Merge pull request #962 from bigcapitalhq/feature/ahmedbouhuolia/add-permission-guards-to-credit-controllers

fix(server): add permission guards to credit note and vendor credit controllers

packages/server/src/common/config/s3.ts

@@ -6,4 +6,5 @@ export default registerAs('s3', () => ({
   secretAccessKey: process.env.S3_SECRET_ACCESS_KEY,
   endpoint: process.env.S3_ENDPOINT,
   bucket: process.env.S3_BUCKET,
+  forcePathStyle: process.env.S3_FORCE_PATH_STYLE === 'true',
 }));

packages/server/src/modules/Accounts/Accounts.controller.ts

@@ -9,6 +9,7 @@ import {
   ParseIntPipe,
   Put,
   HttpCode,
+  UseGuards,
 } from '@nestjs/common';
 import { AccountsApplication } from './AccountsApplication.service';
 import { CreateAccountDTO } from './CreateAccount.dto';
@@ -32,6 +33,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { AccountAction } from './Accounts.types';
 
 @Controller('accounts')
 @ApiTags('Accounts')
@@ -40,11 +46,13 @@ import {
 @ApiExtraModels(GetAccountTransactionResponseDto)
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class AccountsController {
   constructor(private readonly accountsApplication: AccountsApplication) { }
 
   @Post('validate-bulk-delete')
   @HttpCode(200)
+  @RequirePermission(AccountAction.DELETE, AbilitySubject.Account)
   @ApiOperation({
     summary:
       'Validates which accounts can be deleted and returns counts of deletable and non-deletable accounts.',
@@ -67,6 +75,7 @@ export class AccountsController {
 
   @Post('bulk-delete')
   @HttpCode(200)
+  @RequirePermission(AccountAction.DELETE, AbilitySubject.Account)
   @ApiOperation({ summary: 'Deletes multiple accounts in bulk.' })
   @ApiResponse({
     status: 200,
@@ -81,6 +90,7 @@ export class AccountsController {
   }
 
   @Post()
+  @RequirePermission(AccountAction.CREATE, AbilitySubject.Account)
   @ApiOperation({ summary: 'Create an account' })
   @ApiResponse({
     status: 200,
@@ -91,6 +101,7 @@ export class AccountsController {
   }
 
   @Put(':id')
+  @RequirePermission(AccountAction.EDIT, AbilitySubject.Account)
   @ApiOperation({ summary: 'Edit the given account.' })
   @ApiResponse({
     status: 200,
@@ -111,6 +122,7 @@ export class AccountsController {
   }
 
   @Delete(':id')
+  @RequirePermission(AccountAction.DELETE, AbilitySubject.Account)
   @ApiOperation({ summary: 'Delete the given account.' })
   @ApiResponse({
     status: 200,
@@ -129,6 +141,7 @@ export class AccountsController {
 
   @Post(':id/activate')
   @HttpCode(200)
+  @RequirePermission(AccountAction.EDIT, AbilitySubject.Account)
   @ApiOperation({ summary: 'Activate the given account.' })
   @ApiResponse({
     status: 200,
@@ -147,6 +160,7 @@ export class AccountsController {
 
   @Post(':id/inactivate')
   @HttpCode(200)
+  @RequirePermission(AccountAction.EDIT, AbilitySubject.Account)
   @ApiOperation({ summary: 'Inactivate the given account.' })
   @ApiResponse({
     status: 200,
@@ -164,6 +178,7 @@ export class AccountsController {
   }
 
   @Get('types')
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the account types.' })
   @ApiResponse({
     status: 200,
@@ -180,6 +195,7 @@ export class AccountsController {
   }
 
   @Get('transactions')
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the account transactions.' })
   @ApiResponse({
     status: 200,
@@ -198,6 +214,7 @@ export class AccountsController {
   }
 
   @Get(':id')
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the account details.' })
   @ApiResponse({
     status: 200,
@@ -216,6 +233,7 @@ export class AccountsController {
   }
 
   @Get()
+  @RequirePermission(AccountAction.VIEW, AbilitySubject.Account)
   @ApiOperation({ summary: 'Retrieves the accounts.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/BankRules/dtos/BankRule.dto.ts

@@ -16,7 +16,7 @@ import { ToNumber } from '@/common/decorators/Validators';
 
 class BankRuleConditionDto {
   @IsNotEmpty()
-  @IsIn(['description', 'amount'])
+  @IsIn(['description', 'amount', 'payee'])
   field: string;
 
   @IsNotEmpty()

packages/server/src/modules/BankingTranasctionsRegonize/_types.ts

@@ -15,8 +15,13 @@ export const RecognizeUncategorizedTransactionsJob =
 export const RecognizeUncategorizedTransactionsQueue =
   'recognize-uncategorized-transactions-queue';
 
-
 export interface RecognizeUncategorizedTransactionsJobPayload extends TenantJobPayload {
   ruleId: number,
-  transactionsCriteria: any;
+  transactionsCriteria?: RecognizeTransactionsCriteria;
+  /**
+   * When true, first reverts recognized transactions before recognizing again.
+   * Used when a bank rule is edited to ensure transactions previously recognized
+   * by lower-priority rules are re-evaluated against the updated rule.
+   */
+  shouldRevert?: boolean;
 }

packages/server/src/modules/BankingTranasctionsRegonize/commands/RecognizeTranasctions.service.ts

@@ -93,6 +93,10 @@ export class RecognizeTranasctionsService {
           q.whereIn('id', rulesIds);
         }
         q.withGraphFetched('conditions');
+
+        // Order by the 'order' field to ensure higher priority rules (lower order values)
+        // are matched first.
+        q.orderBy('order', 'asc');
       });
 
     const bankRulesByAccountId = transformToMapBy(

packages/server/src/modules/BankingTranasctionsRegonize/events/TriggerRecognizedTransactions.ts

@@ -69,10 +69,13 @@ export class TriggerRecognizedTransactionsSubscriber {
     const tenantPayload = await this.tenancyContect.getTenantJobPayload();
     const payload = {
       ruleId: bankRule.id,
+      shouldRevert: true,
       ...tenantPayload,
     } as RecognizeUncategorizedTransactionsJobPayload;
 
     // Re-recognize the transactions based on the new rules.
+    // Setting shouldRevert to true ensures that transactions previously recognized
+    // by this or lower-priority rules are re-evaluated against the updated rule.
     await this.recognizeTransactionsQueue.add(
       RecognizeUncategorizedTransactionsJob,
       payload,

packages/server/src/modules/BankingTranasctionsRegonize/jobs/RecognizeTransactionsJob.ts

@@ -3,6 +3,7 @@ import { Processor, WorkerHost } from '@nestjs/bullmq';
 import { Scope } from '@nestjs/common';
 import { ClsService, UseCls } from 'nestjs-cls';
 import { RecognizeTranasctionsService } from '../commands/RecognizeTranasctions.service';
+import { RevertRecognizedTransactionsService } from '../commands/RevertRecognizedTransactions.service';
 import {
   RecognizeUncategorizedTransactionsJobPayload,
   RecognizeUncategorizedTransactionsQueue,
@@ -15,10 +16,12 @@ import {
 export class RegonizeTransactionsPrcessor extends WorkerHost {
   /**
    * @param {RecognizeTranasctionsService} recognizeTranasctionsService -
+   * @param {RevertRecognizedTransactionsService} revertRecognizedTransactionsService -
    * @param {ClsService} clsService -
    */
   constructor(
     private readonly recognizeTranasctionsService: RecognizeTranasctionsService,
+    private readonly revertRecognizedTransactionsService: RevertRecognizedTransactionsService,
     private readonly clsService: ClsService,
   ) {
     super();
@@ -29,12 +32,21 @@ export class RegonizeTransactionsPrcessor extends WorkerHost {
    */
   @UseCls()
   async process(job: Job<RecognizeUncategorizedTransactionsJobPayload>) {
-    const { ruleId, transactionsCriteria } = job.data;
+    const { ruleId, transactionsCriteria, shouldRevert } = job.data;
 
     this.clsService.set('organizationId', job.data.organizationId);
     this.clsService.set('userId', job.data.userId);
 
     try {
+      // If shouldRevert is true, first revert recognized transactions before re-recognizing.
+      // This is used when a bank rule is edited to ensure transactions previously recognized
+      // by lower-priority rules are re-evaluated against the updated rule.
+      if (shouldRevert) {
+        await this.revertRecognizedTransactionsService.revertRecognizedTransactions(
+          ruleId,
+          transactionsCriteria,
+        );
+      }
       await this.recognizeTranasctionsService.recognizeTransactions(
         ruleId,
         transactionsCriteria,

packages/server/src/modules/BillPayments/BillPayments.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { BillPaymentsApplication } from './BillPaymentsApplication.service';
 import {
@@ -26,12 +27,18 @@ import { BillPaymentsPages } from './commands/BillPaymentsPages.service';
 import { BillPaymentResponseDto } from './dtos/BillPaymentResponse.dto';
 import { PaginatedResponseDto } from '@/common/dtos/PaginatedResults.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { IPaymentMadeAction } from './types/BillPayments.types';
 
 @Controller('bill-payments')
 @ApiTags('Bill Payments')
 @ApiExtraModels(BillPaymentResponseDto)
 @ApiExtraModels(PaginatedResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class BillPaymentsController {
   constructor(
     private billPaymentsApplication: BillPaymentsApplication,
@@ -39,12 +46,14 @@ export class BillPaymentsController {
   ) {}
 
   @Post()
+  @RequirePermission(IPaymentMadeAction.Create, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Create a new bill payment.' })
   public createBillPayment(@Body() billPaymentDTO: CreateBillPaymentDto) {
     return this.billPaymentsApplication.createBillPayment(billPaymentDTO);
   }
 
   @Delete(':billPaymentId')
+  @RequirePermission(IPaymentMadeAction.Delete, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Delete the given bill payment.' })
   @ApiParam({
     name: 'billPaymentId',
@@ -59,6 +68,7 @@ export class BillPaymentsController {
   }
 
   @Put(':billPaymentId')
+  @RequirePermission(IPaymentMadeAction.Edit, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Edit the given bill payment.' })
   @ApiParam({
     name: 'billPaymentId',
@@ -77,6 +87,7 @@ export class BillPaymentsController {
   }
 
   @Get('/new-page/entries')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({
     summary:
       'Retrieves the payable entries of the new page once vendor be selected.',
@@ -95,6 +106,7 @@ export class BillPaymentsController {
   }
 
   @Get(':billPaymentId/bills')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Retrieves the bills of the given bill payment.' })
   @ApiParam({
     name: 'billPaymentId',
@@ -107,6 +119,7 @@ export class BillPaymentsController {
   }
 
   @Get('/:billPaymentId/edit-page')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({
     summary: 'Retrieves the edit page of the given bill payment.',
   })
@@ -126,6 +139,7 @@ export class BillPaymentsController {
   }
 
   @Get(':billPaymentId')
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Retrieves the bill payment details.' })
   @ApiResponse({
     status: 200,
@@ -145,6 +159,7 @@ export class BillPaymentsController {
   }
 
   @Get()
+  @RequirePermission(IPaymentMadeAction.View, AbilitySubject.PaymentMade)
   @ApiOperation({ summary: 'Retrieves the bill payments list.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Bills/Bills.controller.ts

@@ -17,6 +17,7 @@ import {
   Get,
   Query,
   HttpCode,
+  UseGuards,
 } from '@nestjs/common';
 import { BillsApplication } from './Bills.application';
 import { IBillsFilter } from './Bills.types';
@@ -28,6 +29,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { BillAction } from './Bills.types';
 
 @Controller('bills')
 @ApiTags('Bills')
@@ -35,10 +41,12 @@ import {
 @ApiExtraModels(PaginatedResponseDto)
 @ApiCommonHeaders()
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class BillsController {
   constructor(private billsApplication: BillsApplication) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(BillAction.Delete, AbilitySubject.Bill)
   @ApiOperation({
     summary: 'Validate which bills can be deleted and return the results.',
   })
@@ -58,6 +66,7 @@ export class BillsController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(BillAction.Delete, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Deletes multiple bills.' })
   @HttpCode(200)
   @ApiResponse({
@@ -73,12 +82,14 @@ export class BillsController {
   }
 
   @Post()
+  @RequirePermission(BillAction.Create, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Create a new bill.' })
   createBill(@Body() billDTO: CreateBillDto) {
     return this.billsApplication.createBill(billDTO);
   }
 
   @Put(':id')
+  @RequirePermission(BillAction.Edit, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Edit the given bill.' })
   @ApiParam({
     name: 'id',
@@ -91,6 +102,7 @@ export class BillsController {
   }
 
   @Delete(':id')
+  @RequirePermission(BillAction.Delete, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Delete the given bill.' })
   @ApiParam({
     name: 'id',
@@ -103,6 +115,7 @@ export class BillsController {
   }
 
   @Get()
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Retrieves the bills.' })
   @ApiResponse({
     status: 200,
@@ -132,6 +145,7 @@ export class BillsController {
   }
 
   @Get(':id/payment-transactions')
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({
     summary: 'Retrieve the specific bill associated payment transactions.',
   })
@@ -146,6 +160,7 @@ export class BillsController {
   }
 
   @Get(':id')
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Retrieves the bill details.' })
   @ApiResponse({
     status: 200,
@@ -165,6 +180,7 @@ export class BillsController {
   }
 
   @Patch(':id/open')
+  @RequirePermission(BillAction.Edit, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Open the given bill.' })
   @ApiParam({
     name: 'id',
@@ -177,6 +193,7 @@ export class BillsController {
   }
 
   @Get('due')
+  @RequirePermission(BillAction.View, AbilitySubject.Bill)
   @ApiOperation({ summary: 'Retrieves the due bills.' })
   getDueBills(@Body('vendorId') vendorId?: number) {
     return this.billsApplication.getDueBills(vendorId);

packages/server/src/modules/Bills/dtos/BillResponse.dto.ts

@@ -1,6 +1,8 @@
 import { ApiProperty } from '@nestjs/swagger';
+import { Type } from 'class-transformer';
 import { ItemEntryDto } from '@/modules/TransactionItemEntry/dto/ItemEntry.dto';
 import { AttachmentLinkDto } from '@/modules/Attachments/dtos/Attachment.dto';
+import { BranchResponseDto } from '@/modules/Branches/dtos/BranchResponse.dto';
 import { DiscountType } from '@/common/types/Discount';
 
 export class BillResponseDto {
@@ -89,6 +91,14 @@ export class BillResponseDto {
   })
   branchId?: number;
 
+  @ApiProperty({
+    description: 'Branch details',
+    type: () => BranchResponseDto,
+    required: false,
+  })
+  @Type(() => BranchResponseDto)
+  branch?: BranchResponseDto;
+
   @ApiProperty({
     description: 'The ID of the project',
     example: 301,

packages/server/src/modules/Bills/queries/Bill.transformer.ts

@@ -30,6 +30,7 @@ export class BillTransformer extends Transformer {
       'taxes',
       'entries',
       'attachments',
+      'branch',
     ];
   };
 

packages/server/src/modules/Branches/Branches.module.ts

@@ -31,6 +31,12 @@ import { ValidateBranchExistance } from './integrations/ValidateBranchExistance'
 import { ManualJournalBranchesValidator } from './integrations/ManualJournals/ManualJournalsBranchesValidator';
 import { CashflowTransactionsActivateBranches } from './integrations/Cashflow/CashflowActivateBranches';
 import { ExpensesActivateBranches } from './integrations/Expense/ExpensesActivateBranches';
+import { BillActivateBranches } from './integrations/Purchases/BillBranchesActivate';
+import { VendorCreditActivateBranches } from './integrations/Purchases/VendorCreditBranchesActivate';
+import { BillPaymentsActivateBranches } from './integrations/Purchases/PaymentMadeBranchesActivate';
+import { BillBranchesActivateSubscriber } from './subscribers/Activate/BillBranchesActivateSubscriber';
+import { VendorCreditBranchesActivateSubscriber } from './subscribers/Activate/VendorCreditBranchesActivateSubscriber';
+import { PaymentMadeActivateBranchesSubscriber } from './subscribers/Activate/PaymentMadeBranchesActivateSubscriber';
 import { FeaturesModule } from '../Features/Features.module';
 
 @Module({
@@ -66,7 +72,13 @@ import { FeaturesModule } from '../Features/Features.module';
     ValidateBranchExistance,
     ManualJournalBranchesValidator,
     CashflowTransactionsActivateBranches,
-    ExpensesActivateBranches
+    ExpensesActivateBranches,
+    BillActivateBranches,
+    VendorCreditActivateBranches,
+    BillPaymentsActivateBranches,
+    BillBranchesActivateSubscriber,
+    VendorCreditBranchesActivateSubscriber,
+    PaymentMadeActivateBranchesSubscriber
   ],
   exports: [
     BranchesSettingsService,

packages/server/src/modules/Branches/integrations/Purchases/BillBranchesActivate.ts

@@ -1,11 +1,14 @@
 import { Knex } from 'knex';
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable } from '@nestjs/common';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
 import { Bill } from '@/modules/Bills/models/Bill';
 
 @Injectable()
 export class BillActivateBranches {
-  constructor(private readonly billModel: TenantModelProxy<typeof Bill>) {}
+  constructor(
+    @Inject(Bill.name)
+    private readonly billModel: TenantModelProxy<typeof Bill>,
+  ) {}
 
   /**
    * Updates all bills transactions with the primary branch.
@@ -17,7 +20,7 @@ export class BillActivateBranches {
     primaryBranchId: number,
     trx?: Knex.Transaction,
   ) => {
-    // Updates the sale invoice with primary branch.
-    await Bill.query(trx).update({ branchId: primaryBranchId });
+    // Updates the bills with primary branch.
+    await this.billModel().query(trx).update({ branchId: primaryBranchId });
   };
 }

packages/server/src/modules/Branches/integrations/Purchases/PaymentMadeBranchesActivate.ts

@@ -1,11 +1,12 @@
 import { Knex } from 'knex';
+import { Inject, Injectable } from '@nestjs/common';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
 import { BillPayment } from '@/modules/BillPayments/models/BillPayment';
-import { Injectable } from '@nestjs/common';
 
 @Injectable()
 export class BillPaymentsActivateBranches {
   constructor(
+    @Inject(BillPayment.name)
     private readonly billPaymentModel: TenantModelProxy<typeof BillPayment>,
   ) {}
 

packages/server/src/modules/Branches/integrations/Purchases/VendorCreditBranchesActivate.ts

@@ -1,11 +1,12 @@
 import { Knex } from 'knex';
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable } from '@nestjs/common';
 import { TenantModelProxy } from '@/modules/System/models/TenantBaseModel';
 import { VendorCredit } from '@/modules/VendorCredit/models/VendorCredit';
 
 @Injectable()
 export class VendorCreditActivateBranches {
   constructor(
+    @Inject(VendorCredit.name)
     private readonly vendorCreditModel: TenantModelProxy<typeof VendorCredit>,
   ) {}
 

packages/server/src/modules/Branches/subscribers/Activate/BillBranchesActivateSubscriber.ts

@@ -0,0 +1,28 @@
+import { IBranchesActivatedPayload } from '../../Branches.types';
+import { events } from '@/common/events/events';
+import { Injectable } from '@nestjs/common';
+import { BillActivateBranches } from '../../integrations/Purchases/BillBranchesActivate';
+import { OnEvent } from '@nestjs/event-emitter';
+
+@Injectable()
+export class BillBranchesActivateSubscriber {
+  constructor(
+    private readonly billActivateBranches: BillActivateBranches,
+  ) { }
+
+  /**
+   * Updates bills transactions with the primary branch once
+   * the multi-branches is activated.
+   * @param {IBranchesActivatedPayload}
+   */
+  @OnEvent(events.branch.onActivated)
+  async updateBillsWithBranchOnActivated({
+    primaryBranch,
+    trx,
+  }: IBranchesActivatedPayload) {
+    await this.billActivateBranches.updateBillsWithBranch(
+      primaryBranch.id,
+      trx,
+    );
+  }
+}

packages/server/src/modules/Branches/subscribers/Activate/VendorCreditBranchesActivateSubscriber.ts

