 'fields'],
},
},
];
}
/**
* Handle tool calls from OpenAI
*/
private async handleToolCall(
callSid: string,
tenantId: string,
userId: string,
message: any,
) {
// TODO: Implement actual tool execution
// This would call the appropriate services based on the tool name
// Respecting RBAC permissions for the user
this.logger.log(`Tool call for call ${callSid}: ${message.name}`);
}
/**
* Update call transcript
*/
private async updateCallTranscript(
callSid: string,
tenantId: string,
transcript: string,
) {
try {
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
await tenantKnex('calls')
.where({ call_sid: callSid })
.update({
ai_transcript: transcript,
updated_at: tenantKnex.fn.now(),
});
} catch (error) {
this.logger.error('Failed to update transcript', error);
}
}
/**
* Get call history for user
*/
async getCallHistory(tenantId: string, userId: string, limit = 50) {
try {
const tenantKnex = await this.tenantDbService.getTenantKnexById(tenantId);
const calls = await tenantKnex('calls')
.where({ user_id: userId })
.orderBy('created_at', 'desc')
.limit(limit);
return calls;
} catch (error) {
this.logger.error('Failed to get call history', error);
throw error;
}
}
}

296
docs/AUTHORIZATION_SYSTEM.md Normal file
View File

@@ -0,0 +1,296 @@
# Polymorphic Record Sharing + Authorization System
This document describes the implementation of a comprehensive authorization system using CASL, Objection.js, and NestJS.
## Overview
The system supports:
- **Global object policies** - Public/private access, default permissions per object type
- **Role-based access** - Permissions assigned to roles, with CASL rule storage
- **Per-record sharing** - Polymorphic sharing where owners can grant specific users access to individual records
- **Field-level permissions** - Fine-grained control over which fields can be read/written
## Architecture
### Database Schema
#### `object_definitions` (Enhanced)
- `accessModel`: 'public' | 'owner' | 'mixed'
- `publicRead/Create/Update/Delete`: Boolean flags for public access
- `ownerField`: Field name storing record owner (default: 'ownerId')
#### `field_definitions` (Enhanced)
- `defaultReadable`: Boolean - Can this field be read by default
- `defaultWritable`: Boolean - Can this field be written by default
These permission flags are added directly to the existing `field_definitions` table, keeping all field metadata in one place.
#### `role_rules` (New)
- `roleId`: FK to roles
- `rulesJson`: JSON array of CASL rules
#### `record_shares` (New)
Polymorphic sharing table:
- `objectDefinitionId`: FK to object_definitions
- `recordId`: String (supports UUID/int)
- `granteeUserId`: User receiving access
- `grantedByUserId`: User granting access
- `actions`: JSON array of actions ["read", "update", etc.]
- `fields`: Optional JSON array of field names
- `expiresAt/revokedAt`: Optional expiry and revocation timestamps
### Backend Components
#### AbilityFactory (`src/auth/ability.factory.ts`)
Builds CASL abilities from three layers:
1. **Global rules** - From object_definitions and object_fields
2. **Role rules** - From role_rules.rulesJson
3. **Share rules** - From record_shares for the user
```typescript
const ability = await abilityFactory.buildForUser(user, knex);
if (ability.can('read', 'Post')) {
// User can read posts
}
```
#### Query Scoping (`src/auth/query-scope.util.ts`)
SQL-level filtering for list queries:
```typescript
import { applyReadScope } from '@/auth/query-scope.util';
const query = Post.query(knex);
applyReadScope(query, user, objectDefinition, knex);
// Query now only returns records user can access
```
Logic:
1. If `publicRead` is true → allow all
2. Else → owner OR valid share exists
#### Guards & Decorators
- `AbilitiesGuard` - Checks CASL abilities on routes
- `@CheckAbility()` - Decorator to require specific permissions
- `@CurrentUser()` - Inject current user
- `@CurrentAbility()` - Inject CASL ability
#### Controllers
**ShareController** (`src/rbac/share.controller.ts`)
- `POST /shares` - Create a share
- `GET /shares/record/:objectDefinitionId/:recordId` - List shares for a record
- `GET /shares/granted` - List shares granted by current user
- `GET /shares/received` - List shares received by current user
- `PATCH /shares/:id` - Update a share
- `DELETE /shares/:id` - Revoke a share
**RoleController** (`src/rbac/role.controller.ts`)
- Standard CRUD for roles
- `RoleRuleController` manages CASL rules per role
**ObjectAccessController** (`src/object/object-access.controller.ts`)
- `GET /setup/objects/:apiName/access` - Get access config
- `PUT /setup/objects/:apiName/access` - Update access model
- `POST /setup/objects/:apiName/fields/:fieldKey/permissions` - Set field permissions
- `PUT /setup/objects/:apiName/field-permissions` - Bulk update field permissions
### Frontend Components
#### ObjectAccessSettings (`components/ObjectAccessSettings.vue`)
Integrated into object management page as "Access & Permissions" tab:
- Configure access model (public/owner/mixed)
- Set public CRUD permissions
- Configure owner field
- Set default read/write permissions per field
#### RecordShareDialog (`components/RecordShareDialog.vue`)
Dialog for sharing individual records:
- List current shares
- Add new share with user email
- Select read/update permissions
- Optional field-level scoping
- Optional expiration date
- Revoke shares
#### Role Management (`pages/setup/roles.vue`)
Complete role management interface:
- List all roles
- Create new roles
- Delete roles
- Edit role permissions
#### RolePermissionsEditor (`components/RolePermissionsEditor.vue`)
Granular permission editor:
- Configure CRUD permissions per object type
- Apply conditions (e.g., "ownerId = $userId")
- Field-level restrictions (future)
## Usage Examples
### 1. Set Object to Owner-Only Access
```typescript
await api.put('/setup/objects/Post/access', {
accessModel: 'owner',
publicRead: false,
ownerField: 'ownerId'
});
```
### 2. Share a Record
```typescript
await api.post('/shares', {
objectDefinitionId: 'abc-123',
recordId: 'post-456',
granteeUserId: 'user-789',
actions: ['read', 'update'],
fields: ['title', 'body'], // Optional field scoping
expiresAt: '2025-12-31T23:59:59Z' // Optional expiry
});
```
### 3. Create Role with Permissions
```typescript
// Create role
const role = await api.post('/roles', {
name: 'Account Manager',
description: 'Can manage accounts'
});
// Set permissions
await api.post('/role-rules', {
roleId: role.id,
rulesJson: [
{
action: ['read', 'update'],
subject: 'Account',
conditions: { ownerId: '$userId' } // Only own accounts
},
{
action: ['read'],
subject: 'Contact' // Can read all contacts
}
]
});
```
### 4. Query with Authorization
```typescript
// In a controller
async getRecords(user: User) {
const objectDef = await ObjectDefinition.query(this.knex)
.findOne({ apiName: 'Post' });
const query = Post.query(this.knex);
applyReadScope(query, user, objectDef, this.knex);
return query; // Only returns records user can read
}
```
### 5. Check Instance Permission
```typescript
// With CASL
const post = await Post.query().findById(id);
if (ability.can('update', subject(post, 'Post'))) {
// User can update this post
}
```
## Migration Guide
1. **Run Migration**
```bash
npm run migrate:latest
```
2. **Update Existing Objects**
Set default access model for existing object types:
```sql
UPDATE object_definitions
SET access_model = 'owner',
owner_field = 'ownerId'
WHERE access_model IS NULL;
```
3. **Update Controllers**
Add query scoping to list endpoints:
```typescript
import { applyReadScope } from '@/auth/query-scope.util';
// Before
const records = await MyModel.query();
// After
const records = await applyReadScope(
MyModel.query(),
user,
objectDef,
knex
);
```
4. **Add Guards**
Protect routes with ability checks:
```typescript
@UseGuards(JwtAuthGuard, AbilitiesGuard)
@CheckAbility({ action: 'read', subject: 'Post' })
async findAll() {
// ...
}
```
## Security Considerations
1. **Always use SQL scoping for lists** - Don't rely on post-fetch filtering
2. **Validate share ownership** - Only grantor can update/revoke shares
3. **Check expiry and revocation** - Filter out invalid shares in queries
4. **Field-level filtering** - Strip unauthorized fields from request bodies
5. **Tenant isolation** - All queries should be scoped to current tenant (if multi-tenant)
## Testing
### Unit Tests
Test ability building:
```typescript
it('should allow owner to read their records', async () => {
const ability = await abilityFactory.buildForUser(user, knex);
const post = { id: '123', ownerId: user.id };
expect(ability.can('read', subject(post, 'Post'))).toBe(true);
});
```
### Integration Tests
Test query scoping:
```typescript
it('should only return owned records', async () => {
const query = Post.query(knex);
applyReadScope(query, user, objectDef, knex);
const records = await query;
expect(records.every(r => r.ownerId === user.id)).toBe(true);
});
```
## Future Enhancements
- [ ] Group/team sharing (share with multiple users)
- [ ] Public link sharing (token-based)
- [ ] Audit log for shares
- [ ] Share templates
- [ ] Cascading shares (share related records)
- [ ] Time-limited shares with auto-expiry
- [ ] Share approval workflow
- [ ] Delegation (share on behalf of another user)
## API Reference
See individual controller files for detailed API documentation:
- [ShareController](./backend/src/rbac/share.controller.ts)
- [RoleController](./backend/src/rbac/role.controller.ts)
- [ObjectAccessController](./backend/src/object/object-access.controller.ts)

211
docs/SALESFORCE_AUTHORIZATION.md
View File

@@ -1,211 +0,0 @@
# Salesforce-Style Authorization System
## Overview
Implemented a comprehensive authorization system based on Salesforce's model with:
- **Org-Wide Defaults (OWD)** for record visibility
- **Role-based permissions** for object and field access
- **Record sharing** for granular access control
- **CASL** for flexible permission evaluation
## Architecture
### 1. Org-Wide Defaults (OWD)
Controls baseline record visibility for each object:
- `private`: Only owner can see records
- `public_read`: Everyone can see, only owner can edit/delete
- `public_read_write`: Everyone can see and modify all records
### 2. Role-Based Object Permissions
Table: `role_object_permissions`
- `canCreate`: Can create new records
- `canRead`: Can read records (subject to OWD)
- `canEdit`: Can edit records (subject to OWD)
- `canDelete`: Can delete records (subject to OWD)
- `canViewAll`: Override OWD to see ALL records
- `canModifyAll`: Override OWD to edit ALL records
### 3. Field-Level Security
Table: `role_field_permissions`
- `canRead`: Can view field value
- `canEdit`: Can modify field value
### 4. Record Sharing
Table: `record_shares`
Grants specific users access to individual records with:
```json
{
"canRead": boolean,
"canEdit": boolean,
"canDelete": boolean
}
```
## Permission Evaluation Flow
```
1. Check role_object_permissions
├─ Does user have canCreate/Read/Edit/Delete?
│ └─ NO → Deny
│ └─ YES → Continue
2. Check canViewAll / canModifyAll
├─ Does user have special "all" permissions?
│ └─ YES → Grant access
│ └─ NO → Continue
3. Check OWD (orgWideDefault)
├─ public_read_write → Grant access
├─ public_read → Grant read, check ownership for write
└─ private → Check ownership or sharing
4. Check Ownership
├─ Is user the record owner?
│ └─ YES → Grant access
│ └─ NO → Continue
5. Check Record Shares
└─ Is record explicitly shared with user?
└─ Check accessLevel permissions
```
## Field-Level Security
Fields are filtered after record access is granted:
1. User queries records → Apply record-level scope
2. System filters readable fields based on `role_field_permissions`
3. User updates records → System filters editable fields
## Key Features
### Multiple Role Support
- Users can have multiple roles
- Permissions are **unioned** (any role grants = user has it)
- More flexible than Salesforce's single profile model
### Active Share Detection
- Shares can expire (`expiresAt`)
- Shares can be revoked (`revokedAt`)
- Only active shares are evaluated
### CASL Integration
- Dynamic ability building per request
- Condition-based rules
- Field-level permission support
## Usage Example
```typescript
// In a controller/service
constructor(
private authService: AuthorizationService,
private tenantDbService: TenantDatabaseService,
) {}
async getRecords(tenantId: string, objectApiName: string, userId: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId);
// Get user with roles
const user = await User.query(knex)
.findById(userId)
.withGraphFetched('[roles.[objectPermissions, fieldPermissions]]');
// Get object definition
const objectDef = await ObjectDefinition.query(knex)
.findOne({ apiName: objectApiName });
// Build query with authorization scope
let query = knex(objectApiName.toLowerCase());
query = await this.authService.applyScopeToQuery(
query,
objectDef,
user,
'read',
knex,
);
const records = await query;
// Get field definitions
const fields = await FieldDefinition.query(knex)
.where('objectDefinitionId', objectDef.id);
// Filter fields user can read
const filteredRecords = await Promise.all(
records.map(record =>
this.authService.filterReadableFields(record, fields, user)
)
);
return filteredRecords;
}
async updateRecord(tenantId: string, objectApiName: string, recordId: string, data: any, userId: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId);
const user = await User.query(knex)
.findById(userId)
.withGraphFetched('[roles.[objectPermissions, fieldPermissions]]');
const objectDef = await ObjectDefinition.query(knex)
.findOne({ apiName: objectApiName });
// Get existing record
const record = await knex(objectApiName.toLowerCase())
.where({ id: recordId })
.first();
if (!record) {
throw new NotFoundException('Record not found');
}
// Check if user can update this record
await this.authService.assertCanPerformAction(
'update',
objectDef,
record,
user,
knex,
);
// Get field definitions
const fields = await FieldDefinition.query(knex)
.where('objectDefinitionId', objectDef.id);
// Filter to only editable fields
const editableData = await this.authService.filterEditableFields(
data,
fields,
user,
);
// Perform update
await knex(objectApiName.toLowerCase())
.where({ id: recordId })
.update(editableData);
return knex(objectApiName.toLowerCase())
.where({ id: recordId })
.first();
}
```
## Migration
Run the migration to add authorization tables:
```bash
npm run knex migrate:latest
```
The migration creates:
- `orgWideDefault` column in `object_definitions`
- `role_object_permissions` table
- `role_field_permissions` table
- `record_shares` table
## Next Steps
1. **Migrate existing data**: Set default `orgWideDefault` values for existing objects
2. **Create default roles**: Create Admin, Standard User, etc. with appropriate permissions
3. **Update API endpoints**: Integrate authorization service into all CRUD operations
4. **UI for permission management**: Build admin interface to manage role permissions
5. **Sharing UI**: Build interface for users to share records with others

219
docs/SOFTPHONE_CHECKLIST.md
View File

@@ -1,219 +0,0 @@
# Softphone Configuration Checklist
## Pre-Deployment Checklist
### Backend Configuration
- [ ] **Environment Variables Set**
- [ ] `BACKEND_URL` - Public URL of backend (e.g., `https://api.yourdomain.com`)
- [ ] `ENCRYPTION_KEY` - 32-byte hex key for encrypting credentials
- [ ] Database connection URLs configured
- [ ] **Dependencies Installed**
```bash
cd backend
npm install
```
- [ ] **Migrations Run**
```bash
# Generate Prisma client
npx prisma generate --schema=./prisma/schema-central.prisma
# Run tenant migrations (creates calls table)
npm run migrate:all-tenants
```
- [ ] **Build Succeeds**
```bash
npm run build
```
### Frontend Configuration
- [ ] **Environment Variables Set**
- [ ] `VITE_BACKEND_URL` - Backend URL (e.g., `https://api.yourdomain.com`)
- [ ] **Dependencies Installed**
```bash
cd frontend
npm install
```
- [ ] **Build Succeeds**
```bash
npm run build
```
### Twilio Setup
- [ ] **Account Created**
- [ ] Sign up at https://www.twilio.com
- [ ] Verify account (phone/email)
- [ ] **Credentials Retrieved**
- [ ] Account SID (starts with `AC...`)
- [ ] Auth Token (from Twilio Console)
- [ ] **Phone Number Purchased**
- [ ] Buy a phone number in Twilio Console
- [ ] Note the phone number in E.164 format (e.g., `+1234567890`)
- [ ] **Webhooks Configured**
- [ ] Go to Phone Numbers → Active Numbers → [Your Number]
- [ ] Voice Configuration:
- [ ] A CALL COMES IN: Webhook
- [ ] URL: `https://your-backend-url.com/api/voice/twiml/inbound`
- [ ] HTTP: POST
- [ ] Status Callback:
- [ ] URL: `https://your-backend-url.com/api/voice/webhook/status`
- [ ] HTTP: POST
- [ ] **Media Streams (Optional)**
- [ ] Enable Media Streams in Twilio Console
- [ ] Note: Full implementation pending
### OpenAI Setup (Optional)
- [ ] **API Key Obtained**
- [ ] Sign up at https://platform.openai.com
- [ ] Create API key in API Keys section
- [ ] Copy key (starts with `sk-...`)
- [ ] **Realtime API Access**
- [ ] Ensure account has access to Realtime API (beta feature)
- [ ] Contact OpenAI support if needed
- [ ] **Model & Voice Selected**
- [ ] Model: `gpt-4o-realtime-preview` (default)
- [ ] Voice: `alloy`, `echo`, `fable`, `onyx`, `nova`, or `shimmer`
### Tenant Configuration
- [ ] **Log into Tenant**
- [ ] Use tenant subdomain (e.g., `acme.yourdomain.com`)
- [ ] Login with tenant user account
- [ ] **Navigate to Integrations**
- [ ] Go to Settings → Integrations (create page if doesn't exist)
- [ ] **Configure Twilio**
- [ ] Enter Account SID
- [ ] Enter Auth Token
- [ ] Enter Phone Number (with country code)
- [ ] Click Save Configuration
- [ ] **Configure OpenAI (Optional)**
- [ ] Enter API Key
- [ ] Set Model (or use default)
- [ ] Set Voice (or use default)
- [ ] Click Save Configuration
### Testing
- [ ] **WebSocket Connection**
- [ ] Open browser DevTools → Network → WS
- [ ] Click "Softphone" button in sidebar
- [ ] Verify WebSocket connection to `/voice` namespace
- [ ] Check for "Connected" status in softphone dialog
- [ ] **Outbound Call**
- [ ] Enter a test phone number
- [ ] Click "Call"
- [ ] Verify call initiates
- [ ] Check call appears in Twilio Console → Logs
- [ ] Verify call status updates in UI
- [ ] **Inbound Call**
- [ ] Call your Twilio number from external phone
- [ ] Verify incoming call notification appears
- [ ] Verify ringtone plays
- [ ] Click "Accept"
- [ ] Verify call connects
- [ ] **AI Features (if OpenAI configured)**
- [ ] Make a call
- [ ] Speak during call
- [ ] Verify transcript appears in real-time
- [ ] Check for AI suggestions
- [ ] Test AI tool calls (if configured)
- [ ] **Call History**
- [ ] Make/receive multiple calls
- [ ] Open softphone dialog
- [ ] Verify recent calls appear
- [ ] Click recent call to redial
### Production Readiness
- [ ] **Security**
- [ ] HTTPS enabled on backend
- [ ] WSS (WebSocket Secure) working
- [ ] CORS configured correctly
- [ ] Environment variables secured
- [ ] **Monitoring**
- [ ] Backend logs accessible
- [ ] Error tracking setup (e.g., Sentry)
- [ ] Twilio logs monitored
- [ ] **Scalability**
- [ ] Redis configured for BullMQ (future)
- [ ] Database connection pooling configured
- [ ] Load balancer if needed
- [ ] **Documentation**
- [ ] User guide shared with team
- [ ] Twilio credentials documented securely
- [ ] Support process defined
## Verification Commands
```bash
# Check backend build
cd backend && npm run build
# Check frontend build
cd frontend && npm run build
# Verify migrations
cd backend && npm run migrate:status
# Test WebSocket (after starting backend)
# In browser console:
const socket = io('http://localhost:3000/voice', {
auth: { token: 'YOUR_JWT_TOKEN' }
});
socket.on('connect', () => console.log('Connected!'));
```
## Common Issues & Solutions
| Issue | Check | Solution |
|-------|-------|----------|
| "Not connected" | WebSocket URL | Verify BACKEND_URL in frontend .env |
| Build fails | Dependencies | Run `npm install` again |
| Twilio errors | Credentials | Re-enter credentials in settings |
| No AI features | OpenAI key | Add API key in integrations |
| Webhook 404 | URL format | Ensure `/api/voice/...` prefix |
| HTTPS required | Twilio webhooks | Deploy with HTTPS or use ngrok for testing |
## Post-Deployment Tasks
- [ ] Train users on softphone features
- [ ] Monitor call quality and errors
- [ ] Collect feedback for improvements
- [ ] Plan for scaling (queue system, routing)
- [ ] Review call logs for insights
## Support Resources
- **Twilio Docs**: https://www.twilio.com/docs
- **OpenAI Realtime API**: https://platform.openai.com/docs/guides/realtime
- **Project Docs**: `/docs/SOFTPHONE_IMPLEMENTATION.md`
- **Quick Start**: `/docs/SOFTPHONE_QUICK_START.md`
---
**Last Updated**: January 3, 2026
**Checklist Version**: 1.0

