gitadmin/INSIGHT-MVP
1
0
Fork 0
mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-24 23:56:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(crm): fix Lexware import 500 — tenantId validation in TenantGuard and service

Browse source 
- TenantGuard: remove PLATFORM_ADMIN bypass, require tenantId for all users
- lexware-contacts.service: add defensive tenantId check in importAsCompany
  and importAsContact with clear BadRequestException message

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Thomas Reitz 2026-03-11 10:34:46 +01:00
parent 833bc44acd
commit ba4eec951a
2 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
packages/crm-service/src/auth/guards/tenant.guard.ts
View file

@ -12,14 +12,12 @@ export class TenantGuard implements CanActivate {
const request = context.switchToHttp().getRequest();
const user = request.user as JwtPayload;
// PLATFORM_ADMIN hat Zugriff auf alle Tenants
if (user?.role === 'PLATFORM_ADMIN') {
return true;
}
// Alle anderen User muessen eine tenantId haben
// Alle User (auch PLATFORM_ADMIN) muessen eine tenantId haben
// um auf tenant-spezifische CRM-Ressourcen zuzugreifen.
if (!user?.tenantId) {
throw new ForbiddenException('Kein Mandant zugeordnet');
throw new ForbiddenException(
'Kein Mandant zugeordnet. Bitte mit einem mandanten-gebundenen Account anmelden.',
);
}
return true;

13
packages/crm-service/src/lexware/lexware-contacts.service.ts
View file

@ -7,6 +7,7 @@ import {
Logger,
NotFoundException,
ConflictException,
BadRequestException,
} from '@nestjs/common';
import { CrmPrismaService } from '../prisma/crm-prisma.service';
import { LexwareClientService } from './lexware-client.service';
@ -213,6 +214,12 @@ export class LexwareContactsService {
lexwareContactId: string,
userId: string,
) {
if (!tenantId) {
throw new BadRequestException(
'tenantId fehlt. Bitte mit einem mandanten-gebundenen Account anmelden.',
);
}
// Pruefe ob bereits verknuepft
const existing = await this.prisma.company.findFirst({
where: { tenantId, lexwareContactId },
@ -246,6 +253,12 @@ export class LexwareContactsService {
lexwareContactId: string,
userId: string,
) {
if (!tenantId) {
throw new BadRequestException(
'tenantId fehlt. Bitte mit einem mandanten-gebundenen Account anmelden.',
);
}
const existing = await this.prisma.contact.findFirst({
where: { tenantId, lexwareContactId },
});