@@ -0,0 +1,28 @@
+import { IBranchesActivatedPayload } from '../../Branches.types';
+import { events } from '@/common/events/events';
+import { Injectable } from '@nestjs/common';
+import { VendorCreditActivateBranches } from '../../integrations/Purchases/VendorCreditBranchesActivate';
+import { OnEvent } from '@nestjs/event-emitter';
+
+@Injectable()
+export class VendorCreditBranchesActivateSubscriber {
+  constructor(
+    private readonly vendorCreditActivateBranches: VendorCreditActivateBranches,
+  ) { }
+
+  /**
+   * Updates vendor credits transactions with the primary branch once
+   * the multi-branches is activated.
+   * @param {IBranchesActivatedPayload}
+   */
+  @OnEvent(events.branch.onActivated)
+  async updateVendorCreditsWithBranchOnActivated({
+    primaryBranch,
+    trx,
+  }: IBranchesActivatedPayload) {
+    await this.vendorCreditActivateBranches.updateVendorCreditsWithBranch(
+      primaryBranch.id,
+      trx,
+    );
+  }
+}

packages/server/src/modules/CreditNoteRefunds/CreditNoteRefunds.controller.ts

@@ -1,20 +1,35 @@
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
-import { Body, Controller, Delete, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { ICreditNoteRefundDTO } from '../CreditNotes/types/CreditNotes.types';
 import { CreditNotesRefundsApplication } from './CreditNotesRefundsApplication.service';
 import { RefundCreditNote } from './models/RefundCreditNote';
 import { CreditNoteRefundDto } from './dto/CreditNoteRefund.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CreditNoteAction } from '../CreditNotes/types/CreditNotes.types';
 
 @Controller('credit-notes')
 @ApiTags('Credit Note Refunds')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CreditNoteRefundsController {
   constructor(
     private readonly creditNotesRefundsApplication: CreditNotesRefundsApplication,
   ) {}
 
   @Get(':creditNoteId/refunds')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Retrieve the credit note graph.' })
   getCreditNoteRefunds(@Param('creditNoteId') creditNoteId: number) {
     return this.creditNotesRefundsApplication.getCreditNoteRefunds(
@@ -29,6 +44,7 @@ export class CreditNoteRefundsController {
    * @returns {Promise<RefundCreditNote>}
    */
   @Post(':creditNoteId/refunds')
+  @RequirePermission(CreditNoteAction.Refund, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Create a refund for the given credit note.' })
   createRefundCreditNote(
     @Param('creditNoteId') creditNoteId: number,
@@ -46,6 +62,7 @@ export class CreditNoteRefundsController {
    * @returns {Promise<void>}
    */
   @Delete('refunds/:refundCreditId')
+  @RequirePermission(CreditNoteAction.Refund, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Delete a refund for the given credit note.' })
   deleteRefundCreditNote(
     @Param('refundCreditId') refundCreditId: number,

packages/server/src/modules/CreditNotes/CreditNotes.controller.ts

@@ -18,6 +18,7 @@ import {
   Put,
   Query,
   Res,
+  UseGuards,
 } from '@nestjs/common';
 import { CreditNoteApplication } from './CreditNoteApplication.service';
 import { ICreditNotesQueryDTO } from './types/CreditNotes.types';
@@ -30,6 +31,11 @@ import {
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
 import { AcceptType } from '@/constants/accept-type';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CreditNoteAction } from './types/CreditNotes.types';
 
 @Controller('credit-notes')
 @ApiTags('Credit Notes')
@@ -37,6 +43,7 @@ import { AcceptType } from '@/constants/accept-type';
 @ApiExtraModels(PaginatedResponseDto)
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CreditNotesController {
   /**
    * @param {CreditNoteApplication} creditNoteApplication - The credit note application service.
@@ -44,6 +51,7 @@ export class CreditNotesController {
   constructor(private creditNoteApplication: CreditNoteApplication) { }
 
   @Post()
+  @RequirePermission(CreditNoteAction.Create, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Create a new credit note' })
   @ApiResponse({ status: 201, description: 'Credit note successfully created' })
   @ApiResponse({ status: 400, description: 'Invalid input data' })
@@ -52,6 +60,7 @@ export class CreditNotesController {
   }
 
   @Get('state')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Get credit note state' })
   @ApiResponse({ status: 200, description: 'Returns the credit note state' })
   getCreditNoteState() {
@@ -59,6 +68,7 @@ export class CreditNotesController {
   }
 
   @Get(':id')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Get a specific credit note by ID' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({
@@ -92,6 +102,7 @@ export class CreditNotesController {
   }
 
   @Get()
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Get all credit notes' })
   @ApiResponse({
     status: 200,
@@ -115,6 +126,7 @@ export class CreditNotesController {
   }
 
   @Put(':id')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Update a credit note' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({ status: 200, description: 'Credit note successfully updated' })
@@ -131,6 +143,7 @@ export class CreditNotesController {
   }
 
   @Put(':id/open')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Open a credit note' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({ status: 200, description: 'Credit note successfully opened' })
@@ -140,6 +153,7 @@ export class CreditNotesController {
   }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(CreditNoteAction.Delete, AbilitySubject.CreditNote)
   @ApiOperation({
     summary:
       'Validates which credit notes can be deleted and returns the results.',
@@ -161,6 +175,7 @@ export class CreditNotesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(CreditNoteAction.Delete, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Deletes multiple credit notes.' })
   @ApiResponse({
     status: 200,
@@ -173,6 +188,7 @@ export class CreditNotesController {
   }
 
   @Delete(':id')
+  @RequirePermission(CreditNoteAction.Delete, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Delete a credit note' })
   @ApiParam({ name: 'id', description: 'Credit note ID', type: 'number' })
   @ApiResponse({ status: 200, description: 'Credit note successfully deleted' })

packages/server/src/modules/CreditNotesApplyInvoice/CreditNotesApplyInvoice.controller.ts

@@ -1,15 +1,31 @@
-import { Body, Controller, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { GetCreditNoteAssociatedAppliedInvoices } from './queries/GetCreditNoteAssociatedAppliedInvoices.service';
+import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CreditNoteAction } from '../CreditNotes/types/CreditNotes.types';
 
 @Controller('credit-notes')
 @ApiTags('Credit Notes Apply Invoice')
+@ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CreditNotesApplyInvoiceController {
   constructor(
     private readonly getCreditNoteAssociatedAppliedInvoicesService: GetCreditNoteAssociatedAppliedInvoices,
   ) {}
 
   @Get(':creditNoteId/applied-invoices')
+  @RequirePermission(CreditNoteAction.View, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Applied credit note to invoices' })
   @ApiResponse({
     status: 200,
@@ -24,6 +40,7 @@ export class CreditNotesApplyInvoiceController {
   }
 
   @Post(':creditNoteId/apply-invoices')
+  @RequirePermission(CreditNoteAction.Edit, AbilitySubject.CreditNote)
   @ApiOperation({ summary: 'Apply credit note to invoices' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Customers/Customers.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { CustomersApplication } from './CustomersApplication.service';
 import { CustomerOpeningBalanceEditDto } from './dtos/CustomerOpeningBalanceEdit.dto';
@@ -26,15 +27,22 @@ import {
   ValidateBulkDeleteCustomersResponseDto,
 } from './dtos/BulkDeleteCustomers.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { CustomerAction } from './types/Customers.types';
 
 @Controller('customers')
 @ApiTags('Customers')
 @ApiExtraModels(CustomerResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CustomersController {
   constructor(private customersApplication: CustomersApplication) { }
 
   @Get(':id')
+  @RequirePermission(CustomerAction.View, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Retrieves the customer details.' })
   @ApiResponse({
     status: 200,
@@ -46,6 +54,7 @@ export class CustomersController {
   }
 
   @Get()
+  @RequirePermission(CustomerAction.View, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Retrieves the customers paginated list.' })
   @ApiResponse({
     status: 200,
@@ -60,6 +69,7 @@ export class CustomersController {
   }
 
   @Post()
+  @RequirePermission(CustomerAction.Create, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Create a new customer.' })
   @ApiResponse({
     status: 201,
@@ -71,6 +81,7 @@ export class CustomersController {
   }
 
   @Put(':id')
+  @RequirePermission(CustomerAction.Edit, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Edit the given customer.' })
   @ApiResponse({
     status: 200,
@@ -85,6 +96,7 @@ export class CustomersController {
   }
 
   @Delete(':id')
+  @RequirePermission(CustomerAction.Delete, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Delete the given customer.' })
   @ApiResponse({
     status: 200,
@@ -95,6 +107,7 @@ export class CustomersController {
   }
 
   @Put(':id/opening-balance')
+  @RequirePermission(CustomerAction.Edit, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Edit the opening balance of the given customer.' })
   @ApiResponse({
     status: 200,
@@ -112,6 +125,7 @@ export class CustomersController {
   }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(CustomerAction.Delete, AbilitySubject.Customer)
   @ApiOperation({
     summary:
       'Validates which customers can be deleted and returns counts of deletable and non-deletable customers.',
@@ -131,6 +145,7 @@ export class CustomersController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(CustomerAction.Delete, AbilitySubject.Customer)
   @ApiOperation({ summary: 'Deletes multiple customers in bulk.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Expenses/Expenses.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { ExpensesApplication } from './ExpensesApplication.service';
 import { IExpensesFilter } from './Expenses.types';
@@ -25,6 +26,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ExpenseAction } from './Expenses.types';
 
 @Controller('expenses')
 @ApiTags('Expenses')
@@ -34,10 +40,12 @@ import {
   ValidateBulkDeleteResponseDto,
 )
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ExpensesController {
   constructor(private readonly expensesApplication: ExpensesApplication) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(ExpenseAction.Delete, AbilitySubject.Expense)
   @ApiOperation({
     summary: 'Validate which expenses can be deleted and return the results.',
   })
@@ -58,6 +66,7 @@ export class ExpensesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(ExpenseAction.Delete, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Deletes multiple expenses.' })
   @ApiResponse({
     status: 200,
@@ -76,6 +85,7 @@ export class ExpensesController {
    * @param {IExpenseCreateDTO} expenseDTO
    */
   @Post()
+  @RequirePermission(ExpenseAction.Create, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Create a new expense transaction.' })
   public createExpense(@Body() expenseDTO: CreateExpenseDto) {
     return this.expensesApplication.createExpense(expenseDTO);
@@ -87,6 +97,7 @@ export class ExpensesController {
    * @param {IExpenseEditDTO} expenseDTO
    */
   @Put(':id')
+  @RequirePermission(ExpenseAction.Edit, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Edit the given expense transaction.' })
   public editExpense(
     @Param('id') expenseId: number,
@@ -100,6 +111,7 @@ export class ExpensesController {
    * @param {number} expenseId
    */
   @Delete(':id')
+  @RequirePermission(ExpenseAction.Delete, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Delete the given expense transaction.' })
   public deleteExpense(@Param('id') expenseId: number) {
     return this.expensesApplication.deleteExpense(expenseId);
@@ -110,6 +122,7 @@ export class ExpensesController {
    * @param {number} expenseId
    */
   @Post(':id/publish')
+  @RequirePermission(ExpenseAction.Edit, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Publish the given expense transaction.' })
   public publishExpense(@Param('id') expenseId: number) {
     return this.expensesApplication.publishExpense(expenseId);
@@ -119,6 +132,7 @@ export class ExpensesController {
    * Get the expense transaction details.
    */
   @Get()
+  @RequirePermission(ExpenseAction.View, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Get the expense transactions.' })
   @ApiResponse({
     status: 200,
@@ -146,6 +160,7 @@ export class ExpensesController {
    * @param {number} expenseId
    */
   @Get(':id')
+  @RequirePermission(ExpenseAction.View, AbilitySubject.Expense)
   @ApiOperation({ summary: 'Get the expense transaction details.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/APAgingSummary/APAgingSummary.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { APAgingSummaryApplication } from './APAgingSummaryApplication';
 import { AcceptType } from '@/constants/accept-type';
 import {
@@ -11,14 +11,21 @@ import {
 import { APAgingSummaryQueryDto } from './APAgingSummaryQuery.dto';
 import { APAgingSummaryResponseExample } from './APAgingSummary.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('reports/payable-aging-summary')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class APAgingSummaryController {
   constructor(private readonly APAgingSummaryApp: APAgingSummaryApplication) { }
 
   @Get()
+  @RequirePermission(ReportsAction.READ_AP_AGING_SUMMARY, AbilitySubject.Report)
   @ApiOperation({ summary: 'Get payable aging summary' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/ARAgingSummary/ARAgingSummary.controller.ts

@@ -1,5 +1,4 @@
-import { Controller, Get, Headers } from '@nestjs/common';
-import { Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { ARAgingSummaryApplication } from './ARAgingSummaryApplication';
 import { AcceptType } from '@/constants/accept-type';
 import { Response } from 'express';
@@ -12,14 +11,21 @@ import {
 import { ARAgingSummaryQueryDto } from './ARAgingSummaryQuery.dto';
 import { ARAgingSummaryResponseExample } from './ARAgingSummary.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('reports/receivable-aging-summary')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ARAgingSummaryController {
   constructor(private readonly ARAgingSummaryApp: ARAgingSummaryApplication) {}
 
   @Get()
+  @RequirePermission(ReportsAction.READ_AR_AGING_SUMMARY, AbilitySubject.Report)
   @ApiOperation({ summary: 'Get receivable aging summary' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheet.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { AcceptType } from '@/constants/accept-type';
 import { BalanceSheetApplication } from './BalanceSheetApplication';
 import {
@@ -11,10 +11,16 @@ import {
 import { BalanceSheetQueryDto } from './BalanceSheet.dto';
 import { BalanceSheetResponseExample } from './BalanceSheet.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/balance-sheet')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class BalanceSheetStatementController {
   constructor(private readonly balanceSheetApp: BalanceSheetApplication) {}
 
@@ -25,6 +31,7 @@ export class BalanceSheetStatementController {
    * @param {string} acceptHeader - Accept header.
    */
   @Get('')
+  @RequirePermission(ReportsAction.READ_BALANCE_SHEET, AbilitySubject.Report)
   @ApiOperation({ summary: 'Get balance sheet statement' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/FinancialStatements/modules/BalanceSheet/BalanceSheet.dto.ts

@@ -24,14 +24,14 @@ export class BalanceSheetQueryDto extends FinancialSheetBranchesQueryDto {
   displayColumnsType: 'total' | 'date_periods' = 'total';
 
   @ApiProperty({
-    enum: ['day', 'month', 'year'],
+    enum: ['day', 'month', 'year', 'quarter'],
     default: 'year',
     description: 'Time period for column display',
   })
   @IsString()
   @IsOptional()
-  @IsEnum(['day', 'month', 'year'])
-  displayColumnsBy: 'day' | 'month' | 'year' = 'year';
+  @IsEnum(['day', 'month', 'year', 'quarter'])
+  displayColumnsBy: 'day' | 'month' | 'year' | 'quarter' = 'year';
 
   @ApiProperty({
     description: 'Start date for the balance sheet period',

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/CashFlowStatementQuery.dto.ts

@@ -34,13 +34,13 @@ export class CashFlowStatementQueryDto extends FinancialSheetBranchesQueryDto {
   @ApiProperty({
     description: 'Display columns by time period',
     required: false,
-    enum: ['day', 'month', 'year'],
+    enum: ['day', 'month', 'year', 'quarter'],
     default: 'year',
   })
   @IsString()
   @IsOptional()
-  @IsEnum(['day', 'month', 'year'])
-  displayColumnsBy: 'day' | 'month' | 'year' = 'year';
+  @IsEnum(['day', 'month', 'year', 'quarter'])
+  displayColumnsBy: 'day' | 'month' | 'year' | 'quarter' = 'year';
 
   @ApiProperty({
     description: 'Type of column display',

packages/server/src/modules/FinancialStatements/modules/CashFlowStatement/Cashflow.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { AcceptType } from '@/constants/accept-type';
 import { CashflowSheetApplication } from './CashflowSheetApplication';
 import {
@@ -11,14 +11,21 @@ import {
 import { CashFlowStatementQueryDto } from './CashFlowStatementQuery.dto';
 import { CashflowStatementResponseExample } from './CashflowStatement.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('reports/cashflow-statement')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class CashflowController {
   constructor(private readonly cashflowSheetApp: CashflowSheetApplication) { }
 
   @Get()
+  @RequirePermission(ReportsAction.READ_CASHFLOW, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'Cashflow statement report',

packages/server/src/modules/FinancialStatements/modules/GeneralLedger/GeneralLedger.controller.ts

@@ -5,22 +5,29 @@ import {
   ApiTags,
 } from '@nestjs/swagger';
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { GeneralLedgerApplication } from './GeneralLedgerApplication';
 import { AcceptType } from '@/constants/accept-type';
 import { GeneralLedgerQueryDto } from './GeneralLedgerQuery.dto';
 import { GeneralLedgerResponseExample } from './GeneralLedger.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/general-ledger')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class GeneralLedgerController {
   constructor(
     private readonly generalLedgerApplication: GeneralLedgerApplication,
   ) {}
 
   @Get()
+  @RequirePermission(ReportsAction.READ_GENERAL_LEDGET, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'General ledger report',

packages/server/src/modules/FinancialStatements/modules/JournalSheet/JournalSheet.controller.ts

@@ -1,4 +1,4 @@
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { Response } from 'express';
 import { AcceptType } from '@/constants/accept-type';
 import { JournalSheetApplication } from './JournalSheetApplication';
@@ -11,14 +11,21 @@ import {
 import { JournalSheetQueryDto } from './JournalSheetQuery.dto';
 import { JournalSheetResponseExample } from './JournalSheet.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/journal')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class JournalSheetController {
   constructor(private readonly journalSheetApp: JournalSheetApplication) {}
 
   @Get()
+  @RequirePermission(ReportsAction.READ_JOURNAL, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'Journal report',

packages/server/src/modules/FinancialStatements/modules/ProfitLossSheet/ProfitLossSheet.controller.ts

@@ -1,5 +1,5 @@
 import { Response } from 'express';
-import { Controller, Get, Headers, Query, Res } from '@nestjs/common';
+import { Controller, Get, Headers, Query, Res, UseGuards } from '@nestjs/common';
 import { ProfitLossSheetApplication } from './ProfitLossSheetApplication';
 import { AcceptType } from '@/constants/accept-type';
 import {
@@ -11,10 +11,16 @@ import {
 import { ProfitLossSheetQueryDto } from './ProfitLossSheetQuery.dto';
 import { ProfitLossSheetResponseExample } from './ProfitLossSheet.swagger';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ReportsAction } from '../../types/Report.types';
 
 @Controller('/reports/profit-loss-sheet')
 @ApiTags('Reports')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ProfitLossSheetController {
   constructor(
     private readonly profitLossSheetApp: ProfitLossSheetApplication,
@@ -27,6 +33,7 @@ export class ProfitLossSheetController {
    * @param {string} acceptHeader
    */
   @Get('/')
+  @RequirePermission(ReportsAction.READ_PROFIT_LOSS, AbilitySubject.Report)
   @ApiResponse({
     status: 200,
     description: 'Profit & loss statement',

packages/server/src/modules/FinancialStatements/modules/ProfitLossSheet/ProfitLossSheetQuery.dto.ts

@@ -64,10 +64,10 @@ export class ProfitLossSheetQueryDto extends FinancialSheetBranchesQueryDto {
   displayColumnsType: 'total' | 'date_periods';
 
