address comments

Author: icecrasher321

apps/sim/app/api/invitations/[id]/reject/route.ts

@@ -51,7 +51,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     actorEmail: session.user.email ?? undefined,
     action:
       inv.kind === 'workspace'
-        ? AuditAction.INVITATION_REVOKED
+        ? AuditAction.INVITATION_REJECTED
         : AuditAction.ORG_INVITATION_REJECTED,
     resourceType:
       inv.kind === 'workspace' ? AuditResourceType.WORKSPACE : AuditResourceType.ORGANIZATION,

apps/sim/app/api/invitations/[id]/resend/route.ts

@@ -1,11 +1,12 @@
 import { db } from '@sim/db'
-import { member, user } from '@sim/db/schema'
+import { user } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq } from 'drizzle-orm'
+import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { getOrganizationSubscription } from '@/lib/billing/core/billing'
+import { isOrganizationOwnerOrAdmin } from '@/lib/billing/core/organization'
 import { isEnterprise, isTeam } from '@/lib/billing/plan-helpers'
 import { hasUsableSubscriptionStatus } from '@/lib/billing/subscriptions/utils'
 import { getInvitationById } from '@/lib/invitations/core'
@@ -19,15 +20,6 @@ import { getWorkspaceInvitePolicy } from '@/lib/workspaces/policy'
 
 const logger = createLogger('InvitationResendAPI')
 
-async function isOrgAdmin(userId: string, organizationId: string): Promise<boolean> {
-  const [row] = await db
-    .select({ role: member.role })
-    .from(member)
-    .where(and(eq(member.userId, userId), eq(member.organizationId, organizationId)))
-    .limit(1)
-  return row?.role === 'owner' || row?.role === 'admin'
-}
-
 export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const session = await getSession()
@@ -47,7 +39,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
 
     let canResend = false
     if (inv.organizationId) {
-      canResend = await isOrgAdmin(session.user.id, inv.organizationId)
+      canResend = await isOrganizationOwnerOrAdmin(session.user.id, inv.organizationId)
     }
     if (!canResend && inv.grants.length > 0) {
       const adminChecks = await Promise.all(

apps/sim/app/api/invitations/[id]/route.ts

@@ -1,25 +1,17 @@
 import { db } from '@sim/db'
-import { invitation, invitationWorkspaceGrant, member } from '@sim/db/schema'
+import { invitation, invitationWorkspaceGrant } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
+import { isOrganizationOwnerOrAdmin } from '@/lib/billing/core/organization'
 import { cancelInvitation, getInvitationById, normalizeEmail } from '@/lib/invitations/core'
 import { hasWorkspaceAdminAccess } from '@/lib/workspaces/permissions/utils'
 
 const logger = createLogger('InvitationsAPI')
 
-async function isOrgAdmin(userId: string, organizationId: string): Promise<boolean> {
-  const [row] = await db
-    .select({ role: member.role })
-    .from(member)
-    .where(and(eq(member.userId, userId), eq(member.organizationId, organizationId)))
-    .limit(1)
-  return row?.role === 'owner' || row?.role === 'admin'
-}
-
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
   const session = await getSession()
@@ -40,7 +32,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
 
     let hasAdminView = false
     if (inv.organizationId) {
-      hasAdminView = await isOrgAdmin(session.user.id, inv.organizationId)
+      hasAdminView = await isOrganizationOwnerOrAdmin(session.user.id, inv.organizationId)
     }
     if (!hasAdminView && inv.grants.length > 0) {
       const adminChecks = await Promise.all(
@@ -131,7 +123,7 @@ export async function PATCH(request: NextRequest, { params }: { params: Promise<
           { status: 400 }
         )
       }
-      if (!(await isOrgAdmin(session.user.id, inv.organizationId))) {
+      if (!(await isOrganizationOwnerOrAdmin(session.user.id, inv.organizationId))) {
         return NextResponse.json(
           { error: 'Only an organization owner or admin can change invitation roles' },
           { status: 403 }
@@ -181,7 +173,7 @@ export async function PATCH(request: NextRequest, { params }: { params: Promise<
       actorId: session.user.id,
       actorName: session.user.name ?? undefined,
       actorEmail: session.user.email ?? undefined,
-      action: AuditAction.ORG_INVITATION_CREATED,
+      action: AuditAction.ORG_INVITATION_UPDATED,
       resourceType: AuditResourceType.ORGANIZATION,
       resourceId: inv.organizationId ?? inv.id,
       description: `Updated invitation for ${inv.email}`,
@@ -220,7 +212,7 @@ export async function DELETE(
 
     let canCancel = false
     if (inv.organizationId) {
-      canCancel = await isOrgAdmin(session.user.id, inv.organizationId)
+      canCancel = await isOrganizationOwnerOrAdmin(session.user.id, inv.organizationId)
     }
     if (!canCancel && inv.grants.length > 0) {
       const adminChecks = await Promise.all(

apps/sim/lib/audit/types.ts

@@ -70,6 +70,7 @@ export const AuditAction = {
 
   // Invitations
   INVITATION_ACCEPTED: 'invitation.accepted',
+  INVITATION_REJECTED: 'invitation.rejected',
   INVITATION_RESENT: 'invitation.resent',
   INVITATION_REVOKED: 'invitation.revoked',
 
@@ -118,6 +119,7 @@ export const AuditAction = {
   ORG_MEMBER_REMOVED: 'org_member.removed',
   ORG_MEMBER_ROLE_CHANGED: 'org_member.role_changed',
   ORG_INVITATION_CREATED: 'org_invitation.created',
+  ORG_INVITATION_UPDATED: 'org_invitation.updated',
   ORG_INVITATION_ACCEPTED: 'org_invitation.accepted',
   ORG_INVITATION_REJECTED: 'org_invitation.rejected',
   ORG_INVITATION_CANCELLED: 'org_invitation.cancelled',

apps/sim/lib/core/config/feature-flags.ts

@@ -29,7 +29,7 @@ try {
 } catch {
   // invalid URL — isHosted stays false
 }
-export const isHosted = true
+export const isHosted = appHostname === 'sim.ai' || appHostname.endsWith('.sim.ai')
 
 /**
  * Is billing enforcement enabled

packages/testing/src/mocks/audit.mock.ts

@@ -74,6 +74,7 @@ export const auditMock = {
     FORM_UPDATED: 'form.updated',
     FORM_DELETED: 'form.deleted',
     INVITATION_ACCEPTED: 'invitation.accepted',
+    INVITATION_REJECTED: 'invitation.rejected',
     INVITATION_RESENT: 'invitation.resent',
     INVITATION_REVOKED: 'invitation.revoked',
     CONNECTOR_CREATED: 'connector.created',
@@ -102,6 +103,7 @@ export const auditMock = {
     ORG_MEMBER_REMOVED: 'org_member.removed',
     ORG_MEMBER_ROLE_CHANGED: 'org_member.role_changed',
     ORG_INVITATION_CREATED: 'org_invitation.created',
+    ORG_INVITATION_UPDATED: 'org_invitation.updated',
     ORG_INVITATION_ACCEPTED: 'org_invitation.accepted',
     ORG_INVITATION_REJECTED: 'org_invitation.rejected',
     ORG_INVITATION_CANCELLED: 'org_invitation.cancelled',