feat: team api tokens

2025-11-13 00:03:33 +10:00 · 2024-02-22 13:39:34 +11:00
parent 22e3a79a72
commit 2abcdd7533
36 changed files with 903 additions and 214 deletions
--- a/packages/lib/server-only/admin/get-all-documents.ts
+++ b/packages/lib/server-only/admin/get-all-documents.ts
@ -1,5 +1,5 @@
 import { prisma } from '@documenso/prisma';
-import { Prisma } from '@documenso/prisma/client';
+import type { Prisma } from '@documenso/prisma/client';

 export interface FindDocumentsOptions {
  term?: string;
--- a/packages/lib/server-only/document/delete-document.ts
+++ b/packages/lib/server-only/document/delete-document.ts
@ -14,39 +14,45 @@ import { FROM_ADDRESS, FROM_NAME } from '../../constants/email';
 export type DeleteDocumentOptions = {
  id: number;
  userId: number;
-  status: DocumentStatus;
+  teamId?: number;
 };

-export const deleteDocument = async ({ id, userId, status }: DeleteDocumentOptions) => {
+export const deleteDocument = async ({ id, userId, teamId }: DeleteDocumentOptions) => {
  // if the document is a draft, hard-delete
-  if (status === DocumentStatus.DRAFT) {
-    return await prisma.document.delete({ where: { id, userId, status: DocumentStatus.DRAFT } });
+  const document = await prisma.document.findUnique({
+    where: {
+      id,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+    include: {
+      Recipient: true,
+      documentMeta: true,
+      User: true,
+    },
+  });
+
+  if (!document) {
+    throw new Error('Document not found');
  }

+  const { status, User: user } = document;
+
  // if the document is pending, send cancellation emails to all recipients
  if (status === DocumentStatus.PENDING) {
-    const user = await prisma.user.findFirstOrThrow({
-      where: {
-        id: userId,
-      },
-    });
-
-    const document = await prisma.document.findUnique({
-      where: {
-        id,
-        status,
-        userId,
-      },
-      include: {
-        Recipient: true,
-        documentMeta: true,
-      },
-    });
-
-    if (!document) {
-      throw new Error('Document not found');
-    }
-
    if (document.Recipient.length > 0) {
      await Promise.all(
        document.Recipient.map(async (recipient) => {
@ -81,6 +87,7 @@ export const deleteDocument = async ({ id, userId, status }: DeleteDocumentOptio
  return await prisma.document.update({
    where: {
      id,
+      teamId,
    },
    data: {
      deletedAt: new Date().toISOString(),
--- a/packages/lib/server-only/document/resend-document.tsx
+++ b/packages/lib/server-only/document/resend-document.tsx
@ -16,9 +16,8 @@ import { prisma } from '@documenso/prisma';
 import { DocumentStatus, RecipientRole, SigningStatus } from '@documenso/prisma/client';
 import type { Prisma } from '@documenso/prisma/client';

-import { getDocumentWhereInput } from './get-document-by-id';
-
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
+import { getDocumentWhereInput } from './get-document-by-id';

 export type ResendDocumentOptions = {
  documentId: number;
--- a/packages/lib/server-only/document/send-document.tsx
+++ b/packages/lib/server-only/document/send-document.tsx
@ -20,12 +20,14 @@ import {
 export type SendDocumentOptions = {
  documentId: number;
  userId: number;
+  teamId?: number;
  requestMetadata?: RequestMetadata;
 };

 export const sendDocument = async ({
  documentId,
  userId,
+  teamId,
  requestMetadata,
 }: SendDocumentOptions) => {
  const user = await prisma.user.findFirstOrThrow({
@ -42,20 +44,21 @@ export const sendDocument = async ({
  const document = await prisma.document.findUnique({
    where: {
      id: documentId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
              },
            },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
    },
    include: {
      Recipient: true,
--- a/packages/lib/server-only/document/update-document.ts
+++ b/packages/lib/server-only/document/update-document.ts
@ -5,16 +5,36 @@ import type { Prisma } from '@prisma/client';
 import { prisma } from '@documenso/prisma';

 export type UpdateDocumentOptions = {
+  documentId: number;
  data: Prisma.DocumentUpdateInput;
  userId: number;
-  documentId: number;
+  teamId?: number;
 };

