mirror of
https://github.com/documenso/documenso.git
synced 2025-11-13 00:03:33 +10:00
115 lines
3.2 KiB
TypeScript
115 lines
3.2 KiB
TypeScript
import {
|
|
ALLOWED_TEAM_GROUP_TYPES,
|
|
TEAM_MEMBER_ROLE_PERMISSIONS_MAP,
|
|
} from '@documenso/lib/constants/teams';
|
|
import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
|
|
import { getMemberRoles } from '@documenso/lib/server-only/team/get-member-roles';
|
|
import { generateDatabaseId } from '@documenso/lib/universal/id';
|
|
import { buildTeamWhereQuery, isTeamRoleWithinUserHierarchy } from '@documenso/lib/utils/teams';
|
|
import { prisma } from '@documenso/prisma';
|
|
import {
|
|
OrganisationGroupType,
|
|
OrganisationMemberRole,
|
|
TeamMemberRole,
|
|
} from '@documenso/prisma/generated/types';
|
|
|
|
import { authenticatedProcedure } from '../trpc';
|
|
import {
|
|
ZCreateTeamGroupsRequestSchema,
|
|
ZCreateTeamGroupsResponseSchema,
|
|
} from './create-team-groups.types';
|
|
|
|
export const createTeamGroupsRoute = authenticatedProcedure
|
|
// .meta(createTeamGroupsMeta)
|
|
.input(ZCreateTeamGroupsRequestSchema)
|
|
.output(ZCreateTeamGroupsResponseSchema)
|
|
.mutation(async ({ input, ctx }) => {
|
|
const { teamId, groups } = input;
|
|
const { user } = ctx;
|
|
|
|
ctx.logger.info({
|
|
input: {
|
|
teamId,
|
|
groups,
|
|
},
|
|
});
|
|
|
|
const team = await prisma.team.findFirst({
|
|
where: buildTeamWhereQuery({
|
|
teamId,
|
|
userId: user.id,
|
|
roles: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_TEAM'],
|
|
}),
|
|
include: {
|
|
organisation: {
|
|
include: {
|
|
groups: {
|
|
include: {
|
|
teamGroups: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
});
|
|
|
|
if (!team) {
|
|
throw new AppError(AppErrorCode.UNAUTHORIZED);
|
|
}
|
|
|
|
const { teamRole: currentUserTeamRole } = await getMemberRoles({
|
|
teamId,
|
|
reference: {
|
|
type: 'User',
|
|
id: user.id,
|
|
},
|
|
});
|
|
|
|
const isValid = groups.every((group) => {
|
|
const organisationGroup = team.organisation.groups.find(
|
|
({ id }) => id === group.organisationGroupId,
|
|
);
|
|
|
|
// Only allow specific organisation groups to be used as a reference for team groups.
|
|
if (!organisationGroup?.type || !ALLOWED_TEAM_GROUP_TYPES.includes(organisationGroup.type)) {
|
|
return false;
|
|
}
|
|
|
|
// The "EVERYONE" organisation group can only have the "TEAM MEMBER" role for now.
|
|
if (
|
|
organisationGroup.type === OrganisationGroupType.INTERNAL_ORGANISATION &&
|
|
organisationGroup.organisationRole === OrganisationMemberRole.MEMBER &&
|
|
group.teamRole !== TeamMemberRole.MEMBER
|
|
) {
|
|
return false;
|
|
}
|
|
|
|
// Check that the group is not already added to the team.
|
|
if (organisationGroup.teamGroups.some((teamGroup) => teamGroup.teamId === teamId)) {
|
|
return false;
|
|
}
|
|
|
|
// Check that the user has permission to add the group to the team.
|
|
if (!isTeamRoleWithinUserHierarchy(currentUserTeamRole, group.teamRole)) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
});
|
|
|
|
if (!isValid) {
|
|
throw new AppError(AppErrorCode.INVALID_BODY, {
|
|
message: 'Invalid groups',
|
|
});
|
|
}
|
|
|
|
await prisma.teamGroup.createMany({
|
|
data: groups.map((group) => ({
|
|
id: generateDatabaseId('team_group'),
|
|
teamId,
|
|
organisationGroupId: group.organisationGroupId,
|
|
teamRole: group.teamRole,
|
|
})),
|
|
});
|
|
});
|