feat: change organisation owner in admin panel (#2047)

Allows changing the owner of an organisation within the admin panel, useful for support requests to change ownership from a testing account to the main admin account. <img width="890" height="431" alt="image" src="https://github.com/user-attachments/assets/475bbbdd-0f26-4f74-aacf-3e793366551d" />
2025-11-13 16:23:06 +10:00 · 2025-09-25 17:13:47 +10:00
parent b9b3ddfb98
commit cfceebd78f
7 changed files with 615 additions and 2 deletions
--- a/packages/trpc/server/admin-router/promote-member-to-owner.ts
+++ b/packages/trpc/server/admin-router/promote-member-to-owner.ts
@ -0,0 +1,124 @@
+import { OrganisationGroupType, OrganisationMemberRole } from '@prisma/client';
+
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { generateDatabaseId } from '@documenso/lib/universal/id';
+import { getHighestOrganisationRoleInGroup } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { adminProcedure } from '../trpc';
+import {
+  ZPromoteMemberToOwnerRequestSchema,
+  ZPromoteMemberToOwnerResponseSchema,
+} from './promote-member-to-owner.types';
+
+export const promoteMemberToOwnerRoute = adminProcedure
+  .input(ZPromoteMemberToOwnerRequestSchema)
+  .output(ZPromoteMemberToOwnerResponseSchema)
+  .mutation(async ({ input, ctx }) => {
+    const { organisationId, userId } = input;
+
+    ctx.logger.info({
+      input: {
+        organisationId,
+        userId,
+      },
+    });
+
+    // First, verify the organisation exists and get member details with groups
+    const organisation = await prisma.organisation.findUnique({
+      where: {
+        id: organisationId,
+      },
+      include: {
+        groups: {
+          where: {
+            type: OrganisationGroupType.INTERNAL_ORGANISATION,
+          },
+        },
+        members: {
+          where: {
+            userId,
+          },
+          include: {
+            organisationGroupMembers: {
+              include: {
+                group: true,
+              },
+            },
+          },
+        },
+      },
+    });
+
+    if (!organisation) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Organisation not found',
+      });
+    }
+
+    // Verify the user is a member of the organisation
+    const [member] = organisation.members;
+
+    if (!member) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'User is not a member of this organisation',
+      });
+    }
+
+    // Verify the user is not already the owner
+    if (organisation.ownerUserId === userId) {
+      throw new AppError(AppErrorCode.INVALID_REQUEST, {
+        message: 'User is already the owner of this organisation',
+      });
+    }
+
+    // Get current organisation role
+    const currentOrganisationRole = getHighestOrganisationRoleInGroup(
+      member.organisationGroupMembers.flatMap((member) => member.group),
+    );
+
+    // Find the current and target organisation groups
+    const currentMemberGroup = organisation.groups.find(
+      (group) => group.organisationRole === currentOrganisationRole,
+    );
+
+    const adminGroup = organisation.groups.find(
+      (group) => group.organisationRole === OrganisationMemberRole.ADMIN,
+    );
+
+    if (!currentMemberGroup) {
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Current member group not found',
+      });
+    }
+
+    if (!adminGroup) {
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Admin group not found',
+      });
+    }
+
+    // Update the organisation owner and member role in a transaction
+    await prisma.$transaction(async (tx) => {
+      // Update the organisation to set the new owner
+      await tx.organisation.update({
+        where: {
+          id: organisationId,
+        },
+        data: {
+          ownerUserId: userId,
+        },
+      });
+
+      // Only update role if the user is not already an admin then add them to the admin group
+      if (currentOrganisationRole !== OrganisationMemberRole.ADMIN) {
+        await tx.organisationGroupMember.create({
+          data: {
+            id: generateDatabaseId('group_member'),
+            organisationMemberId: member.id,
+            groupId: adminGroup.id,
+          },
+        });
+      }
+    });
+  });
--- a/packages/trpc/server/admin-router/promote-member-to-owner.types.ts
+++ b/packages/trpc/server/admin-router/promote-member-to-owner.types.ts
@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const ZPromoteMemberToOwnerRequestSchema = z.object({
+  organisationId: z.string().min(1),
+  userId: z.number().min(1),
+});
+
+export const ZPromoteMemberToOwnerResponseSchema = z.void();
+
+export type TPromoteMemberToOwnerRequest = z.infer<typeof ZPromoteMemberToOwnerRequestSchema>;
+export type TPromoteMemberToOwnerResponse = z.infer<typeof ZPromoteMemberToOwnerResponseSchema>;
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@ -12,6 +12,7 @@ import { findDocumentsRoute } from './find-documents';
 import { findSubscriptionClaimsRoute } from './find-subscription-claims';
 import { getAdminOrganisationRoute } from './get-admin-organisation';
 import { getUserRoute } from './get-user';
+import { promoteMemberToOwnerRoute } from './promote-member-to-owner';
 import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
@ -27,6 +28,9 @@ export const adminRouter = router({
    create: createAdminOrganisationRoute,
    update: updateAdminOrganisationRoute,
  },
+  organisationMember: {
+    promoteToOwner: promoteMemberToOwnerRoute,
+  },
  claims: {
    find: findSubscriptionClaimsRoute,
    create: createSubscriptionClaimRoute,