New /organizations route under Tenancy. Lists every org in the current tenant (via GET /api/v1/admin/organizations), with per-row Manage members and Settings dialogs. - Members dialog: invite by email, add restricted sub-user, change role, transfer ownership, remove member (owner removal honors the org's on_owner_removal policy server-side) - Settings dialog: edit name, status (active/frozen/pending_deletion), and on_owner_removal policy - app/lib/arcadia/organizations.ts: typed client for the new endpoints - Nav entry added under Tenancy group Tenant admins bypass per-org membership checks via the backend's OrganizationContext plug, so the per-org REST endpoints work for any org in the tenant without an explicit /admin/* surface.
181 lines
4.8 KiB
TypeScript
181 lines
4.8 KiB
TypeScript
// Organizations — end-user workspaces nested under a tenant.
|
|
// Backend: /api/v1/organizations + /api/v1/admin/organizations.
|
|
//
|
|
// Tenant admins (arcadia-admin) bypass per-org membership checks via the
|
|
// `OrganizationContext` plug, so the same per-org routes used by end-users
|
|
// are used here to mutate any org in the tenant.
|
|
|
|
import type { ArcadiaClient } from "@crema/arcadia-client"
|
|
|
|
export type OrgStatus = "active" | "frozen" | "pending_deletion" | string
|
|
export type OnOwnerRemoval =
|
|
| "delete"
|
|
| "require_transfer"
|
|
| "freeze_until_new_owner"
|
|
export type OrgRole = "owner" | "admin" | "member"
|
|
export type MembershipStatus = "active" | "suspended" | "invited" | string
|
|
|
|
export interface Organization {
|
|
id: string
|
|
tenant_id: string
|
|
slug: string
|
|
name: string
|
|
status: OrgStatus
|
|
on_owner_removal: OnOwnerRemoval
|
|
settings: Record<string, unknown>
|
|
metadata: Record<string, unknown>
|
|
inserted_at: string
|
|
updated_at: string
|
|
}
|
|
|
|
export interface OrgMembership {
|
|
id: string
|
|
organization_id: string
|
|
user_id: string
|
|
role: OrgRole
|
|
status: MembershipStatus
|
|
joined_at: string | null
|
|
}
|
|
|
|
export interface CreateOrgInput {
|
|
name: string
|
|
slug: string
|
|
on_owner_removal?: OnOwnerRemoval
|
|
settings?: Record<string, unknown>
|
|
metadata?: Record<string, unknown>
|
|
}
|
|
|
|
export interface UpdateOrgInput {
|
|
name?: string
|
|
status?: OrgStatus
|
|
on_owner_removal?: OnOwnerRemoval
|
|
settings?: Record<string, unknown>
|
|
metadata?: Record<string, unknown>
|
|
}
|
|
|
|
export interface InviteByEmailInput {
|
|
email: string
|
|
role?: OrgRole
|
|
}
|
|
|
|
export interface AddRestrictedUserInput {
|
|
email: string
|
|
password: string
|
|
first_name: string
|
|
last_name: string
|
|
role?: OrgRole
|
|
}
|
|
|
|
const BASE = "/api/v1/organizations"
|
|
const ADMIN_BASE = "/api/v1/admin/organizations"
|
|
|
|
// Tenant-wide list: every org in the current tenant. Admin-only.
|
|
export async function listAllOrganizations(
|
|
arcadia: ArcadiaClient,
|
|
): Promise<Organization[]> {
|
|
const res = await arcadia.GET<{ data: Organization[] }>(ADMIN_BASE)
|
|
return res.data
|
|
}
|
|
|
|
// End-user list: orgs the current user is a member of.
|
|
export async function listMyOrganizations(
|
|
arcadia: ArcadiaClient,
|
|
): Promise<Organization[]> {
|
|
const res = await arcadia.GET<{ data: Organization[] }>(BASE)
|
|
return res.data
|
|
}
|
|
|
|
export async function createOrganization(
|
|
arcadia: ArcadiaClient,
|
|
input: CreateOrgInput,
|
|
): Promise<Organization> {
|
|
const res = await arcadia.POST<{ data: Organization }>(BASE, { body: input })
|
|
return res.data
|
|
}
|
|
|
|
export async function getOrganization(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
): Promise<Organization> {
|
|
const res = await arcadia.GET<{ data: Organization }>(`${BASE}/${id}`)
|
|
return res.data
|
|
}
|
|
|
|
export async function updateOrganization(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
input: UpdateOrgInput,
|
|
): Promise<Organization> {
|
|
const res = await arcadia.PATCH<{ data: Organization }>(`${BASE}/${id}`, {
|
|
body: input,
|
|
})
|
|
return res.data
|
|
}
|
|
|
|
export async function listMembers(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
status?: MembershipStatus,
|
|
): Promise<OrgMembership[]> {
|
|
const path = status
|
|
? `${BASE}/${id}/members?status=${encodeURIComponent(status)}`
|
|
: `${BASE}/${id}/members`
|
|
const res = await arcadia.GET<{ data: OrgMembership[] }>(path)
|
|
return res.data
|
|
}
|
|
|
|
export async function inviteMember(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
input: InviteByEmailInput,
|
|
): Promise<{ type: "membership" | "email_invitation"; [k: string]: unknown }> {
|
|
const res = await arcadia.POST<{
|
|
data: { type: "membership" | "email_invitation"; [k: string]: unknown }
|
|
}>(`${BASE}/${id}/members/invite`, { body: input })
|
|
return res.data
|
|
}
|
|
|
|
export async function addRestrictedMember(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
input: AddRestrictedUserInput,
|
|
): Promise<{ user: { id: string; email: string; account_type: string }; membership: OrgMembership }> {
|
|
const res = await arcadia.POST<{
|
|
data: { user: { id: string; email: string; account_type: string }; membership: OrgMembership }
|
|
}>(`${BASE}/${id}/members/add_restricted`, { body: input })
|
|
return res.data
|
|
}
|
|
|
|
export async function changeMemberRole(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
userId: string,
|
|
role: "admin" | "member",
|
|
): Promise<OrgMembership> {
|
|
const res = await arcadia.PATCH<{ data: OrgMembership }>(
|
|
`${BASE}/${id}/members/${userId}/role`,
|
|
{ body: { role } },
|
|
)
|
|
return res.data
|
|
}
|
|
|
|
export async function removeMember(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
userId: string,
|
|
): Promise<void> {
|
|
await arcadia.DELETE(`${BASE}/${id}/members/${userId}`)
|
|
}
|
|
|
|
export async function transferOwnership(
|
|
arcadia: ArcadiaClient,
|
|
id: string,
|
|
newOwnerUserId: string,
|
|
): Promise<OrgMembership> {
|
|
const res = await arcadia.POST<{ data: OrgMembership }>(
|
|
`${BASE}/${id}/transfer_ownership`,
|
|
{ body: { new_owner_user_id: newOwnerUserId } },
|
|
)
|
|
return res.data
|
|
}
|