"use server"; import {auth} from "@/auth"; import {prisma} from "@/lib/db/prisma"; import {revalidatePath} from "next/cache"; import {z} from "zod"; export type StaffActionResult = {success: boolean; error?: string; id?: string; tempPassword?: string}; // ───────────────────────────────────────────────────────── // Invite Staff — create User + Membership // ───────────────────────────────────────────────────────── const inviteStaffSchema = z.object({ tenantSlug: z.string().min(1), firstName: z.string().min(1, "First name is required"), lastName: z.string().optional(), email: z.string().email("Valid email is required"), role: z.enum(["COMPANY_ADMIN", "COMPANY_STAFF"]) }); export async function inviteStaff(formData: FormData): Promise { const session = await auth(); if (!session?.user?.id) return {success: false, error: "Unauthorized"}; const raw = Object.fromEntries(formData.entries()); const parsed = inviteStaffSchema.safeParse(raw); if (!parsed.success) { return {success: false, error: parsed.error.issues[0]?.message ?? "Validation error"}; } const d = parsed.data; const tenant = await prisma.tenant.findUnique({where: {slug: d.tenantSlug}}); if (!tenant) return {success: false, error: "Tenant not found"}; try { const bcrypt = await import("bcrypt"); const tempPassword = Math.random().toString(36).slice(-8) + "Aa1!"; const passwordHash = await bcrypt.hash(tempPassword, 12); // Check if user with email already exists let user = await prisma.user.findUnique({where: {email: d.email.toLowerCase()}}); if (!user) { user = await prisma.user.create({ data: { email: d.email.toLowerCase(), firstName: d.firstName, lastName: d.lastName ?? null, name: `${d.firstName} ${d.lastName ?? ""}`.trim(), passwordHash, status: "ACTIVE" } }); } // Create membership (upsert) const existing = await prisma.membership.findFirst({ where: {tenantId: tenant.id, userId: user.id} }); if (existing) { return {success: false, error: "This user is already a member of your company"}; } const membership = await prisma.membership.create({ data: { tenantId: tenant.id, userId: user.id, role: d.role, isDefault: false } }); revalidatePath(`/company/${d.tenantSlug}/staff`); return {success: true, id: membership.id, tempPassword}; } catch (err: unknown) { const message = err instanceof Error ? err.message : "Unknown error"; return {success: false, error: "Failed to invite staff: " + message}; } } // ───────────────────────────────────────────────────────── // Update Staff Role // ───────────────────────────────────────────────────────── export async function updateStaffRole( membershipId: string, tenantSlug: string, role: "COMPANY_ADMIN" | "COMPANY_STAFF" ): Promise { const session = await auth(); if (!session?.user?.id) return {success: false, error: "Unauthorized"}; try { await prisma.membership.update({ where: {id: membershipId}, data: {role} }); revalidatePath(`/company/${tenantSlug}/staff`); return {success: true}; } catch (err: unknown) { const message = err instanceof Error ? err.message : "Unknown error"; return {success: false, error: "Failed to update role: " + message}; } } // ───────────────────────────────────────────────────────── // Disable Staff // ───────────────────────────────────────────────────────── export async function disableStaff(membershipId: string, tenantSlug: string): Promise { const session = await auth(); if (!session?.user?.id) return {success: false, error: "Unauthorized"}; try { const membership = await prisma.membership.findUnique({ where: {id: membershipId}, select: {userId: true} }); if (!membership) return {success: false, error: "Membership not found"}; await prisma.user.update({ where: {id: membership.userId}, data: {status: "DISABLED"} }); revalidatePath(`/company/${tenantSlug}/staff`); return {success: true}; } catch (err: unknown) { const message = err instanceof Error ? err.message : "Unknown error"; return {success: false, error: "Failed to disable staff: " + message}; } }