370
docs/SOFTPHONE_IMPLEMENTATION.md
View File

@@ -1,370 +0,0 @@
# Softphone Implementation with Twilio & OpenAI Realtime
## Overview
This implementation adds comprehensive voice calling functionality to the platform using Twilio for telephony and OpenAI Realtime API for AI-assisted calls. The softphone is accessible globally through a Vue component, with call state managed via WebSocket connections.
## Architecture
### Backend (NestJS + Fastify)
#### Core Components
1. **VoiceModule** (`backend/src/voice/`)
- `voice.module.ts` - Module configuration
- `voice.gateway.ts` - WebSocket gateway for real-time signaling
- `voice.service.ts` - Business logic for call orchestration
- `voice.controller.ts` - REST endpoints and Twilio webhooks
- `dto/` - Data transfer objects for type safety
- `interfaces/` - TypeScript interfaces for configuration
2. **Database Schema**
- **Central Database**: `integrationsConfig` JSON field in Tenant model (encrypted)
- **Tenant Database**: `calls` table for call history and metadata
3. **WebSocket Gateway**
- Namespace: `/voice`
- Authentication: JWT token validation in handshake
- Tenant Context: Extracted from JWT payload
- Events: `call:initiate`, `call:accept`, `call:reject`, `call:end`, `call:dtmf`
- AI Events: `ai:transcript`, `ai:suggestion`, `ai:action`
4. **Twilio Integration**
- SDK: `twilio` npm package
- Features: Outbound calls, TwiML responses, Media Streams, webhooks
- Credentials: Stored encrypted per tenant in `integrationsConfig.twilio`
5. **OpenAI Realtime Integration**
- Connection: WebSocket to `wss://api.openai.com/v1/realtime`
- Features: Real-time transcription, AI suggestions, tool calling
- Credentials: Stored encrypted per tenant in `integrationsConfig.openai`
### Frontend (Nuxt 3 + Vue 3)
#### Core Components
1. **useSoftphone Composable** (`frontend/composables/useSoftphone.ts`)
- Module-level shared state for global access
- WebSocket connection management with auto-reconnect
- Call state management (current call, incoming call)
- Audio management (ringtone playback)
- Event handlers for call lifecycle and AI events
2. **SoftphoneDialog Component** (`frontend/components/SoftphoneDialog.vue`)
- Global dialog accessible from anywhere
- Features:
- Dialer with numeric keypad
- Incoming call notifications with ringtone
- Active call controls (mute, DTMF, hang up)
- Real-time transcript display
- AI suggestions panel
- Recent call history
3. **Integration in Layout** (`frontend/layouts/default.vue`)
- SoftphoneDialog included globally
- Sidebar button with incoming call indicator
4. **Settings Page** (`frontend/pages/settings/integrations.vue`)
- Configure Twilio credentials
- Configure OpenAI API settings
- Encrypted storage via backend API
## Configuration
### Environment Variables
#### Backend (.env)
```env
BACKEND_URL=http://localhost:3000
ENCRYPTION_KEY=your-32-byte-hex-key
```
#### Frontend (.env)
```env
VITE_BACKEND_URL=http://localhost:3000
```
### Tenant Configuration
Integrations are configured per tenant via the settings UI or API:
```json
{
"twilio": {
"accountSid": "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"authToken": "your-auth-token",
"phoneNumber": "+1234567890"
},
"openai": {
"apiKey": "sk-...",
"model": "gpt-4o-realtime-preview",
"voice": "alloy"
}
}
```
This configuration is encrypted using AES-256-CBC and stored in the central database.
## API Endpoints
### REST Endpoints
- `POST /api/voice/call` - Initiate outbound call
- `GET /api/voice/calls` - Get call history
- `POST /api/voice/twiml/outbound` - TwiML for outbound calls
- `POST /api/voice/twiml/inbound` - TwiML for inbound calls
- `POST /api/voice/webhook/status` - Twilio status webhook
- `POST /api/voice/webhook/recording` - Twilio recording webhook
- `GET /api/tenant/integrations` - Get integrations config (masked)
- `PUT /api/tenant/integrations` - Update integrations config
### WebSocket Events
#### Client → Server
- `call:initiate` - Initiate outbound call
- `call:accept` - Accept incoming call
- `call:reject` - Reject incoming call
- `call:end` - End active call
- `call:dtmf` - Send DTMF tone
#### Server → Client
- `call:incoming` - Incoming call notification
- `call:initiated` - Call initiation confirmed
- `call:accepted` - Call accepted
- `call:rejected` - Call rejected
- `call:ended` - Call ended
- `call:update` - Call status update
- `call:error` - Call error
- `call:state` - Full call state sync
- `ai:transcript` - AI transcription update
- `ai:suggestion` - AI suggestion
- `ai:action` - AI action executed
## Database Schema
### Central Database - Tenant Model
```prisma
model Tenant {
id String @id @default(cuid())
name String
slug String @unique
dbHost String
dbPort Int @default(3306)
dbName String
dbUsername String
dbPassword String // Encrypted
integrationsConfig Json? // NEW: Encrypted JSON config
status String @default("active")
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
domains Domain[]
}
```
### Tenant Database - Calls Table
```sql
CREATE TABLE calls (
id VARCHAR(36) PRIMARY KEY,
call_sid VARCHAR(100) UNIQUE NOT NULL,
direction ENUM('inbound', 'outbound') NOT NULL,
from_number VARCHAR(20) NOT NULL,
to_number VARCHAR(20) NOT NULL,
status ENUM('queued', 'ringing', 'in-progress', 'completed', 'busy', 'failed', 'no-answer', 'canceled'),
duration_seconds INT UNSIGNED,
recording_url VARCHAR(500),
ai_transcript TEXT,
ai_summary TEXT,
ai_insights JSON,
user_id VARCHAR(36) NOT NULL,
started_at TIMESTAMP,
ended_at TIMESTAMP,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
INDEX idx_call_sid (call_sid),
INDEX idx_user_id (user_id),
INDEX idx_status (status),
INDEX idx_direction (direction),
INDEX idx_created_user (created_at, user_id)
);
```
## Usage
### For Developers
1. **Install Dependencies**
```bash
cd backend && npm install
cd ../frontend && npm install
```
2. **Configure Environment**
- Set `ENCRYPTION_KEY` in backend `.env`
- Ensure `BACKEND_URL` matches your deployment
3. **Run Migrations**
```bash
cd backend
# Central database migration is handled by Prisma
npm run migrate:all-tenants # Run tenant migrations
```
4. **Start Services**
```bash
# Backend
cd backend && npm run start:dev
# Frontend
cd frontend && npm run dev
```
### For Users
1. **Configure Integrations**
- Navigate to Settings → Integrations
- Enter Twilio credentials (Account SID, Auth Token, Phone Number)
- Enter OpenAI API key
- Click "Save Configuration"
2. **Make a Call**
- Click the "Softphone" button in the sidebar
- Enter a phone number (E.164 format: +1234567890)
- Click "Call"
3. **Receive Calls**
- Configure Twilio webhook URLs to point to your backend
- Incoming calls will trigger a notification and ringtone
- Click "Accept" to answer or "Reject" to decline
## Advanced Features
### AI-Assisted Calling
The OpenAI Realtime API provides:
1. **Real-time Transcription** - Live speech-to-text during calls
2. **AI Suggestions** - Contextual suggestions for agents
3. **Tool Calling** - CRM actions via AI (search contacts, create tasks, etc.)
### Tool Definitions
The system includes predefined tools for AI:
- `search_contact` - Search CRM for contacts
- `create_task` - Create follow-up tasks
- `update_contact` - Update contact information
Tools automatically respect RBAC permissions as they call existing protected services.
### Call Recording
- Automatic recording via Twilio
- Recording URLs stored in call records
- Accessible via API for playback
## Security
1. **Encryption** - All credentials encrypted using AES-256-CBC
2. **Authentication** - JWT-based auth for WebSocket and REST
3. **Tenant Isolation** - Multi-tenant architecture with database-per-tenant
4. **RBAC** - Permission-based access control (future: add voice-specific permissions)
## Limitations & Future Enhancements
### Current Limitations
1. **Media Streaming** - Twilio Media Streams WebSocket not fully implemented
2. **Call Routing** - No intelligent routing for inbound calls yet
3. **Queue Management** - Basic call handling, no queue system
4. **Audio Muting** - UI placeholder, actual audio muting not implemented
5. **RBAC Permissions** - Voice-specific permissions not yet added
### Planned Enhancements
1. **Media Streams** - Full bidirectional audio between Twilio ↔ OpenAI ↔ User
2. **Call Routing** - Route calls based on availability, skills, round-robin
3. **Queue System** - Call queuing with BullMQ integration
4. **Call Analytics** - Dashboard with call metrics and insights
5. **RBAC Integration** - Add `voice.make_calls`, `voice.receive_calls` permissions
6. **WebRTC** - Direct browser-to-Twilio audio (bypass backend)
## Troubleshooting
### WebSocket Connection Issues
- Verify `BACKEND_URL` environment variable
- Check CORS settings in backend
- Ensure JWT token is valid and includes tenant information
### Twilio Webhook Errors
- Ensure webhook URLs are publicly accessible
- Verify Twilio credentials in integrations config
- Check backend logs for webhook processing errors
### OpenAI Connection Issues
- Verify OpenAI API key has Realtime API access
- Check network connectivity to OpenAI endpoints
- Monitor backend logs for WebSocket errors
## Testing
### Manual Testing
1. **Outbound Calls**
```bash
# Open softphone dialog
# Enter test number (use Twilio test credentials)
# Click Call
# Verify call status updates
```
2. **Inbound Calls**
```bash
# Configure Twilio number webhook
# Call the Twilio number from external phone
# Verify incoming call notification
# Accept call and verify connection
```
3. **AI Features**
```bash
# Make a call with OpenAI configured
# Speak during the call
# Verify transcript appears in UI
# Check for AI suggestions
```
## Dependencies
### Backend
- `@nestjs/websockets` - WebSocket support
- `@nestjs/platform-socket.io` - Socket.IO adapter
- `@fastify/websocket` - Fastify WebSocket plugin
- `socket.io` - WebSocket library
- `twilio` - Twilio SDK
- `openai` - OpenAI SDK (for Realtime API)
- `ws` - WebSocket client
### Frontend
- `socket.io-client` - WebSocket client
- `lucide-vue-next` - Icons
- `vue-sonner` - Toast notifications
## Support
For issues or questions:
1. Check backend logs for error details
2. Verify tenant integrations configuration
3. Test Twilio/OpenAI connectivity independently
4. Review WebSocket connection in browser DevTools
## License
Same as project license.

94
docs/SOFTPHONE_QUICK_START.md
View File

@@ -1,94 +0,0 @@
# Softphone Quick Start Guide
## Setup (5 minutes)
### 1. Configure Twilio
1. Create a Twilio account at https://www.twilio.com
2. Get your credentials:
- Account SID (starts with AC...)
- Auth Token
- Purchase a phone number
3. Configure webhook URLs in Twilio Console:
- Voice webhook: `https://your-domain.com/api/voice/twiml/inbound`
- Status callback: `https://your-domain.com/api/voice/webhook/status`
### 2. Configure OpenAI (Optional for AI features)
1. Get OpenAI API key from https://platform.openai.com
2. Ensure you have access to Realtime API (beta feature)
### 3. Add Credentials to Platform
1. Log into your tenant
2. Navigate to **Settings → Integrations**
3. Fill in Twilio section:
- Account SID
- Auth Token
- Phone Number (format: +1234567890)
4. Fill in OpenAI section (optional):
- API Key
- Model: `gpt-4o-realtime-preview` (default)
- Voice: `alloy` (default)
5. Click **Save Configuration**
## Using the Softphone
### Make a Call
1. Click **Softphone** button in sidebar (phone icon)
2. Enter phone number in E.164 format: `+1234567890`
3. Click **Call** or press Enter
4. Wait for connection
5. During call:
- Click **hash** icon for DTMF keypad
- Click **microphone** to mute/unmute
- Click **red phone** to hang up
### Receive a Call
1. Softphone automatically connects when logged in
2. Incoming call notification appears with ringtone
3. Click **Accept** (green button) or **Reject** (red button)
4. If accepted, call controls appear
### AI Features (if OpenAI configured)
- **Real-time Transcript**: See what's being said live
- **AI Suggestions**: Get contextual tips during calls
- **Smart Actions**: AI can search contacts, create tasks automatically
## Quick Tips
- ✅ Phone number format: `+1234567890` (include country code)
- ✅ Close dialog: Click outside or press Escape
- ✅ Incoming calls work even if dialog is closed
- ✅ Recent calls appear for quick redial
- ❌ Don't forget to save credentials before testing
- ❌ Webhook URLs must be publicly accessible (not localhost)
## Troubleshooting
| Issue | Solution |
|-------|----------|
| "Not connected" | Check credentials in Settings → Integrations |
| Can't make calls | Verify Twilio Account SID and Auth Token |
| Can't receive calls | Check Twilio webhook configuration |
| No AI features | Add OpenAI API key in settings |
| WebSocket errors | Check browser console, verify backend URL |
## Testing with Twilio Test Credentials
For development, Twilio provides test credentials:
- Use Twilio test numbers
- No actual calls are made
- Simulate call flows in development
## Next Steps
- 📞 Make your first test call
- 🎤 Try the AI transcription feature
- 📊 View call history in Softphone dialog
- ⚙️ Configure call routing (advanced)
Need help? Check `/docs/SOFTPHONE_IMPLEMENTATION.md` for detailed documentation.

232
docs/SOFTPHONE_SUMMARY.md
View File

@@ -1,232 +0,0 @@
# Softphone Feature - Implementation Summary
## ✅ What Was Implemented
This PR adds complete softphone functionality to the platform with Twilio telephony and OpenAI Realtime API integration.
### Backend Changes
1. **WebSocket Support**
- Added `@fastify/websocket` to enable WebSocket in Fastify
- Configured `@nestjs/websockets` with Socket.IO adapter
- Modified `main.ts` to register WebSocket support
2. **Database Schema**
- Added `integrationsConfig` JSON field to Tenant model (encrypted)
- Created `calls` table migration for tenant databases
- Generated Prisma client with new schema
3. **VoiceModule** (`backend/src/voice/`)
- `voice.module.ts` - Module registration
- `voice.gateway.ts` - WebSocket gateway with JWT auth
- `voice.service.ts` - Twilio & OpenAI integration
- `voice.controller.ts` - REST endpoints and webhooks
- DTOs and interfaces for type safety
4. **Tenant Management**
- `tenant.controller.ts` - New endpoints for integrations config
- Encryption/decryption helpers in `tenant-database.service.ts`
### Frontend Changes
1. **Composables**
- `useSoftphone.ts` - Global state management with WebSocket
2. **Components**
- `SoftphoneDialog.vue` - Full softphone UI with dialer, call controls, AI features
- Integrated into `default.vue` layout
- Added button to `AppSidebar.vue` with incoming call indicator
3. **Pages**
- `settings/integrations.vue` - Configure Twilio and OpenAI credentials
4. **Dependencies**
- Added `socket.io-client` for WebSocket connectivity
### Documentation
1. `SOFTPHONE_IMPLEMENTATION.md` - Comprehensive technical documentation
2. `SOFTPHONE_QUICK_START.md` - User-friendly setup guide
## 🎯 Key Features
- ✅ Outbound calling with dialer
- ✅ Inbound call notifications with ringtone
- ✅ Real-time call controls (mute, DTMF, hang up)
- ✅ Call history tracking
- ✅ AI-powered transcription (OpenAI Realtime)
- ✅ AI suggestions during calls
- ✅ Tool calling for CRM actions
- ✅ Multi-tenant with encrypted credentials per tenant
- ✅ WebSocket-based real-time communication
- ✅ Responsive UI with shadcn-vue components
## 📦 New Dependencies
### Backend
```json
{
"@fastify/websocket": "^latest",
"@nestjs/websockets": "^10.x",
"@nestjs/platform-socket.io": "^10.x",
"socket.io": "^latest",
"twilio": "^latest",
"openai": "^latest",
"ws": "^latest"
}
```
### Frontend
```json
{
"socket.io-client": "^latest"
}
```
## 🚀 Quick Start
### 1. Run Migrations
```bash
cd backend
npx prisma generate --schema=./prisma/schema-central.prisma
npm run migrate:all-tenants
```
### 2. Configure Tenant
1. Log into tenant account
2. Go to Settings → Integrations
3. Add Twilio credentials (Account SID, Auth Token, Phone Number)
4. Add OpenAI API key (optional, for AI features)
5. Save configuration
### 3. Use Softphone
1. Click "Softphone" button in sidebar
2. Enter phone number and click "Call"
3. Or receive incoming calls automatically
## 🔐 Security
- All credentials encrypted with AES-256-CBC
- JWT authentication for WebSocket connections
- Tenant isolation via database-per-tenant architecture
- Sensitive fields masked in API responses
## 📊 Database Changes
### Central Database
```sql
ALTER TABLE tenants ADD COLUMN integrationsConfig JSON;
```
### Tenant Databases
```sql
CREATE TABLE calls (
id VARCHAR(36) PRIMARY KEY,
call_sid VARCHAR(100) UNIQUE NOT NULL,
direction ENUM('inbound', 'outbound'),
from_number VARCHAR(20),
to_number VARCHAR(20),
status VARCHAR(20),
duration_seconds INT,
recording_url VARCHAR(500),
ai_transcript TEXT,
ai_summary TEXT,
ai_insights JSON,
user_id VARCHAR(36),
started_at TIMESTAMP,
ended_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id)
);
```
## 🎨 UI Components
- **SoftphoneDialog**: Main softphone interface
- Dialer with numeric keypad
- Incoming call banner with accept/reject
- Active call controls
- Real-time transcript view
- AI suggestions panel
- Recent calls list
- **Sidebar Integration**: Phone button with notification badge
## 🔄 API Endpoints
### REST
- `POST /api/voice/call` - Initiate call
- `GET /api/voice/calls` - Get call history
- `GET /api/tenant/integrations` - Get config
- `PUT /api/tenant/integrations` - Update config
### WebSocket (`/voice` namespace)
- `call:initiate` - Start outbound call
- `call:accept` - Accept incoming call
- `call:reject` - Reject incoming call
- `call:end` - End active call
- `call:dtmf` - Send DTMF tone
- `ai:transcript` - Receive transcription
- `ai:suggestion` - Receive AI suggestion
## ⚠️ Known Limitations
1. **Media Streaming**: Twilio Media Streams WebSocket not fully implemented
2. **Call Routing**: Basic inbound call handling (no intelligent routing yet)
3. **RBAC**: Voice-specific permissions not yet integrated
4. **Audio Muting**: UI present but actual audio muting not implemented
5. **Queue System**: No call queue management (single call at a time)
## 🔮 Future Enhancements
1. Full Twilio Media Streams integration for audio forking
2. Intelligent call routing (availability-based, round-robin, skills-based)
3. Call queue management with BullMQ
4. RBAC permissions (`voice.make_calls`, `voice.receive_calls`)
5. WebRTC for browser-based audio
6. Call analytics dashboard
7. IVR (Interactive Voice Response) system
8. Call recording download and playback
9. Voicemail support
## 🧪 Testing
### Manual Testing Checklist
- [ ] Install dependencies
- [ ] Run migrations
- [ ] Configure Twilio credentials
- [ ] Make outbound call
- [ ] Receive inbound call (requires public webhook URL)
- [ ] Test call controls (mute, DTMF, hang up)
- [ ] Configure OpenAI and test AI features
- [ ] Check call history
- [ ] Test on multiple browsers
### Twilio Test Mode
Use Twilio test credentials for development without making real calls.
## 📚 Documentation
See `/docs/` for detailed documentation:
- `SOFTPHONE_IMPLEMENTATION.md` - Technical details
- `SOFTPHONE_QUICK_START.md` - User guide
## 🐛 Troubleshooting
| Issue | Solution |
|-------|----------|
| Build errors | Run `npm install` in both backend and frontend |
| WebSocket connection fails | Check BACKEND_URL env variable |
| Calls not working | Verify Twilio credentials in Settings → Integrations |
| AI features not working | Add OpenAI API key in integrations settings |
## 👥 Contributors
Implemented by: GitHub Copilot (Claude Sonnet 4.5)
---
**Status**: ✅ Ready for testing
**Version**: 1.0.0
**Date**: January 3, 2026

65
docs/TWILIO_SETUP.md
View File

@@ -1,65 +0,0 @@
# Twilio Setup Guide for Softphone
## Prerequisites
- Twilio account with a phone number
- Account SID and Auth Token
## Basic Setup (Current - Makes calls but no browser audio)
Currently, the softphone initiates calls through Twilio's REST API, but the audio doesn't flow through the browser. The calls go directly to your mobile device with a simple TwiML message.
## Full Browser Audio Setup (Requires additional configuration)
To enable actual softphone functionality where audio flows through your browser's microphone and speakers, you need:
### Option 1: Twilio Client SDK (Recommended)
1. **Create a TwiML App in Twilio Console**
- Go to https://console.twilio.com/us1/develop/voice/manage/twiml-apps
- Click "Create new TwiML App"
- Name it (e.g., "RouteBox Softphone")
- Set Voice URL to: `https://yourdomain.com/api/voice/twiml/outbound`
- Set Voice Method to: `POST`
- Save and copy the TwiML App SID
2. **Create an API Key**
- Go to https://console.twilio.com/us1/account/keys-credentials/api-keys
- Click "Create API key"
- Give it a friendly name
- Copy both the SID and Secret (you won't be able to see the secret again)
3. **Add credentials to Settings > Integrations**
- Account SID (from main dashboard)
- Auth Token (from main dashboard)
- Phone Number (your Twilio number)
- API Key SID (from step 2)
- API Secret (from step 2)
- TwiML App SID (from step 1)
### Option 2: Twilio Media Streams (Alternative - More complex)
Uses WebSocket to stream audio bidirectionally:
- Requires WebSocket server setup
- More control over audio processing
- Can integrate with OpenAI Realtime API more easily
## Current Status
The system works but audio doesn't flow through browser because:
1. Calls are made via REST API only
2. No Twilio Client SDK integration yet
3. TwiML returns simple voice message
To enable browser audio, you need to:
1. Complete the Twilio setup above
2. Implement the frontend Twilio Device connection
3. Modify TwiML to dial the browser client instead of just the phone number
## Quick Test (Current Setup)
1. Save your Account SID, Auth Token, and Phone Number in Settings > Integrations
2. Click the phone icon in sidebar
3. Enter a phone number and click "Call"
4. You should receive a call that says "This is a test call from your softphone"
The call works, but audio doesn't route through your browser - it's just a regular phone call initiated by the API.

26
frontend/components/AppSidebar.vue
View File

@@ -17,12 +17,10 @@ import {
SidebarRail,
} from '@/components/ui/sidebar'
import { Collapsible, CollapsibleContent, CollapsibleTrigger } from '@/components/ui/collapsible'
import { LayoutGrid, Boxes, Settings, Home, ChevronRight, Database, Layers, LogOut, Users, Globe, Building, Phone } from 'lucide-vue-next'
import { useSoftphone } from '~/composables/useSoftphone'
import { LayoutGrid, Boxes, Settings, Home, ChevronRight, Database, Layers, LogOut, Users, Globe, Building } from 'lucide-vue-next'
const { logout } = useAuth()
const { api } = useApi()
const softphone = useSoftphone()
const handleLogout = async () => {
await logout()
@@ -107,21 +105,6 @@ const staticMenuItems = [
url: '/setup/objects',
icon: Boxes,
},
{
title: 'Users',
url: '/setup/users',
icon: Users,
},
{
title: 'Roles',
url: '/setup/roles',
icon: Layers,
},
{
title: 'Integrations',
url: '/settings/integrations',
icon: Settings,
},
],
},
]
@@ -335,13 +318,6 @@ const centralAdminMenuItems: Array<{
</SidebarContent>
<SidebarFooter>
<SidebarMenu>
<SidebarMenuItem v-if="!isCentralAdmin">
<SidebarMenuButton @click="softphone.open" class="cursor-pointer hover:bg-accent">
<Phone class="h-4 w-4" />
<span>Softphone</span>
<span v-if="softphone.hasIncomingCall.value" class="ml-auto h-2 w-2 rounded-full bg-red-500 animate-pulse"></span>
</SidebarMenuButton>
</SidebarMenuItem>
<SidebarMenuItem>
<SidebarMenuButton @click="handleLogout" class="cursor-pointer hover:bg-accent">
<LogOut class="h-4 w-4" />

344
frontend/components/FieldLevelSecurity.vue
View File

@@ -1,344 +0,0 @@
<template>
<Card>
<CardHeader>
<CardTitle>Field-Level Security</CardTitle>
<CardDescription>
Control which fields each role can read and edit
</CardDescription>
</CardHeader>
<CardContent>
<div v-if="loading" class="flex items-center justify-center py-8">
<div class="animate-spin rounded-full h-8 w-8 border-b-2 border-primary"></div>
</div>
<div v-else-if="roles.length === 0" class="text-sm text-muted-foreground py-4">
No roles available. Create roles first to manage field-level permissions.
</div>
<div v-else class="space-y-6">
<!-- Role Selector -->
<div class="space-y-2">
<Label>Select Role</Label>
<Select v-model="selectedRoleId" @update:model-value="(value) => selectedRoleId = value">
<SelectTrigger class="w-full">
<SelectValue placeholder="Choose a role to configure permissions" />
</SelectTrigger>
<SelectContent>
<SelectItem v-for="role in roles" :key="role.id" :value="role.id">
{{ role.name }}
</SelectItem>
</SelectContent>
</Select>
</div>
<!-- Object-Level Permissions -->
<div v-if="selectedRoleId" class="space-y-2">
<h3 class="text-sm font-medium">Object-Level Permissions</h3>
<div class="rounded-md border">
<table class="w-full">
<thead>
<tr class="border-b bg-muted/50">
<th class="p-3 text-left font-medium">Permission</th>
<th class="p-3 text-center font-medium">Enabled</th>
</tr>
</thead>
<tbody>
<tr class="border-b hover:bg-muted/30">
<td class="p-3">Create</td>
<td class="p-3 text-center">
<Checkbox
:model-value="objectPermissions.canCreate"
@update:model-value="(checked: boolean) => updateObjectPermission('canCreate', checked)"
/>
</td>
</tr>
<tr class="border-b hover:bg-muted/30">
<td class="p-3">Read</td>
<td class="p-3 text-center">
<Checkbox
:model-value="objectPermissions.canRead"
@update:model-value="(checked: boolean) => updateObjectPermission('canRead', checked)"
/>
</td>
</tr>
<tr class="border-b hover:bg-muted/30">
<td class="p-3">Edit</td>
<td class="p-3 text-center">
<Checkbox
:model-value="objectPermissions.canEdit"
@update:model-value="(checked: boolean) => updateObjectPermission('canEdit', checked)"
/>
</td>
</tr>
<tr class="border-b hover:bg-muted/30">
<td class="p-3">Delete</td>
<td class="p-3 text-center">
<Checkbox
:model-value="objectPermissions.canDelete"
@update:model-value="(checked: boolean) => updateObjectPermission('canDelete', checked)"
/>
</td>
</tr>
<tr class="border-b hover:bg-muted/30">
<td class="p-3">View All</td>
<td class="p-3 text-center">
<Checkbox
:model-value="objectPermissions.canViewAll"
@update:model-value="(checked: boolean) => updateObjectPermission('canViewAll', checked)"
/>
</td>
</tr>
<tr class="hover:bg-muted/30">
<td class="p-3">Modify All</td>
<td class="p-3 text-center">
<Checkbox
:model-value="objectPermissions.canModifyAll"
@update:model-value="(checked: boolean) => updateObjectPermission('canModifyAll', checked)"
/>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<!-- Field-Level Permissions -->
<div v-if="selectedRoleId" class="space-y-2">
<h3 class="text-sm font-medium">Field-Level Permissions</h3>
<div class="rounded-md border">
<table class="w-full">
<thead>
<tr class="border-b bg-muted/50">
<th class="p-3 text-left font-medium">Field</th>
<th class="p-3 text-center font-medium">Read</th>
<th class="p-3 text-center font-medium">Edit</th>
</tr>
</thead>
<tbody>
<tr
v-for="field in fields"
:key="field.id"
class="border-b hover:bg-muted/30"
>
<td class="p-3">
<div>
<div class="font-medium">{{ field.label }}</div>
<div class="text-xs text-muted-foreground">{{ field.apiName }}</div>
</div>
</td>
<td class="p-3 text-center">
<Checkbox
:model-value="hasPermission(field.id, selectedRoleId, 'read')"
@update:model-value="(checked: boolean) => updatePermission(field.id, selectedRoleId, 'read', checked)"
:disabled="field.isSystem"
/>
</td>
<td class="p-3 text-center">
<Checkbox
:model-value="hasPermission(field.id, selectedRoleId, 'edit')"
@update:model-value="(checked: boolean) => updatePermission(field.id, selectedRoleId, 'edit', checked)"
:disabled="field.isSystem || !hasPermission(field.id, selectedRoleId, 'read')"
/>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="flex items-center gap-2 text-sm text-muted-foreground">
<Info class="h-4 w-4" />
<span>System fields are always readable. Edit permissions require read permission first. Changes save automatically.</span>
</div>
<div v-if="saving" class="flex items-center gap-2 text-sm text-primary">
<div class="animate-spin rounded-full h-4 w-4 border-b-2 border-primary"></div>
<span>Saving...</span>
</div>
</div>
</CardContent>
</Card>
</template>
<script setup lang="ts">
import { ref, onMounted, computed, watch } from 'vue';
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '~/components/ui/card';
import { Checkbox } from '~/components/ui/checkbox';
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '~/components/ui/select';
import { Label } from '~/components/ui/label';
import { Info } from 'lucide-vue-next';
const props = defineProps<{
objectId: string;
objectApiName: string;
fields: any[];
}>();
const { api } = useApi();
const { toast } = useToast();
const loading = ref(true);
const saving = ref(false);
const roles = ref<any[]>([]);
const selectedRoleId = ref<string>('');
const permissions = ref<Map<string, Map<string, { canRead: boolean; canEdit: boolean }>>>(new Map());
const objectPermissions = ref({
canCreate: false,
canRead: false,
canEdit: false,
canDelete: false,
canViewAll: false,
canModifyAll: false,
});
// Load roles and permissions
onMounted(async () => {
try {
loading.value = true;
// Load roles
const rolesResponse = await api.get('/setup/roles');
roles.value = rolesResponse || [];
// Load existing permissions for this object
const permsResponse = await api.get(`/setup/objects/${props.objectId}/field-permissions`);
// Build permissions map: fieldId -> roleId -> {canRead, canEdit}
const permsMap = new Map();
if (permsResponse && Array.isArray(permsResponse)) {
for (const perm of permsResponse) {
if (!permsMap.has(perm.fieldDefinitionId)) {
permsMap.set(perm.fieldDefinitionId, new Map());
}
permsMap.get(perm.fieldDefinitionId).set(perm.roleId, {
canRead: Boolean(perm.canRead),
canEdit: Boolean(perm.canEdit),
});
}
}
permissions.value = permsMap;
} catch (error: any) {
console.error('Failed to load field permissions:', error);
toast.error('Failed to load field permissions');
} finally {
loading.value = false;
}
});
const hasPermission = (fieldId: string, roleId: string, type: 'read' | 'edit'): boolean => {
const fieldPerms = permissions.value.get(fieldId);
if (!fieldPerms) return true; // Default to true if no permissions set
const rolePerm = fieldPerms.get(roleId);
if (!rolePerm) return true; // Default to true if no permissions set
const value = type === 'read' ? rolePerm.canRead : rolePerm.canEdit;
return Boolean(value); // Convert 1/0 to true/false
};
const updatePermission = async (fieldId: string, roleId: string, type: 'read' | 'edit', checked: boolean) => {
try {
saving.value = true;
// Get current permissions
if (!permissions.value.has(fieldId)) {
permissions.value.set(fieldId, new Map());
}
const fieldPerms = permissions.value.get(fieldId)!;
if (!fieldPerms.has(roleId)) {
fieldPerms.set(roleId, { canRead: true, canEdit: true });
}
const perm = fieldPerms.get(roleId)!;
// Update permission
if (type === 'read') {
perm.canRead = checked;
// If disabling read, also disable edit
if (!checked) {
perm.canEdit = false;
}
} else {
perm.canEdit = checked;
// If enabling edit, also enable read
if (checked) {
perm.canRead = true;
}
}
// Save to backend
await api.put(`/setup/objects/${props.objectId}/field-permissions`, {
roleId,
fieldDefinitionId: fieldId,
canRead: perm.canRead,
canEdit: perm.canEdit,
});
toast.success('Permission updated');
} catch (error: any) {
console.error('Failed to update field permission:', error);
toast.error(error.message || 'Failed to update permission');
// Revert change
if (!permissions.value.has(fieldId)) return;
const fieldPerms = permissions.value.get(fieldId)!;
if (!fieldPerms.has(roleId)) return;
const perm = fieldPerms.get(roleId)!;
if (type === 'read') {
perm.canRead = !checked;
} else {
perm.canEdit = !checked;
}
} finally {
saving.value = false;
}
};
const updateObjectPermission = async (permission: string, checked: boolean) => {
if (!selectedRoleId.value) return;
try {
saving.value = true;
// Update local state
(objectPermissions.value as any)[permission] = checked;
// Save to backend
await api.put(`/setup/objects/${props.objectApiName}/permissions`, {
roleId: selectedRoleId.value,
...objectPermissions.value,
});
toast.success('Object permission updated');
} catch (error: any) {
console.error('Failed to update object permission:', error);
toast.error(error.message || 'Failed to update permission');
// Revert change
(objectPermissions.value as any)[permission] = !checked;
} finally {
saving.value = false;
}
};
// Load object permissions when role changes
watch(selectedRoleId, async (roleId) => {
if (!roleId) return;
try {
const response = await api.get(`/setup/objects/${props.objectApiName}/permissions/${roleId}`);
if (response) {
objectPermissions.value = {
canCreate: Boolean(response.canCreate),
canRead: Boolean(response.canRead),
canEdit: Boolean(response.canEdit),
canDelete: Boolean(response.canDelete),
canViewAll: Boolean(response.canViewAll),
canModifyAll: Boolean(response.canModifyAll),
};
}
} catch (error: any) {
console.error('Failed to load object permissions:', error);
}
});
</script>

