admin/39947-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39947-vm/backend/src/db/api/contacts.js
Flatlogic Bot 72e077c63f Implement tenant isolation hardening and UI updates
2026-05-10 21:24:49 +00:00

800 lines
19 KiB
JavaScript
Raw Blame History

const db = require('../models');
const FileDBApi = require('./file');
const crypto = require('crypto');
const Utils = require('../utils');
const Sequelize = db.Sequelize;
const Op = Sequelize.Op;
module.exports = class ContactsDBApi {
static async create(data, options) {
const currentUser = (options && options.currentUser) || { id: null };
const transaction = (options && options.transaction) || undefined;
const contacts = await db.contacts.create(
{
id: data.id || undefined,
first_name: data.first_name
||
null
,
last_name: data.last_name
||
null
,
email: data.email
||
null
,
phone: data.phone
||
null
,
job_title: data.job_title
||
null
,
whatsapp: data.whatsapp
||
null
,
linkedin_url: data.linkedin_url
||
null
,
preferred_channel: data.preferred_channel
||
null
,
allow_email: data.allow_email
||
false
,
allow_sms: data.allow_sms
||
false
,
allow_whatsapp: data.allow_whatsapp
||
false
,
lifecycle_stage: data.lifecycle_stage
||
null
,
notes: data.notes
||
null
,
importHash: data.importHash || null,
createdById: currentUser.id,
updatedById: currentUser.id,
},
{ transaction },
);
await contacts.setTenant( data.tenant || null, {
transaction,
});
await contacts.setCompany( data.company || null, {
transaction,
});
await contacts.setOrganizations( data.organizations || null, {
transaction,
});
return contacts;
}
static async bulkImport(data, options) {
const currentUser = (options && options.currentUser) || { id: null };
const transaction = (options && options.transaction) || undefined;
// Prepare data - wrapping individual data transformations in a map() method
const contactsData = data.map((item, index) => ({
id: item.id || undefined,
first_name: item.first_name
||
null
,
last_name: item.last_name
||
null
,
email: item.email
||
null
,
phone: item.phone
||
null
,
job_title: item.job_title
||
null
,
whatsapp: item.whatsapp
||
null
,
linkedin_url: item.linkedin_url
||
null
,
preferred_channel: item.preferred_channel
||
null
,
allow_email: item.allow_email
||
false
,
allow_sms: item.allow_sms
||
false
,
allow_whatsapp: item.allow_whatsapp
||
false
,
lifecycle_stage: item.lifecycle_stage
||
null
,
notes: item.notes
||
null
,
importHash: item.importHash || null,
createdById: currentUser.id,
updatedById: currentUser.id,
createdAt: new Date(Date.now() + index * 1000),
}));
// Bulk create items
const contacts = await db.contacts.bulkCreate(contactsData, { transaction });
// For each item created, replace relation files
return contacts;
}
static async update(id, data, options) {
const currentUser = (options && options.currentUser) || {id: null};
const transaction = (options && options.transaction) || undefined;
const globalAccess = currentUser.app_role?.globalAccess;
const contacts = await db.contacts.findByPk(id, {}, {transaction});
const updatePayload = {};
if (data.first_name !== undefined) updatePayload.first_name = data.first_name;
if (data.last_name !== undefined) updatePayload.last_name = data.last_name;
if (data.email !== undefined) updatePayload.email = data.email;
if (data.phone !== undefined) updatePayload.phone = data.phone;
if (data.job_title !== undefined) updatePayload.job_title = data.job_title;
if (data.whatsapp !== undefined) updatePayload.whatsapp = data.whatsapp;
if (data.linkedin_url !== undefined) updatePayload.linkedin_url = data.linkedin_url;
if (data.preferred_channel !== undefined) updatePayload.preferred_channel = data.preferred_channel;
if (data.allow_email !== undefined) updatePayload.allow_email = data.allow_email;
if (data.allow_sms !== undefined) updatePayload.allow_sms = data.allow_sms;
if (data.allow_whatsapp !== undefined) updatePayload.allow_whatsapp = data.allow_whatsapp;
if (data.lifecycle_stage !== undefined) updatePayload.lifecycle_stage = data.lifecycle_stage;
if (data.notes !== undefined) updatePayload.notes = data.notes;
updatePayload.updatedById = currentUser.id;
await contacts.update(updatePayload, {transaction});
if (data.tenant !== undefined) {
await contacts.setTenant(
data.tenant,
{ transaction }
);
}
if (data.company !== undefined) {
await contacts.setCompany(
data.company,
{ transaction }
);
}
if (data.organizations !== undefined) {
await contacts.setOrganizations(
data.organizations,
{ transaction }
);
}
return contacts;
}
static async deleteByIds(ids, options) {
const currentUser = (options && options.currentUser) || { id: null };
const transaction = (options && options.transaction) || undefined;
const contacts = await db.contacts.findAll({
where: {
id: {
[Op.in]: ids,
},
},
transaction,
});
if (contacts.length !== ids.length) {
const error = new Error('One or more items were not found in the current organization scope.');
error.code = 404;
throw error;
}
await db.sequelize.transaction(async (transaction) => {
for (const record of contacts) {
await record.update(
{deletedBy: currentUser.id},
{transaction}
);
}
for (const record of contacts) {
await record.destroy({transaction});
}
});
return contacts;
}
static async remove(id, options) {
const currentUser = (options && options.currentUser) || {id: null};
const transaction = (options && options.transaction) || undefined;
const contacts = await db.contacts.findByPk(id, options);
if (!contacts) {
