Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

complete new audit system

Browse Source
This commit is contained in:
duffyduck
2026-03-21 18:23:54 +01:00
parent 4f359df161
commit 219e1930f7
159 changed files with 2841 additions and 736 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/dist/controllers/customer.controller.js
Vendored
+465 -28
View File
@@ -32,6 +32,9 @@ var __importStar = (this && this.__importStar) || (function () {
return result;
};
})();
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getCustomers = getCustomers;
exports.getCustomer = getCustomer;
@@ -69,10 +72,10 @@ exports.getRepresentatives = getRepresentatives;
exports.addRepresentative = addRepresentative;
exports.removeRepresentative = removeRepresentative;
exports.searchForRepresentative = searchForRepresentative;
const client_1 = require("@prisma/client");
const prisma_js_1 = __importDefault(require("../lib/prisma.js"));
const customerService = __importStar(require("../services/customer.service.js"));
const authService = __importStar(require("../services/auth.service.js"));
const prisma = new client_1.PrismaClient();
const audit_service_js_1 = require("../services/audit.service.js");
// Customer CRUD
async function getCustomers(req, res) {
try {
@@ -113,6 +116,12 @@ async function createCustomer(req, res) {
data.birthDate = new Date(data.birthDate);
}
const customer = await customerService.createCustomer(data);
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'Customer',
resourceId: customer.id.toString(),
label: `Kunde ${customer.customerNumber} angelegt (${customer.firstName} ${customer.lastName})`,
customerId: customer.id,
});
res.status(201).json({ success: true, data: customer });
}
catch (error) {
@@ -124,12 +133,73 @@ async function createCustomer(req, res) {
}
async function updateCustomer(req, res) {
try {
const customerId = parseInt(req.params.id);
const data = { ...req.body };
// Convert birthDate string to Date if present
if (data.birthDate) {
// Vorherigen Stand laden für Audit
const before = await prisma_js_1.default.customer.findUnique({ where: { id: customerId } });
// Convert birthDate string to Date if present, empty string to null
if (data.birthDate === '' || data.birthDate === null) {
data.birthDate = null;
}
else if (data.birthDate) {
data.birthDate = new Date(data.birthDate);
}
const customer = await customerService.updateCustomer(parseInt(req.params.id), data);
// Leere Strings in optionalen Feldern zu null konvertieren
const nullableFields = ['salutation', 'birthPlace', 'phone', 'mobile', 'email', 'companyName', 'taxNumber', 'businessRegistration', 'commercialRegister', 'commercialRegisterNumber', 'notes'];
for (const field of nullableFields) {
if (data[field] === '')
data[field] = null;
}
const customer = await customerService.updateCustomer(customerId, data);
// Audit: Geänderte Felder ermitteln und loggen
if (before) {
const changes = {};
const fieldLabels = {
salutation: 'Anrede', firstName: 'Vorname', lastName: 'Nachname', email: 'E-Mail',
phone: 'Telefon', mobile: 'Mobil', birthDate: 'Geburtsdatum', birthPlace: 'Geburtsort',
companyName: 'Firma', type: 'Typ', taxNumber: 'Steuernummer', notes: 'Notizen',
};
for (const [key, value] of Object.entries(data)) {
// Technische/interne Felder überspringen
if (['id', 'createdAt', 'updatedAt', 'customerNumber', 'portalPasswordHash', 'portalPasswordEncrypted'].includes(key))
continue;
const oldVal = before[key];
const newVal = value;
// Normalisieren: null, undefined, "" werden alle als "leer" behandelt
const normalize = (v) => {
if (v === null || v === undefined || v === '')
return null;
if (v instanceof Date)
return v.toISOString().split('T')[0];
return v;
};
const oldNorm = normalize(oldVal);
const newNorm = normalize(newVal);
if (JSON.stringify(oldNorm) !== JSON.stringify(newNorm)) {
const label = fieldLabels[key] || key;
const formatVal = (v) => {
if (v === null || v === undefined || v === '')
return '-';
if (v instanceof Date)
return v.toLocaleDateString('de-DE', { day: '2-digit', month: '2-digit', year: 'numeric' });
if (typeof v === 'boolean')
return v ? 'Ja' : 'Nein';
return String(v);
};
changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) };
}
}
if (Object.keys(changes).length > 0) {
const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von}${c.nach}`).join(', ');
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'Customer',