345
frontend/components/ObjectAccessSettings.vue
View File

@@ -1,119 +1,262 @@
<template>
<div class="space-y-6">
<Card>
<CardHeader>
<CardTitle>Org-Wide Default</CardTitle>
<CardDescription>
Control the baseline visibility for records of this object
</CardDescription>
</CardHeader>
<CardContent class="space-y-4">
<div class="space-y-2">
<Label for="orgWideDefault">Record Visibility</Label>
<Select v-model="localOrgWideDefault" @update:model-value="handleOrgWideDefaultChange">
<SelectTrigger id="orgWideDefault">
<SelectValue placeholder="Select visibility level" />
</SelectTrigger>
<SelectContent>
<SelectItem value="private">
<div>
<div class="font-semibold">Private</div>
<div class="text-xs text-muted-foreground">Only record owner can see</div>
</div>
</SelectItem>
<SelectItem value="public_read">
<div>
<div class="font-semibold">Public Read Only</div>
<div class="text-xs text-muted-foreground">Everyone can read, only owner can edit/delete</div>
</div>
</SelectItem>
<SelectItem value="public_read_write">
<div>
<div class="font-semibold">Public Read/Write</div>
<div class="text-xs text-muted-foreground">Everyone can read, edit, and delete all records</div>
</div>
</SelectItem>
</SelectContent>
</Select>
<p class="text-sm text-muted-foreground">
This setting controls who can see records by default. Individual user permissions are granted through roles.
</p>
</div>
</CardContent>
</Card>
<FieldLevelSecurity
v-if="objectId && objectApiName && fields && fields.length > 0"
:object-id="objectId"
:object-api-name="objectApiName"
:fields="fields"
/>
<div v-if="loading" class="text-center py-8">Loading access settings...</div>
<div v-else-if="!objectId" class="text-sm text-muted-foreground">
Object ID not available
</div>
<div v-else-if="!fields || fields.length === 0" class="text-sm text-muted-foreground">
No fields available
<div v-else class="space-y-6">
<!-- Global Access Model -->
<Card>
<CardHeader>
<CardTitle>Global Access Model</CardTitle>
<CardDescription>
Define the default access control model for this object
</CardDescription>
</CardHeader>
<CardContent class="space-y-4">
<div class="space-y-2">
<Label>Access Model</Label>
<Select v-model="accessModel">
<SelectTrigger>
<SelectValue placeholder="Select access model" />
</SelectTrigger>
<SelectContent>
<SelectItem value="public">Public - Anyone can access</SelectItem>
<SelectItem value="owner">Owner Only - Only record owner can access</SelectItem>
<SelectItem value="mixed">Mixed - Owner plus role/share-based access</SelectItem>
</SelectContent>
</Select>
<p class="text-sm text-muted-foreground">
<span v-if="accessModel === 'public'">
All users can access records by default
</span>
<span v-else-if="accessModel === 'owner'">
Only the record owner can access records
</span>
<span v-else-if="accessModel === 'mixed'">
Record owner has access, plus role-based and sharing rules apply
</span>
</p>
</div>
<div class="space-y-2">
<Label>Owner Field</Label>
<Input v-model="ownerField" placeholder="ownerId" />
<p class="text-sm text-muted-foreground">
The field name that stores the record owner's ID
</p>
</div>
<div class="space-y-3">
<Label>Public Permissions</Label>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<Checkbox
id="public-read"
v-model:checked="publicRead"
/>
<Label for="public-read" class="cursor-pointer font-normal">Public Read</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
id="public-create"
v-model:checked="publicCreate"
/>
<Label for="public-create" class="cursor-pointer font-normal">Public Create</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
id="public-update"
v-model:checked="publicUpdate"
/>
<Label for="public-update" class="cursor-pointer font-normal">Public Update</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
id="public-delete"
v-model:checked="publicDelete"
/>
<Label for="public-delete" class="cursor-pointer font-normal">Public Delete</Label>
</div>
</div>
</div>
</CardContent>
</Card>
<!-- Field-Level Permissions -->
<Card>
<CardHeader>
<CardTitle>Field-Level Permissions</CardTitle>
<CardDescription>
Set default read/write permissions for individual fields
</CardDescription>
</CardHeader>
<CardContent>
<div class="space-y-2">
<div
v-for="field in fields"
:key="field.apiName"
class="flex items-center justify-between p-3 border rounded-lg"
>
<div class="flex-1">
<div class="font-medium">{{ field.label }}</div>
<div class="text-sm text-muted-foreground">{{ field.apiName }}</div>
</div>
<div class="flex items-center gap-4">
<div class="flex items-center space-x-2">
<Checkbox
:id="`${field.apiName}-read`"
:checked="getFieldPermission(field.apiName, 'read')"
@update:checked="(val) => setFieldPermission(field.apiName, 'read', val)"
/>
<Label :for="`${field.apiName}-read`" class="cursor-pointer">Read</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
:id="`${field.apiName}-write`"
:checked="getFieldPermission(field.apiName, 'write')"
@update:checked="(val) => setFieldPermission(field.apiName, 'write', val)"
/>
<Label :for="`${field.apiName}-write`" class="cursor-pointer">Write</Label>
</div>
</div>
</div>
</div>
</CardContent>
</Card>
<!-- Save Button -->
<div class="flex justify-end">
<Button @click="saveChanges" :disabled="saving">
{{ saving ? 'Saving...' : 'Save Changes' }}
</Button>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, watch } from 'vue';
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '~/components/ui/card';
import { Label } from '~/components/ui/label';
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '~/components/ui/select';
import FieldLevelSecurity from '~/components/FieldLevelSecurity.vue';
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label'
import { Checkbox } from '@/components/ui/checkbox'
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'
const props = defineProps<{
objectApiName: string;
objectId?: string;
orgWideDefault?: string;
fields?: any[];
}>();
interface Props {
objectApiName: string
fields: any[]
}
const emit = defineEmits<{
update: [orgWideDefault: string];
}>();
const props = defineProps<Props>()
const emit = defineEmits(['updated'])
const { $api } = useNuxtApp();
const { showToast } = useToast();
const { api } = useApi()
const { toast } = useToast()
const localOrgWideDefault = ref(props.orgWideDefault || 'private');
const loading = ref(true)
const saving = ref(false)
// Watch for prop changes
watch(() => props.orgWideDefault, (newValue) => {
if (newValue) {
localOrgWideDefault.value = newValue;
}
});
const accessModel = ref<string>('owner')
const publicRead = ref<boolean>(false)
const publicCreate = ref<boolean>(false)
const publicUpdate = ref<boolean>(false)
const publicDelete = ref<boolean>(false)
const ownerField = ref<string>('ownerId')
const handleOrgWideDefaultChange = async (value: string) => {
const fieldPermissions = ref<Record<string, { defaultReadable: boolean; defaultWritable: boolean }>>({})
const fetchAccessConfig = async () => {
try {
// Update object definition
await $api(`/api/setup/objects/${props.objectApiName}`, {
method: 'PATCH',
body: {
orgWideDefault: value
}
});
loading.value = true
const data = await api.get(`/setup/objects/${props.objectApiName}/access`)
accessModel.value = data.accessModel || 'owner'
publicRead.value = Boolean(data.publicRead)
publicCreate.value = Boolean(data.publicCreate)
publicUpdate.value = Boolean(data.publicUpdate)
publicDelete.value = Boolean(data.publicDelete)
ownerField.value = data.ownerField || 'ownerId'
showToast({
title: 'Success',
description: 'Org-Wide Default saved successfully',
variant: 'default'
});
emit('update', value);
} catch (error: any) {
console.error('Failed to update org-wide default:', error);
showToast({
title: 'Error',
description: error.data?.message || 'Failed to save changes',
variant: 'destructive'
});
// Initialize field permissions from field definitions
fieldPermissions.value = {}
if (data.fields && data.fields.length > 0) {
data.fields.forEach((field: any) => {
fieldPermissions.value[field.apiName] = {
defaultReadable: Boolean(field.defaultReadable ?? true),
defaultWritable: Boolean(field.defaultWritable ?? true),
}
})
} else {
// Initialize all fields with default permissions
props.fields.forEach((field) => {
fieldPermissions.value[field.apiName] = {
defaultReadable: true,
defaultWritable: true,
}
})
}
} catch (e: any) {
console.error('Error fetching access config:', e)
toast.error('Failed to load access settings')
} finally {
loading.value = false
}
};
}
const getFieldPermission = (fieldKey: string, type: 'read' | 'write'): boolean => {
const perms = fieldPermissions.value[fieldKey]
if (!perms) return true
const value = type === 'read' ? perms.defaultReadable : perms.defaultWritable
return Boolean(value)
}
const setFieldPermission = (fieldKey: string, type: 'read' | 'write', value: boolean) => {
if (!fieldPermissions.value[fieldKey]) {
fieldPermissions.value[fieldKey] = { defaultReadable: true, defaultWritable: true }
}
if (type === 'read') {
fieldPermissions.value[fieldKey].defaultReadable = Boolean(value)
} else {
fieldPermissions.value[fieldKey].defaultWritable = Boolean(value)
}
}
const saveChanges = async () => {
try {
saving.value = true
// Ensure all values are proper booleans
const payload = {
accessModel: accessModel.value,
publicRead: Boolean(publicRead.value),
publicCreate: Boolean(publicCreate.value),
publicUpdate: Boolean(publicUpdate.value),
publicDelete: Boolean(publicDelete.value),
ownerField: ownerField.value,
}
// Update global access config
await api.put(`/setup/objects/${props.objectApiName}/access`, payload)
// Update field permissions
const fieldPermsArray = Object.entries(fieldPermissions.value).map(([fieldKey, perms]) => ({
fieldKey,
defaultReadable: perms.defaultReadable,
defaultWritable: perms.defaultWritable,
}))
await api.put(`/setup/objects/${props.objectApiName}/field-permissions`, fieldPermsArray)
toast.success('Access settings saved successfully')
emit('updated')
} catch (e: any) {
console.error('Error saving access config:', e)
toast.error('Failed to save access settings')
} finally {
saving.value = false
}
}
onMounted(() => {
fetchAccessConfig()
})
</script>

284
frontend/components/RecordShareDialog.vue Normal file
View File

@@ -0,0 +1,284 @@
<template>
<Dialog :open="open" @update:open="handleClose">
<DialogContent class="max-w-2xl">
<DialogHeader>
<DialogTitle>Share Record</DialogTitle>
<DialogDescription>
Grant access to this record to other users
</DialogDescription>
</DialogHeader>
<div class="space-y-6 py-4">
<!-- Existing Shares -->
<div v-if="shares.length > 0" class="space-y-3">
<h3 class="text-sm font-semibold">Current Shares</h3>
<div
v-for="share in shares"
:key="share.id"
class="flex items-center justify-between p-3 border rounded-lg"
>
<div class="flex-1">
<div class="font-medium">{{ share.granteeUser?.email || 'Unknown User' }}</div>
<div class="text-sm text-muted-foreground">
Permissions: {{ share.actions.join(', ') }}
<span v-if="share.fields">(Limited fields)</span>
</div>
<div v-if="share.expiresAt" class="text-xs text-muted-foreground">
Expires: {{ formatDate(share.expiresAt) }}
</div>
</div>
<Button
variant="ghost"
size="sm"
@click="handleRevokeShare(share.id)"
>
<X class="w-4 h-4" />
</Button>
</div>
</div>
<!-- Add New Share Form -->
<div class="space-y-4 border-t pt-4">
<h3 class="text-sm font-semibold">Add New Share</h3>
<div class="space-y-2">
<Label>User Email</Label>
<Input
v-model="newShare.userEmail"
placeholder="user@example.com"
type="email"
/>
</div>
<div class="space-y-2">
<Label>Permissions</Label>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<Checkbox
id="perm-read"
:checked="newShare.permissions.read"
@update:checked="(val) => newShare.permissions.read = val"
/>
<Label for="perm-read" class="cursor-pointer">Read</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
id="perm-update"
:checked="newShare.permissions.update"
@update:checked="(val) => newShare.permissions.update = val"
/>
<Label for="perm-update" class="cursor-pointer">Update</Label>
</div>
</div>
</div>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<Checkbox
id="field-scoped"
:checked="newShare.fieldScoped"
@update:checked="(val) => newShare.fieldScoped = val"
/>
<Label for="field-scoped" class="cursor-pointer">Limit to specific fields</Label>
</div>
<div v-if="newShare.fieldScoped" class="ml-6 space-y-2 border-l-2 pl-4">
<Label class="text-sm">Select Fields</Label>
<div class="space-y-1 max-h-48 overflow-y-auto">
<div
v-for="field in fields"
:key="field.apiName"
class="flex items-center space-x-2"
>
<Checkbox
:id="`field-${field.apiName}`"
:checked="newShare.selectedFields.includes(field.apiName)"
@update:checked="(val) => handleFieldToggle(field.apiName, val)"
/>
<Label :for="`field-${field.apiName}`" class="cursor-pointer text-sm">
{{ field.label }}
</Label>
</div>
</div>
</div>
</div>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<Checkbox
id="has-expiry"
:checked="newShare.hasExpiry"
@update:checked="(val) => newShare.hasExpiry = val"
/>
<Label for="has-expiry" class="cursor-pointer">Set expiration date</Label>
</div>
<Input
v-if="newShare.hasExpiry"
v-model="newShare.expiryDate"
type="datetime-local"
class="ml-6"
/>
</div>
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="handleClose">Cancel</Button>
<Button @click="handleAddShare" :disabled="!canAddShare || saving">
{{ saving ? 'Sharing...' : 'Share' }}
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
</template>
<script setup lang="ts">
import { X } from 'lucide-vue-next'
import {
Dialog,
DialogContent,
DialogDescription,
DialogFooter,
DialogHeader,
DialogTitle,
} from '@/components/ui/dialog'
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label'
import { Checkbox } from '@/components/ui/checkbox'
interface Props {
open: boolean
objectDefinitionId: string
recordId: string
fields?: any[]
}
const props = withDefaults(defineProps<Props>(), {
fields: () => []
})
const emit = defineEmits(['close', 'shared'])
const { api } = useApi()
const { toast } = useToast()
const shares = ref<any[]>([])
const loading = ref(false)
const saving = ref(false)
const newShare = ref({
userEmail: '',
permissions: {
read: true,
update: false,
},
fieldScoped: false,
selectedFields: [] as string[],
hasExpiry: false,
expiryDate: '',
})
const canAddShare = computed(() => {
return newShare.value.userEmail && (newShare.value.permissions.read || newShare.value.permissions.update)
})
const fetchShares = async () => {
try {
loading.value = true
shares.value = await api.get(`/shares/record/${props.objectDefinitionId}/${props.recordId}`)
} catch (e: any) {
console.error('Error fetching shares:', e)
} finally {
loading.value = false
}
}
const handleFieldToggle = (fieldKey: string, checked: boolean) => {
if (checked) {
if (!newShare.value.selectedFields.includes(fieldKey)) {
newShare.value.selectedFields.push(fieldKey)
}
} else {
newShare.value.selectedFields = newShare.value.selectedFields.filter(f => f !== fieldKey)
}
}
const handleAddShare = async () => {
try {
saving.value = true
// First, find user by email (you'll need an endpoint for this)
// For now, we'll assume the email is actually a user ID
const actions = []
if (newShare.value.permissions.read) actions.push('read')
if (newShare.value.permissions.update) actions.push('update')
const payload: any = {
objectDefinitionId: props.objectDefinitionId,
recordId: props.recordId,
granteeUserId: newShare.value.userEmail, // Should be user ID, not email
actions,
}
if (newShare.value.fieldScoped && newShare.value.selectedFields.length > 0) {
payload.fields = newShare.value.selectedFields
}
if (newShare.value.hasExpiry && newShare.value.expiryDate) {
payload.expiresAt = new Date(newShare.value.expiryDate).toISOString()
}
await api.post('/shares', payload)
toast.success('Record shared successfully')
await fetchShares()
// Reset form
newShare.value = {
userEmail: '',
permissions: { read: true, update: false },
fieldScoped: false,
selectedFields: [],
hasExpiry: false,
expiryDate: '',
}
emit('shared')
} catch (e: any) {
console.error('Error creating share:', e)
toast.error('Failed to share record')
} finally {
saving.value = false
}
}
const handleRevokeShare = async (shareId: string) => {
if (!confirm('Are you sure you want to revoke this share?')) return
try {
await api.delete(`/shares/${shareId}`)
toast.success('Share revoked successfully')
await fetchShares()
emit('shared')
} catch (e: any) {
console.error('Error revoking share:', e)
toast.error('Failed to revoke share')
}
}
const formatDate = (date: string) => {
return new Date(date).toLocaleDateString()
}
const handleClose = () => {
emit('close')
}
watch(() => props.open, (isOpen) => {
if (isOpen) {
fetchShares()
}
})
</script>

373
frontend/components/RecordShareManager.vue Normal file
View File

@@ -0,0 +1,373 @@
<template>
<div class="space-y-4">
<!-- Existing Shares List -->
<Card>
<CardHeader>
<CardTitle>Current Shares</CardTitle>
<CardDescription>Users who have access to this record</CardDescription>
</CardHeader>
<CardContent>
<div v-if="loading" class="flex justify-center py-8">
<div class="animate-spin h-8 w-8 border-4 border-primary border-t-transparent rounded-full"></div>
</div>
<div v-else-if="shares.length === 0" class="text-center py-8 text-muted-foreground">
No shares yet. Click "Add Share" to share this record.
</div>
<div v-else class="space-y-2">
<div
v-for="share in shares"
:key="share.id"
class="flex items-center justify-between p-3 border rounded-lg"
>
<div class="flex-1">
<div class="font-medium">{{ getUserName(share.granteeUser) }}</div>
<div class="text-sm text-muted-foreground">
Access: {{ formatActions(share.actions) }}
<span v-if="share.fields && share.fields.length > 0">
Fields: {{ share.fields.join(', ') }}
</span>
<span v-if="share.expiresAt">
Expires: {{ formatDate(share.expiresAt) }}
</span>
</div>
<div class="text-xs text-muted-foreground mt-1">
Granted by {{ getUserName(share.grantedByUser) }}
on {{ formatDate(share.createdAt) }}
</div>
</div>
<Button
variant="ghost"
size="sm"
@click="revokeShare(share.id)"
:disabled="revoking === share.id"
>
<Trash2 class="h-4 w-4" />
</Button>
</div>
</div>
</CardContent>
</Card>
<!-- Add New Share -->
<Card>
<CardHeader>
<CardTitle>Add Share</CardTitle>
<CardDescription>Grant access to another user</CardDescription>
</CardHeader>
<CardContent class="space-y-4">
<!-- User Selection -->
<div class="space-y-2">
<Label for="user">User</Label>
<select
id="user"
v-model="newShare.userId"
class="w-full px-3 py-2 border rounded-md bg-background"
>
<option value="">Select a user</option>
<option
v-for="user in availableUsers"
:key="user.id"
:value="user.id"
>
{{ user.name }}
</option>
</select>
</div>
<!-- Access Level -->
<div class="space-y-2">
<Label>Access Level</Label>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<input
type="checkbox"
id="share-read"
v-model="newShare.canRead"
:disabled="!canGrantRead"
class="rounded border-gray-300"
/>
<Label
for="share-read"
class="font-normal cursor-pointer"
:class="{ 'text-muted-foreground': !canGrantRead }"
>
Read
<span v-if="!canGrantRead" class="text-xs">(You don't have read permission)</span>
</Label>
</div>
<div class="flex items-center space-x-2">
<input
type="checkbox"
id="share-update"
v-model="newShare.canUpdate"
:disabled="!canGrantUpdate"
class="rounded border-gray-300"
/>
<Label
for="share-update"
class="font-normal cursor-pointer"
:class="{ 'text-muted-foreground': !canGrantUpdate }"
>
Update
<span v-if="!canGrantUpdate" class="text-xs">(You don't have update permission)</span>
</Label>
</div>
<div class="flex items-center space-x-2">
<input
type="checkbox"
id="share-delete"
v-model="newShare.canDelete"
:disabled="!canGrantDelete"
class="rounded border-gray-300"
/>
<Label
for="share-delete"
class="font-normal cursor-pointer"
:class="{ 'text-muted-foreground': !canGrantDelete }"
>
Delete
<span v-if="!canGrantDelete" class="text-xs">(You don't have delete permission)</span>
</Label>
</div>
</div>
</div>
<!-- Field-Level Access (Optional) -->
<div class="space-y-2">
<div class="flex items-center space-x-2">
<input
type="checkbox"
id="limit-fields"
v-model="newShare.limitFields"
class="rounded border-gray-300"
/>
<Label for="limit-fields" class="font-normal cursor-pointer">
Limit access to specific fields
</Label>
</div>
<div v-if="newShare.limitFields" class="ml-6 space-y-2 mt-2">
<Label>Select Fields</Label>
<div class="space-y-1 max-h-48 overflow-y-auto border rounded p-2">
<div
v-for="field in availableFields"
:key="field.apiName"
class="flex items-center space-x-2"
>
<input
type="checkbox"
:id="`field-${field.apiName}`"
:value="field.apiName"
v-model="newShare.selectedFields"
class="rounded border-gray-300"
/>
<Label :for="`field-${field.apiName}`" class="font-normal cursor-pointer">
{{ field.label }}
</Label>
</div>
</div>
</div>
</div>
<!-- Expiration (Optional) -->
<div class="space-y-2">
<div class="flex items-center space-x-2">
<input
type="checkbox"
id="set-expiration"
v-model="newShare.hasExpiration"
class="rounded border-gray-300"
/>
<Label for="set-expiration" class="font-normal cursor-pointer">
Set expiration date
</Label>
</div>
<div v-if="newShare.hasExpiration" class="ml-6">
<input
type="datetime-local"
v-model="newShare.expiresAt"
class="w-full px-3 py-2 border rounded-md bg-background"
/>
</div>
</div>
<Button
@click="createShare"
:disabled="!canCreateShare || creating"
class="w-full"
>
<Share2 class="h-4 w-4 mr-2" />
{{ creating ? 'Creating...' : 'Add Share' }}
</Button>
</CardContent>
</Card>
</div>
</template>
<script setup lang="ts">
import { ref, computed, onMounted } from 'vue'
import { Share2, Trash2 } from 'lucide-vue-next'
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'
import { Button } from '@/components/ui/button'
import { Label } from '@/components/ui/label'
import { useApi } from '@/composables/useApi'
import { useToast } from '@/composables/useToast'
interface Props {
objectApiName: string
recordId: string
currentUserPermissions: {
canRead: boolean
canUpdate: boolean
canDelete: boolean
}
fields: Array<{ apiName: string; label: string }>
}
const props = defineProps<Props>()
const { api } = useApi()
const { showToast } = useToast()
const shares = ref<any[]>([])
const loading = ref(true)
const revoking = ref<string | null>(null)
const creating = ref(false)
const availableUsers = ref<any[]>([])
const newShare = ref({
userId: '',
canRead: true,
canUpdate: false,
canDelete: false,
limitFields: false,
selectedFields: [] as string[],
hasExpiration: false,
expiresAt: ''
})
const canGrantRead = computed(() => props.currentUserPermissions.canRead)
const canGrantUpdate = computed(() => props.currentUserPermissions.canUpdate)
const canGrantDelete = computed(() => props.currentUserPermissions.canDelete)
const availableFields = computed(() => {
return props.fields.filter(f => !['id', 'created_at', 'updated_at', 'ownerId'].includes(f.apiName))
})
const canCreateShare = computed(() => {
return newShare.value.userId &&
(newShare.value.canRead || newShare.value.canUpdate || newShare.value.canDelete)
})
const getUserName = (user: any) => {
if (!user) return 'Unknown'
return user.name || user.email || 'Unknown'
}
const formatActions = (actions: string[]) => {
return actions.map(a => a.charAt(0).toUpperCase() + a.slice(1)).join(', ')
}
const formatDate = (date: string) => {
return new Date(date).toLocaleDateString('en-US', {
year: 'numeric',
month: 'short',
day: 'numeric',
hour: '2-digit',
minute: '2-digit'
})
}
const fetchShares = async () => {
loading.value = true
try {
const response = await api.get(`/rbac/shares/${props.objectApiName}/${props.recordId}`)
shares.value = response
} catch (error) {
console.error('Failed to fetch shares:', error)
showToast('Failed to load shares', 'error')
} finally {
loading.value = false
}
}
const fetchAvailableUsers = async () => {
try {
const response = await api.get('/rbac/users')
availableUsers.value = response
} catch (error) {
console.error('Failed to fetch users:', error)
}
}
const createShare = async () => {
creating.value = true
try {
const actions: string[] = []
if (newShare.value.canRead) actions.push('read')
if (newShare.value.canUpdate) actions.push('update')
if (newShare.value.canDelete) actions.push('delete')
const payload: any = {
objectApiName: props.objectApiName,
recordId: props.recordId,
granteeUserId: newShare.value.userId,
actions
}
if (newShare.value.limitFields && newShare.value.selectedFields.length > 0) {
payload.fields = newShare.value.selectedFields
}
if (newShare.value.hasExpiration && newShare.value.expiresAt) {
payload.expiresAt = new Date(newShare.value.expiresAt).toISOString()
}
await api.post('/rbac/shares', payload)
showToast('Share created successfully', 'success')
// Reset form
newShare.value = {
userId: '',
canRead: true,
canUpdate: false,
canDelete: false,
limitFields: false,
selectedFields: [],
hasExpiration: false,
expiresAt: ''
}
await fetchShares()
} catch (error: any) {
console.error('Failed to create share:', error)
showToast(error.message || 'Failed to create share', 'error')
} finally {
creating.value = false
}
}
const revokeShare = async (shareId: string) => {
if (!confirm('Are you sure you want to revoke this share?')) return
revoking.value = shareId
try {
await api.delete(`/rbac/shares/${shareId}`)
showToast('Share revoked successfully', 'success')
await fetchShares()
} catch (error: any) {
console.error('Failed to revoke share:', error)
showToast(error.message || 'Failed to revoke share', 'error')
} finally {
revoking.value = null
}
}
onMounted(() => {
fetchShares()
fetchAvailableUsers()
})
</script>

