feat: enhance team account creation with policy checks and UI updates (#436)

* feat: enhance team account creation with policy checks and UI updates
2026-01-06 12:50:18 +01:00
parent ab57b24518
commit 5237d34e6f
14 changed files with 223 additions and 39 deletions
--- a/apps/web/app/home/(user)/_lib/server/load-user-workspace.ts
+++ b/apps/web/app/home/(user)/_lib/server/load-user-workspace.ts
@@ -2,6 +2,7 @@ import { cache } from 'react';

 import { createAccountsApi } from '@kit/accounts/api';
 import { getSupabaseServerClient } from '@kit/supabase/server-client';
+import { createAccountCreationPolicyEvaluator } from '@kit/team-accounts/policies';

 import featureFlagsConfig from '~/config/feature-flags.config';
 import { requireUserInServerComponent } from '~/lib/server/require-user-in-server-component';
@@ -34,9 +35,41 @@ async function workspaceLoader() {
    requireUserInServerComponent(),
  ]);

+  // Check if user can create team accounts (policy check)
+  const canCreateTeamAccount = shouldLoadAccounts
+    ? await checkCanCreateTeamAccount(user.id)
+    : { allowed: false, reason: undefined };
+
  return {
    accounts,
    workspace,
    user,
+    canCreateTeamAccount,
+  };
+}
+
+/**
+ * Check if the user can create a team account based on policies.
+ * Preliminary checks run without account name - name validation happens during submission.
+ */
+async function checkCanCreateTeamAccount(userId: string) {
+  const evaluator = createAccountCreationPolicyEvaluator();
+  const hasPolicies = await evaluator.hasPoliciesForStage('preliminary');
+
+  if (!hasPolicies) {
+    return { allowed: true, reason: undefined };
+  }
+
+  const context = {
+    timestamp: new Date().toISOString(),
+    userId,
+    accountName: '',
+  };
+
+  const result = await evaluator.canCreateAccount(context, 'preliminary');
+
+  return {
+    allowed: result.allowed,
+    reason: result.reasons[0],
  };
 }