fix: reauth, etc

fix: allow direct template recipient dictation (#2108 )
chore: add code styleguide (#2089 )
2025-11-14 00:32:43 +10:00 · 2025-11-03 16:16:50 +11:00 · 2025-11-01 12:44:34 +11:00 · 2025-10-28 22:25:27 +11:00 · 2025-10-28 21:16:12 +11:00 · 2025-10-28 21:09:38 +11:00
36 changed files with 1991 additions and 269 deletions
--- a/CODE_STYLE.md
+++ b/CODE_STYLE.md
@ -0,0 +1,692 @@
 # Documenso Code Style Guide
 This document captures the code style, patterns, and conventions used in the Documenso codebase. It covers both enforceable rules and subjective "taste" elements that make our code consistent and maintainable.
 ## Table of Contents
 1. [General Principles](#general-principles)
 2. [TypeScript Conventions](#typescript-conventions)
 3. [Imports & Dependencies](#imports--dependencies)
 4. [Functions & Methods](#functions--methods)
 5. [React & Components](#react--components)
 6. [Error Handling](#error-handling)
 7. [Async/Await Patterns](#asyncawait-patterns)
 8. [Whitespace & Formatting](#whitespace--formatting)
 9. [Naming Conventions](#naming-conventions)
 10. [Pattern Matching](#pattern-matching)
 11. [Database & Prisma](#database--prisma)
 12. [TRPC Patterns](#trpc-patterns)
 ---
 ## General Principles
 - **Functional over Object-Oriented**: Prefer functional programming patterns over classes
 - **Explicit over Implicit**: Be explicit about types, return values, and error cases
 - **Early Returns**: Use guard clauses and early returns to reduce nesting
 - **Immutability**: Favor `const` over `let`; avoid mutation where possible
 ---
 ## TypeScript Conventions
 ### Type Definitions
 ```typescript
 // ✅ Prefer `type` over `interface`
 type CreateDocumentOptions = {
  templateId: number;
  userId: number;
  recipients: Recipient[];
 };
 // ❌ Avoid interfaces unless absolutely necessary
 interface CreateDocumentOptions {
  templateId: number;
 }
 ```
 ### Type Imports
 ```typescript
 // ✅ Use `type` keyword for type-only imports
 import type { Document, Recipient } from '@prisma/client';
 import { DocumentStatus } from '@prisma/client';
 // Types in function signatures
 export const findDocuments = async ({ userId, teamId }: FindDocumentsOptions) => {
  // ...
 };
 ```
 ### Inline Types for Function Parameters
 ```typescript
 // ✅ Extract inline types to named types
 type FinalRecipient = Pick<Recipient, 'name' | 'email' | 'role' | 'authOptions'> & {
  templateRecipientId: number;
  fields: Field[];
 };
 const finalRecipients: FinalRecipient[] = [];
 ```
 ---
 ## Imports & Dependencies
 ### Import Organization
 Imports should be organized in the following order with blank lines between groups:
 ```typescript
 // 1. React imports
 import { useCallback, useEffect, useMemo } from 'react';
 // 2. Third-party library imports (alphabetically)
 import { zodResolver } from '@hookform/resolvers/zod';
 import { Trans } from '@lingui/react/macro';
 import type { Document, Recipient } from '@prisma/client';
 import { DocumentStatus, RecipientRole } from '@prisma/client';
 import { match } from 'ts-pattern';
 // 3. Internal package imports (from @documenso/*)
 import { AppError } from '@documenso/lib/errors/app-error';
 import { prisma } from '@documenso/prisma';
 import { Button } from '@documenso/ui/primitives/button';
 // 4. Relative imports
 import { getTeamById } from '../team/get-team';
 import type { FindResultResponse } from './types';
 ```
 ### Destructuring Imports
 ```typescript
 // ✅ Destructure specific exports
 // ✅ Use type imports for types
 import type { Document } from '@prisma/client';
 import { Button } from '@documenso/ui/primitives/button';
 import { Input } from '@documenso/ui/primitives/input';
 ```
 ---
 ## Functions & Methods
 ### Arrow Functions
 ```typescript
 // ✅ Always use arrow functions for functions
 export const createDocument = async ({
  userId,
  title,
 }: CreateDocumentOptions) => {
  // ...
 };
 // ✅ Callbacks and handlers
 const onSubmit = useCallback(async () => {
  // ...
 }, [dependencies]);
 // ❌ Avoid regular function declarations
 function createDocument() {
  // ...
 }
 ```
 ### Function Parameters
 ```typescript
 // ✅ Use destructured object parameters for multiple params
 export const findDocuments = async ({
  userId,
  teamId,
  status = ExtendedDocumentStatus.ALL,
  page = 1,
  perPage = 10,
 }: FindDocumentsOptions) => {
  // ...
 };
 // ✅ Destructure on separate line when needed
 const onFormSubmit = form.handleSubmit(onSubmit);
 // ✅ Deconstruct nested properties explicitly
 const { user } = ctx;
 const { templateId } = input;
 ```
 ---
 ## React & Components
 ### Component Definition
 ```typescript
 // ✅ Use const with arrow function
 export const AddSignersFormPartial = ({
  documentFlow,
  recipients,
  fields,
  onSubmit,
 }: AddSignersFormProps) => {
  // ...
 };
 // ❌ Never use classes
 class MyComponent extends React.Component {
  // ...
 }
 ```
 ### Hooks
 ```typescript
 // ✅ Group related hooks together with blank line separation
 const { _ } = useLingui();
 const { toast } = useToast();
 const { currentStep, totalSteps, previousStep } = useStep();
 const form = useForm<TFormSchema>({
  resolver: zodResolver(ZFormSchema),
  defaultValues: {
    // ...
  },
 });
 ```
 ### Event Handlers
 ```typescript
 // ✅ Use arrow functions with descriptive names
 const onFormSubmit = async () => {
  await form.trigger();
  // ...
 };
 const onFieldCopy = useCallback(
  (event?: KeyboardEvent | null) => {
    event?.preventDefault();
    // ...
  },
  [dependencies],
 );
 // ✅ Inline handlers for simple operations
 <Button onClick={() => setOpen(false)}>Close</Button>
 ```
 ### State Management
 ```typescript
 // ✅ Descriptive state names with auxiliary verbs
 const [isLoading, setIsLoading] = useState(false);
 const [hasError, setHasError] = useState(false);
 const [showAdvancedSettings, setShowAdvancedSettings] = useState(false);
 // ✅ Complex state in single useState when related
 const [coords, setCoords] = useState({
  x: 0,
  y: 0,
 });
 ```
 ---
 ## Error Handling
 ### Try-Catch Blocks
 ```typescript
 // ✅ Use try-catch for operations that might fail
 try {
  const document = await getDocumentById({
    documentId: Number(documentId),
    userId: user.id,
  });
  return {
    status: 200,
    body: document,
  };
 } catch (err) {
  return {
    status: 404,
    body: {
      message: 'Document not found',
    },
  };
 }
 ```
 ### Throwing Errors
 ```typescript
 // ✅ Use AppError for application errors
 throw new AppError(AppErrorCode.NOT_FOUND, {
  message: 'Template not found',
 });
 // ✅ Use descriptive error messages
 if (!template) {
  throw new AppError(AppErrorCode.NOT_FOUND, {
    message: `Template with ID ${templateId} not found`,
  });
 }
 ```
 ### Error Parsing on Frontend
 ```typescript
 // ✅ Parse errors on the frontend
 try {
  await updateOrganisation({ organisationId, data });
 } catch (err) {
  const error = AppError.parseError(err);
  console.error(error);
  toast({
    title: t`An error occurred`,
    description: error.message,
    variant: 'destructive',
  });
 }
 ```
 ---
 ## Async/Await Patterns
 ### Async Function Definitions
 ```typescript
 // ✅ Mark async functions clearly
 export const createDocument = async ({
  userId,
  title,
 }: Options): Promise<Document> => {
  // ...
 };
 // ✅ Use await for promises
 const document = await prisma.document.create({ data });
 // ✅ Use Promise.all for parallel operations
 const [document, recipients] = await Promise.all([
  getDocumentById({ documentId }),
  getRecipientsForDocument({ documentId }),
 ]);
 ```
 ### Void for Fire-and-Forget
 ```typescript
 // ✅ Use void for intentionally unwaited promises
 void handleAutoSave();
 // ✅ Or in event handlers
 onClick={() => void onFormSubmit()}
 ```
 ---
 ## Whitespace & Formatting
 ### Blank Lines Between Concepts
 ```typescript
 // ✅ Blank line after imports
 import { prisma } from '@documenso/prisma';
 export const findDocuments = async () => {
  // ...
 };
 // ✅ Blank line between logical sections
 const user = await prisma.user.findFirst({ where: { id: userId } });
 let team = null;
 if (teamId !== undefined) {
  team = await getTeamById({ userId, teamId });
 }
 // ✅ Blank line before return statements
 const result = await someOperation();
 return result;
 ```
 ### Function/Method Spacing
 ```typescript
 // ✅ No blank lines between chained methods in same operation
 const documents = await prisma.document
  .findMany({ where: { userId } })
  .then((docs) => docs.map(maskTokens));
 // ✅ Blank line between different operations
 const document = await createDocument({ userId });
 await sendDocument({ documentId: document.id });
 return document;
 ```
 ### Object and Array Formatting
 ```typescript
 // ✅ Multi-line when complex
 const options = {
  userId,
  teamId,
  status: ExtendedDocumentStatus.ALL,
  page: 1,
 };
 // ✅ Single line when simple
 const coords = { x: 0, y: 0 };
 // ✅ Array items on separate lines when objects
 const recipients = [
  {
    name: 'John',
    email: 'john@example.com',
  },
  {
    name: 'Jane',
    email: 'jane@example.com',
  },
 ];
 ```
 ---
 ## Naming Conventions
 ### Variables
 ```typescript
 // ✅ camelCase for variables and functions
 const documentId = 123;
 const onSubmit = () => {};
 // ✅ Descriptive names with auxiliary verbs for booleans
 const isLoading = false;
 const hasError = false;
 const canEdit = true;
 const shouldRender = true;
 // ✅ Prefix with $ for DOM elements
 const $page = document.querySelector('.page');
 const $inputRef = useRef<HTMLInputElement>(null);
 ```
 ### Types and Schemas
 ```typescript
 // ✅ PascalCase for types
 type CreateDocumentOptions = {
  userId: number;
 };
 // ✅ Prefix Zod schemas with Z
 const ZCreateDocumentSchema = z.object({
  title: z.string(),
 });
 // ✅ Prefix type from Zod schema with T
 type TCreateDocumentSchema = z.infer<typeof ZCreateDocumentSchema>;
 ```
 ### Constants
 ```typescript
 // ✅ UPPER_SNAKE_CASE for true constants
 const DEFAULT_DOCUMENT_DATE_FORMAT = 'dd/MM/yyyy';
 const MAX_FILE_SIZE = 1024 * 1024 * 5;
 // ✅ camelCase for const variables that aren't "constants"
 const userId = await getUserId();
 ```
 ### Functions
 ```typescript
 // ✅ Verb-based names for functions
 const createDocument = async () => {};
 const findDocuments = async () => {};
 const updateDocument = async () => {};
 const deleteDocument = async () => {};
 // ✅ On prefix for event handlers
 const onSubmit = () => {};
 const onClick = () => {};
 const onFieldCopy = () => {}; // 'on' is also acceptable
 ```
 ### Clarity Over Brevity
 ```typescript
 // ✅ Prefer descriptive names over abbreviations
 const superLongMethodThatIsCorrect = () => {};
 const recipientAuthenticationOptions = {};
 const documentMetadata = {};
 // ❌ Avoid abbreviations that sacrifice clarity
 const supLongMethThatIsCorrect = () => {};
 const recipAuthOpts = {};
 const docMeta = {};
 // ✅ Common abbreviations that are widely understood are acceptable
 const userId = 123;
 const htmlElement = document.querySelector('div');
 const apiResponse = await fetch('/api');
 ```
 ---
 ## Pattern Matching
 ### Using ts-pattern
 ```typescript
 import { match } from 'ts-pattern';
