Dev

package.json

@@ -46,13 +46,15 @@
 	"dependencies": {
 		"@fortawesome/free-brands-svg-icons": "^6.7.2",
 		"@fortawesome/free-solid-svg-icons": "^6.7.2",
+		"@lucide/svelte": "^0.511.0",
 		"@prisma/client": "6.5.0",
 		"axios": "^1.8.4",
 		"date-fns": "^4.1.0",
 		"flowbite-svelte-blocks": "^1.1.4",
 		"flowbite-svelte-icons": "^2.1.1",
 		"marked": "^15.0.8",
 		"svelte-fa": "^4.0.3",
-		"uuid": "^11.1.0"
+		"uuid": "^11.1.0",
+		"zod": "^3.25.28"
 	}
 }

prisma/migrations/20250524154126_/migration.sql

@@ -0,0 +1,5 @@
+-- AlterTable
+ALTER TABLE "Comment" ADD COLUMN     "taskId" TEXT;
+
+-- AddForeignKey
+ALTER TABLE "Comment" ADD CONSTRAINT "Comment_taskId_fkey" FOREIGN KEY ("taskId") REFERENCES "Task"("id") ON DELETE SET NULL ON UPDATE CASCADE;

prisma/schema.prisma

@@ -30,8 +30,8 @@ model User {
   contacts          Contact[]
   leads             Lead[]
   opportunities     Opportunity[]
-  tasks             Task[]
-  events            Event[]
+  tasks             Task[] // Tasks created by user
+  events            Event[] // Events created by user
   ownedTasks        Task[]              @relation("TaskOwner")
   ownedEvents       Event[]             @relation("EventOwner")
   cases             Case[]
@@ -281,6 +281,7 @@ model Task {
   caseId         String?
   organization   Organization @relation(fields: [organizationId], references: [id])
   organizationId String
+  comments       Comment[]    @relation("TaskComments")
 }
 
 model Event {
@@ -404,6 +405,8 @@ model Comment {
   accountId      String?
   contact        Contact?     @relation(fields: [contactId], references: [id])
   contactId      String?
+  task           Task?        @relation("TaskComments", fields: [taskId], references: [id])
+  taskId         String?
 }
 
 model Quote {

src/routes/(app)/Sidebar.svelte

@@ -2,7 +2,7 @@
 	import { afterNavigate } from '$app/navigation';
 	import { page } from '$app/stores';
 	import Fa from 'svelte-fa';
-	import { faPieChart } from '@fortawesome/free-solid-svg-icons';
+	import { faPieChart, faQuestion } from '@fortawesome/free-solid-svg-icons';
 	import {
 		Sidebar,
 		SidebarDropdownItem,
@@ -134,6 +134,20 @@
 						class={`${mainSidebarUrl === '/app/invoices/new' ? 'bg-gray-100 font-semibold dark:bg-gray-700' : ''}`}
 					/>
 				</SidebarDropdownWrapper> -->
+
+				<SidebarItem
+					label="Support"
+					href="/app/support"
+					class={`${mainSidebarUrl === '/app/support' ? 'flex p-2 items-center rounded-lg bg-gray-100 font-semibold dark:bg-gray-700' : ''}`}
+					spanClass="ml-3"
+				>
+					<svelte:fragment slot="icon">
+						<Fa
+							icon={faQuestion}
+							class={`${iconClass} ${mainSidebarUrl === '/app/support' ? 'text-gray-900 dark:text-white' : ''}`}
+						/>
+					</svelte:fragment>
+				</SidebarItem>
 			</SidebarGroup>
 
 		</nav>

src/routes/(app)/app/accounts/+page.server.js

@@ -1,8 +1,9 @@
 import { error } from '@sveltejs/kit';
 import prisma from '$lib/prisma';
 
-export async function load({ locals, url }) {
-
+export async function load({ locals, url, params }) {
+    const org = locals.org;
+
     const page = parseInt(url.searchParams.get('page') || '1');
     const limit = parseInt(url.searchParams.get('limit') || '10');
     const sort = url.searchParams.get('sort') || 'name';
@@ -12,7 +13,7 @@ export async function load({ locals, url }) {
 
     try {
         // Build the where clause for filtering
-        const where = {};
+        const where = {organizationId: org.id};
 
         // Add status filter
         const status = url.searchParams.get('status');

src/routes/(app)/app/accounts/[accountId]/+page.server.js

@@ -2,14 +2,17 @@ import { error, fail } from '@sveltejs/kit';
 import prisma from '$lib/prisma';
 
 /** @type {import('./$types').PageServerLoad} */
-export async function load({ params, url }) {
+export async function load({ params, url, locals }) {
+  const user = locals.user;
+  const org = locals.org;
   try {
     const accountId = params.accountId;
 
     // Fetch account details
     const account = await prisma.account.findUnique({
       where: {
-        id: accountId
+        id: accountId,
+        organizationId: org.id
       }
     });
 
@@ -127,10 +130,7 @@ export const actions = {
   closeAccount: async ({ params, request, locals }) => {
     try {
       const user = locals.user;
-
-      if (!user) {
-        return fail(401, { success: false, message: 'Unauthorized' });
-      }
+      const org = locals.org;
 
       const { accountId } = params;
       const formData = await request.formData();
@@ -142,7 +142,7 @@ export const actions = {
 