348
frontend/components/RecordSharing.vue
View File

@@ -1,348 +0,0 @@
<template>
<div class="record-sharing space-y-4">
<div class="flex items-center justify-between">
<div>
<h3 class="text-lg font-semibold">Sharing</h3>
<p class="text-sm text-muted-foreground">
Grant access to specific users for this record
</p>
</div>
<Button @click="showShareDialog = true" size="sm">
<UserPlus class="h-4 w-4 mr-2" />
Share
</Button>
</div>
<!-- Loading State -->
<div v-if="loading" class="flex items-center justify-center py-8">
<div class="animate-spin rounded-full h-8 w-8 border-b-2 border-primary"></div>
</div>
<!-- Error State -->
<div v-else-if="error" class="text-sm text-destructive">
{{ error }}
</div>
<!-- Shares List -->
<div v-else-if="shares.length > 0" class="border rounded-lg">
<Table>
<TableHeader>
<TableRow>
<TableHead>User</TableHead>
<TableHead>Email</TableHead>
<TableHead>Access</TableHead>
<TableHead>Shared</TableHead>
<TableHead class="text-right">Actions</TableHead>
</TableRow>
</TableHeader>
<TableBody>
<TableRow v-for="share in shares" :key="share.id">
<TableCell class="font-medium">
{{ getUserName(share.granteeUser) }}
</TableCell>
<TableCell>{{ share.granteeUser.email }}</TableCell>
<TableCell>
<div class="flex gap-1">
<Badge v-if="share.accessLevel.canRead" variant="secondary">Read</Badge>
<Badge v-if="share.accessLevel.canEdit" variant="secondary">Edit</Badge>
<Badge v-if="share.accessLevel.canDelete" variant="secondary">Delete</Badge>
</div>
</TableCell>
<TableCell>{{ formatDate(share.createdAt) }}</TableCell>
<TableCell class="text-right">
<Button
variant="ghost"
size="icon"
@click="removeShare(share.id)"
:disabled="removing === share.id"
>
<Trash2 class="h-4 w-4" />
</Button>
</TableCell>
</TableRow>
</TableBody>
</Table>
</div>
<!-- Empty State -->
<div v-else class="text-center py-8 text-muted-foreground border rounded-lg">
<Users class="h-12 w-12 mx-auto mb-2 opacity-50" />
<p>This record is not shared with anyone</p>
<p class="text-sm">Click "Share" to grant access to other users</p>
</div>
<!-- Share Dialog -->
<Dialog v-model:open="showShareDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Share Record</DialogTitle>
<DialogDescription>
Grant access to this record to specific users
</DialogDescription>
</DialogHeader>
<div class="space-y-4">
<div class="space-y-2">
<Label for="user">User</Label>
<Select v-model="newShare.userId" @update:model-value="(value) => newShare.userId = value">
<SelectTrigger>
<SelectValue placeholder="Select user" />
</SelectTrigger>
<SelectContent>
<SelectItem
v-for="user in availableUsers"
:key="user.id"
:value="user.id"
>
{{ getUserName(user) }} ({{ user.email }})
</SelectItem>
</SelectContent>
</Select>
</div>
<div class="space-y-3">
<Label>Permissions</Label>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<Checkbox
id="canRead"
v-model:checked="newShare.canRead"
@update:checked="(value) => newShare.canRead = value"
/>
<label
for="canRead"
class="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
>
Can Read
</label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
id="canEdit"
v-model:checked="newShare.canEdit"
@update:checked="(value) => newShare.canEdit = value"
/>
<label
for="canEdit"
class="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
>
Can Edit
</label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
id="canDelete"
v-model:checked="newShare.canDelete"
@update:checked="(value) => newShare.canDelete = value"
/>
<label
for="canDelete"
class="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
>
Can Delete
</label>
</div>
</div>
</div>
<div class="space-y-2">
<Label for="expiresAt">Expires At (Optional)</Label>
<div class="flex gap-2">
<DatePicker
v-model="expiresDate"
placeholder="Select date"
class="flex-1"
/>
</div>
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="showShareDialog = false">Cancel</Button>
<Button
@click="createShare"
:disabled="!newShare.userId || (!newShare.canRead && !newShare.canEdit && !newShare.canDelete) || sharing"
>
{{ sharing ? 'Sharing...' : 'Share' }}
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, computed } from 'vue';
import { Button } from '~/components/ui/button';
import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '~/components/ui/table';
import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from '~/components/ui/dialog';
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '~/components/ui/select';
import { Input } from '~/components/ui/input';
import { Label } from '~/components/ui/label';
import { Badge } from '~/components/ui/badge';
import { Checkbox } from '~/components/ui/checkbox';
import DatePicker from '~/components/ui/date-picker/DatePicker.vue';
import { UserPlus, Trash2, Users } from 'lucide-vue-next';
interface Props {
objectApiName: string;
recordId: string;
ownerId?: string;
}
const props = defineProps<Props>();
const { api } = useApi();
const { toast } = useToast();
const loading = ref(true);
const sharing = ref(false);
const removing = ref<string | null>(null);
const error = ref<string | null>(null);
const shares = ref<any[]>([]);
const allUsers = ref<any[]>([]);
const showShareDialog = ref(false);
const newShare = ref({
userId: '',
canRead: true,
canEdit: false,
canDelete: false,
expiresAt: '',
});
const expiresDate = ref<Date | null>(null);
const expiresTime = ref('');
// Computed property to combine date and time into ISO string
const combinedExpiresAt = computed(() => {
if (!expiresDate.value) return '';
const date = new Date(expiresDate.value);
if (expiresTime.value) {
const [hours, minutes] = expiresTime.value.split(':');
date.setHours(parseInt(hours), parseInt(minutes), 0, 0);
} else {
date.setHours(23, 59, 59, 999); // Default to end of day
}
return date.toISOString();
});
// Filter out users who already have shares
const availableUsers = computed(() => {
const sharedUserIds = new Set(shares.value.map(s => s.granteeUserId));
return allUsers.value.filter(u => !sharedUserIds.has(u.id));
});
const loadShares = async () => {
try {
loading.value = true;
error.value = null;
const response = await api.get(
`/runtime/objects/${props.objectApiName}/records/${props.recordId}/shares`
);
shares.value = response || [];
} catch (e: any) {
console.error('Failed to load shares:', e);
error.value = e.message || 'Failed to load shares';
// If user is not owner, they can't see shares
if (e.message?.includes('owner')) {
error.value = 'Only the record owner can manage sharing';
}
} finally {
loading.value = false;
}
};
const loadUsers = async () => {
try {
const response = await api.get('/setup/users');
allUsers.value = response || [];
} catch (e: any) {
console.error('Failed to load users:', e);
}
};
const createShare = async () => {
try {
sharing.value = true;
const expiresAtValue = combinedExpiresAt.value;
console.log('Creating share, expiresAt value:', expiresAtValue);
const payload: any = {
granteeUserId: newShare.value.userId,
canRead: newShare.value.canRead,
canEdit: newShare.value.canEdit,
canDelete: newShare.value.canDelete,
};
// Only include expiresAt if it has a value
if (expiresAtValue) {
payload.expiresAt = expiresAtValue;
console.log('Including expiresAt in payload:', payload.expiresAt);
} else {
console.log('Skipping expiresAt - no date selected');
}
console.log('Final payload:', payload);
await api.post(
`/runtime/objects/${props.objectApiName}/records/${props.recordId}/shares`,
payload
);
toast.success('Record shared successfully');
showShareDialog.value = false;
newShare.value = {
userId: '',
canRead: true,
canEdit: false,
canDelete: false,
expiresAt: '',
};
expiresDate.value = null;
expiresTime.value = '';
await loadShares();
} catch (e: any) {
console.error('Failed to share record:', e);
toast.error(e.message || 'Failed to share record');
} finally {
sharing.value = false;
}
};
const removeShare = async (shareId: string) => {
try {
removing.value = shareId;
await api.delete(
`/runtime/objects/${props.objectApiName}/records/${props.recordId}/shares/${shareId}`
);
toast.success('Share removed successfully');
await loadShares();
} catch (e: any) {
console.error('Failed to remove share:', e);
toast.error(e.message || 'Failed to remove share');
} finally {
removing.value = null;
}
};
const getUserName = (user: any) => {
if (!user) return 'Unknown';
if (user.firstName || user.lastName) {
return [user.firstName, user.lastName].filter(Boolean).join(' ');
}
return user.email;
};
const formatDate = (date: string) => {
if (!date) return 'N/A';
return new Date(date).toLocaleDateString();
};
onMounted(async () => {
await Promise.all([loadShares(), loadUsers()]);
});
definePageMeta({
layout: 'default',
});
</script>

265
frontend/components/RolePermissionsEditor.vue Normal file
View File

@@ -0,0 +1,265 @@
<template>
<div class="space-y-6">
<div v-if="loading" class="text-center py-8">Loading...</div>
<div v-else class="space-y-6">
<!-- Object Permissions -->
<div
v-for="obj in objects"
:key="obj.id"
class="border rounded-lg p-4 space-y-3"
>
<div class="flex items-center justify-between">
<h3 class="font-semibold">{{ obj.label }}</h3>
<Button
variant="ghost"
size="sm"
@click="toggleObjectExpanded(obj.id)"
>
{{ expandedObjects[obj.id] ? 'Collapse' : 'Expand' }}
</Button>
</div>
<div v-if="expandedObjects[obj.id]" class="space-y-4">
<!-- CRUD Permissions -->
<div class="grid grid-cols-2 gap-3">
<div class="flex items-center space-x-2">
<Checkbox
:id="`${obj.id}-read`"
:checked="hasPermission(obj.apiName, 'read')"
@update:checked="(val) => setPermission(obj.apiName, 'read', val)"
/>
<Label :for="`${obj.id}-read`" class="cursor-pointer">Read</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
:id="`${obj.id}-create`"
:checked="hasPermission(obj.apiName, 'create')"
@update:checked="(val) => setPermission(obj.apiName, 'create', val)"
/>
<Label :for="`${obj.id}-create`" class="cursor-pointer">Create</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
:id="`${obj.id}-update`"
:checked="hasPermission(obj.apiName, 'update')"
@update:checked="(val) => setPermission(obj.apiName, 'update', val)"
/>
<Label :for="`${obj.id}-update`" class="cursor-pointer">Update</Label>
</div>
<div class="flex items-center space-x-2">
<Checkbox
:id="`${obj.id}-delete`"
:checked="hasPermission(obj.apiName, 'delete')"
@update:checked="(val) => setPermission(obj.apiName, 'delete', val)"
/>
<Label :for="`${obj.id}-delete`" class="cursor-pointer">Delete</Label>
</div>
</div>
<!-- Advanced: Condition-based permissions -->
<div class="border-t pt-3">
<div class="flex items-center space-x-2 mb-2">
<Checkbox
:id="`${obj.id}-conditions`"
:checked="hasConditions(obj.apiName)"
@update:checked="(val) => toggleConditions(obj.apiName, val)"
/>
<Label :for="`${obj.id}-conditions`" class="cursor-pointer text-sm">
Apply conditions (e.g., own records only)
</Label>
</div>
<div v-if="hasConditions(obj.apiName)" class="ml-6 space-y-2">
<div class="text-sm text-muted-foreground">
Only allow access to records where:
</div>
<div class="flex gap-2">
<Input
v-model="getConditions(obj.apiName).field"
placeholder="Field name (e.g., ownerId)"
class="flex-1"
/>
<Input
v-model="getConditions(obj.apiName).value"
placeholder="Value (e.g., $userId)"
class="flex-1"
/>
</div>
</div>
</div>
</div>
</div>
<!-- Save Button -->
<div class="flex justify-end gap-2">
<Button variant="outline" @click="$emit('cancel')">Cancel</Button>
<Button @click="savePermissions" :disabled="saving">
{{ saving ? 'Saving...' : 'Save Permissions' }}
</Button>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label'
import { Checkbox } from '@/components/ui/checkbox'
interface Props {
role: any
}
const props = defineProps<Props>()
const emit = defineEmits(['saved', 'cancel'])
const { api } = useApi()
const { toast } = useToast()
const loading = ref(true)
const saving = ref(false)
const objects = ref<any[]>([])
const expandedObjects = ref<Record<string, boolean>>({})
// Store permissions as CASL-like rules
const permissions = ref<Record<string, {
actions: string[]
conditions?: any
}>>({})
const fetchObjects = async () => {
try {
loading.value = true
objects.value = await api.get('/setup/objects')
// Expand all objects by default
objects.value.forEach(obj => {
expandedObjects.value[obj.id] = true
})
} catch (e: any) {
console.error('Error fetching objects:', e)
} finally {
loading.value = false
}
}
const fetchRolePermissions = async () => {
try {
const rules = await api.get(`/role-rules/role/${props.role.id}`)
// Parse existing rules into our format
if (rules && rules.length > 0 && rules[0].rulesJson) {
const rulesJson = rules[0].rulesJson
rulesJson.forEach((rule: any) => {
if (!permissions.value[rule.subject]) {
permissions.value[rule.subject] = { actions: [] }
}
if (Array.isArray(rule.action)) {
permissions.value[rule.subject].actions.push(...rule.action)
} else {
permissions.value[rule.subject].actions.push(rule.action)
}
if (rule.conditions) {
permissions.value[rule.subject].conditions = rule.conditions
}
})
}
} catch (e: any) {
console.error('Error fetching role permissions:', e)
}
}
const toggleObjectExpanded = (objectId: string) => {
expandedObjects.value[objectId] = !expandedObjects.value[objectId]
}
const hasPermission = (subject: string, action: string): boolean => {
return permissions.value[subject]?.actions.includes(action) || false
}
const setPermission = (subject: string, action: string, value: boolean) => {
if (!permissions.value[subject]) {
permissions.value[subject] = { actions: [] }
}
if (value) {
if (!permissions.value[subject].actions.includes(action)) {
permissions.value[subject].actions.push(action)
}
} else {
permissions.value[subject].actions = permissions.value[subject].actions.filter(a => a !== action)
}
}
const hasConditions = (subject: string): boolean => {
return !!permissions.value[subject]?.conditions
}
const toggleConditions = (subject: string, value: boolean) => {
if (!permissions.value[subject]) {
permissions.value[subject] = { actions: [] }
}
if (value) {
permissions.value[subject].conditions = { field: 'ownerId', value: '$userId' }
} else {
delete permissions.value[subject].conditions
}
}
const getConditions = (subject: string) => {
if (!permissions.value[subject]?.conditions) {
return { field: '', value: '' }
}
const cond = permissions.value[subject].conditions
// Convert CASL condition format to simple field/value
const field = Object.keys(cond)[0] || ''
const value = cond[field] || ''
return { field, value }
}
const savePermissions = async () => {
try {
saving.value = true
// Convert our permission structure to CASL rules format
const rules: any[] = []
Object.entries(permissions.value).forEach(([subject, perm]) => {
if (perm.actions.length > 0) {
const rule: any = {
action: perm.actions,
subject,
}
if (perm.conditions) {
const cond = getConditions(subject)
if (cond.field && cond.value) {
rule.conditions = { [cond.field]: cond.value }
}
}
rules.push(rule)
}
})
await api.post('/role-rules', {
roleId: props.role.id,
rulesJson: rules,
})
emit('saved')
} catch (e: any) {
console.error('Error saving permissions:', e)
toast.error('Failed to save permissions')
} finally {
saving.value = false
}
}
onMounted(async () => {
await fetchObjects()
await fetchRolePermissions()
})
</script>

300
frontend/components/SoftphoneDialog.vue
View File

@@ -1,300 +0,0 @@
<template>
<Dialog v-model:open="softphone.isOpen.value">
<DialogContent class="sm:max-w-[500px] max-h-[80vh] overflow-hidden flex flex-col">
<DialogHeader>
<DialogTitle>Softphone</DialogTitle>
</DialogHeader>
<div class="flex-1 overflow-y-auto space-y-4">
<!-- Connection Status -->
<div class="flex items-center justify-between p-3 rounded-lg border" :class="{
'bg-green-50 border-green-200': softphone.isConnected.value,
'bg-red-50 border-red-200': !softphone.isConnected.value
}">
<span class="text-sm font-medium">
{{ softphone.isConnected.value ? 'Connected' : 'Disconnected' }}
</span>
<div class="h-2 w-2 rounded-full" :class="{
'bg-green-500': softphone.isConnected.value,
'bg-red-500': !softphone.isConnected.value
}"></div>
</div>
<!-- Incoming Call -->
<div v-if="softphone.incomingCall.value" class="p-4 rounded-lg border border-blue-200 bg-blue-50 animate-pulse">
<div class="text-center space-y-4">
<div>
<p class="text-sm text-gray-600">Incoming call from</p>
<p class="text-2xl font-bold">{{ formatPhoneNumber(softphone.incomingCall.value.fromNumber) }}</p>
</div>
<div class="flex gap-2 justify-center">
<Button @click="handleAccept" class="bg-green-500 hover:bg-green-600">
<PhoneIcon class="w-4 h-4 mr-2" />
Accept
</Button>
<Button @click="handleReject" variant="destructive">
<PhoneOffIcon class="w-4 h-4 mr-2" />
Reject
</Button>
</div>
</div>
</div>
<!-- Active Call -->
<div v-if="softphone.currentCall.value" class="space-y-4">
<div class="p-4 rounded-lg border bg-gray-50">
<div class="text-center space-y-2">
<p class="text-sm text-gray-600">
{{ softphone.currentCall.value.direction === 'outbound' ? 'Calling' : 'Connected with' }}
</p>
<p class="text-2xl font-bold">
{{ formatPhoneNumber(
softphone.currentCall.value.direction === 'outbound'
? softphone.currentCall.value.toNumber
: softphone.currentCall.value.fromNumber
) }}
</p>
<p class="text-sm text-gray-500 capitalize">{{ softphone.callStatus.value }}</p>
</div>
</div>
<!-- Call Controls -->
<div class="grid grid-cols-3 gap-2">
<Button variant="outline" size="sm" @click="toggleMute">
<MicIcon v-if="!isMuted" class="w-4 h-4" />
<MicOffIcon v-else class="w-4 h-4" />
</Button>
<Button variant="outline" size="sm" @click="showDialpad = !showDialpad">
<Hash class="w-4 h-4" />
</Button>
<Button variant="destructive" size="sm" @click="handleEndCall">
<PhoneOffIcon class="w-4 h-4" />
</Button>
</div>
<!-- Dialpad -->
<div v-if="showDialpad" class="grid grid-cols-3 gap-2">
<Button
v-for="digit in ['1', '2', '3', '4', '5', '6', '7', '8', '9', '*', '0', '#']"
:key="digit"
variant="outline"
size="sm"
@click="handleDtmf(digit)"
class="h-12 text-lg font-semibold"
>
{{ digit }}
</Button>
</div>
</div>
<!-- AI Suggestions - Show whenever there are suggestions, not just during active call -->
<div v-if="softphone.aiSuggestions.value.length > 0" class="space-y-2">
<h3 class="text-sm font-semibold flex items-center gap-2">
<span>AI Assistant</span>
<span class="px-2 py-0.5 text-xs bg-blue-100 text-blue-700 rounded-full">
{{ softphone.aiSuggestions.value.length }}
</span>
</h3>
<div class="space-y-2 max-h-40 overflow-y-auto">
<div
v-for="(suggestion, index) in softphone.aiSuggestions.value.slice(0, 5)"
:key="index"
class="p-3 rounded-lg border text-sm transition-all"
:class="{
'bg-blue-50 border-blue-200 animate-pulse': suggestion.type === 'response' && index === 0,
'bg-blue-50 border-blue-200': suggestion.type === 'response' && index !== 0,
'bg-green-50 border-green-200 animate-pulse': suggestion.type === 'action' && index === 0,
'bg-green-50 border-green-200': suggestion.type === 'action' && index !== 0,
'bg-purple-50 border-purple-200 animate-pulse': suggestion.type === 'insight' && index === 0,
'bg-purple-50 border-purple-200': suggestion.type === 'insight' && index !== 0
}"
>
<div class="flex items-center gap-2 mb-1">
<span class="text-xs font-semibold uppercase" :class="{
'text-blue-700': suggestion.type === 'response',
'text-green-700': suggestion.type === 'action',
'text-purple-700': suggestion.type === 'insight'
}">{{ suggestion.type }}</span>
<span class="text-xs text-gray-400">just now</span>
</div>
<p class="leading-relaxed">{{ suggestion.text }}</p>
</div>
</div>
</div>
<!-- Dialer (when no active call) -->
<div v-if="!softphone.currentCall.value && !softphone.incomingCall.value" class="space-y-4">
<div>
<label class="text-sm font-medium">Phone Number</label>
<Input
v-model="phoneNumber"
placeholder="+1234567890"
class="mt-1"
@keyup.enter="handleCall"
/>
</div>
<div class="grid grid-cols-3 gap-2">
<Button
v-for="digit in ['1', '2', '3', '4', '5', '6', '7', '8', '9', '*', '0', '#']"
:key="digit"
variant="outline"
@click="phoneNumber += digit"
class="h-12 text-lg font-semibold"
>
{{ digit }}
</Button>
</div>
<div class="flex gap-2">
<Button @click="handleCall" class="flex-1" :disabled="!phoneNumber">
<PhoneIcon class="w-4 h-4 mr-2" />
Call
</Button>
<Button @click="phoneNumber = ''" variant="outline">
<XIcon class="w-4 h-4" />
</Button>
</div>
<!-- Debug: Test AI Suggestions -->
<Button @click="testAiSuggestion" variant="outline" size="sm" class="w-full">
🧪 Test AI Suggestion
</Button>
<!-- Recent Calls -->
<div v-if="softphone.callHistory.value.length > 0" class="space-y-2">
<h3 class="text-sm font-semibold">Recent Calls</h3>
<div class="space-y-1 max-h-40 overflow-y-auto">
<div
v-for="call in softphone.callHistory.value.slice(0, 5)"
:key="call.callSid"
class="flex items-center justify-between p-2 rounded hover:bg-gray-100 cursor-pointer"
@click="phoneNumber = call.direction === 'outbound' ? call.toNumber : call.fromNumber"
>
<div class="flex items-center gap-2">
<PhoneIcon v-if="call.direction === 'outbound'" class="w-3 h-3 text-green-500" />
<PhoneIncomingIcon v-else class="w-3 h-3 text-blue-500" />
<span class="text-sm">
{{ formatPhoneNumber(call.direction === 'outbound' ? call.toNumber : call.fromNumber) }}
</span>
</div>
<span class="text-xs text-gray-500">{{ formatDuration(call.duration) }}</span>
</div>
</div>
</div>
</div>
</div>
</DialogContent>
</Dialog>
</template>
<script setup lang="ts">
import { ref } from 'vue';
import { useSoftphone } from '~/composables/useSoftphone';
import { Dialog, DialogContent, DialogHeader, DialogTitle } from '~/components/ui/dialog';
import { Button } from '~/components/ui/button';
import { Input } from '~/components/ui/input';
import { PhoneIcon, PhoneOffIcon, PhoneIncomingIcon, MicIcon, MicOffIcon, Hash, XIcon } from 'lucide-vue-next';
import { toast } from 'vue-sonner';
const softphone = useSoftphone();
const phoneNumber = ref('');
const showDialpad = ref(false);
const isMuted = ref(false);
const handleCall = async () => {
if (!phoneNumber.value) {
toast.error('Please enter a phone number');
return;
}
try {
await softphone.initiateCall(phoneNumber.value);
phoneNumber.value = '';
toast.success('Call initiated');
} catch (error: any) {
toast.error(error.message || 'Failed to initiate call');
}
};
const handleAccept = async () => {
if (!softphone.incomingCall.value) return;
try {
await softphone.acceptCall(softphone.incomingCall.value.callSid);
} catch (error: any) {
toast.error(error.message || 'Failed to accept call');
}
};
const handleReject = async () => {
if (!softphone.incomingCall.value) return;
try {
await softphone.rejectCall(softphone.incomingCall.value.callSid);
} catch (error: any) {
toast.error(error.message || 'Failed to reject call');
}
};
const handleEndCall = async () => {
if (!softphone.currentCall.value) return;
try {
await softphone.endCall(softphone.currentCall.value.callSid);
} catch (error: any) {
toast.error(error.message || 'Failed to end call');
}
};
// Debug: Test AI suggestions display
const testAiSuggestion = () => {
console.log('🧪 Testing AI suggestion display');
console.log('Current suggestions:', softphone.aiSuggestions.value);
// Add a test suggestion
softphone.aiSuggestions.value.unshift({
type: 'response',
text: '💡 Test suggestion: This is a test AI suggestion to verify UI display'
});
console.log('After test:', softphone.aiSuggestions.value);
toast.success('Test suggestion added');
};
const handleDtmf = async (digit: string) => {
if (!softphone.currentCall.value) return;
try {
await softphone.sendDtmf(softphone.currentCall.value.callSid, digit);
} catch (error: any) {
console.error('Failed to send DTMF:', error);
}
};
const toggleMute = () => {
isMuted.value = !isMuted.value;
// TODO: Implement actual audio muting
toast.info(isMuted.value ? 'Muted' : 'Unmuted');
};
const formatPhoneNumber = (number: string): string => {
if (!number) return '';
// Simple US format
const cleaned = number.replace(/\D/g, '');
if (cleaned.length === 11 && cleaned[0] === '1') {
return `+1 (${cleaned.slice(1, 4)}) ${cleaned.slice(4, 7)}-${cleaned.slice(7)}`;
} else if (cleaned.length === 10) {
return `(${cleaned.slice(0, 3)}) ${cleaned.slice(3, 6)}-${cleaned.slice(6)}`;
}
return number;
};
const formatDuration = (seconds?: number): string => {
if (!seconds) return '--:--';
const mins = Math.floor(seconds / 60);
const secs = seconds % 60;
return `${mins}:${secs.toString().padStart(2, '0')}`;
};
</script>

