mirror of
https://github.com/documenso/documenso.git
synced 2025-11-14 00:32:43 +10:00
23a0537648
## Description This PR introduces global settings for teams. At the moment, it allows team admins to configure the following: * The default visibility of the documents uploaded to the team account * Whether to include the document owner (sender) details when sending emails to the recipients. ### Include Sender Details If the Sender Details setting is enabled, the emails sent by the team will include the sender's name: > "Example User" on behalf of "Example Team" has invited you to sign "document.pdf" Otherwise, the email will say: > "Example Team" has invited you to sign "document.pdf" ### Default Document Visibility This new option allows users to set the default visibility for the documents uploaded to the team account. It can have the following values: * Everyone * Manager and above * Admins only If the default document visibility isn't set, the document will be set to the role of the user who created the document: * If a user with the "User" role creates a document, the document's visibility is set to "Everyone". * Manager role -> "Manager and above" * Admin role -> "Admins only" Otherwise, if there is a default document visibility value, it uses that value. #### Gotcha To avoid issues, the `document owner` and the `recipient` can access the document irrespective of their role. For example: * If a team member with the role "Member" uploads a document and the default document visibility is "Admins", only the document owner and admins can access the document. * Similar to the other scenarios. * If an admin uploads a document and the default document visibility is "Admins", the recipient can access the document. * The admins have access to all the documents. * Managers have access to documents with the visibility set to "Everyone" and "Manager and above" * Members have access only to the documents with the visibility set to "Everyone". ## Testing Performed Tested it locally.
113 lines
3.0 KiB
TypeScript
113 lines
3.0 KiB
TypeScript
import { createElement } from 'react';
|
|
|
|
import { msg } from '@lingui/macro';
|
|
|
|
import { mailer } from '@documenso/email/mailer';
|
|
import { TeamEmailRemovedTemplate } from '@documenso/email/templates/team-email-removed';
|
|
import { WEBAPP_BASE_URL } from '@documenso/lib/constants/app';
|
|
import { FROM_ADDRESS, FROM_NAME } from '@documenso/lib/constants/email';
|
|
import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
|
|
import { prisma } from '@documenso/prisma';
|
|
|
|
import { getI18nInstance } from '../../client-only/providers/i18n.server';
|
|
import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
|
|
import { teamGlobalSettingsToBranding } from '../../utils/team-global-settings-to-branding';
|
|
|
|
export type DeleteTeamEmailOptions = {
|
|
userId: number;
|
|
userEmail: string;
|
|
teamId: number;
|
|
};
|
|
|
|
/**
|
|
* Delete a team email.
|
|
*
|
|
* The user must either be part of the team with the required permissions, or the owner of the email.
|
|
*/
|
|
export const deleteTeamEmail = async ({ userId, userEmail, teamId }: DeleteTeamEmailOptions) => {
|
|
const team = await prisma.$transaction(async (tx) => {
|
|
const foundTeam = await tx.team.findFirstOrThrow({
|
|
where: {
|
|
id: teamId,
|
|
OR: [
|
|
{
|
|
teamEmail: {
|
|
email: userEmail,
|
|
},
|
|
},
|
|
{
|
|
members: {
|
|
some: {
|
|
userId,
|
|
role: {
|
|
in: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_TEAM'],
|
|
},
|
|
},
|
|
},
|
|
},
|
|
],
|
|
},
|
|
include: {
|
|
teamEmail: true,
|
|
owner: {
|
|
select: {
|
|
name: true,
|
|
email: true,
|
|
},
|
|
},
|
|
teamGlobalSettings: true,
|
|
},
|
|
});
|
|
|
|
await tx.teamEmail.delete({
|
|
where: {
|
|
teamId,
|
|
},
|
|
});
|
|
|
|
return foundTeam;
|
|
});
|
|
|
|
try {
|
|
const assetBaseUrl = process.env.NEXT_PUBLIC_WEBAPP_URL || 'http://localhost:3000';
|
|
|
|
const template = createElement(TeamEmailRemovedTemplate, {
|
|
assetBaseUrl,
|
|
baseUrl: WEBAPP_BASE_URL,
|
|
teamEmail: team.teamEmail?.email ?? '',
|
|
teamName: team.name,
|
|
teamUrl: team.url,
|
|
});
|
|
|
|
const branding = team.teamGlobalSettings
|
|
? teamGlobalSettingsToBranding(team.teamGlobalSettings)
|
|
: undefined;
|
|
|
|
const lang = team.teamGlobalSettings?.documentLanguage;
|
|
|
|
const [html, text] = await Promise.all([
|
|
renderEmailWithI18N(template, { lang, branding }),
|
|
renderEmailWithI18N(template, { lang, branding, plainText: true }),
|
|
]);
|
|
|
|
const i18n = await getI18nInstance(lang);
|
|
|
|
await mailer.sendMail({
|
|
to: {
|
|
address: team.owner.email,
|
|
name: team.owner.name ?? '',
|
|
},
|
|
from: {
|
|
name: FROM_NAME,
|
|
address: FROM_ADDRESS,
|
|
},
|
|
subject: i18n._(msg`Team email has been revoked for ${team.name}`),
|
|
html,
|
|
text,
|
|
});
|
|
} catch (e) {
|
|
// Todo: Teams - Alert us.
|
|
// We don't want to prevent a user from revoking access because an email could not be sent.
|
|
}
|
|
};
|