v0.12.22 User Manager updates

2026-03-24 15:19:32 -04:00
parent 65e7cc4007
commit 72094d7d15
8 changed files with 372 additions and 64 deletions
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "rosterchirp-backend",
-  "version": "0.12.21",
+  "version": "0.12.22",
  "description": "RosterChirp backend server",
  "main": "src/index.js",
  "scripts": {
--- a/backend/src/routes/usergroups.js
+++ b/backend/src/routes/usergroups.js
@@ -193,6 +193,14 @@ router.get('/', authMiddleware, teamManagerMiddleware, async (req, res) => {
  } catch (e) { res.status(500).json({ error: e.message }); }
 });

+// GET /byuser/:userId — user group IDs for a specific user
+router.get('/byuser/:userId', authMiddleware, teamManagerMiddleware, async (req, res) => {
+  try {
+    const rows = await query(req.schema, 'SELECT user_group_id FROM user_group_members WHERE user_id=$1', [req.params.userId]);
+    res.json({ groupIds: rows.map(r => r.user_group_id) });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
 // GET /:id
 router.get('/:id', authMiddleware, teamManagerMiddleware, async (req, res) => {
  try {
@@ -364,6 +372,80 @@ router.delete('/:id', authMiddleware, teamManagerMiddleware, async (req, res) =>
 });


+// POST /:id/members/:userId — add a single user to a group (with DM + notifications)
+router.post('/:id/members/:userId', authMiddleware, teamManagerMiddleware, async (req, res) => {
+  try {
+    const ug = await queryOne(req.schema, 'SELECT * FROM user_groups WHERE id=$1', [req.params.id]);
+    if (!ug) return res.status(404).json({ error: 'Not found' });
+    const userId = parseInt(req.params.userId);
+    const defaultAdmin = await queryOne(req.schema, 'SELECT id FROM users WHERE is_default_admin=TRUE');
+    if (defaultAdmin && userId === defaultAdmin.id) return res.status(400).json({ error: 'Cannot add default admin to user groups' });
+
+    await exec(req.schema, 'INSERT INTO user_group_members (user_group_id,user_id) VALUES ($1,$2) ON CONFLICT DO NOTHING', [ug.id, userId]);
+
+    if (ug.dm_group_id) {
+      await addUserSilent(req.schema, ug.dm_group_id, userId);
+      const u = await queryOne(req.schema, 'SELECT name,display_name FROM users WHERE id=$1', [userId]);
+      await postSysMsg(req.schema, ug.dm_group_id, req.user.id, `${u?.display_name||u?.name||'A user'} has joined the conversation.`);
+    }
+
+    // Propagate to multi-group DMs
+    const mgDms = await query(req.schema, `
+      SELECT mgd.id, mgd.dm_group_id FROM multi_group_dm_members mgdm
+      JOIN multi_group_dms mgd ON mgd.id=mgdm.multi_group_dm_id WHERE mgdm.user_group_id=$1
+    `, [ug.id]);
+    for (const mg of mgDms) {
+      if (!mg.dm_group_id) continue;
+      await addUserSilent(req.schema, mg.dm_group_id, userId);
+      const u = await queryOne(req.schema, 'SELECT name,display_name FROM users WHERE id=$1', [userId]);
+      await postSysMsg(req.schema, mg.dm_group_id, req.user.id, `${u?.display_name||u?.name||'A user'} has joined this conversation.`);
+    }
+
+    res.json({ success: true });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
+// DELETE /:id/members/:userId — remove a single user from a group (with DM + notifications)
+router.delete('/:id/members/:userId', authMiddleware, teamManagerMiddleware, async (req, res) => {
+  try {
+    const ug = await queryOne(req.schema, 'SELECT * FROM user_groups WHERE id=$1', [req.params.id]);
+    if (!ug) return res.status(404).json({ error: 'Not found' });
+    const userId = parseInt(req.params.userId);
+
+    await exec(req.schema, 'DELETE FROM user_group_members WHERE user_group_id=$1 AND user_id=$2', [ug.id, userId]);
+
+    if (ug.dm_group_id) {
+      await exec(req.schema, 'DELETE FROM group_members WHERE group_id=$1 AND user_id=$2', [ug.dm_group_id, userId]);
+      io.in(R(req.schema,'user',userId)).socketsLeave(R(req.schema,'group',ug.dm_group_id));
+      io.to(R(req.schema,'user',userId)).emit('group:deleted', { groupId: ug.dm_group_id });
+      const u = await queryOne(req.schema, 'SELECT name,display_name FROM users WHERE id=$1', [userId]);
+      await postSysMsg(req.schema, ug.dm_group_id, req.user.id, `${u?.display_name||u?.name||'A user'} has been removed from the conversation.`);
+    }
+
+    // Propagate to multi-group DMs
+    const mgDms = await query(req.schema, `
+      SELECT mgd.id, mgd.dm_group_id FROM multi_group_dm_members mgdm
+      JOIN multi_group_dms mgd ON mgd.id=mgdm.multi_group_dm_id WHERE mgdm.user_group_id=$1
+    `, [ug.id]);
+    for (const mg of mgDms) {
+      if (!mg.dm_group_id) continue;
+      const stillIn = await queryOne(req.schema, `
+        SELECT 1 FROM multi_group_dm_members mgdm JOIN user_group_members ugm ON ugm.user_group_id=mgdm.user_group_id
+        WHERE mgdm.multi_group_dm_id=$1 AND ugm.user_id=$2
+      `, [mg.id, userId]);
+      if (!stillIn) {
+        await exec(req.schema, 'DELETE FROM group_members WHERE group_id=$1 AND user_id=$2', [mg.dm_group_id, userId]);
+        io.in(R(req.schema,'user',userId)).socketsLeave(R(req.schema,'group',mg.dm_group_id));
+        io.to(R(req.schema,'user',userId)).emit('group:deleted', { groupId: mg.dm_group_id });
+        const u = await queryOne(req.schema, 'SELECT name,display_name FROM users WHERE id=$1', [userId]);
+        await postSysMsg(req.schema, mg.dm_group_id, req.user.id, `${u?.display_name||u?.name||'A user'} has been removed from this conversation.`);
+      }
+    }
+
+    res.json({ success: true });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
 // ── U2U DM Restrictions ───────────────────────────────────────────────────────

