feat: add organisations (#1820)

packages/lib/constants/billing.ts

@@ -1,12 +1,18 @@
-export enum STRIPE_CUSTOMER_TYPE {
-  INDIVIDUAL = 'individual',
-  TEAM = 'team',
-}
+import { SubscriptionStatus } from '@prisma/client';
 
 export enum STRIPE_PLAN_TYPE {
-  REGULAR = 'regular',
-  TEAM = 'team',
-  COMMUNITY = 'community',
+  FREE = 'free',
+  INDIVIDUAL = 'individual',
+  PRO = 'pro',
+  EARLY_ADOPTER = 'earlyAdopter',
   PLATFORM = 'platform',
   ENTERPRISE = 'enterprise',
 }
+
+export const FREE_TIER_DOCUMENT_QUOTA = 5;
+
+export const SUBSCRIPTION_STATUS_MAP = {
+  [SubscriptionStatus.ACTIVE]: 'Active',
+  [SubscriptionStatus.INACTIVE]: 'Inactive',
+  [SubscriptionStatus.PAST_DUE]: 'Past Due',
+};

packages/lib/constants/document.ts

@@ -2,6 +2,13 @@ import type { MessageDescriptor } from '@lingui/core';
 import { msg } from '@lingui/core/macro';
 import { DocumentDistributionMethod, DocumentStatus } from '@prisma/client';
 
+/**
+ * Workaround for E2E tests to not import `msg`.
+ */
+import { DocumentSignatureType } from '@documenso/lib/utils/teams';
+
+export { DocumentSignatureType };
+
 export const DOCUMENT_STATUS: {
   [status in DocumentStatus]: { description: MessageDescriptor };
 } = {
@@ -35,12 +42,6 @@ export const DOCUMENT_DISTRIBUTION_METHODS: Record<string, DocumentDistributionM
   },
 } satisfies Record<DocumentDistributionMethod, DocumentDistributionMethodTypeData>;
 
-export enum DocumentSignatureType {
-  DRAW = 'draw',
-  TYPE = 'type',
-  UPLOAD = 'upload',
-}
-
 type DocumentSignatureTypeData = {
   label: MessageDescriptor;
   value: DocumentSignatureType;

packages/lib/constants/feature-flags.ts

@@ -2,7 +2,6 @@ import { env } from '@documenso/lib/utils/env';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from './app';
 
-const NEXT_PUBLIC_FEATURE_BILLING_ENABLED = () => env('NEXT_PUBLIC_FEATURE_BILLING_ENABLED');
 const NEXT_PUBLIC_POSTHOG_KEY = () => env('NEXT_PUBLIC_POSTHOG_KEY');
 
 /**
@@ -10,26 +9,6 @@ const NEXT_PUBLIC_POSTHOG_KEY = () => env('NEXT_PUBLIC_POSTHOG_KEY');
  */
 export const FEATURE_FLAG_GLOBAL_SESSION_RECORDING = 'global_session_recording';
 
-/**
- * How frequent to poll for new feature flags in milliseconds.
- */
-export const FEATURE_FLAG_POLL_INTERVAL = 30000;
-
-/**
- * Feature flags that will be used when PostHog is disabled.
- *
- * Does not take any person or group properties into account.
- */
-export const LOCAL_FEATURE_FLAGS: Record<string, boolean> = {
-  app_allow_encrypted_documents: false,
-  app_billing: NEXT_PUBLIC_FEATURE_BILLING_ENABLED() === 'true',
-  app_document_page_view_history_sheet: false,
-  app_passkey: true,
-  app_public_profile: true,
-  marketing_header_single_player_mode: false,
-  marketing_profiles_announcement_bar: true,
-} as const;
-
 /**
  * Extract the PostHog configuration from the environment.
  */
@@ -46,10 +25,3 @@ export function extractPostHogConfig(): { key: string; host: string } | null {
     host: postHogHost,
   };
 }
-
-/**
- * Whether feature flags are enabled for the current instance.
- */
-export function isFeatureFlagEnabled(): boolean {
-  return extractPostHogConfig() !== null;
-}