resourceId: customerId.toString(),
label: `Kunde ${before.customerNumber} aktualisiert: ${changeList}`,
details: changes,
customerId,
});
}
}
res.json({ success: true, data: customer });
}
catch (error) {
@@ -142,7 +212,15 @@ async function updateCustomer(req, res) {
}
async function deleteCustomer(req, res) {
try {
await customerService.deleteCustomer(parseInt(req.params.id));
const customerId = parseInt(req.params.id);
const customer = await prisma_js_1.default.customer.findUnique({ where: { id: customerId }, select: { customerNumber: true, firstName: true, lastName: true } });
await customerService.deleteCustomer(customerId);
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'Customer',
resourceId: customerId.toString(),
label: `Kunde ${customer?.customerNumber} gelöscht (${customer?.firstName} ${customer?.lastName})`,
customerId,
});
res.json({ success: true, message: 'Kunde gelöscht' });
}
catch (error) {
@@ -164,7 +242,14 @@ async function getAddresses(req, res) {
}
async function createAddress(req, res) {
try {
const address = await customerService.createAddress(parseInt(req.params.customerId), req.body);
const customerId = parseInt(req.params.customerId);
const address = await customerService.createAddress(customerId, req.body);
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'Address',
resourceId: address.id.toString(),
label: `Adresse hinzugefügt für Kunde #${customerId}`,
customerId,
});
res.status(201).json({ success: true, data: address });
}
catch (error) {
@@ -176,7 +261,53 @@ async function createAddress(req, res) {
}
async function updateAddress(req, res) {
try {
const address = await customerService.updateAddress(parseInt(req.params.id), req.body);
const addressId = parseInt(req.params.id);
const data = req.body;
// Vorherigen Stand laden für Audit
const before = await prisma_js_1.default.address.findUnique({ where: { id: addressId } });
const address = await customerService.updateAddress(addressId, data);
const customerId = address.customerId;
// Audit: Geänderte Felder ermitteln und loggen
if (before) {
const changes = {};
const fieldLabels = {
street: 'Straße', houseNumber: 'Hausnummer', postalCode: 'PLZ',
city: 'Stadt', country: 'Land', type: 'Typ', isDefault: 'Standard',
};
for (const [key, newVal] of Object.entries(data)) {
if (['id', 'createdAt', 'updatedAt'].includes(key))
continue;
const oldVal = before[key];
const norm = (v) => (v === null || v === undefined || v === '' ? null : v);
if (JSON.stringify(norm(oldVal)) !== JSON.stringify(norm(newVal))) {
const label = fieldLabels[key] || key;
const formatVal = (v) => {
if (v === null || v === undefined || v === '')
return '-';
if (typeof v === 'boolean')
return v ? 'Ja' : 'Nein';
return String(v);
};
changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) };
}
}
const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von}${c.nach}`).join(', ');
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'Address',
resourceId: address.id.toString(),
label: changeList ? `Adresse aktualisiert für Kunde #${customerId}: ${changeList}` : `Adresse aktualisiert für Kunde #${customerId}`,
details: Object.keys(changes).length > 0 ? changes : undefined,
customerId,
});
}
else {
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'Address',
resourceId: address.id.toString(),
label: `Adresse aktualisiert für Kunde #${customerId}`,
customerId,
});
}
res.json({ success: true, data: address });
}
catch (error) {
@@ -188,7 +319,16 @@ async function updateAddress(req, res) {
}
async function deleteAddress(req, res) {
try {
await customerService.deleteAddress(parseInt(req.params.id));
const addressId = parseInt(req.params.id);
const addr = await prisma_js_1.default.address.findUnique({ where: { id: addressId }, select: { customerId: true } });
const customerId = addr?.customerId;
await customerService.deleteAddress(addressId);
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'Address',
resourceId: addressId.toString(),
label: `Adresse gelöscht für Kunde #${customerId}`,
customerId: customerId ?? undefined,
});
res.json({ success: true, message: 'Adresse gelöscht' });
}
catch (error) {
@@ -211,7 +351,14 @@ async function getBankCards(req, res) {
}
async function createBankCard(req, res) {
try {
const card = await customerService.createBankCard(parseInt(req.params.customerId), req.body);
const customerId = parseInt(req.params.customerId);
