feat: add organisations (#1820)

2025-11-13 08:13:56 +10:00 · 2025-06-10 11:49:52 +10:00
parent 0b37f19641
commit e6dc237ad2
631 changed files with 37616 additions and 25695 deletions
--- a/packages/lib/server-only/recipient/create-template-recipients.ts
+++ b/packages/lib/server-only/recipient/create-template-recipients.ts
@ -1,7 +1,6 @@
 import { RecipientRole } from '@prisma/client';
 import { SendStatus, SigningStatus } from '@prisma/client';

-import { isUserEnterprise } from '@documenso/ee/server-only/util/is-document-enterprise';
 import type { TRecipientAccessAuthTypes } from '@documenso/lib/types/document-auth';
 import { type TRecipientActionAuthTypes } from '@documenso/lib/types/document-auth';
 import { nanoid } from '@documenso/lib/universal/id';
@ -9,10 +8,11 @@ import { createRecipientAuthOptions } from '@documenso/lib/utils/document-auth';
 import { prisma } from '@documenso/prisma';

 import { AppError, AppErrorCode } from '../../errors/app-error';
+import { buildTeamWhereQuery } from '../../utils/teams';

 export interface CreateTemplateRecipientsOptions {
  userId: number;
-  teamId?: number;
+  teamId: number;
  templateId: number;
  recipients: {
    email: string;
@ -33,24 +33,19 @@ export const createTemplateRecipients = async ({
  const template = await prisma.template.findFirst({
    where: {
      id: templateId,
-      ...(teamId
-        ? {
-            team: {
-              id: teamId,
-              members: {
-                some: {
-                  userId,
-                },
-              },
-            },
-          }
-        : {
-            userId,
-            teamId: null,
-          }),
+      team: buildTeamWhereQuery({ teamId, userId }),
    },
    include: {
      recipients: true,
+      team: {
+        select: {
+          organisation: {
+            select: {
+              organisationClaim: true,
+            },
+          },
+        },
+      },
    },
  });

@ -65,17 +60,10 @@ export const createTemplateRecipients = async ({
  );

  // Check if user has permission to set the global action auth.
-  if (recipientsHaveActionAuth) {
-    const isEnterprise = await isUserEnterprise({
-      userId,
-      teamId,
+  if (recipientsHaveActionAuth && !template.team.organisation.organisationClaim.flags.cfr21) {
+    throw new AppError(AppErrorCode.UNAUTHORIZED, {
+      message: 'You do not have permission to set the action auth',
    });
-
-    if (!isEnterprise) {
-      throw new AppError(AppErrorCode.UNAUTHORIZED, {
-        message: 'You do not have permission to set the action auth',
-      });
-    }
  }

  const normalizedRecipients = recipientsToCreate.map((recipient) => ({