b34500ad31
Conflation: paliad.users.role was simultaneously job title (display only)
and global permission ('role=admin' checks across Go/SQL/JS). m wanted
to set his real job title ('Counsel Knowledge Lawyer') without losing
admin access — the t-paliad-050 admin-team UI even rejected role='admin'
on edit, so any UI-driven update silently demoted m.
Per m's three-axis principle ("firm roles are not project roles are not
tool roles"), this lands TWO orthogonal columns:
* paliad.users.job_title — free text, NULL allowed, display only.
NEVER gates anything in code or SQL.
* paliad.users.global_role — CHECK ('standard'|'global_admin'),
default 'standard'. The only thing that gates ops.
Migration 023:
* Drops NOT NULL + 'associate' default off the legacy role column
* Promotes role='admin' rows to global_role='global_admin'; clears
their role text; sets m's job_title='Counsel Knowledge Lawyer'
* Renames role -> job_title with CHECK (job_title IS NULL OR <> '')
* Replaces can_see_project body with global_role='global_admin'
* CASCADE-rebuilds every RLS policy under canonical English names —
with the historic u.role IN ('partner','admin') gates simplified
to u.global_role='global_admin' only (job_title NEVER gates)
Code surface:
* internal/models/models.go: User.Role -> User.JobTitle (*string) +
User.GlobalRole (string)
* internal/services/user_service.go: bootstrap (first row promoted to
global_admin via pg_advisory_xact_lock(7346298141), unchanged constant);
UpdateProfile drops role, accepts job_title only; AdminUpdateUser adds
global_role with last-admin demotion guard (ErrLastGlobalAdmin);
IsAdmin reads global_role
* Other services (dashboard/agenda/appointment/project/deadline/
department/party/note/checklist_instance): pass user.GlobalRole into
visibility predicates; partner-or-admin gates simplified to
global_admin only
* Handlers: drop now-impossible ErrAdminBootstrapOnly cases;
admin_users handles ErrLastGlobalAdmin -> 409
* department_service: SQL u.role -> u.job_title, DepartmentMember.Role
-> JobTitle (*string)
Frontend:
* /api/me + Me interfaces ship {job_title, global_role}
* Onboarding form: 'Berufsbezeichnung / Job title' (job_title)
* Settings + admin-team forms: same renames + i18n updates
* Admin-team: new 'Berechtigung / Permission' column with
'Standard'|'Global Admin' badge + dropdown editor; last-admin
demotion guard at the UI layer
* Sidebar admin-section reveal: me.global_role==='global_admin'
* deadlines/deadlines-detail/projects-detail/notes: partner-as-permission
gates dropped, only global_admin grants those operations
Tests:
* user_service_test: bootstrap promotes first user to global_admin,
subsequent default to standard; AdminUpdateUser refuses to demote
the last global_admin; IsAdmin reads global_role
Migration applied to ydb 2026-04-27. Live state verified:
* m: job_title='Counsel Knowledge Lawyer', global_role='global_admin'
* tester: job_title=NULL, global_role='global_admin'
* 29 stub colleagues: job_title='associate', global_role='standard'
613 lines
20 KiB
Go
613 lines
20 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/jmoiron/sqlx"
|
|
|
|
"mgit.msbls.de/m/patholo/internal/models"
|
|
)
|
|
|
|
// AppointmentService reads and writes paliad.appointments.
|
|
//
|
|
// Visibility:
|
|
// - project_id IS NULL → personal Appointment, visible/editable only to created_by
|
|
// - project_id IS NOT NULL → follows ProjectService.GetByID team gate
|
|
//
|
|
// Audit: Project-attached mutations append project_events rows. Personal
|
|
// Appointments never touch project_events.
|
|
//
|
|
// CalDAV: optional hook (AppointmentCalDAVPusher) is called best-effort after
|
|
// each mutation.
|
|
type AppointmentService struct {
|
|
db *sqlx.DB
|
|
projects *ProjectService
|
|
|
|
caldav AppointmentCalDAVPusher
|
|
}
|
|
|
|
// AppointmentCalDAVPusher is the contract the CalDAV service implements so the
|
|
// AppointmentService can push individual appointment changes without importing the
|
|
// caldav package directly.
