Dark theme, roles overhaul, modal New Ticket, My Tickets page, and more

- Dark UI across all pages and components (gray-950/900/800 palette) - New Ticket is now a centered modal (triggered from sidebar), not a separate page - Add USER role: view and comment only; AGENT and SERVICE can create/edit tickets - Only admins can set ticket status to CLOSED (enforced server + UI) - Add My Tickets page (/my-tickets) showing tickets assigned to current user - Add queue (category) filter to Dashboard - Audit log entries are clickable to expand detail; comment body shown as markdown - Resolved date now includes time (HH:mm) in ticket sidebar - Store comment body in audit log detail for COMMENT_ADDED and COMMENT_DELETED - Clarify role descriptions in Admin Users modal - Remove CI/CD section from README; add full API reference documentation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 23:17:14 -04:00
parent d8dc5b3ded
commit 725f91578d
21 changed files with 821 additions and 388 deletions
--- a/server/prisma/schema.prisma
+++ b/server/prisma/schema.prisma
@@ -10,6 +10,7 @@ datasource db {
 enum Role {
  ADMIN
  AGENT
+  USER
  SERVICE
 }

--- a/server/src/middleware/auth.ts
+++ b/server/src/middleware/auth.ts
@@ -55,3 +55,15 @@ export const requireAdmin = (
  }
  next()
 }
+
+// Blocks USER role — allows ADMIN, AGENT, SERVICE
+export const requireAgent = (
+  req: AuthRequest,
+  res: Response,
+  next: NextFunction
+) => {
+  if (req.user?.role === 'USER') {
+    return res.status(403).json({ error: 'Insufficient permissions' })
+  }
+  next()
+}
--- a/server/src/routes/comments.ts
+++ b/server/src/routes/comments.ts
@@ -24,7 +24,7 @@ router.post('/', async (req: AuthRequest, res) => {
      include: { author: { select: { id: true, username: true, displayName: true } } },
    }),
    prisma.auditLog.create({
-      data: { ticketId: ticket.id, userId: req.user!.id, action: 'COMMENT_ADDED' },
+      data: { ticketId: ticket.id, userId: req.user!.id, action: 'COMMENT_ADDED', detail: body },
    }),
  ])

@@ -44,7 +44,12 @@ router.delete('/:commentId', async (req: AuthRequest, res) => {
  await prisma.$transaction([
    prisma.comment.delete({ where: { id: req.params.commentId } }),
    prisma.auditLog.create({
-      data: { ticketId: comment.ticketId, userId: req.user!.id, action: 'COMMENT_DELETED' },
+      data: {
+        ticketId: comment.ticketId,
+        userId: req.user!.id,
+        action: 'COMMENT_DELETED',
+        detail: comment.body,
+      },
    }),
  ])

--- a/server/src/routes/tickets.ts
+++ b/server/src/routes/tickets.ts
@@ -1,7 +1,7 @@
 import { Router } from 'express'
 import { z } from 'zod'
 import prisma from '../lib/prisma'
-import { requireAdmin, AuthRequest } from '../middleware/auth'
+import { requireAdmin, requireAgent, AuthRequest } from '../middleware/auth'
 import commentRouter from './comments'

 const router = Router()
@@ -123,7 +123,7 @@ router.get('/:id/audit', async (req, res) => {
 })

 // POST /api/tickets
-router.post('/', async (req: AuthRequest, res) => {
+router.post('/', requireAgent, async (req: AuthRequest, res) => {
  const data = createSchema.parse(req.body)
  const displayId = await generateDisplayId()

@@ -141,9 +141,14 @@ router.post('/', async (req: AuthRequest, res) => {
 })

 // PATCH /api/tickets/:id
-router.patch('/:id', async (req: AuthRequest, res) => {
+router.patch('/:id', requireAgent, async (req: AuthRequest, res) => {
  const data = updateSchema.parse(req.body)

+  // Only admins can set status to CLOSED
+  if (data.status === 'CLOSED' && req.user?.role !== 'ADMIN') {
+    return res.status(403).json({ error: 'Only admins can close tickets' })
+  }
+
  const existing = await prisma.ticket.findFirst({
    where: { OR: [{ id: req.params.id }, { displayId: req.params.id }] },
    include: {
--- a/server/src/routes/users.ts
+++ b/server/src/routes/users.ts
@@ -32,7 +32,7 @@ router.post('/', requireAdmin, async (req, res) => {
      email: z.string().email(),
      displayName: z.string().min(1).max(100),
      password: z.string().min(8).optional(),
-      role: z.enum(['ADMIN', 'AGENT', 'SERVICE']).default('AGENT'),
+      role: z.enum(['ADMIN', 'AGENT', 'USER', 'SERVICE']).default('AGENT'),
    })
    .parse(req.body)

@@ -64,7 +64,7 @@ router.patch('/:id', requireAdmin, async (req, res) => {
      displayName: z.string().min(1).max(100).optional(),
      email: z.string().email().optional(),
      password: z.string().min(8).optional(),
-      role: z.enum(['ADMIN', 'AGENT', 'SERVICE']).optional(),
+      role: z.enum(['ADMIN', 'AGENT', 'USER', 'SERVICE']).optional(),
      regenerateApiKey: z.boolean().optional(),
    })
    .parse(req.body)