From 2da0f0210dc0d434346c9891548aeacf98c24050 Mon Sep 17 00:00:00 2001
From: David <darnaud2@myges.fr>
Date: Sun, 30 Nov 2025 18:58:12 +0100
Subject: [PATCH] fix organisation

---
 .../src/application/auth/auth.service.ts      | 16 +++-
 .../dashboard/settings/organization/page.tsx  | 94 ++++++++++++-------
 2 files changed, 74 insertions(+), 36 deletions(-)

diff --git a/apps/backend/src/application/auth/auth.service.ts b/apps/backend/src/application/auth/auth.service.ts
index e174d2f..62f2763 100644
--- a/apps/backend/src/application/auth/auth.service.ts
+++ b/apps/backend/src/application/auth/auth.service.ts
@@ -71,8 +71,20 @@ export class AuthService {
     // 3. Otherwise, use default organization
     const finalOrganizationId = await this.resolveOrganizationId(organizationId, organizationData);
 
-    // Determine role: use invitation role if provided, otherwise default to USER
-    const userRole = invitationRole ? (invitationRole as UserRole) : UserRole.USER;
+    // Determine role:
+    // - If invitation role is provided (invited user), use it
+    // - If organizationData is provided (new organization creator), make them MANAGER
+    // - Otherwise, default to USER
+    let userRole: UserRole;
+    if (invitationRole) {
+      userRole = invitationRole as UserRole;
+    } else if (organizationData) {
+      // User creating a new organization becomes MANAGER
+      userRole = UserRole.MANAGER;
+    } else {
+      // Default to USER for other cases
+      userRole = UserRole.USER;
+    }
 
     const user = User.create({
       id: uuidv4(),
diff --git a/apps/frontend/app/dashboard/settings/organization/page.tsx b/apps/frontend/app/dashboard/settings/organization/page.tsx
index eb31743..ab006ee 100644
--- a/apps/frontend/app/dashboard/settings/organization/page.tsx
+++ b/apps/frontend/app/dashboard/settings/organization/page.tsx
@@ -39,6 +39,9 @@ export default function OrganizationSettingsPage() {
   const [error, setError] = useState<string | null>(null);
   const [successMessage, setSuccessMessage] = useState<string | null>(null);
 
+  // Check if user can edit organization (only ADMIN and MANAGER)
+  const canEdit = user?.role === 'ADMIN' || user?.role === 'MANAGER';
+
   useEffect(() => {
     if (user?.organizationId) {
       loadOrganization();
@@ -179,6 +182,18 @@ export default function OrganizationSettingsPage() {
         </div>
       )}
 