-export const updateDocument = async ({ documentId, userId, data }: UpdateDocumentOptions) => {
+export const updateDocument = async ({
+  documentId,
+  userId,
+  teamId,
+  data,
+}: UpdateDocumentOptions) => {
  return await prisma.document.update({
    where: {
      id: documentId,
-      userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
    },
    data: {
      ...data,
--- a/packages/lib/server-only/document/update-title.ts
+++ b/packages/lib/server-only/document/update-title.ts
@ -7,6 +7,7 @@ import { prisma } from '@documenso/prisma';

 export type UpdateTitleOptions = {
  userId: number;
+  teamId?: number;
  documentId: number;
  title: string;
  requestMetadata?: RequestMetadata;
@ -14,6 +15,7 @@ export type UpdateTitleOptions = {

 export const updateTitle = async ({
  userId,
+  teamId,
  documentId,
  title,
  requestMetadata,
@ -28,20 +30,21 @@ export const updateTitle = async ({
    const document = await tx.document.findFirstOrThrow({
      where: {
        id: documentId,
-        OR: [
-          {
-            userId,
-          },
-          {
-            team: {
-              members: {
-                some: {
-                  userId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
                },
              },
-            },
-          },
-        ],
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
      },
    });

--- a/packages/lib/server-only/field/create-field.ts
+++ b/packages/lib/server-only/field/create-field.ts
@ -1,8 +1,13 @@
 import { prisma } from '@documenso/prisma';
-import type { FieldType } from '@documenso/prisma/client';
+import type { FieldType, Team } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';

 export type CreateFieldOptions = {
  documentId: number;
+  userId: number;
+  teamId?: number;
  recipientId: number;
  type: FieldType;
  pageNumber: number;
@ -10,10 +15,13 @@ export type CreateFieldOptions = {
  pageY: number;
  pageWidth: number;
  pageHeight: number;
+  requestMetadata?: RequestMetadata;
 };

 export const createField = async ({
  documentId,
+  userId,
+  teamId,
  recipientId,
  type,
  pageNumber,
@ -21,7 +29,62 @@ export const createField = async ({
  pageY,
  pageWidth,
  pageHeight,
+  requestMetadata,
 }: CreateFieldOptions) => {
+  const document = await prisma.document.findFirst({
+    select: {
+      id: true,
+    },
+    where: {
+      id: documentId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+  });
+
+  if (!document) {
+    throw new Error('Document not found');
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
  const field = await prisma.field.create({
    data: {
      documentId,
@ -35,6 +98,28 @@ export const createField = async ({
      customText: '',
      inserted: false,
    },
+    include: {
+      Recipient: true,
+    },
+  });
+
+  await prisma.documentAuditLog.create({
+    data: createDocumentAuditLogData({
+      type: 'FIELD_CREATED',
+      documentId,
+      user: {
+        id: team?.id ?? user.id,
+        email: team?.name ?? user.email,
+        name: team ? '' : user.name,
+      },
+      data: {
+        fieldId: field.secondaryId,
+        fieldRecipientEmail: field.Recipient?.email ?? '',
+        fieldRecipientId: recipientId,
+        fieldType: field.type,
+      },
+      requestMetadata,
+    }),
  });

  return field;
--- a/packages/lib/server-only/field/delete-field.ts
+++ b/packages/lib/server-only/field/delete-field.ts
@ -1,16 +1,89 @@
 import { prisma } from '@documenso/prisma';
+import type { Team } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';

 export type DeleteFieldOptions = {
  fieldId: number;
  documentId: number;
+  userId: number;
+  teamId?: number;
+  requestMetadata?: RequestMetadata;
 };