|
|
type AppointmentCalDAVPusher interface {
|
|
OnTerminCreated(ctx context.Context, userID uuid.UUID, t *models.Appointment)
|
|
OnTerminUpdated(ctx context.Context, userID uuid.UUID, t *models.Appointment)
|
|
OnTerminDeleted(ctx context.Context, userID uuid.UUID, t *models.Appointment)
|
|
}
|
|
|
|
func NewAppointmentService(db *sqlx.DB, projects *ProjectService) *AppointmentService {
|
|
return &AppointmentService{db: db, projects: projects}
|
|
}
|
|
|
|
// SetCalDAVPusher wires an optional CalDAV push hook.
|
|
func (s *AppointmentService) SetCalDAVPusher(p AppointmentCalDAVPusher) {
|
|
s.caldav = p
|
|
}
|
|
|
|
const terminColumns = `id, project_id, title, description, start_at, end_at,
|
|
location, appointment_type, caldav_uid, caldav_etag, created_by,
|
|
created_at, updated_at`
|
|
|
|
// CreateTerminInput is the payload for POST /api/appointments.
|
|
type CreateTerminInput struct {
|
|
ProjectID *uuid.UUID `json:"project_id,omitempty"`
|
|
Title string `json:"title"`
|
|
Description *string `json:"description,omitempty"`
|
|
StartAt time.Time `json:"start_at"`
|
|
EndAt *time.Time `json:"end_at,omitempty"`
|
|
Location *string `json:"location,omitempty"`
|
|
AppointmentType *string `json:"appointment_type,omitempty"`
|
|
}
|
|
|
|
// UpdateTerminInput is the partial-update payload for PATCH /api/appointments/{id}.
|
|
type UpdateTerminInput struct {
|
|
Title *string `json:"title,omitempty"`
|
|
Description *string `json:"description,omitempty"`
|
|
StartAt *time.Time `json:"start_at,omitempty"`
|
|
EndAt *time.Time `json:"end_at,omitempty"`
|
|
Location *string `json:"location,omitempty"`
|
|
AppointmentType *string `json:"appointment_type,omitempty"`
|
|
}
|
|
|
|
// AppointmentListFilter narrows ListVisibleForUser results.
|
|
type AppointmentListFilter struct {
|
|
ProjectID *uuid.UUID
|
|
From *time.Time
|
|
To *time.Time
|
|
Type *string
|
|
}
|
|
|
|
// ListVisibleForUser returns all Appointments the user can see (personal +
|
|
// Project-attached they have visibility for), ordered by start_at ascending.
|
|
func (s *AppointmentService) ListVisibleForUser(ctx context.Context, userID uuid.UUID, filter AppointmentListFilter) ([]models.AppointmentWithProject, error) {
|
|
user, err := s.users().GetByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user == nil {
|
|
return []models.AppointmentWithProject{}, nil
|
|
}
|
|
|
|
visibility := `(
|
|
(t.project_id IS NULL AND t.created_by = :user_id)
|
|
OR (t.project_id IS NOT NULL AND ` + visibilityPredicate("p") + `)
|
|
)`
|
|
conds := []string{visibility}
|
|
args := map[string]any{
|
|
"user_id": userID,
|
|
"role": user.GlobalRole,
|
|
}
|
|
|
|
if filter.ProjectID != nil {
|
|
conds = append(conds, `t.project_id = :project_id`)
|
|
args["project_id"] = *filter.ProjectID
|
|
}
|
|
if filter.From != nil {
|
|
conds = append(conds, `t.start_at >= :from`)
|
|
args["from"] = *filter.From
|
|
}
|
|
if filter.To != nil {
|
|
conds = append(conds, `t.start_at <= :to`)
|
|
args["to"] = *filter.To
|
|
}
|
|
if filter.Type != nil {
|
|
if !isValidAppointmentType(*filter.Type) {
|
|
return nil, fmt.Errorf("%w: invalid appointment_type %q", ErrInvalidInput, *filter.Type)
|
|
}
|
|
conds = append(conds, `t.appointment_type = :type`)
|
|
args["type"] = *filter.Type
|
|
}
|
|
|
|
query := `
|
|
