support multi role on create user and invites

2026-03-30 22:46:40 +00:00 · 2026-03-29 12:11:22 -07:00
parent ee6fb34906
commit 2828dee94c
16 changed files with 629 additions and 416 deletions
--- a/server/routers/user/acceptInvite.ts
+++ b/server/routers/user/acceptInvite.ts
@@ -1,8 +1,8 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, orgs, UserOrg } from "@server/db";
-import { roles, userInvites, userOrgs, users } from "@server/db";
-import { eq, and, inArray, ne } from "drizzle-orm";
+import { db, orgs } from "@server/db";
+import { roles, userInviteRoles, userInvites, userOrgs, users } from "@server/db";
+import { eq, and, inArray } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -141,17 +141,34 @@ export async function acceptInvite(
            );
        }

-        let roleId: number;
-        // get the role to make sure it exists
-        const existingRole = await db
+        const inviteRoleRows = await db
+            .select({ roleId: userInviteRoles.roleId })
+            .from(userInviteRoles)
+            .where(eq(userInviteRoles.inviteId, inviteId));
+
+        const inviteRoleIds = [
+            ...new Set(inviteRoleRows.map((r) => r.roleId))
+        ];
+        if (inviteRoleIds.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "This invitation has no roles. Please contact an admin."
+                )
+            );
+        }
+
+        const existingRoles = await db
            .select()
            .from(roles)
-            .where(eq(roles.roleId, existingInvite.roleId))
-            .limit(1);
-        if (existingRole.length) {
-            roleId = existingRole[0].roleId;
-        } else {
-            // TODO: use the default role on the org instead of failing
+            .where(
+                and(
+                    eq(roles.orgId, existingInvite.orgId),
+                    inArray(roles.roleId, inviteRoleIds)
+                )
+            );
+
+        if (existingRoles.length !== inviteRoleIds.length) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,
@@ -167,7 +184,7 @@ export async function acceptInvite(
                    userId: existingUser[0].userId,
                    orgId: existingInvite.orgId
                },
-                existingInvite.roleId,
+                inviteRoleIds,
                trx
            );