   @IsString()
-  @IsEnum(['day', 'month', 'year'])
+  @IsEnum(['day', 'month', 'year', 'quarter'])
   @IsOptional()
   @ApiProperty({ description: 'How to display columns' })
-  displayColumnsBy: 'day' | 'month' | 'year' = 'year';
+  displayColumnsBy: 'day' | 'month' | 'year' | 'quarter' = 'year';
 
   @Transform(({ value }) => parseBoolean(value, false))
   @IsBoolean()

packages/server/src/modules/FinancialStatements/modules/TrialBalanceSheet/TrialBalanceSheet.ts

@@ -172,8 +172,11 @@ export class TrialBalanceSheet extends FinancialSheet {
   private filterNoneTransactions = (
     accountNode: ITrialBalanceAccount
   ): boolean => {
-    const accountLedger = this.repository.totalAccountsLedger.whereAccountId(
-      accountNode.id,
+    const depsAccountsIds =
+      this.repository.accountsDepGraph.dependenciesOf(accountNode.id);
+
+    const accountLedger = this.repository.totalAccountsLedger.whereAccountsIds(
+      [accountNode.id, ...depsAccountsIds]
     );
     return !accountLedger.isEmpty();
   };
@@ -241,8 +244,8 @@ export class TrialBalanceSheet extends FinancialSheet {
    */
   private accountsSection(accounts: ModelObject<Account>[]) {
     return R.compose(
-      this.nestedAccountsNode,
       this.accountsFilter,
+      this.nestedAccountsNode,
       this.accountsMapper
     )(accounts);
   }
@@ -250,7 +253,6 @@ export class TrialBalanceSheet extends FinancialSheet {
   /**
    * Retrieve trial balance sheet statement data.
    * Note: Retruns null in case there is no transactions between the given date periods.
-   *
    * @return {ITrialBalanceSheetData}
    */
   public reportData(): ITrialBalanceSheetData {

packages/server/src/modules/InventoryAdjutments/InventoryAdjustments.controller.ts

@@ -14,6 +14,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { InventoryAdjustmentsApplicationService } from './InventoryAdjustmentsApplication.service';
 import { IInventoryAdjustmentsFilter } from './types/InventoryAdjustments.types';
@@ -21,17 +22,24 @@ import { InventoryAdjustment } from './models/InventoryAdjustment';
 import { CreateQuickInventoryAdjustmentDto } from './dtos/CreateQuickInventoryAdjustment.dto';
 import { InventoryAdjustmentResponseDto } from './dtos/InventoryAdjustmentResponse.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { InventoryAdjustmentAction } from './types/InventoryAdjustments.types';
 
 @Controller('inventory-adjustments')
 @ApiTags('Inventory Adjustments')
 @ApiExtraModels(InventoryAdjustmentResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class InventoryAdjustmentsController {
   constructor(
     private readonly inventoryAdjustmentsApplicationService: InventoryAdjustmentsApplicationService,
   ) {}
 
   @Post('quick')
+  @RequirePermission(InventoryAdjustmentAction.CREATE, AbilitySubject.InventoryAdjustment)
   @ApiOperation({ summary: 'Create a quick inventory adjustment.' })
   @ApiResponse({
     status: 200,
@@ -46,6 +54,7 @@ export class InventoryAdjustmentsController {
   }
 
   @Delete(':id')
+  @RequirePermission(InventoryAdjustmentAction.DELETE, AbilitySubject.InventoryAdjustment)
   @ApiOperation({ summary: 'Delete the given inventory adjustment.' })
   @ApiResponse({
     status: 200,
@@ -60,6 +69,7 @@ export class InventoryAdjustmentsController {
   }
 
   @Get()
+  @RequirePermission(InventoryAdjustmentAction.VIEW, AbilitySubject.InventoryAdjustment)
   @ApiOperation({ summary: 'Retrieves the inventory adjustments.' })
   @ApiResponse({
     status: 200,
@@ -78,6 +88,7 @@ export class InventoryAdjustmentsController {
   }
 
   @Get(':id')
+  @RequirePermission(InventoryAdjustmentAction.VIEW, AbilitySubject.InventoryAdjustment)
   @ApiOperation({ summary: 'Retrieves the inventory adjustment details.' })
   @ApiResponse({
     status: 200,
@@ -94,6 +105,7 @@ export class InventoryAdjustmentsController {
   }
 
   @Put(':id/publish')
+  @RequirePermission(InventoryAdjustmentAction.EDIT, AbilitySubject.InventoryAdjustment)
   @ApiOperation({ summary: 'Publish the given inventory adjustment.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Items/Item.controller.ts

@@ -9,6 +9,7 @@ import {
   Put,
   Query,
   HttpCode,
+  UseGuards,
 } from '@nestjs/common';
 import { TenantController } from '../Tenancy/Tenant.controller';
 import { ItemsApplicationService } from './ItemsApplication.service';
@@ -34,6 +35,12 @@ import {
   BulkDeleteItemsDto,
   ValidateBulkDeleteItemsResponseDto,
 } from './dtos/BulkDeleteItems.dto';
+import { ItemApiErrorResponseDto } from './dtos/ItemErrorResponse.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ItemAction } from '@/interfaces/Item';
 
 @Controller('/items')
 @ApiTags('Items')
@@ -45,13 +52,16 @@ import {
 @ApiExtraModels(ItemEstimatesResponseDto)
 @ApiExtraModels(ItemReceiptsResponseDto)
 @ApiExtraModels(ValidateBulkDeleteItemsResponseDto)
+@ApiExtraModels(ItemApiErrorResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ItemsController extends TenantController {
   constructor(private readonly itemsApplication: ItemsApplicationService) {
     super();
   }
 
   @Get()
+  @RequirePermission(ItemAction.VIEW, AbilitySubject.Item)
   @ApiOperation({ summary: 'Retrieves the item list.' })
   @ApiResponse({
     status: 200,
@@ -142,11 +152,19 @@ export class ItemsController extends TenantController {
    * @returns The updated item id.
    */
   @Put(':id')
+  @RequirePermission(ItemAction.EDIT, AbilitySubject.Item)
   @ApiOperation({ summary: 'Edit the given item (product or service).' })
   @ApiResponse({
     status: 200,
     description: 'The item has been successfully updated.',
   })
+  @ApiResponse({
+    status: 400,
+    description: 'Validation error. Possible error types: ITEM_NAME_EXISTS, INVENTORY_ACCOUNT_CANNOT_MODIFIED, TYPE_CANNOT_CHANGE_WITH_ITEM_HAS_TRANSACTIONS, etc.',
+    schema: {
+      $ref: getSchemaPath(ItemApiErrorResponseDto),
+    },
+  })
   @ApiResponse({ status: 404, description: 'The item not found.' })
   @ApiParam({
     name: 'id',
@@ -165,6 +183,7 @@ export class ItemsController extends TenantController {
 
   @Post('validate-bulk-delete')
   @HttpCode(200)
+  @RequirePermission(ItemAction.DELETE, AbilitySubject.Item)
   @ApiOperation({
     summary:
       'Validates which items can be deleted and returns counts of deletable and non-deletable items.',
@@ -185,6 +204,7 @@ export class ItemsController extends TenantController {
 
   @Post('bulk-delete')
   @HttpCode(200)
+  @RequirePermission(ItemAction.DELETE, AbilitySubject.Item)
   @ApiOperation({ summary: 'Deletes multiple items in bulk.' })
   @ApiResponse({
     status: 200,
@@ -199,11 +219,19 @@ export class ItemsController extends TenantController {
   }
 
   @Post()
+  @RequirePermission(ItemAction.CREATE, AbilitySubject.Item)
   @ApiOperation({ summary: 'Create a new item (product or service).' })
   @ApiResponse({
     status: 200,
     description: 'The item has been successfully created.',
   })
+  @ApiResponse({
+    status: 400,
+    description: 'Validation error. Possible error types: ITEM_NAME_EXISTS, ITEM_CATEOGRY_NOT_FOUND, COST_ACCOUNT_NOT_COGS, SELL_ACCOUNT_NOT_INCOME, INVENTORY_ACCOUNT_NOT_INVENTORY, INCOME_ACCOUNT_REQUIRED_WITH_SELLABLE_ITEM, COST_ACCOUNT_REQUIRED_WITH_PURCHASABLE_ITEM, etc.',
+    schema: {
+      $ref: getSchemaPath(ItemApiErrorResponseDto),
+    },
+  })
   // @UsePipes(new ZodValidationPipe(createItemSchema))
   async createItem(
     @Body() createItemDto: CreateItemDto,
@@ -214,11 +242,19 @@ export class ItemsController extends TenantController {
   }
 
   @Delete(':id')
+  @RequirePermission(ItemAction.DELETE, AbilitySubject.Item)
   @ApiOperation({ summary: 'Delete the given item (product or service).' })
   @ApiResponse({
     status: 200,
     description: 'The item has been successfully deleted.',
   })
+  @ApiResponse({
+    status: 400,
+    description: 'Cannot delete item. Possible error types: ITEM_HAS_ASSOCIATED_TRANSACTINS, ITEM_HAS_ASSOCIATED_INVENTORY_ADJUSTMENT, etc.',
+    schema: {
+      $ref: getSchemaPath(ItemApiErrorResponseDto),
+    },
+  })
   @ApiResponse({ status: 404, description: 'The item not found.' })
   @ApiParam({
     name: 'id',
@@ -232,6 +268,7 @@ export class ItemsController extends TenantController {
   }
 
   @Patch(':id/inactivate')
+  @RequirePermission(ItemAction.EDIT, AbilitySubject.Item)
   @ApiOperation({ summary: 'Inactivate the given item (product or service).' })
   @ApiResponse({
     status: 200,
@@ -250,6 +287,7 @@ export class ItemsController extends TenantController {
   }
 
   @Patch(':id/activate')
+  @RequirePermission(ItemAction.EDIT, AbilitySubject.Item)
   @ApiOperation({ summary: 'Activate the given item (product or service).' })
   @ApiResponse({
     status: 200,
@@ -268,6 +306,7 @@ export class ItemsController extends TenantController {
   }
 
   @Get(':id')
+  @RequirePermission(ItemAction.VIEW, AbilitySubject.Item)
   @ApiOperation({ summary: 'Get the given item (product or service).' })
   @ApiResponse({
     status: 200,
@@ -289,6 +328,7 @@ export class ItemsController extends TenantController {
   }
 
   @Get(':id/invoices')
+  @RequirePermission(ItemAction.VIEW, AbilitySubject.Item)
   @ApiOperation({
     summary: 'Retrieves the item associated invoices transactions.',
   })
@@ -314,6 +354,7 @@ export class ItemsController extends TenantController {
   }
 
   @Get(':id/bills')
+  @RequirePermission(ItemAction.VIEW, AbilitySubject.Item)
   @ApiOperation({
     summary: 'Retrieves the item associated bills transactions.',
   })
@@ -339,6 +380,7 @@ export class ItemsController extends TenantController {
   }
 
   @Get(':id/estimates')
+  @RequirePermission(ItemAction.VIEW, AbilitySubject.Item)
   @ApiOperation({
     summary: 'Retrieves the item associated estimates transactions.',
   })
@@ -364,6 +406,7 @@ export class ItemsController extends TenantController {
   }
 
   @Get(':id/receipts')
+  @RequirePermission(ItemAction.VIEW, AbilitySubject.Item)
   @ApiOperation({
     summary: 'Retrieves the item associated receipts transactions.',
   })

packages/server/src/modules/Items/dtos/ItemErrorResponse.dto.ts

@@ -0,0 +1,112 @@
+import { ApiProperty } from '@nestjs/swagger';
+
+/**
+ * Item API Error Types
+ * These error types are returned when item operations fail validation
+ */
+export enum ItemErrorType {
+  /** Item name already exists in the system */
+  ItemNameExists = 'ITEM_NAME_EXISTS',
+  
+  /** Item category was not found */
+  ItemCategoryNotFound = 'ITEM_CATEOGRY_NOT_FOUND',
+  
+  /** Cost account is not a Cost of Goods Sold account */
+  CostAccountNotCogs = 'COST_ACCOUNT_NOT_COGS',
+  
+  /** Cost account was not found */
+  CostAccountNotFound = 'COST_ACCOUNT_NOT_FOUMD',
+  
+  /** Sell account was not found */
+  SellAccountNotFound = 'SELL_ACCOUNT_NOT_FOUND',
+  
+  /** Sell account is not an income account */
+  SellAccountNotIncome = 'SELL_ACCOUNT_NOT_INCOME',
+  
+  /** Inventory account was not found */
+  InventoryAccountNotFound = 'INVENTORY_ACCOUNT_NOT_FOUND',
+  
+  /** Account is not an inventory type account */
+  InventoryAccountNotInventory = 'INVENTORY_ACCOUNT_NOT_INVENTORY',
+  
+  /** Multiple items have associated transactions */
+  ItemsHaveAssociatedTransactions = 'ITEMS_HAVE_ASSOCIATED_TRANSACTIONS',
+  
+  /** Item has associated transactions (singular) */
+  ItemHasAssociatedTransactions = 'ITEM_HAS_ASSOCIATED_TRANSACTINS',
+  
+  /** Item has associated inventory adjustments */
+  ItemHasAssociatedInventoryAdjustment = 'ITEM_HAS_ASSOCIATED_INVENTORY_ADJUSTMENT',
+  
+  /** Cannot change item type to inventory */
+  ItemCannotChangeInventoryType = 'ITEM_CANNOT_CHANGE_INVENTORY_TYPE',
+  
+  /** Cannot change type when item has transactions */
+  TypeCannotChangeWithItemHasTransactions = 'TYPE_CANNOT_CHANGE_WITH_ITEM_HAS_TRANSACTIONS',
+  
+  /** Inventory account cannot be modified */
+  InventoryAccountCannotModified = 'INVENTORY_ACCOUNT_CANNOT_MODIFIED',
+  
+  /** Purchase tax rate was not found */
+  PurchaseTaxRateNotFound = 'PURCHASE_TAX_RATE_NOT_FOUND',
+  
+  /** Sell tax rate was not found */
+  SellTaxRateNotFound = 'SELL_TAX_RATE_NOT_FOUND',
+  
+  /** Income account is required for sellable items */
+  IncomeAccountRequiredWithSellableItem = 'INCOME_ACCOUNT_REQUIRED_WITH_SELLABLE_ITEM',
+  
+  /** Cost account is required for purchasable items */
+  CostAccountRequiredWithPurchasableItem = 'COST_ACCOUNT_REQUIRED_WITH_PURCHASABLE_ITEM',
+  
+  /** Item not found */
+  NotFound = 'NOT_FOUND',
+  
+  /** Items not found */
+  ItemsNotFound = 'ITEMS_NOT_FOUND',
+}
+
+/**
+ * Item API Error Response
+ * Returned when an item operation fails
+ */
+export class ItemErrorResponseDto {
+  @ApiProperty({
+    description: 'HTTP status code',
+    example: 400,
+  })
+  statusCode: number;
+
+  @ApiProperty({
+    description: 'Error type identifier',
+    enum: ItemErrorType,
+    example: ItemErrorType.ItemNameExists,
+  })
+  type: ItemErrorType;
+
+  @ApiProperty({
+    description: 'Human-readable error message',
+    example: 'The item name is already exist.',
+    required: false,
+    nullable: true,
+  })
+  message: string | null;
+
+  @ApiProperty({
+    description: 'Additional error payload data',
+    required: false,
+    nullable: true,
+  })
+  payload: any;
+}
+
+/**
+ * Item API Error Response Wrapper
+ */
+export class ItemApiErrorResponseDto {
+  @ApiProperty({
+    description: 'Array of error details',
+    type: [ItemErrorResponseDto],
+  })
+  errors: ItemErrorResponseDto[];
+}

packages/server/src/modules/Items/models/Item.ts

@@ -70,6 +70,16 @@ export class Item extends TenantBaseModel {
     };
   }
 
+  /**
+   * Model search roles.
+   */
+  static get searchRoles() {
+    return [
+      { condition: 'or', fieldKey: 'name', comparator: 'contains' },
+      { condition: 'or', fieldKey: 'code', comparator: 'like' },
+    ];
+  }
+
   /**
    * Relationship mapping.
    */

packages/server/src/modules/ManualJournals/ManualJournals.controller.ts

@@ -8,6 +8,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { ManualJournalsApplication } from './ManualJournalsApplication.service';
 import {
@@ -29,16 +30,23 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { ManualJournalAction } from './types/ManualJournals.types';
 
 @Controller('manual-journals')
 @ApiTags('Manual Journals')
 @ApiExtraModels(ManualJournalResponseDto)
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class ManualJournalsController {
   constructor(private manualJournalsApplication: ManualJournalsApplication) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(ManualJournalAction.Delete, AbilitySubject.ManualJournal)
   @ApiOperation({
     summary:
       'Validate which manual journals can be deleted and return the results.',
@@ -60,6 +68,7 @@ export class ManualJournalsController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(ManualJournalAction.Delete, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Deletes multiple manual journals.' })
   @ApiResponse({
     status: 200,
@@ -75,6 +84,7 @@ export class ManualJournalsController {
   }
 
   @Post()
+  @RequirePermission(ManualJournalAction.Create, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Create a new manual journal.' })
   @ApiResponse({
     status: 201,
@@ -86,6 +96,7 @@ export class ManualJournalsController {
   }
 
   @Put(':id')
+  @RequirePermission(ManualJournalAction.Edit, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Edit the given manual journal.' })
   @ApiResponse({
     status: 200,
@@ -110,6 +121,7 @@ export class ManualJournalsController {
   }
 
   @Delete(':id')
+  @RequirePermission(ManualJournalAction.Delete, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Delete the given manual journal.' })
   @ApiResponse({
     status: 200,
@@ -127,6 +139,7 @@ export class ManualJournalsController {
   }
 
   @Patch(':id/publish')
+  @RequirePermission(ManualJournalAction.Edit, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Publish the given manual journal.' })
   @ApiResponse({
     status: 200,
@@ -147,6 +160,7 @@ export class ManualJournalsController {
   }
 
   @Get(':id')
+  @RequirePermission(ManualJournalAction.View, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Retrieves the manual journal details.' })
   @ApiResponse({
     status: 200,
@@ -167,6 +181,7 @@ export class ManualJournalsController {
   }
 
   @Get()
+  @RequirePermission(ManualJournalAction.View, AbilitySubject.ManualJournal)
   @ApiOperation({ summary: 'Retrieves the manual journals paginated list.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Organization/Organization.controller.ts

@@ -17,6 +17,7 @@ import {
   HttpCode,
   Param,
 } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
 import { BuildOrganizationService } from './commands/BuildOrganization.service';
 import {
   BuildOrganizationDto,
@@ -50,7 +51,7 @@ export class OrganizationController {
     private readonly updateOrganizationService: UpdateOrganizationService,
     private readonly getBuildOrganizationJobService: GetBuildOrganizationBuildJob,
     private readonly orgBaseCurrencyLockingService: OrganizationBaseCurrencyLocking,
-  ) { }
+  ) {}
 
   @Post('build')
   @HttpCode(200)
@@ -77,6 +78,7 @@ export class OrganizationController {
   }
 
   @Get('build/:buildJobId')
+  @Throttle({ default: { limit: 300, ttl: 60000 } }) // 300 req/min
   @ApiParam({
     name: 'buildJobId',
     required: true,

packages/server/src/modules/PaymentReceived/PaymentsReceived.controller.ts

@@ -19,6 +19,7 @@ import {
   Put,
   Query,
   Res,
+  UseGuards,
 } from '@nestjs/common';
 import { PaymentReceivesApplication } from './PaymentReceived.application';
 import {
@@ -38,6 +39,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { PaymentReceiveAction } from './types/PaymentReceived.types';
 
