fix: wip

packages/lib/server-only/organisation/create-organisation-member-invites.ts

@@ -0,0 +1,223 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/core/macro';
+import type { Organisation, OrganisationGlobalSettings, Prisma } from '@prisma/client';
+import { OrganisationMemberInviteStatus } from '@prisma/client';
+import { nanoid } from 'nanoid';
+
+import { mailer } from '@documenso/email/mailer';
+import { OrganisationInviteEmailTemplate } from '@documenso/email/templates/organisation-invite';
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '@documenso/lib/constants/email';
+import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { isOrganisationRoleWithinUserHierarchy } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+import type { TCreateOrganisationMemberInvitesRequestSchema } from '@documenso/trpc/server/organisation-router/create-organisation-member-invites.types';
+
+import { getI18nInstance } from '../../client-only/providers/i18n-server';
+import {
+  buildOrganisationWhereQuery,
+  getHighestOrganisationRoleInGroup,
+} from '../../utils/organisations';
+import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
+import { organisationGlobalSettingsToBranding } from '../../utils/team-global-settings-to-branding';
+
+export type CreateOrganisationMemberInvitesOptions = {
+  userId: number;
+  userName: string;
+  organisationId: string;
+  invitations: TCreateOrganisationMemberInvitesRequestSchema['invitations'];
+};
+
+/**
+ * Invite organisation members via email to join a organisation.
+ */
+export const createOrganisationMemberInvites = async ({
+  userId,
+  userName,
+  organisationId,
+  invitations,
+}: CreateOrganisationMemberInvitesOptions): Promise<void> => {
+  const organisation = await prisma.organisation.findFirst({
+    where: buildOrganisationWhereQuery(
+      organisationId,
+      userId,
+      ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'],
+    ),
+    include: {
+      members: {
+        select: {
+          user: {
+            select: {
+              id: true,
+              email: true,
+            },
+          },
+        },
+      },
+      invites: true,
+      organisationGlobalSettings: true,
+    },
+  });
+
+  if (!organisation) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  const currentOrganisationMember = await prisma.organisationMember.findFirst({
+    where: {
+      userId,
+      organisationId,
+    },
+    include: {
+      organisationGroupMembers: {
+        include: {
+          group: true,
+        },
+      },
+    },
+  });
+
+  if (!currentOrganisationMember) {
+    throw new AppError(AppErrorCode.UNAUTHORIZED);
+  }
+
+  const currentOrganisationMemberRole = getHighestOrganisationRoleInGroup(
+    currentOrganisationMember.organisationGroupMembers.map((member) => member.group),
+  );
+
+  const organisationMemberEmails = organisation.members.map((member) => member.user.email);
+  const organisationMemberInviteEmails = organisation.invites
+    .filter((invite) => invite.status === OrganisationMemberInviteStatus.PENDING)
+    .map((invite) => invite.email);
+
+  if (!currentOrganisationMember) {
+    throw new AppError(AppErrorCode.UNAUTHORIZED, {
+      message: 'User not part of organisation.',
+    });
+  }
+
+  const usersToInvite = invitations.filter((invitation) => {
+    // Filter out users that are already members of the organisation.
+    if (organisationMemberEmails.includes(invitation.email)) {
+      return false;
+    }
+
+    // Filter out users that have already been invited to the organisation.
+    if (organisationMemberInviteEmails.includes(invitation.email)) {
+      return false;
+    }
+
+    return true;
+  });
+
+  const unauthorizedRoleAccess = usersToInvite.some(
+    ({ organisationRole }) =>
+      !isOrganisationRoleWithinUserHierarchy(currentOrganisationMemberRole, organisationRole),
+  );
+
+  if (unauthorizedRoleAccess) {
+    throw new AppError(AppErrorCode.UNAUTHORIZED, {
+      message: 'User does not have permission to set high level roles',
+    });
+  }
+
+  // Todo: (orgs)
+  const organisationMemberInvites: Prisma.OrganisationMemberInviteCreateManyInput[] =
+    usersToInvite.map(({ email, organisationRole }) => ({
+      email,
+      organisationId,
+      organisationRole,
+      token: nanoid(32),
+    }));
+
+  console.log({
+    organisationMemberInvites,
+  });
+
+  await prisma.organisationMemberInvite.createMany({
+    data: organisationMemberInvites,
+  });
+
+  const sendEmailResult = await Promise.allSettled(
+    organisationMemberInvites.map(async ({ email, token }) =>
+      sendOrganisationMemberInviteEmail({
+        email,
+        token,
+        organisation,
+        senderName: userName,
+      }),
+    ),
+  );
+
+  const sendEmailResultErrorList = sendEmailResult.filter(
+    (result): result is PromiseRejectedResult => result.status === 'rejected',
+  );
+
+  if (sendEmailResultErrorList.length > 0) {
+    console.error(JSON.stringify(sendEmailResultErrorList));
+
+    throw new AppError('EmailDeliveryFailed', {
+      message: 'Failed to send invite emails to one or more users.',
+      userMessage: `Failed to send invites to ${sendEmailResultErrorList.length}/${organisationMemberInvites.length} users.`,
+    });
+  }
+};
+
+type SendOrganisationMemberInviteEmailOptions = {
+  email: string;
+  senderName: string;
+  token: string;
+  organisation: Organisation & {
+    organisationGlobalSettings: OrganisationGlobalSettings;
+  };
+};
+
+/**
+ * Send an email to a user inviting them to join a organisation.
+ */
+export const sendOrganisationMemberInviteEmail = async ({
+  email,
+  senderName,
+  token,
+  organisation,
+}: SendOrganisationMemberInviteEmailOptions) => {
+  const template = createElement(OrganisationInviteEmailTemplate, {
+    assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+    baseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+    senderName,
+    token,
+    organisationName: organisation.name,
+  });
+
+  const branding = organisationGlobalSettingsToBranding(
+    organisation.organisationGlobalSettings,
+    organisation.id,
+  );
+
+  const [html, text] = await Promise.all([
+    renderEmailWithI18N(template, {
+      lang: organisation.organisationGlobalSettings.documentLanguage,
+      branding,
+    }),
+    renderEmailWithI18N(template, {
+      lang: organisation.organisationGlobalSettings.documentLanguage,
+      branding,
+      plainText: true,
+    }),
+  ]);
+
+  const i18n = await getI18nInstance(organisation.organisationGlobalSettings.documentLanguage);
+
+  await mailer.sendMail({
+    to: email,
+    from: {
+      name: FROM_NAME,
+      address: FROM_ADDRESS,
+    },
+    subject: i18n._(msg`You have been invited to join ${organisation.name} on Documenso`),
+    html,
+    text,
+  });
+};