 // ✅ Use match for complex conditionals
 const result = match(status)
  .with(ExtendedDocumentStatus.DRAFT, () => ({
    status: 'draft',
  }))
  .with(ExtendedDocumentStatus.PENDING, () => ({
    status: 'pending',
  }))
  .with(ExtendedDocumentStatus.COMPLETED, () => ({
    status: 'completed',
  }))
  .exhaustive();
 // ✅ Use .otherwise() for default case when not exhaustive
 const value = match(type)
  .with('text', () => 'Text field')
  .with('number', () => 'Number field')
  .otherwise(() => 'Unknown field');
 ```
 ---
 ## Database & Prisma
 ### Query Structure
 ```typescript
 // ✅ Destructure commonly used fields
 const { id, email, name } = user;
 // ✅ Use select to limit returned fields
 const user = await prisma.user.findFirst({
  where: { id: userId },
  select: {
    id: true,
    email: true,
    name: true,
  },
 });
 // ✅ Use include for relations
 const document = await prisma.document.findFirst({
  where: { id: documentId },
  include: {
    recipients: true,
    fields: true,
  },
 });
 ```
 ### Transactions
 ```typescript
 // ✅ Use transactions for related operations
 return await prisma.$transaction(async (tx) => {
  const document = await tx.document.create({ data });
  await tx.field.createMany({ data: fieldsData });
  await tx.documentAuditLog.create({ data: auditData });
  return document;
 });
 ```
 ### Where Clauses
 ```typescript
 // ✅ Build complex where clauses separately
 const whereClause: Prisma.DocumentWhereInput = {
  AND: [
    { userId: user.id },
    { deletedAt: null },
    { status: { in: [DocumentStatus.DRAFT, DocumentStatus.PENDING] } },
  ],
 };
 const documents = await prisma.document.findMany({
  where: whereClause,
 });
 ```
 ---
 ## TRPC Patterns
 ### Router Structure
 ```typescript
 // ✅ Destructure context and input at start
 .query(async ({ input, ctx }) => {
  const { teamId } = ctx;
  const { templateId } = input;
  ctx.logger.info({
    input: { templateId },
  });
  return await getTemplateById({
    id: templateId,
    userId: ctx.user.id,
    teamId,
  });
 });
 ```
 ### Request/Response Schemas
 ```typescript
 // ✅ Name schemas clearly
 const ZCreateDocumentRequestSchema = z.object({
  title: z.string(),
  recipients: z.array(ZRecipientSchema),
 });
 const ZCreateDocumentResponseSchema = z.object({
  documentId: z.number(),
  status: z.string(),
 });
 ```
 ### Error Handling in TRPC
 ```typescript
 // ✅ Catch and transform errors appropriately
 try {
  const result = await createDocument({ userId, data });
  return result;
 } catch (err) {
  return AppError.toRestAPIError(err);
 }
 // ✅ Or throw AppError directly
 if (!template) {
  throw new AppError(AppErrorCode.NOT_FOUND, {
    message: 'Template not found',
  });
 }
 ```
 ---
 ## Additional Patterns
 ### Optional Chaining
 ```typescript
 // ✅ Use optional chaining for potentially undefined values
 const email = user?.email;
 const recipientToken = recipient?.token ?? '';
 // ✅ Use nullish coalescing for defaults
 const pageSize = perPage ?? 10;
 const status = documentStatus ?? DocumentStatus.DRAFT;
 ```
 ### Array Operations
 ```typescript
 // ✅ Use functional array methods
 const activeRecipients = recipients.filter((r) => r.signingStatus === 'SIGNED');
 const recipientEmails = recipients.map((r) => r.email);
 const hasSignedRecipients = recipients.some((r) => r.signingStatus === 'SIGNED');
 // ✅ Use find instead of filter + [0]
 const recipient = recipients.find((r) => r.id === recipientId);
 ```
 ### Conditional Rendering
 ```typescript
 // ✅ Use && for conditional rendering
 {isLoading && <Loader />}
 // ✅ Use ternary for either/or
 {isLoading ? <Loader /> : <Content />}
 // ✅ Extract complex conditions to variables
 const shouldShowAdvanced = isAdmin && hasPermission && !isDisabled;
 {shouldShowAdvanced && <AdvancedSettings />}
 ```
 ---
 ## When in Doubt
 - **Consistency**: Follow the patterns you see in similar files
 - **Readability**: Favor code that's easy to read over clever one-liners
 - **Explicitness**: Be explicit rather than implicit
 - **Whitespace**: Use blank lines to separate logical sections
 - **Early Returns**: Use guard clauses to reduce nesting
 - **Functional**: Prefer functional patterns over imperative ones
--- a/apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
+++ b/apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
@ -0,0 +1,218 @@
 import { useEffect, useState } from 'react';
 import { zodResolver } from '@hookform/resolvers/zod';
 import { useLingui } from '@lingui/react/macro';
 import { Trans } from '@lingui/react/macro';
 import { OrganisationMemberRole } from '@prisma/client';
 import type * as DialogPrimitive from '@radix-ui/react-dialog';
 import { useForm } from 'react-hook-form';
 import { useNavigate } from 'react-router';
 import { match } from 'ts-pattern';
 import { z } from 'zod';
 import { getHighestOrganisationRoleInGroup } from '@documenso/lib/utils/organisations';
 import { trpc } from '@documenso/trpc/react';
 import type { TGetAdminOrganisationResponse } from '@documenso/trpc/server/admin-router/get-admin-organisation.types';
 import { Button } from '@documenso/ui/primitives/button';
 import {
  Dialog,
  DialogContent,
  DialogDescription,
  DialogFooter,
  DialogHeader,
  DialogTitle,
  DialogTrigger,
 } from '@documenso/ui/primitives/dialog';
 import {
  Form,
  FormControl,
  FormField,
  FormItem,
  FormLabel,
  FormMessage,
 } from '@documenso/ui/primitives/form/form';
 import {
  Select,
  SelectContent,
  SelectItem,
  SelectTrigger,
  SelectValue,
 } from '@documenso/ui/primitives/select';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 export type AdminOrganisationMemberUpdateDialogProps = {
  trigger?: React.ReactNode;
  organisationId: string;
  organisationMember: TGetAdminOrganisationResponse['members'][number];
  isOwner: boolean;
 } & Omit<DialogPrimitive.DialogProps, 'children'>;
 const ZUpdateOrganisationMemberFormSchema = z.object({
  role: z.enum(['OWNER', 'ADMIN', 'MANAGER', 'MEMBER']),
 });
 type ZUpdateOrganisationMemberSchema = z.infer<typeof ZUpdateOrganisationMemberFormSchema>;
 export const AdminOrganisationMemberUpdateDialog = ({
  trigger,
  organisationId,
  organisationMember,
  isOwner,
  ...props
 }: AdminOrganisationMemberUpdateDialogProps) => {
  const [open, setOpen] = useState(false);
  const { t } = useLingui();
  const { toast } = useToast();
  const navigate = useNavigate();
  // Determine the current role value for the form
  const currentRoleValue = isOwner
    ? 'OWNER'
    : getHighestOrganisationRoleInGroup(
        organisationMember.organisationGroupMembers.map((ogm) => ogm.group),
      );
  const organisationMemberName = organisationMember.user.name ?? organisationMember.user.email;
  const form = useForm<ZUpdateOrganisationMemberSchema>({
    resolver: zodResolver(ZUpdateOrganisationMemberFormSchema),
    defaultValues: {
      role: currentRoleValue,
    },
  });
  const { mutateAsync: updateOrganisationMemberRole } =
    trpc.admin.organisationMember.updateRole.useMutation();
  const onFormSubmit = async ({ role }: ZUpdateOrganisationMemberSchema) => {
    try {
      await updateOrganisationMemberRole({
        organisationId,
        userId: organisationMember.userId,
        role,
      });
      const roleLabel = match(role)
        .with('OWNER', () => t`Owner`)
        .with(OrganisationMemberRole.ADMIN, () => t`Admin`)
        .with(OrganisationMemberRole.MANAGER, () => t`Manager`)
        .with(OrganisationMemberRole.MEMBER, () => t`Member`)
        .exhaustive();
      toast({
        title: t`Success`,
        description:
          role === 'OWNER'
            ? t`Ownership transferred to ${organisationMemberName}.`
            : t`Updated ${organisationMemberName} to ${roleLabel}.`,
        duration: 5000,
      });
      setOpen(false);
      // Refresh the page to show updated data
      await navigate(0);
    } catch (err) {
      console.error(err);
      toast({
        title: t`An unknown error occurred`,
        description: t`We encountered an unknown error while attempting to update this organisation member. Please try again later.`,
        variant: 'destructive',
      });
    }
  };
  useEffect(() => {
    if (!open) {
      return;
    }
    form.reset({
      role: currentRoleValue,
    });
    // eslint-disable-next-line react-hooks/exhaustive-deps
  }, [open, currentRoleValue, form]);
  return (
    <Dialog
      {...props}
      open={open}
      onOpenChange={(value) => !form.formState.isSubmitting && setOpen(value)}
    >
      <DialogTrigger onClick={(e) => e.stopPropagation()} asChild>
        {trigger ?? (
          <Button variant="secondary">
            <Trans>Update role</Trans>
          </Button>
        )}
      </DialogTrigger>
      <DialogContent position="center">
        <DialogHeader>
          <DialogTitle>
            <Trans>Update organisation member</Trans>
          </DialogTitle>
          <DialogDescription className="mt-4">
            <Trans>
              You are currently updating{' '}
              <span className="font-bold">{organisationMemberName}.</span>
            </Trans>
          </DialogDescription>
        </DialogHeader>
        <Form {...form}>
          <form onSubmit={form.handleSubmit(onFormSubmit)}>
            <fieldset className="flex h-full flex-col" disabled={form.formState.isSubmitting}>
              <FormField
                control={form.control}
                name="role"
                render={({ field }) => (
                  <FormItem className="w-full">
                    <FormLabel required>
                      <Trans>Role</Trans>
                    </FormLabel>
                    <FormControl>
                      <Select {...field} onValueChange={field.onChange}>
                        <SelectTrigger className="text-muted-foreground">
                          <SelectValue />
                        </SelectTrigger>
                        <SelectContent className="w-full" position="popper">
                          <SelectItem value="OWNER">
                            <Trans>Owner</Trans>
                          </SelectItem>
                          <SelectItem value={OrganisationMemberRole.ADMIN}>
                            <Trans>Admin</Trans>
                          </SelectItem>
                          <SelectItem value={OrganisationMemberRole.MANAGER}>
                            <Trans>Manager</Trans>
                          </SelectItem>
                          <SelectItem value={OrganisationMemberRole.MEMBER}>
                            <Trans>Member</Trans>
                          </SelectItem>
                        </SelectContent>
                      </Select>
                    </FormControl>
                    <FormMessage />
                  </FormItem>
                )}
              />
              <DialogFooter className="mt-4">
                <Button type="button" variant="secondary" onClick={() => setOpen(false)}>
                  <Trans>Cancel</Trans>
                </Button>
                <Button type="submit" loading={form.formState.isSubmitting}>
                  <Trans>Update</Trans>
