refactor project team

Author: jamesholcombe

packages/api/src/authz/service.ts

@@ -372,46 +372,6 @@ export class AuthorizationService {
     return permissions.includes(action);
   }
 
-  /**
-   * Sync user organization role
-   */
-  async syncUserOrganizationRole(
-    userId: string,
-    organizationId: string,
-    role: string
-  ): Promise<void> {
-    try {
-      // This would typically update the user's role in the database
-      // For now, we'll just log it
-      console.log(
-        `Syncing user ${userId} role ${role} for organization ${organizationId}`
-      );
-    } catch (error) {
-      console.error("Error syncing user organization role:", error);
-      throw new ApiError("Failed to sync user role", 500);
-    }
-  }
-
-  /**
-   * Sync user project role
-   */
-  async syncUserProjectRole(
-    userId: string,
-    projectId: string,
-    role: string
-  ): Promise<void> {
-    try {
-      // This would typically update the user's role in the database
-      // For now, we'll just log it
-      console.log(
-        `Syncing user ${userId} role ${role} for project ${projectId}`
-      );
-    } catch (error) {
-      console.error("Error syncing user project role:", error);
-      throw new ApiError("Failed to sync user role", 500);
-    }
-  }
-
   /**
    * Remove user roles
    */

packages/api/src/config/index.ts

@@ -1,22 +1,22 @@
-import dotenv from 'dotenv';
+import dotenv from "dotenv";
 
 dotenv.config();
 
 export const config = {
-  port: parseInt(process.env.PORT || '3001', 10),
-  nodeEnv: process.env.NODE_ENV || 'development',
+  port: parseInt(process.env.PORT || "3001", 10),
+  nodeEnv: process.env.NODE_ENV || "development",
   database: {
-    url: process.env.DATABASE_URL || '',
+    url: process.env.DATABASE_URL || "",
   },
   clerk: {
-    secretKey: process.env.CLERK_SECRET_KEY || '',
+    secretKey: process.env.CLERK_SECRET_KEY || "",
   },
   cors: {
-    origin: process.env.CORS_ORIGIN || 'http://localhost:3000',
+    origin: process.env.CORS_ORIGIN || "http://localhost:3000",
   },
   rateLimit: {
-    windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || '900000', 10), // 15 minutes
-    maxRequests: parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '100', 10),
+    windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || "900000", 10), // 15 minutes
+    maxRequests: parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || "1000", 10),
   },
 } as const;
 

packages/api/src/routes/organizations.ts

@@ -129,9 +129,20 @@ router.get(
   validateParams(getOrganizationParams),
   asyncHandler(async (req, res) => {
     const { organizationId } = req.params as { organizationId: string };
-
-    const members = await getOrganizationMembers(organizationId);
-    sendSuccess(res, members, "Organization members retrieved successfully");
+    const search = req.query.search as string;
+    const page = parseInt(req.query.page as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 100;
+    const excludeProjectMembers = req.query.excludeProjectMembers as string;
+
+    const result = await getOrganizationMembers(organizationId, {
+      search,
+      page,
+      pageSize,
+      ...(excludeProjectMembers && {
+        excludeProjectMembers: excludeProjectMembers.split(","),
+      }),
+    });
+    sendSuccess(res, result, "Organization members retrieved successfully");
   })
 );
 

packages/api/src/routes/projects.ts

@@ -18,14 +18,24 @@ import {
   getProjectForUser,
   createProject,
   updateProject,
+  addTeamMember,
+  updateTeamMemberRole,
+  removeTeamMember,
+  deleteProject,
 } from "../services/db/projects";
+import {
+  sendProjectInvitation,
+  acceptProjectInvitation,
+  declineProjectInvitation,
+} from "../services/db/project-invitations";
 import {
   getDashboardStats,
   getZones,
   getProjectCentroidGeoJSON,
   getLocationsForProject,
   getProjectTeamMembers,
 } from "../services/db/dashboard";
+import { getOrganizationMembers } from "../services/db/organizations";
 import { ApiError } from "../types";
 import { projectInsertSchema } from "@common/db/schema/project";
 
@@ -55,6 +65,21 @@ const getProjectParams = z.object({
   projectId: z.string(),
 });
 
+const addTeamMemberBodySchema = z.object({
+  userId: z.string(),
+  role: z.enum(["ADMIN", "CONTRIBUTOR", "VIEWER"]),
+});
+
+const updateTeamMemberRoleBodySchema = z.object({
+  role: z.enum(["ADMIN", "CONTRIBUTOR", "VIEWER"]),
+});
+
+const sendProjectInvitationBodySchema = z.object({
+  email: z.string().email("Invalid email address"),
+  role: z.enum(["ADMIN", "CONTRIBUTOR", "VIEWER"]),
+  message: z.string().optional(),
+});
+
 // Create a new project
 router.post(
   "/",
@@ -212,25 +237,172 @@ router.get(
   })
 );
 