SELECT t.id, t.project_id, t.title, t.description, t.start_at, t.end_at,
|
|
t.location, t.appointment_type, t.caldav_uid, t.caldav_etag,
|
|
t.created_by, t.created_at, t.updated_at,
|
|
p.reference AS project_reference,
|
|
p.title AS project_title,
|
|
p.type AS project_type
|
|
FROM paliad.appointments t
|
|
LEFT JOIN paliad.projects p ON p.id = t.project_id
|
|
WHERE ` + strings.Join(conds, " AND ") + `
|
|
ORDER BY t.start_at ASC, t.created_at DESC`
|
|
|
|
stmt, err := s.db.PrepareNamedContext(ctx, query)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("prepare list appointments: %w", err)
|
|
}
|
|
defer stmt.Close()
|
|
|
|
rows := []models.AppointmentWithProject{}
|
|
if err := stmt.SelectContext(ctx, &rows, args); err != nil {
|
|
return nil, fmt.Errorf("list appointments: %w", err)
|
|
}
|
|
return rows, nil
|
|
}
|
|
|
|
// ListForProjekt returns Appointments for a specific Project, visibility-checked.
|
|
func (s *AppointmentService) ListForProjekt(ctx context.Context, userID, projektID uuid.UUID) ([]models.Appointment, error) {
|
|
if _, err := s.projects.GetByID(ctx, userID, projektID); err != nil {
|
|
return nil, err
|
|
}
|
|
rows := []models.Appointment{}
|
|
if err := s.db.SelectContext(ctx, &rows,
|
|
`SELECT `+terminColumns+`
|
|
FROM paliad.appointments
|
|
WHERE project_id = $1
|
|
ORDER BY start_at ASC, created_at DESC`, projektID); err != nil {
|
|
return nil, fmt.Errorf("list appointments for project: %w", err)
|
|
}
|
|
return rows, nil
|
|
}
|
|
|
|
// GetByID returns a single Appointment if the user has visibility.
|
|
func (s *AppointmentService) GetByID(ctx context.Context, userID, terminID uuid.UUID) (*models.Appointment, error) {
|
|
var t models.Appointment
|
|
err := s.db.GetContext(ctx, &t,
|
|
`SELECT `+terminColumns+` FROM paliad.appointments WHERE id = $1`, terminID)
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
return nil, ErrNotVisible
|
|
}
|
|
if err != nil {
|
|
return nil, fmt.Errorf("fetch appointment: %w", err)
|
|
}
|
|
|
|
if !s.canSee(ctx, userID, &t) {
|
|
return nil, ErrNotVisible
|
|
}
|
|
return &t, nil
|
|
}
|
|
|
|
// requireMutationRole enforces the partner/admin gate on Project-linked
|
|
// Appointment mutations. The Appointment's own creator is also allowed.
|
|
func (s *AppointmentService) requireMutationRole(ctx context.Context, userID uuid.UUID, t *models.Appointment) error {
|
|
if t.CreatedBy != nil && *t.CreatedBy == userID {
|
|
return nil
|
|
}
|
|
user, err := s.users().GetByID(ctx, userID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if user == nil {
|
|
return ErrNotVisible
|
|
}
|
|
if user.GlobalRole != "global_admin" {
|
|
return fmt.Errorf("%w: only partners/admins can modify Appointments on a Project", ErrForbidden)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// canSee mirrors the SELECT visibility predicate for one in-memory Appointment.
|
|
func (s *AppointmentService) canSee(ctx context.Context, userID uuid.UUID, t *models.Appointment) bool {
|
|
if t.ProjectID == nil {
|
|
return t.CreatedBy != nil && *t.CreatedBy == userID
|
|
}
|
|
_, err := s.projects.GetByID(ctx, userID, *t.ProjectID)
|
|
return err == nil
|
|
}
|
|
|
|
// Create inserts a Appointment. If project_id is set, ProjectService visibility
|
|
// is enforced and the Project's audit trail records the new appointment.
