clarified org availability design

Author: brendan-kellam

packages/backend/src/entitlements.ts

@@ -1,6 +1,5 @@
 import {
     Entitlement,
-    getSeats as _getSeats,
     hasEntitlement as _hasEntitlement,
     getEntitlements as _getEntitlements,
 } from "@sourcebot/shared";
@@ -13,11 +12,6 @@ const getLicense = async () => {
     });
 }
 
-export const getSeats = async (): Promise<number> => {
-    const license = await getLicense();
-    return _getSeats(license);
-}
-
 export const hasEntitlement = async (entitlement: Entitlement): Promise<boolean> => {
     const license = await getLicense();
     return _hasEntitlement(entitlement, license);

packages/shared/src/constants.ts

@@ -12,8 +12,6 @@ export const API_KEY_PREFIX = 'sbk_';
 export const OAUTH_ACCESS_TOKEN_PREFIX = 'sboa_';
 export const OAUTH_REFRESH_TOKEN_PREFIX = 'sbor_';
 
-export const SOURCEBOT_UNLIMITED_SEATS = -1;
-
 /**
  * Default settings.
  */

packages/shared/src/entitlements.ts

@@ -2,7 +2,7 @@ import { base64Decode } from "./utils.js";
 import { z } from "zod";
 import { createLogger } from "./logger.js";
 import { env } from "./env.server.js";
-import { SOURCEBOT_SUPPORT_EMAIL, SOURCEBOT_UNLIMITED_SEATS } from "./constants.js";
+import { SOURCEBOT_SUPPORT_EMAIL } from "./constants.js";
 import { verifySignature } from "./crypto.js";
 import { License } from "@sourcebot/db";
 
@@ -79,19 +79,6 @@ export const getOfflineLicenseKey = (): LicenseKeyPayload | null => {
     return null;
 }
 
-export const getSeats = (license: License | null): number => {
-    const licenseKey = getOfflineLicenseKey();
-    if (licenseKey) {
-        return licenseKey.seats;
-    }
-
-    if (license?.seats && isLicenseActive(license)) {
-        return license.seats;
-    }
-
-    return SOURCEBOT_UNLIMITED_SEATS;
-}
-
 export const hasEntitlement = (entitlement: Entitlement, license: License | null) => {
     const entitlements = getEntitlements(license);
     return entitlements.includes(entitlement);

packages/shared/src/index.server.ts

@@ -1,7 +1,6 @@
 export {
     hasEntitlement,
     getOfflineLicenseKey,
-    getSeats,
     getEntitlements,
 } from "./entitlements.js";
 export type {

packages/web/src/actions.ts

@@ -545,7 +545,7 @@ export const createInvites = async (emails: string[]): Promise<{ success: boolea
                 });
             }
 
-            const hasAvailability = await orgHasAvailability();
+            const hasAvailability = await orgHasAvailability(org.id);
             if (!hasAvailability) {
                 await createAudit({
                     action: "user.invite_failed",

packages/web/src/app/(app)/settings/members/components/inviteMemberCard.tsx

@@ -8,7 +8,7 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { useForm } from "react-hook-form";
 import { useCallback, useState } from "react";
 import { z } from "zod";
-import { PlusCircleIcon, Loader2, AlertCircle } from "lucide-react";
+import { PlusCircleIcon, Loader2, AlertCircle, AlertTriangle } from "lucide-react";
 import { OrgRole } from "@prisma/client";
 import { AlertDialog, AlertDialogAction, AlertDialogCancel, AlertDialogContent, AlertDialogDescription, AlertDialogFooter, AlertDialogHeader, AlertDialogTitle } from "@/components/ui/alert-dialog";
 import { createInvites } from "@/actions";
@@ -28,10 +28,10 @@ export const inviteMemberFormSchema = z.object({
 
 interface InviteMemberCardProps {
     currentUserRole: OrgRole;
-    seatsAvailable?: boolean;
+    seatsAvailable: boolean;
 }
 
-export const InviteMemberCard = ({ currentUserRole, seatsAvailable = true }: InviteMemberCardProps) => {
+export const InviteMemberCard = ({ currentUserRole, seatsAvailable }: InviteMemberCardProps) => {
     const [isInviteDialogOpen, setIsInviteDialogOpen] = useState(false);
     const [isLoading, setIsLoading] = useState(false);
     const { toast } = useToast();
@@ -82,20 +82,20 @@ export const InviteMemberCard = ({ currentUserRole, seatsAvailable = true }: Inv
 