const card = await customerService.createBankCard(customerId, req.body);
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'BankCard',
resourceId: card.id.toString(),
label: `Bankverbindung hinzugefügt für Kunde #${customerId}`,
customerId,
});
res.status(201).json({ success: true, data: card });
}
catch (error) {
@@ -223,7 +370,53 @@ async function createBankCard(req, res) {
}
async function updateBankCard(req, res) {
try {
const card = await customerService.updateBankCard(parseInt(req.params.id), req.body);
const cardId = parseInt(req.params.id);
const data = req.body;
// Vorherigen Stand laden für Audit
const before = await prisma_js_1.default.bankCard.findUnique({ where: { id: cardId } });
const card = await customerService.updateBankCard(cardId, data);
const customerId = card.customerId;
// Audit: Geänderte Felder ermitteln und loggen
if (before) {
const changes = {};
const fieldLabels = {
iban: 'IBAN', bic: 'BIC', bankName: 'Bank',
accountHolder: 'Kontoinhaber', isActive: 'Aktiv',
};
for (const [key, newVal] of Object.entries(data)) {
if (['id', 'createdAt', 'updatedAt'].includes(key))
continue;
const oldVal = before[key];
const norm = (v) => (v === null || v === undefined || v === '' ? null : v);
if (JSON.stringify(norm(oldVal)) !== JSON.stringify(norm(newVal))) {
const label = fieldLabels[key] || key;
const formatVal = (v) => {
if (v === null || v === undefined || v === '')
return '-';
if (typeof v === 'boolean')
return v ? 'Ja' : 'Nein';
return String(v);
};
changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) };
}
}
const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von}${c.nach}`).join(', ');
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'BankCard',
resourceId: card.id.toString(),
label: changeList ? `Bankverbindung aktualisiert für Kunde #${customerId}: ${changeList}` : `Bankverbindung aktualisiert für Kunde #${customerId}`,
details: Object.keys(changes).length > 0 ? changes : undefined,
customerId,
});
}
else {
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'BankCard',
resourceId: card.id.toString(),
label: `Bankverbindung aktualisiert für Kunde #${customerId}`,
customerId,
});
}
res.json({ success: true, data: card });
}
catch (error) {
@@ -235,7 +428,16 @@ async function updateBankCard(req, res) {
}
async function deleteBankCard(req, res) {
try {
await customerService.deleteBankCard(parseInt(req.params.id));
const cardId = parseInt(req.params.id);
const card = await prisma_js_1.default.bankCard.findUnique({ where: { id: cardId }, select: { customerId: true } });
const customerId = card?.customerId;
await customerService.deleteBankCard(cardId);
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'BankCard',
resourceId: cardId.toString(),
label: `Bankverbindung gelöscht für Kunde #${customerId}`,
customerId: customerId ?? undefined,
});
res.json({ success: true, message: 'Bankkarte gelöscht' });
}
catch (error) {
@@ -258,7 +460,14 @@ async function getDocuments(req, res) {
}
async function createDocument(req, res) {
try {
const doc = await customerService.createDocument(parseInt(req.params.customerId), req.body);
const customerId = parseInt(req.params.customerId);
const doc = await customerService.createDocument(customerId, req.body);
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'IdentityDocument',
resourceId: doc.id.toString(),
label: `Ausweis hinzugefügt für Kunde #${customerId}`,
customerId,
});
res.status(201).json({ success: true, data: doc });
}
catch (error) {
@@ -270,7 +479,62 @@ async function createDocument(req, res) {
}
async function updateDocument(req, res) {
try {
const doc = await customerService.updateDocument(parseInt(req.params.id), req.body);
const docId = parseInt(req.params.id);
const data = req.body;
// Vorherigen Stand laden für Audit
const before = await prisma_js_1.default.identityDocument.findUnique({ where: { id: docId } });
const doc = await customerService.updateDocument(docId, data);
const customerId = doc.customerId;
// Audit: Geänderte Felder ermitteln und loggen
if (before) {
const changes = {};
const fieldLabels = {
type: 'Dokumenttyp', documentNumber: 'Dokumentnummer',
issuingAuthority: 'Ausstellungsbehörde', issueDate: 'Ausstellungsdatum',
expiryDate: 'Ablaufdatum', isActive: 'Aktiv', licenseClasses: 'Führerscheinklassen',
};
for (const [key, newVal] of Object.entries(data)) {
if (['id', 'createdAt', 'updatedAt'].includes(key))
continue;
const oldVal = before[key];