 @Controller('payments-received')
 @ApiTags('Payments Received')
@@ -46,6 +52,7 @@ import {
 @ApiExtraModels(PaymentReceivedStateResponseDto)
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class PaymentReceivesController {
   constructor(private paymentReceivesApplication: PaymentReceivesApplication) { }
 
@@ -94,6 +101,7 @@ export class PaymentReceivesController {
   }
 
   @Post()
+  @RequirePermission(PaymentReceiveAction.Create, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Create a new payment received.' })
   public createPaymentReceived(
     @Body() paymentReceiveDTO: CreatePaymentReceivedDto,
@@ -104,6 +112,7 @@ export class PaymentReceivesController {
   }
 
   @Put(':id')
+  @RequirePermission(PaymentReceiveAction.Edit, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Edit the given payment received.' })
   public editPaymentReceive(
     @Param('id', ParseIntPipe) paymentReceiveId: number,
@@ -116,6 +125,7 @@ export class PaymentReceivesController {
   }
 
   @Delete(':id')
+  @RequirePermission(PaymentReceiveAction.Delete, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Delete the given payment received.' })
   public deletePaymentReceive(
     @Param('id', ParseIntPipe) paymentReceiveId: number,
@@ -126,6 +136,7 @@ export class PaymentReceivesController {
   }
 
   @Get()
+  @RequirePermission(PaymentReceiveAction.View, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Retrieves the payment received list.' })
   @ApiResponse({
     status: 200,
@@ -151,6 +162,7 @@ export class PaymentReceivesController {
   }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(PaymentReceiveAction.Delete, AbilitySubject.PaymentReceive)
   @ApiOperation({
     summary:
       'Validates which payments received can be deleted and returns the results.',
@@ -172,6 +184,7 @@ export class PaymentReceivesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(PaymentReceiveAction.Delete, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Deletes multiple payments received.' })
   @ApiResponse({
     status: 200,
@@ -187,6 +200,7 @@ export class PaymentReceivesController {
   }
 
   @Get('state')
+  @RequirePermission(PaymentReceiveAction.View, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Retrieves the payment received state.' })
   @ApiResponse({
     status: 200,
@@ -200,6 +214,7 @@ export class PaymentReceivesController {
   }
 
   @Get(':id/invoices')
+  @RequirePermission(PaymentReceiveAction.View, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Retrieves the payment received invoices.' })
   @ApiResponse({
     status: 200,
@@ -215,6 +230,7 @@ export class PaymentReceivesController {
   }
 
   @Get(':id')
+  @RequirePermission(PaymentReceiveAction.View, AbilitySubject.PaymentReceive)
   @ApiOperation({ summary: 'Retrieves the payment received details.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/PaymentReceived/PaymentsReceived.module.ts

@@ -1,7 +1,7 @@
 import { Module } from '@nestjs/common';
 import { BullBoardModule } from '@bull-board/nestjs';
-import { BullAdapter } from '@bull-board/api/bullAdapter';
-import { BullModule } from '@nestjs/bull';
+import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
+import { BullModule } from '@nestjs/bullmq';
 import { PaymentReceivesController } from './PaymentsReceived.controller';
 import { PaymentReceivesApplication } from './PaymentReceived.application';
 import { CreatePaymentReceivedService } from './commands/CreatePaymentReceived.serivce';
@@ -99,7 +99,7 @@ import { ValidateBulkDeletePaymentReceivedService } from './ValidateBulkDeletePa
     BullModule.registerQueue({ name: SEND_PAYMENT_RECEIVED_MAIL_QUEUE }),
     BullBoardModule.forFeature({
       name: SEND_PAYMENT_RECEIVED_MAIL_QUEUE,
-      adapter: BullAdapter,
+      adapter: BullMQAdapter,
     }),
   ],
 })

packages/server/src/modules/PaymentReceived/processors/PaymentReceivedMailNotification.processor.ts

@@ -1,6 +1,6 @@
-import { JOB_REF, Process, Processor } from '@nestjs/bull';
-import { Job } from 'bull';
-import { Inject, Scope } from '@nestjs/common';
+import { Processor, WorkerHost } from '@nestjs/bullmq';
+import { Job } from 'bullmq';
+import { Scope } from '@nestjs/common';
 import { ClsService, UseCls } from 'nestjs-cls';
 import {
   SEND_PAYMENT_RECEIVED_MAIL_JOB,
@@ -13,20 +13,18 @@ import { SendPaymentReceivedMailPayload } from '../types/PaymentReceived.types';
   name: SEND_PAYMENT_RECEIVED_MAIL_QUEUE,
   scope: Scope.REQUEST,
 })
-export class SendPaymentReceivedMailProcessor {
+export class SendPaymentReceivedMailProcessor extends WorkerHost {
   constructor(
     private readonly sendPaymentReceivedMail: SendPaymentReceiveMailNotification,
     private readonly clsService: ClsService,
+  ) {
+    super();
+  }
 
-    @Inject(JOB_REF)
-    private readonly jobRef: Job<SendPaymentReceivedMailPayload>,
-  ) { }
-
-  @Process(SEND_PAYMENT_RECEIVED_MAIL_JOB)
   @UseCls()
-  async handleSendMail() {
+  async process(job: Job<SendPaymentReceivedMailPayload>) {
     const { messageOptions, paymentReceivedId, organizationId, userId } =
-      this.jobRef.data;
+      job.data;
 
     this.clsService.set('organizationId', organizationId);
     this.clsService.set('userId', userId);

packages/server/src/modules/Roles/Authorization.guard.ts

@@ -31,9 +31,10 @@ export class AuthorizationGuard implements CanActivate {
   async canActivate(context: ExecutionContext): Promise<boolean> {
     const request = context.switchToHttp().getRequest<Request>();
     const { user } = request as any;
+    const userId = this.clsService.get('userId');
 
-    if (ABILITIES_CACHE.has(user.id)) {
-      (request as any).ability = ABILITIES_CACHE.get(user.id);
+    if (ABILITIES_CACHE.has(userId)) {
+      (request as any).ability = ABILITIES_CACHE.get(userId);
     } else {
       const ability = await this.getAbilityForUser();
       (request as any).ability = ability;

packages/server/src/modules/Roles/Permission.guard.ts

@@ -0,0 +1,67 @@
+import {
+  Injectable,
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Request } from 'express';
+import { REQUIRED_PERMISSION_KEY, RequiredPermission } from './RequirePermission.decorator';
+import { AbilitySubject } from './Roles.types';
+
+/**
+ * Guard that checks if the user has the required permission to access a route.
+ * Uses CASL ability instance attached to the request by AuthorizationGuard.
+ */
+@Injectable()
+export class PermissionGuard implements CanActivate {
+  constructor(private readonly reflector: Reflector) {}
+
+  /**
+   * Checks if the user has the required permission to access the route.
+   * @param context - The execution context
+   * @returns A boolean indicating if the user can access the route
+   * @throws ForbiddenException if the user doesn't have the required permission
+   */
+  canActivate(context: ExecutionContext): boolean {
+    const requiredPermission = this.reflector.getAllAndOverride<RequiredPermission>(
+      REQUIRED_PERMISSION_KEY,
+      [context.getHandler(), context.getClass()],
+    );
+
+    // If no permission is required, allow access
+    if (!requiredPermission) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<Request>();
+    const ability = (request as any).ability;
+
+    // If no ability instance is attached to the request, deny access
+    if (!ability) {
+      throw new ForbiddenException('Ability instance not found. Ensure AuthorizationGuard is applied.');
+    }
+
+    const { ability: action, subject } = requiredPermission;
+
+    // Check if the user has the required permission using CASL ability
+    const hasPermission = ability.can(action, subject);
+
+    if (!hasPermission) {
+      throw new ForbiddenException(
+        `You do not have permission to ${action} ${subject}`,
+      );
+    }
+
+    return true;
+  }
+
+  /**
+   * Helper method to check if a subject value is a valid AbilitySubject.
+   * @param subject - The subject value to check
+   * @returns True if the subject is a valid AbilitySubject enum value
+   */
+  private isValidSubject(subject: string): subject is AbilitySubject {
+    return Object.values(AbilitySubject).includes(subject as AbilitySubject);
+  }
+}

packages/server/src/modules/Roles/RequirePermission.decorator.ts

@@ -0,0 +1,29 @@
+import { SetMetadata } from '@nestjs/common';
+import { AbilitySubject } from './Roles.types';
+
+export const REQUIRED_PERMISSION_KEY = 'requiredPermission';
+
+export interface RequiredPermission {
+  ability: string;
+  subject: AbilitySubject | string;
+}
+
+/**
+ * Decorator to specify required ability and subject for a route handler or controller.
+ * @param ability - The ability/action required (e.g., 'Create', 'View', 'Edit', 'Delete')
+ * @param subject - The subject/entity the ability applies to (e.g., AbilitySubject.Item, AbilitySubject.SaleInvoice)
+ * @example
+ * ```typescript
+ * @RequirePermission('Create', AbilitySubject.Item)
+ * @Post()
+ * async createItem(@Body() dto: CreateItemDto) { ... }
+ *
+ * @RequirePermission('View', AbilitySubject.SaleInvoice)
+ * @Get(':id')
+ * async getInvoice(@Param('id') id: number) { ... }
+ * ```
+ */
+export const RequirePermission = (
+  ability: string,
+  subject: AbilitySubject | string,
+) => SetMetadata(REQUIRED_PERMISSION_KEY, { ability, subject });

packages/server/src/modules/Roles/Roles.module.ts

@@ -10,6 +10,8 @@ import { RolePermission } from './models/RolePermission.model';
 import { RolesController } from './Roles.controller';
 import { RolesApplication } from './Roles.application';
 import { RolePermissionsSchema } from './queries/RolePermissionsSchema';
+import { AuthorizationGuard } from './Authorization.guard';
+import { PermissionGuard } from './Permission.guard';
 
 const models = [
   RegisterTenancyModel(Role),
@@ -25,9 +27,11 @@ const models = [
     GetRoleService,
     GetRolesService,
     RolesApplication,
-    RolePermissionsSchema
+    RolePermissionsSchema,
+    AuthorizationGuard,
+    PermissionGuard,
   ],
   controllers: [RolesController],
-  exports: [...models],
+  exports: [...models, AuthorizationGuard, PermissionGuard],
 })
 export class RolesModule {}

packages/server/src/modules/Roles/dtos/Role.dto.ts

@@ -1,3 +1,4 @@
+import { IsOptional } from '@/common/decorators/Validators';
 import { ApiProperty } from '@nestjs/swagger';
 import { Type } from 'class-transformer';
 import {
@@ -41,7 +42,7 @@ export class CommandRolePermissionDto {
 export class CreateRolePermissionDto extends CommandRolePermissionDto { }
 export class EditRolePermissionDto extends CommandRolePermissionDto {
   @IsNumber()
-  @IsNotEmpty()
+  @IsOptional()
   @ApiProperty({
     example: 1,
     description: 'The permission ID',
@@ -59,7 +60,6 @@ class CommandRoleDto {
   roleName: string;
 
   @IsString()
-  @IsNotEmpty()
   @ApiProperty({
     example: 'Administrator',
     description: 'The description of the role',
@@ -71,9 +71,9 @@ export class CreateRoleDto extends CommandRoleDto {
   @IsArray()
   @ArrayMinSize(1)
   @ValidateNested({ each: true })
-  @Type(() => CommandRolePermissionDto)
+  @Type(() => CreateRolePermissionDto)
   @ApiProperty({
-    type: [CommandRolePermissionDto],
+    type: [CreateRolePermissionDto],
     description: 'The permissions of the role',
   })
   permissions: Array<CreateRolePermissionDto>;

packages/server/src/modules/SaleEstimates/SaleEstimates.controller.ts

@@ -19,6 +19,7 @@ import {
   Put,
   Query,
   Res,
+  UseGuards,
 } from '@nestjs/common';
 import { SaleEstimatesApplication } from './SaleEstimates.application';
 import {
@@ -40,6 +41,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { SaleEstimateAction } from './types/SaleEstimates.types';
 
 @Controller('sale-estimates')
 @ApiTags('Sale Estimates')
@@ -48,8 +54,10 @@ import {
 @ApiExtraModels(SaleEstiamteStateResponseDto)
 @ApiCommonHeaders()
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class SaleEstimatesController {
   @Post('validate-bulk-delete')
+  @RequirePermission(SaleEstimateAction.Delete, AbilitySubject.SaleEstimate)
   @ApiOperation({
     summary:
       'Validates which sale estimates can be deleted and returns the results.',
@@ -71,6 +79,7 @@ export class SaleEstimatesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(SaleEstimateAction.Delete, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Deletes multiple sale estimates.' })
   @ApiResponse({
     status: 200,
@@ -93,6 +102,7 @@ export class SaleEstimatesController {
   ) { }
 
   @Post()
+  @RequirePermission(SaleEstimateAction.Create, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Create a new sale estimate.' })
   @ApiResponse({
     status: 200,
@@ -105,6 +115,7 @@ export class SaleEstimatesController {
   }
 
   @Put(':id')
+  @RequirePermission(SaleEstimateAction.Edit, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Edit the given sale estimate.' })
   @ApiResponse({
     status: 200,
@@ -131,6 +142,7 @@ export class SaleEstimatesController {
   }
 
   @Delete(':id')
+  @RequirePermission(SaleEstimateAction.Delete, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Delete the given sale estimate.' })
   @ApiResponse({
     status: 200,
@@ -153,6 +165,7 @@ export class SaleEstimatesController {
   }
 
   @Get('state')
+  @RequirePermission(SaleEstimateAction.View, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Retrieves the sale estimate state.' })
   @ApiResponse({
     status: 200,
@@ -166,6 +179,7 @@ export class SaleEstimatesController {
   }
 
   @Get()
+  @RequirePermission(SaleEstimateAction.View, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Retrieves the sale estimates.' })
   @ApiResponse({
     status: 200,
@@ -189,6 +203,7 @@ export class SaleEstimatesController {
   }
 
   @Post(':id/deliver')
+  @RequirePermission(SaleEstimateAction.Edit, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Deliver the given sale estimate.' })
   @ApiResponse({
     status: 200,
@@ -207,6 +222,7 @@ export class SaleEstimatesController {
   }
 
   @Put(':id/approve')
+  @RequirePermission(SaleEstimateAction.Edit, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Approve the given sale estimate.' })
   @ApiParam({
     name: 'id',
@@ -221,6 +237,7 @@ export class SaleEstimatesController {
   }
 
   @Put(':id/reject')
+  @RequirePermission(SaleEstimateAction.Edit, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Reject the given sale estimate.' })
   @ApiParam({
     name: 'id',
@@ -235,6 +252,7 @@ export class SaleEstimatesController {
   }
 
   @Post(':id/notify-sms')
+  @RequirePermission(SaleEstimateAction.NotifyBySms, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Notify the given sale estimate by SMS.' })
   @ApiParam({
     name: 'id',
@@ -251,6 +269,7 @@ export class SaleEstimatesController {
   }
 
   @Get(':id/sms-details')
+  @RequirePermission(SaleEstimateAction.View, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Retrieves the sale estimate SMS details.' })
   public getSaleEstimateSmsDetails(
     @Param('id', ParseIntPipe) saleEstimateId: number,
@@ -262,6 +281,7 @@ export class SaleEstimatesController {
 
   @Post(':id/mail')
   @HttpCode(200)
+  @RequirePermission(SaleEstimateAction.Edit, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Send the given sale estimate by mail.' })
   @ApiParam({
     name: 'id',
@@ -280,6 +300,7 @@ export class SaleEstimatesController {
   }
 
   @Get(':id/mail')
+  @RequirePermission(SaleEstimateAction.View, AbilitySubject.SaleEstimate)
   @ApiOperation({ summary: 'Retrieves the sale estimate mail state.' })
   @ApiParam({
     name: 'id',
@@ -296,6 +317,7 @@ export class SaleEstimatesController {
   }
 
   @Get(':id')
+  @RequirePermission(SaleEstimateAction.View, AbilitySubject.SaleEstimate)
   @ApiOperation({
     summary: 'Retrieves the sale estimate details.',
   })

packages/server/src/modules/SaleEstimates/SaleEstimates.module.ts

@@ -1,7 +1,7 @@
 import { Module } from '@nestjs/common';
 import { BullBoardModule } from '@bull-board/nestjs';
-import { BullAdapter } from '@bull-board/api/bullAdapter';
-import { BullModule } from '@nestjs/bull';
+import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
+import { BullModule } from '@nestjs/bullmq';
 import { TenancyContext } from '../Tenancy/TenancyContext.service';
 import { TenancyDatabaseModule } from '../Tenancy/TenancyDB/TenancyDB.module';
 import { TransformerInjectable } from '../Transformer/TransformerInjectable.service';
@@ -58,7 +58,7 @@ import { SendSaleEstimateMailProcess } from './processes/SendSaleEstimateMail.pr
     BullModule.registerQueue({ name: SendSaleEstimateMailQueue }),
     BullBoardModule.forFeature({
       name: SendSaleEstimateMailQueue,
-      adapter: BullAdapter,
+      adapter: BullMQAdapter,
     }),
   ],
   controllers: [SaleEstimatesController],

packages/server/src/modules/SaleEstimates/commands/SendSaleEstimateMail.ts

@@ -1,5 +1,5 @@
 import { InjectQueue } from '@nestjs/bullmq';
-import { Queue } from 'bull';
+import { Queue } from 'bullmq';
 import { Inject, Injectable } from '@nestjs/common';
 import { EventEmitter2 } from '@nestjs/event-emitter';
 import { ContactMailNotification } from '@/modules/MailNotification/ContactMailNotification';

packages/server/src/modules/SaleEstimates/processes/SendSaleEstimateMail.process.ts

@@ -1,7 +1,6 @@
-import { Process, Processor } from '@nestjs/bull';
-import { Job } from 'bull';
-import { Inject, Scope } from '@nestjs/common';
-import { JOB_REF } from '@nestjs/bull';
+import { Processor, WorkerHost } from '@nestjs/bullmq';
+import { Job } from 'bullmq';
+import { Scope } from '@nestjs/common';
 import {
   SendSaleEstimateMailJob,
   SendSaleEstimateMailQueue,
@@ -13,18 +12,17 @@ import { ClsService, UseCls } from 'nestjs-cls';
   name: SendSaleEstimateMailQueue,
   scope: Scope.REQUEST,
 })
-export class SendSaleEstimateMailProcess {
+export class SendSaleEstimateMailProcess extends WorkerHost {
   constructor(
     private readonly sendEstimateMailService: SendSaleEstimateMail,
     private readonly clsService: ClsService,
-    @Inject(JOB_REF)
-    private readonly jobRef: Job,
-  ) { }
+  ) {
+    super();
+  }
 
-  @Process(SendSaleEstimateMailJob)
   @UseCls()
-  async handleSendMail() {
-    const { saleEstimateId, messageOptions, organizationId, userId } = this.jobRef.data;
+  async process(job: Job) {
+    const { saleEstimateId, messageOptions, organizationId, userId } = job.data;
 
     this.clsService.set('organizationId', organizationId);
     this.clsService.set('userId', userId);

packages/server/src/modules/SaleInvoices/SaleInvoices.controller.ts

@@ -12,6 +12,7 @@ import {
   Put,
   Query,
   Res,
+  UseGuards,
 } from '@nestjs/common';
 import {
   ISaleInvoiceWriteoffDTO,
@@ -43,6 +44,11 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { SaleInvoiceAction } from './SaleInvoice.types';
 
 @Controller('sale-invoices')
 @ApiTags('Sale Invoices')
@@ -52,10 +58,12 @@ import {
 @ApiExtraModels(GenerateSaleInvoiceSharableLinkResponseDto)
 @ApiCommonHeaders()
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class SaleInvoicesController {
   constructor(private saleInvoiceApplication: SaleInvoiceApplication) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(SaleInvoiceAction.Delete, AbilitySubject.SaleInvoice)
   @ApiOperation({
     summary:
       'Validates which sale invoices can be deleted and returns the results.',
@@ -77,6 +85,7 @@ export class SaleInvoicesController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(SaleInvoiceAction.Delete, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Deletes multiple sale invoices.' })
   @ApiResponse({
     status: 200,
@@ -90,6 +99,7 @@ export class SaleInvoicesController {
   }
 
