feat: add organisations (#1820)

2025-11-14 16:51:38 +10:00 · 2025-06-10 11:49:52 +10:00
parent 0b37f19641
commit e6dc237ad2
631 changed files with 37616 additions and 25695 deletions
--- a/packages/lib/server-only/organisation/accept-organisation-invitation.ts
+++ b/packages/lib/server-only/organisation/accept-organisation-invitation.ts
@ -0,0 +1,105 @@
+import { OrganisationGroupType, OrganisationMemberInviteStatus } from '@prisma/client';
+
+import { prisma } from '@documenso/prisma';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
+import { jobs } from '../../jobs/client';
+import { generateDatabaseId } from '../../universal/id';
+
+export type AcceptOrganisationInvitationOptions = {
+  token: string;
+};
+
+export const acceptOrganisationInvitation = async ({
+  token,
+}: AcceptOrganisationInvitationOptions) => {
+  const organisationMemberInvite = await prisma.organisationMemberInvite.findFirst({
+    where: {
+      token,
+      status: {
+        not: OrganisationMemberInviteStatus.DECLINED,
+      },
+    },
+    include: {
+      organisation: {
+        include: {
+          groups: {
+            include: {
+              teamGroups: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  if (!organisationMemberInvite) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  if (organisationMemberInvite.status === OrganisationMemberInviteStatus.ACCEPTED) {
+    return;
+  }
+
+  const user = await prisma.user.findFirst({
+    where: {
+      email: organisationMemberInvite.email,
+    },
+  });
+
+  if (!user) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'User must exist to accept an organisation invitation',
+    });
+  }
+
+  const { organisation } = organisationMemberInvite;
+
+  const organisationGroupToUse = organisation.groups.find(
+    (group) =>
+      group.type === OrganisationGroupType.INTERNAL_ORGANISATION &&
+      group.organisationRole === organisationMemberInvite.organisationRole,
+  );
+
+  if (!organisationGroupToUse) {
+    throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+      message: 'Organisation group not found',
+    });
+  }
+
+  await prisma.$transaction(
+    async (tx) => {
+      await tx.organisationMember.create({
+        data: {
+          id: generateDatabaseId('member'),
+          userId: user.id,
+          organisationId: organisation.id,
+          organisationGroupMembers: {
+            create: {
+              id: generateDatabaseId('group_member'),
+              groupId: organisationGroupToUse.id,
+            },
+          },
+        },
+      });
+
+      await tx.organisationMemberInvite.update({
+        where: {
+          id: organisationMemberInvite.id,
+        },
+        data: {
+          status: OrganisationMemberInviteStatus.ACCEPTED,
+        },
+      });
+
+      await jobs.triggerJob({
+        name: 'send.organisation-member-joined.email',
+        payload: {
+          organisationId: organisation.id,
+          memberUserId: user.id,
+        },
+      });
+    },
+    { timeout: 30_000 },
+  );
+};
--- a/packages/lib/server-only/organisation/create-organisation-billing-portal.ts
+++ b/packages/lib/server-only/organisation/create-organisation-billing-portal.ts
@ -0,0 +1,47 @@
+import { getPortalSession } from '@documenso/ee/server-only/stripe/get-portal-session';
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
+import { prisma } from '@documenso/prisma';
+
+export type CreateTeamBillingPortalOptions = {
+  userId: number;
+  teamId: number;
+};
+
+export const createTeamBillingPortal = async ({
+  userId,
+  teamId,
+}: CreateTeamBillingPortalOptions) => {
+  if (!IS_BILLING_ENABLED()) {
+    throw new Error('Billing is not enabled');
+  }
+
+  const team = await prisma.team.findFirstOrThrow({
+    where: {
+      id: teamId,
+      members: {
+        some: {
+          userId,
+          role: {
+            in: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_BILLING'],
+          },
+        },
+      },
+    },
+    include: {
+      subscription: true,
+    },
+  });
+
+  if (!team.subscription) {
+    throw new Error('Team has no subscription');
+  }
+
+  if (!team.customerId) {
+    throw new Error('Team has no customerId');
+  }
+
+  return getPortalSession({
+    customerId: team.customerId,
+  });
+};
--- a/packages/lib/server-only/organisation/create-organisation-member-invites.ts
+++ b/packages/lib/server-only/organisation/create-organisation-member-invites.ts
@ -0,0 +1,224 @@
+import { createElement } from 'react';
+