-// Get project team members
+// Get project team access (both direct and organization access)
 router.get(
-  "/:projectId/dashboard/team",
+  "/:projectId/team-access",
   extractOrganizationContext,
   requireProjectView(),
   validateParams(getProjectParams),
   asyncHandler(async (req, res) => {
     const { projectId } = req.params as { projectId: string };
-    const page = parseInt(req.query.page as string) || 1;
-    const pageSize = parseInt(req.query.pageSize as string) || 100;
+    const organizationId = req.organizationId!;
     const search = req.query.search as string;
+    const page = parseInt(req.query.page as string) || 1;
+    const pageSize = parseInt(req.query.pageSize as string) || 10;
 
-    const team = await getProjectTeamMembers(projectId, {
+    // Get direct project team members
+    const directTeam = await getProjectTeamMembers(projectId, {
       search,
       page,
       pageSize,
     });
 
-    sendSuccess(res, team, "Project team members retrieved successfully");
+    // Get organization members (excluding direct project members)
+    const directMemberUserIds = directTeam.users.map(
+      (member) => member.user.id
+    );
+    const organizationMembers = await getOrganizationMembers(organizationId, {
+      search,
+      page,
+      pageSize,
+      excludeProjectMembers: directMemberUserIds,
+    });
+
+    const result = {
+      directAccess: directTeam,
+      organizationAccess: organizationMembers,
+    };
+
+    sendSuccess(res, result, "Project team access retrieved successfully");
+  })
+);
+
+// Add team member to project
+router.post(
+  "/:projectId/team-members",
+  extractOrganizationContext,
+  requireProjectManage(),
+  validateParams(getProjectParams),
+  validateBody(addTeamMemberBodySchema),
+  asyncHandler(async (req, res) => {
+    const { projectId } = req.params as { projectId: string };
+    const { userId, role } = req.body as z.infer<
+      typeof addTeamMemberBodySchema
+    >;
+
+    await addTeamMember(projectId, userId, role);
+
+    sendSuccess(res, null, "Team member added successfully");
+  })
+);
+
+// Update team member role
+router.put(
+  "/:projectId/team-members/:userId",
+  extractOrganizationContext,
+  requireProjectManage(),
+  validateParams(getProjectParams.extend({ userId: z.string() })),
+  validateBody(updateTeamMemberRoleBodySchema),
+  asyncHandler(async (req, res) => {
+    const { projectId, userId } = req.params as {
+      projectId: string;
+      userId: string;
+    };
+    const { role } = req.body as z.infer<typeof updateTeamMemberRoleBodySchema>;
+
+    await updateTeamMemberRole(projectId, userId, role);
+
+    sendSuccess(res, null, "Team member role updated successfully");
+  })
+);
+
+// Remove team member from project
+router.delete(
+  "/:projectId/team-members/:userId",
+  extractOrganizationContext,
+  requireProjectManage(),
+  validateParams(getProjectParams.extend({ userId: z.string() })),
+  asyncHandler(async (req, res) => {
+    const { projectId, userId } = req.params as {
+      projectId: string;
+      userId: string;
+    };
+
+    await removeTeamMember(projectId, userId);
+
+    sendSuccess(res, null, "Team member removed successfully");
+  })
+);
+
+// Delete project
+router.delete(
+  "/:projectId",
+  extractOrganizationContext,
+  requireProjectManage(),
+  validateParams(getProjectParams),
+  asyncHandler(async (req, res) => {
+    const { projectId } = req.params as { projectId: string };
+
+    await deleteProject(projectId);
+
+    sendSuccess(res, null, "Project deleted successfully");
+  })
+);
+
+// Send project invitation
+router.post(
+  "/:projectId/invitations",
+  extractOrganizationContext,
+  requireProjectManage(),
+  validateParams(getProjectParams),
+  validateBody(sendProjectInvitationBodySchema),
+  asyncHandler(async (req, res) => {
+    const { projectId } = req.params as { projectId: string };
+    const userId = req.user!.id;
+    const { email, role, message } = req.body as z.infer<
+      typeof sendProjectInvitationBodySchema
+    >;
+
+    const invitation = await sendProjectInvitation(
+      projectId,
+      userId,
+      email,
+      role,
+      message
+    );
+
+    sendSuccess(res, invitation, "Project invitation sent successfully", 201);
+  })
+);
+
+// Accept project invitation
+router.post(
+  "/invitations/:invitationId/accept",
+  authenticateUser,
+  mapAuthToUser,
+  validateParams(z.object({ invitationId: z.string() })),
+  asyncHandler(async (req, res) => {
+    const { invitationId } = req.params as { invitationId: string };
+    const userId = req.user!.id;
+
+    await acceptProjectInvitation(invitationId, userId);
+
+    sendSuccess(res, null, "Project invitation accepted successfully");
+  })
+);
+
+// Decline project invitation
+router.post(
+  "/invitations/:invitationId/decline",
+  authenticateUser,
+  mapAuthToUser,
+  validateParams(z.object({ invitationId: z.string() })),
+  asyncHandler(async (req, res) => {
+    const { invitationId } = req.params as { invitationId: string };
+
+    await declineProjectInvitation(invitationId);
+
+    sendSuccess(res, null, "Project invitation declined successfully");
   })
 );