 // GET /:id/restrictions — get blocked group IDs for a user group
--- a/backend/src/routes/users.js
+++ b/backend/src/routes/users.js
@@ -152,29 +152,47 @@ router.post('/bulk', authMiddleware, teamManagerMiddleware, async (req, res) =>
  const results = { created: [], skipped: [] };
  const seenEmails = new Set();
  const defaultPw = process.env.USER_PASS || 'user@1234';
+  const validRoles = ['member', 'manager', 'admin'];
  try {
    for (const u of users) {
-      const email = (u.email || '').trim().toLowerCase();
-      const name  = (u.name  || '').trim();
-      if (!name || !email)        { results.skipped.push({ email: email || '(blank)', reason: 'Missing name or email' }); continue; }
-      if (!isValidEmail(email))   { results.skipped.push({ email, reason: 'Invalid email address' }); continue; }
-      if (seenEmails.has(email))  { results.skipped.push({ email, reason: 'Duplicate email in CSV' }); continue; }
+      const email     = (u.email     || '').trim().toLowerCase();
+      const firstName = (u.firstName || '').trim();
+      const lastName  = (u.lastName  || '').trim();
+      // Support legacy name field too
+      const name = (firstName && lastName) ? `${firstName} ${lastName}` : (u.name || '').trim();
+      if (!email)              { results.skipped.push({ email: '(blank)', reason: 'Email required' }); continue; }
+      if (!isValidEmail(email)){ results.skipped.push({ email, reason: 'Invalid email address' }); continue; }
+      if (!name)               { results.skipped.push({ email, reason: 'First and last name required' }); continue; }
+      if (seenEmails.has(email)){ results.skipped.push({ email, reason: 'Duplicate email in CSV' }); continue; }
      seenEmails.add(email);
      const exists = await queryOne(req.schema, "SELECT id FROM users WHERE email=$1 AND status != 'deleted'", [email]);
      if (exists) { results.skipped.push({ email, reason: 'Email already exists' }); continue; }
      try {
        const resolvedName = await resolveUniqueName(req.schema, name);
-        const pw   = (u.password || '').trim() || defaultPw;
-        const hash = bcrypt.hashSync(pw, 10);
-        const newRole = u.role === 'admin' ? 'admin' : 'member';
+        const pw       = (u.password || '').trim() || defaultPw;
+        const hash     = bcrypt.hashSync(pw, 10);
+        const newRole  = validRoles.includes(u.role) ? u.role : 'member';
+        const fn       = firstName || name.split(' ')[0] || '';
+        const ln       = lastName  || name.split(' ').slice(1).join(' ') || '';
        const r = await queryResult(req.schema,
-          "INSERT INTO users (name,email,password,role,status,must_change_password) VALUES ($1,$2,$3,$4,'active',TRUE) RETURNING id",
-          [resolvedName, email, hash, newRole]
+          "INSERT INTO users (name,first_name,last_name,email,password,role,status,must_change_password) VALUES ($1,$2,$3,$4,$5,$6,'active',TRUE) RETURNING id",
+          [resolvedName, fn, ln, email, hash, newRole]
        );
-        await addUserToPublicGroups(req.schema, r.rows[0].id);
+        const userId = r.rows[0].id;
+        await addUserToPublicGroups(req.schema, userId);
        if (newRole === 'admin') {
          const sgId = await getOrCreateSupportGroup(req.schema);
-          if (sgId) await exec(req.schema, 'INSERT INTO group_members (group_id,user_id) VALUES ($1,$2) ON CONFLICT DO NOTHING', [sgId, r.rows[0].id]);
+          if (sgId) await exec(req.schema, 'INSERT INTO group_members (group_id,user_id) VALUES ($1,$2) ON CONFLICT DO NOTHING', [sgId, userId]);
+        }
+        // Add to user group if specified (silent — user was just created, no socket needed)
+        if (u.userGroupId) {
+          const ug = await queryOne(req.schema, 'SELECT * FROM user_groups WHERE id=$1', [u.userGroupId]);
+          if (ug) {
+            await exec(req.schema, 'INSERT INTO user_group_members (user_group_id,user_id) VALUES ($1,$2) ON CONFLICT DO NOTHING', [ug.id, userId]);
+            if (ug.dm_group_id) {
+              await exec(req.schema, 'INSERT INTO group_members (group_id,user_id) VALUES ($1,$2) ON CONFLICT DO NOTHING', [ug.dm_group_id, userId]);
+            }
+          }
        }
        results.created.push(email);
      } catch (e) { results.skipped.push({ email, reason: e.message }); }