k4rli/medreport_mrb2b
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix account balance for deleted users

Browse Source
This commit is contained in:
Danel Kungla
2025-10-09 18:59:03 +03:00
parent 3e60745a92
commit cf147919a6
7 changed files with 79 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/features/accounts/src/server/services/account-balance.service.ts
View File

@@ -1,6 +1,7 @@
import { getSupabaseServerClient } from '@kit/supabase/server-client'; import { getSupabaseServerClient } from '@kit/supabase/server-client';
import type { AccountBalanceEntry } from '../../types/account-balance-entry'; import type { AccountBalanceEntry } from '../../types/account-balance-entry';
import { createAccountsApi } from '../api';
export type AccountBalanceSummary = { export type AccountBalanceSummary = {
totalBalance: number; totalBalance: number;
@@ -88,6 +89,11 @@ export class AccountBalanceService {
* Get balance summary for dashboard display * Get balance summary for dashboard display
*/ */
async getBalanceSummary(accountId: string): Promise<AccountBalanceSummary> { async getBalanceSummary(accountId: string): Promise<AccountBalanceSummary> {
const api = createAccountsApi(this.supabase);
const hasAccountTeamMembership =
await api.hasAccountTeamMembership(accountId);
const [balance, entries] = await Promise.all([ const [balance, entries] = await Promise.all([
this.getAccountBalance(accountId), this.getAccountBalance(accountId),
this.getAccountBalanceEntries(accountId, { limit: 5 }), this.getAccountBalanceEntries(accountId, { limit: 5 }),
@@ -113,6 +119,14 @@ export class AccountBalanceService {
const expiringSoon = const expiringSoon =
expiringData?.reduce((sum, entry) => sum + (entry.amount || 0), 0) || 0; expiringData?.reduce((sum, entry) => sum + (entry.amount || 0), 0) || 0;
if (!hasAccountTeamMembership) {
return {
totalBalance: 0,
expiringSoon,
recentEntries: entries.entries,
};
}
return { return {
totalBalance: balance, totalBalance: balance,
expiringSoon, expiringSoon,

16
packages/features/team-accounts/src/components/members/account-members-table.tsx
View File

@@ -32,7 +32,7 @@ type Members =
Database['medreport']['Functions']['get_account_members']['Returns']; Database['medreport']['Functions']['get_account_members']['Returns'];
interface Permissions { interface Permissions {
canUpdateRole: (roleHierarchy: number) => boolean; canUpdateRole: boolean;
canRemoveFromAccount: (roleHierarchy: number) => boolean; canRemoveFromAccount: (roleHierarchy: number) => boolean;
canTransferOwnership: boolean; canTransferOwnership: boolean;
canUpdateBenefit: boolean; canUpdateBenefit: boolean;
@@ -67,11 +67,7 @@ export function AccountMembersTable({
const { t } = useTranslation('teams'); const { t } = useTranslation('teams');
const permissions = { const permissions = {
canUpdateRole: (targetRole: number) => { canUpdateRole: canManageRoles,
return (
isPrimaryOwner || (canManageRoles && userRoleHierarchy < targetRole)
);
},
canRemoveFromAccount: (targetRole: number) => { canRemoveFromAccount: (targetRole: number) => {
return ( return (
isPrimaryOwner || (canManageRoles && userRoleHierarchy < targetRole) isPrimaryOwner || (canManageRoles && userRoleHierarchy < targetRole)
@@ -271,7 +267,6 @@ function ActionsDropdown({
const isPrimaryOwner = member.primary_owner_user_id === member.user_id; const isPrimaryOwner = member.primary_owner_user_id === member.user_id;
const memberRoleHierarchy = member.role_hierarchy_level; const memberRoleHierarchy = member.role_hierarchy_level;
const canUpdateRole = permissions.canUpdateRole(memberRoleHierarchy);
const canRemoveFromAccount = const canRemoveFromAccount =
permissions.canRemoveFromAccount(memberRoleHierarchy); permissions.canRemoveFromAccount(memberRoleHierarchy);
@@ -279,9 +274,10 @@ function ActionsDropdown({
// if has no permission to update role, transfer ownership or remove from account // if has no permission to update role, transfer ownership or remove from account
// do not render the dropdown menu // do not render the dropdown menu
if ( if (
!canUpdateRole && !permissions.canUpdateRole &&
!permissions.canTransferOwnership && !permissions.canTransferOwnership &&
!canRemoveFromAccount !canRemoveFromAccount &&
!permissions.canUpdateBenefit
) { ) {
return null; return null;
} }
@@ -296,7 +292,7 @@ function ActionsDropdown({
</DropdownMenuTrigger> </DropdownMenuTrigger>
<DropdownMenuContent> <DropdownMenuContent>
<If condition={canUpdateRole && !isPrimaryOwner}> <If condition={permissions.canUpdateRole}>
<DropdownMenuItem onClick={() => setIsUpdatingRole(true)}> <DropdownMenuItem onClick={() => setIsUpdatingRole(true)}>
<Trans i18nKey={'teams:updateRole'} /> <Trans i18nKey={'teams:updateRole'} />
</DropdownMenuItem> </DropdownMenuItem>