+import { msg } from '@lingui/core/macro';
+import type { Organisation, Prisma } from '@prisma/client';
+import { OrganisationMemberInviteStatus } from '@prisma/client';
+import { nanoid } from 'nanoid';
+
+import { syncMemberCountWithStripeSeatPlan } from '@documenso/ee/server-only/stripe/update-subscription-item-quantity';
+import { mailer } from '@documenso/email/mailer';
+import { OrganisationInviteEmailTemplate } from '@documenso/email/templates/organisation-invite';
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { FROM_ADDRESS, FROM_NAME } from '@documenso/lib/constants/email';
+import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { isOrganisationRoleWithinUserHierarchy } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+import type { TCreateOrganisationMemberInvitesRequestSchema } from '@documenso/trpc/server/organisation-router/create-organisation-member-invites.types';
+
+import { getI18nInstance } from '../../client-only/providers/i18n-server';
+import { generateDatabaseId } from '../../universal/id';
+import { validateIfSubscriptionIsRequired } from '../../utils/billing';
+import { buildOrganisationWhereQuery } from '../../utils/organisations';
+import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
+import { getEmailContext } from '../email/get-email-context';
+import { getMemberOrganisationRole } from '../team/get-member-roles';
+
+export type CreateOrganisationMemberInvitesOptions = {
+  userId: number;
+  userName: string;
+  organisationId: string;
+  invitations: TCreateOrganisationMemberInvitesRequestSchema['invitations'];
+};
+
+/**
+ * Invite organisation members via email to join a organisation.
+ */
+export const createOrganisationMemberInvites = async ({
+  userId,
+  userName,
+  organisationId,
+  invitations,
+}: CreateOrganisationMemberInvitesOptions): Promise<void> => {
+  const organisation = await prisma.organisation.findFirst({
+    where: buildOrganisationWhereQuery({
+      organisationId,
+      userId,
+      roles: ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'],
+    }),
+    include: {
+      members: {
+        select: {
+          user: {
+            select: {
+              id: true,
+              email: true,
+            },
+          },
+        },
+      },
+      invites: {
+        where: {
+          status: OrganisationMemberInviteStatus.PENDING,
+        },
+      },
+      organisationGlobalSettings: true,
+      organisationClaim: true,
+      subscription: true,
+    },
+  });
+
+  if (!organisation) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  const { organisationClaim } = organisation;
+
+  const subscription = validateIfSubscriptionIsRequired(organisation.subscription);
+
+  const currentOrganisationMemberRole = await getMemberOrganisationRole({
+    organisationId: organisation.id,
+    reference: {
+      type: 'User',
+      id: userId,
+    },
+  });
+
+  const organisationMemberEmails = organisation.members.map((member) => member.user.email);
+  const organisationMemberInviteEmails = organisation.invites.map((invite) => invite.email);
+
+  const usersToInvite = invitations.filter((invitation) => {
+    // Filter out users that are already members of the organisation.
+    if (organisationMemberEmails.includes(invitation.email)) {
+      return false;
+    }
+
+    // Filter out users that have already been invited to the organisation.
+    if (organisationMemberInviteEmails.includes(invitation.email)) {
+      return false;
+    }
+
+    return true;
+  });
+
+  const unauthorizedRoleAccess = usersToInvite.some(
+    ({ organisationRole }) =>
+      !isOrganisationRoleWithinUserHierarchy(currentOrganisationMemberRole, organisationRole),
+  );
+
+  if (unauthorizedRoleAccess) {
+    throw new AppError(AppErrorCode.UNAUTHORIZED, {
+      message: 'User does not have permission to set high level roles',
+    });
+  }
+
+  const organisationMemberInvites: Prisma.OrganisationMemberInviteCreateManyInput[] =
+    usersToInvite.map(({ email, organisationRole }) => ({
+      id: generateDatabaseId('member_invite'),
+      email,
+      organisationId,
+      organisationRole,
+      token: nanoid(32),
+    }));
+
+  const numberOfCurrentMembers = organisation.members.length;
+  const numberOfCurrentInvites = organisation.invites.length;
+  const numberOfNewInvites = organisationMemberInvites.length;
+
+  const totalMemberCountWithInvites =
+    numberOfCurrentMembers + numberOfCurrentInvites + numberOfNewInvites;
+
+  // Handle billing for seat based plans.