                </Button>
              </DialogFooter>
            </fieldset>
          </form>
        </Form>
      </DialogContent>
    </Dialog>
  );
 };
--- a/apps/remix/app/components/forms/editor/editor-field-text-form.tsx
+++ b/apps/remix/app/components/forms/editor/editor-field-text-form.tsx
@ -152,6 +152,18 @@ export const EditorFieldTextForm = ({
                    className="h-auto"
                    placeholder={t`Add text to the field`}
                    {...field}
                    onChange={(e) => {
                      const values = form.getValues();
                      const characterLimit = values.characterLimit || 0;
                      let textValue = e.target.value;
                      if (characterLimit > 0 && textValue.length > characterLimit) {
                        textValue = textValue.slice(0, characterLimit);
                      }
                      e.target.value = textValue;
                      field.onChange(e);
                    }}
                    rows={1}
                  />
                </FormControl>
@ -175,6 +187,18 @@ export const EditorFieldTextForm = ({
                    className="bg-background"
                    placeholder={t`Field character limit`}
                    {...field}
                    onChange={(e) => {
                      field.onChange(e);
                      const values = form.getValues();
                      const characterLimit = parseInt(e.target.value, 10) || 0;
                      const textValue = values.text || '';
                      if (characterLimit > 0 && textValue.length > characterLimit) {
                        form.setValue('text', textValue.slice(0, characterLimit));
                      }
                    }}
                  />
                </FormControl>
                <FormMessage />
--- a/apps/remix/app/components/general/direct-template/direct-template-page.tsx
+++ b/apps/remix/app/components/general/direct-template/direct-template-page.tsx
@ -89,7 +89,10 @@ export const DirectTemplatePageView = ({
    setStep('sign');
  };
-  const onSignDirectTemplateSubmit = async (fields: DirectTemplateLocalField[]) => {
+  const onSignDirectTemplateSubmit = async (
    fields: DirectTemplateLocalField[],
    nextSigner?: { name: string; email: string },
  ) => {
    try {
      let directTemplateExternalId = searchParams?.get('externalId') || undefined;
@ -98,6 +101,7 @@ export const DirectTemplatePageView = ({
      }
      const { token } = await createDocumentFromDirectTemplate({
        nextSigner,
        directTemplateToken,
        directTemplateExternalId,
        directRecipientName: fullName,
--- a/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
+++ b/apps/remix/app/components/general/direct-template/direct-template-signing-form.tsx
@ -55,10 +55,13 @@ import { DocumentSigningRecipientProvider } from '../document-signing/document-s
 export type DirectTemplateSigningFormProps = {
  flowStep: DocumentFlowStep;
-  directRecipient: Pick<Recipient, 'authOptions' | 'email' | 'role' | 'name' | 'token'>;
+  directRecipient: Pick<Recipient, 'authOptions' | 'email' | 'role' | 'name' | 'token' | 'id'>;
  directRecipientFields: Field[];
  template: Omit<TTemplate, 'user'>;
-  onSubmit: (_data: DirectTemplateLocalField[]) => Promise<void>;
+  onSubmit: (
    _data: DirectTemplateLocalField[],
    _nextSigner?: { name: string; email: string },
  ) => Promise<void>;
 };
 export type DirectTemplateLocalField = Field & {
@ -149,7 +152,7 @@ export const DirectTemplateSigningForm = ({
    validateFieldsInserted(fieldsRequiringValidation);
  };
-  const handleSubmit = async () => {
+  const handleSubmit = async (nextSigner?: { name: string; email: string }) => {
    setValidateUninsertedFields(true);
    const isFieldsValid = validateFieldsInserted(fieldsRequiringValidation);
@ -161,7 +164,7 @@ export const DirectTemplateSigningForm = ({
    setIsSubmitting(true);
    try {
-      await onSubmit(localFields);
+      await onSubmit(localFields, nextSigner);
    } catch {
      setIsSubmitting(false);
    }
@ -218,6 +221,30 @@ export const DirectTemplateSigningForm = ({
    setLocalFields(updatedFields);
  }, []);
  const nextRecipient = useMemo(() => {
    if (
      !template.templateMeta?.signingOrder ||
      template.templateMeta.signingOrder !== 'SEQUENTIAL' ||
      !template.templateMeta.allowDictateNextSigner
    ) {
      return undefined;
    }
    const sortedRecipients = template.recipients.sort((a, b) => {
      // Sort by signingOrder first (nulls last), then by id
      if (a.signingOrder === null && b.signingOrder === null) return a.id - b.id;
      if (a.signingOrder === null) return 1;
      if (b.signingOrder === null) return -1;
      if (a.signingOrder === b.signingOrder) return a.id - b.id;
      return a.signingOrder - b.signingOrder;
    });
    const currentIndex = sortedRecipients.findIndex((r) => r.id === directRecipient.id);
    return currentIndex !== -1 && currentIndex < sortedRecipients.length - 1
      ? sortedRecipients[currentIndex + 1]
      : undefined;
  }, [template.templateMeta?.signingOrder, template.recipients, directRecipient.id]);
  return (
    <DocumentSigningRecipientProvider recipient={directRecipient}>
      <DocumentFlowFormContainerHeader title={flowStep.title} description={flowStep.description} />
@ -417,11 +444,15 @@ export const DirectTemplateSigningForm = ({
          <DocumentSigningCompleteDialog
            isSubmitting={isSubmitting}
-            onSignatureComplete={async () => handleSubmit()}
+            onSignatureComplete={async (nextSigner) => handleSubmit(nextSigner)}
            documentTitle={template.title}
            fields={localFields}
            fieldsValidated={fieldsValidated}
            recipient={directRecipient}
            allowDictateNextSigner={nextRecipient && template.templateMeta?.allowDictateNextSigner}
            defaultNextSigner={
              nextRecipient ? { name: nextRecipient.name, email: nextRecipient.email } : undefined
            }
          />
        </div>
      </DocumentFlowFormContainerFooter>
--- a/apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-auth-page.tsx
@ -9,7 +9,7 @@ import { Button } from '@documenso/ui/primitives/button';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 export type DocumentSigningAuthPageViewProps = {
-  email: string;
+  email?: string;
  emailHasAccount?: boolean;
 };
@ -22,12 +22,18 @@ export const DocumentSigningAuthPageView = ({
  const [isSigningOut, setIsSigningOut] = useState(false);
-  const handleChangeAccount = async (email: string) => {
+  const handleChangeAccount = async (email?: string) => {
    try {
      setIsSigningOut(true);
      let redirectPath = '/signin';
      if (email) {
        redirectPath = emailHasAccount ? `/signin#email=${email}` : `/signup#email=${email}`;
      }
      await authClient.signOut({
-        redirectPath: emailHasAccount ? `/signin#email=${email}` : `/signup#email=${email}`,
+        redirectPath,
      });
    } catch {
      toast({
@ -49,9 +55,13 @@ export const DocumentSigningAuthPageView = ({
        </h1>
        <p className="text-muted-foreground mt-2 text-sm">
-          <Trans>
+          {email ? (
-            You need to be logged in as <strong>{email}</strong> to view this page.
+            <Trans>
-          </Trans>
+              You need to be logged in as <strong>{email}</strong> to view this page.
            </Trans>
          ) : (
            <Trans>You need to be logged in to view this page.</Trans>
          )}
        </p>
        <Button
--- a/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx
@ -24,7 +24,10 @@ type PasskeyData = {
  isError: boolean;
 };
-type SigningAuthRecipient = Pick<Recipient, 'authOptions' | 'email' | 'role' | 'name' | 'token'>;
+type SigningAuthRecipient = Pick<
  Recipient,
  'authOptions' | 'email' | 'role' | 'name' | 'token' | 'id'
 >;
 export type DocumentSigningAuthContextValue = {
  executeActionAuthProcedure: (_value: ExecuteActionAuthProcedureOptions) => Promise<void>;
--- a/apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
+++ b/apps/remix/app/components/general/document-signing/document-signing-complete-dialog.tsx
@ -304,7 +304,6 @@ export const DocumentSigningCompleteDialog = ({
                <form onSubmit={form.handleSubmit(onFormSubmit)}>
                  {allowDictateNextSigner && defaultNextSigner && (
                    <div className="mb-4 flex flex-col gap-4">
                      {/* Todo: Envelopes - Should we say "The next recipient to sign this document will be"? */}
                      <div className="flex flex-col gap-4 md:flex-row">
                        <FormField
                          control={form.control}
--- a/apps/remix/app/components/general/document-signing/envelope-signing-provider.tsx
+++ b/apps/remix/app/components/general/document-signing/envelope-signing-provider.tsx
@ -13,6 +13,7 @@ import { prop, sortBy } from 'remeda';
 import { isBase64Image } from '@documenso/lib/constants/signatures';
 import { DO_NOT_INVALIDATE_QUERY_ON_MUTATION } from '@documenso/lib/constants/trpc';
 import type { EnvelopeForSigningResponse } from '@documenso/lib/server-only/envelope/get-envelope-for-recipient-signing';
 import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
 import {
  isFieldUnsignedAndRequired,
  isRequiredField,
@ -51,7 +52,11 @@ export type EnvelopeSigningContextValue = {
  setSelectedAssistantRecipientId: (_value: number | null) => void;
  selectedAssistantRecipient: EnvelopeForSigningResponse['envelope']['recipients'][number] | null;
-  signField: (_fieldId: number, _value: TSignEnvelopeFieldValue) => Promise<void>;
+  signField: (
    _fieldId: number,
    _value: TSignEnvelopeFieldValue,
    authOptions?: TRecipientActionAuth,
  ) => Promise<void>;
 };
 const EnvelopeSigningContext = createContext<EnvelopeSigningContextValue | null>(null);
@ -284,9 +289,11 @@ export const EnvelopeSigningProvider = ({
      : null;
  }, [envelope.documentMeta?.signingOrder, envelope.recipients, recipient.id]);
-  const signField = async (fieldId: number, fieldValue: TSignEnvelopeFieldValue) => {
+  const signField = async (
-    console.log('insertField', fieldId, fieldValue);
+    fieldId: number,
-
+    fieldValue: TSignEnvelopeFieldValue,
    authOptions?: TRecipientActionAuth,
  ) => {
    // Set the field locally for direct templates.
    if (isDirectTemplate) {
      handleDirectTemplateFieldInsertion(fieldId, fieldValue);
@ -297,7 +304,7 @@ export const EnvelopeSigningProvider = ({
      token: envelopeData.recipient.token,
      fieldId,
      fieldValue,
-      authOptions: undefined,
+      authOptions,
    });
  };
--- a/apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page-renderer.tsx
+++ b/apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page-renderer.tsx
@ -103,7 +103,6 @@ export default function EnvelopeEditorFieldsPageRenderer() {
      fieldUpdates.height = fieldPageHeight;
    }
    // Todo: envelopes Use id
    editorFields.updateFieldByFormId(fieldFormId, fieldUpdates);
    // Select the field if it is not already selected.
