Skip to content

Feat/organizations backend#5

Merged
rowforce merged 49 commits into
mainfrom
feat/organizations-backend
Jun 7, 2026
Merged

Feat/organizations backend#5
rowforce merged 49 commits into
mainfrom
feat/organizations-backend

Conversation

@rowforce

@rowforce rowforce commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

No description provided.

rowforce added 30 commits June 5, 2026 19:56
@rowforce
feat(db): add organizations schema (orgs, members, member roles, invi…
fc02f0e 
…tes)
@rowforce
feat(core): add organization models + App/ClientSession org fields
c4f5b60
@rowforce
feat(repo): organization create/member/role queries
7603cc9
@rowforce
feat(repo): persist active organization on client sessions
7b4931f
@rowforce
feat(repo): read organizations_enabled + org_creation_policy on apps
6b80bd9
@rowforce
feat(auth): include active org id in client access token
3a770c2
@rowforce
feat(api): org-aware role/permission resolution + appData org fields
7d4730f
@rowforce
feat(api): org-switch endpoint with membership enforcement
326fdf7
@rowforce
feat(auth): default single-org users into their active org at login
8b31f45
@rowforce
feat(api): make client CheckPermission organization-aware
e622693
@rowforce
fix(api): org-enabled apps with no active org resolve to empty roles/…
9ac7941 
…permissions
@rowforce
fix(api): re-validate org/member status + org→app ownership in role r…
b22810a 
…esolution and server permission check
@rowforce
feat(repo): organization write methods (unique-slug create, update, a…
cb092e2 
…rchive)
@rowforce
feat(repo): organization member list/set-role/remove/count-owners
4ff5631
@rowforce
feat(api): server org CRUD endpoints (create/list-for-user/get/rename…
c431ce2 
…/archive)
@rowforce
fix(api): atomic create-organization-with-owner; single 201 write
42412c8
@rowforce
feat(api): server org member endpoints (add-by-id/email, list, set-ti…
b9e8190 
…er, remove, get) + last-owner guard
@rowforce
fix(api): fail closed when owner count errors in last-owner guard; co…
db5b991 
…ver add-by-id + multi-owner guard
@rowforce
test(api): cover cross-app org 404 + foreign-pool owner 400 guards
ece9afc
@rowforce
fix(api): org server gate/management honor member+org status; gate cr…
75013b3 
…eate on organizations_enabled; add i18n key
@rowforce
style(ui): titles use Geist sans; drop Fraunces serif and purple titl…
5b5b69e 
…e dash

Switch every page/section title from the Fraunces serif to the existing
Geist sans stack and remove the magenta rule mark that preceded titles.

- theme: drop --font-serif var; MuiDialogTitle uses var(--font-sans)
- index.html: remove Fraunces from the Google Fonts import
- replace var(--font-serif) -> var(--font-sans) across all title usages
- remove the 28x2 dash in PageHeader (covers all PageHeader pages),
  the inline dash in AppUsers, and the rule in NotFound

