feat: add teams (#848)

## Description

Add support for teams which will allow users to collaborate on
documents.

Teams features allows users to:

- Create, manage and transfer teams
- Manage team members
- Manage team emails
- Manage a shared team inbox and documents

These changes do NOT include the following, which are planned for a
future release:

- Team templates
- Team API
- Search menu integration

## Testing Performed

- Added E2E tests for general team management
- Added E2E tests to validate document counts

## Checklist

- [X] I have tested these changes locally and they work as expected.
- [X] I have added/updated tests that prove the effectiveness of these
changes.
- [ ] I have updated the documentation to reflect these changes, if
applicable.
- [X] I have followed the project's coding style guidelines.

packages/lib/server-only/team/delete-team-email.ts

@@ -0,0 +1,93 @@
+import { createElement } from 'react';
+
+import { mailer } from '@documenso/email/mailer';
+import { render } from '@documenso/email/render';
+import { TeamEmailRemovedTemplate } from '@documenso/email/templates/team-email-removed';
+import { WEBAPP_BASE_URL } from '@documenso/lib/constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '@documenso/lib/constants/email';
+import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
+import { prisma } from '@documenso/prisma';
+
+export type DeleteTeamEmailOptions = {
+  userId: number;
+  userEmail: string;
+  teamId: number;
+};
+
+/**
+ * Delete a team email.
+ *
+ * The user must either be part of the team with the required permissions, or the owner of the email.
+ */
+export const deleteTeamEmail = async ({ userId, userEmail, teamId }: DeleteTeamEmailOptions) => {
+  const team = await prisma.$transaction(async (tx) => {
+    const foundTeam = await tx.team.findFirstOrThrow({
+      where: {
+        id: teamId,
+        OR: [
+          {
+            teamEmail: {
+              email: userEmail,
+            },
+          },
+          {
+            members: {
+              some: {
+                userId,
+                role: {
+                  in: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_TEAM'],
+                },
+              },
+            },
+          },
+        ],
+      },
+      include: {
+        teamEmail: true,
+        owner: {
+          select: {
+            name: true,
+            email: true,
+          },
+        },
+      },
+    });
+
+    await tx.teamEmail.delete({
+      where: {
+        teamId,
+      },
+    });
+
+    return foundTeam;
+  });
+
+  try {
+    const assetBaseUrl = process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000';
+
+    const template = createElement(TeamEmailRemovedTemplate, {
+      assetBaseUrl,
+      baseUrl: WEBAPP_BASE_URL,
+      teamEmail: team.teamEmail?.email ?? '',
+      teamName: team.name,
+      teamUrl: team.url,
+    });
+
+    await mailer.sendMail({
+      to: {
+        address: team.owner.email,
+        name: team.owner.name ?? '',
+      },
+      from: {
+        name: FROM_NAME,
+        address: FROM_ADDRESS,
+      },
+      subject: `Team email has been revoked for ${team.name}`,
+      html: render(template),
+      text: render(template, { plainText: true }),
+    });
+  } catch (e) {
+    // Todo: Teams - Alert us.
+    // We don't want to prevent a user from revoking access because an email could not be sent.
+  }
+};