fix(webapp): org scoping issues in plan selection, alerts, pats and usage

[myftija]

Adds proper org scoping in a few places in the app.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7c8ec36

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Loader functions in several org-related routes now await and store the authenticated user's ID via requireUserId(request) and replace slug-only lookups with membership-aware queries (using findFirst and members: { some: { userId } }). Some imports in select-plan and tokens routes were changed to type-only imports. The personal access token revoke API now requires a userId parameter and the service enforces that an update affected a record (throws if none). Loader function signatures were trimmed of unused params and an exhaustive switch assertion was added in an action handler.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The description only contains a brief summary and does not follow the required PR template; it is missing the issue reference, checklist, testing steps, changelog, and screenshots sections specified by the repository template. Without these sections, reviewers lack context on the issue being closed, verification steps, or change details. This makes the PR description incomplete and not aligned with repository standards.	Please include the Closes # directive and complete the checklist from the contributing guide to ensure the PR follows repository conventions. Add detailed testing steps under the Testing section and summarize the changes in the Changelog section. Attach screenshots if the UI is affected to provide visual context.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title follows the project’s conventional commit style and clearly indicates that the change addresses organization scoping issues within the webapp. It concisely lists the affected areas—plan selection, alerts, personal access tokens, and usage—mirroring the main changes in the loader and service logic. This specificity helps teammates understand the primary focus of the PR at a glance.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-org-scoping-select-plan

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bfd8a2c and 7c8ec36.

📒 Files selected for processing (1)

• apps/webapp/app/services/personalAccessToken.server.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/webapp/app/services/personalAccessToken.server.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: typecheck / typecheck

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx (1)

74-79: Guard against invalid month query causing a crash.

If month is invalid, startDate.toISOString() will throw. Fallback to current month when Date parsing fails.

Apply:

-  const searchMonth = search.get("month");
-  const startDate = searchMonth ? new Date(decodeURIComponent(searchMonth)) : months[0];
+  const searchMonth = search.get("month");
+  const candidateDate = searchMonth ? new Date(decodeURIComponent(searchMonth)) : months[0];
+  const startDate = isNaN(candidateDate.getTime()) ? months[0] : candidateDate;
   startDate.setUTCDate(1);
   startDate.setUTCHours(0, 0, 0, 0);

🧹 Nitpick comments (3)

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx (1)

57-59: Good: membership‑scoped org lookup.

Using findFirst with members.some guards access by membership. Consider also filtering out deleted orgs and selecting only needed fields.

Apply:

-  const organization = await prisma.organization.findFirst({
-    where: { slug: organizationSlug, members: { some: { userId } } },
-  });
+  const organization = await prisma.organization.findFirst({
+    where: { slug: organizationSlug, members: { some: { userId } }, deletedAt: null },
+    select: { id: true },
+  });

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx (2)

58-60: Good: membership‑scoped org lookup. Also filter deleted and select only id.

Tight scoping looks good. For consistency with other presenters, add deletedAt: null. Select only id to reduce payload.

Apply:

-  const organization = await prisma.organization.findFirst({
-    where: { slug: organizationSlug, members: { some: { userId } } },
-  });
+  const organization = await prisma.organization.findFirst({
+    where: { slug: organizationSlug, members: { some: { userId } }, deletedAt: null },
+    select: { id: true },
+  });

---

117-120: Mirror deleted‑org filter in action lookup (and select only id).

Keep loader/action logic aligned; avoid acting on deleted orgs and trim selection.

Apply:

-    const organization = await prisma.organization.findFirst({
-      where: { slug: organizationSlug, members: { some: { userId } } },
-    });
+    const organization = await prisma.organization.findFirst({
+      where: { slug: organizationSlug, members: { some: { userId } }, deletedAt: null },
+      select: { id: true },
+    });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6f9f1d5 and bfd8a2c.

📒 Files selected for processing (4)

• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx (1 hunks)
• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx (1 hunks)
• apps/webapp/app/routes/account.tokens/route.tsx (5 hunks)
• apps/webapp/app/services/personalAccessToken.server.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (5)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Always prefer using isomorphic code like fetch, ReadableStream, etc. instead of Node.js specific code
For TypeScript, we usually use types over interfaces
Avoid enums
No default exports, use function declarations

Files:

• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx
• apps/webapp/app/services/personalAccessToken.server.ts
• apps/webapp/app/routes/account.tokens/route.tsx
• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx

{packages/core,apps/webapp}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

We use zod a lot in packages/core and in the webapp

Files:

• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx
• apps/webapp/app/services/personalAccessToken.server.ts
• apps/webapp/app/routes/account.tokens/route.tsx
• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx

apps/webapp/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

When importing from @trigger.dev/core in the webapp, never import the root package path; always use one of the documented subpath exports from @trigger.dev/core’s package.json

Files:

• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx
• apps/webapp/app/services/personalAccessToken.server.ts
• apps/webapp/app/routes/account.tokens/route.tsx
• apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx

{apps/webapp/app/**/*.server.{ts,tsx},apps/webapp/app/routes/**/*.ts}

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

Access environment variables only via the env export from app/env.server.ts; do not reference process.env directly

Files:

• apps/webapp/app/services/personalAccessToken.server.ts

apps/webapp/app/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/webapp.mdc)

Modules intended for test consumption under apps/webapp/app/**/*.ts must not read environment variables; accept configuration via options instead

Files:

• apps/webapp/app/services/personalAccessToken.server.ts

🧬 Code graph analysis (3)

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx (4)

apps/webapp/app/presenters/OrganizationsPresenter.server.ts (1)

• userId (126-168)

apps/webapp/app/services/session.server.ts (1)

• requireUserId (25-35)

apps/webapp/app/utils/pathBuilder.ts (2)

• OrganizationParamsSchema (18-20)
• organizationPath (92-94)

apps/webapp/app/features.server.ts (1)

• featuresForRequest (22-25)

apps/webapp/app/routes/account.tokens/route.tsx (1)

apps/webapp/app/services/personalAccessToken.server.ts (1)

• revokePersonalAccessToken (82-92)

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx (4)

apps/webapp/app/presenters/OrganizationsPresenter.server.ts (1)

• userId (126-168)

apps/webapp/app/services/session.server.ts (1)

• requireUserId (25-35)

apps/webapp/app/utils/pathBuilder.ts (2)

• OrganizationParamsSchema (18-20)
• organizationPath (92-94)

apps/webapp/app/features.server.ts (1)

• featuresForRequest (22-25)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (23)

• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: typecheck / typecheck
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (6)

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.usage/route.tsx (1)

49-49: Auth check order changed — verify redirect behavior on self‑hosted.

Requiring auth before the isManagedCloud redirect may now send unauthenticated users to /login instead of the org page on self‑hosted. Confirm this is desired.

apps/webapp/app/routes/_app.orgs.$organizationSlug.settings.billing-alerts/route.tsx (1)

50-50: Auth check order changed — verify redirect behavior on self‑hosted.

Requiring auth before the isManagedCloud redirect may change unauthenticated behavior. Confirm this is intentional.

apps/webapp/app/routes/account.tokens/route.tsx (4)

6-8: Type‑only imports: nice cleanup.

---

55-75: Loader signature simplification LGTM.

---

115-115: Revoke call wired with userId — OK.

Ensure service uses an ownership‑guarded update (see suggested updateMany change) and propagates a clear error when no token is affected.

---

127-127: Exhaustive switch assertion: good defensive typing.