   @Post()
+  @RequirePermission(SaleInvoiceAction.Create, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Create a new sale invoice.' })
   @ApiResponse({
     status: 201,
@@ -121,6 +131,7 @@ export class SaleInvoicesController {
   }
 
   @Put(':id')
+  @RequirePermission(SaleInvoiceAction.Edit, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Edit the given sale invoice.' })
   @ApiResponse({
     status: 200,
@@ -141,6 +152,7 @@ export class SaleInvoicesController {
   }
 
   @Delete(':id')
+  @RequirePermission(SaleInvoiceAction.Delete, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Delete the given sale invoice.' })
   @ApiResponse({
     status: 200,
@@ -158,6 +170,7 @@ export class SaleInvoicesController {
   }
 
   @Get('receivable')
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the receivable sale invoices.' })
   @ApiResponse({
     status: 200,
@@ -176,6 +189,7 @@ export class SaleInvoicesController {
   }
 
   @Get('state')
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the sale invoice state.' })
   @ApiResponse({
     status: 200,
@@ -190,6 +204,7 @@ export class SaleInvoicesController {
   }
 
   @Get(':id')
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the sale invoice details.' })
   @ApiResponse({
     status: 200,
@@ -228,6 +243,7 @@ export class SaleInvoicesController {
   }
 
   @Get()
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the sale invoices.' })
   @ApiResponse({
     status: 200,
@@ -251,6 +267,7 @@ export class SaleInvoicesController {
   }
 
   @Put(':id/deliver')
+  @RequirePermission(SaleInvoiceAction.Edit, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Deliver the given sale invoice.' })
   @ApiResponse({
     status: 200,
@@ -269,6 +286,7 @@ export class SaleInvoicesController {
   }
 
   @Post(':id/writeoff')
+  @RequirePermission(SaleInvoiceAction.Writeoff, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Write off the given sale invoice.' })
   @HttpCode(200)
   @ApiResponse({
@@ -290,6 +308,7 @@ export class SaleInvoicesController {
   }
 
   @Post(':id/cancel-writeoff')
+  @RequirePermission(SaleInvoiceAction.Writeoff, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Cancel the written off sale invoice.' })
   @ApiResponse({
     status: 200,
@@ -309,6 +328,7 @@ export class SaleInvoicesController {
   }
 
   @Get(':id/payments')
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the sale invoice payments.' })
   @ApiResponse({ status: 404, description: 'The sale invoice not found.' })
   @ApiParam({
@@ -322,6 +342,7 @@ export class SaleInvoicesController {
   }
 
   @Get(':id/html')
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the sale invoice HTML.' })
   @ApiResponse({ status: 404, description: 'The sale invoice not found.' })
   @ApiParam({
@@ -335,6 +356,7 @@ export class SaleInvoicesController {
   }
 
   @Get(':id/mail')
+  @RequirePermission(SaleInvoiceAction.View, AbilitySubject.SaleInvoice)
   @ApiOperation({ summary: 'Retrieves the sale invoice mail state.' })
   @ApiResponse({
     status: 200,
@@ -354,6 +376,7 @@ export class SaleInvoicesController {
   }
 
   @Post(':id/generate-link')
+  @RequirePermission(SaleInvoiceAction.Edit, AbilitySubject.SaleInvoice)
   @ApiOperation({
     summary: 'Generate sharable sale invoice link (private or public)',
   })

packages/server/src/modules/SaleInvoices/SaleInvoices.module.ts

@@ -46,8 +46,8 @@ import { DynamicListModule } from '../DynamicListing/DynamicList.module';
 import { MailNotificationModule } from '../MailNotification/MailNotification.module';
 import { SendSaleInvoiceMailProcessor } from './processors/SendSaleInvoiceMail.processor';
 import { BullBoardModule } from '@bull-board/nestjs';
-import { BullAdapter } from '@bull-board/api/bullAdapter';
-import { BullModule } from '@nestjs/bull';
+import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
+import { BullModule } from '@nestjs/bullmq';
 import { SendSaleInvoiceQueue } from './constants';
 import { InvoicePaymentIntegrationSubscriber } from './subscribers/InvoicePaymentIntegrationSubscriber';
 import { InvoiceChangeStatusOnMailSentSubscriber } from './subscribers/InvoiceChangeStatusOnMailSentSubscriber';
@@ -85,7 +85,7 @@ import { ValidateBulkDeleteSaleInvoicesService } from './ValidateBulkDeleteSaleI
     BullModule.registerQueue({ name: SendSaleInvoiceQueue }),
     BullBoardModule.forFeature({
       name: SendSaleInvoiceQueue,
-      adapter: BullAdapter,
+      adapter: BullMQAdapter,
     }),
   ],
   controllers: [SaleInvoicesController],

packages/server/src/modules/SaleInvoices/processors/SendSaleInvoiceMail.processor.ts

@@ -1,9 +1,8 @@
-import { JOB_REF, Process, Processor } from '@nestjs/bull';
-import { Job } from 'bull';
+import { Processor, WorkerHost } from '@nestjs/bullmq';
+import { Job } from 'bullmq';
 import { SendSaleInvoiceMailJob, SendSaleInvoiceQueue } from '../constants';
 import { SendSaleInvoiceMail } from '../commands/SendSaleInvoiceMail';
-import { Inject, Scope } from '@nestjs/common';
-import { REQUEST } from '@nestjs/core';
+import { Scope } from '@nestjs/common';
 import { ClsService, UseCls } from 'nestjs-cls';
 import { SendSaleInvoiceMailJobPayload } from '../SaleInvoice.types';
 
@@ -11,20 +10,18 @@ import { SendSaleInvoiceMailJobPayload } from '../SaleInvoice.types';
   name: SendSaleInvoiceQueue,
   scope: Scope.REQUEST,
 })
-export class SendSaleInvoiceMailProcessor {
+export class SendSaleInvoiceMailProcessor extends WorkerHost {
   constructor(
     private readonly sendSaleInvoiceMail: SendSaleInvoiceMail,
-    @Inject(REQUEST) private readonly request: Request,
-    @Inject(JOB_REF)
-    private readonly jobRef: Job<SendSaleInvoiceMailJobPayload>,
     private readonly clsService: ClsService,
-  ) { }
+  ) {
+    super();
+  }
 
-  @Process(SendSaleInvoiceMailJob)
   @UseCls()
-  async handleSendInvoice() {
+  async process(job: Job<SendSaleInvoiceMailJobPayload>) {
     const { messageOptions, saleInvoiceId, organizationId, userId } =
-      this.jobRef.data;
+      job.data;
 
     this.clsService.set('organizationId', organizationId);
     this.clsService.set('userId', userId);

packages/server/src/modules/SaleReceipts/SaleReceipts.module.ts

@@ -1,7 +1,7 @@
 import { Module } from '@nestjs/common';
 import { BullBoardModule } from '@bull-board/nestjs';
-import { BullAdapter } from '@bull-board/api/bullAdapter';
-import { BullModule } from '@nestjs/bull';
+import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
+import { BullModule } from '@nestjs/bullmq';
 import { SaleReceiptApplication } from './SaleReceiptApplication.service';
 import { CreateSaleReceipt } from './commands/CreateSaleReceipt.service';
 import { EditSaleReceipt } from './commands/EditSaleReceipt.service';
@@ -66,7 +66,7 @@ import { ValidateBulkDeleteSaleReceiptsService } from './ValidateBulkDeleteSaleR
     BullModule.registerQueue({ name: SendSaleReceiptMailQueue }),
     BullBoardModule.forFeature({
       name: SendSaleReceiptMailQueue,
-      adapter: BullAdapter,
+      adapter: BullMQAdapter,
     }),
   ],
   providers: [

packages/server/src/modules/SaleReceipts/commands/SaleReceiptMailNotification.ts

@@ -1,4 +1,4 @@
-import { InjectQueue } from '@nestjs/bull';
+import { InjectQueue } from '@nestjs/bullmq';
 import { Queue } from 'bullmq';
 import {
   DEFAULT_RECEIPT_MAIL_CONTENT,

packages/server/src/modules/SaleReceipts/processes/SendSaleReceiptMail.process.ts

@@ -1,30 +1,26 @@
-import { Process, Processor } from '@nestjs/bull';
-import { Job } from 'bull';
-import { Inject, Scope } from '@nestjs/common';
-import { JOB_REF } from '@nestjs/bull';
+import { Processor, WorkerHost } from '@nestjs/bullmq';
+import { Job } from 'bullmq';
+import { Scope } from '@nestjs/common';
 import { SendSaleReceiptMailQueue, SendSaleReceiptMailJob } from '../constants';
 import { SaleReceiptMailNotification } from '../commands/SaleReceiptMailNotification';
-import { SaleReceiptSendMailPayload } from '../types/SaleReceipts.types';
 import { ClsService, UseCls } from 'nestjs-cls';
 
 @Processor({
   name: SendSaleReceiptMailQueue,
   scope: Scope.REQUEST,
 })
-export class SendSaleReceiptMailProcess {
+export class SendSaleReceiptMailProcess extends WorkerHost {
   constructor(
     private readonly saleReceiptMailNotification: SaleReceiptMailNotification,
     private readonly clsService: ClsService,
+  ) {
+    super();
+  }
 
-    @Inject(JOB_REF)
-    private readonly jobRef: Job<SaleReceiptSendMailPayload>,
-  ) { }
-
-  @Process(SendSaleReceiptMailJob)
   @UseCls()
-  async handleSendMailJob() {
+  async process(job: Job) {
     const { messageOpts, saleReceiptId, organizationId, userId } =
-      this.jobRef.data;
+      job.data;
 
     this.clsService.set('organizationId', organizationId);
     this.clsService.set('userId', userId);

packages/server/src/modules/Settings/Settings.controller.ts

@@ -1,16 +1,22 @@
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
-import { Body, Controller, Get, Put } from '@nestjs/common';
+import { Body, Controller, Get, Put, UseGuards } from '@nestjs/common';
 import { SettingsApplicationService } from './SettingsApplication.service';
-import { ISettingsDTO } from './Settings.types';
+import { ISettingsDTO, PreferencesAction } from './Settings.types';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
 
 @Controller('settings')
 @ApiTags('Settings')
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class SettingsController {
   constructor(
     private readonly settingsApplicationService: SettingsApplicationService,
   ) {}
 
   @Put()
+  @RequirePermission(PreferencesAction.Mutate, AbilitySubject.Preferences)
   @ApiOperation({ summary: 'Save the given settings.' })
   async saveSettings(@Body() settingsDTO: ISettingsDTO) {
     return this.settingsApplicationService.saveSettings(settingsDTO);

packages/server/src/modules/System/SystemDB/SystemDB.controller.ts

@@ -1,12 +1,14 @@
-import { Controller, Get, Post } from '@nestjs/common';
+import { Controller, Get, HttpCode } from '@nestjs/common';
+import { PublicRoute } from '@/modules/Auth/guards/jwt.guard';
 
-@Controller('/system_db')
+@Controller('system_db')
+@PublicRoute()
 export class SystemDatabaseController {
   constructor() {}
 
-  @Post()
   @Get()
-  ping(){
-    
+  @HttpCode(200)
+  ping() {
+    return { status: 'ok' };
   }
 }

packages/server/src/modules/System/SystemDB/SystemDB.module.ts

@@ -6,6 +6,7 @@ import {
   SystemKnexConnectionConfigure,
 } from './SystemDB.constants';
 import { knexSnakeCaseMappers } from 'objection';
+import { SystemDatabaseController } from './SystemDB.controller';
 
 const providers = [
   {
@@ -42,6 +43,7 @@ const providers = [
 
 @Global()
 @Module({
+  controllers: [SystemDatabaseController],
   providers: [...providers],
   exports: [...providers],
 })

packages/server/src/modules/TaxRates/TaxRate.application.ts

@@ -62,10 +62,11 @@ export class TaxRatesApplication {
 
   /**
    * Retrieves the tax rates list.
-   * @returns {Promise<ITaxRate[]>}
+   * @returns {Promise<{ data: ITaxRate[] }>}
    */
-  public getTaxRates() {
-    return this.getTaxRatesService.getTaxRates();
+  public async getTaxRates() {
+    const taxRates = await this.getTaxRatesService.getTaxRates();
+    return { data: taxRates };
   }
 
   /**

packages/server/src/modules/TaxRates/TaxRate.controller.ts

@@ -6,6 +6,7 @@ import {
   Param,
   Post,
   Put,
+  UseGuards,
 } from '@nestjs/common';
 import { TaxRatesApplication } from './TaxRate.application';
 import {
@@ -18,15 +19,22 @@ import {
 import { CreateTaxRateDto, EditTaxRateDto } from './dtos/TaxRate.dto';
 import { TaxRateResponseDto } from './dtos/TaxRateResponse.dto';
 import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { TaxRateAction } from './TaxRates.types';
 
 @Controller('tax-rates')
 @ApiTags('Tax Rates')
 @ApiExtraModels(TaxRateResponseDto)
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class TaxRatesController {
   constructor(private readonly taxRatesApplication: TaxRatesApplication) { }
 
   @Post()
+  @RequirePermission(TaxRateAction.CREATE, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Create a new tax rate.' })
   @ApiResponse({
     status: 201,
@@ -38,6 +46,7 @@ export class TaxRatesController {
   }
 
   @Put(':id')
+  @RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Edit the given tax rate.' })
   @ApiResponse({
     status: 200,
@@ -54,6 +63,7 @@ export class TaxRatesController {
   }
 
   @Delete(':id')
+  @RequirePermission(TaxRateAction.DELETE, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Delete the given tax rate.' })
   @ApiResponse({
     status: 200,
@@ -67,6 +77,7 @@ export class TaxRatesController {
   }
 
   @Get(':id')
+  @RequirePermission(TaxRateAction.VIEW, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Retrieves the tax rate details.' })
   @ApiResponse({
     status: 200,
@@ -80,14 +91,20 @@ export class TaxRatesController {
   }
 
   @Get()
+  @RequirePermission(TaxRateAction.VIEW, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Retrieves the tax rates.' })
   @ApiResponse({
     status: 200,
     description: 'The tax rates have been successfully retrieved.',
     schema: {
-      type: 'array',
-      items: {
-        $ref: getSchemaPath(TaxRateResponseDto),
+      type: 'object',
+      properties: {
+        data: {
+          type: 'array',
+          items: {
+            $ref: getSchemaPath(TaxRateResponseDto),
+          },
+        },
       },
     },
   })
@@ -96,6 +113,7 @@ export class TaxRatesController {
   }
 
   @Put(':id/activate')
+  @RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Activate the given tax rate.' })
   @ApiResponse({
     status: 200,
@@ -109,6 +127,7 @@ export class TaxRatesController {
   }
 
   @Put(':id/inactivate')
+  @RequirePermission(TaxRateAction.EDIT, AbilitySubject.TaxRate)
   @ApiOperation({ summary: 'Inactivate the given tax rate.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/TaxRates/dtos/TaxRate.dto.ts

@@ -1,3 +1,4 @@
+import { ToNumber } from '@/common/decorators/Validators';
 import { ApiProperty } from '@nestjs/swagger';
 import { Transform } from 'class-transformer';
 import {
@@ -30,6 +31,7 @@ export class CommandTaxRateDto {
    */
   @IsNumber()
   @IsNotEmpty()
+  @ToNumber()
   @ApiProperty({
     description: 'The rate of the tax rate.',
     example: 10,

packages/server/src/modules/UsersModule/Users.controller.ts

@@ -22,7 +22,7 @@ export class UsersController {
   /**
    * Edit details of the given user.
    */
-  @Post(':id')
+  @Put(':id')
   @ApiOperation({ summary: 'Edit details of the given user.' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/UsersModule/Users.module.ts

@@ -1,4 +1,7 @@
 import { Module } from '@nestjs/common';
+import { BullModule } from '@nestjs/bullmq';
+import { BullBoardModule } from '@bull-board/nestjs';
+import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
 import { ActivateUserService } from './commands/ActivateUser.service';
 import { DeleteUserService } from './commands/DeleteUser.service';
 import { EditUserService } from './commands/EditUser.service';
@@ -18,11 +21,24 @@ import { AcceptInviteUserService } from './commands/AcceptInviteUser.service';
 import { InviteTenantUserService } from './commands/InviteUser.service';
 import { UsersInviteController } from './UsersInvite.controller';
 import { InjectSystemModel } from '../System/SystemModels/SystemModels.module';
+import { SendInviteUserMailQueue } from './Users.constants';
+import InviteSendMainNotificationSubscribe from './subscribers/InviteSendMailNotification.subscriber';
+import { SendInviteUserMailProcessor } from './processors/SendInviteUserMail.processor';
+import { SendInviteUsersMailMessage } from './commands/SendInviteUsersMailMessage.service';
+import { MailModule } from '../Mail/Mail.module';
 
 const models = [InjectSystemModel(UserInvite)];
 
 @Module({
-  imports: [TenancyModule],
+  imports: [
+    TenancyModule,
+    MailModule,
+    BullModule.registerQueue({ name: SendInviteUserMailQueue }),
+    BullBoardModule.forFeature({
+      name: SendInviteUserMailQueue,
+      adapter: BullMQAdapter,
+    }),
+  ],
   exports: [...models],
   providers: [
     ...models,
@@ -39,6 +55,9 @@ const models = [InjectSystemModel(UserInvite)];
     SyncTenantUserMutateSubscriber,
     SyncSystemSendInviteSubscriber,
     SyncTenantAcceptInviteSubscriber,
+    InviteSendMainNotificationSubscribe,
+    SendInviteUserMailProcessor,
+    SendInviteUsersMailMessage,
     UsersApplication
   ],
   controllers: [UsersController, UsersInviteController],

packages/server/src/modules/UsersModule/Users.types.ts

@@ -32,10 +32,12 @@ export interface ITenantUserDeletedPayload {
 export interface IUserInvitedEventPayload {
   inviteToken: string;
   user: ModelObject<TenantUser>;
+  invitingUser: ModelObject<TenantUser>;
 }
 export interface IUserInviteTenantSyncedEventPayload {
   invite: ModelObject<UserInvite>;
   user: ModelObject<TenantUser>;
+  invitingUser: ModelObject<TenantUser>;
 }
 
 export interface IUserInviteResendEventPayload {

packages/server/src/modules/UsersModule/commands/InactivateUser.service.ts

@@ -43,11 +43,11 @@ export class InactivateUserService {
     // Throw serivce error if the user is already inactivated.
     this.throwErrorIfUserInactive(tenantUser);
 
-    // Marks the tenant user as active.
+    // Marks the tenant user as inactive.
     await this.tenantUserModel()
       .query()
       .findById(userId)
-      .update({ active: true });
+      .update({ active: false });
 
     // Triggers `onTenantUserActivated` event.
     await this.eventEmitter.emitAsync(events.tenantUser.onInactivated, {

packages/server/src/modules/UsersModule/commands/InviteUser.service.ts

@@ -15,11 +15,13 @@ import { events } from '@/common/events/events';
 import { Role } from '@/modules/Roles/models/Role.model';
 import { ModelObject } from 'objection';
 import { SendInviteUserDto } from '../dtos/InviteUser.dto';
+import { TenancyContext } from '@/modules/Tenancy/TenancyContext.service';
 
 @Injectable()
 export class InviteTenantUserService {
   constructor(
     private readonly eventEmitter: EventEmitter2,
+    private readonly tenancyContext: TenancyContext,
 
