Phase 2 tweaks: admin tenant creation, unit delete, frequency, UI overhaul

- Admin panel: create tenants with org + first user, manage org status (active/suspended/archived), contract number and plan level fields - Units: delete with invoice check, assessment group dropdown binding - Assessment groups: frequency field (monthly/quarterly/annual) with income calculations normalized to monthly equivalents - Sidebar: grouped nav sections (Financials, Assessments, Transactions, Planning, Reports, Admin), renamed Chart of Accounts to Accounts - Header: replaced text with SVG logo - Capital projects: Kanban as default view, table-only PDF export, Future category (beyond 5-year plan) - Auth: block login for suspended/archived organizations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 20:00:16 -05:00
parent 01502e07bc
commit 17fdacc0f2
20 changed files with 992 additions and 148 deletions
--- a/backend/src/modules/auth/auth.service.ts
+++ b/backend/src/modules/auth/auth.service.ts
@@ -50,7 +50,22 @@ export class AuthService {
  async login(user: User) {
    await this.usersService.updateLastLogin(user.id);
    const fullUser = await this.usersService.findByIdWithOrgs(user.id);
-    return this.generateTokenResponse(fullUser || user);
+    const u = fullUser || user;
+
+    // Check if user's organizations are all suspended/archived
+    const orgs = u.userOrganizations || [];
+    if (orgs.length > 0 && !u.isSuperadmin) {
+      const activeOrgs = orgs.filter(
+        (uo) => uo.organization && !['suspended', 'archived'].includes(uo.organization.status),
+      );
+      if (activeOrgs.length === 0) {
+        throw new UnauthorizedException(
+          'Your organization has been suspended. Please contact your administrator.',
+        );
+      }
+    }
+
+    return this.generateTokenResponse(u);
  }

  async getProfile(userId: string) {