UNPKG

@accounter/server

Version:
50 lines (49 loc) 2.59 kB
import DataLoader from 'dataloader'; import type { BusinessMembership } from '../../../shared/types/auth.js'; import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js'; import { AuditLogsProvider } from '../../common/providers/audit-logs.provider.js'; import type { IInsertBusinessUserParams } from '../types.js'; import { AuthContextProvider } from './auth-context.provider.js'; import { Auth0ManagementProvider } from './auth0-management.provider.js'; /** A user linked to a business, enriched with their Auth0 identity. */ export type BusinessUserRecord = { id: string; email: string; name: string | null; roleId: string; createdAt: Date; }; export declare class BusinessUsersProvider { private db; private authContextProvider; private auth0ManagementProvider; private auditLogsProvider; constructor(db: TenantAwareDBClient, authContextProvider: AuthContextProvider, auth0ManagementProvider: Auth0ManagementProvider, auditLogsProvider: AuditLogsProvider); private batchBusinessUsersByAuth0Ids; getBusinessUsersByAuth0IdsLoader: DataLoader<string, import("../types.js").IGetBusinessUsersByAuth0IdsResult[], string>; /** * Resolve every business membership for an authenticated Auth0 user. * Reuses the batching loader; returns an empty array when the user has no * memberships. */ getMembershipsByAuth0UserId(auth0UserId: string): Promise<BusinessMembership[]>; insertBusinessUser(params: IInsertBusinessUserParams): Promise<import("../types.js").IInsertBusinessUserResult[]>; /** * List all users linked to the current business. * Restricted to business owners and strictly scoped to the caller's tenant. * Email/name are enriched from Auth0 (the identity system of record), with the * linked invitation email used as a fallback when an Auth0 lookup is unavailable. */ listBusinessUsers(): Promise<BusinessUserRecord[]>; /** * Remove a user's membership from the current business. * Restricted to business owners and strictly scoped to the caller's tenant, so * a membership belonging to another business can never be removed. Deleting the * relation does not touch the user's global Auth0 identity. * Owners cannot remove themselves, which would cause an immediate self-lockout * (and orphan the tenant if they were the sole owner). * Returns false when no matching membership exists in the current business. */ removeBusinessUser(userId: string): Promise<boolean>; private requireBusinessOwner; }