chore: merge main

2025-11-14 08:42:12 +10:00 · 2025-06-24 10:49:08 +03:00
parent 3b476e9e1f bb9ba80edb
commit 338965325d
787 changed files with 55308 additions and 42985 deletions
--- a/packages/lib/server-only/template/update-template.ts
+++ b/packages/lib/server-only/template/update-template.ts
@ -1,22 +1,22 @@
 import type { Attachment, DocumentVisibility, Template, TemplateMeta } from '@prisma/client';

-import { isUserEnterprise } from '@documenso/ee/server-only/util/is-document-enterprise';
 import { prisma } from '@documenso/prisma';

 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
 import { createDocumentAuthOptions, extractDocumentAuthMethods } from '../../utils/document-auth';
+import { buildTeamWhereQuery } from '../../utils/teams';

 export type UpdateTemplateOptions = {
  userId: number;
-  teamId?: number;
+  teamId: number;
  templateId: number;
  data?: {
    title?: string;
    externalId?: string | null;
    visibility?: DocumentVisibility;
-    globalAccessAuth?: TDocumentAccessAuthTypes | null;
-    globalActionAuth?: TDocumentActionAuthTypes | null;
+    globalAccessAuth?: TDocumentAccessAuthTypes[];
+    globalActionAuth?: TDocumentActionAuthTypes[];
    publicTitle?: string;
    publicDescription?: string;
    type?: Template['type'];
@ -33,31 +33,32 @@ export const updateTemplate = async ({
  meta = {},
  data = {},
 }: UpdateTemplateOptions) => {
-  const template = await prisma.template.findFirstOrThrow({
+  const template = await prisma.template.findFirst({
    where: {
      id: templateId,
-      ...(teamId
-        ? {
-            team: {
-              id: teamId,
-              members: {
-                some: {
-                  userId,
-                },
-              },
-            },
-          }
-        : {
-            userId,
-            teamId: null,
-          }),
+      team: buildTeamWhereQuery({ teamId, userId }),
    },
    include: {
      templateMeta: true,
      attachments: true,
+      team: {
+        select: {
+          organisation: {
+            select: {
+              organisationClaim: true,
+            },
+          },
+        },
+      },
    },
  });

+  if (!template) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Template not found',
+    });
+  }
+
  if (Object.values(data).length === 0 && Object.keys(meta).length === 0) {
    return template;
  }
@ -76,17 +77,10 @@ export const updateTemplate = async ({
    data?.globalActionAuth === undefined ? documentGlobalActionAuth : data.globalActionAuth;

  // Check if user has permission to set the global action auth.
-  if (newGlobalActionAuth) {
-    const isDocumentEnterprise = await isUserEnterprise({
-      userId,
-      teamId,
+  if (newGlobalActionAuth.length > 0 && !template.team.organisation.organisationClaim.flags.cfr21) {
+    throw new AppError(AppErrorCode.UNAUTHORIZED, {
+      message: 'You do not have permission to set the action auth',
    });
-
-    if (!isDocumentEnterprise) {
-      throw new AppError(AppErrorCode.UNAUTHORIZED, {
-        message: 'You do not have permission to set the action auth',
-      });
-    }
  }

  const authOptions = createDocumentAuthOptions({