feat: add global settings for teams (#1391)

## Description This PR introduces global settings for teams. At the moment, it allows team admins to configure the following: * The default visibility of the documents uploaded to the team account * Whether to include the document owner (sender) details when sending emails to the recipients. ### Include Sender Details If the Sender Details setting is enabled, the emails sent by the team will include the sender's name: > "Example User" on behalf of "Example Team" has invited you to sign "document.pdf" Otherwise, the email will say: > "Example Team" has invited you to sign "document.pdf" ### Default Document Visibility This new option allows users to set the default visibility for the documents uploaded to the team account. It can have the following values: * Everyone * Manager and above * Admins only If the default document visibility isn't set, the document will be set to the role of the user who created the document: * If a user with the "User" role creates a document, the document's visibility is set to "Everyone". * Manager role -> "Manager and above" * Admin role -> "Admins only" Otherwise, if there is a default document visibility value, it uses that value. #### Gotcha To avoid issues, the `document owner` and the `recipient` can access the document irrespective of their role. For example: * If a team member with the role "Member" uploads a document and the default document visibility is "Admins", only the document owner and admins can access the document. * Similar to the other scenarios. * If an admin uploads a document and the default document visibility is "Admins", the recipient can access the document. * The admins have access to all the documents. * Managers have access to documents with the visibility set to "Everyone" and "Manager and above" * Members have access only to the documents with the visibility set to "Everyone". ## Testing Performed Tested it locally.
2025-11-13 00:03:33 +10:00 · 2024-11-08 13:50:49 +02:00
parent f6bcf921d5
commit 23a0537648
99 changed files with 4372 additions and 1037 deletions
--- a/packages/lib/server-only/document/create-document.ts
+++ b/packages/lib/server-only/document/create-document.ts
@ -5,7 +5,9 @@ import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-log
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
-import { DocumentSource, WebhookTriggerEvents } from '@documenso/prisma/client';
+import { DocumentSource, DocumentVisibility, WebhookTriggerEvents } from '@documenso/prisma/client';
+import type { Team, TeamGlobalSettings } from '@documenso/prisma/client';
+import { TeamMemberRole } from '@documenso/prisma/client';

 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';

@ -48,6 +50,51 @@ export const createDocument = async ({
    throw new AppError(AppErrorCode.NOT_FOUND, 'Team not found');
  }

+  let team: (Team & { teamGlobalSettings: TeamGlobalSettings | null }) | null = null;
+  let userTeamRole: TeamMemberRole | undefined;
+
+  if (teamId) {
+    const teamWithUserRole = await prisma.team.findFirstOrThrow({
+      where: {
+        id: teamId,
+      },
+      include: {
+        teamGlobalSettings: true,
+        members: {
+          where: {
+            userId: userId,
+          },
+          select: {
+            role: true,
+          },
+        },
+      },
+    });
+
+    team = teamWithUserRole;
+    userTeamRole = teamWithUserRole.members[0]?.role;
+  }
+
+  const determineVisibility = (
+    globalVisibility: DocumentVisibility | null | undefined,
+    userRole: TeamMemberRole,
+  ): DocumentVisibility => {
+    const defaultVisibility = globalVisibility ?? DocumentVisibility.EVERYONE;
+
+    if (userRole === TeamMemberRole.ADMIN) {
+      return defaultVisibility;
+    }
+
+    if (userRole === TeamMemberRole.MANAGER) {
+      if (defaultVisibility === DocumentVisibility.ADMIN) {
+        return DocumentVisibility.MANAGER_AND_ABOVE;
+      }
+      return defaultVisibility;
+    }
+
+    return DocumentVisibility.EVERYONE;
+  };
+
  return await prisma.$transaction(async (tx) => {
    const document = await tx.document.create({
      data: {
@ -56,8 +103,17 @@ export const createDocument = async ({
        documentDataId,
        userId,
        teamId,
+        visibility: determineVisibility(
+          team?.teamGlobalSettings?.documentVisibility,
+          userTeamRole ?? TeamMemberRole.MEMBER,
+        ),
        formValues,
        source: DocumentSource.DOCUMENT,
+        documentMeta: {
+          create: {
+            language: team?.teamGlobalSettings?.documentLanguage,
+          },
+        },
      },
    });