+      {/* Read-only warning for USER role */}
+      {!canEdit && (
+        <div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4">
+          <div className="flex items-center">
+            <svg className="w-5 h-5 text-blue-600 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
+            </svg>
+            <p className="text-blue-800 font-medium">Mode lecture seule - Seuls les administrateurs et managers peuvent modifier l'organisation</p>
+          </div>
+        </div>
+      )}
+
       {/* Tabs */}
       <div className="bg-white rounded-lg shadow-md">
         <div className="border-b border-gray-200">
@@ -230,7 +245,8 @@ export default function OrganizationSettingsPage() {
                   type="text"
                   value={formData.name}
                   onChange={e => handleChange('name', e.target.value)}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   placeholder="Xpeditis"
                   required
                 />
@@ -246,7 +262,8 @@ export default function OrganizationSettingsPage() {
                   type="text"
                   value={formData.siren}
                   onChange={e => handleChange('siren', e.target.value.replace(/\D/g, '').slice(0, 9))}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   placeholder="123 456 789"
                   maxLength={9}
                 />
@@ -263,7 +280,8 @@ export default function OrganizationSettingsPage() {
                   type="text"
                   value={formData.eori}
                   onChange={e => handleChange('eori', e.target.value.toUpperCase())}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   placeholder="FR123456789"
                   maxLength={17}
                 />
@@ -277,7 +295,8 @@ export default function OrganizationSettingsPage() {
                   type="tel"
                   value={formData.contact_phone}
                   onChange={e => handleChange('contact_phone', e.target.value)}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   placeholder="+33 6 80 18 28 12"
                 />
               </div>
@@ -289,7 +308,8 @@ export default function OrganizationSettingsPage() {
                   type="email"
                   value={formData.contact_email}
                   onChange={e => handleChange('contact_email', e.target.value)}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   placeholder="contact@xpeditis.com"
                 />
               </div>
@@ -307,7 +327,8 @@ export default function OrganizationSettingsPage() {
                   type="text"
                   value={formData.address_street}
                   onChange={e => handleChange('address_street', e.target.value)}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   placeholder="123 Rue de la Paix"
                   required
                 />
@@ -323,7 +344,8 @@ export default function OrganizationSettingsPage() {
                     type="text"
                     value={formData.address_postal_code}
                     onChange={e => handleChange('address_postal_code', e.target.value)}
-                    className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                    disabled={!canEdit}
+                    className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                     placeholder="75001"
                     required
                   />
@@ -336,7 +358,8 @@ export default function OrganizationSettingsPage() {
                     type="text"
                     value={formData.address_city}
                     onChange={e => handleChange('address_city', e.target.value)}
-                    className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                    disabled={!canEdit}
+                    className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                     placeholder="Paris"
                     required
                   />
@@ -351,7 +374,8 @@ export default function OrganizationSettingsPage() {
                 <select
                   value={formData.address_country}
                   onChange={e => handleChange('address_country', e.target.value)}
-                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+                  disabled={!canEdit}
+                  className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent disabled:bg-gray-100 disabled:cursor-not-allowed"
                   required
                 >
                   <option value="FR">France</option>
@@ -370,31 +394,33 @@ export default function OrganizationSettingsPage() {
         </div>
 
         {/* Actions */}
-        <div className="bg-gray-50 px-8 py-4 border-t border-gray-200 flex items-center justify-end space-x-4">
-          <button
-            type="button"
-            onClick={handleCancel}
-            disabled={isSaving}
-            className="px-6 py-2 text-sm font-medium text-gray-700 bg-white border border-gray-300 rounded-lg hover:bg-gray-50 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
-          >
-            Annuler
-          </button>
-          <button
-            type="button"
-            onClick={handleSave}
-            disabled={isSaving || !formData.name || !formData.address_street}
-            className="px-6 py-2 text-sm font-medium text-white bg-blue-600 rounded-lg hover:bg-blue-700 disabled:opacity-50 disabled:cursor-not-allowed transition-colors flex items-center"
-          >
-            {isSaving ? (
-              <>
-                <div className="animate-spin rounded-full h-4 w-4 border-b-2 border-white mr-2"></div>
-                Enregistrement...
-              </>
-            ) : (
-              'Enregistrer'
-            )}
-          </button>
-        </div>
+        {canEdit && (
+          <div className="bg-gray-50 px-8 py-4 border-t border-gray-200 flex items-center justify-end space-x-4">
+            <button
+              type="button"
+              onClick={handleCancel}
+              disabled={isSaving}
+              className="px-6 py-2 text-sm font-medium text-gray-700 bg-white border border-gray-300 rounded-lg hover:bg-gray-50 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+            >
+              Annuler
+            </button>
+            <button
+              type="button"
+              onClick={handleSave}
+              disabled={isSaving || !formData.name || !formData.address_street}
+              className="px-6 py-2 text-sm font-medium text-white bg-blue-600 rounded-lg hover:bg-blue-700 disabled:opacity-50 disabled:cursor-not-allowed transition-colors flex items-center"
+            >
+              {isSaving ? (
+                <>
+                  <div className="animate-spin rounded-full h-4 w-4 border-b-2 border-white mr-2"></div>
+                  Enregistrement...
+                </>
+              ) : (
+                'Enregistrer'
+              )}
+            </button>
+          </div>
+        )}
       </div>
     </div>
   );