--- a/apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+++ b/apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
@ -27,7 +27,8 @@ import type {
 import { canRecipientFieldsBeModified } from '@documenso/lib/utils/recipients';
 import { AnimateGenericFadeInOut } from '@documenso/ui/components/animate/animate-generic-fade-in-out';
 import PDFViewerKonvaLazy from '@documenso/ui/components/pdf-viewer/pdf-viewer-konva-lazy';
-import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
+import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';
 import { Button } from '@documenso/ui/primitives/button';
 import { RecipientSelector } from '@documenso/ui/primitives/recipient-selector';
 import { Separator } from '@documenso/ui/primitives/separator';
@ -112,7 +113,29 @@ export const EnvelopeEditorFieldsPage = () => {
        <EnvelopeRendererFileSelector fields={editorFields.localFields} />
        {/* Document View */}
-        <div className="mt-4 flex h-full justify-center p-4">
+        <div className="mt-4 flex flex-col items-center justify-center">
          {envelope.recipients.length === 0 && (
            <Alert
              variant="neutral"
              className="border-border bg-background mb-4 flex max-w-[800px] flex-row items-center justify-between space-y-0 rounded-sm border"
            >
              <div className="flex flex-col gap-1">
                <AlertTitle>
                  <Trans>Missing Recipients</Trans>
                </AlertTitle>
                <AlertDescription>
                  <Trans>You need at least one recipient to add fields</Trans>
                </AlertDescription>
              </div>
              <Button asChild variant="outline">
                <Link to={`${relativePath.editorPath}`}>
                  <Trans>Add Recipients</Trans>
                </Link>
              </Button>
            </Alert>
          )}
          {currentEnvelopeItem !== null ? (
            <PDFViewerKonvaLazy customPageRenderer={EnvelopeEditorFieldsPageRenderer} />
          ) : (
@ -130,7 +153,7 @@ export const EnvelopeEditorFieldsPage = () => {
      </div>
      {/* Right Section - Form Fields Panel */}
-      {currentEnvelopeItem && (
+      {currentEnvelopeItem && envelope.recipients.length > 0 && (
        <div className="bg-background border-border sticky top-0 h-full w-80 flex-shrink-0 overflow-y-auto border-l py-4">
          {/* Recipient selector section. */}
          <section className="px-4">
@ -138,29 +161,15 @@ export const EnvelopeEditorFieldsPage = () => {
              <Trans>Selected Recipient</Trans>
            </h3>
-            {envelope.recipients.length === 0 ? (
+            <RecipientSelector
-              <Alert variant="warning">
+              selectedRecipient={editorFields.selectedRecipient}
-                <AlertDescription className="flex flex-col gap-2">
+              onSelectedRecipientChange={(recipient) =>
-                  <Trans>You need at least one recipient to add fields</Trans>
+                editorFields.setSelectedRecipient(recipient.id)
-
+              }
-                  <Link to={`${relativePath.editorPath}`} className="text-sm">
+              recipients={envelope.recipients}
-                    <p>
+              className="w-full"
-                      <Trans>Click here to add a recipient</Trans>
+              align="end"
-                    </p>
+            />
                  </Link>
                </AlertDescription>
              </Alert>
            ) : (
              <RecipientSelector
                selectedRecipient={editorFields.selectedRecipient}
                onSelectedRecipientChange={(recipient) =>
                  editorFields.setSelectedRecipient(recipient.id)
                }
                recipients={envelope.recipients}
                className="w-full"
                align="end"
              />
            )}
            {editorFields.selectedRecipient &&
              !canRecipientFieldsBeModified(editorFields.selectedRecipient, envelope.fields) && (
--- a/apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
+++ b/apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
@ -323,7 +323,7 @@ export const EnvelopeEditorSettingsDialog = ({
      <DialogContent className="flex w-full !max-w-5xl flex-row gap-0 p-0">
        {/* Sidebar. */}
-        <div className="flex w-80 flex-col border-r bg-gray-50">
+        <div className="bg-accent/20 flex w-80 flex-col border-r">
          <DialogHeader className="p-6 pb-4">
            <DialogTitle>Document Settings</DialogTitle>
          </DialogHeader>
--- a/apps/remix/app/components/general/envelope-editor/envelope-editor-upload-page.tsx
+++ b/apps/remix/app/components/general/envelope-editor/envelope-editor-upload-page.tsx
@ -203,7 +203,6 @@ export const EnvelopeEditorUploadPage = () => {
    debouncedUpdateEnvelopeItems(items);
  };
  // Todo: Envelopes - Sync into envelopes data
  const debouncedUpdateEnvelopeItems = useDebounceFunction((files: LocalFile[]) => {
    void updateEnvelopeItems({
      envelopeId: envelope.id,
--- a/apps/remix/app/components/general/envelope-signing/envelope-signer-page-renderer.tsx
+++ b/apps/remix/app/components/general/envelope-signing/envelope-signer-page-renderer.tsx
@ -10,14 +10,17 @@ import { usePageRenderer } from '@documenso/lib/client-only/hooks/use-page-rende
 import { useCurrentEnvelopeRender } from '@documenso/lib/client-only/providers/envelope-render-provider';
 import { useOptionalSession } from '@documenso/lib/client-only/providers/session';
 import { DIRECT_TEMPLATE_RECIPIENT_EMAIL } from '@documenso/lib/constants/direct-templates';
 import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth';
 import { ZFullFieldSchema } from '@documenso/lib/types/field';
 import { createSpinner } from '@documenso/lib/universal/field-renderer/field-generic-items';
 import { renderField } from '@documenso/lib/universal/field-renderer/render-field';
 import { isFieldUnsignedAndRequired } from '@documenso/lib/utils/advanced-fields-helpers';
 import { getClientSideFieldTranslations } from '@documenso/lib/utils/fields';
 import { extractInitials } from '@documenso/lib/utils/recipient-formatter';
 import type { TSignEnvelopeFieldValue } from '@documenso/trpc/server/envelope-router/sign-envelope-field.types';
 import { EnvelopeFieldToolTip } from '@documenso/ui/components/field/envelope-field-tooltip';
 import type { TRecipientColor } from '@documenso/ui/lib/recipient-colors';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 import { handleCheckboxFieldClick } from '~/utils/field-signing/checkbox-field';
 import { handleDropdownFieldClick } from '~/utils/field-signing/dropdown-field';
@ -28,20 +31,24 @@ import { handleNumberFieldClick } from '~/utils/field-signing/number-field';
 import { handleSignatureFieldClick } from '~/utils/field-signing/signature-field';
 import { handleTextFieldClick } from '~/utils/field-signing/text-field';
 import { useRequiredDocumentSigningAuthContext } from '../document-signing/document-signing-auth-provider';
 import { useRequiredEnvelopeSigningContext } from '../document-signing/envelope-signing-provider';
 export default function EnvelopeSignerPageRenderer() {
-  const { i18n } = useLingui();
+  const { t, i18n } = useLingui();
  const { currentEnvelopeItem } = useCurrentEnvelopeRender();
  const { sessionData } = useOptionalSession();
  const { executeActionAuthProcedure } = useRequiredDocumentSigningAuthContext();
  const { toast } = useToast();
  const {
    envelopeData,
    recipient,
    recipientFields,
    recipientFieldsRemaining,
    showPendingFieldTooltip,
-    signField,
+    signField: signFieldInternal,
    email,
    setEmail,
    fullName,
@ -318,7 +325,6 @@ export default function EnvelopeSignerPageRenderer() {
         * SIGNATURE FIELD.
         */
        .with({ type: FieldType.SIGNATURE }, (field) => {
          // Todo: Envelopes - Reauth
          handleSignatureFieldClick({
            field,
            signature,
@ -329,11 +335,21 @@ export default function EnvelopeSignerPageRenderer() {
            .then(async (payload) => {
              if (payload) {
                fieldGroup.add(loadingSpinnerGroup);
                await signField(field.id, payload);
              }
-              if (payload?.value) {
+                if (payload.value) {
-                setSignature(payload.value);
+                  void executeActionAuthProcedure({
                    onReauthFormSubmit: async (authOptions) => {
                      await signField(field.id, payload, authOptions);
                      loadingSpinnerGroup.destroy();
                    },
                    actionTarget: field.type,
                  });
                  setSignature(payload.value);
                } else {
                  await signField(field.id, payload);
                }
              }
            })
            .finally(() => {
@ -347,6 +363,26 @@ export default function EnvelopeSignerPageRenderer() {
    fieldGroup.on('pointerdown', handleFieldGroupClick);
  };
  const signField = async (
    fieldId: number,
    payload: TSignEnvelopeFieldValue,
    authOptions?: TRecipientActionAuth,
  ) => {
    try {
      await signFieldInternal(fieldId, payload, authOptions);
    } catch (err) {
      console.error(err);
      toast({
        title: t`Error`,
        description: t`An error occurred while signing the field.`,
        variant: 'destructive',
      });
      throw err;
    }
  };
  /**
   * Initialize the Konva page canvas and all fields and interactions.
   */
--- a/apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx
+++ b/apps/remix/app/components/general/envelope-signing/envelope-signing-complete-dialog.tsx
@ -127,6 +127,7 @@ export const EnvelopeSignerCompleteDialog = () => {
            isBase64,
          };
        }),
        nextSigner,
      });
      const redirectUrl = envelope.documentMeta.redirectUrl;
--- a/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
+++ b/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx
@ -34,6 +34,7 @@ import { Input } from '@documenso/ui/primitives/input';
 import { Tooltip, TooltipContent, TooltipTrigger } from '@documenso/ui/primitives/tooltip';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 import { AdminOrganisationMemberUpdateDialog } from '~/components/dialogs/admin-organisation-member-update-dialog';
 import { GenericErrorLayout } from '~/components/general/generic-error-layout';
 import { SettingsHeader } from '~/components/general/settings-header';
@ -71,23 +72,6 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen
      },
    });
  const { mutateAsync: promoteToOwner, isPending: isPromotingToOwner } =
    trpc.admin.organisationMember.promoteToOwner.useMutation({
      onSuccess: () => {
        toast({
          title: t`Success`,
          description: t`Member promoted to owner successfully`,
        });
      },
      onError: () => {
        toast({
          title: t`Error`,
          description: t`We couldn't promote the member to owner. Please try again.`,
          variant: 'destructive',
        });
      },
    });
  const teamsColumns = useMemo(() => {
    return [
      {
@ -120,23 +104,24 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen
      },
      {
        header: t`Actions`,
-        cell: ({ row }) => (
+        cell: ({ row }) => {
-          <div className="flex justify-end space-x-2">
+          const isOwner = row.original.userId === organisation?.ownerUserId;
-            <Button
+
-              variant="outline"
+          return (
-              disabled={row.original.userId === organisation?.ownerUserId}
+            <div className="flex justify-end space-x-2">
-              loading={isPromotingToOwner}
+              <AdminOrganisationMemberUpdateDialog
-              onClick={async () =>
+                trigger={
-                promoteToOwner({
+                  <Button variant="outline">
-                  organisationId,
+                    <Trans>Update role</Trans>
-                  userId: row.original.userId,
+                  </Button>
-                })
+                }
-              }
+                organisationId={organisationId}
-            >
+                organisationMember={row.original}
-              <Trans>Promote to owner</Trans>
+                isOwner={isOwner}
-            </Button>
+              />
-          </div>
+            </div>
-        ),
+          );
        },
      },
    ] satisfies DataTableColumnDef<TGetAdminOrganisationResponse['members'][number]>[];
  }, [organisation]);
--- a/apps/remix/app/routes/_recipient+/d.$token+/_index.tsx
+++ b/apps/remix/app/routes/_recipient+/d.$token+/_index.tsx
@ -8,7 +8,6 @@ import { EnvelopeRenderProvider } from '@documenso/lib/client-only/providers/env
 import { useOptionalSession } from '@documenso/lib/client-only/providers/session';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { getEnvelopeForDirectTemplateSigning } from '@documenso/lib/server-only/envelope/get-envelope-for-direct-template-signing';
 import { getEnvelopeRequiredAccessData } from '@documenso/lib/server-only/envelope/get-envelope-required-access-data';
 import { getTemplateByDirectLinkToken } from '@documenso/lib/server-only/template/get-template-by-direct-link-token';
 import { DocumentAccessAuth } from '@documenso/lib/types/document-auth';
 import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
@ -98,15 +97,12 @@ const handleV2Loader = async ({ params, request }: Route.LoaderArgs) => {
        envelopeForSigning,
      } as const;
    })
-    .catch(async (e) => {
+    .catch((e) => {
      const error = AppError.parseError(e);
      if (error.code === AppErrorCode.UNAUTHORIZED) {
        const requiredAccessData = await getEnvelopeRequiredAccessData({ token });
        return {
          isDocumentAccessValid: false,
          ...requiredAccessData,
        } as const;
      }
@ -226,20 +222,21 @@ const DirectSigningPageV2 = ({ data }: { data: Awaited<ReturnType<typeof handleV
  const user = sessionData?.user;
  if (!data.isDocumentAccessValid) {
-    return (
+    return <DocumentSigningAuthPageView email={''} emailHasAccount={true} />;
      <DocumentSigningAuthPageView
        email={data.recipientEmail}
        emailHasAccount={!!data.recipientHasAccount}
      />
    );
  }
  const { envelope, recipient } = data.envelopeForSigning;
  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
    documentAuth: envelope.authOptions,
  });
  const isEmailForced = derivedRecipientAccessAuth.includes(DocumentAccessAuth.ACCOUNT);
  return (
    <EnvelopeSigningProvider
      envelopeData={data.envelopeForSigning}
-      email={''} // Doing this allows us to let users change the email if they want to.