     @Inject(TenantUser.name)
     private readonly tenantUserModel: TenantModelProxy<typeof TenantUser>,
@@ -53,10 +55,18 @@ export class InviteTenantUserService {
       active: true,
       invitedAt: new Date(),
     });
+
+    // Retrieves the authorized user (inviting user).
+    const authorizedUser = await this.tenancyContext.getSystemUser();
+    const invitingUser = await this.tenantUserModel()
+      .query()
+      .findOne({ systemUserId: authorizedUser.id });
+
     // Triggers `onUserSendInvite` event.
     await this.eventEmitter.emitAsync(events.inviteUser.sendInvite, {
       inviteToken,
       user,
+      invitingUser,
     } as IUserInvitedEventPayload);
 
     return { invitedUser: user };

packages/server/src/modules/UsersModule/commands/SendInviteUsersMailMessage.service.ts

@@ -27,7 +27,7 @@ export class SendInviteUsersMailMessage {
     invite: ModelObject<UserInvite>,
   ) {
     const tenant = await this.tenancyContext.getTenant(true);
-    const root = path.join(global.__views_dir, '/images/bigcapital.png');
+    const root = path.join(global.__images_dirname, '/bigcapital.png');
     const baseURL = this.configService.get('baseURL');
 
     const mail = new Mail()

packages/server/src/modules/UsersModule/processors/SendInviteUserMail.processor.ts

@@ -1,7 +1,6 @@
-import { JOB_REF, Process, Processor } from '@nestjs/bull';
-import { Job } from 'bull';
-import { Inject, Scope } from '@nestjs/common';
-import { REQUEST } from '@nestjs/core';
+import { Processor, WorkerHost } from '@nestjs/bullmq';
+import { Job } from 'bullmq';
+import { Scope } from '@nestjs/common';
 import { ClsService, UseCls } from 'nestjs-cls';
 import {
   SendInviteUserMailJob,
@@ -14,19 +13,17 @@ import { SendInviteUsersMailMessage } from '../commands/SendInviteUsersMailMessa
   name: SendInviteUserMailQueue,
   scope: Scope.REQUEST,
 })
-export class SendInviteUserMailProcessor {
+export class SendInviteUserMailProcessor extends WorkerHost {
   constructor(
     private readonly sendInviteUsersMailService: SendInviteUsersMailMessage,
-    @Inject(REQUEST) private readonly request: Request,
-    @Inject(JOB_REF)
-    private readonly jobRef: Job<SendInviteUserMailJobPayload>,
     private readonly clsService: ClsService,
-  ) { }
+  ) {
+    super();
+  }
 
-  @Process(SendInviteUserMailJob)
   @UseCls()
-  async handleSendInviteMail() {
-    const { fromUser, invite, organizationId, userId } = this.jobRef.data;
+  async process(job: Job<SendInviteUserMailJobPayload>) {
+    const { fromUser, invite, organizationId, userId } = job.data;
 
     this.clsService.set('organizationId', organizationId);
     this.clsService.set('userId', userId);

packages/server/src/modules/UsersModule/subscribers/InviteSendMailNotification.subscriber.ts

@@ -1,6 +1,6 @@
 import { Injectable } from '@nestjs/common';
-import { InjectQueue } from '@nestjs/bull';
-import { Queue } from 'bull';
+import { InjectQueue } from '@nestjs/bullmq';
+import { Queue } from 'bullmq';
 import { events } from '@/common/events/events';
 import { OnEvent } from '@nestjs/event-emitter';
 import {
@@ -29,6 +29,7 @@ export default class InviteSendMainNotificationSubscribe {
   async sendMailNotification({
     invite,
     user,
+    invitingUser,
   }: IUserInviteTenantSyncedEventPayload) {
     const tenant = await this.tenancyContext.getTenant();
     const authedUser = await this.tenancyContext.getSystemUser();
@@ -37,7 +38,7 @@ export default class InviteSendMainNotificationSubscribe {
     const userId = authedUser.id;
 
     this.sendInviteMailQueue.add(SendInviteUserMailJob, {
-      fromUser: user,
+      fromUser: invitingUser,
       invite,
       userId,
       organizationId,

packages/server/src/modules/UsersModule/subscribers/SyncSystemSendInvite.subscriber.ts

@@ -33,7 +33,7 @@ export class SyncSystemSendInviteSubscriber {
    * @param {IUserInvitedEventPayload} payload -
    */
   @OnEvent(events.inviteUser.sendInvite)
-  async syncSendInviteSystem({ inviteToken, user }: IUserInvitedEventPayload) {
+  async syncSendInviteSystem({ inviteToken, user, invitingUser }: IUserInvitedEventPayload) {
     const authorizedUser = await this.tenancyContext.getSystemUser();
     const tenantId = authorizedUser.tenantId;
 
@@ -63,6 +63,7 @@ export class SyncSystemSendInviteSubscriber {
       {
         invite,
         user,
+        invitingUser,
       } as IUserInviteTenantSyncedEventPayload,
     );
   }

packages/server/src/modules/VendorCredit/VendorCredits.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { VendorCreditsApplicationService } from './VendorCreditsApplication.service';
 import { IVendorCreditsQueryDTO } from './types/VendorCredit.types';
@@ -26,17 +27,24 @@ import {
   BulkDeleteDto,
   ValidateBulkDeleteResponseDto,
 } from '@/common/dtos/BulkDelete.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { VendorCreditAction } from './types/VendorCredit.types';
 
 @Controller('vendor-credits')
 @ApiTags('Vendor Credits')
 @ApiCommonHeaders()
 @ApiExtraModels(ValidateBulkDeleteResponseDto)
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class VendorCreditsController {
   constructor(
     private readonly vendorCreditsApplication: VendorCreditsApplicationService,
   ) { }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(VendorCreditAction.Delete, AbilitySubject.VendorCredit)
   @ApiOperation({
     summary:
       'Validates which vendor credits can be deleted and returns the results.',
@@ -58,6 +66,7 @@ export class VendorCreditsController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(VendorCreditAction.Delete, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Deletes multiple vendor credits.' })
   @ApiResponse({
     status: 200,
@@ -73,24 +82,28 @@ export class VendorCreditsController {
   }
 
   @Post()
+  @RequirePermission(VendorCreditAction.Create, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Create a new vendor credit.' })
   async createVendorCredit(@Body() dto: CreateVendorCreditDto) {
     return this.vendorCreditsApplication.createVendorCredit(dto);
   }
 
   @Put(':id/open')
+  @RequirePermission(VendorCreditAction.Edit, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Open the given vendor credit.' })
   async openVendorCredit(@Param('id') vendorCreditId: number) {
     return this.vendorCreditsApplication.openVendorCredit(vendorCreditId);
   }
 
   @Get()
+  @RequirePermission(VendorCreditAction.View, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Retrieves the vendor credits.' })
   async getVendorCredits(@Query() filterDTO: IVendorCreditsQueryDTO) {
     return this.vendorCreditsApplication.getVendorCredits(filterDTO);
   }
 
   @Put(':id')
+  @RequirePermission(VendorCreditAction.Edit, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Edit the given vendor credit.' })
   async editVendorCredit(
     @Param('id') vendorCreditId: number,
@@ -100,12 +113,14 @@ export class VendorCreditsController {
   }
 
   @Delete(':id')
+  @RequirePermission(VendorCreditAction.Delete, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Delete the given vendor credit.' })
   async deleteVendorCredit(@Param('id') vendorCreditId: number) {
     return this.vendorCreditsApplication.deleteVendorCredit(vendorCreditId);
   }
 
   @Get(':id')
+  @RequirePermission(VendorCreditAction.View, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Retrieves the vendor credit details.' })
   async getVendorCredit(@Param('id') vendorCreditId: number) {
     return this.vendorCreditsApplication.getVendorCredit(vendorCreditId);

packages/server/src/modules/VendorCreditsApplyBills/VendorCreditApplyBills.controller.ts

@@ -1,16 +1,33 @@
-import { Body, Controller, Delete, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { VendorCreditApplyBillsApplicationService } from './VendorCreditApplyBillsApplication.service';
 import { IVendorCreditApplyToInvoicesDTO } from './types/VendorCreditApplyBills.types';
 import { ApiTags } from '@nestjs/swagger';
+import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { VendorCreditAction } from '../VendorCredit/types/VendorCredit.types';
 
 @Controller('vendor-credits')
 @ApiTags('Vendor Credits Apply Bills')
+@ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class VendorCreditApplyBillsController {
   constructor(
     private readonly vendorCreditApplyBillsApplication: VendorCreditApplyBillsApplicationService,
   ) {}
 
   @Get(':vendorCreditId/bills-to-apply')
+  @RequirePermission(VendorCreditAction.View, AbilitySubject.VendorCredit)
   async getVendorCreditToApplyBills(
     @Param('vendorCreditId') vendorCreditId: number,
   ) {
@@ -20,6 +37,7 @@ export class VendorCreditApplyBillsController {
   }
 
   @Post(':vendorCreditId/apply-to-bills')
+  @RequirePermission(VendorCreditAction.Edit, AbilitySubject.VendorCredit)
   async applyVendorCreditToBills(
     @Param('vendorCreditId') vendorCreditId: number,
     @Body() applyCreditToBillsDTO: IVendorCreditApplyToInvoicesDTO,
@@ -31,6 +49,7 @@ export class VendorCreditApplyBillsController {
   }
 
   @Delete('applied-bills/:vendorCreditAppliedBillId')
+  @RequirePermission(VendorCreditAction.Edit, AbilitySubject.VendorCredit)
   async deleteAppliedBillToVendorCredit(
     @Param('vendorCreditAppliedBillId') vendorCreditAppliedBillId: number,
   ) {
@@ -40,6 +59,7 @@ export class VendorCreditApplyBillsController {
   }
 
   @Get(':vendorCreditId/applied-bills')
+  @RequirePermission(VendorCreditAction.View, AbilitySubject.VendorCredit)
   async getAppliedBillsToVendorCredit(
     @Param('vendorCreditId') vendorCreditId: number,
   ) {

packages/server/src/modules/VendorCreditsRefund/VendorCreditsRefund.controller.ts

@@ -1,11 +1,27 @@
-import { Body, Controller, Delete, Get, Param, Post } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
 import { VendorCreditsRefundApplication } from './VendorCreditsRefund.application';
 import { RefundVendorCredit } from './models/RefundVendorCredit';
 import { ApiOperation, ApiTags } from '@nestjs/swagger';
 import { RefundVendorCreditDto } from './dtos/RefundVendorCredit.dto';
+import { ApiCommonHeaders } from '@/common/decorators/ApiCommonHeaders';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { VendorCreditAction } from '../VendorCredit/types/VendorCredit.types';
 
 @Controller('vendor-credits')
 @ApiTags('Vendor Credits Refunds')
+@ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class VendorCreditsRefundController {
   constructor(
     private readonly vendorCreditsRefundApplication: VendorCreditsRefundApplication,
@@ -17,6 +33,7 @@ export class VendorCreditsRefundController {
    * @returns {Promise<IRefundVendorCreditPOJO[]>}
    */
   @Get(':vendorCreditId/refund')
+  @RequirePermission(VendorCreditAction.View, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Retrieve the vendor credit refunds graph.' })
   public getVendorCreditRefunds(
     @Param('vendorCreditId') vendorCreditId: string,
@@ -33,6 +50,7 @@ export class VendorCreditsRefundController {
    * @returns {Promise<RefundVendorCredit>}
    */
   @Post(':vendorCreditId/refund')
+  @RequirePermission(VendorCreditAction.Refund, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Create a refund for the given vendor credit.' })
   public async createRefundVendorCredit(
     @Param('vendorCreditId') vendorCreditId: string,
@@ -50,6 +68,7 @@ export class VendorCreditsRefundController {
    * @returns {Promise<void>}
    */
   @Delete('refunds/:refundCreditId')
+  @RequirePermission(VendorCreditAction.Refund, AbilitySubject.VendorCredit)
   @ApiOperation({ summary: 'Delete a refund for the given vendor credit.' })
   public async deleteRefundVendorCredit(
     @Param('refundCreditId') refundCreditId: string,

packages/server/src/modules/Vendors/Vendors.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   Query,
+  UseGuards,
 } from '@nestjs/common';
 import { VendorsApplication } from './VendorsApplication.service';
 import { VendorOpeningBalanceEditDto } from './dtos/VendorOpeningBalanceEdit.dto';
@@ -24,44 +25,56 @@ import {
   BulkDeleteVendorsDto,
   ValidateBulkDeleteVendorsResponseDto,
 } from './dtos/BulkDeleteVendors.dto';
+import { RequirePermission } from '@/modules/Roles/RequirePermission.decorator';
+import { PermissionGuard } from '@/modules/Roles/Permission.guard';
+import { AuthorizationGuard } from '@/modules/Roles/Authorization.guard';
+import { AbilitySubject } from '@/modules/Roles/Roles.types';
+import { VendorAction } from '../Customers/types/Customers.types';
 
 @Controller('vendors')
 @ApiTags('Vendors')
 @ApiCommonHeaders()
+@UseGuards(AuthorizationGuard, PermissionGuard)
 export class VendorsController {
   constructor(private vendorsApplication: VendorsApplication) {}
 
   @Get()
+  @RequirePermission(VendorAction.View, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Retrieves the vendors.' })
   getVendors(@Query() filterDTO: GetVendorsQueryDto) {
     return this.vendorsApplication.getVendors(filterDTO);
   }
 
   @Get(':id')
+  @RequirePermission(VendorAction.View, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Retrieves the vendor details.' })
   getVendor(@Param('id') vendorId: number) {
     return this.vendorsApplication.getVendor(vendorId);
   }
 
   @Post()
+  @RequirePermission(VendorAction.Create, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Create a new vendor.' })
   createVendor(@Body() vendorDTO: CreateVendorDto) {
     return this.vendorsApplication.createVendor(vendorDTO);
   }
 
   @Put(':id')
+  @RequirePermission(VendorAction.Edit, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Edit the given vendor.' })
   editVendor(@Param('id') vendorId: number, @Body() vendorDTO: EditVendorDto) {
     return this.vendorsApplication.editVendor(vendorId, vendorDTO);
   }
 
   @Delete(':id')
+  @RequirePermission(VendorAction.Delete, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Delete the given vendor.' })
   deleteVendor(@Param('id') vendorId: number) {
     return this.vendorsApplication.deleteVendor(vendorId);
   }
 
   @Put(':id/opening-balance')
+  @RequirePermission(VendorAction.Edit, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Edit the given vendor opening balance.' })
   editOpeningBalance(
     @Param('id') vendorId: number,
@@ -74,6 +87,7 @@ export class VendorsController {
   }
 
   @Post('validate-bulk-delete')
+  @RequirePermission(VendorAction.Delete, AbilitySubject.Vendor)
   @ApiOperation({
     summary:
       'Validates which vendors can be deleted and returns counts of deletable and non-deletable vendors.',
@@ -93,6 +107,7 @@ export class VendorsController {
   }
 
   @Post('bulk-delete')
+  @RequirePermission(VendorAction.Delete, AbilitySubject.Vendor)
   @ApiOperation({ summary: 'Deletes multiple vendors in bulk.' })
   @ApiResponse({
     status: 200,

packages/webapp/src/components/FinancialSheet/ReportDataTable.tsx

@@ -4,7 +4,12 @@ import styled from 'styled-components';
 import { DataTable } from '../Datatable';
 
 export const ReportDataTable = styled(DataTable)`
+  --x-table-no-results-border-color: #ddd;
+
+  .bp4-dark & {
+    --x-table-no-results-border-color: var(--color-dark-gray5);
+  }
   .table .tbody .tr.no-results:last-of-type .td {
-    border-bottom: 1px solid #ddd;
+    border-bottom: 1px solid var(--x-table-no-results-border-color);
   }
 `;

packages/webapp/src/components/Preferences/PreferencesSidebar.tsx

@@ -3,7 +3,7 @@ import React from 'react';
 import { Menu, MenuItem, MenuDivider } from '@blueprintjs/core';
 import { useHistory, useLocation } from 'react-router-dom';
 import { FormattedMessage as T } from '@/components';
-import preferencesMenu from '@/constants/preferencesMenu';
+import { PreferencesMenu } from '@/constants/preferencesMenu';
 import PreferencesSidebarContainer from './PreferencesSidebarContainer';
 
 import '@/style/pages/Preferences/Sidebar.scss';
@@ -15,7 +15,7 @@ export default function PreferencesSidebar() {
   const history = useHistory();
   const location = useLocation();
 
-  const items = preferencesMenu.map((item) =>
+  const items = PreferencesMenu.map((item) =>
     item.divider ? (
       <MenuDivider title={item.title} />
     ) : (

packages/webapp/src/components/TextStatus/index.tsx

@@ -10,12 +10,17 @@ const TextStatusRoot = styled.span`
   ${(props) =>
     props.intent === 'warning' &&
     `
-  color: #ec5b0a;`}
+  color: #c87619;`}
+
+  ${(props) =>
+    props.intent === 'danger' &&
+    `
+  color: #f17377;`}
 
   ${(props) =>
     props.intent === 'success' &&
     `
-  color: #2ba01d;`}
+  color: #238551;`}
 
   ${(props) =>
     props.intent === 'none' &&

packages/webapp/src/components/UniversalSearch/UniversalSearch.tsx

@@ -1,7 +1,5 @@
-// @ts-nocheck
-import React from 'react';
+import React, { KeyboardEvent, ReactNode } from 'react';
 import intl from 'react-intl-universal';
-import classNames from 'classnames';
 import { isUndefined } from 'lodash';
 import {
   Overlay,
@@ -10,11 +8,14 @@ import {
   MenuItem,
   Spinner,
   Intent,
+  OverlayProps,
+  Button,
 } from '@blueprintjs/core';
-import { QueryList } from '@blueprintjs/select';
-import { CLASSES } from '@/constants/classes';
-
-import { Icon, If, ListSelect, FormattedMessage as T } from '@/components';
+import { QueryList, ItemRenderer } from '@blueprintjs/select';
+import { x } from '@xstyled/emotion';
+import { css } from '@emotion/css';
+import { Icon, If, FormattedMessage as T } from '@/components';
+import { Select } from '@blueprintjs-formik/select';
 import {
   UniversalSearchProvider,
   useUniversalSearchContext,
@@ -22,59 +23,297 @@ import {
 import { filterItemsByResourceType } from './utils';
 import { RESOURCES_TYPES } from '@/constants/resourcesTypes';
 