const norm = (v) => {
if (v === null || v === undefined || v === '')
return null;
if (v instanceof Date)
return v.toISOString().split('T')[0];
return v;
};
if (JSON.stringify(norm(oldVal)) !== JSON.stringify(norm(newVal))) {
const label = fieldLabels[key] || key;
const formatVal = (v) => {
if (v === null || v === undefined || v === '')
return '-';
if (v instanceof Date)
return v.toLocaleDateString('de-DE', { day: '2-digit', month: '2-digit', year: 'numeric' });
if (typeof v === 'boolean')
return v ? 'Ja' : 'Nein';
return String(v);
};
changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) };
}
}
const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von}${c.nach}`).join(', ');
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'IdentityDocument',
resourceId: doc.id.toString(),
label: changeList ? `Ausweis aktualisiert für Kunde #${customerId}: ${changeList}` : `Ausweis aktualisiert für Kunde #${customerId}`,
details: Object.keys(changes).length > 0 ? changes : undefined,
customerId,
});
}
else {
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'IdentityDocument',
resourceId: doc.id.toString(),
label: `Ausweis aktualisiert für Kunde #${customerId}`,
customerId,
});
}
res.json({ success: true, data: doc });
}
catch (error) {
@@ -282,7 +546,16 @@ async function updateDocument(req, res) {
}
async function deleteDocument(req, res) {
try {
await customerService.deleteDocument(parseInt(req.params.id));
const docId = parseInt(req.params.id);
const doc = await prisma_js_1.default.identityDocument.findUnique({ where: { id: docId }, select: { customerId: true } });
const customerId = doc?.customerId;
await customerService.deleteDocument(docId);
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'IdentityDocument',
resourceId: docId.toString(),
label: `Ausweis gelöscht für Kunde #${customerId}`,
customerId: customerId ?? undefined,
});
res.json({ success: true, message: 'Ausweis gelöscht' });
}
catch (error) {
@@ -305,7 +578,14 @@ async function getMeters(req, res) {
}
async function createMeter(req, res) {
try {
const meter = await customerService.createMeter(parseInt(req.params.customerId), req.body);
const customerId = parseInt(req.params.customerId);
const meter = await customerService.createMeter(customerId, req.body);
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'Meter',
resourceId: meter.id.toString(),
label: `Zähler angelegt für Kunde #${customerId}`,
customerId,
});
res.status(201).json({ success: true, data: meter });
}
catch (error) {
@@ -317,7 +597,52 @@ async function createMeter(req, res) {
}
async function updateMeter(req, res) {
try {
const meter = await customerService.updateMeter(parseInt(req.params.id), req.body);
const meterId = parseInt(req.params.id);
const data = req.body;
// Vorherigen Stand laden für Audit
const before = await prisma_js_1.default.meter.findUnique({ where: { id: meterId } });
const meter = await customerService.updateMeter(meterId, data);
const customerId = meter.customerId;
// Audit: Geänderte Felder ermitteln und loggen
if (before) {
const changes = {};
const fieldLabels = {
meterNumber: 'Zählernummer', type: 'Typ', tariffModel: 'Tarifmodell',
location: 'Standort', isActive: 'Aktiv',
};
for (const [key, newVal] of Object.entries(data)) {
if (['id', 'createdAt', 'updatedAt'].includes(key))
continue;
const oldVal = before[key];
const norm = (v) => (v === null || v === undefined || v === '' ? null : v);
if (JSON.stringify(norm(oldVal)) !== JSON.stringify(norm(newVal))) {
const label = fieldLabels[key] || key;
const formatVal = (v) => {
if (v === null || v === undefined || v === '')
return '-';
if (typeof v === 'boolean')
return v ? 'Ja' : 'Nein';
return String(v);
};
changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) };
}
}
const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von}${c.nach}`).join(', ');
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'Meter',
resourceId: meter.id.toString(),
label: changeList ? `Zähler aktualisiert: ${changeList}` : `Zähler aktualisiert`,
details: Object.keys(changes).length > 0 ? changes : undefined,
customerId,
});
}
else {
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'Meter',
resourceId: meter.id.toString(),
label: `Zähler aktualisiert`,
});
}
res.json({ success: true, data: meter });
}
catch (error) {
@@ -329,7 +654,13 @@ async function updateMeter(req, res) {
}
async function deleteMeter(req, res) {
try {
