feat: fetch user profile with custom roles (HelixEngage Manager/User) after login, determine app role, pass to frontend

src/auth/auth.controller.ts

@@ -81,24 +81,64 @@ export class AuthController {
             }
 
             const tokens = tokenRes.data.data.getAuthTokensFromLoginToken.tokens;
+            const accessToken = tokens.accessOrWorkspaceAgnosticToken.token;
 
-            // Auto-login Ozonetel agent (fire and forget — don't block auth)
+            // Step 3: Fetch user profile with roles
-            const ozAgentId = process.env.OZONETEL_AGENT_ID ?? 'agent3';
+            const profileRes = await axios.post(this.graphqlUrl, {
-            const ozAgentPassword = process.env.OZONETEL_AGENT_PASSWORD ?? 'Test123$';
+                query: `{ currentUser { id email workspaceMember { id name { firstName lastName } userEmail avatarUrl roles { id label } } } }`,
-            const ozSipId = process.env.OZONETEL_SIP_ID ?? '521814';
+            }, {
-
+                headers: {
-            this.ozonetelAgent.loginAgent({
+                    'Content-Type': 'application/json',
-                agentId: ozAgentId,
+                    'Authorization': `Bearer ${accessToken}`,
-                password: ozAgentPassword,
+                },
-                phoneNumber: ozSipId,
-                mode: 'blended',
-            }).catch(err => {
-                this.logger.warn(`Ozonetel agent login failed (non-blocking): ${err.message}`);
             });
 
+            const currentUser = profileRes.data?.data?.currentUser;
+            const workspaceMember = currentUser?.workspaceMember;
+            const roles = workspaceMember?.roles ?? [];
+            const roleLabels = roles.map((r: any) => r.label);
+
+            // Determine app role from platform roles
+            let appRole = 'executive'; // default
+            if (roleLabels.includes('HelixEngage Manager')) {
+                appRole = 'admin';
+            } else if (roleLabels.includes('HelixEngage User')) {
+                // Distinguish CC agent from executive by email convention or config
+                // For now, emails containing 'cc' map to cc-agent
+                const email = workspaceMember?.userEmail ?? body.email;
+                appRole = email.includes('cc') ? 'cc-agent' : 'executive';
+            }
+
+            this.logger.log(`User ${body.email} logged in with role: ${appRole} (platform roles: ${roleLabels.join(', ')})`);
+
+            // Auto-login Ozonetel agent for CC agents (fire and forget)
+            if (appRole === 'cc-agent') {
+                const ozAgentId = process.env.OZONETEL_AGENT_ID ?? 'agent3';
+                const ozAgentPassword = process.env.OZONETEL_AGENT_PASSWORD ?? 'Test123$';
+                const ozSipId = process.env.OZONETEL_SIP_ID ?? '521814';
+
+                this.ozonetelAgent.loginAgent({
+                    agentId: ozAgentId,
+                    password: ozAgentPassword,
+                    phoneNumber: ozSipId,
+                    mode: 'blended',
+                }).catch(err => {
+                    this.logger.warn(`Ozonetel agent login failed (non-blocking): ${err.message}`);
+                });
+            }
+
             return {
-                accessToken: tokens.accessOrWorkspaceAgnosticToken.token,
+                accessToken,
                 refreshToken: tokens.refreshToken.token,
+                user: {
+                    id: currentUser?.id,
+                    email: currentUser?.email,
+                    firstName: workspaceMember?.name?.firstName ?? '',
+                    lastName: workspaceMember?.name?.lastName ?? '',
+                    avatarUrl: workspaceMember?.avatarUrl,
+                    role: appRole,
+                    platformRoles: roleLabels,
+                },
             };
         } catch (error) {
             if (error instanceof HttpException) throw error;