+// Resource type from RESOURCES_TYPES constant
+type ResourceType = string;
+
+// Search type option item
+interface SearchTypeOption {
+  key: ResourceType;
+  label: string;
+}
+
+// Universal search item
+interface UniversalSearchItem {
+  id: number | string;
+  _type: ResourceType;
+  text: string;
+  subText?: string;
+  label?: string;
+  [key: string]: any;
+}
+
+// CSS styles for complex selectors
+const overlayStyles = css`
+  .bp4-overlay-appear,
+  .bp4-overlay-enter {
+    filter: blur(20px);
+    opacity: 0.2;
+  }
+  .bp4-overlay-appear-active,
+  .bp4-overlay-enter-active {
+    filter: blur(0);
+    opacity: 1;
+    transition:
+      filter 0.2s cubic-bezier(0.4, 1, 0.75, 0.9),
+      opacity 0.2s cubic-bezier(0.4, 1, 0.75, 0.9);
+  }
+  .bp4-overlay-exit {
+    filter: blur(0);
+    opacity: 1;
+  }
+  .bp4-overlay-exit-active {
+    filter: blur(20px);
+    opacity: 0.2;
+    transition:
+      filter 0.2s cubic-bezier(0.4, 1, 0.75, 0.9),
+      opacity 0.2s cubic-bezier(0.4, 1, 0.75, 0.9);
+  }
+`;
+
+const containerStyles = css`
+  position: fixed;
+  filter: blur(0);
+  opacity: 1;
+  background-color: var(--color-universal-search-background);
+  border-radius: 3px;
+  box-shadow:
+    0 0 0 1px rgba(16, 22, 26, 0.1),
+    0 4px 8px rgba(16, 22, 26, 0.2),
+    0 18px 46px 6px rgba(16, 22, 26, 0.2);
+  left: calc(50% - 250px);
+  top: 20vh;
+  width: 500px;
+  z-index: 20;
+
+  .bp4-input-group {
+    .bp4-icon {
+      margin: 16px;
+      color: var(--color-universal-search-icon);
+
+      svg {
+        stroke: currentColor;
+        fill: none;
+        fill-rule: evenodd;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+        stroke-width: 2;
+        --text-opacity: 1;
+      }
+    }
+  }
+
+  .bp4-input-group .bp4-input {
+    border: 0;
+    box-shadow: 0 0 0 0;
+    height: 50px;
+    line-height: 50px;
+    font-size: 20px;
+  }
+  .bp4-input-group.bp4-large .bp4-input:not(:first-child) {
+    padding-left: 50px !important;
+  }
+  .bp4-input-group.bp4-large .bp4-input:not(:last-child) {
+    padding-right: 130px !important;
+  }
+
+  .bp4-menu {
+    border-top: 1px solid var(--color-universal-search-menu-border);
+    max-height: calc(60vh - 20px);
+    overflow: auto;
+
+    .bp4-menu-item {
+      .bp4-text-muted {
+        font-size: 12px;
+
+        .bp4-icon {
+          color: var(--bp4-gray-600);
+        }
+      }
+      &.bp4-intent-primary {
+        &.bp4-active {
+          background-color: var(--bp4-blue-100);
+          color: var(--bp4-dark-gray-800);
+
+          .bp4-menu-item-label {
+            color: var(--bp4-gray-600);
+          }
+        }
+      }
+
+      &-label {
+        flex-direction: row;
+        text-align: right;
+      }
+    }
+  }
+
+  .bp4-input-action {
+    height: 100%;
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+  }
+`;
+
+const inputRightElementsStyles = css`
+  display: flex;
+  margin: 10px;
+
+  .bp4-spinner {
+    margin-right: 6px;
+  }
+`;
+
+const footerStyles = css`
+  padding: 12px 12px;
+  border-top: 1px solid var(--color-universal-search-footer-divider);
+`;
+
+const actionBaseStyles = css`
+  &:not(:first-of-type) {
+    margin-left: 14px;
+  }
+
+  .bp4-tag {
+    background: var(--color-universal-search-tag-background);
+    color: var(--color-universal-search-tag-text);
+  }
+`;
+
+const actionArrowsStyles = css`
+  &:not(:first-of-type) {
+    margin-left: 14px;
+  }
+
+  .bp4-tag {
+    background: var(--color-universal-search-tag-background);
+    color: var(--color-universal-search-tag-text);
+    padding: 0;
+    text-align: center;
+    line-height: 16px;
+    margin-left: 4px;
+
+    svg {
+      fill: var(--color-universal-search-tag-text);
+      height: 100%;
+      display: block;
+      width: 100%;
+      padding: 2px;
+    }
+  }
+`;
+
+// UniversalSearchInputRightElements props
+interface UniversalSearchInputRightElementsProps {
+  /** Callback when search type changes */
+  onSearchTypeChange?: (option: SearchTypeOption) => void;
+}
+
 /**
  * Universal search input action.
  */
-function UniversalSearchInputRightElements({ onSearchTypeChange }) {
-  const { isLoading, searchType, defaultSearchResource, searchTypeOptions } =
+function UniversalSearchInputRightElements({
+  onSearchTypeChange,
+}: UniversalSearchInputRightElementsProps) {
+  const { isLoading, searchType, searchTypeOptions } =
     useUniversalSearchContext();
 
+  // Find the currently selected item object.
+  const selectedItem = searchTypeOptions.find(
+    (item) => item.key === searchType,
+  );
+
   // Handle search type option change.
-  const handleSearchTypeChange = (option) => {
-    onSearchTypeChange && onSearchTypeChange(option);
+  const handleSearchTypeChange = (option: SearchTypeOption) => {
+    onSearchTypeChange?.(option);
+  };
+
+  // Item renderer for the select dropdown.
+  const itemRenderer: ItemRenderer<SearchTypeOption> = (
+    item,
+    { handleClick },
+  ) => {
+    return <MenuItem text={item.label} key={item.key} onClick={handleClick} />;
   };
 
   return (
-    <div className={CLASSES.UNIVERSAL_SEARCH_INPUT_RIGHT_ELEMENTS}>
+    <x.div display="flex" m="10px" className={inputRightElementsStyles}>
       <If condition={isLoading}>
-        <Spinner tagName="div" intent={Intent.NONE} size={18} value={null} />
+        <Spinner tagName="div" intent={Intent.NONE} size={18} />
       </If>
 
-      <ListSelect
+      <Select<SearchTypeOption>
         items={searchTypeOptions}
+        itemRenderer={itemRenderer}
         onItemSelect={handleSearchTypeChange}
+        selectedValue={selectedItem?.key}
+        valueAccessor={'key'}
+        labelAccessor={'label'}
         filterable={false}
-        initialSelectedItem={defaultSearchResource}
-        selectedItem={searchType}
-        selectedItemProp={'key'}
-        textProp={'label'}
-        // defaultText={intl.get('type')}
         popoverProps={{
           minimal: true,
           captureDismiss: true,
-          className: CLASSES.UNIVERSAL_SEARCH_TYPE_SELECT_OVERLAY,
-        }}
-        buttonProps={{
-          minimal: true,
-          className: CLASSES.UNIVERSAL_SEARCH_TYPE_SELECT_BTN,
         }}
+        input={({ activeItem }) => (
+          <Button minimal={true} text={activeItem?.label} />
+        )}
       />
-    </div>
+    </x.div>
   );
 }
 
+// QueryList renderer props
+interface QueryListRendererProps {
+  /** Current query string */
+  query: string;
+  /** Callback when query changes */
+  handleQueryChange: (event: React.ChangeEvent<HTMLInputElement>) => void;
+  /** Item list element */
+  itemList: ReactNode;
+  /** Class name */
+  className?: string;
+  /** Handle key down */
+  handleKeyDown?: (event: KeyboardEvent<HTMLDivElement>) => void;
+  /** Handle key up */
+  handleKeyUp?: (event: KeyboardEvent<HTMLDivElement>) => void;
+}
+
+// UniversalSearchQueryList props
+interface UniversalSearchQueryListProps {
+  /** Whether the search is open */
+  isOpen: boolean;
+  /** Whether the search is loading */
+  isLoading: boolean;
+  /** Callback when search type changes */
+  onSearchTypeChange?: (option: SearchTypeOption) => void;
+  /** Current search type */
+  searchType: ResourceType;
+  /** Items to display */
+  items: UniversalSearchItem[];
+  /** Renderer for items */
+  itemRenderer?: ItemRenderer<UniversalSearchItem>;
+  /** Callback when an item is selected */
+  onItemSelect?: (item: UniversalSearchItem, event?: any) => void;
+  /** Current query string */
+  query: string;
+  /** Callback when query changes */
+  onQueryChange?: (query: string) => void;
+}
+
 /**
  * Universal search query list.
  */
-function UniversalSearchQueryList(props) {
-  const { isOpen, isLoading, onSearchTypeChange, searchType, ...restProps } =
-    props;
-
+function UniversalSearchQueryList({
+  isOpen,
+  isLoading,
+  onSearchTypeChange,
+  ...restProps
+}: UniversalSearchQueryListProps) {
   return (
-    <QueryList
-      {...restProps}
+    <QueryList<UniversalSearchItem>
+      {...(restProps as any)}
       initialContent={null}
-      renderer={(listProps) => (
+      renderer={(listProps: QueryListRendererProps) => (
         <UniversalSearchBar
           isOpen={isOpen}
           onSearchTypeChange={onSearchTypeChange}
@@ -100,47 +339,53 @@ function UniversalSearchQueryList(props) {
  */
 function UniversalQuerySearchActions() {
   return (
-    <div className={classNames(CLASSES.UNIVERSAL_SEARCH_ACTIONS)}>
-      <div className={classNames(CLASSES.UNIVERSAL_SEARCH_ACTION_SELECT)}>
+    <x.div display="flex">
+      <x.div className={actionBaseStyles}>
         <Tag>ENTER</Tag>
-        <span class={'text'}>{intl.get('universal_search.enter_text')}</span>
-      </div>
+        <x.span ml="6px">{intl.get('universal_search.enter_text')}</x.span>
+      </x.div>
 
-      <div className={classNames(CLASSES.UNIVERSAL_SEARCH_ACTION_CLOSE)}>
+      <x.div className={actionBaseStyles}>
         <Tag>ESC</Tag>{' '}
-        <span class={'text'}>{intl.get('universal_search.close_text')}</span>
-      </div>
+        <x.span ml="6px">{intl.get('universal_search.close_text')}</x.span>
+      </x.div>
 
-      <div className={classNames(CLASSES.UNIVERSAL_SEARCH_ACTION_ARROWS)}>
+      <x.div className={actionArrowsStyles}>
         <Tag>
           <Icon icon={'arrow-up-24'} iconSize={16} />
         </Tag>
         <Tag>
           <Icon icon={'arrow-down-24'} iconSize={16} />
         </Tag>
-        <span class="text">{intl.get('universal_seach.navigate_text')}</span>
-      </div>
-    </div>
+        <x.span ml="6px">{intl.get('universal_seach.navigate_text')}</x.span>
+      </x.div>
+    </x.div>
   );
 }
 
+// UniversalSearchBar props
+interface UniversalSearchBarProps extends QueryListRendererProps {
+  /** Whether the search is open */
+  isOpen: boolean;
+  /** Callback when search type changes */
+  onSearchTypeChange?: (option: SearchTypeOption) => void;
+}
+
 /**
  * Universal search input bar with items list.
  */
-function UniversalSearchBar({ isOpen, onSearchTypeChange, ...listProps }) {
+function UniversalSearchBar({
+  isOpen,
+  onSearchTypeChange,
+  ...listProps
+}: UniversalSearchBarProps) {
   const { handleKeyDown, handleKeyUp } = listProps;
   const handlers = isOpen
     ? { onKeyDown: handleKeyDown, onKeyUp: handleKeyUp }
     : {};
 
   return (
-    <div
-      className={classNames(
-        CLASSES.UNIVERSAL_SEARCH_OMNIBAR,
-        listProps.className,
-      )}
-      {...handlers}
-    >
+    <x.div {...handlers}>
       <InputGroup
         large={true}
         leftIcon={<Icon icon={'universal-search'} iconSize={20} />}
@@ -155,17 +400,44 @@ function UniversalSearchBar({ isOpen, onSearchTypeChange, ...listProps }) {
         autoFocus={true}
       />
       {listProps.itemList}
-    </div>
+    </x.div>
   );
 }
 
+// UniversalSearch props
+export interface UniversalSearchProps {
+  /** Default search resource type */
+  defaultSearchResource?: ResourceType;
+  /** Controlled search resource type */
+  searchResource?: ResourceType;
+  /** Overlay props */
+  overlayProps?: OverlayProps;
+  /** Whether the search overlay is open */
+  isOpen: boolean;
+  /** Whether the search is loading */
+  isLoading: boolean;
+  /** Callback when search type changes */
+  onSearchTypeChange?: (resource: SearchTypeOption) => void;
+  /** Items to display */
+  items: UniversalSearchItem[];
+  /** Available search type options */
+  searchTypeOptions: SearchTypeOption[];
+  /** Renderer for items */
+  itemRenderer?: ItemRenderer<UniversalSearchItem>;
+  /** Callback when an item is selected */
+  onItemSelect?: (item: UniversalSearchItem, event?: any) => void;
+  /** Current query string */
+  query: string;
+  /** Callback when query changes */
+  onQueryChange?: (query: string) => void;
+}
+
 /**
  * Universal search.
  */
 export function UniversalSearch({
   defaultSearchResource,
   searchResource,
-
   overlayProps,
   isOpen,
   isLoading,
@@ -173,9 +445,9 @@ export function UniversalSearch({
   items,
   searchTypeOptions,
   ...queryListProps
-}) {
+}: UniversalSearchProps) {
   // Search type state.
-  const [searchType, setSearchType] = React.useState(
+  const [searchType, setSearchType] = React.useState<ResourceType>(
     defaultSearchResource || RESOURCES_TYPES.CUSTOMER,
   );
   // Handle search resource type controlled mode.
@@ -189,9 +461,9 @@ export function UniversalSearch({
   }, [searchResource, defaultSearchResource]);
 
   // Handle search type change.
-  const handleSearchTypeChange = (searchTypeResource) => {
+  const handleSearchTypeChange = (searchTypeResource: SearchTypeOption) => {
     setSearchType(searchTypeResource.key);
-    onSearchTypeChange && onSearchTypeChange(searchTypeResource);
+    onSearchTypeChange?.(searchTypeResource);
   };
   // Filters query list items based on the given search type.
   const filteredItems = filterItemsByResourceType(items, searchType);
@@ -200,7 +472,7 @@ export function UniversalSearch({
     <Overlay
       hasBackdrop={true}
       isOpen={isOpen}
-      className={classNames(CLASSES.UNIVERSAL_SEARCH_OVERLAY)}
+      className={overlayStyles}
       {...overlayProps}
     >
       <UniversalSearchProvider
@@ -209,7 +481,7 @@ export function UniversalSearch({
         defaultSearchResource={defaultSearchResource}
         searchTypeOptions={searchTypeOptions}
       >
-        <div className={classNames(CLASSES.UNIVERSAL_SEARCH)}>
+        <x.div className={containerStyles}>
           <UniversalSearchQueryList
             isOpen={isOpen}
             isLoading={isLoading}
@@ -218,10 +490,10 @@ export function UniversalSearch({
             {...queryListProps}
             items={filteredItems}
           />
-          <div className={classNames(CLASSES.UNIVERSAL_SEARCH_FOOTER)}>
+          <x.div className={footerStyles}>
             <UniversalQuerySearchActions />
-          </div>
-        </div>
+          </x.div>
+        </x.div>
       </UniversalSearchProvider>
     </Overlay>
   );

packages/webapp/src/components/UniversalSearch/UniversalSearchProvider.tsx

@@ -1,30 +1,82 @@
-// @ts-nocheck
-import React, { createContext } from 'react';
+import React, { createContext, ReactNode, useContext } from 'react';
 
-const UniversalSearchContext = createContext();
+// The resource type value from RESOURCES_TYPES constant
+type ResourceType = string;
+
+// Search type option item
+interface SearchTypeOption {
+  key: ResourceType;
+  label: string;
+}
+
+// Context value type
+interface UniversalSearchContextValue {
+  /** Whether the search is loading */
+  isLoading: boolean;
+  /** Current search type/resource type */
+  searchType: ResourceType;
+  /** Default search resource type */
+  defaultSearchResource?: ResourceType;
+  /** List of available search type options */
+  searchTypeOptions: SearchTypeOption[];
+}
+
+// Create the context with undefined as initial value
+const UniversalSearchContext = createContext<
+  UniversalSearchContextValue | undefined
+>(undefined);
+
+// Provider props interface
+interface UniversalSearchProviderProps {
+  /** Whether the search is loading */
+  isLoading: boolean;
+  /** Default search resource type */
+  defaultSearchResource?: ResourceType;
+  /** Current search type/resource type */
+  searchType: ResourceType;
+  /** List of available search type options */
+  searchTypeOptions: SearchTypeOption[];
+  /** Child elements */
+  children: ReactNode;
+}
 
 /**
  * Universal search data provider.
  */
-function UniversalSearchProvider({
+export function UniversalSearchProvider({
   isLoading,
   defaultSearchResource,
   searchType,
   searchTypeOptions,
-  ...props
-}) {
+  children,
+}: UniversalSearchProviderProps) {
   // Provider payload.
-  const provider = {
+  const provider: UniversalSearchContextValue = {
     isLoading,
     searchType,
     defaultSearchResource,
     searchTypeOptions,
   };
 
-  return <UniversalSearchContext.Provider value={provider} {...props} />;
+  return (
+    <UniversalSearchContext.Provider value={provider}>
+      {children}
+    </UniversalSearchContext.Provider>
+  );
 }
 
-const useUniversalSearchContext = () =>
-  React.useContext(UniversalSearchContext);
+/**
+ * Hook to access the universal search context.
+ * @throws Error if used outside of UniversalSearchProvider
+ */
+export const useUniversalSearchContext = (): UniversalSearchContextValue => {
+  const context = useContext(UniversalSearchContext);
 
-export { UniversalSearchProvider, useUniversalSearchContext };
+  if (context === undefined) {
+    throw new Error(
+      'useUniversalSearchContext must be used within a UniversalSearchProvider',
+    );
+  }
+
+  return context;
+};

packages/webapp/src/components/Utils/If.tsx

@@ -1,12 +1,10 @@
-// @ts-nocheck
-import React from 'react';
-import PropTypes from 'prop-types';
+import React, { ReactNode } from 'react';
 
-export const If = (props) =>
-  props.condition ? (props.render ? props.render() : props.children) : null;
+interface IfProps {
+  condition: boolean;
+  children?: ReactNode;
+  render?: () => ReactNode;
+}
 
-If.propTypes = {
-  // condition: PropTypes.bool.isRequired,
-  children: PropTypes.node,
-  render: PropTypes.func,
-};
+export const If = (props: IfProps): React.ReactElement | null =>
+  props.condition ? (props.render ? <>{props.render()}</> : <>{props.children}</>) : null;

packages/webapp/src/constants/allocateLandedCostType.tsx

@@ -1,7 +1,7 @@
 // @ts-nocheck
 import intl from 'react-intl-universal';
 
-export default [
+export const AllocateLandedCostType = [
   { name: intl.get('bills'), value: 'Bill' },
   { name: intl.get('expenses'), value: 'Expense' },
 ];

packages/webapp/src/constants/app.tsx

@@ -1,5 +1,5 @@
 // @ts-nocheck
-export default {
+export const App = {
   "app_name": "BigCapital",
   "app_version": "0.0.1 (build 12344)",
 }

packages/webapp/src/constants/contactsOptions.tsx

@@ -2,7 +2,7 @@
 import React from 'react';
 import intl from 'react-intl-universal';
 
-export default [
+export const ContactsOptions = [
   { name: intl.get('customer'), path: 'customers' },
   { name: intl.get('vendor'), path: 'vendors' },
 ];

packages/webapp/src/constants/keyboardShortcutsOptions.tsx

@@ -16,7 +16,7 @@ import {
   VendorAction,
 } from './abilityOption';
 
-export default [
+export const KeyboardShortcutsOptions = [
   {
     shortcut_key: 'Shift + I',
     description: intl.get('jump_to_the_invoices'),

packages/webapp/src/constants/preferencesMenu.tsx

@@ -2,7 +2,7 @@
 import React from 'react';
 import { FormattedMessage as T } from '@/components';
 
-export default [
+export const PreferencesMenu = [
   {
     text: <T id={'general'} />,
     disabled: false,
@@ -13,10 +13,10 @@ export default [
     disabled: false,
     href: '/preferences/branding',
   },
-  {
-    text: 'Billing',
-    href: '/preferences/billing',
-  },
+  // {
+  //   text: 'Billing',
+  //   href: '/preferences/billing',
+  // },
   {
     text: <T id={'users'} />,
     href: '/preferences/users',
@@ -63,11 +63,11 @@ export default [
     disabled: false,
     href: '/preferences/items',
   },
-  {
-    text: 'Integrations',
-    disabled: false,
-    href: '/preferences/integrations'
-  },
+  // {
+  //   text: 'Integrations',
+  //   disabled: false,
+  //   href: '/preferences/integrations'
+  // },
   {
     text: 'API Keys',
     disabled: false,

packages/webapp/src/containers/Accounting/MakeJournal/MakeJournalFormFloatingActions.tsx

