fix(end-customers): allow admin to create end customers without company_id
All checks were successful
Staging Build / build (push) Successful in 2m38s
All checks were successful
Staging Build / build (push) Successful in 2m38s
This commit is contained in:
@@ -74,26 +74,32 @@ export async function getEndCustomer(id: string): Promise<EndCustomer | null> {
|
|||||||
* Legt einen neuen Endkunden für den eingeloggten Partner an.
|
* Legt einen neuen Endkunden für den eingeloggten Partner an.
|
||||||
* partner_id wird serverseitig aus der Session gesetzt (kein Client-Trust).
|
* partner_id wird serverseitig aus der Session gesetzt (kein Client-Trust).
|
||||||
*/
|
*/
|
||||||
export async function createEndCustomer(formData: EndCustomerFormData): Promise<EndCustomer> {
|
export async function createEndCustomer(formData: EndCustomerFormData, companyId?: string): Promise<EndCustomer> {
|
||||||
const supabase = await createClient()
|
const supabase = await createClient()
|
||||||
|
|
||||||
const { data: { user } } = await supabase.auth.getUser()
|
const { data: { user } } = await supabase.auth.getUser()
|
||||||
if (!user) throw new Error('Not authenticated')
|
if (!user) throw new Error('Not authenticated')
|
||||||
|
|
||||||
const { data: dbUser, error: dbUserError } = await supabase
|
const { data: dbUser } = await supabase
|
||||||
.from('users')
|
.from('users')
|
||||||
.select('company_id')
|
.select('role, company_id')
|
||||||
.eq('id', user.id)
|
.eq('id', user.id)
|
||||||
.single()
|
.single()
|
||||||
|
|
||||||
if (dbUserError || !dbUser || !dbUser.company_id) {
|
const isAdmin = dbUser?.role === 'admin'
|
||||||
|
const resolvedCompanyId = dbUser?.company_id || companyId
|
||||||
|
|
||||||
|
if (!isAdmin && !resolvedCompanyId) {
|
||||||
throw new Error('Kein Unternehmen zugewiesen.')
|
throw new Error('Kein Unternehmen zugewiesen.')
|
||||||
}
|
}
|
||||||
|
|
||||||
const { data, error } = await supabase
|
// Admin ohne company_id braucht adminClient (RLS erlaubt kein INSERT ohne passende partner_id)
|
||||||
|
const client = (!dbUser?.company_id && isAdmin) ? createAdminClient() : supabase
|
||||||
|
|
||||||
|
const { data, error } = await client
|
||||||
.from('end_customers')
|
.from('end_customers')
|
||||||
.insert([{
|
.insert([{
|
||||||
partner_id: dbUser.company_id,
|
partner_id: resolvedCompanyId || user.id,
|
||||||
company_name: formData.company_name,
|
company_name: formData.company_name,
|
||||||
vat_id: formData.vat_id || null,
|
vat_id: formData.vat_id || null,
|
||||||
first_name: formData.first_name || null,
|
first_name: formData.first_name || null,
|
||||||
|
|||||||
Reference in New Issue
Block a user