+      email={isEmailForced ? user?.email || '' : ''} // Doing this allows us to let users change the email if they want to for non-auth templates.
      fullName={user?.name}
      signature={user?.signature}
    >
--- a/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts
+++ b/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts
@ -68,15 +68,29 @@ test('[ADMIN]: promote member to owner', async ({ page }) => {
  // Test promoting a MEMBER to owner
  const memberRow = page.getByRole('row', { name: memberUser.email });
-  // Find and click the "Promote to owner" button for the member
+  // Find and click the "Update role" button for the member
-  const promoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  const updateRoleButton = memberRow.getByRole('button', {
-  await expect(promoteButton).toBeVisible();
+    name: 'Update role',
-  await expect(promoteButton).not.toBeDisabled();
+  });
  await expect(updateRoleButton).toBeVisible();
  await expect(updateRoleButton).not.toBeDisabled();
-  await promoteButton.click();
+  await updateRoleButton.click();
-  // Verify success toast appears
+  // Wait for dialog to open and select Owner role
-  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible();
+  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  // Reload the page to see the changes
  await page.reload();
@ -89,12 +103,18 @@ test('[ADMIN]: promote member to owner', async ({ page }) => {
  const previousOwnerRow = page.getByRole('row', { name: ownerUser.email });
  await expect(previousOwnerRow.getByRole('status').filter({ hasText: 'Owner' })).not.toBeVisible();
-  // Verify that the promote button is now disabled for the new owner
+  // Verify that the Update role button exists for the new owner and shows Owner as current role
-  const newOwnerPromoteButton = newOwnerRow.getByRole('button', { name: 'Promote to owner' });
+  const newOwnerUpdateButton = newOwnerRow.getByRole('button', {
-  await expect(newOwnerPromoteButton).toBeDisabled();
+    name: 'Update role',
  });
  await expect(newOwnerUpdateButton).toBeVisible();
-  // Test that we can't promote the current owner (button should be disabled)
+  // Verify clicking it shows the dialog with Owner already selected
-  await expect(newOwnerPromoteButton).toHaveAttribute('disabled');
+  await newOwnerUpdateButton.click();
  await expect(page.getByRole('dialog')).toBeVisible();
  // Close the dialog without making changes
  await page.getByRole('button', { name: 'Cancel' }).click();
 });
 test('[ADMIN]: promote manager to owner', async ({ page }) => {
@ -130,10 +150,26 @@ test('[ADMIN]: promote manager to owner', async ({ page }) => {
  // Promote the manager to owner
  const managerRow = page.getByRole('row', { name: managerUser.email });
-  const promoteButton = managerRow.getByRole('button', { name: 'Promote to owner' });
+  const updateRoleButton = managerRow.getByRole('button', {
    name: 'Update role',
  });
-  await promoteButton.click();
+  await updateRoleButton.click();
-  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible();
+
  // Wait for dialog to open and select Owner role
  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  // Reload and verify the change
  await page.reload();
@ -173,14 +209,27 @@ test('[ADMIN]: promote admin member to owner', async ({ page }) => {
  // Promote the admin member to owner
  const adminMemberRow = page.getByRole('row', { name: adminMemberUser.email });
-  const promoteButton = adminMemberRow.getByRole('button', { name: 'Promote to owner' });
+  const updateRoleButton = adminMemberRow.getByRole('button', {
-
+    name: 'Update role',
  await promoteButton.click();
  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
    timeout: 10_000,
  });
  await updateRoleButton.click();
  // Wait for dialog to open and select Owner role
  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  // Reload and verify the change
  await page.reload();
  await expect(adminMemberRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
@ -249,11 +298,25 @@ test('[ADMIN]: verify role hierarchy after promotion', async ({ page }) => {
  await expect(memberRow.getByRole('status').filter({ hasText: 'Owner' })).not.toBeVisible();
  // Promote member to owner
-  const promoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  const updateRoleButton = memberRow.getByRole('button', {
-  await promoteButton.click();
+    name: 'Update role',
  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
    timeout: 10_000,
  });
  await updateRoleButton.click();
  // Wait for dialog to open and select Owner role
  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  // Reload page to see updated state
  await page.reload();
@ -262,9 +325,11 @@ test('[ADMIN]: verify role hierarchy after promotion', async ({ page }) => {
  memberRow = page.getByRole('row', { name: memberUser.email });
  await expect(memberRow.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
-  // Verify the promote button is now disabled for the new owner
+  // Verify the Update role button exists and shows Owner as current role
-  const newOwnerPromoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  const newOwnerUpdateButton = memberRow.getByRole('button', {
-  await expect(newOwnerPromoteButton).toBeDisabled();
+    name: 'Update role',
  });
  await expect(newOwnerUpdateButton).toBeVisible();
  // Sign in as the newly promoted user to verify they have owner permissions
  await apiSignin({
@ -336,28 +401,56 @@ test('[ADMIN]: multiple promotions in sequence', async ({ page }) => {
  // First promotion: Member 1 becomes owner
  let member1Row = page.getByRole('row', { name: member1User.email });
-  let promoteButton1 = member1Row.getByRole('button', { name: 'Promote to owner' });
+  let updateRoleButton1 = member1Row.getByRole('button', {
-  await promoteButton1.click();
+    name: 'Update role',
  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
    timeout: 10_000,
  });
  await updateRoleButton1.click();
  // Wait for dialog to open and select Owner role
  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  await page.reload();
-  // Verify Member 1 is now owner and button is disabled
+  // Verify Member 1 is now owner
  member1Row = page.getByRole('row', { name: member1User.email });
  await expect(member1Row.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
-  promoteButton1 = member1Row.getByRole('button', { name: 'Promote to owner' });
+  updateRoleButton1 = member1Row.getByRole('button', { name: 'Update role' });
-  await expect(promoteButton1).toBeDisabled();
+  await expect(updateRoleButton1).toBeVisible();
  // Second promotion: Member 2 becomes the new owner
  const member2Row = page.getByRole('row', { name: member2User.email });
-  const promoteButton2 = member2Row.getByRole('button', { name: 'Promote to owner' });
+  const updateRoleButton2 = member2Row.getByRole('button', {
-  await expect(promoteButton2).not.toBeDisabled();
+    name: 'Update role',
  await promoteButton2.click();
  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
    timeout: 10_000,
  });
  await expect(updateRoleButton2).toBeVisible();
  await updateRoleButton2.click();
  // Wait for dialog to open and select Owner role
  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  await page.reload();
@ -365,9 +458,11 @@ test('[ADMIN]: multiple promotions in sequence', async ({ page }) => {
  await expect(member2Row.getByRole('status').filter({ hasText: 'Owner' })).toBeVisible();
  await expect(member1Row.getByRole('status').filter({ hasText: 'Owner' })).not.toBeVisible();
-  // Verify Member 1's promote button is now enabled again
+  // Verify Member 1's Update role button is still visible
-  const newPromoteButton1 = member1Row.getByRole('button', { name: 'Promote to owner' });
+  const newUpdateButton1 = member1Row.getByRole('button', {
-  await expect(newPromoteButton1).not.toBeDisabled();
+    name: 'Update role',
  });
  await expect(newUpdateButton1).toBeVisible();
 });
 test('[ADMIN]: verify organisation access after ownership change', async ({ page }) => {
@ -402,11 +497,25 @@ test('[ADMIN]: verify organisation access after ownership change', async ({ page
  });
  const memberRow = page.getByRole('row', { name: memberUser.email });
-  const promoteButton = memberRow.getByRole('button', { name: 'Promote to owner' });
+  const updateRoleButton = memberRow.getByRole('button', {
-  await promoteButton.click();
+    name: 'Update role',
  await expect(page.getByText('Member promoted to owner successfully').first()).toBeVisible({
    timeout: 10_000,
  });
  await updateRoleButton.click();
  // Wait for dialog to open and select Owner role
  await expect(page.getByRole('dialog')).toBeVisible();
  // Find and click the select trigger - it's a button with role="combobox"
  await page.getByRole('dialog').locator('button[role="combobox"]').click();
  // Select "Owner" from the dropdown options
  await page.getByRole('option', { name: 'Owner' }).click();
  // Click Update button
  await page.getByRole('dialog').getByRole('button', { name: 'Update' }).click();
  // Wait for dialog to close (indicates success)
  await expect(page.getByRole('dialog')).not.toBeVisible({ timeout: 10_000 });
  // Test that the new owner can access organisation settings
  await apiSignin({
--- a/packages/app-tests/e2e/features/include-document-certificate.spec.ts
+++ b/packages/app-tests/e2e/features/include-document-certificate.spec.ts
@ -78,7 +78,6 @@ test.describe('Signing Certificate Tests', () => {
      },
    });
    // Todo: Envelopes
    const firstDocumentData = completedDocument.envelopeItems[0].documentData;
    const completedDocumentData = await getFile(firstDocumentData);
@ -169,7 +168,6 @@ test.describe('Signing Certificate Tests', () => {
      },
    });
    // Todo: Envelopes
    const firstDocumentData = completedDocument.envelopeItems[0].documentData;
    const completedDocumentData = await getFile(firstDocumentData);
--- a/packages/app-tests/e2e/templates/direct-templates.spec.ts
+++ b/packages/app-tests/e2e/templates/direct-templates.spec.ts
@ -1,9 +1,12 @@
 import { expect, test } from '@playwright/test';
 import { DocumentSigningOrder, RecipientRole } from '@prisma/client';
 import { customAlphabet } from 'nanoid';
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { createDocumentAuthOptions } from '@documenso/lib/utils/document-auth';
 import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { formatDirectTemplatePath } from '@documenso/lib/utils/templates';
 import { prisma } from '@documenso/prisma';
 import { seedTeam } from '@documenso/prisma/seed/teams';
 import { seedDirectTemplate, seedTemplate } from '@documenso/prisma/seed/templates';
 import { seedTestEmail, seedUser } from '@documenso/prisma/seed/users';
@ -121,7 +124,7 @@ test('[DIRECT_TEMPLATES]: delete direct template link', async ({ page }) => {
  await expect(page.getByText('404 not found')).toBeVisible();
 });
-test('[DIRECT_TEMPLATES]: direct template link auth access', async ({ page }) => {
+test('[DIRECT_TEMPLATES]: V1 direct template link auth access', async ({ page }) => {
  const { user, team } = await seedUser();
  const directTemplateWithAuth = await seedDirectTemplate({
@ -153,6 +156,53 @@ test('[DIRECT_TEMPLATES]: direct template link auth access', async ({ page }) =>
  await expect(page.getByRole('heading', { name: 'General' })).toBeVisible();
  await expect(page.getByLabel('Email')).toBeDisabled();
  await page.getByRole('button', { name: 'Continue' }).click();
  await page.getByRole('button', { name: 'Complete' }).click();
  await page.getByRole('button', { name: 'Sign' }).click();
  await page.waitForURL(/\/sign/);
  await expect(page.getByRole('heading', { name: 'Document Signed' })).toBeVisible();
 });
 test('[DIRECT_TEMPLATES]: V2 direct template link auth access', async ({ page }) => {
  const { user, team } = await seedUser();
  const directTemplateWithAuth = await seedDirectTemplate({
    title: 'Personal direct template link',
    userId: user.id,
    teamId: team.id,
    internalVersion: 2,
    createTemplateOptions: {
      authOptions: createDocumentAuthOptions({
        globalAccessAuth: ['ACCOUNT'],
        globalActionAuth: [],
      }),
    },
  });
  const directTemplatePath = formatDirectTemplatePath(
    directTemplateWithAuth.directLink?.token || '',
  );
  await page.goto(directTemplatePath);
  await expect(page.getByText('Authentication required')).toBeVisible();
  await apiSignin({
    page,
    email: user.email,
  });
  await page.goto(directTemplatePath);
  await expect(page.getByRole('heading', { name: 'Personal direct template link' })).toBeVisible();
  await page.getByRole('button', { name: 'Complete' }).click();
  await expect(page.getByLabel('Your Email')).not.toBeVisible();
  await page.getByRole('button', { name: 'Sign' }).click();
  await page.waitForURL(/\/sign/);
  await expect(page.getByRole('heading', { name: 'Document Signed' })).toBeVisible();
 });
 test('[DIRECT_TEMPLATES]: use direct template link with 1 recipient', async ({ page }) => {
@ -175,6 +225,9 @@ test('[DIRECT_TEMPLATES]: use direct template link with 1 recipient', async ({ p
  await page.getByPlaceholder('recipient@documenso.com').fill(seedTestEmail());
  await page.getByRole('button', { name: 'Continue' }).click();
  await expect(page.getByText('Next Recipient Name')).not.toBeVisible();
  await page.getByRole('button', { name: 'Complete' }).click();
  await page.getByRole('button', { name: 'Sign' }).click();
  await page.waitForURL(/\/sign/);
@ -183,3 +236,173 @@ test('[DIRECT_TEMPLATES]: use direct template link with 1 recipient', async ({ p
  // Add a longer waiting period to ensure document status is updated
  await page.waitForTimeout(3000);
 });
 test('[DIRECT_TEMPLATES]: V1 use direct template link with 2 recipients with next signer dictation', async ({
  page,
 }) => {
  const { team, owner, organisation } = await seedTeam({
    createTeamMembers: 1,
  });
  // Should be visible to team members.
  const template = await seedDirectTemplate({
    title: 'Team direct template link 1',
    userId: owner.id,
    teamId: team.id,
  });
  await prisma.documentMeta.update({
    where: {
      id: template.documentMetaId,
    },
    data: {
      allowDictateNextSigner: true,
      signingOrder: DocumentSigningOrder.SEQUENTIAL,
    },
  });
  const originalName = 'Signer 2';
  const originalSecondSignerEmail = seedTestEmail();
  // Add another signer
  await prisma.recipient.create({
    data: {
      signingOrder: 2,
      envelopeId: template.id,
      email: originalSecondSignerEmail,
      name: originalName,
      token: Math.random().toString().slice(2, 7),
      role: RecipientRole.SIGNER,
    },
  });
  // Check that the direct template link is accessible.