-export const deleteField = async ({ fieldId, documentId }: DeleteFieldOptions) => {
+export const deleteField = async ({
+  fieldId,
+  userId,
+  teamId,
+  documentId,
+  requestMetadata,
+}: DeleteFieldOptions) => {
  const field = await prisma.field.delete({
    where: {
      id: fieldId,
-      documentId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
    },
+    include: {
+      Recipient: true,
+    },
+  });
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirstOrThrow({
+      where: {
+        id: teamId,
+      },
+    });
+  }
+
+  await prisma.documentAuditLog.create({
+    data: createDocumentAuditLogData({
+      type: 'FIELD_DELETED',
+      documentId,
+      user: {
+        id: team?.id ?? user.id,
+        email: team?.name ?? user.email,
+        name: team ? '' : user.name,
+      },
+      data: {
+        fieldId: field.secondaryId,
+        fieldRecipientEmail: field.Recipient?.email ?? '',
+        fieldRecipientId: field.recipientId ?? -1,
+        fieldType: field.type,
+      },
+      requestMetadata,
+    }),
  });

  return field;
--- a/packages/lib/server-only/field/update-field.ts
+++ b/packages/lib/server-only/field/update-field.ts
@ -1,9 +1,14 @@
 import { prisma } from '@documenso/prisma';
-import type { FieldType } from '@documenso/prisma/client';
+import type { FieldType, Team } from '@documenso/prisma/client';
+
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';

 export type UpdateFieldOptions = {
  fieldId: number;
  documentId: number;
+  userId: number;
+  teamId?: number;
  recipientId?: number;
  type?: FieldType;
  pageNumber?: number;
@ -11,11 +16,14 @@ export type UpdateFieldOptions = {
  pageY?: number;
  pageWidth?: number;
  pageHeight?: number;
+  requestMetadata?: RequestMetadata;
 };

 export const updateField = async ({
  fieldId,
  documentId,
+  userId,
+  teamId,
  recipientId,
  type,
  pageNumber,
@ -23,11 +31,29 @@ export const updateField = async ({
  pageY,
  pageWidth,
  pageHeight,
+  requestMetadata,
 }: UpdateFieldOptions) => {
  const field = await prisma.field.update({
    where: {
      id: fieldId,
-      documentId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
    },
    data: {
      recipientId,
@ -38,6 +64,58 @@ export const updateField = async ({
      width: pageWidth,
      height: pageHeight,
    },
+    include: {
+      Recipient: true,
+    },
+  });
+
+  if (!field) {
+    throw new Error('Field not found');
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+    select: {
+      id: true,
+      name: true,
+      email: true,
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  await prisma.documentAuditLog.create({
+    data: createDocumentAuditLogData({
+      type: 'FIELD_UPDATED',
+      documentId,
+      user: {
+        id: team?.id ?? user.id,
+        email: team?.name ?? user.email,
+        name: team ? '' : user.name,
+      },
+      data: {
+        fieldId: field.secondaryId,
+        fieldRecipientEmail: field.Recipient?.email ?? '',
+        fieldRecipientId: recipientId ?? -1,
+        fieldType: field.type,
+      },
+      requestMetadata,
+    }),
  });

  return field;
--- a/packages/lib/server-only/public-api/create-api-token.ts
+++ b/packages/lib/server-only/public-api/create-api-token.ts
@ -2,6 +2,7 @@ import type { Duration } from 'luxon';
 import { DateTime } from 'luxon';

 import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';

 // temporary choice for testing only
 import * as timeConstants from '../../constants/time';
@ -14,14 +15,16 @@ type TimeConstants = typeof timeConstants & {

 type CreateApiTokenInput = {
  userId: number;
+  teamId?: number;
  tokenName: string;
-  expirationDate: string | null;
+  expiresIn: string | null;
 };

 export const createApiToken = async ({
  userId,
+  teamId,
  tokenName,
-  expirationDate,
+  expiresIn,
 }: CreateApiTokenInput) => {
  const apiToken = `api_${alphaid(16)}`;

@ -29,23 +32,36 @@ export const createApiToken = async ({

  const timeConstantsRecords: TimeConstants = timeConstants;

-  const dbToken = await prisma.apiToken.create({
+  if (teamId) {
+    const member = await prisma.teamMember.findFirst({
+      where: {
+        userId,
+        teamId,
+        role: TeamMemberRole.ADMIN,
+      },
+    });
+
+    if (!member) {
+      throw new Error('You do not have permission to create a token for this team');
+    }
+  }
+
+  const storedToken = await prisma.apiToken.create({
    data: {
-      token: hashedToken,
      name: tokenName,
-      userId,
-      expires: expirationDate
-        ? DateTime.now().plus(timeConstantsRecords[expirationDate]).toJSDate()
-        : null,
+      token: hashedToken,
+      expires: expiresIn ? DateTime.now().plus(timeConstantsRecords[expiresIn]).toJSDate() : null,
+      userId: teamId ? null : userId,
+      teamId,
    },
  });