+  if (subscription) {
+    await syncMemberCountWithStripeSeatPlan(
+      subscription,
+      organisationClaim,
+      totalMemberCountWithInvites,
+    );
+  }
+
+  await prisma.organisationMemberInvite.createMany({
+    data: organisationMemberInvites,
+  });
+
+  const sendEmailResult = await Promise.allSettled(
+    organisationMemberInvites.map(async ({ email, token }) =>
+      sendOrganisationMemberInviteEmail({
+        email,
+        token,
+        organisation,
+        senderName: userName,
+      }),
+    ),
+  );
+
+  const sendEmailResultErrorList = sendEmailResult.filter(
+    (result): result is PromiseRejectedResult => result.status === 'rejected',
+  );
+
+  if (sendEmailResultErrorList.length > 0) {
+    console.error(JSON.stringify(sendEmailResultErrorList));
+
+    throw new AppError('EmailDeliveryFailed', {
+      message: 'Failed to send invite emails to one or more users.',
+      userMessage: `Failed to send invites to ${sendEmailResultErrorList.length}/${organisationMemberInvites.length} users.`,
+    });
+  }
+};
+
+type SendOrganisationMemberInviteEmailOptions = {
+  email: string;
+  senderName: string;
+  token: string;
+  organisation: Pick<Organisation, 'id' | 'name'>;
+};
+
+/**
+ * Send an email to a user inviting them to join a organisation.
+ */
+export const sendOrganisationMemberInviteEmail = async ({
+  email,
+  senderName,
+  token,
+  organisation,
+}: SendOrganisationMemberInviteEmailOptions) => {
+  const template = createElement(OrganisationInviteEmailTemplate, {
+    assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+    baseUrl: NEXT_PUBLIC_WEBAPP_URL(),
+    senderName,
+    token,
+    organisationName: organisation.name,
+  });
+
+  const { branding, settings } = await getEmailContext({
+    source: {
+      type: 'organisation',
+      organisationId: organisation.id,
+    },
+  });
+
+  const [html, text] = await Promise.all([
+    renderEmailWithI18N(template, {
+      lang: settings.documentLanguage,
+      branding,
+    }),
+    renderEmailWithI18N(template, {
+      lang: settings.documentLanguage,
+      branding,
+      plainText: true,
+    }),
+  ]);
+
+  const i18n = await getI18nInstance(settings.documentLanguage);
+
+  await mailer.sendMail({
+    to: email,
+    from: {
+      name: FROM_NAME,
+      address: FROM_ADDRESS,
+    },
+    subject: i18n._(msg`You have been invited to join ${organisation.name} on Documenso`),
+    html,
+    text,
+  });
+};
--- a/packages/lib/server-only/organisation/create-organisation.ts
+++ b/packages/lib/server-only/organisation/create-organisation.ts
@ -0,0 +1,175 @@
+import type { Prisma } from '@prisma/client';
+import { OrganisationType } from '@prisma/client';
+import { OrganisationMemberRole } from '@prisma/client';
+
+import { prisma } from '@documenso/prisma';
+
+import { ORGANISATION_INTERNAL_GROUPS } from '../../constants/organisations';
+import { AppErrorCode } from '../../errors/app-error';
+import { AppError } from '../../errors/app-error';
+import type { InternalClaim } from '../../types/subscription';
+import { INTERNAL_CLAIM_ID, internalClaims } from '../../types/subscription';
+import { generateDatabaseId, prefixedId } from '../../universal/id';
+import { generateDefaultOrganisationSettings } from '../../utils/organisations';
+import { createTeam } from '../team/create-team';
+
+type CreateOrganisationOptions = {
+  userId: number;
+  name: string;
+  type: OrganisationType;
+  url?: string;
+  customerId?: string;
+  claim: InternalClaim;
+};
+
+export const createOrganisation = async ({
+  name,
+  url,
+  type,
+  userId,
+  customerId,
+  claim,
+}: CreateOrganisationOptions) => {
+  return await prisma.$transaction(async (tx) => {
+    const organisationSetting = await tx.organisationGlobalSettings.create({
+      data: {
+        ...generateDefaultOrganisationSettings(),
+        id: generateDatabaseId('org_setting'),
+      },
+    });
+
+    const organisationClaim = await tx.organisationClaim.create({
+      data: {
+        id: generateDatabaseId('org_claim'),
+        originalSubscriptionClaimId: claim.id,
+        ...createOrganisationClaimUpsertData(claim),
+      },
+    });
+
+    const orgIdAndUrl = prefixedId('org');