  await page.goto(formatDirectTemplatePath(template.directLink?.token || ''));
  await expect(page.getByRole('heading', { name: 'General' })).toBeVisible();
  await page.waitForTimeout(100);
  await page.getByPlaceholder('recipient@documenso.com').fill(seedTestEmail());
  await page.getByRole('button', { name: 'Continue' }).click();
  await page.getByRole('button', { name: 'Complete' }).click();
  await expect(page.getByText('Next Recipient Name')).toBeVisible();
  const nextRecipientNameInputValue = await page.getByLabel('Next Recipient Name').inputValue();
  expect(nextRecipientNameInputValue).toBe(originalName);
  const nextRecipientEmailInputValue = await page.getByLabel('Next Recipient Email').inputValue();
  expect(nextRecipientEmailInputValue).toBe(originalSecondSignerEmail);
  const newName = 'Hello';
  const newSecondSignerEmail = seedTestEmail();
  await page.getByLabel('Next Recipient Email').fill(newSecondSignerEmail);
  await page.getByLabel('Next Recipient Name').fill(newName);
  await page.getByRole('button', { name: 'Sign' }).click();
  await page.waitForURL(/\/sign/);
  await expect(page.getByRole('heading', { name: 'Document Signed' })).toBeVisible();
  const createdEnvelopeRecipients = await prisma.recipient.findMany({
    where: {
      envelope: {
        templateId: mapSecondaryIdToTemplateId(template.secondaryId),
      },
    },
  });
  const updatedSecondRecipient = createdEnvelopeRecipients.find(
    (recipient) => recipient.signingOrder === 2,
  );
  expect(updatedSecondRecipient?.name).toBe(newName);
  expect(updatedSecondRecipient?.email).toBe(newSecondSignerEmail);
 });
 test('[DIRECT_TEMPLATES]: V2 use direct template link with 2 recipients with next signer dictation', async ({
  page,
 }) => {
  const { team, owner, organisation } = await seedTeam({
    createTeamMembers: 1,
  });
  // Should be visible to team members.
  const template = await seedDirectTemplate({
    title: 'Team direct template link 1',
    userId: owner.id,
    teamId: team.id,
    internalVersion: 2,
  });
  await prisma.documentMeta.update({
    where: {
      id: template.documentMetaId,
    },
    data: {
      allowDictateNextSigner: true,
      signingOrder: DocumentSigningOrder.SEQUENTIAL,
    },
  });
  const originalName = 'Signer 2';
  const originalSecondSignerEmail = seedTestEmail();
  // Add another signer
  await prisma.recipient.create({
    data: {
      signingOrder: 2,
      envelopeId: template.id,
      email: originalSecondSignerEmail,
      name: originalName,
      token: Math.random().toString().slice(2, 7),
      role: RecipientRole.SIGNER,
    },
  });
  // Check that the direct template link is accessible.
  await page.goto(formatDirectTemplatePath(template.directLink?.token || ''));
  await expect(page.getByRole('heading', { name: 'Team direct template link 1' })).toBeVisible();
  await page.waitForTimeout(100);
  await page.getByRole('button', { name: 'Complete' }).click();
  const currentName = 'John Doe';
  const currentEmail = seedTestEmail();
  await page.getByPlaceholder('Enter Your Name').fill(currentName);
  await page.getByPlaceholder('Enter Your Email').fill(currentEmail);
  await expect(page.getByText('Next Recipient Name')).toBeVisible();
  const nextRecipientNameInputValue = await page.getByLabel('Next Recipient Name').inputValue();
  expect(nextRecipientNameInputValue).toBe(originalName);
  const nextRecipientEmailInputValue = await page.getByLabel('Next Recipient Email').inputValue();
  expect(nextRecipientEmailInputValue).toBe(originalSecondSignerEmail);
  const newName = 'Hello';
  const newSecondSignerEmail = seedTestEmail();
  await page.getByLabel('Next Recipient Email').fill(newSecondSignerEmail);
  await page.getByLabel('Next Recipient Name').fill(newName);
  await page.getByRole('button', { name: 'Sign' }).click();
  await page.waitForURL(/\/sign/);
  await expect(page.getByRole('heading', { name: 'Document Signed' })).toBeVisible();
  const createdEnvelopeRecipients = await prisma.recipient.findMany({
    where: {
      envelope: {
        templateId: mapSecondaryIdToTemplateId(template.secondaryId),
      },
    },
  });
  const updatedSecondRecipient = createdEnvelopeRecipients.find(
    (recipient) => recipient.signingOrder === 2,
  );
  expect(updatedSecondRecipient?.name).toBe(newName);
  expect(updatedSecondRecipient?.email).toBe(newSecondSignerEmail);
 });
--- a/packages/lib/server-only/document/get-stats.ts
+++ b/packages/lib/server-only/document/get-stats.ts
@ -1,7 +1,5 @@
 import { EnvelopeType, TeamMemberRole } from '@prisma/client';
 import type { Prisma, User } from '@prisma/client';
-import { SigningStatus } from '@prisma/client';
+import { DocumentVisibility, EnvelopeType, SigningStatus, TeamMemberRole } from '@prisma/client';
 import { DocumentVisibility } from '@prisma/client';
 import { DateTime } from 'luxon';
 import { match } from 'ts-pattern';
@ -215,13 +213,14 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
    ],
  };
  const rootPageFilter = folderId === undefined ? { folderId: null } : {};
  let ownerCountsWhereInput: Prisma.EnvelopeWhereInput = {
    type: EnvelopeType.DOCUMENT,
    userId: userIdWhereClause,
    createdAt,
    teamId,
    deletedAt: null,
    folderId,
  };
  let notSignedCountsGroupByArgs = null;
@ -265,8 +264,16 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
  ownerCountsWhereInput = {
    ...ownerCountsWhereInput,
-    ...visibilityFiltersWhereInput,
+    AND: [
-    ...searchFilter,
+      ...(Array.isArray(visibilityFiltersWhereInput.AND)
        ? visibilityFiltersWhereInput.AND
        : visibilityFiltersWhereInput.AND
          ? [visibilityFiltersWhereInput.AND]
          : []),
      searchFilter,
      rootPageFilter,
      folderId ? { folderId } : {},
    ],
  };
  if (teamEmail) {
@ -285,6 +292,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
        },
      ],
      deletedAt: null,
      AND: [searchFilter, rootPageFilter, folderId ? { folderId } : {}],
    };
    notSignedCountsGroupByArgs = {
@ -296,7 +304,6 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
        type: EnvelopeType.DOCUMENT,
        userId: userIdWhereClause,
        createdAt,
        folderId,
        status: ExtendedDocumentStatus.PENDING,
        recipients: {
          some: {
@ -306,6 +313,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
          },
        },
        deletedAt: null,
        AND: [searchFilter, rootPageFilter, folderId ? { folderId } : {}],
      },
    } satisfies Prisma.EnvelopeGroupByArgs;
@ -318,7 +326,6 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
        type: EnvelopeType.DOCUMENT,
        userId: userIdWhereClause,
        createdAt,
        folderId,
        OR: [
          {
            status: ExtendedDocumentStatus.PENDING,
@ -342,6 +349,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
            },
          },
        ],
        AND: [searchFilter, rootPageFilter, folderId ? { folderId } : {}],
      },
    } satisfies Prisma.EnvelopeGroupByArgs;
  }
--- a/packages/lib/server-only/envelope/get-envelope-for-direct-template-signing.ts
+++ b/packages/lib/server-only/envelope/get-envelope-for-direct-template-signing.ts
@ -1,10 +1,11 @@
 import { DocumentStatus, EnvelopeType } from '@prisma/client';
 import { match } from 'ts-pattern';
 import { prisma } from '@documenso/prisma';
 import { AppError, AppErrorCode } from '../../errors/app-error';
-import type { TDocumentAuthMethods } from '../../types/document-auth';
+import { DocumentAccessAuth, type TDocumentAuthMethods } from '../../types/document-auth';
-import { isRecipientAuthorized } from '../document/is-recipient-authorized';
+import { extractDocumentAuthMethods } from '../../utils/document-auth';
 import { getTeamSettings } from '../team/get-team-settings';
 import type { EnvelopeForSigningResponse } from './get-envelope-for-recipient-signing';
 import { ZEnvelopeForSigningResponse } from './get-envelope-for-recipient-signing';
@ -98,14 +99,28 @@ export const getEnvelopeForDirectTemplateSigning = async ({
    });
  }
-  const documentAccessValid = await isRecipientAuthorized({
+  // Currently not using this since for direct templates "User" access means they just need to be
-    type: 'ACCESS',
+  // logged in.
-    documentAuthOptions: envelope.authOptions,
+  // const documentAccessValid = await isRecipientAuthorized({
-    recipient,
+  //   type: 'ACCESS',
-    userId,
+  //   documentAuthOptions: envelope.authOptions,
-    authOptions: accessAuth,
+  //   recipient,
  //   userId,
  //   authOptions: accessAuth,
  // });
  const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
    documentAuth: envelope.authOptions,
  });
  // Ensure typesafety when we add more options.
  const documentAccessValid = derivedRecipientAccessAuth.every((auth) =>
    match(auth)
      .with(DocumentAccessAuth.ACCOUNT, () => Boolean(userId))
      .with(DocumentAccessAuth.TWO_FACTOR_AUTH, () => true)
      .exhaustive(),
  );
  if (!documentAccessValid) {
    throw new AppError(AppErrorCode.UNAUTHORIZED, {
      message: 'Invalid access values',
--- a/packages/lib/server-only/envelope/get-envelope-required-access-data.ts
+++ b/packages/lib/server-only/envelope/get-envelope-required-access-data.ts
@ -54,54 +54,3 @@ export const getEnvelopeRequiredAccessData = async ({ token }: { token: string }
    recipientHasAccount: Boolean(recipientUserAccount),
  } as const;
 };
 export const getEnvelopeDirectTemplateRequiredAccessData = async ({ token }: { token: string }) => {
  const envelope = await prisma.envelope.findFirst({
    where: {
      type: EnvelopeType.TEMPLATE,
      directLink: {
        enabled: true,
        token,
      },
      status: DocumentStatus.DRAFT,
    },
    include: {
      recipients: {
        where: {
          token,
        },
      },
      directLink: true,
    },
  });
  if (!envelope) {
    throw new AppError(AppErrorCode.NOT_FOUND, {
      message: 'Envelope not found',
    });
  }
  const recipient = envelope.recipients.find(
    (r) => r.id === envelope.directLink?.directTemplateRecipientId,
  );
  if (!recipient) {
    throw new AppError(AppErrorCode.NOT_FOUND, {
      message: 'Recipient not found',
    });
  }
  const recipientUserAccount = await prisma.user.findFirst({
    where: {
      email: recipient.email.toLowerCase(),
    },
    select: {
      id: true,
    },
  });
  return {
    recipientEmail: recipient.email,
    recipientHasAccount: Boolean(recipientUserAccount),
  } as const;
 };
--- a/packages/lib/server-only/template/create-document-from-direct-template.ts
+++ b/packages/lib/server-only/template/create-document-from-direct-template.ts
@ -3,6 +3,7 @@ import { createElement } from 'react';
 import { msg } from '@lingui/core/macro';
 import type { Field, Signature } from '@prisma/client';
 import {
  DocumentSigningOrder,
  DocumentSource,
  DocumentStatus,
  EnvelopeType,
@ -26,7 +27,7 @@ import type { TSignFieldWithTokenMutationSchema } from '@documenso/trpc/server/f
 import { getI18nInstance } from '../../client-only/providers/i18n-server';
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
 import { AppError, AppErrorCode } from '../../errors/app-error';
-import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
+import { DOCUMENT_AUDIT_LOG_TYPE, RECIPIENT_DIFF_TYPE } from '../../types/document-audit-logs';
 import type { TRecipientActionAuthTypes } from '../../types/document-auth';
 import { DocumentAccessAuth, ZRecipientAuthOptionsSchema } from '../../types/document-auth';
 import { ZFieldMetaSchema } from '../../types/field-meta';
@ -68,6 +69,10 @@ export type CreateDocumentFromDirectTemplateOptions = {
    name?: string;
    email: string;
  };
  nextSigner?: {
    email: string;
    name: string;
  };
 };
 type CreatedDirectRecipientField = {
@ -92,6 +97,7 @@ export const createDocumentFromDirectTemplate = async ({
  directTemplateExternalId,
  signedFieldValues,
  templateUpdatedAt,
  nextSigner,
  requestMetadata,
  user,
 }: CreateDocumentFromDirectTemplateOptions): Promise<TCreateDocumentFromDirectTemplateResponse> => {
@ -128,6 +134,17 @@ export const createDocumentFromDirectTemplate = async ({
    throw new AppError(AppErrorCode.INVALID_REQUEST, { message: 'Invalid or missing template' });
  }
  if (
    nextSigner &&
    (!directTemplateEnvelope.documentMeta?.allowDictateNextSigner ||
      directTemplateEnvelope.documentMeta?.signingOrder !== DocumentSigningOrder.SEQUENTIAL)
  ) {
    throw new AppError(AppErrorCode.INVALID_REQUEST, {
      message:
        'You need to enable allowDictateNextSigner and sequential signing to dictate the next signer',
    });
  }
  const directTemplateEnvelopeLegacyId = mapSecondaryIdToTemplateId(
    directTemplateEnvelope.secondaryId,
  );
@ -630,6 +647,77 @@ export const createDocumentFromDirectTemplate = async ({
      }),
    ];
    if (nextSigner) {
      const pendingRecipients = await tx.recipient.findMany({
        select: {
          id: true,
          signingOrder: true,
          name: true,
          email: true,
          role: true,
        },
        where: {
          envelopeId: createdEnvelope.id,
          signingStatus: {
            not: SigningStatus.SIGNED,
          },
          role: {
            not: RecipientRole.CC,
          },
        },
        // Composite sort so our next recipient is always the one with the lowest signing order or id
        // if there is a tie.
