Add multi-vendor capability with admin vendor management
- Add resolveVendorId() helper — admin can pass ?vendorId= to scope catalog operations to any vendor; other roles locked to JWT vendorId - Thread ?vendorId= through products, categories, taxes, events routes - Add DELETE /vendors/:id (admin only) with cascade-safe guard: blocks if vendor has users or transactions; otherwise cascade-deletes EventProduct → EventTax → Event → Product → Tax → Category → Vendor - Rewrite VendorPage: admin gets full CRUD list, vendor gets own settings - Add VendorFilter shared component (admin-only dropdown) - Integrate VendorFilter into Catalog, Users, and Events pages so admin can switch vendor context for all create/read operations Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
16
server/src/lib/vendorScope.ts
Normal file
16
server/src/lib/vendorScope.ts
Normal file
@@ -0,0 +1,16 @@
|
||||
import { AuthenticatedRequest } from "../types/index.js";
|
||||
|
||||
/**
|
||||
* Resolves the effective vendorId for a request.
|
||||
* Admin users may pass ?vendorId= to operate on any vendor's data.
|
||||
* All other roles are locked to their own vendorId.
|
||||
*/
|
||||
export function resolveVendorId(
|
||||
authReq: AuthenticatedRequest,
|
||||
query: Record<string, unknown> = {}
|
||||
): string {
|
||||
if (authReq.auth.roleName === "admin" && typeof query.vendorId === "string" && query.vendorId) {
|
||||
return query.vendorId;
|
||||
}
|
||||
return authReq.auth.vendorId;
|
||||
}
|
||||
Reference in New Issue
Block a user