update tables if not eligible

app/home/[account]/billing/page.tsx

@@ -29,10 +29,13 @@ async function TeamAccountBillingPage({ params }: TeamAccountBillingPageProps) {
 
   const account = await api.getTeamAccount(accountSlug);
   const { members } = await api.getMembers(accountSlug);
+  const eligibleMembersCount = members.filter(
+    ({ is_eligible_for_benefits }) => !!is_eligible_for_benefits,
+  ).length;
   const [expensesOverview, companyParams] = await Promise.all([
     loadTeamAccountBenefitExpensesOverview({
       companyId: account.id,
-      employeeCount: members.length,
+      employeeCount: eligibleMembersCount,
     }),
     api.getTeamAccountParams(account.id),
   ]);
@@ -42,7 +45,7 @@ async function TeamAccountBillingPage({ params }: TeamAccountBillingPageProps) {
       <HealthBenefitForm
         account={account}
         companyParams={companyParams}
-        employeeCount={members.length}
+        employeeCount={eligibleMembersCount}
         expensesOverview={expensesOverview}
       />
     </PageBody>

packages/features/team-accounts/src/components/members/account-members-table.tsx

@@ -242,7 +242,6 @@ function useGetColumns(
           <ActionsDropdown
             permissions={permissions}
             member={row.original}
-            currentUserId={params.currentUserId}
             currentTeamAccountId={params.currentAccountId}
             currentRoleHierarchy={params.currentRoleHierarchy}
           />
@@ -256,13 +255,11 @@ function useGetColumns(
 function ActionsDropdown({
   permissions,
   member,
-  currentUserId,
   currentTeamAccountId,
   currentRoleHierarchy,
 }: {
   permissions: Permissions;
   member: Members[0];
-  currentUserId: string;
   currentTeamAccountId: string;
   currentRoleHierarchy: number;
 }) {
@@ -271,13 +268,8 @@ function ActionsDropdown({
   const [isUpdatingRole, setIsUpdatingRole] = useState(false);
   const [isUpdatingBenefit, setIsUpdatingBenefit] = useState(false);
 
-  const isCurrentUser = member.user_id === currentUserId;
   const isPrimaryOwner = member.primary_owner_user_id === member.user_id;
 
-  if (isCurrentUser || isPrimaryOwner) {
-    return null;
-  }
-
   const memberRoleHierarchy = member.role_hierarchy_level;
   const canUpdateRole = permissions.canUpdateRole(memberRoleHierarchy);
 
@@ -304,19 +296,19 @@ function ActionsDropdown({
         </DropdownMenuTrigger>
 
         <DropdownMenuContent>
-          <If condition={canUpdateRole}>
+          <If condition={canUpdateRole && !isPrimaryOwner}>
             <DropdownMenuItem onClick={() => setIsUpdatingRole(true)}>
               <Trans i18nKey={'teams:updateRole'} />
             </DropdownMenuItem>
           </If>
 
-          <If condition={permissions.canTransferOwnership}>
+          <If condition={permissions.canTransferOwnership && !isPrimaryOwner}>
             <DropdownMenuItem onClick={() => setIsTransferring(true)}>
               <Trans i18nKey={'teams:transferOwnership'} />
             </DropdownMenuItem>
           </If>
 
-          <If condition={canRemoveFromAccount}>
+          <If condition={canRemoveFromAccount && !isPrimaryOwner}>
             <DropdownMenuItem onClick={() => setIsRemoving(true)}>
               <Trans i18nKey={'teams:removeMember'} />
             </DropdownMenuItem>