@@ -32,38 +32,38 @@ export default function MakeJournalFloatingAction() {
 
   // Handle submit & publish button click.
   const handleSubmitPublishBtnClick = (event) => {
-    submitForm();
     setSubmitPayload({ redirect: true, publish: true });
+    submitForm();
   };
 
   // Handle submit, publish & new button click.
   const handleSubmitPublishAndNewBtnClick = (event) => {
-    submitForm();
     setSubmitPayload({ redirect: false, publish: true, resetForm: true });
+    submitForm();
   };
 
   // Handle submit, publish & edit button click.
   const handleSubmitPublishContinueEditingBtnClick = (event) => {
-    submitForm();
     setSubmitPayload({ redirect: false, publish: true });
+    submitForm();
   };
 
   // Handle submit as draft button click.
   const handleSubmitDraftBtnClick = (event) => {
-    submitForm();
     setSubmitPayload({ redirect: true, publish: false });
+    submitForm();
   };
 
   // Handle submit as draft & new button click.
   const handleSubmitDraftAndNewBtnClick = (event) => {
-    submitForm();
     setSubmitPayload({ redirect: false, publish: false, resetForm: true });
+    submitForm();
   };
 
   // Handle submit as draft & continue editing button click.
   const handleSubmitDraftContinueEditingBtnClick = (event) => {
-    submitForm();
     setSubmitPayload({ redirect: false, publish: false });
+    submitForm();
   };
 
   // Handle cancel button click.

packages/webapp/src/containers/Accounts/utils.tsx

@@ -8,6 +8,11 @@ import { If, AppToaster } from '@/components';
 import { NormalCell, BalanceCell, BankBalanceCell } from './components';
 import { transformTableStateToQuery, isBlank } from '@/utils';
 
+export const DeleteAccountTypeError = {
+  AccountPredefined: 'account_predefined',
+  AccountHasAssociatedTransactions: 'account_has_associated_transactions',
+};
+
 /**
  * Account name accessor.
  */
@@ -26,13 +31,13 @@ export const accountNameAccessor = (account) => {
  * Handle delete errors in bulk and singular.
  */
 export const handleDeleteErrors = (errors) => {
-  if (errors.find((e) => e.type === 'ACCOUNT.PREDEFINED')) {
+  if (errors.find((e) => e.type === DeleteAccountTypeError.AccountPredefined)) {
     AppToaster.show({
       message: intl.get('cannot_delete_predefined_accounts'),
       intent: Intent.DANGER,
     });
   }
-  if (errors.find((e) => e.type === 'ACCOUNT.HAS.ASSOCIATED.TRANSACTIONS')) {
+  if (errors.find((e) => e.type === DeleteAccountTypeError.AccountHasAssociatedTransactions)) {
     AppToaster.show({
       message: intl.get('cannot_delete_account_has_associated_transactions'),
       intent: Intent.DANGER,

packages/webapp/src/containers/Customers/CustomerForm/CustomerForm.schema.tsx

@@ -17,8 +17,8 @@ const Schema = Yup.object().shape({
     .label(intl.get('display_name_')),
 
   email: Yup.string().email().nullable(),
-  work_phone: Yup.number(),
-  personal_phone: Yup.number(),
+  work_phone: Yup.string().nullable(),
+  personal_phone: Yup.string().nullable(),
   website: Yup.string().url().nullable(),
 
   active: Yup.boolean(),
@@ -30,7 +30,7 @@ const Schema = Yup.object().shape({
   billing_address_city: Yup.string().trim(),
   billing_address_state: Yup.string().trim(),
   billing_address_postcode: Yup.string().nullable(),
-  billing_address_phone: Yup.number(),
+  billing_address_phone: Yup.string().nullable(),
 
   shipping_address_country: Yup.string().trim(),
   shipping_address_1: Yup.string().trim(),
@@ -38,7 +38,7 @@ const Schema = Yup.object().shape({
   shipping_address_city: Yup.string().trim(),
   shipping_address_state: Yup.string().trim(),
   shipping_address_postcode: Yup.string().nullable(),
-  shipping_address_phone: Yup.number(),
+  shipping_address_phone: Yup.string().nullable(),
 
   opening_balance: Yup.number().nullable(),
   currency_code: Yup.string(),

packages/webapp/src/containers/Dialogs/AllocateLandedCostDialog/AllocateLandedCostFormFields.tsx

@@ -16,7 +16,7 @@ import { FormattedMessage as T, If, FFormGroup, FSelect, FRadioGroup, FInputGrou
 import { handleStringChange } from '@/utils';
 import { FieldRequiredHint } from '@/components';
 import { CLASSES } from '@/constants/classes';
-import allocateLandedCostType from '@/constants/allocateLandedCostType';
+import { AllocateLandedCostType } from '@/constants/allocateLandedCostType';
 
 import AllocateLandedCostFormBody from './AllocateLandedCostFormBody';
 import {
@@ -81,7 +81,7 @@ export default function AllocateLandedCostFormFields() {
       >
         <FSelect
           name={'transaction_type'}
-          items={allocateLandedCostType}
+          items={AllocateLandedCostType}
           onItemChange={handleTransactionTypeChange}
           filterable={false}
           valueAccessor={'value'}

packages/webapp/src/containers/Dialogs/ContactDuplicateDialog/ContactDuplicateForm.tsx

@@ -9,7 +9,7 @@ import { FormattedMessage as T } from '@/components';
 import { useHistory } from 'react-router-dom';
 import { useContactDuplicateFromContext } from './ContactDuplicateProvider';
 
-import Contacts from '@/constants/contactsOptions';
+import { ContactsOptions } from '@/constants/contactsOptions';
 
 import { withDialogActions } from '@/containers/Dialog/withDialogActions';
 import { compose } from '@/utils';
@@ -66,7 +66,7 @@ function ContactDuplicateForm({
             >
               <FSelect
                 name={'contact_type'}
-                items={Contacts}
+                items={ContactsOptions}
                 placeholder={<T id={'select_contact'} />}
                 textAccessor={'name'}
                 valueAccessor={'path'}

packages/webapp/src/containers/Drawers/ContactDetailDrawer/ContactDetailActionsBar.tsx

@@ -15,7 +15,7 @@ import { useContactDetailDrawerContext } from './ContactDetailDrawerProvider';
 import { withAlertActions } from '@/containers/Alert/withAlertActions';
 import { withDrawerActions } from '@/containers/Drawer/withDrawerActions';
 
-import { DashboardActionsBar, Icon, FormattedMessage as T } from '@/components';
+import { DrawerActionsBar, Icon, FormattedMessage as T } from '@/components';
 
 import { safeCallback, compose } from '@/utils';
 
@@ -46,7 +46,7 @@ function ContactDetailActionsBar({
   };
 
   return (
-    <DashboardActionsBar>
+    <DrawerActionsBar>
       <NavbarGroup>
         <Button
           className={Classes.MINIMAL}
@@ -63,7 +63,7 @@ function ContactDetailActionsBar({
           onClick={safeCallback(onDeleteContact)}
         />
       </NavbarGroup>
-    </DashboardActionsBar>
+    </DrawerActionsBar>
   );
 }
 

packages/webapp/src/containers/Drawers/CustomerDetailsDrawer/CustomerDetailsActionsBar.tsx

@@ -23,7 +23,6 @@ import { withDialogActions } from '@/containers/Dialog/withDialogActions';
 import { withDrawerActions } from '@/containers/Drawer/withDrawerActions';
 
 import {
-  DashboardActionsBar,
   Can,
   Icon,
   FormattedMessage as T,

packages/webapp/src/containers/Drawers/VendorCreditDetailDrawer/VendorCreditDetailActionsBar.tsx

@@ -20,7 +20,7 @@ import {
   If,
   Icon,
   FormattedMessage as T,
-  DashboardActionsBar,
+  DrawerActionsBar,
   Can,
 } from '@/components';
 
@@ -63,7 +63,7 @@ function VendorCreditDetailActionsBar({
   };
 
   return (
-    <DashboardActionsBar>
+    <DrawerActionsBar>
       <NavbarGroup>
         <Can I={VendorCreditAction.Edit} a={AbilitySubject.VendorCredit}>
           <Button
@@ -105,7 +105,7 @@ function VendorCreditDetailActionsBar({
           </If>
         </Can>
       </NavbarGroup>
-    </DashboardActionsBar>
+    </DrawerActionsBar>
   );
 }
 

packages/webapp/src/containers/FinancialStatements/GeneralLedger/dynamicColumns.ts

@@ -1,8 +1,20 @@
 // @ts-nocheck
+import React from 'react';
 import { getColumnWidth } from '@/utils';
 import * as R from 'ramda';
 import { useGeneralLedgerContext } from './GeneralLedgerProvider';
-import { Align } from '@/constants';
+import { Align, CLASSES } from '@/constants';
+
+/**
+ * Description cell – wraps value in a div with muted text class.
+ */
+function DescriptionCell({ cell: { value } }) {
+  return React.createElement(
+    'div',
+    { className: `cell ${CLASSES.TEXT_MUTED}` },
+    value,
+  );
+}
 
 const getTableCellValueAccessor = (index) => `cells[${index}].value`;
 
@@ -75,6 +87,16 @@ const transactionIdColumnAccessor = (column) => {
   };
 };
 
+/**
+ * Description column accessor (muted text in wrapped cell).
+ */
+const descriptionColumnAccessor = (column) => {
+  return {
+    ...column,
+    Cell: DescriptionCell,
+  };
+};
+
 const dynamiColumnMapper = R.curry((data, column) => {
   const _numericColumnAccessor = numericColumnAccessor(data);
 
@@ -88,6 +110,7 @@ const dynamiColumnMapper = R.curry((data, column) => {
       R.pathEq(['key'], 'reference_number'),
       transactionIdColumnAccessor,
     ),
+    R.when(R.pathEq(['key'], 'description'), descriptionColumnAccessor),
     R.when(R.pathEq(['key'], 'credit'), _numericColumnAccessor),
     R.when(R.pathEq(['key'], 'debit'), _numericColumnAccessor),
     R.when(R.pathEq(['key'], 'amount'), _numericColumnAccessor),

packages/webapp/src/containers/FinancialStatements/Journal/dynamicColumns.ts

@@ -1,9 +1,21 @@
 // @ts-nocheck
-import { Align } from '@/constants';
+import React from 'react';
+import { Align, CLASSES } from '@/constants';
 import { getColumnWidth } from '@/utils';
 import * as R from 'ramda';
 import { useJournalSheetContext } from './JournalProvider';
 
+/**
+ * Description cell – wraps value in a div with muted text class.
+ */
+function DescriptionCell({ cell: { value } }) {
+  return React.createElement(
+    'span',
+    { className: `cell ${CLASSES.TEXT_MUTED}` },
+    value,
+  );
+}
+
 const getTableCellValueAccessor = (index) => `cells[${index}].value`;
 
 const getReportColWidth = (data, accessor, headerText) => {
@@ -86,6 +98,16 @@ const accountCodeColumnAccessor = (column) => {
   };
 };
 
+/**
+ * Description column accessor (muted text in wrapped cell).
+ */
+const descriptionColumnAccessor = (column) => {
+  return {
+    ...column,
+    Cell: DescriptionCell,
+  };
+};
+
 /**
  * Dynamic column mapper.
  * @param {} data -
@@ -105,6 +127,7 @@ const dynamicColumnMapper = R.curry((data, column) => {
       R.pathEq(['key'], 'transaction_number'),
       transactionNumberColumnAccessor,
     ),
+    R.when(R.pathEq(['key'], 'description'), descriptionColumnAccessor),
     R.when(R.pathEq(['key'], 'account_code'), accountCodeColumnAccessor),
     R.when(R.pathEq(['key'], 'credit'), _numericColumnAccessor),
     R.when(R.pathEq(['key'], 'debit'), _numericColumnAccessor),
@@ -113,7 +136,7 @@ const dynamicColumnMapper = R.curry((data, column) => {
 });
 
 /**
- * Composes the fetched dynamic columns from the server to the columns to pass it 
+ * Composes the fetched dynamic columns from the server to the columns to pass it
  * to the table component.
  */
 export const dynamicColumns = (columns, data) => {

packages/webapp/src/containers/GlobalErrors/GlobalErrors.tsx

@@ -57,7 +57,7 @@ function GlobalErrors({
   if (globalErrors.access_denied) {
     toastKeySomethingWrong = AppToaster.show(
       {
-        message: intl.get('global_error.you_dont_have_permissions'),
+        message: globalErrors.access_denied.message || intl.get('global_error.you_dont_have_permissions'),
         intent: Intent.DANGER,
         onDismiss: () => {
           globalErrorsSet({ access_denied: false });

packages/webapp/src/containers/Items/utils.tsx

@@ -14,6 +14,18 @@ import { useSettingsSelector } from '@/hooks/state';
 import { transformItemFormData } from './ItemForm.schema';
 import { useWatch } from '@/hooks/utils';
 
+/**
+ * Error types for item operations.
+ */
+export const ItemErrorType = {
+  ItemNameExists: 'ITEM_NAME_EXISTS',
+  InventoryAccountCannotModified: 'INVENTORY_ACCOUNT_CANNOT_MODIFIED',
+  TypeCannotChangeWithItemHasTransactions: 'TYPE_CANNOT_CHANGE_WITH_ITEM_HAS_TRANSACTIONS',
+  ItemHasAssociatedTransactions: 'ITEM_HAS_ASSOCIATED_TRANSACTINS',
+  ItemHasAssociatedInventoryAdjustment: 'ITEM_HAS_ASSOCIATED_INVENTORY_ADJUSTMENT',
+  ItemHasAssociatedTransactionsPlural: 'ITEM_HAS_ASSOCIATED_TRANSACTIONS',
+} as const;
+
 const defaultInitialValues = {
   active: 1,
   name: '',
@@ -74,7 +86,7 @@ export const transitionItemTypeKeyToLabel = (itemTypeKey) => {
 // handle delete errors.
 export const handleDeleteErrors = (errors) => {
   if (
-    errors.find((error) => error.type === 'ITEM_HAS_ASSOCIATED_TRANSACTINS')
+    errors.find((error) => error.type === ItemErrorType.ItemHasAssociatedTransactions)
   ) {
     AppToaster.show({
       message: intl.get('the_item_has_associated_transactions'),
@@ -84,7 +96,7 @@ export const handleDeleteErrors = (errors) => {
 
   if (
     errors.find(
-      (error) => error.type === 'ITEM_HAS_ASSOCIATED_INVENTORY_ADJUSTMENT',
+      (error) => error.type === ItemErrorType.ItemHasAssociatedInventoryAdjustment,
     )
   ) {
     AppToaster.show({
@@ -96,7 +108,7 @@ export const handleDeleteErrors = (errors) => {
   }
   if (
     errors.find(
-      (error) => error.type === 'TYPE_CANNOT_CHANGE_WITH_ITEM_HAS_TRANSACTIONS',
+      (error) => error.type === ItemErrorType.TypeCannotChangeWithItemHasTransactions,
     )
   ) {
     AppToaster.show({
@@ -107,7 +119,7 @@ export const handleDeleteErrors = (errors) => {
     });
   }
   if (
-    errors.find((error) => error.type === 'ITEM_HAS_ASSOCIATED_TRANSACTIONS')
+    errors.find((error) => error.type === ItemErrorType.ItemHasAssociatedTransactionsPlural)
   ) {
     AppToaster.show({
       message: intl.get('item.error.you_could_not_delete_item_has_associated'),
@@ -214,10 +226,10 @@ export const transformSubmitRequestErrors = (error) => {
   } = error;
   const fields = {};
 
-  if (errors.find((e) => e.type === 'ITEM.NAME.ALREADY.EXISTS')) {
+  if (errors.find((e) => e.type === ItemErrorType.ItemNameExists)) {
     fields.name = intl.get('the_name_used_before');
   }
-  if (errors.find((e) => e.type === 'INVENTORY_ACCOUNT_CANNOT_MODIFIED')) {
+  if (errors.find((e) => e.type === ItemErrorType.InventoryAccountCannotModified)) {
     AppToaster.show({
       message: intl.get('cannot_change_item_inventory_account'),
       intent: Intent.DANGER,
@@ -225,7 +237,7 @@ export const transformSubmitRequestErrors = (error) => {
   }
   if (
     errors.find(
-      (e) => e.type === 'TYPE_CANNOT_CHANGE_WITH_ITEM_HAS_TRANSACTIONS',
+      (e) => e.type === ItemErrorType.TypeCannotChangeWithItemHasTransactions,
     )
   ) {
     AppToaster.show({

packages/webapp/src/containers/Preferences/Warehouses/components.tsx

@@ -87,7 +87,7 @@ export function WarehousesGridItemBox({
     <WarehouseBoxRoot>
       <WarehouseHeader>
         <WarehouseTitle>
-          {title} {primary && <Icon icon={'star-18dp'} iconSize={16} />}
+          {title} {primary ? <Icon icon={'star-18dp'} iconSize={16} /> : null}
         </WarehouseTitle>
         <WarehouseCode>{code}</WarehouseCode>
         <WarehouseIcon>
@@ -118,12 +118,21 @@ export const WarehousesList = styled.div`
 `;
 
 export const WarehouseBoxRoot = styled.div`
+  --x-box-border-color: #c8cad0;
+  --x-box-background-color: #fff;
+  --x-box-hover-border-color: #0153cc;
+
+  .bp4-dark & {
+    --x-box-border-color: rgba(255, 255, 255, 0.2);
+    --x-box-background-color: var(--color-dark-gray3);
+    --x-box-hover-border-color: #0153cc;
+  }
   display: flex;
   flex-direction: column;
   flex-shrink: 0;
   border-radius: 5px;
-  border: 1px solid #c8cad0;
-  background: #fff;
+  border: 1px solid var(--x-box-border-color);
+  background: var(--x-box-background-color);
   margin: 5px 5px 8px;
   width: 200px;
   height: 160px;
@@ -132,7 +141,7 @@ export const WarehouseBoxRoot = styled.div`
   position: relative;
 
   &:hover {
-    border-color: #0153cc;
+    border-color: var(--x-box-hover-border-color);
   }
 `;
 
@@ -143,9 +152,16 @@ export const WarehouseHeader = styled.div`
 `;
 
 export const WarehouseTitle = styled.div`
+  --x-title-color: #000;
+  --x-title-icon-color: #e1b31d;
+
+  .bp4-dark & {
+    --x-title-color: var(--color-light-gray5);
+    --x-title-icon-color: #e1b31d;
+  }
   font-size: 14px;
   font-style: inherit;
-  color: #000;
+  color: var(--x-title-color);
   white-space: nowrap;
   font-weight: 500;
   line-height: 1;
@@ -154,14 +170,19 @@ export const WarehouseTitle = styled.div`
     margin: 0;
     margin-left: 2px;
     vertical-align: top;
-    color: #e1b31d;
+    color: var(--x-title-icon-color);
   }
 `;
 
 const WarehouseCode = styled.div`
+  --x-code-color: #6b7176;
+
+  .bp4-dark & {
+    --x-code-color: var(--color-muted-text);
+  }
   display: block;
   font-size: 11px;
-  color: #6b7176;
+  color: var(--x-code-color);
   margin-top: 4px;
 `;
 
@@ -178,8 +199,13 @@ const WarehouseContent = styled.div`
 `;
 
 const WarehouseItem = styled.div`
+  --x-item-color: #000;
+
+  .bp4-dark & {
+    --x-item-color: var(--color-light-gray1);
+  }
   font-size: 11px;
-  color: #000;
+  color: var(--x-item-color);
   text-overflow: ellipsis;
   overflow: hidden;