@accounter/server
Version:
Accounter GraphQL server
50 lines (49 loc) • 2.59 kB
TypeScript
import DataLoader from 'dataloader';
import type { BusinessMembership } from '../../../shared/types/auth.js';
import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js';
import { AuditLogsProvider } from '../../common/providers/audit-logs.provider.js';
import type { IInsertBusinessUserParams } from '../types.js';
import { AuthContextProvider } from './auth-context.provider.js';
import { Auth0ManagementProvider } from './auth0-management.provider.js';
/** A user linked to a business, enriched with their Auth0 identity. */
export type BusinessUserRecord = {
id: string;
email: string;
name: string | null;
roleId: string;
createdAt: Date;
};
export declare class BusinessUsersProvider {
private db;
private authContextProvider;
private auth0ManagementProvider;
private auditLogsProvider;
constructor(db: TenantAwareDBClient, authContextProvider: AuthContextProvider, auth0ManagementProvider: Auth0ManagementProvider, auditLogsProvider: AuditLogsProvider);
private batchBusinessUsersByAuth0Ids;
getBusinessUsersByAuth0IdsLoader: DataLoader<string, import("../types.js").IGetBusinessUsersByAuth0IdsResult[], string>;
/**
* Resolve every business membership for an authenticated Auth0 user.
* Reuses the batching loader; returns an empty array when the user has no
* memberships.
*/
getMembershipsByAuth0UserId(auth0UserId: string): Promise<BusinessMembership[]>;
insertBusinessUser(params: IInsertBusinessUserParams): Promise<import("../types.js").IInsertBusinessUserResult[]>;
/**
* List all users linked to the current business.
* Restricted to business owners and strictly scoped to the caller's tenant.
* Email/name are enriched from Auth0 (the identity system of record), with the
* linked invitation email used as a fallback when an Auth0 lookup is unavailable.
*/
listBusinessUsers(): Promise<BusinessUserRecord[]>;
/**
* Remove a user's membership from the current business.
* Restricted to business owners and strictly scoped to the caller's tenant, so
* a membership belonging to another business can never be removed. Deleting the
* relation does not touch the user's global Auth0 identity.
* Owners cannot remove themselves, which would cause an immediate self-lockout
* (and orphan the tenant if they were the sole owner).
* Returns false when no matching membership exists in the current business.
*/
removeBusinessUser(userId: string): Promise<boolean>;
private requireBusinessOwner;
}