Kept: eyebrow accent dots and the active-tab indicator.
@rowforce
feat(api): add scoped org-enable + list-orgs-for-app repo methods
b8ecb94
@rowforce
feat(api): add admin endpoint to toggle organizations_enabled
08eaff9
@rowforce
feat(api): add admin list-orgs + list-members endpoints with cross-ap…
bb5bec2 
…p gate
@rowforce
feat(api): add admin rename + archive organization endpoints
2aac11b
@rowforce
feat(ui): add AppOrganizations admin page component
4b584ea
@rowforce
feat(ui): wire Organizations nav item, route, and i18n
501ac5f
@rowforce
fix(api): enforce app-belongs-to-workspace in org admin handlers
ad6d324
@rowforce
fix(api): gate org membership on app membership, not user pool
2516035
@rowforce
fix(api): make org last-owner guard atomic; cap org name/slug length
f8e92d4
rowforce added 19 commits June 6, 2026 23:41
@rowforce
feat(api): server org DELETE hard-deletes the org (admin archive unch…
53c9e37 
…anged)
@rowforce
feat(ui): full-width org table + status filter (hide archived by defa…
464dc88 
…ult)
@rowforce
feat(api): add RestoreOrganization repo method (unarchive)
192ef71
@rowforce
feat(api): admin endpoint + route to restore an archived org
5b21058
@rowforce
feat(ui): restore button to unarchive an org in admin panel
02afd1e
@rowforce
fix(ui): archive dialog copy reflects in-panel restore
14bebdc
@rowforce
feat(api): org invite repo methods (create/get/list/revoke/accept) + …
93de429 
…statuses
@rowforce
feat(email): org invite email template + builder
cb754d9
@rowforce
feat(api): admin endpoint to permanently delete an archived org
fb0c7ff
@rowforce
feat(api): server org-invite endpoints (create/list/revoke) + email send
6c6f774
@rowforce
feat(ui): permanently delete an archived org from the admin panel
39d0935
@rowforce
refactor(api): extract shared client sign-in tail from magic-link con…
9daf9f1 
…sume
@rowforce
feat(api): public org-invite accept endpoint (join + sign-in)
65210ea
@rowforce
feat(orgs): scope organizations-enabled to the project
c98e355 
The 'Organizations enabled' toggle now applies to every app in a project
instead of a single app. The flag stays a per-app column (no schema
change); the value is duplicated across the project's apps and kept in
sync, so all read/enforcement paths are unchanged.

- repo: add SetProjectOrganizationsEnabled (bulk-update every app in a
  project, scoped to workspace+project); persist organizations_enabled in
  InsertApp; remove the now-unused single-app UpdateAppOrganizationsEnabled
- api: HandleUpdateAppOrganizationsEnabled validates the addressed app,
  bulk-sets the whole project, and returns that app; new apps inherit the
  project value (any sibling enabled -> enabled)
- ui: toggle help copy + success toast reflect project scope
@rowforce
fix(api): revoked org invite must not sign the invitee in
1917079
@rowforce
feat(ui): show org ID column in admin organizations table
3a44774 
Add an ID column (with copy-to-clipboard) between Name and Slug in the
app organizations admin table. Slug is retained as-is; the ID display
mirrors the existing App ID pattern in AppDetail.
@rowforce
feat(orgs): regenerate org slug on server-API rename
c684396 
ServerUpdateOrganization now silently re-derives the slug from the new
name (or honors an explicit slug), running it through a collision-safe
-2/-3 loop via the new UpdateOrganizationWithUniqueSlug repo method.
Renaming to the same name is idempotent (a row's own slug is not a
collision), so no spurious suffix is appended. Slug collisions resolve
to a suffix instead of a 409.

The admin rename endpoint is unchanged and still preserves the slug.
Pier (which sends name-only on rename) gets silent re-slugging with no
client changes.
@rowforce
feat(orgs): owner-only org delete on server API
26dece0 
ServerDeleteOrganization now requires ?actorUserId and verifies that user is an active owner of the org: 400 if absent, 403 if not an owner, 204 on success. The auth server becomes the referee, so a backend can't let an admin-tier member delete a tenant.
@rowforce
docs(readme): add organizations feature details
ca2a613
@rowforce rowforce merged commit a3896c2 into main Jun 7, 2026
3 checks passed
@rowforce rowforce deleted the feat/organizations-backend branch June 7, 2026 15:52
rowforce added a commit that referenced this pull request Jun 9, 2026
@rowforce
Merge feat/admin-org-create-invites: close remaining org gaps
cd38b66 
Admin can now create organizations, add existing app users, and manage
invites (list/create/revoke); the AppKit SDK gains first-class hooks for
self-serve org management (create/rename/archive, members, invites).
Closes gaps #3, #4, #5 and admin add-member from the earlier analysis.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rowforce