56
packages/features/team-accounts/src/components/members/invite-members-dialog-container.tsx
View File

@@ -37,13 +37,10 @@ import { Trans } from '@kit/ui/trans';
import { InviteMembersSchema } from '../../schema/invite-members.schema'; import { InviteMembersSchema } from '../../schema/invite-members.schema';
import { createInvitationsAction } from '../../server/actions/team-invitations-server-actions'; import { createInvitationsAction } from '../../server/actions/team-invitations-server-actions';
import { MembershipRoleSelector } from './membership-role-selector';
import { RolesDataProvider } from './roles-data-provider'; import { RolesDataProvider } from './roles-data-provider';
type InviteModel = ReturnType<typeof createEmptyInviteModel>; type InviteModel = ReturnType<typeof createEmptyInviteModel>;
type Role = string;
/** /**
* The maximum number of invites that can be sent at once. * The maximum number of invites that can be sent at once.
* Useful to avoid spamming the server with too large payloads * Useful to avoid spamming the server with too large payloads
@@ -66,10 +63,7 @@ export function InviteMembersDialogContainer({
<Dialog open={isOpen} onOpenChange={setIsOpen} modal> <Dialog open={isOpen} onOpenChange={setIsOpen} modal>
<DialogTrigger asChild>{children}</DialogTrigger> <DialogTrigger asChild>{children}</DialogTrigger>
<DialogContent <DialogContent onInteractOutside={(e) => e.preventDefault()}>
className="max-w-[800px]"
onInteractOutside={(e) => e.preventDefault()}
>
<DialogHeader> <DialogHeader>
<DialogTitle> <DialogTitle>
<Trans i18nKey={'teams:inviteMembersHeading'} /> <Trans i18nKey={'teams:inviteMembersHeading'} />
@@ -81,10 +75,9 @@ export function InviteMembersDialogContainer({
</DialogHeader> </DialogHeader>
<RolesDataProvider maxRoleHierarchy={userRoleHierarchy}> <RolesDataProvider maxRoleHierarchy={userRoleHierarchy}>
{(roles) => ( {() => (
<InviteMembersForm <InviteMembersForm
pending={pending} pending={pending}
roles={roles}
onSubmit={(data) => { onSubmit={(data) => {
startTransition(() => { startTransition(() => {
const promise = createInvitationsAction({ const promise = createInvitationsAction({
@@ -111,12 +104,10 @@ export function InviteMembersDialogContainer({
function InviteMembersForm({ function InviteMembersForm({
onSubmit, onSubmit,
roles,
pending, pending,
}: { }: {
onSubmit: (data: { invitations: InviteModel[] }) => void; onSubmit: (data: { invitations: InviteModel[] }) => void;
pending: boolean; pending: boolean;
roles: string[];
}) { }) {
const { t } = useTranslation('teams'); const { t } = useTranslation('teams');
@@ -148,12 +139,11 @@ function InviteMembersForm({
const personalCodeInputName = const personalCodeInputName =
`invitations.${index}.personal_code` as const; `invitations.${index}.personal_code` as const;
const emailInputName = `invitations.${index}.email` as const; const emailInputName = `invitations.${index}.email` as const;
const roleInputName = `invitations.${index}.role` as const;
return ( return (
<div data-test={'invite-member-form-item'} key={field.id}> <div data-test="invite-member-form-item" key={field.id}>
<div className={'flex items-end gap-x-1 md:space-x-2'}> <div className="flex items-end gap-x-1 md:space-x-2">
<div className={'w-4/12'}> <div className="w-5/12">
<FormField <FormField
name={personalCodeInputName} name={personalCodeInputName}
render={({ field }) => { render={({ field }) => {
@@ -178,7 +168,7 @@ function InviteMembersForm({
}} }}
/> />
</div> </div>
<div className={'w-4/12'}> <div className={'w-5/12'}>
<FormField <FormField
name={emailInputName} name={emailInputName}
render={({ field }) => { render={({ field }) => {
@@ -205,37 +195,7 @@ function InviteMembersForm({
/> />
</div> </div>
<div className={'w-4/12'}> <div className={'flex w-1/12 items-end justify-end'}>
<FormField
name={roleInputName}
render={({ field }) => {
return (
<FormItem>
<If condition={isFirst}>
<FormLabel>
<Trans i18nKey={'teams:roleLabel'} />
</FormLabel>
</If>
<FormControl>
<MembershipRoleSelector
triggerClassName={'m-0'}
roles={roles}
value={field.value}
onChange={(role) => {
form.setValue(field.name, role);
}}
/>
</FormControl>
<FormMessage />
</FormItem>
);
}}
/>
</div>
<div className={'flex w-[40px] items-end justify-end'}>
<TooltipProvider> <TooltipProvider>
<Tooltip> <Tooltip>
<TooltipTrigger asChild> <TooltipTrigger asChild>
@@ -303,5 +263,5 @@ function InviteMembersForm({
} }
function createEmptyInviteModel() { function createEmptyInviteModel() {
return { email: '', role: 'member' as Role, personal_code: '' }; return { email: '', personal_code: '' };
} }