195
frontend/components/fields/FieldAttributesCommon.vue
View File

@@ -1,195 +0,0 @@
<template>
<div class="space-y-6">
<!-- Label -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Label</label>
<div class="col-span-3">
<input
v-model="formData.label"
type="text"
placeholder="Display name for this field"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<!-- API Name (Read-only if editing existing field) -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">API Name</label>
<div class="col-span-3">
<input
v-model="formData.apiName"
type="text"
placeholder="e.g., accountName"
:disabled="isEditing"
class="w-full px-3 py-2 border rounded-md text-sm disabled:bg-gray-100 disabled:text-gray-600"
/>
<p v-if="isEditing" class="text-xs text-gray-500 mt-1">
Cannot change API name on existing fields
</p>
</div>
</div>
<!-- Description -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Description</label>
<div class="col-span-3">
<textarea
v-model="formData.description"
placeholder="Describe the purpose of this field"
rows="3"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<!-- Placeholder -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Placeholder</label>
<div class="col-span-3">
<input
v-model="formData.placeholder"
type="text"
placeholder="e.g., Enter account name"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<!-- Help Text -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Help Text</label>
<div class="col-span-3">
<textarea
v-model="formData.helpText"
placeholder="Additional guidance for users"
rows="2"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<!-- Display Order -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Display Order</label>
<div class="col-span-3">
<input
v-model.number="formData.displayOrder"
type="number"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<!-- Required -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Required</label>
<div class="col-span-3 flex items-center">
<input
v-model="formData.isRequired"
type="checkbox"
class="w-4 h-4 border rounded"
/>
<span class="ml-2 text-sm text-gray-600">
{{ formData.isRequired ? 'Yes, this field is required' : 'No, this field is optional' }}
</span>
<p v-if="hasData && !wasRequired && formData.isRequired" class="ml-2 text-xs text-red-600">
Existing records may have empty values
</p>
</div>
</div>
<!-- Unique -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Unique</label>
<div class="col-span-3 flex items-center">
<input
v-model="formData.isUnique"
type="checkbox"
class="w-4 h-4 border rounded"
/>
<span class="ml-2 text-sm text-gray-600">
{{ formData.isUnique ? 'Yes, values must be unique' : 'No, duplicate values allowed' }}
</span>
<p v-if="hasData && !wasUnique && formData.isUnique" class="ml-2 text-xs text-red-600">
Existing records may have duplicate values
</p>
</div>
</div>
<!-- Default Value -->
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Default Value</label>
<div class="col-span-3">
<input
v-model="formData.defaultValue"
type="text"
placeholder="Value used when field is not provided"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, watch, onMounted } from 'vue'
interface Props {
label?: string
apiName?: string
description?: string
placeholder?: string
helpText?: string
displayOrder?: number
isRequired?: boolean
isUnique?: boolean
defaultValue?: string
isEditing?: boolean
hasData?: boolean
}
interface Emits {
(e: 'update', data: any): void
}
const props = withDefaults(defineProps<Props>(), {
label: '',
apiName: '',
description: '',
placeholder: '',
helpText: '',
displayOrder: 0,
isRequired: false,
isUnique: false,
defaultValue: '',
isEditing: false,
hasData: false,
})
const emit = defineEmits<Emits>()
const formData = ref({
label: props.label,
apiName: props.apiName,
description: props.description,
placeholder: props.placeholder,
helpText: props.helpText,
displayOrder: props.displayOrder,
isRequired: props.isRequired,
isUnique: props.isUnique,
defaultValue: props.defaultValue,
})
const wasRequired = ref(props.isRequired)
const wasUnique = ref(props.isUnique)
onMounted(() => {
wasRequired.value = props.isRequired
wasUnique.value = props.isUnique
})
watch(formData, (newVal) => {
emit('update', newVal)
}, { deep: true })
</script>

296
frontend/components/fields/FieldAttributesType.vue
View File

@@ -1,296 +0,0 @@
<template>
<div class="space-y-6">
<!-- Text Field Attributes -->
<div v-if="fieldType === 'text'" class="space-y-4">
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Max Length</label>
<div class="col-span-3">
<input
v-model.number="attributes.maxLength"
type="number"
min="1"
max="65535"
placeholder="Maximum character length (default: 255)"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
</div>
<!-- Textarea Attributes -->
<div v-if="fieldType === 'textarea'" class="space-y-4">
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Default Rows</label>
<div class="col-span-3">
<input
v-model.number="attributes.rows"
type="number"
min="2"
max="20"
:placeholder="`Default: 4 rows`"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
</div>
<!-- Number Field Attributes -->
<div v-if="fieldType === 'number'" class="space-y-4">
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Decimal Places</label>
<div class="col-span-3">
<input
v-model.number="attributes.scale"
type="number"
min="0"
max="10"
placeholder="0 for integers, 2 for decimals"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Min Value</label>
<div class="col-span-3">
<input
v-model.number="attributes.min"
type="number"
placeholder="Minimum allowed value"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Max Value</label>
<div class="col-span-3">
<input
v-model.number="attributes.max"
type="number"
placeholder="Maximum allowed value"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
</div>
<!-- Currency Field Attributes -->
<div v-if="fieldType === 'currency'" class="space-y-4">
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Currency Symbol</label>
<div class="col-span-3">
<input
v-model="attributes.prefix"
type="text"
placeholder="e.g., $, €, ¥"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Decimal Places</label>
<div class="col-span-3">
<input
v-model.number="attributes.scale"
type="number"
min="0"
max="4"
placeholder="Default: 2"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Min Value</label>
<div class="col-span-3">
<input
v-model.number="attributes.min"
type="number"
placeholder="Minimum allowed value"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Max Value</label>
<div class="col-span-3">
<input
v-model.number="attributes.max"
type="number"
placeholder="Maximum allowed value"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
</div>
</div>
</div>
<!-- Select/Picklist Attributes -->
<div v-if="fieldType === 'select' || fieldType === 'multiSelect'" class="space-y-4">
<div class="border rounded-lg p-4 bg-gray-50">
<div class="flex items-center justify-between mb-4">
<label class="text-sm font-medium">Options</label>
<button
type="button"
@click="addOption"
class="text-xs px-3 py-1 bg-blue-600 text-white rounded hover:bg-blue-700"
>
Add Option
</button>
</div>
<div class="space-y-2">
<div
v-for="(option, index) in attributes.options"
:key="index"
class="flex gap-2 items-center bg-white p-3 rounded border"
>
<input
v-model="option.value"
type="text"
placeholder="Value"
class="flex-1 px-2 py-1 border rounded text-sm"
/>
<input
v-model="option.label"
type="text"
placeholder="Label"
class="flex-1 px-2 py-1 border rounded text-sm"
/>
<button
type="button"
@click="removeOption(index)"
class="text-red-600 hover:text-red-800 text-sm font-medium"
>
Remove
</button>
</div>
</div>
<p v-if="!attributes.options || attributes.options.length === 0" class="text-sm text-gray-500 mt-4">
No options defined yet
</p>
</div>
</div>
<!-- Date Field Attributes -->
<div v-if="fieldType === 'date' || fieldType === 'datetime'" class="space-y-4">
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Include Time</label>
<div class="col-span-3 flex items-center">
<input
v-if="fieldType === 'datetime'"
:checked="true"
type="checkbox"
disabled
class="w-4 h-4 border rounded"
/>
<span class="ml-2 text-sm text-gray-600">{{ fieldType === 'datetime' ? 'Yes' : 'No' }}</span>
</div>
</div>
</div>
<!-- Lookup Field Attributes -->
<div v-if="fieldType === 'lookup' || fieldType === 'belongsTo'" class="space-y-4">
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Related Object</label>
<div class="col-span-3">
<input
v-model="attributes.relationObject"
type="text"
disabled
placeholder="Selected during field creation"
class="w-full px-3 py-2 border rounded-md text-sm bg-gray-100 disabled:text-gray-600"
/>
<p class="text-xs text-gray-500 mt-1">Cannot change relationship after creation</p>
</div>
</div>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Display Field</label>
<div class="col-span-3">
<input
v-model="attributes.relationDisplayField"
type="text"
placeholder="e.g., name, label (field to show in lookup)"
class="w-full px-3 py-2 border rounded-md text-sm"
/>
<p class="text-xs text-gray-500 mt-1">Which field from the related object to display</p>
</div>
</div>
</div>
</div>
</template>
<script setup lang="ts">
import { ref, watch } from 'vue'
interface FieldOption {
value: string | number
label: string
}
interface TypeAttributes {
maxLength?: number
rows?: number
scale?: number
min?: number
max?: number
prefix?: string
suffix?: string
options?: FieldOption[]
relationObject?: string
relationDisplayField?: string
}
interface Props {
fieldType: string
attributes?: TypeAttributes
}
interface Emits {
(e: 'update', data: TypeAttributes): void
}
const props = withDefaults(defineProps<Props>(), {
fieldType: 'text',
attributes: () => ({}),
})
const emit = defineEmits<Emits>()
const attributes = ref<TypeAttributes>({
...props.attributes,
})
watch(
() => props.fieldType,
(newType) => {
// Reset attributes when field type changes
attributes.value = {}
},
)
const addOption = () => {
if (!attributes.value.options) {
attributes.value.options = []
}
attributes.value.options.push({
value: '',
label: '',
})
emit('update', attributes.value)
}
const removeOption = (index: number) => {
if (attributes.value.options) {
attributes.value.options.splice(index, 1)
emit('update', attributes.value)
}
}
watch(
attributes,
(newVal) => {
emit('update', newVal)
},
{ deep: true },
)
</script>

3
frontend/components/fields/FieldRenderer.vue
View File

@@ -21,8 +21,7 @@ interface Props {
}
const props = withDefaults(defineProps<Props>(), {
// Default to runtime objects endpoint; override when consuming central entities
baseUrl: '/runtime/objects',
baseUrl: '/central',
})
const emit = defineEmits<{

140
frontend/components/fields/FieldTypeSelector.vue
View File

@@ -1,140 +0,0 @@
<template>
<div class="space-y-4">
<label class="text-sm font-medium">Field Type</label>
<div class="grid grid-cols-2 gap-4">
<!-- Text Fields -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'text' }"
@click="$emit('update:modelValue', 'text')">
<div class="font-medium text-sm">Text</div>
<div class="text-xs text-gray-600">Single line text input</div>
</div>
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'textarea' }"
@click="$emit('update:modelValue', 'textarea')">
<div class="font-medium text-sm">Textarea</div>
<div class="text-xs text-gray-600">Multi-line text input</div>
</div>
<!-- Email & Phone -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'email' }"
@click="$emit('update:modelValue', 'email')">
<div class="font-medium text-sm">Email</div>
<div class="text-xs text-gray-600">Email with validation</div>
</div>
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'phone' }"
@click="$emit('update:modelValue', 'phone')">
<div class="font-medium text-sm">Phone</div>
<div class="text-xs text-gray-600">Phone number input</div>
</div>
<!-- Numeric Fields -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'number' }"
@click="$emit('update:modelValue', 'number')">
<div class="font-medium text-sm">Number</div>
<div class="text-xs text-gray-600">Integer or decimal</div>
</div>
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'currency' }"
@click="$emit('update:modelValue', 'currency')">
<div class="font-medium text-sm">Currency</div>
<div class="text-xs text-gray-600">Money amount with symbol</div>
</div>
<!-- Selection Fields -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'select' }"
@click="$emit('update:modelValue', 'select')">
<div class="font-medium text-sm">Picklist</div>
<div class="text-xs text-gray-600">Dropdown with predefined options</div>
</div>
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'multiSelect' }"
@click="$emit('update:modelValue', 'multiSelect')">
<div class="font-medium text-sm">Multi-select</div>
<div class="text-xs text-gray-600">Select multiple options</div>
</div>
<!-- Boolean -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'boolean' }"
@click="$emit('update:modelValue', 'boolean')">
<div class="font-medium text-sm">Checkbox</div>
<div class="text-xs text-gray-600">True/False toggle</div>
</div>
<!-- Date Fields -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'date' }"
@click="$emit('update:modelValue', 'date')">
<div class="font-medium text-sm">Date</div>
<div class="text-xs text-gray-600">Date picker without time</div>
</div>
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'datetime' }"
@click="$emit('update:modelValue', 'datetime')">
<div class="font-medium text-sm">DateTime</div>
<div class="text-xs text-gray-600">Date and time picker</div>
</div>
<!-- Relationship Fields -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'lookup' }"
@click="$emit('update:modelValue', 'lookup')">
<div class="font-medium text-sm">Lookup</div>
<div class="text-xs text-gray-600">Link to another object</div>
</div>
<!-- Rich Content -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'markdown' }"
@click="$emit('update:modelValue', 'markdown')">
<div class="font-medium text-sm">Rich Text</div>
<div class="text-xs text-gray-600">Markdown editor</div>
</div>
<!-- File -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'file' }"
@click="$emit('update:modelValue', 'file')">
<div class="font-medium text-sm">File</div>
<div class="text-xs text-gray-600">File upload</div>
</div>
<!-- URL -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'url' }"
@click="$emit('update:modelValue', 'url')">
<div class="font-medium text-sm">URL</div>
<div class="text-xs text-gray-600">Web address with validation</div>
</div>
<!-- Color -->
<div class="border rounded-lg p-4 cursor-pointer hover:bg-blue-50"
:class="{ 'bg-blue-100 border-blue-500': modelValue === 'color' }"
@click="$emit('update:modelValue', 'color')">
<div class="font-medium text-sm">Color</div>
<div class="text-xs text-gray-600">Color picker</div>
</div>
</div>
</div>
</template>
<script setup lang="ts">
defineProps<{
modelValue: string
}>()
defineEmits<{
'update:modelValue': [value: string]
}>()
</script>

3
frontend/components/fields/LookupField.vue
View File

@@ -16,8 +16,7 @@ interface Props {
}
const props = withDefaults(defineProps<Props>(), {
// Default to runtime objects endpoint; override when consuming central entities
baseUrl: '/runtime/objects',
baseUrl: '/central',
modelValue: null,
})

73
frontend/components/ui/checkbox/Checkbox.vue
View File

@@ -1,30 +1,59 @@
<script setup lang="ts">
import type { CheckboxRootEmits, CheckboxRootProps } from "reka-ui"
import type { HTMLAttributes } from "vue"
import { reactiveOmit } from "@vueuse/core"
import { Check } from "lucide-vue-next"
import { CheckboxIndicator, CheckboxRoot, useForwardPropsEmits } from "reka-ui"
import { cn } from "@/lib/utils"
import { computed } from 'vue'
import type { HTMLAttributes } from 'vue'
import { Check } from 'lucide-vue-next'
import { cn } from '@/lib/utils'
const props = defineProps<CheckboxRootProps & { class?: HTMLAttributes["class"] }>()
const emits = defineEmits<CheckboxRootEmits>()
interface Props {
checked?: boolean
disabled?: boolean
required?: boolean
name?: string
value?: string
id?: string
class?: HTMLAttributes['class']
}
const delegatedProps = reactiveOmit(props, "class")
const props = withDefaults(defineProps<Props>(), {
checked: false,
disabled: false,
required: false,
})
const forwarded = useForwardPropsEmits(delegatedProps, emits)
const emit = defineEmits<{
'update:checked': [value: boolean]
}>()
const handleChange = (event: Event) => {
const target = event.target as HTMLInputElement
emit('update:checked', target.checked)
}
</script>
<template>
<CheckboxRoot
v-bind="forwarded"
:class="
cn('grid place-content-center peer h-4 w-4 shrink-0 rounded-sm border border-primary shadow focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:cursor-not-allowed disabled:opacity-50 data-[state=checked]:bg-primary data-[state=checked]:text-primary-foreground',
props.class)"
>
<CheckboxIndicator class="grid place-content-center text-current">
<slot>
<Check class="h-4 w-4" />
</slot>
</CheckboxIndicator>
</CheckboxRoot>
<div class="relative inline-flex items-center">
<input
type="checkbox"
:id="props.id"
:checked="props.checked"
:disabled="props.disabled"
:required="props.required"
:name="props.name"
:value="props.value"
@change="handleChange"
:class="
cn(
'peer h-4 w-4 shrink-0 rounded-sm border border-primary shadow focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:cursor-not-allowed disabled:opacity-50 cursor-pointer',
'appearance-none bg-background',
'checked:bg-primary checked:border-primary',
props.class
)
"
/>
<Check
v-if="props.checked"
class="absolute h-4 w-4 text-primary-foreground pointer-events-none"
:class="{ 'opacity-50': props.disabled }"
/>
</div>
</template>

190
frontend/components/views/DetailViewEnhanced.vue
View File

@@ -2,11 +2,9 @@
import { computed, ref, onMounted } from 'vue'
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'
import { Button } from '@/components/ui/button'
import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'
import FieldRenderer from '@/components/fields/FieldRenderer.vue'
import PageLayoutRenderer from '@/components/PageLayoutRenderer.vue'
import RelatedList from '@/components/RelatedList.vue'
import RecordSharing from '@/components/RecordSharing.vue'
import { DetailViewConfig, ViewMode, FieldSection, FieldConfig, RelatedListConfig } from '@/types/field-types'
import { Edit, Trash2, ArrowLeft } from 'lucide-vue-next'
import {
@@ -22,13 +20,11 @@ interface Props {
loading?: boolean
objectId?: string // For fetching page layout
baseUrl?: string
showSharing?: boolean
}
const props = withDefaults(defineProps<Props>(), {
loading: false,
baseUrl: '/runtime/objects',
showSharing: true,
})
const emit = defineEmits<{
@@ -134,123 +130,91 @@ const usePageLayout = computed(() => {
<div class="animate-spin rounded-full h-12 w-12 border-b-2 border-primary"></div>
</div>
<!-- Tabs for Details, Related, and Sharing -->
<Tabs v-else default-value="details" class="space-y-6">
<TabsList>
<TabsTrigger value="details">Details</TabsTrigger>
<TabsTrigger v-if="config.relatedLists && config.relatedLists.length > 0" value="related">
Related
</TabsTrigger>
<TabsTrigger v-if="showSharing && data.id" value="sharing">
Sharing
</TabsTrigger>
</TabsList>
<!-- Content with Page Layout -->
<Card v-else-if="usePageLayout">
<CardHeader>
<CardTitle>Details</CardTitle>
</CardHeader>
<CardContent>
<PageLayoutRenderer
:fields="config.fields"
:layout="pageLayout"
:model-value="data"
:readonly="true"
/>
</CardContent>
</Card>
<!-- Details Tab -->
<TabsContent value="details" class="space-y-6">
<!-- Content with Page Layout -->
<Card v-if="usePageLayout">
<!-- Traditional Section-based Layout -->
<div v-else class="space-y-6">
<Card v-for="(section, idx) in sections" :key="idx">
<Collapsible
v-if="section.collapsible"
:default-open="!section.defaultCollapsed"
>
<CardHeader>
<CardTitle>Details</CardTitle>
</CardHeader>
<CardContent>
<PageLayoutRenderer
:fields="config.fields"
:layout="pageLayout"
:model-value="data"
:readonly="true"
/>
</CardContent>
</Card>
<!-- Traditional Section-based Layout -->
<div v-else class="space-y-6">
<Card v-for="(section, idx) in sections" :key="idx">
<Collapsible
v-if="section.collapsible"
:default-open="!section.defaultCollapsed"
>
<CardHeader>
<CollapsibleTrigger class="flex items-center justify-between w-full hover:bg-muted/50 -m-2 p-2 rounded">
<div>
<CardTitle v-if="section.title">{{ section.title }}</CardTitle>
<CardDescription v-if="section.description">
{{ section.description }}
</CardDescription>
</div>
</CollapsibleTrigger>
</CardHeader>
<CollapsibleContent>
<CardContent>
<div class="grid gap-6 md:grid-cols-2">
<FieldRenderer
v-for="field in getFieldsBySection(section)"
:key="field.id"
:field="field"
:model-value="data[field.apiName]"
:record-data="data"
:mode="ViewMode.DETAIL"
:base-url="baseUrl"
/>
</div>
</CardContent>
</CollapsibleContent>
</Collapsible>
<template v-else>
<CardHeader v-if="section.title || section.description">
<CollapsibleTrigger class="flex items-center justify-between w-full hover:bg-muted/50 -m-2 p-2 rounded">
<div>
<CardTitle v-if="section.title">{{ section.title }}</CardTitle>
<CardDescription v-if="section.description">
{{ section.description }}
</CardDescription>
</CardHeader>
<CardContent>
<div class="grid gap-6 md:grid-cols-2">
<FieldRenderer
v-for="field in getFieldsBySection(section)"
:key="field?.id"
:field="field"
:model-value="data[field.apiName]"
:record-data="data"
:mode="ViewMode.DETAIL"
:base-url="baseUrl"
/>
</div>
</CardContent>
</template>
</Card>
</div>
</TabsContent>
</div>
</CollapsibleTrigger>
</CardHeader>
<CollapsibleContent>
<CardContent>
<div class="grid gap-6 md:grid-cols-2">
<FieldRenderer
v-for="field in getFieldsBySection(section)"
:key="field.id"
:field="field"
:model-value="data[field.apiName]"
:record-data="data"
:mode="ViewMode.DETAIL"
:base-url="baseUrl"
/>
</div>
</CardContent>
</CollapsibleContent>
</Collapsible>
<!-- Related Lists Tab -->
<TabsContent value="related" class="space-y-6">
<div v-if="config.relatedLists && config.relatedLists.length > 0">
<RelatedList
v-for="relatedList in config.relatedLists"
:key="relatedList.relationName"
:config="relatedList"
:parent-id="data.id"
:related-records="data[relatedList.relationName]"
@navigate="(objectApiName, recordId) => emit('navigate', objectApiName, recordId)"
@create="(objectApiName, parentId) => emit('createRelated', objectApiName, parentId)"
/>
</div>
</TabsContent>
<!-- Sharing Tab -->
<TabsContent value="sharing">
<Card>
<CardContent class="pt-6">
<RecordSharing
v-if="data.id && config.objectApiName"
:object-api-name="config.objectApiName"
:record-id="data.id"
:owner-id="data.ownerId"
/>
<template v-else>
<CardHeader v-if="section.title || section.description">
<CardTitle v-if="section.title">{{ section.title }}</CardTitle>
<CardDescription v-if="section.description">
{{ section.description }}
</CardDescription>
</CardHeader>
<CardContent>
<div class="grid gap-6 md:grid-cols-2">
<FieldRenderer
v-for="field in getFieldsBySection(section)"
:key="field?.id"
:field="field"
:model-value="data[field.apiName]"
:record-data="data"
:mode="ViewMode.DETAIL"
:base-url="baseUrl"
/>
</div>
</CardContent>
</Card>
</TabsContent>
</Tabs>
</template>
</Card>
</div>
<!-- Related Lists -->
<div v-if="config.relatedLists && config.relatedLists.length > 0" class="space-y-6">
<RelatedList
v-for="relatedList in config.relatedLists"
:key="relatedList.relationName"
:config="relatedList"
:parent-id="data.id"
:related-records="data[relatedList.relationName]"
@navigate="(objectApiName, recordId) => emit('navigate', objectApiName, recordId)"
@create="(objectApiName, parentId) => emit('createRelated', objectApiName, parentId)"
/>
</div>
</div>
</template>