        orderBy: [{ signingOrder: { sort: 'asc', nulls: 'last' } }, { id: 'asc' }],
      });
      const nextRecipient = pendingRecipients[0];
      if (nextRecipient) {
        auditLogsToCreate.push(
          createDocumentAuditLogData({
            type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_UPDATED,
            envelopeId: createdEnvelope.id,
            user: {
              name: user?.name || directRecipientName || '',
              email: user?.email || directRecipientEmail,
            },
            metadata: requestMetadata,
            data: {
              recipientEmail: nextRecipient.email,
              recipientName: nextRecipient.name,
              recipientId: nextRecipient.id,
              recipientRole: nextRecipient.role,
              changes: [
                {
                  type: RECIPIENT_DIFF_TYPE.NAME,
                  from: nextRecipient.name,
                  to: nextSigner.name,
                },
                {
                  type: RECIPIENT_DIFF_TYPE.EMAIL,
                  from: nextRecipient.email,
                  to: nextSigner.email,
                },
              ],
            },
          }),
        );
        await tx.recipient.update({
          where: { id: nextRecipient.id },
          data: {
            sendStatus: SendStatus.SENT,
            ...(nextSigner && documentMeta?.allowDictateNextSigner
              ? {
                  name: nextSigner.name,
                  email: nextSigner.email,
                }
              : {}),
          },
        });
      }
    }
    await tx.documentAuditLog.createMany({
      data: auditLogsToCreate,
    });
--- a/packages/lib/universal/field-renderer/render-checkbox-field.ts
+++ b/packages/lib/universal/field-renderer/render-checkbox-field.ts
@ -62,16 +62,15 @@ export const renderCheckboxFieldElement = (
    const rectWidth = fieldRect.width() * groupScaleX;
    const rectHeight = fieldRect.height() * groupScaleY;
    // Todo: Envelopes - check sorting more than 10
    // arr.sort((a, b) => a.localeCompare(b, undefined, { numeric: true }));
    const squares = fieldGroup
      .find('.checkbox-square')
-      .sort((a, b) => a.id().localeCompare(b.id()));
+      .sort((a, b) => a.id().localeCompare(b.id(), undefined, { numeric: true }));
    const checkmarks = fieldGroup
      .find('.checkbox-checkmark')
-      .sort((a, b) => a.id().localeCompare(b.id()));
+      .sort((a, b) => a.id().localeCompare(b.id(), undefined, { numeric: true }));
-    const text = fieldGroup.find('.checkbox-text').sort((a, b) => a.id().localeCompare(b.id()));
+    const text = fieldGroup
      .find('.checkbox-text')
      .sort((a, b) => a.id().localeCompare(b.id(), undefined, { numeric: true }));
    const groupedItems = squares.map((square, i) => ({
      squareElement: square,
--- a/packages/lib/universal/field-renderer/render-field.ts
+++ b/packages/lib/universal/field-renderer/render-field.ts
@ -8,9 +8,9 @@ import type { TRecipientColor } from '@documenso/ui/lib/recipient-colors';
 import type { TFieldMetaSchema } from '../../types/field-meta';
 import { renderCheckboxFieldElement } from './render-checkbox-field';
 import { renderDropdownFieldElement } from './render-dropdown-field';
 import { renderGenericTextFieldElement } from './render-generic-text-field';
 import { renderRadioFieldElement } from './render-radio-field';
 import { renderSignatureFieldElement } from './render-signature-field';
 import { renderTextFieldElement } from './render-text-field';
 export const MIN_FIELD_HEIGHT_PX = 12;
 export const MIN_FIELD_WIDTH_PX = 36;
@ -43,9 +43,9 @@ type RenderFieldOptions = {
   *
   * @default 'edit'
   *
-   * - `edit` - The field is rendered in edit mode.
+   * - `edit` - The field is rendered in editor page.
-   * - `sign` - The field is rendered in sign mode. No interactive elements.
+   * - `sign` - The field is rendered for the signing page.
-   * - `export` - The field is rendered in export mode. No backgrounds, interactive elements, etc.
+   * - `export` - The field is rendered for exporting and sealing into the PDF. No backgrounds, interactive elements, etc.
   */
  mode: 'edit' | 'sign' | 'export';
@ -76,10 +76,21 @@ export const renderField = ({
  };
  return match(field.type)
-    .with(FieldType.TEXT, () => renderTextFieldElement(field, options))
+    .with(
      FieldType.INITIALS,
      FieldType.NAME,
      FieldType.EMAIL,
      FieldType.DATE,
      FieldType.TEXT,
      FieldType.NUMBER,
      () => renderGenericTextFieldElement(field, options),
    )
    .with(FieldType.CHECKBOX, () => renderCheckboxFieldElement(field, options))
    .with(FieldType.RADIO, () => renderRadioFieldElement(field, options))
    .with(FieldType.DROPDOWN, () => renderDropdownFieldElement(field, options))
    .with(FieldType.SIGNATURE, () => renderSignatureFieldElement(field, options))
-    .otherwise(() => renderTextFieldElement(field, options)); // Todo: Envelopes
+    .with(FieldType.FREE_SIGNATURE, () => {
      throw new Error('Free signature fields are not supported');
    })
    .exhaustive();
 };
--- a/packages/lib/universal/field-renderer/render-generic-text-field.ts
+++ b/packages/lib/universal/field-renderer/render-generic-text-field.ts
@ -12,6 +12,8 @@ import {
 import type { FieldToRender, RenderFieldElementOptions } from './field-renderer';
 import { calculateFieldPosition } from './field-renderer';
 const DEFAULT_TEXT_ALIGN = 'left';
 const upsertFieldText = (field: FieldToRender, options: RenderFieldElementOptions): Konva.Text => {
  const { pageWidth, pageHeight, mode = 'edit', pageLayer, translations } = options;
@ -31,8 +33,8 @@ const upsertFieldText = (field: FieldToRender, options: RenderFieldElementOption
  // Calculate text positioning based on alignment
  const textX = 0;
  const textY = 0;
-  let textAlign: 'left' | 'center' | 'right' = textMeta?.textAlign || 'left';
+  let textAlign: 'left' | 'center' | 'right' = textMeta?.textAlign || DEFAULT_TEXT_ALIGN;
-  let textVerticalAlign: 'top' | 'middle' | 'bottom' = 'top';
+  const textVerticalAlign: 'top' | 'middle' | 'bottom' = 'middle';
  const textFontSize = textMeta?.fontSize || DEFAULT_STANDARD_FONT_SIZE;
  const textPadding = 10;
@ -40,51 +42,33 @@ const upsertFieldText = (field: FieldToRender, options: RenderFieldElementOption
  // Handle edit mode.
  if (mode === 'edit') {
-    textToRender = fieldTypeName;
+    if (textMeta?.text) {
    textAlign = 'center';
    textVerticalAlign = 'middle';
    if (textMeta?.label) {
      textToRender = textMeta.label;
    } else if (textMeta?.text) {
      textToRender = textMeta.text;
-      textAlign = textMeta.textAlign || 'center'; // Todo: Envelopes - What is the default
+    } else if (textMeta?.label) {
-
+      textToRender = textMeta.label;
-      // Todo: Envelopes - Handle this on signatures
+    } else {
-      if (textMeta.characterLimit) {
+      // Show field name which is centered for the edit mode if no label/text is avaliable.
-        textToRender = textToRender.slice(0, textMeta.characterLimit);
+      textToRender = fieldTypeName;
-      }
+      textAlign = 'center';
    }
  }
  // Handle sign mode.
  if (mode === 'sign' || mode === 'export') {
-    textToRender = fieldTypeName;
+    if (!field.inserted) {
-    textAlign = 'center';
+      if (textMeta?.text) {
-    textVerticalAlign = 'middle';
+        textToRender = textMeta.text;
-
+      } else if (textMeta?.label) {
-    if (textMeta?.label) {
+        textToRender = textMeta.label;
-      textToRender = textMeta.label;
+      } else if (mode === 'sign') {
-    }
+        // Only show the field name in sign mode if no text/label is avaliable.