-  if (!dbToken) {
+  if (!storedToken) {
    throw new Error('Failed to create the API token');
  }

  return {
-    id: dbToken.id,
+    id: storedToken.id,
    token: apiToken,
  };
 };
--- a/packages/lib/server-only/public-api/delete-api-token-by-id.ts
+++ b/packages/lib/server-only/public-api/delete-api-token-by-id.ts
@ -1,15 +1,32 @@
 import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';

 export type DeleteTokenByIdOptions = {
  id: number;
  userId: number;
+  teamId?: number;
 };

-export const deleteTokenById = async ({ id, userId }: DeleteTokenByIdOptions) => {
+export const deleteTokenById = async ({ id, userId, teamId }: DeleteTokenByIdOptions) => {
+  if (teamId) {
+    const member = await prisma.teamMember.findFirst({
+      where: {
+        userId,
+        teamId,
+        role: TeamMemberRole.ADMIN,
+      },
+    });
+
+    if (!member) {
+      throw new Error('You do not have permission to delete this token');
+    }
+  }
+
  return await prisma.apiToken.delete({
    where: {
      id,
-      userId,
+      userId: teamId ? null : userId,
+      teamId,
    },
  });
 };
--- a/packages/lib/server-only/public-api/get-all-team-tokens.ts
+++ b/packages/lib/server-only/public-api/get-all-team-tokens.ts
@ -0,0 +1,36 @@
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+export type GetUserTokensOptions = {
+  userId: number;
+  teamId: number;
+};
+
+export const getTeamTokens = async ({ userId, teamId }: GetUserTokensOptions) => {
+  const teamMember = await prisma.teamMember.findFirst({
+    where: {
+      userId,
+      teamId,
+    },
+  });
+
+  if (teamMember?.role !== TeamMemberRole.ADMIN) {
+    throw new Error('You do not have permission to view tokens for this team');
+  }
+
+  return await prisma.apiToken.findMany({
+    where: {
+      teamId,
+    },
+    select: {
+      id: true,
+      name: true,
+      algorithm: true,
+      createdAt: true,
+      expires: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};
--- a/packages/lib/server-only/public-api/get-api-token-by-token.ts
+++ b/packages/lib/server-only/public-api/get-api-token-by-token.ts
@ -0,0 +1,41 @@
+import { prisma } from '@documenso/prisma';
+
+import { hashString } from '../auth/hash';
+
+export const getApiTokenByToken = async ({ token }: { token: string }) => {
+  const hashedToken = hashString(token);
+
+  const apiToken = await prisma.apiToken.findFirst({
+    where: {
+      token: hashedToken,
+    },
+    include: {
+      team: true,
+      user: true,
+    },
+  });
+
+  if (!apiToken) {
+    throw new Error('Invalid token');
+  }
+
+  if (apiToken.expires && apiToken.expires < new Date()) {
+    throw new Error('Expired token');
+  }
+
+  if (apiToken.team) {
+    apiToken.user = await prisma.user.findFirst({
+      where: {
+        id: apiToken.team.ownerUserId,
+      },
+    });
+  }
+
+  const { user } = apiToken;
+
+  if (!user) {
+    throw new Error('Invalid token');
+  }
+
+  return { ...apiToken, user };
+};
--- a/packages/lib/server-only/public-api/get-user-by-token.ts
+++ b/packages/lib/server-only/public-api/get-user-by-token.ts
@ -1,37 +0,0 @@
-import { prisma } from '@documenso/prisma';
-
-import { hashString } from '../auth/hash';
-
-export const getUserByApiToken = async ({ token }: { token: string }) => {
-  const hashedToken = hashString(token);
-
-  const user = await prisma.user.findFirst({
-    where: {
-      ApiToken: {
-        some: {
-          token: hashedToken,
-        },
-      },
-    },
-    include: {
-      ApiToken: true,
-    },
-  });
-
-  if (!user) {
-    throw new Error('Invalid token');
-  }
-
-  const retrievedToken = user.ApiToken.find((apiToken) => apiToken.token === hashedToken);
-
-  // This should be impossible but we need to satisfy TypeScript
-  if (!retrievedToken) {
-    throw new Error('Invalid token');
-  }
-
-  if (retrievedToken.expires && retrievedToken.expires < new Date()) {
-    throw new Error('Expired token');
-  }
-
-  return user;
-};
--- a/packages/lib/server-only/recipient/delete-recipient.ts
+++ b/packages/lib/server-only/recipient/delete-recipient.ts
@ -1,16 +1,46 @@
 import { prisma } from '@documenso/prisma';
+import type { Team } from '@documenso/prisma/client';
 import { SendStatus } from '@documenso/prisma/client';