     return (
         <>
-            <Card className={!seatsAvailable ? "opacity-70" : ""}>
+            <Card>
                 <CardHeader>
                     <CardTitle>Invite Member</CardTitle>
                     <CardDescription>Invite new members to your organization.</CardDescription>
                 </CardHeader>
                 {!seatsAvailable && (
                     <div className="px-6 mb-4">
-                        <div className="flex items-start space-x-2.5 p-3 rounded-md border border-gray-700 bg-gray-800/50 text-gray-200 shadow-md">
-                            <AlertCircle className="h-4 w-4 text-amber-400 mt-0.5 flex-shrink-0" />
+                        <div className="flex items-start space-x-2.5 p-3 rounded-md border">
+                            <AlertTriangle className="h-4 w-4 text-warning mt-0.5 flex-shrink-0" />
                             <div className="flex-1">
-                                <p className="text-sm font-medium leading-tight text-white">
+                                <p className="text-sm font-bold">
                                     Maximum seats reached
                                 </p>
-                                <p className="text-xs mt-1 text-gray-300">
+                                <p className="text-xs mt-1 text-foreground">
                                     You&apos;ve reached the maximum number of seats for your license. Upgrade your plan to invite additional members.
                                 </p>
                             </div>

packages/web/src/app/(app)/settings/members/page.tsx

@@ -7,13 +7,14 @@ import { TabSwitcher } from "@/components/ui/tab-switcher";
 import { InvitesList } from "./components/invitesList";
 import { getOrgInvites, getMe, getOrgAccountRequests } from "@/actions";
 import { ServiceErrorException } from "@/lib/serviceError";
-import { SOURCEBOT_UNLIMITED_SEATS } from "@sourcebot/shared";
-import { getSeats, hasEntitlement } from "@/lib/entitlements";
+import { hasEntitlement } from "@/lib/entitlements";
 import { RequestsList } from "./components/requestsList";
 import { OrgRole } from "@sourcebot/db";
 import { NotificationDot } from "../../components/notificationDot";
 import { Badge } from "@/components/ui/badge";
 import { authenticatedPage } from "@/middleware/authenticatedPage";
+import { orgHasAvailability } from "@/lib/authUtils";
+import { getOfflineLicenseKey } from "@sourcebot/shared";
 
 type MembersSettingsPageProps = {
     searchParams: Promise<{
@@ -50,9 +51,8 @@ export default authenticatedPage<MembersSettingsPageProps>(async ({ org, role },
 
     const currentTab = tab || "members";
 
-    const seats = await getSeats();
-    const usedSeats = members.length
-    const seatsAvailable = seats === SOURCEBOT_UNLIMITED_SEATS || usedSeats < seats;
+    const hasAvailability = await orgHasAvailability(org.id);
+    const offlineLicenseKey = getOfflineLicenseKey();
 
     return (
         <div className="flex flex-col gap-6">
@@ -61,12 +61,12 @@ export default authenticatedPage<MembersSettingsPageProps>(async ({ org, role },
                     <h3 className="text-lg font-medium">Members</h3>
                     <p className="text-sm text-muted-foreground">Invite and manage members of your organization.</p>
                 </div>
-                {seats && seats !== SOURCEBOT_UNLIMITED_SEATS && (
+                {offlineLicenseKey?.seats && (
                     <div className="bg-card px-4 py-2 rounded-md border shadow-sm">
                         <div className="text-sm">
-                            <span className="text-foreground font-medium">{usedSeats}</span>
+                            <span className="text-foreground font-medium">{members.length}</span>
                             <span className="text-muted-foreground"> of </span>
-                            <span className="text-foreground font-medium">{seats}</span>
+                            <span className="text-foreground font-medium">{offlineLicenseKey.seats}</span>
                             <span className="text-muted-foreground"> seats used</span>
                         </div>
                     </div>
@@ -75,7 +75,7 @@ export default authenticatedPage<MembersSettingsPageProps>(async ({ org, role },
 
             <InviteMemberCard
                 currentUserRole={role}
-                seatsAvailable={seatsAvailable}
+                seatsAvailable={hasAvailability}
             />
 
             <Tabs value={currentTab}>
@@ -159,4 +159,7 @@ export default authenticatedPage<MembersSettingsPageProps>(async ({ org, role },
             </Tabs>
         </div>
     )
-}, { minRole: OrgRole.OWNER, redirectTo: '/settings' });
+}, {
+    minRole: OrgRole.OWNER,
+    redirectTo: '/settings'
+});

packages/web/src/app/invite/actions.ts

@@ -98,7 +98,7 @@ export const redeemInvite = async (inviteId: string): Promise<{ success: boolean
         });
     };
 