       // Fetch the account to verify it exists
       const account = await prisma.account.findUnique({
-        where: { id: accountId },
+        where: { id: accountId, organizationId: org.id },
         select: {
           id: true,
           closedAt: true,
@@ -169,8 +169,7 @@ export const actions = {
 
       const hasPermission =
         user.id === account.ownerId ||
-        userOrg?.role === 'ADMIN' ||
-        userOrg?.role === 'SALES_MANAGER';
+        userOrg?.role === 'ADMIN';
 
       if (!hasPermission) {
         return fail(403, { success: false, message: 'Permission denied. Only account owners, sales managers, or admins can close accounts.' });
@@ -210,16 +209,13 @@ export const actions = {
   reopenAccount: async ({ params, request, locals }) => {
     try {
       const user = locals.user;
-
-      if (!user) {
-        return fail(401, { success: false, message: 'Unauthorized' });
-      }
+      const org = locals.org;
 
       const { accountId } = params;
 
       // Fetch the account to verify it exists
       const account = await prisma.account.findUnique({
-        where: { id: accountId },
+        where: { id: accountId, organizationId: org.id },
         select: {
           id: true,
           closedAt: true,
@@ -247,8 +243,7 @@ export const actions = {
 
       const hasPermission =
         user.id === account.ownerId ||
-        userOrg?.role === 'ADMIN' ||
-        userOrg?.role === 'SALES_MANAGER';
+        userOrg?.role === 'ADMIN';
 
       if (!hasPermission) {
         return fail(403, { success: false, message: 'Permission denied. Only account owners, sales managers, or admins can reopen accounts.' });
@@ -294,9 +289,8 @@ export const actions = {
   addContact: async ({ params, request, locals }) => {
     try {
       const user = locals.user;
-      if (!user) {
-        return fail(401, { success: false, message: 'Unauthorized' });
-      }
+      const org = locals.org;
+
       const { accountId } = params;
       let data;
       // Support both JSON and form submissions
@@ -312,6 +306,14 @@ export const actions = {
       if (!firstName || !lastName) {
         return fail(400, { success: false, message: 'First and last name are required.' });
       }
+
+      // check if the account exists and belongs to the organization
+      const account = await prisma.account.findUnique({
+        where: { id: accountId, organizationId: org.id }
+      });
+      if (!account) {
+        return fail(404, { success: false, message: 'Account not found or does not belong to this organization.' });
+      }
       // Create the contact
       const contact = await prisma.contact.create({
         data: {
@@ -321,7 +323,7 @@ export const actions = {
           phone: data.phone?.toString() || null,
           title: data.title?.toString() || null,
           ownerId: user.id,
-          organizationId: (await prisma.account.findUnique({ where: { id: accountId }, select: { organizationId: true } })).organizationId
+          organizationId: org.id,
         }
       });
       // Link contact to account
@@ -342,13 +344,9 @@ export const actions = {
 
   addOpportunity: async ({ params, request, locals }) => {
     try {
-      // @ts-ignore
       const user = locals.user;
-      // @ts-ignore
       const org = locals.org;
-      if (!user || !org) {
-        return fail(401, { success: false, message: 'Unauthorized' });
-      }
+
       const { accountId } = params;
       const formData = await request.formData();
       const name = formData.get('name')?.toString().trim();
@@ -363,6 +361,15 @@ export const actions = {
       if (!name) {
         return fail(400, { success: false, message: 'Opportunity name is required.' });
       }
+
+      // chek if the account exists and belongs to the organization
+      const account = await prisma.account.findUnique({
+        where: { id: accountId, organizationId: org.id }
+      });
+      if (!account) {
+        return fail(404, { success: false, message: 'Account not found or does not belong to this organization.' });
+      }
+
       // Create the opportunity
       await prisma.opportunity.create({
         data: {
@@ -385,9 +392,10 @@ export const actions = {
 
   comment: async ({ request, params, locals }) => {
     const user = locals.user;
+    const org = locals.org;
     // Fallback: fetch account to get organizationId
     const account = await prisma.account.findUnique({
-      where: { id: params.accountId },
+      where: { id: params.accountId, organizationId: org.id },
       select: { organizationId: true, ownerId: true }
     });
     if (!account) {
@@ -414,9 +422,7 @@ export const actions = {
     try {
       const user = locals.user;
       const org = locals.org;
-      if (!user || !org) {
-        return fail(401, { success: false, message: 'Unauthorized' });
-      }
+
       const { accountId } = params;
       const formData = await request.formData();
       const subject = formData.get('subject')?.toString().trim();
@@ -427,9 +433,17 @@ export const actions = {
       if (!subject) {
         return fail(400, { success: false, message: 'Subject is required.' });
       }
+
+      // Check if the account exists and belongs to the organization
+      const account = await prisma.account.findUnique({
+        where: { id: accountId, organizationId: org.id }
+      });
+      if (!account) {
+        return fail(404, { success: false, message: 'Account not found or does not belong to this organization.' });
+      }
       // If no ownerId is provided, default to current user
       // if (!ownerId) ownerId = user.id;
-      console.log(user.id, org.id);
+      // console.log(user.id, org.id);
       const task = await prisma.task.create({
         data: {
           subject,

src/routes/(app)/app/accounts/[accountId]/delete/+page.server.js

@@ -1,12 +1,13 @@
 import prisma  from '$lib/prisma';
 import { error, fail, redirect } from '@sveltejs/kit';
 
-export async function load({ params }) {
+export async function load({ params, locals }) {
+  const org = locals.org;
   try {
     const accountId = params.accountId;
 
     const account = await prisma.account.findUnique({
-      where: { id: accountId },
+      where: { id: accountId, organizationId: org.id },
       select: {
         id: true,
         name: true,
@@ -72,13 +73,14 @@ export async function load({ params }) {
 }
 
 export const actions = {
-  default: async ({ params }) => {
+  default: async ({ params, locals }) => {
     try {
       const accountId = params.accountId;
+      const org = locals.org;
 
       // Check if account exists first
       const account = await prisma.account.findUnique({
-        where: { id: accountId },
+        where: { id: accountId, organizationId: org.id },
         include: {
           _count: {
             select: {