|
|
func (s *AppointmentService) Create(ctx context.Context, userID uuid.UUID, input CreateTerminInput) (*models.Appointment, error) {
|
|
title := strings.TrimSpace(input.Title)
|
|
if title == "" {
|
|
return nil, fmt.Errorf("%w: title is required", ErrInvalidInput)
|
|
}
|
|
if input.StartAt.IsZero() {
|
|
return nil, fmt.Errorf("%w: start_at is required", ErrInvalidInput)
|
|
}
|
|
if input.EndAt != nil && input.EndAt.Before(input.StartAt) {
|
|
return nil, fmt.Errorf("%w: end_at must be after start_at", ErrInvalidInput)
|
|
}
|
|
if input.AppointmentType != nil && *input.AppointmentType != "" && !isValidAppointmentType(*input.AppointmentType) {
|
|
return nil, fmt.Errorf("%w: invalid appointment_type %q", ErrInvalidInput, *input.AppointmentType)
|
|
}
|
|
|
|
if input.ProjectID != nil {
|
|
if _, err := s.projects.GetByID(ctx, userID, *input.ProjectID); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
id := uuid.New()
|
|
now := time.Now().UTC()
|
|
|
|
tx, err := s.db.BeginTxx(ctx, nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("begin tx: %w", err)
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
if _, err := tx.ExecContext(ctx,
|
|
`INSERT INTO paliad.appointments
|
|
(id, project_id, title, description, start_at, end_at, location,
|
|
appointment_type, created_by, created_at, updated_at)
|
|
VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $10)`,
|
|
id, input.ProjectID, title, input.Description, input.StartAt.UTC(),
|
|
nullableUTC(input.EndAt), input.Location, input.AppointmentType, userID, now,
|
|
); err != nil {
|
|
return nil, fmt.Errorf("insert appointment: %w", err)
|
|
}
|
|
|
|
if input.ProjectID != nil {
|
|
desc := fmt.Sprintf("Appointment \u201E%s\u201C angelegt", title)
|
|
descPtr := &desc
|
|
if err := insertProjectEvent(ctx, tx, *input.ProjectID, userID, "appointment_created", "Appointment created", descPtr); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if err := tx.Commit(); err != nil {
|
|
return nil, fmt.Errorf("commit insert appointment: %w", err)
|
|
}
|
|
|
|
t, err := s.GetByID(ctx, userID, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if s.caldav != nil {
|
|
s.caldav.OnTerminCreated(ctx, userID, t)
|
|
}
|
|
return t, nil
|
|
}
|
|
|
|
// Update applies a partial update.
|
|
func (s *AppointmentService) Update(ctx context.Context, userID, terminID uuid.UUID, input UpdateTerminInput) (*models.Appointment, error) {
|
|
current, err := s.GetByID(ctx, userID, terminID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if current.ProjectID == nil {
|
|
if current.CreatedBy == nil || *current.CreatedBy != userID {
|
|
return nil, fmt.Errorf("%w: only the creator can edit a personal Appointment", ErrForbidden)
|
|
}
|
|
} else if err := s.requireMutationRole(ctx, userID, current); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
sets := []string{}
|
|
args := []any{}
|
|
next := 1
|
|
appendSet := func(col string, val any) {
|
|
sets = append(sets, fmt.Sprintf("%s = $%d", col, next))
|
|
args = append(args, val)
|
|
next++
|
|
}
|
|
|
|
if input.Title != nil {
|
|
title := strings.TrimSpace(*input.Title)
|
|
if title == "" {
|
|
return nil, fmt.Errorf("%w: title cannot be empty", ErrInvalidInput)
|
|
}
|
|
appendSet("title", title)
|
|
}
|
|
if input.Description != nil {
|
|
appendSet("description", *input.Description)
|
|
}
|
|
if input.StartAt != nil {
|
|
appendSet("start_at", input.StartAt.UTC())