-    const hasAvailability = await orgHasAvailability();
+    const hasAvailability = await orgHasAvailability(invite.org.id);
     if (!hasAvailability) {
         await failAuditCallback("Organization is at max capacity");
         return {

packages/web/src/lib/authUtils.ts

@@ -2,11 +2,10 @@ import type { User as AuthJsUser } from "next-auth";
 import { __unsafePrisma } from "@/prisma";
 import { OrgRole } from "@sourcebot/db";
 import { SINGLE_TENANT_ORG_ID, SOURCEBOT_GUEST_USER_EMAIL, SOURCEBOT_GUEST_USER_ID, SOURCEBOT_SUPPORT_EMAIL } from "@/lib/constants";
-import { SOURCEBOT_UNLIMITED_SEATS } from "@sourcebot/shared";
-import { getSeats, hasEntitlement } from "@/lib/entitlements";
+import { hasEntitlement } from "@/lib/entitlements";
 import { isServiceError } from "@/lib/utils";
 import { orgNotFound, ServiceError, userNotFound } from "@/lib/serviceError";
-import { createLogger } from "@sourcebot/shared";
+import { createLogger, getOfflineLicenseKey } from "@sourcebot/shared";
 import { createAudit } from "@/ee/features/audit/audit";
 import { StatusCodes } from "http-status-codes";
 import { ErrorCode } from "./errorCodes";
@@ -49,7 +48,6 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
         }
     });
 
-    // We expect the default org to have been created on app initialization
     if (defaultOrg === null) {
         await createAudit({
             action: "user.creation_failed",
@@ -69,7 +67,8 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
         throw new Error("Default org not found on single tenant user creation");
     }
 
-    // If this is the first user to sign up, we make them the owner of the default org.
+    // First (non-guest) user to sign up bootstraps the org as its OWNER. This
+    // is how a fresh deployment gets its initial admin without manual setup.
     const isFirstUser = defaultOrg.members.length === 0;
     if (isFirstUser) {
         await __unsafePrisma.$transaction(async (tx) => {
@@ -104,8 +103,16 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
                 type: "org"
             }
         });
-    } else if (!defaultOrg.memberApprovalRequired) {
-        const hasAvailability = await orgHasAvailability();
+    }
+    
+    // Subsequent users auto-join as MEMBER only when the org is in open
+    // self-serve mode. If memberApprovalRequired is true, the user is left
+    // without a membership and must submit an AccountRequest for an owner to
+    // approve via addUserToOrganization.
+    else if (!defaultOrg.memberApprovalRequired) {
+        // Don't exceed the licensed seat count. The user row still exists;
+        // they just aren't attached to the org until a seat frees up.
+        const hasAvailability = await orgHasAvailability(defaultOrg.id);
         if (!hasAvailability) {
             logger.warn(`onCreateUser: org ${SINGLE_TENANT_ORG_ID} has reached max capacity. User ${user.id} was not added to the org.`);
             return;
@@ -189,30 +196,31 @@ export const createGuestUser = async (): Promise<ServiceError | boolean> => {
     return true;
 };
 
-export const orgHasAvailability = async (): Promise<boolean> => {
-    const org = await __unsafePrisma.org.findUnique({
+/**
+ * Checks to see if the given organization has seat availability.
+ * Seat availability is determined by the `seats` parameter in
+ * the offline license key, if available.
+ */
+export const orgHasAvailability = async (orgId: number): Promise<boolean> => {
+    const org = await __unsafePrisma.org.findUniqueOrThrow({
         where: {
-            id: SINGLE_TENANT_ORG_ID,
+            id: orgId,
         },
-    });
-
-    if (!org) {
-        logger.error(`orgHasAvailability: org not found for id ${SINGLE_TENANT_ORG_ID}`);
-        return false;
-    }
-    const members = await __unsafePrisma.userToOrg.findMany({
-        where: {
-            orgId: org.id,
-            role: {
-                not: OrgRole.GUEST,
+        include: {
+            members: {
+                where: {
+                    role: {
+                        not: OrgRole.GUEST
+                    }
+                }
             },
-        },
+        }
     });
 
-    const maxSeats = await getSeats();
-    const memberCount = members.length;
+    const licenseKey = getOfflineLicenseKey();
+    const memberCount = org.members.length;
 
-    if (maxSeats !== SOURCEBOT_UNLIMITED_SEATS && memberCount >= maxSeats) {
+    if (licenseKey && memberCount >= licenseKey?.seats) {
         logger.error(`orgHasAvailability: org ${org.id} has reached max capacity`);
         return false;
     }
@@ -243,7 +251,7 @@ export const addUserToOrganization = async (userId: string, orgId: number): Prom
         return orgNotFound();
     }
 
-    const hasAvailability = await orgHasAvailability();
+    const hasAvailability = await orgHasAvailability(org.id);
     if (!hasAvailability) {
         return {
             statusCode: StatusCodes.BAD_REQUEST,

packages/web/src/lib/entitlements.ts

@@ -1,5 +1,4 @@
 import {
-    getSeats as _getSeats,
     getEntitlements as _getEntitlements,
     hasEntitlement as _hasEntitlement,
     Entitlement,
@@ -19,11 +18,6 @@ const getSingleTenantLicense = async () => {
     }
 }
 
-export const getSeats = async () => {
-    const license = await getSingleTenantLicense();
-    return _getSeats(license);
-}
-
 export const getEntitlements = async () => {
     const license = await getSingleTenantLicense();
     return _getEntitlements(license);