public/locales/et/teams.json

@@ -96,12 +96,12 @@
   "updateRoleLoadingMessage": "Rolli uuendatakse...",
   "updateRoleSuccessMessage": "Roll edukalt uuendatud",
   "updatingRoleErrorMessage": "Vabandust, tekkis viga. Palun proovi uuesti.",
-  "updateBenefit": "Uuenda toetust",
-  "updateBenefitHeading": "Uuenda toetus staatust",
-  "removeBenefitDescription": "Eemalda töötaja toetusest",
-  "allowBenefitDescription": "Luba töötajale toetus",
-  "removeBenefitSubmitLabel": "Eemalda toetus",
-  "allowBenefitSubmitLabel": "Luba toetus",
+  "updateBenefit": "Tervisekonto staatus",
+  "updateBenefitHeading": "Muuda tervisekonto staatust",
+  "removeBenefitDescription": "Deaktiveeri töötaja tervisekonto",
+  "allowBenefitDescription": "Aktiveeri töötaja tervisekonto",
+  "removeBenefitSubmitLabel": "Deaktiveeri",
+  "allowBenefitSubmitLabel": "Aktiveeri",
   "updateBenefiErrorMessage": "Vabandus, tekkis viga. Palun proovi uuesti.",
   "updateMemberRoleModalHeading": "Uuenda töötaja rolli",
   "updateMemberRoleModalDescription": "Muuda valitud töötaja rolli. Roll määrab töötaja õigused.",

supabase/migrations/20251002191000_add_new_type.sql

@@ -54,3 +54,97 @@ end;$function$
 grant
     execute on function medreport.get_account_members (text) to authenticated,
     service_role;
+
+create policy "update_accounts_memberships"
+on "medreport"."accounts_memberships"
+as permissive
+for update
+to authenticated
+using (medreport.is_account_owner(account_id))
+with check (medreport.is_account_owner(account_id));
+
+drop policy "restrict_mfa_accounts_memberships" on "medreport"."accounts_memberships";
+grant update on table "medreport"."accounts_memberships" to "authenticated";
+
+drop TRIGGER if exists prevent_memberships_update_check on "medreport"."accounts_memberships";
+drop function if exists kit.prevent_memberships_update();
+
+create or replace function medreport.upsert_health_benefits(
+    p_benefit_distribution_schedule_id uuid
+)
+returns void
+language plpgsql
+security definer
+as $$
+declare
+    member_record record;
+    expires_date timestamp with time zone;
+    v_company_id uuid;
+    v_benefit_amount numeric;
+    existing_entry_id uuid;
+    v_target_amount numeric;
+begin
+    -- Expires on first day of next year.
+    expires_date := date_trunc('year', now() + interval '1 year');
+
+    -- Get company_id and benefit_amount from benefit_distribution_schedule
+    select company_id, benefit_amount into v_company_id, v_benefit_amount
+    from medreport.benefit_distribution_schedule
+    where id = p_benefit_distribution_schedule_id;
+
+    -- Get all personal accounts that are members of this company
+    for member_record in
+        select distinct 
+            a.id as personal_account_id,
+            coalesce(am.is_eligible_for_benefits) as is_eligible
+        from medreport.accounts a
+        join medreport.accounts_memberships am on a.id = am.user_id
+        where am.account_id = v_company_id
+        and a.is_personal_account = true
+    loop
+        v_target_amount := case when member_record.is_eligible
+                                then v_benefit_amount
+                                else 0 end;
+
+        -- Check if there is already a balance entry for this personal account from the same company in same month
+        select id into existing_entry_id
+        from medreport.account_balance_entries
+        where entry_type = 'benefit'
+        and account_id = member_record.personal_account_id
+        and source_company_id = v_company_id
+        and date_trunc('month', created_at) = date_trunc('month', now())
+        LIMIT 1;
+
+        if existing_entry_id is not null then
+            update medreport.account_balance_entries set
+                amount = v_target_amount,
+                expires_at = expires_date,
+                benefit_distribution_schedule_id = p_benefit_distribution_schedule_id
+            where id = existing_entry_id;
+        else
+            -- Insert new balance entry for personal account
+            insert into medreport.account_balance_entries (
+                account_id,
+                amount,
+                entry_type,
+                description,
+                source_company_id,
+                created_by,
+                expires_at,
+                benefit_distribution_schedule_id
+            ) values (
+                member_record.personal_account_id,
+                v_target_amount,
+                'benefit',
+                'Health benefit from company',
+                v_company_id,
+                auth.uid(),
+                expires_date,
+                p_benefit_distribution_schedule_id
+            );
+        end if;
+    end loop;
+end;
+$$;
+
+grant execute on function medreport.upsert_health_benefits(uuid) to authenticated, service_role;