|
|
}
|
|
if input.EndAt != nil {
|
|
appendSet("end_at", input.EndAt.UTC())
|
|
}
|
|
if input.Location != nil {
|
|
appendSet("location", *input.Location)
|
|
}
|
|
if input.AppointmentType != nil {
|
|
if *input.AppointmentType != "" && !isValidAppointmentType(*input.AppointmentType) {
|
|
return nil, fmt.Errorf("%w: invalid appointment_type %q", ErrInvalidInput, *input.AppointmentType)
|
|
}
|
|
appendSet("appointment_type", *input.AppointmentType)
|
|
}
|
|
if len(sets) == 0 {
|
|
return current, nil
|
|
}
|
|
appendSet("updated_at", time.Now().UTC())
|
|
args = append(args, terminID)
|
|
|
|
query := fmt.Sprintf("UPDATE paliad.appointments SET %s WHERE id = $%d",
|
|
strings.Join(sets, ", "), next)
|
|
|
|
tx, err := s.db.BeginTxx(ctx, nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("begin tx: %w", err)
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
|
|
return nil, fmt.Errorf("update appointment: %w", err)
|
|
}
|
|
|
|
if current.ProjectID != nil {
|
|
desc := fmt.Sprintf("Appointment \u201E%s\u201C ge\u00e4ndert", current.Title)
|
|
descPtr := &desc
|
|
if err := insertProjectEvent(ctx, tx, *current.ProjectID, userID, "appointment_updated", "Appointment updated", descPtr); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if err := tx.Commit(); err != nil {
|
|
return nil, fmt.Errorf("commit update appointment: %w", err)
|
|
}
|
|
t, err := s.GetByID(ctx, userID, terminID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if s.caldav != nil {
|
|
s.caldav.OnTerminUpdated(ctx, userID, t)
|
|
}
|
|
return t, nil
|
|
}
|
|
|
|
// Delete removes a Appointment.
|
|
func (s *AppointmentService) Delete(ctx context.Context, userID, terminID uuid.UUID) error {
|
|
current, err := s.GetByID(ctx, userID, terminID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if current.ProjectID == nil {
|
|
if current.CreatedBy == nil || *current.CreatedBy != userID {
|
|
return fmt.Errorf("%w: only the creator can delete a personal Appointment", ErrForbidden)
|
|
}
|
|
} else if err := s.requireMutationRole(ctx, userID, current); err != nil {
|
|
return err
|
|
}
|
|
|
|
tx, err := s.db.BeginTxx(ctx, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("begin tx: %w", err)
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
if _, err := tx.ExecContext(ctx,
|
|
`DELETE FROM paliad.appointments WHERE id = $1`, terminID); err != nil {
|
|
return fmt.Errorf("delete appointment: %w", err)
|
|
}
|
|
if current.ProjectID != nil {
|
|
desc := fmt.Sprintf("Appointment \u201E%s\u201C gel\u00f6scht", current.Title)
|
|
descPtr := &desc
|
|
if err := insertProjectEvent(ctx, tx, *current.ProjectID, userID, "appointment_deleted", "Appointment deleted", descPtr); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
if err := tx.Commit(); err != nil {
|
|
return fmt.Errorf("commit delete appointment: %w", err)
|
|
}
|
|
if s.caldav != nil {
|
|
s.caldav.OnTerminDeleted(ctx, userID, current)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AppointmentSummaryCounts buckets visible Appointments into today / this_week / later.
|
|
type AppointmentSummaryCounts struct {
|
|
Today int `json:"today" db:"today"`
|
|
ThisWeek int `json:"this_week" db:"this_week"`
|
|
Later int `json:"later" db:"later"`
|
|
Total int `json:"total" db:"total"`
|
|
}
|
|
|
|
// SummaryCounts aggregates Appointments by start-date bucket for the user's visible projects.