23
frontend/components/views/EditView.vue
View File

@@ -12,6 +12,8 @@ import {
CollapsibleTrigger,
} from '@/components/ui/collapsible'
console.log('[EditView] COMPONENT MOUNTING')
interface Props {
config: EditViewConfig
data?: any
@@ -25,6 +27,8 @@ const props = withDefaults(defineProps<Props>(), {
saving: false,
})
console.log('[EditView] Props received on mount:', JSON.stringify(props, null, 2))
const emit = defineEmits<{
'save': [data: any]
'cancel': []
@@ -35,10 +39,16 @@ const emit = defineEmits<{
const formData = ref<Record<string, any>>({ ...props.data })
const errors = ref<Record<string, string>>({})
console.log('[EditView] Initial props.data:', JSON.stringify(props.data, null, 2))
console.log('[EditView] props.data.id:', props.data?.id)
// Watch for data changes (useful for edit mode)
watch(() => props.data, (newData) => {
console.log('[EditView] Data changed:', JSON.stringify(newData, null, 2))
console.log('[EditView] newData.id:', newData?.id)
console.log('[EditView] Keys in newData:', Object.keys(newData))
formData.value = { ...newData }
}, { deep: true })
}, { deep: true, immediate: true })
// Organize fields into sections
const sections = computed<FieldSection[]>(() => {
@@ -137,12 +147,11 @@ const validateForm = (): boolean => {
const handleSave = () => {
if (validateForm()) {
// Start with props.data to preserve system fields like id, then override with user edits
const dataToSave = {
...props.data,
...formData.value,
}
emit('save', dataToSave)
// Preserve id and other system fields from original data when saving
emit('save', {
id: props.data?.id, // Preserve the record ID for updates
...formData.value
})
}
}

30
frontend/components/views/EditViewEnhanced.vue
View File

@@ -45,11 +45,16 @@ const errors = ref<Record<string, string>>({})
// Watch for data changes (useful for edit mode)
watch(() => props.data, (newData) => {
console.log('[EditViewEnhanced] Data changed:', newData)
console.log('[EditViewEnhanced] Data has id?', newData?.id)
formData.value = { ...newData }
}, { deep: true })
}, { deep: true, immediate: true })
// Fetch page layout if objectId is provided
onMounted(async () => {
console.log('[EditViewEnhanced] Component mounted')
console.log('[EditViewEnhanced] Props:', props)
if (props.objectId) {
try {
loadingLayout.value = true
@@ -159,12 +164,27 @@ const validateForm = (): boolean => {
}
const handleSave = () => {
console.log('[EditViewEnhanced] handleSave called')
console.log('[EditViewEnhanced] props.data:', props.data)
console.log('[EditViewEnhanced] props.data?.id:', props.data?.id)
console.log('[EditViewEnhanced] formData before processing:', { ...formData.value })
if (validateForm()) {
// Start with props.data to preserve system fields like id, then override with user edits
const saveData = {
...props.data,
...formData.value,
// Preserve the id from props.data if it exists (needed for updates)
// Filter out other system fields that are auto-managed
const saveData = { ...formData.value }
const systemFieldsToRemove = ['tenantId', 'ownerId', 'created_at', 'updated_at', 'createdAt', 'updatedAt', 'createdBy', 'updatedBy']
for (const field of systemFieldsToRemove) {
delete saveData[field]
}
// Explicitly preserve id if it exists in the original data
if (props.data?.id) {
saveData.id = props.data.id
console.log('[EditViewEnhanced] Preserved id from props:', saveData.id)
}
console.log('[EditViewEnhanced] Final saveData:', saveData)
emit('save', saveData)
}
}

4
frontend/components/views/ListView.vue
View File

@@ -22,6 +22,7 @@ interface Props {
loading?: boolean
selectable?: boolean
baseUrl?: string
canCreate?: boolean
}
const props = withDefaults(defineProps<Props>(), {
@@ -29,6 +30,7 @@ const props = withDefaults(defineProps<Props>(), {
loading: false,
selectable: false,
baseUrl: '/runtime/objects',
canCreate: true,
})
const emit = defineEmits<{
@@ -145,7 +147,7 @@ const handleAction = (actionId: string) => {
</Button>
<!-- Create -->
<Button size="sm" @click="emit('create')">
<Button v-if="props.canCreate" size="sm" @click="emit('create')">
<Plus class="h-4 w-4 mr-2" />
New
</Button>

26
frontend/composables/useApi.ts
View File

@@ -10,8 +10,7 @@ export const useApi = () => {
// In browser, use current hostname but with port 3000 for API
const currentHost = window.location.hostname
const protocol = window.location.protocol
//return `${protocol}//${currentHost}:3000`
return `${protocol}//${currentHost}`
return `${protocol}//${currentHost}:3000`
}
// Fallback for SSR
return config.public.apiBaseUrl
@@ -46,7 +45,9 @@ export const useApi = () => {
toast.error('Your session has expired. Please login again.')
router.push('/login')
}
throw new Error('Unauthorized')
const error = new Error('Unauthorized')
;(error as any).status = 401
throw error
}
if (response.status === 403) {
@@ -60,17 +61,24 @@ export const useApi = () => {
router.push('/login')
}
}
throw new Error('Forbidden')
// Don't log 403 errors - create error with status flag
const error = new Error('Forbidden')
;(error as any).status = 403
throw error
}
if (!response.ok) {
// Try to get error details from response
const text = await response.text()
console.error('API Error Response:', {
status: response.status,
statusText: response.statusText,
body: text
})
// Only log unexpected errors (not 401 or 403 which are handled above)
if (response.status !== 401 && response.status !== 403) {
console.error('API Error Response:', {
status: response.status,
statusText: response.statusText,
body: text
})
}
let errorMessage = `HTTP error! status: ${response.status}`
if (text) {

34
frontend/composables/useFieldViews.ts
View File

@@ -197,7 +197,10 @@ export const useViewState = <T extends { id?: string }>(
records.value = response.data || response || []
} catch (e: any) {
error.value = e.message
console.error('Failed to fetch records:', e)
// Only log unexpected errors (not authorization failures)
if (e.status !== 401 && e.status !== 403) {
console.error('Failed to fetch records:', e)
}
} finally {
loading.value = false
}
@@ -212,7 +215,10 @@ export const useViewState = <T extends { id?: string }>(
currentRecord.value = response.data || response
} catch (e: any) {
error.value = e.message
console.error('Failed to fetch record:', e)
// Only log unexpected errors (not authorization failures)
if (e.status !== 401 && e.status !== 403) {
console.error('Failed to fetch record:', e)
}
} finally {
loading.value = false
}
@@ -231,7 +237,7 @@ export const useViewState = <T extends { id?: string }>(
return recordData
} catch (e: any) {
error.value = e.message
console.error('Failed to create record:', e)
// Don't log to console - errors are already handled by useApi and shown via toast
throw e
} finally {
saving.value = false
@@ -256,7 +262,10 @@ export const useViewState = <T extends { id?: string }>(
return recordData
} catch (e: any) {
error.value = e.message
console.error('Failed to update record:', e)
// Only log unexpected errors (not authorization failures)
if (e.status !== 401 && e.status !== 403) {
console.error('Failed to update record:', e)
}
throw e
} finally {
saving.value = false
@@ -274,7 +283,10 @@ export const useViewState = <T extends { id?: string }>(
}
} catch (e: any) {
error.value = e.message
console.error('Failed to delete record:', e)
// Only log unexpected errors (not authorization failures)
if (e.status !== 401 && e.status !== 403) {
console.error('Failed to delete record:', e)
}
throw e
} finally {
loading.value = false
@@ -289,7 +301,10 @@ export const useViewState = <T extends { id?: string }>(
records.value = records.value.filter(r => !ids.includes(r.id!))
} catch (e: any) {
error.value = e.message
console.error('Failed to delete records:', e)
// Only log unexpected errors (not authorization failures)
if (e.status !== 401 && e.status !== 403) {
console.error('Failed to delete records:', e)
}
throw e
} finally {
loading.value = false
@@ -312,10 +327,17 @@ export const useViewState = <T extends { id?: string }>(
}
const handleSave = async (data: T) => {
// DEBUG: Check if id is present
console.log('[handleSave] Data received:', JSON.stringify(data, null, 2))
console.log('[handleSave] data.id:', data.id)
console.log('[handleSave] currentRecord.value:', currentRecord.value)
let savedRecord
if (data.id) {
console.log('[handleSave] Calling updateRecord (PUT)')
savedRecord = await updateRecord(data.id, data)
} else {
console.log('[handleSave] Calling createRecord (POST) - ID IS MISSING!')
savedRecord = await createRecord(data)
}
return savedRecord

611
frontend/composables/useSoftphone.ts
View File

@@ -1,611 +0,0 @@
import { ref, computed, onMounted, onUnmounted, shallowRef } from 'vue';
import { io, Socket } from 'socket.io-client';
import { Device, Call as TwilioCall } from '@twilio/voice-sdk';
import { useAuth } from './useAuth';
import { toast } from 'vue-sonner';
interface Call {
callSid: string;
direction: 'inbound' | 'outbound';
fromNumber: string;
toNumber: string;
status: string;
startedAt?: string;
duration?: number;
}
interface CallTranscript {
text: string;
isFinal: boolean;
timestamp: number;
}
interface AiSuggestion {
type: 'response' | 'action' | 'insight';
text: string;
data?: any;
}
// Module-level shared state for global access
const socket = ref<Socket | null>(null);
const twilioDevice = shallowRef<Device | null>(null);
const twilioCall = shallowRef<TwilioCall | null>(null);
const isConnected = ref(false);
const isOpen = ref(false);
const currentCall = ref<Call | null>(null);
const incomingCall = ref<Call | null>(null);
const transcript = ref<CallTranscript[]>([]);
const aiSuggestions = ref<AiSuggestion[]>([]);
const callHistory = ref<Call[]>([]);
const isInitialized = ref(false);
const isMuted = ref(false);
const volume = ref(100);
export function useSoftphone() {
const auth = useAuth();
// Get token and tenantId from localStorage
const getToken = () => {
if (typeof window === 'undefined') return null;
return localStorage.getItem('token');
};
const getTenantId = () => {
if (typeof window === 'undefined') return null;
return localStorage.getItem('tenantId');
};
// Computed properties
const isInCall = computed(() => currentCall.value !== null);
const hasIncomingCall = computed(() => incomingCall.value !== null);
const callStatus = computed(() => currentCall.value?.status || 'idle');
/**
* Request microphone permission explicitly
*/
const requestMicrophonePermission = async () => {
try {
// Check if mediaDevices is supported
if (!navigator.mediaDevices || !navigator.mediaDevices.getUserMedia) {
toast.error('Microphone access requires HTTPS. Please access the app via https:// or use localhost for testing.');
console.error('navigator.mediaDevices not available. This typically means the page is not served over HTTPS.');
return false;
}
const stream = await navigator.mediaDevices.getUserMedia({ audio: true });
// Stop the stream immediately, we just wanted the permission
stream.getTracks().forEach(track => track.stop());
return true;
} catch (error: any) {
console.error('Microphone permission denied:', error);
if (error.name === 'NotAllowedError') {
toast.error('Microphone access denied. Please allow microphone access in your browser settings.');
} else if (error.name === 'NotFoundError') {
toast.error('No microphone found. Please connect a microphone and try again.');
} else {
toast.error('Microphone access is required for calls. Please ensure you are using HTTPS or localhost.');
}
return false;
}
};
/**
* Initialize Twilio Device
*/
const initializeTwilioDevice = async () => {
try {
// First, explicitly request microphone permission
const hasPermission = await requestMicrophonePermission();
if (!hasPermission) {
return;
}
const { api } = useApi();
const response = await api.get('/voice/token');
const token = response.data.token;
// Log the token payload to see what identity is being used
try {
const tokenPayload = JSON.parse(atob(token.split('.')[1]));
} catch (e) {
console.log('Could not parse token payload');
}
twilioDevice.value = new Device(token, {
logLevel: 3,
codecPreferences: ['opus', 'pcmu'],
enableImprovedSignalingErrorPrecision: true,
edge: 'ashburn',
});
// Device events
twilioDevice.value.on('registered', () => {
toast.success('Softphone ready');
});
twilioDevice.value.on('unregistered', () => {
});
twilioDevice.value.on('error', (error) => {
console.error('❌ Twilio Device error:', error);
toast.error('Device error: ' + error.message);
});
twilioDevice.value.on('incoming', (call: TwilioCall) => {
twilioCall.value = call;
// Update state
incomingCall.value = {
callSid: call.parameters.CallSid || '',
direction: 'inbound',
fromNumber: call.parameters.From || '',
toNumber: call.parameters.To || '',
status: 'ringing',
};
// Open softphone dialog
isOpen.value = true;
// Show notification
toast.info(`Incoming call from ${incomingCall.value.fromNumber}`, {
duration: 30000,
});
// Setup call handlers
setupCallHandlers(call);
// Twilio Device will handle ringtone automatically
});
// Register the device
await twilioDevice.value.register();
} catch (error: any) {
console.error('Failed to initialize Twilio Device:', error);
toast.error('Failed to initialize voice device: ' + error.message);
}
};
/**
* Setup handlers for a Twilio call
*/
const setupCallHandlers = (call: TwilioCall) => {
call.on('accept', () => {
console.log('Call accepted');
currentCall.value = {
callSid: call.parameters.CallSid || '',
direction: twilioCall.value === call ? 'inbound' : 'outbound',
fromNumber: call.parameters.From || '',
toNumber: call.parameters.To || '',
status: 'in-progress',
startedAt: new Date().toISOString(),
};
incomingCall.value = null;
});
call.on('disconnect', () => {
console.log('Call disconnected');
currentCall.value = null;
twilioCall.value = null;
});
call.on('cancel', () => {
console.log('Call cancelled');
incomingCall.value = null;
twilioCall.value = null;
});
call.on('reject', () => {
console.log('Call rejected');
incomingCall.value = null;
twilioCall.value = null;
});
call.on('error', (error) => {
console.error('Call error:', error);
toast.error('Call error: ' + error.message);
});
};
/**
* Initialize WebSocket connection
*/
const connect = () => {
const token = getToken();
if (socket.value?.connected || !token) {
return;
}
// Use same pattern as useApi to preserve subdomain for multi-tenant
const getBackendUrl = () => {
if (typeof window !== 'undefined') {
const currentHost = window.location.hostname;
const protocol = window.location.protocol;
return `${protocol}//${currentHost}`;
}
return 'http://localhost:3000';
};
// Connect to /voice namespace with proper auth header
socket.value = io(`${getBackendUrl()}/voice`, {
auth: {
token: token,
},
transports: ['websocket', 'polling'],
reconnection: true,
reconnectionDelay: 1000,
reconnectionDelayMax: 5000,
reconnectionAttempts: 5,
query: {}, // Explicitly set empty query to prevent token leaking
});
// Connection events
socket.value.on('connect', () => {
isConnected.value = true;
// Initialize Twilio Device after WebSocket connects
// Suppress warnings by catching them before they log
initializeTwilioDevice().catch(err => {
// Device initialization errors are already shown to user via toast
console.debug('Device init issue (non-critical):', err.message);
});
});
socket.value.on('disconnect', () => {
isConnected.value = false;
});
socket.value.on('connect_error', (error) => {
toast.error('Failed to connect to voice service');
});
// Call events
socket.value.on('call:incoming', handleIncomingCall);
socket.value.on('call:initiated', handleCallInitiated);
socket.value.on('call:accepted', handleCallAccepted);
socket.value.on('call:rejected', handleCallRejected);
socket.value.on('call:ended', handleCallEnded);
socket.value.on('call:update', handleCallUpdate);
socket.value.on('call:error', handleCallError);
socket.value.on('call:state', handleCallState);
// AI events
socket.value.on('ai:transcript', handleAiTranscript);
socket.value.on('ai:suggestion', (data: any) => {
console.log('🎯 AI Suggestion received:', data.text);
handleAiSuggestion(data);
});
socket.value.on('ai:action', handleAiAction);
isInitialized.value = true;
};
/**
* Disconnect WebSocket
*/
const disconnect = () => {
if (socket.value) {
socket.value.disconnect();
socket.value = null;
isConnected.value = false;
isInitialized.value = false;
}
};
/**
* Open softphone dialog
*/
const open = () => {
if (!isInitialized.value) {
connect();
}
isOpen.value = true;
};
/**
* Close softphone dialog
*/
const close = () => {
isOpen.value = false;
};
/**
* Initiate outbound call using Twilio Device
*/
const initiateCall = async (toNumber: string) => {
if (!twilioDevice.value) {
toast.error('Voice device not initialized');
return;
}
try {
// Make call using Twilio Device
const call = await twilioDevice.value.connect({
params: {
To: toNumber,
}
});
twilioCall.value = call;
setupCallHandlers(call);
toast.success('Calling ' + toNumber);
} catch (error: any) {
console.error('Failed to initiate call:', error);
toast.error('Failed to initiate call: ' + error.message);
throw error;
}
};
/**
* Accept incoming call
*/
const acceptCall = async (callSid: string) => {
console.log('📞 Accepting call - callSid:', callSid);
console.log('twilioCall.value:', twilioCall.value);
if (!twilioCall.value) {
console.error('❌ No incoming call to accept - twilioCall.value is null');
toast.error('No incoming call');
return;
}
try {
console.log('Calling twilioCall.value.accept()...');
await twilioCall.value.accept();
console.log('✓ Call accepted successfully');
toast.success('Call accepted');
} catch (error: any) {
console.error('❌ Failed to accept call:', error);
toast.error('Failed to accept call: ' + error.message);
}
};
/**
* Reject incoming call
*/
const rejectCall = async (callSid: string) => {
if (!twilioCall.value) {
toast.error('No incoming call');
return;
}
try {
twilioCall.value.reject();
incomingCall.value = null;
twilioCall.value = null;
toast.info('Call rejected');
} catch (error: any) {
console.error('Failed to reject call:', error);
toast.error('Failed to reject call: ' + error.message);
}
};
/**
* End active call
*/
const endCall = async (callSid: string) => {
if (!twilioCall.value) {
toast.error('No active call');
return;
}
try {
twilioCall.value.disconnect();
currentCall.value = null;
twilioCall.value = null;
toast.info('Call ended');
} catch (error: any) {
console.error('Failed to end call:', error);
toast.error('Failed to end call: ' + error.message);
}
};
/**
* Toggle mute
*/
const toggleMute = () => {
if (!twilioCall.value) return;
isMuted.value = !isMuted.value;
twilioCall.value.mute(isMuted.value);
};
/**
* Send DTMF tone
*/
const sendDtmf = async (callSid: string, digit: string) => {
if (!twilioCall.value) {
return;
}
twilioCall.value.sendDigits(digit);
};
// Event handlers
const handleIncomingCall = (data: Call) => {
// Socket.IO notification that a call is coming
// The actual call object will come from Twilio Device SDK's 'incoming' event
console.log('Socket.IO call notification:', data);
// Don't set incomingCall here - wait for the Device SDK incoming event
};
const handleCallInitiated = (data: any) => {
console.log('Call initiated:', data);
currentCall.value = {
callSid: data.callSid,
direction: 'outbound',
fromNumber: '',
toNumber: data.toNumber,
status: data.status,
};
transcript.value = [];
aiSuggestions.value = [];
};
const handleCallAccepted = (data: any) => {
console.log('Call accepted:', data);
if (incomingCall.value?.callSid === data.callSid) {
currentCall.value = incomingCall.value;
if (currentCall.value) {
currentCall.value.status = 'in-progress';
}
incomingCall.value = null;
}
stopRingtone();
};
const handleCallRejected = (data: any) => {
console.log('Call rejected:', data);
if (incomingCall.value?.callSid === data.callSid) {
incomingCall.value = null;
}
stopRingtone();
};
const handleCallEnded = (data: any) => {
console.log('Call ended:', data);
if (currentCall.value?.callSid === data.callSid) {
currentCall.value = null;
}
if (incomingCall.value?.callSid === data.callSid) {
incomingCall.value = null;
}
stopRingtone();
toast.info('Call ended');
};
const handleCallUpdate = (data: any) => {
console.log('Call update:', data);
if (currentCall.value?.callSid === data.callSid) {
currentCall.value = { ...currentCall.value, ...data };
}
};
const handleCallError = (data: any) => {
console.error('Call error:', data);
toast.error(data.message || 'Call error occurred');
};
const handleCallState = (data: Call) => {
console.log('Call state:', data);
if (data.status === 'in-progress') {
currentCall.value = data;
}
};
const handleAiTranscript = (data: { transcript: string; isFinal: boolean }) => {
transcript.value.push({
text: data.transcript,
isFinal: data.isFinal,
timestamp: Date.now(),
});
// Keep only last 50 transcript items
if (transcript.value.length > 50) {
transcript.value = transcript.value.slice(-50);
}
};
const handleAiSuggestion = (data: AiSuggestion) => {
aiSuggestions.value.unshift(data);
// Keep only last 10 suggestions
if (aiSuggestions.value.length > 10) {
aiSuggestions.value = aiSuggestions.value.slice(0, 10);
}
};
// Helper to parse JWT (for debugging)
const parseJwt = (token: string) => {
try {
return JSON.parse(atob(token.split('.')[1]));
} catch (e) {
return null;
}
};
const handleAiAction = (data: any) => {
console.log('AI action:', data);
toast.info(`AI: ${data.action}`);
};
// Ringtone management
let ringtoneAudio: HTMLAudioElement | null = null;
const playRingtone = () => {
// Play a simple beep tone using Web Audio API
try {
const audioContext = new (window.AudioContext || (window as any).webkitAudioContext)();
const oscillator = audioContext.createOscillator();
const gainNode = audioContext.createGain();
oscillator.connect(gainNode);
gainNode.connect(audioContext.destination);
// Phone ringtone frequency (440 Hz)
oscillator.frequency.value = 440;
oscillator.type = 'sine';
const now = audioContext.currentTime;
gainNode.gain.setValueAtTime(0.15, now);
gainNode.gain.setValueAtTime(0, now + 0.5);
gainNode.gain.setValueAtTime(0.15, now + 1.0);
gainNode.gain.setValueAtTime(0, now + 1.5);
oscillator.start(now);
oscillator.stop(now + 2);
} catch (error) {
// Silent fail - incoming call still works without audio
console.debug('Audio notification skipped:', error);
}
};
const stopRingtone = () => {
if (ringtoneAudio) {
ringtoneAudio.pause();
ringtoneAudio = null;
}
};
// Auto-connect on mount if token is available
onMounted(() => {
if (getToken() && !isInitialized.value) {
connect();
}
});
// Cleanup on unmount
onUnmounted(() => {
stopRingtone();
});
return {
// State
isOpen,
isConnected,
isInCall,
hasIncomingCall,
currentCall,
incomingCall,
transcript,
aiSuggestions,
callStatus,
callHistory,
isMuted,
volume,
// Actions
open,
close,
initiateCall,
acceptCall,
rejectCall,
endCall,
sendDtmf,
toggleMute,
connect,
disconnect,
};
}

4
frontend/layouts/default.vue
View File

@@ -2,7 +2,6 @@
import { ref } from 'vue'
import AppSidebar from '@/components/AppSidebar.vue'
import AIChatBar from '@/components/AIChatBar.vue'
import SoftphoneDialog from '@/components/SoftphoneDialog.vue'
import {
Breadcrumb,
BreadcrumbItem,
@@ -76,9 +75,6 @@ const breadcrumbs = computed(() => {
<!-- AI Chat Bar Component -->
<AIChatBar />
<!-- Softphone Dialog (Global) -->
<SoftphoneDialog />
</SidebarInset>
</SidebarProvider>
</template>

13
frontend/nuxt.config.ts
View File

@@ -58,10 +58,7 @@ export default defineNuxtConfig({
},
server: {
hmr: {
host: 'tenant1.routebox.co',
port: 443,
protocol: 'wss',
// Don't use _nuxt path - HMR handles its own path
clientPort: 3001,
},
allowedHosts: ['.routebox.co', 'localhost', '127.0.0.1'],
},
@@ -70,12 +67,4 @@ export default defineNuxtConfig({
compatibilityDate: '2024-01-01',
css: ['~/assets/css/main.css'],
components: [
{
path: '~/components',
pathPrefix: false,
extensions: ['.vue'],
},
],
})

993
frontend/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
frontend/package.json
View File

@@ -17,7 +17,6 @@
"dependencies": {
"@internationalized/date": "^3.10.1",
"@nuxtjs/tailwindcss": "^6.11.4",
"@twilio/voice-sdk": "^2.11.2",
"@vueuse/core": "^10.11.1",
"class-variance-authority": "^0.7.0",
"clsx": "^2.1.0",
@@ -27,7 +26,6 @@
"radix-vue": "^1.4.1",
"reka-ui": "^2.6.1",
"shadcn-nuxt": "^2.3.3",
"socket.io-client": "^4.8.3",
"tailwind-merge": "^2.2.1",
"vue": "^3.4.15",
"vue-router": "^4.2.5",

