feat: fetch user profile with custom roles (HelixEngage Manager/User) after login, determine app role, pass to frontend

src/auth/auth.controller.ts

@@ -81,8 +81,38 @@ export class AuthController {
             }
 
             const tokens = tokenRes.data.data.getAuthTokensFromLoginToken.tokens;
+            const accessToken = tokens.accessOrWorkspaceAgnosticToken.token;
 
-            // Auto-login Ozonetel agent (fire and forget — don't block auth)
+            // Step 3: Fetch user profile with roles
+            const profileRes = await axios.post(this.graphqlUrl, {
+                query: `{ currentUser { id email workspaceMember { id name { firstName lastName } userEmail avatarUrl roles { id label } } } }`,
+            }, {
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Authorization': `Bearer ${accessToken}`,
+                },
+            });
+
+            const currentUser = profileRes.data?.data?.currentUser;
+            const workspaceMember = currentUser?.workspaceMember;
+            const roles = workspaceMember?.roles ?? [];
+            const roleLabels = roles.map((r: any) => r.label);
+
+            // Determine app role from platform roles
+            let appRole = 'executive'; // default
+            if (roleLabels.includes('HelixEngage Manager')) {
+                appRole = 'admin';
+            } else if (roleLabels.includes('HelixEngage User')) {
+                // Distinguish CC agent from executive by email convention or config
+                // For now, emails containing 'cc' map to cc-agent
+                const email = workspaceMember?.userEmail ?? body.email;
+                appRole = email.includes('cc') ? 'cc-agent' : 'executive';
+            }
+
+            this.logger.log(`User ${body.email} logged in with role: ${appRole} (platform roles: ${roleLabels.join(', ')})`);
+
+            // Auto-login Ozonetel agent for CC agents (fire and forget)
+            if (appRole === 'cc-agent') {
                 const ozAgentId = process.env.OZONETEL_AGENT_ID ?? 'agent3';
                 const ozAgentPassword = process.env.OZONETEL_AGENT_PASSWORD ?? 'Test123$';
                 const ozSipId = process.env.OZONETEL_SIP_ID ?? '521814';
@@ -95,10 +125,20 @@ export class AuthController {
                 }).catch(err => {
                     this.logger.warn(`Ozonetel agent login failed (non-blocking): ${err.message}`);
                 });
+            }
 
             return {
-                accessToken: tokens.accessOrWorkspaceAgnosticToken.token,
+                accessToken,
                 refreshToken: tokens.refreshToken.token,
+                user: {
+                    id: currentUser?.id,
+                    email: currentUser?.email,
+                    firstName: workspaceMember?.name?.firstName ?? '',
+                    lastName: workspaceMember?.name?.lastName ?? '',
+                    avatarUrl: workspaceMember?.avatarUrl,
+                    role: appRole,
+                    platformRoles: roleLabels,
+                },
             };
         } catch (error) {
             if (error instanceof HttpException) throw error;