1
packages/features/team-accounts/src/schema/invite-members.schema.ts
View File

@@ -2,7 +2,6 @@ import { z } from 'zod';
const InviteSchema = z.object({ const InviteSchema = z.object({
email: z.string().email(), email: z.string().email(),
role: z.string().min(1).max(100),
personal_code: z personal_code: z
.string() .string()
.regex(/^[1-6]\d{2}(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])\d{3}\d$/, { .regex(/^[1-6]\d{2}(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])\d{3}\d$/, {

1
packages/features/team-accounts/src/server/actions/team-invitations-server-actions.ts
View File

@@ -5,7 +5,6 @@ import { redirect } from 'next/navigation';
import { z } from 'zod'; import { z } from 'zod';
import { AccountBalanceService } from '@kit/accounts/services/account-balance.service';
import { enhanceAction } from '@kit/next/actions'; import { enhanceAction } from '@kit/next/actions';
import { createNotificationsApi } from '@kit/notifications/api'; import { createNotificationsApi } from '@kit/notifications/api';
import { getLogger } from '@kit/shared/logger'; import { getLogger } from '@kit/shared/logger';

5
packages/features/team-accounts/src/server/services/account-invitations.service.ts
View File

@@ -191,7 +191,10 @@ class AccountInvitationsService {
const response = await this.client const response = await this.client
.schema('medreport') .schema('medreport')
.rpc('add_invitations_to_account', { .rpc('add_invitations_to_account', {
invitations, invitations: invitations.map((invitation) => ({
...invitation,
role: 'member',
})),
account_slug: accountSlug, account_slug: accountSlug,
}); });

47
supabase/migrations/20251009180300_fix_member_management.sql Normal file
View File

@@ -0,0 +1,47 @@
drop policy "Allow select and update if user is account's primary owner" on medreport.company_params;
create policy "Allow select and update if user is account's HR"
on medreport.company_params
for all
using (
EXISTS (
SELECT 1
FROM medreport.accounts_memberships am
WHERE am.account_id = company_params.account_id
AND am.user_id = auth.uid()
AND am.account_role = 'owner'
)
)
with check (
EXISTS (
SELECT 1
FROM medreport.accounts_memberships am
WHERE am.account_id = company_params.account_id
AND am.user_id = auth.uid()
AND am.account_role = 'owner'
)
);
create or replace function medreport.clear_benefit_amount_on_employee_deletion()
returns trigger
language plpgsql
security definer
set search_path = medreport, public
as $$
begin
update medreport.account_balance_entries abe
set amount = 0
where abe.account_id = old.user_id
AND abe.entry_type = 'benefit';
return null;
end;
$$;
drop trigger if exists trigger_accounts_memberships_after_delete
on medreport.accounts_memberships;
create trigger trigger_accounts_memberships_after_delete
after delete on medreport.accounts_memberships
for each row
execute function medreport.clear_benefit_amount_on_employee_deletion();