await customerService.deleteMeter(parseInt(req.params.id));
const meterId = parseInt(req.params.id);
await customerService.deleteMeter(meterId);
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'Meter',
resourceId: meterId.toString(),
label: `Zähler gelöscht`,
});
res.json({ success: true, message: 'Zähler gelöscht' });
}
catch (error) {
@@ -352,13 +683,28 @@ async function getMeterReadings(req, res) {
async function addMeterReading(req, res) {
try {
const { readingDate, value, valueNt, unit, notes } = req.body;
const reading = await customerService.addMeterReading(parseInt(req.params.meterId), {
const meterId = parseInt(req.params.meterId);
const reading = await customerService.addMeterReading(meterId, {
readingDate: new Date(readingDate),
value: parseFloat(value),
valueNt: valueNt !== undefined && valueNt !== null && valueNt !== '' ? parseFloat(valueNt) : undefined,
unit,
notes,
});
// Audit: Zählerstand mit Kontext loggen
const meter = await prisma_js_1.default.meter.findUnique({
where: { id: meterId },
select: { meterNumber: true, customer: { select: { id: true, firstName: true, lastName: true } } },
});
if (meter) {
const ntInfo = valueNt ? ` / NT: ${parseFloat(valueNt)}` : '';
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'MeterReading',
label: `Zählerstand ${parseFloat(value)}${ntInfo} ${unit || 'kWh'} für Zähler ${meter.meterNumber} erfasst (${meter.customer.firstName} ${meter.customer.lastName})`,
details: { zähler: meter.meterNumber, stand: parseFloat(value), datum: readingDate },
customerId: meter.customer.id,
});
}
res.status(201).json({ success: true, data: reading });
}
catch (error) {
@@ -383,6 +729,11 @@ async function updateMeterReading(req, res) {
if (notes !== undefined)
updateData.notes = notes;
const reading = await customerService.updateMeterReading(parseInt(req.params.meterId), parseInt(req.params.readingId), updateData);
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'MeterReading',
resourceId: reading.id.toString(),
label: `Zählerstand aktualisiert`,
});
res.json({ success: true, data: reading });
}
catch (error) {
@@ -394,7 +745,13 @@ async function updateMeterReading(req, res) {
}
async function deleteMeterReading(req, res) {
try {
await customerService.deleteMeterReading(parseInt(req.params.meterId), parseInt(req.params.readingId));
const readingId = parseInt(req.params.readingId);
await customerService.deleteMeterReading(parseInt(req.params.meterId), readingId);
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'MeterReading',
resourceId: readingId.toString(),
label: `Zählerstand gelöscht`,
});
res.json({ success: true, data: null });
}
catch (error) {
@@ -415,7 +772,7 @@ async function reportMeterReading(req, res) {
const meterId = parseInt(req.params.meterId);
const { value, readingDate, notes } = req.body;
// Prüfe ob der Zähler zum Kunden gehört
const meter = await prisma.meter.findUnique({
const meter = await prisma_js_1.default.meter.findUnique({
where: { id: meterId },
select: { customerId: true },
});
@@ -432,10 +789,18 @@ async function reportMeterReading(req, res) {
notes,
});
// Status auf REPORTED setzen
await prisma.meterReading.update({
await prisma_js_1.default.meterReading.update({
where: { id: reading.id },
data: { reportedBy: user.email, status: 'REPORTED' },
});
// Audit
const meterInfo = await prisma_js_1.default.meter.findUnique({ where: { id: meterId }, select: { meterNumber: true } });
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'MeterReading',
label: `Zählerstand ${parsedValue} gemeldet (Zähler ${meterInfo?.meterNumber || meterId})`,
details: { zähler: meterInfo?.meterNumber, stand: parsedValue, datum: parsedDate.toISOString() },
customerId: user.customerId,
});
res.status(201).json({ success: true, data: reading });
}
catch (error) {
@@ -452,7 +817,7 @@ async function getMyMeters(req, res) {
res.status(403).json({ success: false, error: 'Nur für Kundenportal-Benutzer' });
return;
}
const meters = await prisma.meter.findMany({
const meters = await prisma_js_1.default.meter.findMany({
where: { customerId: user.customerId, isActive: true },
include: {
readings: {
@@ -472,7 +837,7 @@ async function markReadingTransferred(req, res) {
try {
const meterId = parseInt(req.params.meterId);
const readingId = parseInt(req.params.readingId);
const reading = await prisma.meterReading.update({
const reading = await prisma_js_1.default.meterReading.update({