-
+        textToRender = fieldTypeName;
-    if (textMeta?.text) {
+        textAlign = 'center';
      textToRender = textMeta.text;
      textAlign = textMeta.textAlign || 'center'; // Todo: Envelopes - What is the default
      // Todo: Envelopes - Handle this on signatures
      if (textMeta.characterLimit) {
        textToRender = textToRender.slice(0, textMeta.characterLimit);
      }
    }
    if (field.inserted) {
      textToRender = field.customText;
      textAlign = textMeta?.textAlign || 'center'; // Todo: Envelopes - What is the default
      // Todo: Envelopes - Handle this on signatures
      if (textMeta?.characterLimit) {
        textToRender = textToRender.slice(0, textMeta.characterLimit);
      }
    }
  }
@ -106,7 +90,7 @@ const upsertFieldText = (field: FieldToRender, options: RenderFieldElementOption
  return fieldText;
 };
-export const renderTextFieldElement = (
+export const renderGenericTextFieldElement = (
  field: FieldToRender,
  options: RenderFieldElementOptions,
 ) => {
--- a/packages/prisma/seed/templates.ts
+++ b/packages/prisma/seed/templates.ts
@ -28,6 +28,7 @@ type SeedTemplateOptions = {
  title?: string;
  userId: number;
  teamId: number;
  internalVersion?: 1 | 2;
  createTemplateOptions?: Partial<Prisma.EnvelopeUncheckedCreateInput>;
 };
@ -167,7 +168,7 @@ export const seedDirectTemplate = async (options: SeedTemplateOptions) => {
    data: {
      id: prefixedId('envelope'),
      secondaryId: templateId.formattedTemplateId,
-      internalVersion: 1,
+      internalVersion: options.internalVersion ?? 1,
      type: EnvelopeType.TEMPLATE,
      title,
      envelopeItems: {
@ -184,6 +185,7 @@ export const seedDirectTemplate = async (options: SeedTemplateOptions) => {
      teamId,
      recipients: {
        create: {
          signingOrder: 1,
          email: DIRECT_TEMPLATE_RECIPIENT_EMAIL,
          name: DIRECT_TEMPLATE_RECIPIENT_NAME,
          token: Math.random().toString().slice(2, 7),
--- a/packages/trpc/server/admin-router/get-admin-organisation.ts
+++ b/packages/trpc/server/admin-router/get-admin-organisation.ts
@ -39,6 +39,11 @@ export const getAdminOrganisation = async ({ organisationId }: GetOrganisationOp
      teams: true,
      members: {
        include: {
          organisationGroupMembers: {
            include: {
              group: true,
            },
          },
          user: {
            select: {
              id: true,
--- a/packages/trpc/server/admin-router/get-admin-organisation.types.ts
+++ b/packages/trpc/server/admin-router/get-admin-organisation.types.ts
@ -3,6 +3,8 @@ import { z } from 'zod';
 import { ZOrganisationSchema } from '@documenso/lib/types/organisation';
 import OrganisationClaimSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationClaimSchema';
 import OrganisationGlobalSettingsSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationGlobalSettingsSchema';
 import OrganisationGroupMemberSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationGroupMemberSchema';
 import OrganisationGroupSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationGroupSchema';
 import OrganisationMemberSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationMemberSchema';
 import SubscriptionSchema from '@documenso/prisma/generated/zod/modelSchema/SubscriptionSchema';
 import TeamSchema from '@documenso/prisma/generated/zod/modelSchema/TeamSchema';
@ -30,6 +32,18 @@ export const ZGetAdminOrganisationResponseSchema = ZOrganisationSchema.extend({
      email: true,
      name: true,
    }),
    organisationGroupMembers: z.array(
      OrganisationGroupMemberSchema.pick({
        id: true,
        groupId: true,
      }).extend({
        group: OrganisationGroupSchema.pick({
          id: true,
          type: true,
          organisationRole: true,
        }),
      }),
    ),
  }).array(),
  subscription: SubscriptionSchema.nullable(),
  organisationClaim: OrganisationClaimSchema,
--- a/packages/trpc/server/admin-router/router.ts
+++ b/packages/trpc/server/admin-router/router.ts
@ -17,6 +17,7 @@ import { promoteMemberToOwnerRoute } from './promote-member-to-owner';
 import { resealDocumentRoute } from './reseal-document';
 import { resetTwoFactorRoute } from './reset-two-factor-authentication';
 import { updateAdminOrganisationRoute } from './update-admin-organisation';
 import { updateOrganisationMemberRoleRoute } from './update-organisation-member-role';
 import { updateRecipientRoute } from './update-recipient';
 import { updateSiteSettingRoute } from './update-site-setting';
 import { updateSubscriptionClaimRoute } from './update-subscription-claim';
@ -31,6 +32,7 @@ export const adminRouter = router({
  },
  organisationMember: {
    promoteToOwner: promoteMemberToOwnerRoute,
    updateRole: updateOrganisationMemberRoleRoute,
  },
  claims: {
    find: findSubscriptionClaimsRoute,
--- a/packages/trpc/server/admin-router/update-organisation-member-role.ts
+++ b/packages/trpc/server/admin-router/update-organisation-member-role.ts
@ -0,0 +1,220 @@
 import { OrganisationGroupType, OrganisationMemberRole } from '@prisma/client';
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
 import { generateDatabaseId } from '@documenso/lib/universal/id';
 import { getHighestOrganisationRoleInGroup } from '@documenso/lib/utils/organisations';
 import { prisma } from '@documenso/prisma';
 import { adminProcedure } from '../trpc';
 import {
  ZUpdateOrganisationMemberRoleRequestSchema,
  ZUpdateOrganisationMemberRoleResponseSchema,
 } from './update-organisation-member-role.types';
 /**
 * Admin mutation to update organisation member role or transfer ownership.
 *
 * This mutation handles two scenarios:
 * 1. When role='OWNER': Transfers organisation ownership and promotes to ADMIN
 * 2. When role=ADMIN/MANAGER/MEMBER: Updates group membership
 *
 * Admin privileges bypass normal hierarchy restrictions.
 */
 export const updateOrganisationMemberRoleRoute = adminProcedure
  .input(ZUpdateOrganisationMemberRoleRequestSchema)
  .output(ZUpdateOrganisationMemberRoleResponseSchema)
  .mutation(async ({ input, ctx }) => {
    const { organisationId, userId, role } = input;
    ctx.logger.info({
      input: {
        organisationId,
        userId,
        role,
      },
    });
    const organisation = await prisma.organisation.findUnique({
      where: {
        id: organisationId,
      },
      include: {
        groups: {
          where: {
            type: OrganisationGroupType.INTERNAL_ORGANISATION,
          },
        },
        members: {
          where: {
            userId,
          },
          include: {
            organisationGroupMembers: {
              include: {
                group: true,
              },
            },
          },
        },
      },
    });
    if (!organisation) {
      throw new AppError(AppErrorCode.NOT_FOUND, {
        message: 'Organisation not found',
      });
    }
    const [member] = organisation.members;
    if (!member) {
      throw new AppError(AppErrorCode.NOT_FOUND, {
        message: 'User is not a member of this organisation',
      });
    }
    const currentOrganisationRole = getHighestOrganisationRoleInGroup(
      member.organisationGroupMembers.flatMap((member) => member.group),
    );
    if (role === 'OWNER') {
      if (organisation.ownerUserId === userId) {
        throw new AppError(AppErrorCode.INVALID_REQUEST, {
          message: 'User is already the owner of this organisation',
        });
      }
      const currentMemberGroup = organisation.groups.find(
        (group) => group.organisationRole === currentOrganisationRole,
      );
      const adminGroup = organisation.groups.find(
        (group) => group.organisationRole === OrganisationMemberRole.ADMIN,
      );
      if (!currentMemberGroup) {
        ctx.logger.error({
          message: '[CRITICAL]: Missing internal group',
          organisationId,
          userId,
          role: currentOrganisationRole,
        });
        throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
          message: 'Current member group not found',
        });
      }
      if (!adminGroup) {
        ctx.logger.error({
          message: '[CRITICAL]: Missing internal group',
          organisationId,
          userId,
          targetRole: 'ADMIN',
        });
        throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
          message: 'Admin group not found',
        });
      }
      await prisma.$transaction(async (tx) => {
        await tx.organisation.update({
          where: {
            id: organisationId,
          },
          data: {
            ownerUserId: userId,
          },
        });
        if (currentOrganisationRole !== OrganisationMemberRole.ADMIN) {
          await tx.organisationGroupMember.delete({
            where: {
              organisationMemberId_groupId: {
                organisationMemberId: member.id,
                groupId: currentMemberGroup.id,
              },
            },
          });
          await tx.organisationGroupMember.create({
            data: {
              id: generateDatabaseId('group_member'),
              organisationMemberId: member.id,
              groupId: adminGroup.id,
            },
          });
        }
      });
      return;
    }
    const targetRole = role as OrganisationMemberRole;
    if (currentOrganisationRole === targetRole) {
      throw new AppError(AppErrorCode.INVALID_REQUEST, {
        message: 'User already has this role',
      });
    }
    if (userId === organisation.ownerUserId && targetRole !== OrganisationMemberRole.ADMIN) {
      throw new AppError(AppErrorCode.INVALID_REQUEST, {
        message: 'Organisation owner must be an admin. Transfer ownership first.',
      });
    }
    const currentMemberGroup = organisation.groups.find(
      (group) => group.organisationRole === currentOrganisationRole,
    );
    const newMemberGroup = organisation.groups.find(
      (group) => group.organisationRole === targetRole,
    );
    if (!currentMemberGroup) {
      ctx.logger.error({
        message: '[CRITICAL]: Missing internal group',
        organisationId,
        userId,
        role: currentOrganisationRole,
      });
      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
        message: 'Current member group not found',
      });
    }
    if (!newMemberGroup) {
      ctx.logger.error({
        message: '[CRITICAL]: Missing internal group',
        organisationId,
        userId,
        targetRole,
      });
      throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
        message: 'New member group not found',
      });
    }
    await prisma.$transaction(async (tx) => {
      await tx.organisationGroupMember.delete({
        where: {
          organisationMemberId_groupId: {
            organisationMemberId: member.id,
            groupId: currentMemberGroup.id,
          },
        },
      });
      await tx.organisationGroupMember.create({
        data: {
          id: generateDatabaseId('group_member'),
          organisationMemberId: member.id,
          groupId: newMemberGroup.id,
        },
      });
    });
  });
--- a/packages/trpc/server/admin-router/update-organisation-member-role.types.ts
+++ b/packages/trpc/server/admin-router/update-organisation-member-role.types.ts
@ -0,0 +1,30 @@
 import { OrganisationMemberRole } from '@prisma/client';
 import { z } from 'zod';
 /**
 * Admin-only role selection that includes OWNER as a special case.
 * OWNER is not a database role but triggers ownership transfer.
 */
 export const ZAdminRoleSelection = z.enum([
  'OWNER',
  OrganisationMemberRole.ADMIN,
  OrganisationMemberRole.MANAGER,
  OrganisationMemberRole.MEMBER,
 ]);
 export type TAdminRoleSelection = z.infer<typeof ZAdminRoleSelection>;
 export const ZUpdateOrganisationMemberRoleRequestSchema = z.object({
  organisationId: z.string().min(1),
  userId: z.number().min(1),
  role: ZAdminRoleSelection,
 });
 export const ZUpdateOrganisationMemberRoleResponseSchema = z.void();
 export type TUpdateOrganisationMemberRoleRequest = z.infer<
  typeof ZUpdateOrganisationMemberRoleRequestSchema
 >;
 export type TUpdateOrganisationMemberRoleResponse = z.infer<
  typeof ZUpdateOrganisationMemberRoleResponseSchema
 >;
--- a/packages/trpc/server/envelope-router/sign-envelope-field.ts
+++ b/packages/trpc/server/envelope-router/sign-envelope-field.ts
@ -133,6 +133,49 @@ export const signEnvelopeFieldRoute = procedure
    const insertionValues = extractFieldInsertionValues({ fieldValue, field, documentMeta });
    // Early return for uninserting fields.
    if (!insertionValues.inserted) {
      return await prisma.$transaction(async (tx) => {
        const updatedField = await tx.field.update({
          where: {
            id: field.id,
          },
          data: {
            customText: '',
            inserted: false,
          },
        });
        await tx.signature.deleteMany({
          where: {
            fieldId: field.id,
          },
        });
        if (recipient.role !== RecipientRole.ASSISTANT) {
          await tx.documentAuditLog.create({
            data: createDocumentAuditLogData({
              type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FIELD_UNINSERTED,
              envelopeId: envelope.id,
              user: {
                name: recipient.name,
                email: recipient.email,
              },
              requestMetadata: metadata.requestMetadata,
              data: {
                field: field.type,
                fieldId: field.secondaryId,
              },
            }),
          });
        }
        return {
          signedField: updatedField,
        };
      });
    }
    const derivedRecipientActionAuth = await validateFieldAuth({
      documentAuthOptions: envelope.authOptions,
      recipient,
--- a/packages/trpc/server/template-router/router.ts
+++ b/packages/trpc/server/template-router/router.ts
@ -519,6 +519,7 @@ export const templateRouter = router({
        directTemplateExternalId,
        signedFieldValues,
        templateUpdatedAt,
        nextSigner,
      } = input;
      ctx.logger.info({
@ -541,6 +542,7 @@ export const templateRouter = router({
              email: ctx.user.email,
            }
          : undefined,
        nextSigner,
        requestMetadata: ctx.metadata,
      });
    }),
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@ -90,6 +90,12 @@ export const ZCreateDocumentFromDirectTemplateRequestSchema = z.object({
  directTemplateExternalId: z.string().optional(),
  signedFieldValues: z.array(ZSignFieldWithTokenMutationSchema),
  templateUpdatedAt: z.date(),
  nextSigner: z
    .object({
      email: z.string().email().max(254),
      name: z.string().min(1).max(255),
    })
    .optional(),
 });
 export const ZCreateDocumentFromTemplateRequestSchema = z.object({
Author	SHA1	Message	Date
David Nguyen	bbf44acda3	fix: reauth, etc	2025-11-03 16:16:50 +11:00
David Nguyen	d2a009d52e	fix: allow direct template recipient dictation (#2108 )	2025-11-01 12:44:34 +11:00
Lucas Smith	9350c53c7d	chore: add code styleguide (#2089 ) Co-authored-by: Ephraim Atta-Duncan <ephraimduncan68@gmail.com>	2025-10-28 22:25:27 +11:00
Ephraim Duncan	ffce7a2c81	fix: filter document stats by folder (#2083 ) This pull request refactors the filtering logic in the `getTeamCounts` function within `get-stats.ts` to improve consistency and maintainability. The main change is the consolidation of multiple filter conditions into a single `AND` clause, which now includes search filters, folder filters, and visibility filters. This ensures that all relevant filters are applied in a unified way for document count queries.	2025-10-28 21:16:12 +11:00
Ephraim Duncan	353bdce86b	feat: admin member role updates (#2093 )	2025-10-28 21:09:38 +11:00