const error = new Error('Item not found in the current organization scope.');
error.code = 404;
throw error;
}
await contacts.update({
deletedBy: currentUser.id
}, {
transaction,
});
await contacts.destroy({
transaction
});
return contacts;
}
static async findBy(where, options) {
const transaction = (options && options.transaction) || undefined;
const contacts = await db.contacts.findOne(
{ where },
{ transaction },
);
if (!contacts) {
return contacts;
}
const output = contacts.get({plain: true});
output.deals_primary_contact = await contacts.getDeals_primary_contact({
transaction
});
output.support_tickets_contact = await contacts.getSupport_tickets_contact({
transaction
});
output.csat_surveys_contact = await contacts.getCsat_surveys_contact({
transaction
});
output.tenant = await contacts.getTenant({
transaction
});
output.company = await contacts.getCompany({
transaction
});
output.organizations = await contacts.getOrganizations({
transaction
});
return output;
}
static async findAll(
filter,
globalAccess, options
) {
const limit = filter.limit || 0;
let offset = 0;
let where = {};
const currentPage = +filter.page;
const user = (options && options.currentUser) || null;
const userOrganizations = (user && user.organizations?.id) || null;
if (userOrganizations) {
if (options?.currentUser?.organizationsId) {
where.organizationsId = options.currentUser.organizationsId;
}
}
offset = currentPage * limit;
const orderBy = null;
const transaction = (options && options.transaction) || undefined;
let include = [
{
model: db.tenants,
as: 'tenant',
where: filter.tenant ? {
[Op.or]: [
{ id: { [Op.in]: filter.tenant.split('|').map(term => Utils.uuid(term)) } },
{
name: {
[Op.or]: filter.tenant.split('|').map(term => ({ [Op.iLike]: `%${term}%` }))
}
},
]
} : {},
},
{
model: db.companies,
as: 'company',
where: filter.company ? {
[Op.or]: [
{ id: { [Op.in]: filter.company.split('|').map(term => Utils.uuid(term)) } },
{
legal_name: {
[Op.or]: filter.company.split('|').map(term => ({ [Op.iLike]: `%${term}%` }))
}
},
]
} : {},
},
{
model: db.organizations,
as: 'organizations',
},
];
if (filter) {
if (filter.id) {
where = {
...where,
['id']: Utils.uuid(filter.id),
};
}
if (filter.first_name) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'first_name',
filter.first_name,
),
};
}
if (filter.last_name) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'last_name',
filter.last_name,
),
};
}
if (filter.email) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'email',
filter.email,
),
};
}
if (filter.phone) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'phone',
filter.phone,
),
};
}
if (filter.job_title) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'job_title',
filter.job_title,
),
};
}
if (filter.whatsapp) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'whatsapp',
filter.whatsapp,
),
};
}
if (filter.linkedin_url) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'linkedin_url',
filter.linkedin_url,
),
};
}
if (filter.preferred_channel) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'preferred_channel',
filter.preferred_channel,
),
};
}
if (filter.notes) {
where = {
...where,
[Op.and]: Utils.ilike(
'contacts',
'notes',
filter.notes,
),
};
}
if (filter.active !== undefined) {
where = {
...where,
active: filter.active === true || filter.active === 'true'
};
}
if (filter.allow_email) {
where = {
...where,
allow_email: filter.allow_email,
};
}
if (filter.allow_sms) {
where = {
...where,
allow_sms: filter.allow_sms,
};
}
if (filter.allow_whatsapp) {
where = {
...where,
allow_whatsapp: filter.allow_whatsapp,
};
}
if (filter.lifecycle_stage) {
where = {
...where,
lifecycle_stage: filter.lifecycle_stage,
};
}
if (filter.organizations) {
const listItems = filter.organizations.split('|').map(item => {
return Utils.uuid(item)
});
where = {
...where,
organizationsId: {[Op.or]: listItems}
};
}
if (filter.createdAtRange) {
const [start, end] = filter.createdAtRange;
if (start !== undefined && start !== null && start !== '') {
where = {
...where,
['createdAt']: {
...where.createdAt,
[Op.gte]: start,
},
};
}
if (end !== undefined && end !== null && end !== '') {
where = {
...where,
['createdAt']: {
...where.createdAt,
[Op.lte]: end,
},
};
}
}
}
if (globalAccess) {
delete where.organizationsId;
}
const queryOptions = {
where,
include,
distinct: true,
order: filter.field && filter.sort
? [[filter.field, filter.sort]]
: [['createdAt', 'desc']],
transaction: options?.transaction,
logging: console.log
};
if (!options?.countOnly) {
queryOptions.limit = limit ? Number(limit) : undefined;
queryOptions.offset = offset ? Number(offset) : undefined;
}
try {
const { rows, count } = await db.contacts.findAndCountAll(queryOptions);
return {
rows: options?.countOnly ? [] : rows,
count: count
};
} catch (error) {
console.error('Error executing query:', error);
throw error;
}
}
static async findAllAutocomplete(query, limit, offset, globalAccess, organizationId,) {
let where = {};
if (!globalAccess && organizationId) {
where.organizationsId = organizationId;
}
if (query) {
where = {
[Op.or]: [
{ ['id']: Utils.uuid(query) },
Utils.ilike(
'contacts',
'email',
query,
),
],
};
}
const records = await db.contacts.findAll({
attributes: [ 'id', 'email' ],
where,
limit: limit ? Number(limit) : undefined,
offset: offset ? Number(offset) : undefined,
orderBy: [['email', 'ASC']],
});
return records.map((record) => ({
id: record.id,
label: record.email,
}));
}
};
Reference in New Issue View Git Blame Copy Permalink