feat: enhance team account creation with policy checks and UI updates (#436)

* feat: enhance team account creation with policy checks and UI updates
2026-01-06 12:50:18 +01:00
parent ab57b24518
commit 5237d34e6f
14 changed files with 223 additions and 39 deletions
--- a/packages/features/team-accounts/src/server/actions/create-team-account-server-actions.ts
+++ b/packages/features/team-accounts/src/server/actions/create-team-account-server-actions.ts
@@ -7,6 +7,7 @@ import { getLogger } from '@kit/shared/logger';
 import { getSupabaseServerClient } from '@kit/supabase/server-client';

 import { CreateTeamSchema } from '../../schema/create-team.schema';
+import { createAccountCreationPolicyEvaluator } from '../policies';
 import { createCreateTeamAccountService } from '../services/create-team-account.service';

 export const createTeamAccountAction = enhanceAction(
@@ -23,19 +24,40 @@ export const createTeamAccountAction = enhanceAction(

    logger.info(ctx, `Creating team account...`);

-    const { data, error } = await service.createNewOrganizationAccount({
+    // Check policies before creating
+    const evaluator = createAccountCreationPolicyEvaluator();
+
+    if (await evaluator.hasPoliciesForStage('submission')) {
+      const policyContext = {
+        timestamp: new Date().toISOString(),
+        userId: user.id,
+        accountName: name,
+      };
+
+      const result = await evaluator.canCreateAccount(
+        policyContext,
+        'submission',
+      );
+
+      if (!result.allowed) {
+        logger.warn(
+          { ...ctx, reasons: result.reasons },
+          `Policy denied team account creation`,
+        );
+
+        return {
+          error: true,
+          message: result.reasons[0] ?? 'Policy denied account creation',
+        };
+      }
+    }
+
+    // Service throws on error, so no need to check for error
+    const { data } = await service.createNewOrganizationAccount({
      name,
      userId: user.id,
    });

-    if (error) {
-      logger.error({ ...ctx, error }, `Failed to create team account`);
-
-      return {
-        error: true,
-      };
-    }
-
    logger.info(ctx, `Team account created`);

    const accountHomePath = '/home/' + data.slug;