packages/lib/constants/organisations-translations.ts

@@ -0,0 +1,25 @@
+/**
+ * These constants are in a different file to avoid E2E tests from importing `msg`
+ * which will break it.
+ */
+import type { MessageDescriptor } from '@lingui/core';
+import { msg } from '@lingui/core/macro';
+import type { OrganisationMemberRole } from '@prisma/client';
+
+export const ORGANISATION_MEMBER_ROLE_MAP: Record<
+  keyof typeof OrganisationMemberRole,
+  MessageDescriptor
+> = {
+  ADMIN: msg`Admin`,
+  MANAGER: msg`Manager`,
+  MEMBER: msg`Member`,
+};
+
+export const EXTENDED_ORGANISATION_MEMBER_ROLE_MAP: Record<
+  keyof typeof OrganisationMemberRole,
+  MessageDescriptor
+> = {
+  ADMIN: msg`Organisation Admin`,
+  MANAGER: msg`Organisation Manager`,
+  MEMBER: msg`Organisation Member`,
+};

packages/lib/constants/organisations.ts

@@ -0,0 +1,128 @@
+import { OrganisationGroupType, OrganisationMemberRole } from '@prisma/client';
+
+export const ORGANISATION_URL_ROOT_REGEX = new RegExp('^/t/[^/]+/?$');
+export const ORGANISATION_URL_REGEX = new RegExp('^/t/[^/]+');
+
+export const ORGANISATION_INTERNAL_GROUPS: {
+  organisationRole: OrganisationMemberRole;
+  type: OrganisationGroupType;
+}[] = [
+  {
+    organisationRole: OrganisationMemberRole.ADMIN,
+    type: OrganisationGroupType.INTERNAL_ORGANISATION,
+  },
+  {
+    organisationRole: OrganisationMemberRole.MANAGER,
+    type: OrganisationGroupType.INTERNAL_ORGANISATION,
+  },
+  {
+    organisationRole: OrganisationMemberRole.MEMBER,
+    type: OrganisationGroupType.INTERNAL_ORGANISATION,
+  },
+] as const;
+
+export const ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP = {
+  /**
+   * Includes permissions to:
+   * - Manage organisation members
+   * - Manage organisation settings, changing name, url, etc.
+   */
+  DELETE_ORGANISATION: [OrganisationMemberRole.ADMIN],
+  MANAGE_BILLING: [OrganisationMemberRole.ADMIN],
+  DELETE_ORGANISATION_TRANSFER_REQUEST: [OrganisationMemberRole.ADMIN],
+  MANAGE_ORGANISATION: [OrganisationMemberRole.ADMIN, OrganisationMemberRole.MANAGER],
+} satisfies Record<string, OrganisationMemberRole[]>;
+
+/**
+ * A hierarchy of organisation member roles to determine which role has higher permission than another.
+ *
+ * Warning: The length of the array is used to determine the priority of the role.
+ * See `getHighestOrganisationRoleInGroup`
+ */
+export const ORGANISATION_MEMBER_ROLE_HIERARCHY = {
+  [OrganisationMemberRole.ADMIN]: [
+    OrganisationMemberRole.ADMIN,
+    OrganisationMemberRole.MANAGER,
+    OrganisationMemberRole.MEMBER,
+  ],
+  [OrganisationMemberRole.MANAGER]: [OrganisationMemberRole.MANAGER, OrganisationMemberRole.MEMBER],
+  [OrganisationMemberRole.MEMBER]: [OrganisationMemberRole.MEMBER],
+} satisfies Record<OrganisationMemberRole, OrganisationMemberRole[]>;
+
+export const LOWEST_ORGANISATION_ROLE = OrganisationMemberRole.MEMBER;
+
+export const PROTECTED_ORGANISATION_URLS = [
+  '403',
+  '404',
+  '500',
+  '502',
+  '503',
+  '504',
+  'about',
+  'account',
+  'admin',
+  'administrator',
+  'api',
+  'app',
+  'archive',
+  'auth',
+  'backup',
+  'config',
+  'configure',
+  'contact',
+  'contact-us',
+  'copyright',
+  'crime',
+  'criminal',
+  'dashboard',
+  'docs',
+  'documentation',
+  'document',
+  'documents',
+  'error',
+  'exploit',
+  'exploitation',
+  'exploiter',
+  'feedback',
+  'finance',
+  'forgot-password',
+  'fraud',
+  'fraudulent',
+  'hack',
+  'hacker',
+  'harassment',
+  'help',
+  'helpdesk',
+  'illegal',
+  'internal',
+  'legal',
+  'login',
+  'logout',
+  'maintenance',
+  'malware',
+  'newsletter',
+  'policy',
+  'privacy',
+  'profile',
+  'public',
+  'reset-password',
+  'scam',
+  'scammer',
+  'settings',
+  'setup',
+  'sign',
+  'signin',
+  'signout',
+  'signup',
+  'spam',
+  'support',
+  'system',
+  'organisation',
+  'terms',
+  'virus',
+  'webhook',
+];
+
+export const isOrganisationUrlProtected = (url: string) => {
+  return PROTECTED_ORGANISATION_URLS.some((protectedUrl) => url.startsWith(`/${protectedUrl}`));
+};