|
|
func (s *AppointmentService) SummaryCounts(ctx context.Context, userID uuid.UUID) (*AppointmentSummaryCounts, error) {
|
|
user, err := s.users().GetByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user == nil {
|
|
return &AppointmentSummaryCounts{}, nil
|
|
}
|
|
now := time.Now().UTC()
|
|
today := time.Date(now.Year(), now.Month(), now.Day(), 0, 0, 0, 0, time.UTC)
|
|
tomorrow := today.AddDate(0, 0, 1)
|
|
endOfWeek := today.AddDate(0, 0, 7)
|
|
|
|
query := `
|
|
SELECT
|
|
COUNT(*) FILTER (WHERE t.start_at >= :today AND t.start_at < :tomorrow) AS today,
|
|
COUNT(*) FILTER (WHERE t.start_at >= :tomorrow AND t.start_at < :endweek) AS this_week,
|
|
COUNT(*) FILTER (WHERE t.start_at >= :endweek) AS later,
|
|
COUNT(*) FILTER (WHERE t.start_at >= :today) AS total
|
|
FROM paliad.appointments t
|
|
LEFT JOIN paliad.projects p ON p.id = t.project_id
|
|
WHERE
|
|
(t.project_id IS NULL AND t.created_by = :user_id)
|
|
OR (t.project_id IS NOT NULL AND ` + visibilityPredicate("p") + `)`
|
|
|
|
stmt, err := s.db.PrepareNamedContext(ctx, query)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("prepare appointment summary: %w", err)
|
|
}
|
|
defer stmt.Close()
|
|
|
|
var c AppointmentSummaryCounts
|
|
if err := stmt.GetContext(ctx, &c, map[string]any{
|
|
"today": today,
|
|
"tomorrow": tomorrow,
|
|
"endweek": endOfWeek,
|
|
"user_id": userID,
|
|
"role": user.GlobalRole,
|
|
}); err != nil {
|
|
return nil, fmt.Errorf("appointment summary: %w", err)
|
|
}
|
|
return &c, nil
|
|
}
|
|
|
|
// SetCalDAVMeta is called by the CalDAV service after a successful push.
|
|
func (s *AppointmentService) SetCalDAVMeta(ctx context.Context, terminID uuid.UUID, uid, etag string) error {
|
|
_, err := s.db.ExecContext(ctx,
|
|
`UPDATE paliad.appointments
|
|
SET caldav_uid = $1, caldav_etag = $2, updated_at = NOW()
|
|
WHERE id = $3`, uid, etag, terminID)
|
|
if err != nil {
|
|
return fmt.Errorf("update appointment caldav meta: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AllForUser returns every Appointment (personal + visible Project-attached) the
|
|
// user owns. Used by the CalDAV push loop.
|
|
func (s *AppointmentService) AllForUser(ctx context.Context, userID uuid.UUID) ([]models.Appointment, error) {
|
|
user, err := s.users().GetByID(ctx, userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if user == nil {
|
|
return nil, nil
|
|
}
|
|
rows := []models.Appointment{}
|
|
query := `
|
|
SELECT ` + terminColumns + `
|
|
FROM paliad.appointments t
|
|
LEFT JOIN paliad.projects p ON p.id = t.project_id
|
|
WHERE
|
|
(t.project_id IS NULL AND t.created_by = $1)
|
|
OR (t.project_id IS NOT NULL AND ($2 = 'global_admin' OR EXISTS (
|
|
SELECT 1 FROM paliad.project_teams pt
|
|
WHERE pt.user_id = $1
|
|
AND pt.project_id = ANY(string_to_array(p.path, '.')::uuid[])
|
|
)))`
|
|
if err := s.db.SelectContext(ctx, &rows, query, userID, user.GlobalRole); err != nil {
|
|
return nil, fmt.Errorf("all appointments for user: %w", err)
|
|
}
|
|
return rows, nil
|
|
}
|
|
|
|
// FindByCalDAVUID resolves a Appointment from its external UID.
|
|
func (s *AppointmentService) FindByCalDAVUID(ctx context.Context, uid string) (*models.Appointment, error) {
|
|
var t models.Appointment
|
|
err := s.db.GetContext(ctx, &t,
|
|
`SELECT `+terminColumns+` FROM paliad.appointments WHERE caldav_uid = $1`, uid)
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
return nil, ErrNotVisible
|
|
}
|
|
if err != nil {
|
|
return nil, fmt.Errorf("find appointment by caldav uid: %w", err)
|
|
}
|
|
return &t, nil
|
|
}
|
|
|
|
// ApplyRemoteUpdate writes pulled CalDAV changes into the local row.