+
+    const organisation = await tx.organisation
+      .create({
+        data: {
+          id: orgIdAndUrl,
+          name,
+          type,
+          url: url || orgIdAndUrl,
+          ownerUserId: userId,
+          organisationGlobalSettingsId: organisationSetting.id,
+          organisationClaimId: organisationClaim.id,
+          groups: {
+            create: ORGANISATION_INTERNAL_GROUPS.map((group) => ({
+              ...group,
+              id: generateDatabaseId('org_group'),
+            })),
+          },
+          customerId,
+        },
+        include: {
+          groups: true,
+        },
+      })
+      .catch((err) => {
+        if (err.code === 'P2002') {
+          throw new AppError(AppErrorCode.ALREADY_EXISTS, {
+            message: 'Organisation URL already exists',
+          });
+        }
+
+        throw err;
+      });
+
+    const adminGroup = organisation.groups.find(
+      (group) => group.organisationRole === OrganisationMemberRole.ADMIN,
+    );
+
+    if (!adminGroup) {
+      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
+        message: 'Admin group not found',
+      });
+    }
+
+    await tx.organisationMember.create({
+      data: {
+        id: generateDatabaseId('member'),
+        userId,
+        organisationId: organisation.id,
+        organisationGroupMembers: {
+          create: {
+            id: generateDatabaseId('group_member'),
+            groupId: adminGroup.id,
+          },
+        },
+      },
+    });
+
+    return organisation;
+  });
+};
+
+type CreatePersonalOrganisationOptions = {
+  userId: number;
+  orgUrl?: string;
+  throwErrorOnOrganisationCreationFailure?: boolean;
+  inheritMembers?: boolean;
+  type?: OrganisationType;
+};
+
+export const createPersonalOrganisation = async ({
+  userId,
+  orgUrl,
+  throwErrorOnOrganisationCreationFailure = false,
+  inheritMembers = true,
+  type = OrganisationType.PERSONAL,
+}: CreatePersonalOrganisationOptions) => {
+  const organisation = await createOrganisation({
+    name: 'Personal Organisation',
+    userId,
+    url: orgUrl,
+    type,
+    claim: internalClaims[INTERNAL_CLAIM_ID.FREE],
+  }).catch((err) => {
+    console.error(err);
+
+    if (throwErrorOnOrganisationCreationFailure) {
+      throw err;
+    }
+
+    // Todo: (LOGS)
+  });
+
+  if (organisation) {
+    await createTeam({
+      userId,
+      teamName: 'Personal Team',
+      teamUrl: prefixedId('personal'),
+      organisationId: organisation.id,
+      inheritMembers,
+    }).catch((err) => {
+      console.error(err);
+
+      // Todo: (LOGS)
+    });
+  }
+
+  return organisation;
+};
+
+export const createOrganisationClaimUpsertData = (subscriptionClaim: InternalClaim) => {
+  // Done like this to ensure type errors are thrown if items are added.
+  const data: Omit<
+    Prisma.SubscriptionClaimCreateInput,
+    'id' | 'createdAt' | 'updatedAt' | 'locked' | 'name'
+  > = {
+    flags: {
+      ...subscriptionClaim.flags,
+    },
+    teamCount: subscriptionClaim.teamCount,
+    memberCount: subscriptionClaim.memberCount,
+  };
+
+  return {
+    ...data,
+  };
+};
--- a/packages/lib/server-only/organisation/get-organisation-claims.ts
+++ b/packages/lib/server-only/organisation/get-organisation-claims.ts
@ -0,0 +1,39 @@
+import { prisma } from '@documenso/prisma';
+
+import { AppError, AppErrorCode } from '../../errors/app-error';
+
+export const getOrganisationClaim = async ({ organisationId }: { organisationId: string }) => {
+  const organisationClaim = await prisma.organisationClaim.findFirst({
+    where: {
+      organisation: {
+        id: organisationId,
+      },
+    },
+  });
+
+  if (!organisationClaim) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  return organisationClaim;
+};
+
+export const getOrganisationClaimByTeamId = async ({ teamId }: { teamId: number }) => {
+  const organisationClaim = await prisma.organisationClaim.findFirst({
+    where: {
+      organisation: {
+        teams: {
+          some: {
+            id: teamId,
+          },
+        },
+      },
+    },
+  });
+
+  if (!organisationClaim) {
+    throw new AppError(AppErrorCode.NOT_FOUND);
+  }
+
+  return organisationClaim;
+};