UNPKG

@accounter/server

Version:
58 lines (57 loc) 2.8 kB
import DataLoader from 'dataloader'; import { AdminContextProvider } from '../../admin-context/providers/admin-context.provider.js'; import { TenantAwareDBClient } from '../../app-providers/tenant-db-client.js'; import { AuditLogsProvider } from '../../common/providers/audit-logs.provider.js'; import { AuthContextProvider } from './auth-context.provider.js'; import { BusinessUsersProvider } from './business-users.provider.js'; /** Stored invitation as listed for management (never exposes the one-time token). */ export type BusinessInvitationRecord = { id: string; email: string; roleId: string; expiresAt: Date; }; export declare class InvitationsProvider { private db; private adminContextProvider; private businessUsersProvider; private auditLogsProvider; private authContextProvider; constructor(db: TenantAwareDBClient, adminContextProvider: AdminContextProvider, businessUsersProvider: BusinessUsersProvider, auditLogsProvider: AuditLogsProvider, authContextProvider: AuthContextProvider); private batchInvitationsByEmails; getInvitationByEmailLoader: DataLoader<string, import("../types.js").IGetActiveInvitationsByEmailsResult[], string>; private batchInvitationsByTokens; getInvitationByTokensLoader: DataLoader<string, import("../types.js").IGetInvitationsByTokensResult[], string>; insertInvitation({ email, roleId, auth0UserId, invitedByUserId, ownerId, }: { email: string; roleId: string; auth0UserId: string; invitedByUserId: string; ownerId: string; }): Promise<{ id: string; email: string; roleId: string; expiresAt: Date; token: string; }>; /** * List the pending invitations for the current business. * Restricted to business owners and strictly scoped to the caller's tenant. * The one-time invitation token is never exposed. */ listInvitations(): Promise<BusinessInvitationRecord[]>; /** * Revoke (hard-delete) a pending invitation. * Restricted to business owners and strictly scoped to the caller's tenant, so * an invitation belonging to another business can never be revoked. Already * accepted invitations are not revocable. The pending placeholder membership * created alongside the invitation is removed too, so it does not linger as a * ghost user. The Auth0 user is intentionally left untouched: the same blocked * user may be shared by invitations across businesses (and is reused on * re-invite), so deleting it here could break unrelated tenants. * Returns false when no matching pending invitation exists in the current business. */ revokeInvitation(invitationId: string): Promise<boolean>; private requireBusinessOwner; }