packages/lib/constants/teams-translations.ts

@@ -0,0 +1,16 @@
+import type { MessageDescriptor } from '@lingui/core';
+import { msg } from '@lingui/core/macro';
+import type { TeamMemberRole } from '@prisma/client';
+
+export const TEAM_MEMBER_ROLE_MAP: Record<keyof typeof TeamMemberRole, MessageDescriptor> = {
+  ADMIN: msg`Admin`,
+  MANAGER: msg`Manager`,
+  MEMBER: msg`Member`,
+};
+
+export const EXTENDED_TEAM_MEMBER_ROLE_MAP: Record<keyof typeof TeamMemberRole, MessageDescriptor> =
+  {
+    ADMIN: msg`Team Admin`,
+    MANAGER: msg`Team Manager`,
+    MEMBER: msg`Team Member`,
+  };

packages/lib/constants/teams.ts

@@ -1,29 +1,43 @@
-import type { MessageDescriptor } from '@lingui/core';
-import { msg } from '@lingui/core/macro';
-import { TeamMemberRole } from '@prisma/client';
+import { OrganisationGroupType, TeamMemberRole } from '@prisma/client';
 
 export const TEAM_URL_ROOT_REGEX = new RegExp('^/t/[^/]+/?$');
 export const TEAM_URL_REGEX = new RegExp('^/t/[^/]+');
 
-export const TEAM_MEMBER_ROLE_MAP: Record<keyof typeof TeamMemberRole, MessageDescriptor> = {
-  ADMIN: msg`Admin`,
-  MANAGER: msg`Manager`,
-  MEMBER: msg`Member`,
-};
+export const LOWEST_TEAM_ROLE = TeamMemberRole.MEMBER;
+
+export const ALLOWED_TEAM_GROUP_TYPES: OrganisationGroupType[] = [
+  OrganisationGroupType.CUSTOM,
+  OrganisationGroupType.INTERNAL_ORGANISATION,
+];
+
+export const TEAM_INTERNAL_GROUPS: {
+  teamRole: TeamMemberRole;
+  type: OrganisationGroupType;
+}[] = [
+  {
+    teamRole: TeamMemberRole.ADMIN,
+    type: OrganisationGroupType.INTERNAL_TEAM,
+  },
+  {
+    teamRole: TeamMemberRole.MANAGER,
+    type: OrganisationGroupType.INTERNAL_TEAM,
+  },
+  {
+    teamRole: TeamMemberRole.MEMBER,
+    type: OrganisationGroupType.INTERNAL_TEAM,
+  },
+] as const;
 
 export const TEAM_MEMBER_ROLE_PERMISSIONS_MAP = {
-  /**
-   * Includes permissions to:
-   * - Manage team members
-   * - Manage team settings, changing name, url, etc.
-   */
+  DELETE_TEAM: [TeamMemberRole.ADMIN],
   MANAGE_TEAM: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER],
-  MANAGE_BILLING: [TeamMemberRole.ADMIN],
-  DELETE_TEAM_TRANSFER_REQUEST: [TeamMemberRole.ADMIN],
 } satisfies Record<string, TeamMemberRole[]>;
 
 /**
  * A hierarchy of team member roles to determine which role has higher permission than another.
+ *
+ * Warning: The length of the array is used to determine the priority of the role.
+ * See `getHighestTeamRoleInGroup`
  */
 export const TEAM_MEMBER_ROLE_HIERARCHY = {
   [TeamMemberRole.ADMIN]: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER, TeamMemberRole.MEMBER],