132
frontend/pages/[objectName]/[[recordId]]/[[view]].vue
View File

@@ -3,14 +3,18 @@ import { ref, computed, onMounted, watch, nextTick } from 'vue'
import { useRoute, useRouter } from 'vue-router'
import { useApi } from '@/composables/useApi'
import { useFields, useViewState } from '@/composables/useFieldViews'
import { useAuth } from '@/composables/useAuth'
import ListView from '@/components/views/ListView.vue'
import DetailView from '@/components/views/DetailViewEnhanced.vue'
import EditView from '@/components/views/EditViewEnhanced.vue'
import RecordShareManager from '@/components/RecordShareManager.vue'
import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'
const route = useRoute()
const router = useRouter()
const { api } = useApi()
const { buildListViewConfig, buildDetailViewConfig, buildEditViewConfig } = useFields()
const { getUser } = useAuth()
// Use breadcrumbs composable
const { setBreadcrumbs } = useBreadcrumbs()
@@ -32,6 +36,7 @@ const view = computed(() => {
// State
const objectDefinition = ref<any>(null)
const objectAccess = ref<any>(null)
const loading = ref(true)
const error = ref<string | null>(null)
@@ -118,9 +123,50 @@ const detailConfig = computed(() => {
const editConfig = computed(() => {
if (!objectDefinition.value) return null
return buildEditViewConfig(objectDefinition.value)
const config = buildEditViewConfig(objectDefinition.value)
return config
})
// Compute canCreate based on objectAccess
// Note: MySQL BOOLEAN fields return 0/1 (numbers), not true/false
const canCreate = computed(() => {
const publicCreate = objectAccess.value?.publicCreate
const result = publicCreate === true || publicCreate === 1
return result
})
// Check if user can share the record
const canShareRecord = computed(() => {
if (!currentRecord.value) return false
const user = getUser()
if (!user) return false
// User can share if they own the record
return currentRecord.value.ownerId === user.id
})
// Get current user's permissions for the record
const currentUserPermissions = computed(() => {
if (!objectDefinition.value || !currentRecord.value) {
return { canRead: false, canUpdate: false, canDelete: false }
}
const user = getUser()
const isOwner = user ? currentRecord.value.ownerId === user.id : false
const accessModel = objectDefinition.value.access_model || objectDefinition.value.accessModel
const publicRead = objectAccess.value?.publicRead === true || objectAccess.value?.publicRead === 1
const publicUpdate = objectAccess.value?.publicUpdate === true || objectAccess.value?.publicUpdate === 1
const publicDelete = objectAccess.value?.publicDelete === true || objectAccess.value?.publicDelete === 1
return {
canRead: isOwner || publicRead || accessModel === 'public',
canUpdate: isOwner || publicUpdate,
canDelete: isOwner || publicDelete
}
})
// Active tab for detail view with sharing
const activeTab = ref('details')
// Fetch object definition
const fetchObjectDefinition = async () => {
try {
@@ -128,6 +174,20 @@ const fetchObjectDefinition = async () => {
error.value = null
const response = await api.get(`/setup/objects/${objectApiName.value}`)
objectDefinition.value = response
// Fetch access permissions
try {
const accessResponse = await api.get(`/setup/objects/${objectApiName.value}/access`)
objectAccess.value = accessResponse
} catch (e) {
// Set defaults if fetch fails - assume most restrictive
objectAccess.value = {
publicCreate: false,
publicRead: false,
publicUpdate: false,
publicDelete: false,
}
}
} catch (e: any) {
error.value = e.message || 'Failed to load object definition'
console.error('Error fetching object definition:', e)
@@ -261,6 +321,7 @@ onMounted(async () => {
:data="records"
:loading="dataLoading"
:base-url="`/runtime/objects`"
:can-create="canCreate"
selectable
@row-click="handleRowClick"
@create="handleCreate"
@@ -268,32 +329,53 @@ onMounted(async () => {
@delete="handleDelete"
/>
<!-- Detail View -->
<DetailView
v-else-if="view === 'detail' && detailConfig && currentRecord"
:config="detailConfig"
:data="currentRecord"
:loading="dataLoading"
:object-id="objectDefinition?.id"
:base-url="`/runtime/objects`"
@edit="handleEdit"
@delete="() => handleDelete([currentRecord])"
@back="handleBack"
/>
<!-- Detail View with Tabs -->
<div v-else-if="view === 'detail' && detailConfig && currentRecord">
<Tabs v-model="activeTab" class="w-full">
<TabsList class="grid w-full mb-6" :class="canShareRecord ? 'grid-cols-2' : 'grid-cols-1'">
<TabsTrigger value="details">Details</TabsTrigger>
<TabsTrigger v-if="canShareRecord" value="sharing">Sharing</TabsTrigger>
</TabsList>
<TabsContent value="details">
<DetailView
:config="detailConfig"
:data="currentRecord"
:loading="dataLoading"
:object-id="objectDefinition?.id"
:base-url="`/runtime/objects`"
@edit="handleEdit"
@delete="() => handleDelete([currentRecord])"
@back="handleBack"
/>
</TabsContent>
<TabsContent v-if="canShareRecord" value="sharing">
<RecordShareManager
:object-api-name="objectApiName"
:record-id="recordId!"
:current-user-permissions="currentUserPermissions"
:fields="objectDefinition?.fields || []"
/>
</TabsContent>
</Tabs>
</div>
<!-- Edit View -->
<EditView
v-else-if="(view === 'edit' || recordId === 'new') && editConfig"
:config="editConfig"
:data="currentRecord || {}"
:loading="dataLoading"
:saving="saving"
:object-id="objectDefinition?.id"
:base-url="`/runtime/objects`"
@save="handleSaveRecord"
@cancel="handleCancel"
@back="handleBack"
/>
<div v-else-if="(view === 'edit' || recordId === 'new') && editConfig">
<div v-if="false">DEBUG: EditView should render here. view={{ view }}, recordId={{ recordId }}, editConfig={{ !!editConfig }}, currentRecord={{ !!currentRecord }}</div>
<EditView
:config="editConfig"
:data="currentRecord || {}"
:loading="dataLoading"
:saving="saving"
:object-id="objectDefinition?.id"
:base-url="`/runtime/objects`"
@save="handleSaveRecord"
@cancel="handleCancel"
@back="handleBack"
/>
</div>
</div>
</NuxtLayout>
</template>

201
frontend/pages/settings/integrations.vue
View File

@@ -1,201 +0,0 @@
<template>
<NuxtLayout name="default">
<main class="container mx-auto px-4 py-8">
<div class="flex items-center justify-between mb-8">
<div>
<h1 class="text-3xl font-bold">Integrations</h1>
<p class="text-muted-foreground mt-2">
Configure third-party service integrations for your tenant
</p>
</div>
<Button @click="saveConfig" :disabled="saving">
<Save class="mr-2 h-4 w-4" />
{{ saving ? 'Saving...' : 'Save Configuration' }}
</Button>
</div>
<!-- Services Grid -->
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
<!-- Twilio Configuration -->
<Card>
<CardHeader>
<CardTitle class="flex items-center gap-2">
<Phone class="w-5 h-5" />
Twilio Voice
</CardTitle>
<CardDescription>
Configure Twilio for voice calling
</CardDescription>
</CardHeader>
<CardContent class="space-y-4">
<div class="space-y-2">
<Label for="twilio-account-sid">Account SID</Label>
<Input
id="twilio-account-sid"
v-model="twilioConfig.accountSid"
placeholder="ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
/>
</div>
<div class="space-y-2">
<Label for="twilio-auth-token">Auth Token</Label>
<Input
id="twilio-auth-token"
v-model="twilioConfig.authToken"
type="password"
placeholder="Enter your Twilio auth token"
/>
</div>
<div class="space-y-2">
<Label for="twilio-phone-number">Phone Number</Label>
<Input
id="twilio-phone-number"
v-model="twilioConfig.phoneNumber"
placeholder="+1234567890"
/>
</div>
<div class="space-y-2">
<Label for="twilio-api-key">API Key SID (for browser calls)</Label>
<Input
id="twilio-api-key"
v-model="twilioConfig.apiKey"
placeholder="SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
/>
</div>
<div class="space-y-2">
<Label for="twilio-api-secret">API Secret</Label>
<Input
id="twilio-api-secret"
v-model="twilioConfig.apiSecret"
type="password"
placeholder="Enter your API Key Secret"
/>
</div>
<div class="space-y-2">
<Label for="twilio-twiml-app">TwiML App SID</Label>
<Input
id="twilio-twiml-app"
v-model="twilioConfig.twimlAppSid"
placeholder="APxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
/>
</div>
</CardContent>
</Card>
<!-- OpenAI Configuration -->
<Card>
<CardHeader>
<CardTitle class="flex items-center gap-2">
<Bot class="w-5 h-5" />
OpenAI Realtime
</CardTitle>
<CardDescription>
Configure OpenAI for AI features
</CardDescription>
</CardHeader>
<CardContent class="space-y-4">
<div class="space-y-2">
<Label for="openai-api-key">API Key</Label>
<Input
id="openai-api-key"
v-model="openaiConfig.apiKey"
type="password"
placeholder="sk-..."
/>
</div>
<div class="space-y-2">
<Label for="openai-model">Model</Label>
<Input
id="openai-model"
v-model="openaiConfig.model"
placeholder="gpt-4o-realtime-preview"
/>
</div>
<div class="space-y-2">
<Label for="openai-voice">Voice</Label>
<select
id="openai-voice"
v-model="openaiConfig.voice"
class="w-full px-3 py-2 border rounded-md bg-background"
>
<option value="alloy">Alloy</option>
<option value="echo">Echo</option>
<option value="fable">Fable</option>
<option value="onyx">Onyx</option>
<option value="nova">Nova</option>
<option value="shimmer">Shimmer</option>
</select>
</div>
</CardContent>
</Card>
</div>
</main>
</NuxtLayout>
</template>
<script setup lang="ts">
import { ref, onMounted } from 'vue';
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '~/components/ui/card';
import { Input } from '~/components/ui/input';
import { Label } from '~/components/ui/label';
import { Button } from '~/components/ui/button';
import { Phone, Bot, Save } from 'lucide-vue-next';
import { useApi } from '~/composables/useApi';
import { toast } from 'vue-sonner';
const { api } = useApi();
const twilioConfig = ref({
accountSid: '',
authToken: '',
phoneNumber: '',
apiKey: '',
apiSecret: '',
twimlAppSid: '',
});
const openaiConfig = ref({
apiKey: '',
model: 'gpt-4o-realtime-preview',
voice: 'alloy',
});
const saving = ref(false);
const loading = ref(true);
onMounted(async () => {
try {
const response = await api.get('/tenant/integrations');
if (response.data) {
if (response.data.twilio) {
twilioConfig.value = { ...twilioConfig.value, ...response.data.twilio };
}
if (response.data.openai) {
openaiConfig.value = { ...openaiConfig.value, ...response.data.openai };
}
}
} catch (error: any) {
console.error('Failed to load configuration:', error);
} finally {
loading.value = false;
}
});
const saveConfig = async () => {
saving.value = true;
try {
const integrationsConfig = {
twilio: twilioConfig.value,
openai: openaiConfig.value,
};
await api.put('/tenant/integrations', { integrationsConfig });
toast.success('Configuration saved successfully');
} catch (error: any) {
toast.error(error.message || 'Failed to save configuration');
} finally {
saving.value = false;
}
};
</script>

560
frontend/pages/setup/objects/[apiName].vue
View File

@@ -18,101 +18,44 @@
<Tabs v-model="activeTab" default-value="fields" class="w-full">
<TabsList class="grid w-full grid-cols-3 max-w-2xl">
<TabsTrigger value="fields">Fields</TabsTrigger>
<TabsTrigger value="access">Access</TabsTrigger>
<TabsTrigger value="layouts">Page Layouts</TabsTrigger>
<TabsTrigger value="access">Access & Permissions</TabsTrigger>
</TabsList>
<!-- Fields Tab -->
<TabsContent value="fields" class="mt-6">
<div class="space-y-4">
<div class="flex justify-between items-center mb-4">
<h2 class="text-xl font-semibold">Fields</h2>
<Button @click="openFieldDialog('create')">
<Plus class="w-4 h-4 mr-2" />
New Field
</Button>
</div>
<div v-if="!object.fields || object.fields.length === 0" class="text-center py-8 text-muted-foreground">
No fields defined yet. Create one to get started.
</div>
<div v-else class="space-y-2">
<div
v-for="field in object.fields"
:key="field.id"
class="p-4 border rounded-lg bg-card hover:border-primary transition-colors"
>
<div class="flex items-center justify-between">
<div class="flex-1">
<h3 class="font-semibold">{{ field.label }}</h3>
<p class="text-sm text-muted-foreground">
Type: <span class="font-medium">{{ formatFieldType(field.type) }}</span> | API Name: <span class="font-mono">{{ field.apiName }}</span>
</p>
<p v-if="field.description" class="text-sm text-muted-foreground mt-1">
{{ field.description }}
</p>
</div>
<div class="flex items-center gap-3">
<div class="flex gap-2 text-xs">
<span
v-if="field.isRequired"
class="px-2 py-1 bg-destructive/10 text-destructive rounded"
>
Required
</span>
<span
v-if="field.isUnique"
class="px-2 py-1 bg-primary/10 text-primary rounded"
>
Unique
</span>
<span
v-if="field.isSystem"
class="px-2 py-1 bg-gray-200 text-gray-700 rounded text-xs"
>
System
</span>
</div>
<div class="flex gap-2">
<Button
v-if="!field.isSystem"
variant="ghost"
size="sm"
@click="openFieldDialog('edit', field)"
title="Edit field"
>
</Button>
<Button
v-if="!field.isSystem"
variant="ghost"
size="sm"
class="text-destructive hover:text-destructive"
@click="deleteField(field)"
title="Delete field"
>
<Trash2 class="w-4 h-4" />
</Button>
</div>
</div>
<div class="space-y-2">
<div
v-for="field in object.fields"
:key="field.id"
class="p-4 border rounded-lg bg-card"
>
<div class="flex items-center justify-between">
<div>
<h3 class="font-semibold">{{ field.label }}</h3>
<p class="text-sm text-muted-foreground">
Type: {{ field.type }} | API Name: {{ field.apiName }}
</p>
</div>
<div class="flex gap-2 text-xs">
<span
v-if="field.isRequired"
class="px-2 py-1 bg-destructive/10 text-destructive rounded"
>
Required
</span>
<span
v-if="field.isUnique"
class="px-2 py-1 bg-primary/10 text-primary rounded"
>
Unique
</span>
</div>
</div>
</div>
</div>
</TabsContent>
<!-- Access Tab -->
<TabsContent value="access" class="mt-6">
<ObjectAccessSettings
:object-api-name="object.apiName"
:object-id="object.id"
:org-wide-default="object.orgWideDefault"
:fields="object.fields"
@update="handleAccessUpdate"
/>
</TabsContent>
<!-- Page Layouts Tab -->
<TabsContent value="layouts" class="mt-6">
<div v-if="!selectedLayout" class="space-y-4">
@@ -183,111 +126,19 @@
/>
</div>
</TabsContent>
<!-- Access & Permissions Tab -->
<TabsContent value="access" class="mt-6">
<ObjectAccessSettings
:object-api-name="object.apiName"
:fields="object.fields"
@updated="fetchObject"
/>
</TabsContent>
</Tabs>
</div>
</div>
</main>
<!-- Field Management Dialog -->
<Teleport to="body">
<div
v-if="showFieldDialog"
class="fixed inset-0 bg-black/50 flex items-center justify-center z-[100]"
>
<div class="bg-white rounded-lg shadow-lg max-w-3xl w-full mx-4 max-h-[90vh] overflow-y-auto">
<div class="sticky top-0 bg-white border-b p-6 flex items-center justify-between">
<h2 class="text-2xl font-bold">
{{ fieldDialogMode === 'create' ? 'Create New Field' : 'Edit Field' }}
</h2>
<button
@click="closeFieldDialog"
class="text-gray-500 hover:text-gray-700 text-2xl font-bold"
>
×
</button>
</div>
<div class="p-6 space-y-6">
<!-- Field Type Selection (only for creation) -->
<div v-if="fieldDialogMode === 'create'">
<FieldTypeSelector
v-model="fieldForm.type"
/>
</div>
<!-- Common Attributes -->
<div v-if="fieldForm.type">
<h3 class="text-lg font-semibold mb-4">Basic Properties</h3>
<FieldAttributesCommon
:label="fieldForm.label"
:api-name="fieldForm.apiName"
:description="fieldForm.description"
:placeholder="fieldForm.placeholder"
:help-text="fieldForm.helpText"
:display-order="fieldForm.displayOrder"
:is-required="fieldForm.isRequired"
:is-unique="fieldForm.isUnique"
:default-value="fieldForm.defaultValue"
:is-editing="fieldDialogMode === 'edit'"
:has-data="fieldForm.hasData"
@update="updateCommonAttributes"
/>
</div>
<!-- Type-Specific Attributes -->
<div v-if="fieldForm.type">
<h3 class="text-lg font-semibold mb-4">Type-Specific Settings</h3>
<FieldAttributesType
:field-type="fieldForm.type"
:attributes="fieldForm.typeAttributes"
@update="updateTypeAttributes"
/>
</div>
<!-- Lookup Field Selection -->
<div v-if="(fieldForm.type === 'lookup' || fieldForm.type === 'belongsTo') && fieldDialogMode === 'create'">
<h3 class="text-lg font-semibold mb-4">Related Object</h3>
<div class="grid grid-cols-4 gap-4">
<label class="text-sm font-medium leading-8">Select Object</label>
<div class="col-span-3">
<select
v-model="fieldForm.referenceObject"
class="w-full px-3 py-2 border rounded-md text-sm"
>
<option value="">-- Select an object --</option>
<option
v-for="obj in availableObjects"
:key="obj.id"
:value="obj.apiName"
>
{{ obj.label }} ({{ obj.apiName }})
</option>
</select>
</div>
</div>
</div>
<!-- Error Message -->
<div v-if="fieldDialogError" class="p-3 bg-red-100 text-red-800 rounded-md text-sm">
{{ fieldDialogError }}
</div>
<!-- Action Buttons -->
<div class="flex gap-3 justify-end pt-4">
<Button variant="outline" @click="closeFieldDialog">
Cancel
</Button>
<Button
:disabled="!fieldForm.label || !fieldForm.apiName || !fieldForm.type"
@click="saveField"
>
{{ fieldDialogMode === 'create' ? 'Create Field' : 'Update Field' }}
</Button>
</div>
</div>
</div>
</div>
</Teleport>
</NuxtLayout>
</div>
</template>
@@ -298,9 +149,6 @@ import { Button } from '@/components/ui/button'
import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'
import PageLayoutEditor from '@/components/PageLayoutEditor.vue'
import ObjectAccessSettings from '@/components/ObjectAccessSettings.vue'
import FieldTypeSelector from '@/components/fields/FieldTypeSelector.vue'
import FieldAttributesCommon from '@/components/fields/FieldAttributesCommon.vue'
import FieldAttributesType from '@/components/fields/FieldAttributesType.vue'
import type { PageLayout, FieldLayoutItem } from '~/types/page-layout'
const route = useRoute()
@@ -318,81 +166,6 @@ const layouts = ref<PageLayout[]>([])
const loadingLayouts = ref(false)
const selectedLayout = ref<PageLayout | null>(null)
// Field management state
const showFieldDialog = ref(false)
const fieldDialogMode = ref<'create' | 'edit'>('create')
const fieldDialogError = ref<string | null>(null)
const availableObjects = ref<any[]>([])
const fieldForm = ref({
id: '',
label: '',
apiName: '',
type: '',
description: '',
placeholder: '',
helpText: '',
displayOrder: 0,
isRequired: false,
isUnique: false,
defaultValue: '',
referenceObject: '',
typeAttributes: {},
hasData: false,
})
// Helper to format field type names
const formatFieldType = (type: string): string => {
const typeNames: Record<string, string> = {
'TEXT': 'Text',
'LONG_TEXT': 'Textarea',
'EMAIL': 'Email',
'PHONE': 'Phone',
'NUMBER': 'Number',
'CURRENCY': 'Currency',
'PERCENT': 'Percent',
'PICKLIST': 'Picklist',
'MULTI_PICKLIST': 'Multi-select',
'BOOLEAN': 'Checkbox',
'DATE': 'Date',
'DATE_TIME': 'DateTime',
'TIME': 'Time',
'URL': 'URL',
'LOOKUP': 'Lookup',
'FILE': 'File',
'IMAGE': 'Image',
'JSON': 'JSON',
}
return typeNames[type] || type
}
const convertFrontendToBackendType = (frontendType: string): string => {
const typeMap: Record<string, string> = {
'text': 'TEXT',
'textarea': 'LONG_TEXT',
'password': 'TEXT',
'email': 'EMAIL',
'number': 'NUMBER',
'currency': 'CURRENCY',
'percent': 'PERCENT',
'select': 'PICKLIST',
'multiSelect': 'MULTI_PICKLIST',
'boolean': 'BOOLEAN',
'date': 'DATE',
'datetime': 'DATE_TIME',
'time': 'TIME',
'url': 'URL',
'color': 'TEXT',
'json': 'JSON',
'lookup': 'LOOKUP',
'belongsTo': 'LOOKUP',
'markdown': 'LONG_TEXT',
'code': 'LONG_TEXT',
'file': 'FILE',
'image': 'IMAGE',
}
return typeMap[frontendType] || 'TEXT'
}
const fetchObject = async () => {
try {
loading.value = true
@@ -405,14 +178,6 @@ const fetchObject = async () => {
}
}
const fetchAvailableObjects = async () => {
try {
availableObjects.value = await api.get('/setup/objects')
} catch (e: any) {
console.error('Error fetching available objects:', e)
}
}
const fetchLayouts = async () => {
if (!object.value) return
@@ -427,253 +192,6 @@ const fetchLayouts = async () => {
}
}
const openFieldDialog = async (mode: 'create' | 'edit', field?: any) => {
fieldDialogMode.value = mode
fieldDialogError.value = null
if (mode === 'create') {
await fetchAvailableObjects()
fieldForm.value = {
id: '',
label: '',
apiName: '',
type: '',
description: '',
placeholder: '',
helpText: '',
displayOrder: (object.value?.fields?.length || 0) + 1,
isRequired: false,
isUnique: false,
defaultValue: '',
referenceObject: '',
typeAttributes: {},
hasData: false,
}
} else if (field) {
// Load field data for editing
const uiMetadata = field.ui_metadata ? JSON.parse(field.ui_metadata) : {}
fieldForm.value = {
id: field.id,
label: field.label,
apiName: field.apiName,
type: convertBackendToFrontendType(field.type),
description: field.description || '',
placeholder: uiMetadata.placeholder || '',
helpText: uiMetadata.helpText || '',
displayOrder: field.displayOrder || 0,
isRequired: field.isRequired || false,
isUnique: field.isUnique || false,
defaultValue: field.defaultValue || '',
referenceObject: field.referenceObject || '',
typeAttributes: extractTypeAttributes(field, uiMetadata),
hasData: false, // Would need to fetch this from backend
}
}
showFieldDialog.value = true
}
const convertBackendToFrontendType = (backendType: string): string => {
const typeMap: Record<string, string> = {
'TEXT': 'text',
'LONG_TEXT': 'textarea',
'EMAIL': 'email',
'PHONE': 'phone',
'NUMBER': 'number',
'CURRENCY': 'currency',
'PERCENT': 'percent',
'PICKLIST': 'select',
'MULTI_PICKLIST': 'multiSelect',
'BOOLEAN': 'boolean',
'DATE': 'date',
'DATE_TIME': 'datetime',
'TIME': 'time',
'URL': 'url',
'LOOKUP': 'lookup',
'FILE': 'file',
'IMAGE': 'image',
'JSON': 'json',
}
return typeMap[backendType] || 'text'
}
const extractTypeAttributes = (field: any, uiMetadata: any): any => {
const attrs: any = {}
if (field.type === 'PICKLIST' || field.type === 'MULTI_PICKLIST') {
attrs.options = uiMetadata.options || []
}
if (field.type === 'NUMBER' || field.type === 'CURRENCY') {
attrs.scale = field.scale || 0
attrs.min = uiMetadata.min
attrs.max = uiMetadata.max
if (field.type === 'CURRENCY') {
attrs.prefix = uiMetadata.prefix || '$'
}
}
if (field.type === 'TEXT' && field.length) {
attrs.maxLength = field.length
}
if (field.type === 'LONG_TEXT' && uiMetadata.rows) {
attrs.rows = uiMetadata.rows
}
if (field.type === 'LOOKUP') {
attrs.relationObject = field.referenceObject
attrs.relationDisplayField = uiMetadata.relationDisplayField || 'name'
}
return attrs
}
const closeFieldDialog = () => {
showFieldDialog.value = false
fieldDialogError.value = null
}
const updateCommonAttributes = (data: any) => {
Object.assign(fieldForm.value, data)
}
const updateTypeAttributes = (data: any) => {
fieldForm.value.typeAttributes = data
}
const saveField = async () => {
fieldDialogError.value = null
try {
// Validate
if (!fieldForm.value.label || !fieldForm.value.apiName || !fieldForm.value.type) {
fieldDialogError.value = 'Please fill in all required fields'
return
}
const apiName = route.params.apiName as string
// Prepare payload
const payload: any = {
label: fieldForm.value.label,
apiName: fieldForm.value.apiName,
type: fieldForm.value.type, // Use frontend type, backend will convert
description: fieldForm.value.description,
isRequired: fieldForm.value.isRequired,
isUnique: fieldForm.value.isUnique,
defaultValue: fieldForm.value.defaultValue,
}
// Extract type-specific database fields
const typeAttrs = fieldForm.value.typeAttributes || {}
// For text fields
if (fieldForm.value.type === 'text' && typeAttrs.maxLength) {
payload.length = typeAttrs.maxLength
}
// For number and currency fields
if ((fieldForm.value.type === 'number' || fieldForm.value.type === 'currency') && typeAttrs.scale !== undefined) {
payload.scale = typeAttrs.scale
if (typeAttrs.scale > 0) {
payload.precision = 10 // Default precision for decimals
}
}
// Merge UI metadata
const uiMetadata: any = {
placeholder: fieldForm.value.placeholder,
helpText: fieldForm.value.helpText,
}
// Add type-specific attributes to UI metadata
if (fieldForm.value.typeAttributes) {
Object.assign(uiMetadata, fieldForm.value.typeAttributes)
}
payload.uiMetadata = uiMetadata
if (fieldForm.value.referenceObject) {
payload.relationObject = fieldForm.value.referenceObject
payload.relationDisplayField = fieldForm.value.typeAttributes.relationDisplayField || 'name'
}
let result
if (fieldDialogMode.value === 'create') {
result = await api.post(`/setup/objects/${apiName}/fields`, payload)
} else {
// For updates, only send fields that changed
const updatePayload: any = {}
if (fieldForm.value.label) updatePayload.label = fieldForm.value.label
if (fieldForm.value.description) updatePayload.description = fieldForm.value.description
if (fieldForm.value.placeholder) updatePayload.placeholder = fieldForm.value.placeholder
if (fieldForm.value.helpText) updatePayload.helpText = fieldForm.value.helpText
updatePayload.isRequired = fieldForm.value.isRequired
updatePayload.isUnique = fieldForm.value.isUnique
updatePayload.displayOrder = fieldForm.value.displayOrder
if (Object.keys(uiMetadata).length > 0) {
updatePayload.uiMetadata = uiMetadata
}
result = await api.put(
`/setup/objects/${apiName}/fields/${fieldForm.value.apiName}`,
updatePayload,
)
}
// Update the object with new field
if (fieldDialogMode.value === 'create') {
object.value.fields.push(result)
} else {
const index = object.value.fields.findIndex((f: any) => f.id === fieldForm.value.id)
if (index !== -1) {
object.value.fields[index] = result
}
}
toast.success(
fieldDialogMode.value === 'create'
? 'Field created successfully'
: 'Field updated successfully',
)
closeFieldDialog()
} catch (e: any) {
fieldDialogError.value = e.message || 'An error occurred while saving the field'
console.error('Error saving field:', e)
}
}
const deleteField = async (field: any) => {
if (!confirm(`Are you sure you want to delete the field "${field.label}"? This action cannot be undone.`)) {
return
}
try {
const apiName = route.params.apiName as string
await api.delete(`/setup/objects/${apiName}/fields/${field.apiName}`)
// Remove from the list
object.value.fields = object.value.fields.filter((f: any) => f.id !== field.id)
// Also remove from page layouts
for (const layout of layouts.value) {
const layoutConfig = layout.layoutConfig || layout.layout_config || { fields: [] }
if (layoutConfig.fields) {
layoutConfig.fields = layoutConfig.fields.filter(
(f: any) => f.fieldId !== field.id,
)
}
}
toast.success('Field deleted successfully')
} catch (e: any) {
toast.error(`Failed to delete field: ${e.message}`)
console.error('Error deleting field:', e)
}
}
const handleCreateLayout = async () => {
const name = prompt('Enter a name for the new layout:')
if (!name) return
@@ -734,12 +252,6 @@ const handleDeleteLayout = async (layoutId: string) => {
}
}
const handleAccessUpdate = (orgWideDefault: string) => {
if (object.value) {
object.value.orgWideDefault = orgWideDefault
}
}
// Watch for tab changes to load layouts
watch(activeTab, (newTab) => {
if (newTab === 'layouts' && layouts.value.length === 0 && !loadingLayouts.value) {