+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+
 export type DeleteRecipientOptions = {
  documentId: number;
  recipientId: number;
+  userId: number;
+  teamId?: number;
+  requestMetadata?: RequestMetadata;
 };

-export const deleteRecipient = async ({ documentId, recipientId }: DeleteRecipientOptions) => {
+export const deleteRecipient = async ({
+  documentId,
+  recipientId,
+  userId,
+  teamId,
+  requestMetadata,
+}: DeleteRecipientOptions) => {
  const recipient = await prisma.recipient.findFirst({
    where: {
      id: recipientId,
-      documentId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
    },
  });

@ -22,11 +52,55 @@ export const deleteRecipient = async ({ documentId, recipientId }: DeleteRecipie
    throw new Error('Can not delete a recipient that has already been sent a document');
  }

-  const deletedRecipient = await prisma.recipient.delete({
+  const user = await prisma.user.findFirstOrThrow({
    where: {
-      id: recipient.id,
+      id: userId,
    },
  });

+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  const deletedRecipient = await prisma.$transaction(async (tx) => {
+    const deleted = await tx.recipient.delete({
+      where: {
+        id: recipient.id,
+      },
+    });
+
+    await tx.documentAuditLog.create({
+      data: createDocumentAuditLogData({
+        type: 'RECIPIENT_DELETED',
+        documentId,
+        user: {
+          id: team?.id ?? user.id,
+          email: team?.name ?? user.email,
+          name: team ? '' : user.name,
+        },
+        data: {
+          recipientEmail: recipient.email,
+          recipientName: recipient.name,
+          recipientId: recipient.id,
+          recipientRole: recipient.role,
+        },
+        requestMetadata,
+      }),
+    });
+
+    return deleted;
+  });
+
  return deletedRecipient;
 };
--- a/packages/lib/server-only/recipient/get-recipients-for-document.ts
+++ b/packages/lib/server-only/recipient/get-recipients-for-document.ts
@ -3,11 +3,13 @@ import { prisma } from '@documenso/prisma';
 export interface GetRecipientsForDocumentOptions {
  documentId: number;
  userId: number;
+  teamId?: number;
 }

 export const getRecipientsForDocument = async ({
  documentId,
  userId,
+  teamId,
 }: GetRecipientsForDocumentOptions) => {
  const recipients = await prisma.recipient.findMany({
    where: {
@ -18,6 +20,7 @@ export const getRecipientsForDocument = async ({
            userId,
          },
          {
+            teamId,
            team: {
              members: {
                some: {
--- a/packages/lib/server-only/recipient/set-recipients-for-document.ts
+++ b/packages/lib/server-only/recipient/set-recipients-for-document.ts
@ -11,6 +11,7 @@ import { SendStatus, SigningStatus } from '@documenso/prisma/client';

 export interface SetRecipientsForDocumentOptions {
  userId: number;
+  teamId?: number;
  documentId: number;
  recipients: {
    id?: number | null;
@ -23,6 +24,7 @@ export interface SetRecipientsForDocumentOptions {

 export const setRecipientsForDocument = async ({
  userId,
+  teamId,
  documentId,
  recipients,
  requestMetadata,
@ -30,20 +32,21 @@ export const setRecipientsForDocument = async ({
  const document = await prisma.document.findFirst({
    where: {
      id: documentId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
              },
            },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
    },
  });