|
|
func (s *AppointmentService) ApplyRemoteUpdate(ctx context.Context, terminID uuid.UUID, title, description, location *string, startAt, endAt *time.Time, etag string) (bool, error) {
|
|
sets := []string{"caldav_etag = $1", "updated_at = NOW()"}
|
|
args := []any{etag}
|
|
next := 2
|
|
changed := false
|
|
if title != nil {
|
|
sets = append(sets, fmt.Sprintf("title = $%d", next))
|
|
args = append(args, *title)
|
|
next++
|
|
changed = true
|
|
}
|
|
if description != nil {
|
|
sets = append(sets, fmt.Sprintf("description = $%d", next))
|
|
args = append(args, *description)
|
|
next++
|
|
changed = true
|
|
}
|
|
if location != nil {
|
|
sets = append(sets, fmt.Sprintf("location = $%d", next))
|
|
args = append(args, *location)
|
|
next++
|
|
changed = true
|
|
}
|
|
if startAt != nil {
|
|
sets = append(sets, fmt.Sprintf("start_at = $%d", next))
|
|
args = append(args, startAt.UTC())
|
|
next++
|
|
changed = true
|
|
}
|
|
if endAt != nil {
|
|
sets = append(sets, fmt.Sprintf("end_at = $%d", next))
|
|
args = append(args, endAt.UTC())
|
|
next++
|
|
changed = true
|
|
}
|
|
args = append(args, terminID)
|
|
query := fmt.Sprintf("UPDATE paliad.appointments SET %s WHERE id = $%d",
|
|
strings.Join(sets, ", "), next)
|
|
if _, err := s.db.ExecContext(ctx, query, args...); err != nil {
|
|
return false, fmt.Errorf("apply remote appointment update: %w", err)
|
|
}
|
|
return changed, nil
|
|
}
|
|
|
|
// DeleteByCalDAVUID removes a Appointment pulled-deleted from the remote calendar.
|
|
func (s *AppointmentService) DeleteByCalDAVUID(ctx context.Context, uid string) error {
|
|
_, err := s.db.ExecContext(ctx,
|
|
`DELETE FROM paliad.appointments WHERE caldav_uid = $1`, uid)
|
|
if err != nil {
|
|
return fmt.Errorf("delete appointment by caldav uid: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// LogConflict appends a conflict event to the parent Project's audit trail.
|
|
// No-op for personal Appointments.
|
|
func (s *AppointmentService) LogConflict(ctx context.Context, terminID uuid.UUID, msg string) error {
|
|
var row struct {
|
|
ProjectID *uuid.UUID `db:"project_id"`
|
|
CreatedBy *uuid.UUID `db:"created_by"`
|
|
}
|
|
err := s.db.GetContext(ctx, &row,
|
|
`SELECT project_id, created_by FROM paliad.appointments WHERE id = $1`, terminID)
|
|
if err != nil || row.ProjectID == nil {
|
|
return nil //nolint:nilerr
|
|
}
|
|
now := time.Now().UTC()
|
|
desc := msg
|
|
_, err = s.db.ExecContext(ctx,
|
|
`INSERT INTO paliad.project_events
|
|
(id, project_id, event_type, title, description, event_date,
|
|
created_by, metadata, created_at, updated_at)
|
|
VALUES ($1, $2, 'caldav_conflict', 'CalDAV conflict', $3, $4, $5, '{}', $4, $4)`,
|
|
uuid.New(), *row.ProjectID, desc, now, row.CreatedBy)
|
|
if err != nil {
|
|
return fmt.Errorf("insert caldav conflict event: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// users returns the shared user service via the Project handle.
|
|
func (s *AppointmentService) users() *UserService {
|
|
return s.projects.Users()
|
|
}
|
|
|
|
func nullableUTC(t *time.Time) any {
|
|
if t == nil {
|
|
return nil
|
|
}
|
|
u := t.UTC()
|
|
return u
|
|
}
|
|
|
|
func isValidAppointmentType(t string) bool {
|
|
switch t {
|
|
case "hearing", "meeting", "consultation", "deadline_hearing":
|
|
return true
|
|
}
|
|
return false
|
|
}
|