185
frontend/pages/setup/roles.vue Normal file
View File

@@ -0,0 +1,185 @@
<template>
<div class="min-h-screen bg-background">
<NuxtLayout name="default">
<main class="container mx-auto px-4 py-8">
<div class="mb-6 flex items-center justify-between">
<div>
<h1 class="text-3xl font-bold">Roles & Permissions</h1>
<p class="text-muted-foreground">Manage user roles and their permissions across objects</p>
</div>
<Button @click="showCreateDialog = true">
<Plus class="w-4 h-4 mr-2" />
New Role
</Button>
</div>
<div v-if="loading" class="text-center py-12">Loading roles...</div>
<div v-else class="space-y-4">
<Card
v-for="role in roles"
:key="role.id"
class="cursor-pointer hover:border-primary transition-colors"
@click="handleSelectRole(role)"
>
<CardHeader>
<div class="flex items-center justify-between">
<div>
<CardTitle>{{ role.name }}</CardTitle>
<CardDescription v-if="role.description">
{{ role.description }}
</CardDescription>
</div>
<Button
variant="ghost"
size="sm"
@click.stop="handleDeleteRole(role.id)"
>
<Trash2 class="w-4 h-4" />
</Button>
</div>
</CardHeader>
</Card>
<div v-if="roles.length === 0" class="text-center py-12 text-muted-foreground">
No roles yet. Create one to get started.
</div>
</div>
<!-- Create Role Dialog -->
<Dialog v-model:open="showCreateDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Create New Role</DialogTitle>
<DialogDescription>
Define a new role for your organization
</DialogDescription>
</DialogHeader>
<div class="space-y-4 py-4">
<div class="space-y-2">
<Label>Role Name</Label>
<Input v-model="newRole.name" placeholder="e.g., Account Manager" />
</div>
<div class="space-y-2">
<Label>Description</Label>
<Input v-model="newRole.description" placeholder="Optional description" />
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="showCreateDialog = false">Cancel</Button>
<Button @click="handleCreateRole" :disabled="!newRole.name || creating">
{{ creating ? 'Creating...' : 'Create' }}
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
<!-- Role Permissions Editor Dialog -->
<Dialog v-model:open="showPermissionsDialog">
<DialogContent class="max-w-4xl max-h-[80vh] overflow-y-auto">
<DialogHeader>
<DialogTitle>Manage Permissions: {{ selectedRole?.name }}</DialogTitle>
<DialogDescription>
Configure what this role can do with each object
</DialogDescription>
</DialogHeader>
<RolePermissionsEditor
v-if="selectedRole"
:role="selectedRole"
@saved="handlePermissionsSaved"
/>
</DialogContent>
</Dialog>
</main>
</NuxtLayout>
</div>
</template>
<script setup lang="ts">
import { Plus, Trash2 } from 'lucide-vue-next'
import { Button } from '@/components/ui/button'
import { Card, CardHeader, CardTitle, CardDescription } from '@/components/ui/card'
import {
Dialog,
DialogContent,
DialogDescription,
DialogFooter,
DialogHeader,
DialogTitle,
} from '@/components/ui/dialog'
import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label'
import RolePermissionsEditor from '@/components/RolePermissionsEditor.vue'
const { api } = useApi()
const { toast } = useToast()
const roles = ref<any[]>([])
const loading = ref(true)
const creating = ref(false)
const showCreateDialog = ref(false)
const showPermissionsDialog = ref(false)
const selectedRole = ref<any>(null)
const newRole = ref({
name: '',
description: '',
})
const fetchRoles = async () => {
try {
loading.value = true
roles.value = await api.get('/roles')
} catch (e: any) {
console.error('Error fetching roles:', e)
toast.error('Failed to load roles')
} finally {
loading.value = false
}
}
const handleCreateRole = async () => {
try {
creating.value = true
const created = await api.post('/roles', newRole.value)
roles.value.push(created)
toast.success('Role created successfully')
showCreateDialog.value = false
newRole.value = { name: '', description: '' }
} catch (e: any) {
console.error('Error creating role:', e)
toast.error('Failed to create role')
} finally {
creating.value = false
}
}
const handleSelectRole = (role: any) => {
selectedRole.value = role
showPermissionsDialog.value = true
}
const handleDeleteRole = async (roleId: string) => {
if (!confirm('Are you sure you want to delete this role?')) return
try {
await api.delete(`/roles/${roleId}`)
roles.value = roles.value.filter(r => r.id !== roleId)
toast.success('Role deleted successfully')
} catch (e: any) {
console.error('Error deleting role:', e)
toast.error('Failed to delete role')
}
}
const handlePermissionsSaved = () => {
showPermissionsDialog.value = false
toast.success('Permissions saved successfully')
}
onMounted(() => {
fetchRoles()
})
</script>

231
frontend/pages/setup/roles/[id].vue
View File

@@ -1,231 +0,0 @@
<template>
<div class="min-h-screen bg-background">
<NuxtLayout name="default">
<main class="container mx-auto px-4 py-8">
<div class="flex items-center justify-between">
<div>
<Button variant="ghost" size="sm" @click="navigateTo('/setup/roles')" class="mb-2">
Back to Roles
</Button>
<h1 class="text-3xl font-bold">{{ role?.name || 'Role' }}</h1>
<p class="text-muted-foreground">{{ role?.description || 'No description' }}</p>
</div>
</div>
<div v-if="loading" class="flex items-center justify-center py-12">
<div class="animate-spin rounded-full h-8 w-8 border-b-2 border-primary"></div>
</div>
<Tabs v-else default-value="details" class="w-full">
<TabsList>
<TabsTrigger value="details">Details</TabsTrigger>
<TabsTrigger value="users">Users</TabsTrigger>
</TabsList>
<TabsContent value="details" class="mt-6">
<Card>
<CardHeader>
<CardTitle>Role Information</CardTitle>
</CardHeader>
<CardContent class="space-y-4">
<div class="grid grid-cols-2 gap-4">
<div>
<Label class="text-muted-foreground">Name</Label>
<p class="font-medium">{{ role?.name }}</p>
</div>
<div>
<Label class="text-muted-foreground">Guard</Label>
<Badge variant="outline">{{ role?.guardName || 'tenant' }}</Badge>
</div>
<div class="col-span-2">
<Label class="text-muted-foreground">Description</Label>
<p class="font-medium">{{ role?.description || 'No description' }}</p>
</div>
<div>
<Label class="text-muted-foreground">Created At</Label>
<p class="font-medium">{{ formatDate(role?.createdAt) }}</p>
</div>
<div>
<Label class="text-muted-foreground">Updated At</Label>
<p class="font-medium">{{ formatDate(role?.updatedAt) }}</p>
</div>
</div>
</CardContent>
</Card>
</TabsContent>
<TabsContent value="users" class="mt-6">
<Card>
<CardHeader>
<div class="flex items-center justify-between">
<div>
<CardTitle>Assigned Users</CardTitle>
<CardDescription>Manage user assignments for this role</CardDescription>
</div>
<Button @click="showAddUserDialog = true" size="sm">
<Plus class="mr-2 h-4 w-4" />
Add User
</Button>
</div>
</CardHeader>
<CardContent>
<div v-if="roleUsers.length === 0" class="text-center py-8 text-muted-foreground">
No users assigned. Add users to grant them this role.
</div>
<div v-else class="space-y-2">
<div
v-for="user in roleUsers"
:key="user.id"
class="flex items-center justify-between p-3 border rounded-lg"
>
<div>
<p class="font-medium">{{ getUserName(user) }}</p>
<p class="text-sm text-muted-foreground">{{ user.email }}</p>
</div>
<Button variant="ghost" size="sm" @click="removeUser(user.id)">
<X class="h-4 w-4" />
</Button>
</div>
</div>
</CardContent>
</Card>
</TabsContent>
</Tabs>
<!-- Add User Dialog -->
<Dialog v-model:open="showAddUserDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Add User</DialogTitle>
<DialogDescription>
Select a user to assign this role
</DialogDescription>
</DialogHeader>
<div class="space-y-4">
<div class="space-y-2">
<Label>Available Users</Label>
<Select v-model="selectedUserId" @update:model-value="(value) => selectedUserId = value">
<SelectTrigger>
<SelectValue placeholder="Choose a user" />
</SelectTrigger>
<SelectContent>
<SelectItem v-for="user in availableUsers" :key="user.id" :value="user.id">
{{ getUserName(user) }} ({{ user.email }})
</SelectItem>
</SelectContent>
</Select>
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="showAddUserDialog = false">Cancel</Button>
<Button @click="addUser" :disabled="!selectedUserId">
Add User
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
</main>
</NuxtLayout>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, computed } from 'vue';
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '~/components/ui/card';
import { Button } from '~/components/ui/button';
import { Tabs, TabsContent, TabsList, TabsTrigger } from '~/components/ui/tabs';
import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from '~/components/ui/dialog';
import { Label } from '~/components/ui/label';
import { Badge } from '~/components/ui/badge';
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '~/components/ui/select';
import { Plus, X } from 'lucide-vue-next';
definePageMeta({
layout: 'default',
});
const route = useRoute();
const { api } = useApi();
const { toast } = useToast();
const loading = ref(true);
const role = ref<any>(null);
const roleUsers = ref<any[]>([]);
const allUsers = ref<any[]>([]);
const showAddUserDialog = ref(false);
const selectedUserId = ref('');
const availableUsers = computed(() => {
const assignedIds = new Set(roleUsers.value.map(u => u.id));
return allUsers.value.filter(u => !assignedIds.has(u.id));
});
const loadRole = async () => {
try {
loading.value = true;
const roleId = route.params.id;
const response = await api.get(`/setup/roles/${roleId}`);
role.value = response;
roleUsers.value = response.users || [];
} catch (error: any) {
console.error('Failed to load role:', error);
toast.error('Failed to load role');
} finally {
loading.value = false;
}
};
const loadAllUsers = async () => {
try {
const response = await api.get('/setup/users');
allUsers.value = response || [];
} catch (error: any) {
console.error('Failed to load users:', error);
}
};
const addUser = async () => {
if (!selectedUserId.value) return;
try {
await api.post(`/setup/roles/${route.params.id}/users`, {
userId: selectedUserId.value,
});
toast.success('User added successfully');
showAddUserDialog.value = false;
selectedUserId.value = '';
await loadRole();
} catch (error: any) {
console.error('Failed to add user:', error);
toast.error(error.message || 'Failed to add user');
}
};
const removeUser = async (userId: string) => {
try {
await api.delete(`/setup/roles/${route.params.id}/users/${userId}`);
toast.success('User removed successfully');
await loadRole();
} catch (error: any) {
console.error('Failed to remove user:', error);
toast.error(error.message || 'Failed to remove user');
}
};
const getUserName = (user: any) => {
if (!user) return 'Unknown';
if (user.firstName || user.lastName) {
return [user.firstName, user.lastName].filter(Boolean).join(' ');
}
return user.email || 'Unknown';
};
const formatDate = (date: string) => {
if (!date) return 'N/A';
return new Date(date).toLocaleDateString();
};
onMounted(async () => {
await Promise.all([loadRole(), loadAllUsers()]);
});
</script>

285
frontend/pages/setup/roles/index.vue
View File

@@ -1,285 +0,0 @@
<template>
<div class="min-h-screen bg-background">
<NuxtLayout name="default">
<main class="container mx-auto px-4 py-8">
<div class="flex items-center justify-between">
<div>
<h1 class="text-3xl font-bold">Roles</h1>
<p class="text-muted-foreground">Manage roles and permissions</p>
</div>
<Button @click="showCreateDialog = true">
<Plus class="mr-2 h-4 w-4" />
New Role
</Button>
</div>
<div class="border rounded-lg">
<Table>
<TableHeader>
<TableRow>
<TableHead>Name</TableHead>
<TableHead>Description</TableHead>
<TableHead>Guard</TableHead>
<TableHead>Users</TableHead>
<TableHead>Created</TableHead>
<TableHead class="text-right">Actions</TableHead>
</TableRow>
</TableHeader>
<TableBody>
<TableRow v-if="loading">
<TableCell :colspan="6" class="text-center py-8">
<div class="flex items-center justify-center">
<div class="animate-spin rounded-full h-8 w-8 border-b-2 border-primary"></div>
</div>
</TableCell>
</TableRow>
<TableRow v-else-if="roles.length === 0">
<TableCell :colspan="6" class="text-center py-8 text-muted-foreground">
No roles found. Create your first role to get started.
</TableCell>
</TableRow>
<TableRow v-else v-for="role in roles" :key="role.id" class="cursor-pointer hover:bg-muted/50" @click="navigateTo(`/setup/roles/${role.id}`)">
<TableCell class="font-medium">{{ role.name }}</TableCell>
<TableCell>{{ role.description || 'No description' }}</TableCell>
<TableCell>
<Badge variant="outline">{{ role.guardName || 'tenant' }}</Badge>
</TableCell>
<TableCell>
{{ role.userCount || 0 }} users
</TableCell>
<TableCell>{{ formatDate(role.createdAt) }}</TableCell>
<TableCell class="text-right" @click.stop>
<div class="flex items-center justify-end gap-1">
<Button variant="ghost" size="icon" @click="navigateTo(`/setup/roles/${role.id}`)">
<Eye class="h-4 w-4" />
</Button>
<Button variant="ghost" size="icon" @click="openEditDialog(role)">
<Edit class="h-4 w-4" />
</Button>
<Button variant="ghost" size="icon" @click="openDeleteDialog(role)">
<Trash2 class="h-4 w-4" />
</Button>
</div>
</TableCell>
</TableRow>
</TableBody>
</Table>
</div>
<!-- Create Role Dialog -->
<Dialog v-model:open="showCreateDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Create New Role</DialogTitle>
<DialogDescription>
Add a new role to the system
</DialogDescription>
</DialogHeader>
<div class="space-y-4">
<div class="space-y-2">
<Label for="name">Name</Label>
<Input id="name" v-model="newRole.name" placeholder="Sales Manager" />
</div>
<div class="space-y-2">
<Label for="description">Description (Optional)</Label>
<Input id="description" v-model="newRole.description" placeholder="Manages sales team and deals" />
</div>
<div class="space-y-2">
<Label for="guardName">Guard Name</Label>
<Select v-model="newRole.guardName" @update:model-value="(value) => newRole.guardName = value">
<SelectTrigger>
<SelectValue placeholder="Select guard" />
</SelectTrigger>
<SelectContent>
<SelectItem value="tenant">Tenant</SelectItem>
<SelectItem value="central">Central</SelectItem>
</SelectContent>
</Select>
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="showCreateDialog = false">Cancel</Button>
<Button @click="createRole" :disabled="!newRole.name">
Create Role
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
<!-- Edit Role Dialog -->
<Dialog v-model:open="showEditDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Edit Role</DialogTitle>
<DialogDescription>
Update role information
</DialogDescription>
</DialogHeader>
<div class="space-y-4">
<div class="space-y-2">
<Label for="edit-name">Name</Label>
<Input id="edit-name" v-model="editRole.name" placeholder="Role name" />
</div>
<div class="space-y-2">
<Label for="edit-description">Description</Label>
<Input id="edit-description" v-model="editRole.description" placeholder="Role description" />
</div>
<div class="space-y-2">
<Label for="edit-guardName">Guard Name</Label>
<Select v-model="editRole.guardName" @update:model-value="(value) => editRole.guardName = value">
<SelectTrigger>
<SelectValue placeholder="Select guard" />
</SelectTrigger>
<SelectContent>
<SelectItem value="tenant">Tenant</SelectItem>
<SelectItem value="central">Central</SelectItem>
</SelectContent>
</Select>
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="showEditDialog = false">Cancel</Button>
<Button @click="updateRole" :disabled="!editRole.name">
Update Role
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
<!-- Delete Confirmation Dialog -->
<Dialog v-model:open="showDeleteDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Delete Role</DialogTitle>
<DialogDescription>
Are you sure you want to delete this role? This action cannot be undone.
</DialogDescription>
</DialogHeader>
<DialogFooter>
<Button variant="outline" @click="showDeleteDialog = false">Cancel</Button>
<Button variant="destructive" @click="deleteRole">
Delete Role
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
</main>
</NuxtLayout>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted } from 'vue';
import { Button } from '~/components/ui/button';
import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '~/components/ui/table';
import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from '~/components/ui/dialog';
import { Input } from '~/components/ui/input';
import { Label } from '~/components/ui/label';
import { Badge } from '~/components/ui/badge';
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '~/components/ui/select';
import { Plus, Eye, Edit, Trash2 } from 'lucide-vue-next';
definePageMeta({
layout: 'default',
});
const { api } = useApi();
const { toast } = useToast();
const loading = ref(true);
const roles = ref<any[]>([]);
const showCreateDialog = ref(false);
const showEditDialog = ref(false);
const showDeleteDialog = ref(false);
const newRole = ref({
name: '',
description: '',
guardName: 'tenant',
});
const editRole = ref({
id: '',
name: '',
description: '',
guardName: 'tenant',
});
const roleToDelete = ref<any>(null);
const loadRoles = async () => {
try {
loading.value = true;
const response = await api.get('/setup/roles');
roles.value = response || [];
} catch (error: any) {
console.error('Failed to load roles:', error);
toast.error('Failed to load roles');
} finally {
loading.value = false;
}
};
const createRole = async () => {
try {
await api.post('/setup/roles', newRole.value);
toast.success('Role created successfully');
showCreateDialog.value = false;
newRole.value = { name: '', description: '', guardName: 'tenant' };
await loadRoles();
} catch (error: any) {
console.error('Failed to create role:', error);
toast.error(error.message || 'Failed to create role');
}
};
const openEditDialog = (role: any) => {
editRole.value = {
id: role.id,
name: role.name,
description: role.description || '',
guardName: role.guardName || 'tenant',
};
showEditDialog.value = true;
};
const updateRole = async () => {
try {
await api.patch(`/setup/roles/${editRole.value.id}`, {
name: editRole.value.name,
description: editRole.value.description,
guardName: editRole.value.guardName,
});
toast.success('Role updated successfully');
showEditDialog.value = false;
await loadRoles();
} catch (error: any) {
console.error('Failed to update role:', error);
toast.error(error.message || 'Failed to update role');
}
};
const openDeleteDialog = (role: any) => {
roleToDelete.value = role;
showDeleteDialog.value = true;
};
const deleteRole = async () => {
try {
await api.delete(`/setup/roles/${roleToDelete.value.id}`);
toast.success('Role deleted successfully');
showDeleteDialog.value = false;
roleToDelete.value = null;
await loadRoles();
} catch (error: any) {
console.error('Failed to delete role:', error);
toast.error(error.message || 'Failed to delete role');
}
};
const formatDate = (date: string) => {
if (!date) return 'N/A';
return new Date(date).toLocaleDateString();
};
onMounted(() => {
loadRoles();
});
</script>

227
frontend/pages/setup/users/[id].vue
View File

@@ -1,227 +0,0 @@
<template>
<div class="min-h-screen bg-background">
<NuxtLayout name="default">
<main class="container mx-auto px-4 py-8">
<div class="flex items-center justify-between">
<div>
<Button variant="ghost" size="sm" @click="navigateTo('/setup/users')" class="mb-2">
Back to Users
</Button>
<h1 class="text-3xl font-bold">{{ getUserName(user) }}</h1>
<p class="text-muted-foreground">{{ user?.email }}</p>
</div>
</div>
<div v-if="loading" class="flex items-center justify-center py-12">
<div class="animate-spin rounded-full h-8 w-8 border-b-2 border-primary"></div>
</div>
<Tabs v-else default-value="details" class="w-full">
<TabsList>
<TabsTrigger value="details">Details</TabsTrigger>
<TabsTrigger value="roles">Roles</TabsTrigger>
</TabsList>
<TabsContent value="details" class="mt-6">
<Card>
<CardHeader>
<CardTitle>User Information</CardTitle>
</CardHeader>
<CardContent class="space-y-4">
<div class="grid grid-cols-2 gap-4">
<div>
<Label class="text-muted-foreground">Email</Label>
<p class="font-medium">{{ user?.email }}</p>
</div>
<div>
<Label class="text-muted-foreground">First Name</Label>
<p class="font-medium">{{ user?.firstName || 'N/A' }}</p>
</div>
<div>
<Label class="text-muted-foreground">Last Name</Label>
<p class="font-medium">{{ user?.lastName || 'N/A' }}</p>
</div>
<div>
<Label class="text-muted-foreground">Created At</Label>
<p class="font-medium">{{ formatDate(user?.createdAt) }}</p>
</div>
<div>
<Label class="text-muted-foreground">Updated At</Label>
<p class="font-medium">{{ formatDate(user?.updatedAt) }}</p>
</div>
</div>
</CardContent>
</Card>
</TabsContent>
<TabsContent value="roles" class="mt-6">
<Card>
<CardHeader>
<div class="flex items-center justify-between">
<div>
<CardTitle>Assigned Roles</CardTitle>
<CardDescription>Manage role assignments for this user</CardDescription>
</div>
<Button @click="showAddRoleDialog = true" size="sm">
<Plus class="mr-2 h-4 w-4" />
Add Role
</Button>
</div>
</CardHeader>
<CardContent>
<div v-if="userRoles.length === 0" class="text-center py-8 text-muted-foreground">
No roles assigned. Add roles to grant permissions.
</div>
<div v-else class="space-y-2">
<div
v-for="role in userRoles"
:key="role.id"
class="flex items-center justify-between p-3 border rounded-lg"
>
<div>
<p class="font-medium">{{ role.name }}</p>
<p class="text-sm text-muted-foreground">{{ role.description || 'No description' }}</p>
</div>
<Button variant="ghost" size="sm" @click="removeRole(role.id)">
<X class="h-4 w-4" />
</Button>
</div>
</div>
</CardContent>
</Card>
</TabsContent>
</Tabs>
<!-- Add Role Dialog -->
<Dialog v-model:open="showAddRoleDialog">
<DialogContent>
<DialogHeader>
<DialogTitle>Add Role</DialogTitle>
<DialogDescription>
Select a role to assign to this user
</DialogDescription>
</DialogHeader>
<div class="space-y-4">
<div class="space-y-2">
<Label>Available Roles</Label>
<Select v-model="selectedRoleId" @update:model-value="(value) => selectedRoleId = value">
<SelectTrigger>
<SelectValue placeholder="Choose a role" />
</SelectTrigger>
<SelectContent>
<SelectItem v-for="role in availableRoles" :key="role.id" :value="role.id">
{{ role.name }}
</SelectItem>
</SelectContent>
</Select>
</div>
</div>
<DialogFooter>
<Button variant="outline" @click="showAddRoleDialog = false">Cancel</Button>
<Button @click="addRole" :disabled="!selectedRoleId">
Add Role
</Button>
</DialogFooter>
</DialogContent>
</Dialog>
</main>
</NuxtLayout>
</div>
</template>
<script setup lang="ts">
import { ref, onMounted, computed } from 'vue';
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '~/components/ui/card';
import { Button } from '~/components/ui/button';
import { Tabs, TabsContent, TabsList, TabsTrigger } from '~/components/ui/tabs';
import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from '~/components/ui/dialog';
import { Label } from '~/components/ui/label';
import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '~/components/ui/select';
import { Plus, X } from 'lucide-vue-next';
const route = useRoute();
const { api } = useApi();
const { toast } = useToast();
const loading = ref(true);
const user = ref<any>(null);
const userRoles = ref<any[]>([]);
const allRoles = ref<any[]>([]);
const showAddRoleDialog = ref(false);
const selectedRoleId = ref('');
const availableRoles = computed(() => {
const assignedIds = new Set(userRoles.value.map(r => r.id));
return allRoles.value.filter(r => !assignedIds.has(r.id));
});
const loadUser = async () => {
try {
loading.value = true;
const userId = route.params.id;
const response = await api.get(`/setup/users/${userId}`);
user.value = response;
userRoles.value = response.roles || [];
} catch (error: any) {
console.error('Failed to load user:', error);
toast.error('Failed to load user');
} finally {
loading.value = false;
}
};
const loadAllRoles = async () => {
try {
const response = await api.get('/setup/roles');
allRoles.value = response || [];
} catch (error: any) {
console.error('Failed to load roles:', error);
}
};
const addRole = async () => {
if (!selectedRoleId.value) return;
try {
await api.post(`/setup/users/${route.params.id}/roles`, {
roleId: selectedRoleId.value,
});
toast.success('Role added successfully');
showAddRoleDialog.value = false;
selectedRoleId.value = '';
await loadUser();
} catch (error: any) {
console.error('Failed to add role:', error);
toast.error(error.message || 'Failed to add role');
}
};
const removeRole = async (roleId: string) => {
try {
await api.delete(`/setup/users/${route.params.id}/roles/${roleId}`);
toast.success('Role removed successfully');
await loadUser();
} catch (error: any) {
console.error('Failed to remove role:', error);
toast.error(error.message || 'Failed to remove role');
}
};
const getUserName = (user: any) => {
if (!user) return 'User';
if (user.firstName || user.lastName) {
return [user.firstName, user.lastName].filter(Boolean).join(' ');
}
return user.email || 'User';
};
const formatDate = (date: string) => {
if (!date) return 'N/A';
return new Date(date).toLocaleDateString();
};
onMounted(async () => {
await Promise.all([loadUser(), loadAllRoles()]);
});
</script>

Some files were not shown because too many files have changed in this diff Show More