gitadmin/INSIGHT-MVP
1
0
Fork 0
mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-25 00:16:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
INSIGHT-MVP/packages/crm-service/src/activities/activities.controller.ts
Thomas Reitz de4af77c5c feat: CRM Berechtigungsmodell — konfigurierbares Sichtbarkeitsmodell (OWN/TEAM/ALL) 
Implementiert pro-Entity Sichtbarkeitssteuerung für Companies, Contacts, Deals
und Activities mit Rollen-basierter Zugriffskontrolle (ADMIN sieht alles,
TEAM_LEAD mindestens Team-Sicht, READONLY nur Lesezugriff).

- JWT Payload um tenantRole + department erweitert (Core + CRM)
- Team-Members-Endpoint im Core Service (GET /users/team-members)
- VisibilityModule mit Redis-Cache (CRM Service)
- ReadonlyGuard als globaler Guard (CRM Service)
- buildVisibilityFilter Utility für Prisma WHERE-Filterung
- Admin-Einstellungsseite /admin/crm-settings (Frontend)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 22:20:53 +01:00

123 lines
3.2 KiB
TypeScript
Raw Blame History

import {
Controller,
Get,
Post,
Patch,
Delete,
Body,
Param,
Query,
Req,
ParseUUIDPipe,
HttpCode,
HttpStatus,
UseGuards,
} from '@nestjs/common';
import { Request } from 'express';
import {
ApiTags,
ApiOperation,
ApiBearerAuth,
ApiParam,
} from '@nestjs/swagger';
import { ActivitiesService } from './activities.service';
import { CreateActivityDto } from './dto/create-activity.dto';
import { UpdateActivityDto } from './dto/update-activity.dto';
import { QueryActivitiesDto } from './dto/query-activities.dto';
import { CurrentUser, JwtPayload } from '../common/decorators';
import { TenantGuard } from '../auth/guards/tenant.guard';
import {
paginatedResponse,
singleResponse,
} from '../common/dto/pagination.dto';
@ApiTags('Activities')
@ApiBearerAuth('access-token')
@UseGuards(TenantGuard)
@Controller('activities')
export class ActivitiesController {
constructor(private readonly activitiesService: ActivitiesService) {}
@Post()
@HttpCode(HttpStatus.CREATED)
@ApiOperation({ summary: 'Aktivitaet erstellen' })
async create(
@CurrentUser() user: JwtPayload,
@Body() dto: CreateActivityDto,
) {
const activity = await this.activitiesService.create(
user.tenantId!,
user.sub,
dto,
);
return singleResponse(activity);
}
@Get()
@ApiOperation({ summary: 'Aktivitaeten auflisten (paginiert, filterbar)' })
async findAll(
@CurrentUser() user: JwtPayload,
@Query() query: QueryActivitiesDto,
@Req() req: Request,
) {
const bearerToken = (req.headers.authorization ?? '').replace('Bearer ', '');
const result = await this.activitiesService.findAll(
user.tenantId!,
query,
user,
bearerToken,
);
return paginatedResponse(
result.data,
result.total,
result.page,
result.pageSize,
);
}
@Get('open-tasks')
@ApiOperation({ summary: 'Offene Aufgaben (TASK + FOLLOWUP) abrufen' })
async findOpenTasks(@CurrentUser() user: JwtPayload) {
const tasks = await this.activitiesService.findOpenTasks(user.tenantId!);
return { success: true, data: tasks, meta: { count: tasks.length } };
}
@Get(':id')
@ApiOperation({ summary: 'Aktivitaet-Details abrufen' })
@ApiParam({ name: 'id', type: 'string', format: 'uuid' })
async findOne(
@CurrentUser() user: JwtPayload,
@Param('id', ParseUUIDPipe) id: string,
) {
const activity = await this.activitiesService.findOne(user.tenantId!, id);
return singleResponse(activity);
}
@Patch(':id')
@ApiOperation({ summary: 'Aktivitaet aktualisieren' })
@ApiParam({ name: 'id', type: 'string', format: 'uuid' })
async update(
@CurrentUser() user: JwtPayload,
@Param('id', ParseUUIDPipe) id: string,
@Body() dto: UpdateActivityDto,
) {
const activity = await this.activitiesService.update(
user.tenantId!,
id,
user.sub,
dto,
);
return singleResponse(activity);
}
@Delete(':id')
@ApiOperation({ summary: 'Aktivitaet loeschen' })
@ApiParam({ name: 'id', type: 'string', format: 'uuid' })
async remove(
@CurrentUser() user: JwtPayload,
@Param('id', ParseUUIDPipe) id: string,
) {
const activity = await this.activitiesService.remove(user.tenantId!, id);
return singleResponse(activity);
}
}
Reference in a new issue View git blame Copy permalink