Added Multi-Company Support

This commit is contained in:
2026-06-08 00:54:21 -05:00
parent c164395915
commit db614a6707
32 changed files with 1133 additions and 323 deletions

View File

@@ -17,8 +17,12 @@ const userSelect = `
LEFT JOIN teams t ON t.id = u.team_id
`;
const companies = require('../services/companies');
function publicAdminUser(id) {
return one(`${userSelect} WHERE u.id = ?`, [id]);
const user = one(`${userSelect} WHERE u.id = ?`, [id]);
if (user) user.company_ids = companies.assignedCompanyIds(user.id);
return user;
}
function validateRole(role) {
@@ -45,7 +49,8 @@ router.put('/settings', requireCapability('admin.settings'), (req, res) => {
});
router.get('/users', requireCapability('admin.users'), (req, res) => {
res.json({ users: all(`${userSelect} ORDER BY u.name`) });
const users = all(`${userSelect} ORDER BY u.name`).map((u) => ({ ...u, company_ids: companies.assignedCompanyIds(u.id) }));
res.json({ users });
});
router.post('/users', requireCapability('admin.users'), (req, res) => {
@@ -77,6 +82,9 @@ router.post('/users', requireCapability('admin.users'), (req, res) => {
]
);
passwordPolicy.recordPassword(result.lastInsertRowid, hash);
// Assign company access: the supplied list, else default to the creating admin's active company.
const companyIds = Array.isArray(req.body.company_ids) && req.body.company_ids.length ? req.body.company_ids : (req.companyId ? [req.companyId] : []);
companies.setUserCompanies(result.lastInsertRowid, companyIds, req.user.id);
audit(req.user.id, 'create', 'user', result.lastInsertRowid, null, { ...req.body, password: '[redacted]' });
res.status(201).json({ user: publicAdminUser(result.lastInsertRowid) });
});
@@ -145,6 +153,10 @@ router.put('/users/:id', requireCapability('admin.users'), (req, res) => {
passwordPolicy.recordPassword(req.params.id, hash);
}
if (req.body.company_ids !== undefined) {
companies.setUserCompanies(req.params.id, req.body.company_ids, req.user.id);
}
const user = publicAdminUser(req.params.id);
audit(req.user.id, 'update', 'user', req.params.id, before, { ...user, password: req.body.password ? '[changed]' : undefined });
return res.json({ user });