where: { id: readingId },
data: {
status: 'TRANSFERRED',
@@ -480,6 +845,11 @@ async function markReadingTransferred(req, res) {
transferredBy: req.user?.email,
},
});
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'MeterReading',
resourceId: readingId.toString(),
label: `Zählerstand als übertragen markiert`,
});
res.json({ success: true, data: reading });
}
catch (error) {
@@ -518,11 +888,58 @@ async function getPortalSettings(req, res) {
}
async function updatePortalSettings(req, res) {
try {
const customerId = parseInt(req.params.customerId);
const { portalEnabled, portalEmail } = req.body;
const settings = await customerService.updatePortalSettings(parseInt(req.params.customerId), {
// Vorherigen Stand laden für Audit
const before = await prisma_js_1.default.customer.findUnique({
where: { id: customerId },
select: { portalEnabled: true, portalEmail: true },
});
const settings = await customerService.updatePortalSettings(customerId, {
portalEnabled,
portalEmail,
});
// Audit: Geänderte Felder ermitteln und loggen
const data = { portalEnabled, portalEmail };
if (before) {
const changes = {};
const fieldLabels = {
portalEnabled: 'Portal aktiv', portalEmail: 'Portal-E-Mail',
};
for (const [key, newVal] of Object.entries(data)) {
if (newVal === undefined)
continue;
const oldVal = before[key];
const norm = (v) => (v === null || v === undefined || v === '' ? null : v);
if (JSON.stringify(norm(oldVal)) !== JSON.stringify(norm(newVal))) {
const label = fieldLabels[key] || key;
const formatVal = (v) => {
if (v === null || v === undefined || v === '')
return '-';
if (typeof v === 'boolean')
return v ? 'Ja' : 'Nein';
return String(v);
};
changes[label] = { von: formatVal(oldVal), nach: formatVal(newVal) };
}
}
const changeList = Object.entries(changes).map(([f, c]) => `${f}: ${c.von}${c.nach}`).join(', ');
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'PortalSettings',
resourceId: customerId.toString(),
label: changeList ? `Portal-Einstellungen aktualisiert für Kunde #${customerId}: ${changeList}` : `Portal-Einstellungen aktualisiert für Kunde #${customerId}`,
details: Object.keys(changes).length > 0 ? changes : undefined,
customerId,
});
}
else {
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'PortalSettings',
resourceId: customerId.toString(),
label: `Portal-Einstellungen aktualisiert für Kunde #${customerId}`,
customerId,
});
}
res.json({ success: true, data: settings });
}
catch (error) {
@@ -542,7 +959,14 @@ async function setPortalPassword(req, res) {
});
return;
}
await authService.setCustomerPortalPassword(parseInt(req.params.customerId), password);
const customerId = parseInt(req.params.customerId);
await authService.setCustomerPortalPassword(customerId, password);
await (0, audit_service_js_1.logChange)({
req, action: 'UPDATE', resourceType: 'PortalSettings',
resourceId: customerId.toString(),
label: `Portal-Passwort gesetzt für Kunde #${customerId}`,
customerId,
});
res.json({ success: true, message: 'Passwort gesetzt' });
}
catch (error) {
@@ -580,8 +1004,15 @@ async function getRepresentatives(req, res) {
}
async function addRepresentative(req, res) {
try {
const customerId = parseInt(req.params.customerId);
const { representativeId, notes } = req.body;
const representative = await customerService.addRepresentative(parseInt(req.params.customerId), parseInt(representativeId), notes);
const representative = await customerService.addRepresentative(customerId, parseInt(representativeId), notes);
await (0, audit_service_js_1.logChange)({
req, action: 'CREATE', resourceType: 'Representative',
resourceId: representative.id.toString(),
label: `Vertreter hinzugefügt für Kunde #${customerId}`,
customerId,
});
res.status(201).json({ success: true, data: representative });
}
catch (error) {
@@ -593,7 +1024,13 @@ async function addRepresentative(req, res) {
}
async function removeRepresentative(req, res) {
try {
await customerService.removeRepresentative(parseInt(req.params.customerId), parseInt(req.params.representativeId));
const customerId = parseInt(req.params.customerId);
await customerService.removeRepresentative(customerId, parseInt(req.params.representativeId));
await (0, audit_service_js_1.logChange)({
req, action: 'DELETE', resourceType: 'Representative',
label: `Vertreter entfernt für Kunde #${customerId}`,
customerId,
});
res.json({ success: true, message: 'Vertreter entfernt' });
}
catch (error) {