@ -106,7 +109,7 @@ export const setRecipientsForDocument = async ({
    });

  const persistedRecipients = await prisma.$transaction(async (tx) => {
-    await Promise.all(
+    return await Promise.all(
      linkedRecipients.map(async (recipient) => {
        const upsertedRecipient = await tx.recipient.upsert({
          where: {
--- a/packages/lib/server-only/recipient/update-recipient.ts
+++ b/packages/lib/server-only/recipient/update-recipient.ts
@ -1,5 +1,9 @@
 import { prisma } from '@documenso/prisma';
-import type { RecipientRole } from '@documenso/prisma/client';
+import type { RecipientRole, Team } from '@documenso/prisma/client';
+
+import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
+import type { RequestMetadata } from '../../universal/extract-request-metadata';
+import { createDocumentAuditLogData, diffRecipientChanges } from '../../utils/document-audit-logs';

 export type UpdateRecipientOptions = {
  documentId: number;
@ -7,6 +11,9 @@ export type UpdateRecipientOptions = {
  email?: string;
  name?: string;
  role?: RecipientRole;
+  userId: number;
+  teamId?: number;
+  requestMetadata?: RequestMetadata;
 };

 export const updateRecipient = async ({
@ -15,11 +22,52 @@ export const updateRecipient = async ({
  email,
  name,
  role,
+  userId,
+  teamId,
+  requestMetadata,
 }: UpdateRecipientOptions) => {
  const recipient = await prisma.recipient.findFirst({
    where: {
      id: recipientId,
-      documentId,
+      Document: {
+        id: documentId,
+        ...(teamId
+          ? {
+              team: {
+                id: teamId,
+                members: {
+                  some: {
+                    userId,
+                  },
+                },
+              },
+            }
+          : {
+              userId,
+              teamId: null,
+            }),
+      },
+    },
+  });
+
+  let team: Team | null = null;
+
+  if (teamId) {
+    team = await prisma.team.findFirst({
+      where: {
+        id: teamId,
+        members: {
+          some: {
+            userId,
+          },
+        },
+      },
+    });
+  }
+
+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
    },
  });

@ -27,15 +75,43 @@ export const updateRecipient = async ({
    throw new Error('Recipient not found');
  }

-  const updatedRecipient = await prisma.recipient.update({
-    where: {
-      id: recipient.id,
-    },
-    data: {
-      email: email?.toLowerCase() ?? recipient.email,
-      name: name ?? recipient.name,
-      role: role ?? recipient.role,
-    },
+  const updatedRecipient = await prisma.$transaction(async (tx) => {
+    const persisted = await prisma.recipient.update({
+      where: {
+        id: recipient.id,
+      },
+      data: {
+        email: email?.toLowerCase() ?? recipient.email,
+        name: name ?? recipient.name,
+        role: role ?? recipient.role,
+      },
+    });
+
+    const changes = diffRecipientChanges(recipient, persisted);
+
+    if (changes.length > 0) {
+      await tx.documentAuditLog.create({
+        data: createDocumentAuditLogData({
+          type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_UPDATED,
+          documentId: documentId,
+          user: {
+            id: team?.id ?? user.id,
+            name: team?.name ?? user.name,
+            email: team ? '' : user.email,
+          },
+          requestMetadata,
+          data: {
+            changes,
+            recipientId,
+            recipientEmail: persisted.email,
+            recipientName: persisted.name,
+            recipientRole: persisted.role,
+          },
+        }),
+      });
+
+      return persisted;
+    }
  });

  return updatedRecipient;
--- a/packages/lib/server-only/template/create-document-from-template.ts
+++ b/packages/lib/server-only/template/create-document-from-template.ts
@ -5,6 +5,7 @@ import type { RecipientRole } from '@documenso/prisma/client';
 export type CreateDocumentFromTemplateOptions = {
  templateId: number;
  userId: number;
+  teamId?: number;
  recipients?: {
    name?: string;
    email: string;
@ -15,25 +16,27 @@ export type CreateDocumentFromTemplateOptions = {
 export const createDocumentFromTemplate = async ({
  templateId,
  userId,
+  teamId,
  recipients,
 }: CreateDocumentFromTemplateOptions) => {
  const template = await prisma.template.findUnique({
    where: {
      id: templateId,
-      OR: [
-        {
-          userId,
-        },
-        {
-          team: {
-            members: {
-              some: {
-                userId,
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                },
              },
            },
-          },
-        },
-      ],
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
    },
    include: {
      Recipient: true,