|
|
@@ -257,7 +257,7 @@ export const appRouter = router({
|
|
|
sessionId: z.string(),
|
|
|
content: z.string().min(1).max(2000),
|
|
|
}))
|
|
|
- .mutation(async ({ input }) => {
|
|
|
+ .mutation(async ({ input, ctx }) => {
|
|
|
const conversation = await getConversationBySessionId(input.sessionId);
|
|
|
if (!conversation) throw new Error("Conversation not found");
|
|
|
|
|
|
@@ -343,8 +343,8 @@ export const appRouter = router({
|
|
|
// Build user context for permission-scoped ERP queries.
|
|
|
// Dealers (role="user") are automatically scoped to their own CID by the bridge.
|
|
|
const userCtx = {
|
|
|
- role: ctx.user.role,
|
|
|
- erpContactCid: ctx.user.erpContactCid,
|
|
|
+ role: ctx.user?.role ?? "user",
|
|
|
+ erpContactCid: ctx.user?.erpContactCid ?? null,
|
|
|
};
|
|
|
|
|
|
// 1. Single order lookup
|
|
|
@@ -362,7 +362,7 @@ export const appRouter = router({
|
|
|
|
|
|
// 2. "my orders" / "recent orders" — needs customer CID on conversation
|
|
|
} else if (/\b(my orders?|recent orders?|order history|order status)\b/.test(msgLower)) {
|
|
|
- const cid = ctx.user.erpContactCid ?? (conversation as any).customerId as string | undefined;
|
|
|
+ const cid = ctx.user?.erpContactCid ?? (conversation as any).customerId as string | undefined;
|
|
|
if (cid) {
|
|
|
erpContext = await lookupOrdersByCustomer(cid, 5, userCtx);
|
|
|
}
|
|
|
@@ -400,7 +400,7 @@ export const appRouter = router({
|
|
|
}
|
|
|
|
|
|
// 6. Customer / dealer lookup (admin/agent only — dealers see their own record via CID)
|
|
|
- if (!erpContext && ctx.user.role !== "user" && /\b(customer|dealer|account|contact|company)\b/.test(msgLower)) {
|
|
|
+ if (!erpContext && ctx.user?.role !== "user" && /\b(customer|dealer|account|contact|company)\b/.test(msgLower)) {
|
|
|
const nameMatch = msg.match(/(?:customer|dealer|account|contact|company)[:\s]+([A-Za-z &'.-]{3,40})/i);
|
|
|
if (nameMatch) {
|
|
|
erpContext = await lookupContact({ company: nameMatch[1].trim() }, userCtx);
|
Tony T