fix(webapp): enforce manage:billing on billing/plan/portal routes

matt-aitken · matt-aitken · commit 58c22ba36893 · 2026-06-15T16:00:44.000+01:00
Migrate the billing settings, standalone select-plan page, select-plan
mutation, billing-alerts (loader + action), and Stripe customer-portal
routes to dashboardLoader/dashboardAction with a manage:billing
authorization block, resolving the org for the auth scope from the URL
slug. The isManagedCloud guards and org-membership queries are unchanged;
gating the page loaders means denied roles can't reach the billing UI at
all. Permissive in OSS, enforced under the enterprise plugin.
diff --git a/apps/webapp/app/routes/_app.orgs.$organizationSlug_.select-plan/route.tsx b/apps/webapp/app/routes/_app.orgs.$organizationSlug_.select-plan/route.tsx
@@ -1,48 +1,61 @@
-import { type LoaderFunctionArgs } from "@remix-run/server-runtime";
 import { redirect, typedjson, useTypedLoaderData } from "remix-typedjson";
 import { BackgroundWrapper } from "~/components/BackgroundWrapper";
 import { AppContainer, MainBody, PageBody } from "~/components/layout/AppLayout";
 import { Header1 } from "~/components/primitives/Headers";
-import { prisma } from "~/db.server";
+import { $replica, prisma } from "~/db.server";
 import { featuresForRequest } from "~/features.server";
 import { getCurrentPlan, getPlans } from "~/services/platform.v3.server";
-import { requireUserId } from "~/services/session.server";
+import { dashboardLoader } from "~/services/routeBuilders/dashboardBuilder";
 import { OrganizationParamsSchema, organizationPath } from "~/utils/pathBuilder";
 import { PricingPlans } from "../resources.orgs.$organizationSlug.select-plan";
 
-export async function loader({ params, request }: LoaderFunctionArgs) {
-  await requireUserId(request);
-  const { organizationSlug } = OrganizationParamsSchema.parse(params);
+async function resolveOrgIdFromSlug(slug: string): Promise<string | null> {
+  const org = await $replica.organization.findFirst({ where: { slug }, select: { id: true } });
+  return org?.id ?? null;
+}
 
-  const { isManagedCloud } = featuresForRequest(request);
-  if (!isManagedCloud) {
-    return redirect(organizationPath({ slug: organizationSlug }));
-  }
+export const loader = dashboardLoader(
+  {
+    params: OrganizationParamsSchema,
+    context: async (params) => {
+      const organizationId = await resolveOrgIdFromSlug(params.organizationSlug);
+      return organizationId ? { organizationId } : {};
+    },
+    authorization: { action: "manage", resource: { type: "billing" } },
+  },
+  async ({ params, request }) => {
+    const { organizationSlug } = params;
 
-  const plans = await getPlans();
-  if (!plans) {
-    throw new Response(null, { status: 404, statusText: "Plans not found" });
-  }
+    const { isManagedCloud } = featuresForRequest(request);
+    if (!isManagedCloud) {
+      return redirect(organizationPath({ slug: organizationSlug }));
+    }
 
-  const organization = await prisma.organization.findUnique({
-    where: { slug: organizationSlug },
-  });
+    const plans = await getPlans();
+    if (!plans) {
+      throw new Response(null, { status: 404, statusText: "Plans not found" });
+    }
 
-  if (!organization) {
-    throw new Response(null, { status: 404, statusText: "Organization not found" });
-  }
+    const organization = await prisma.organization.findFirst({
+      where: { slug: organizationSlug },
+    });
 
-  if (organization.v3Enabled) {
-    return redirect(organizationPath({ slug: organizationSlug }));
-  }
+    if (!organization) {
+      throw new Response(null, { status: 404, statusText: "Organization not found" });
+    }
 
-  const currentPlan = await getCurrentPlan(organization.id);
+    if (organization.v3Enabled) {
+      return redirect(organizationPath({ slug: organizationSlug }));
+    }
 
-  const periodEnd = new Date();
-  periodEnd.setMonth(periodEnd.getMonth() + 1);
+    const currentPlan = await getCurrentPlan(organization.id);
 
-  return typedjson({ ...plans, ...currentPlan, organizationSlug, periodEnd });
-}
+    const periodEnd = new Date();
+    periodEnd.setMonth(periodEnd.getMonth() + 1);
+
+    return typedjson({ ...plans, ...currentPlan, organizationSlug, periodEnd });
+  }
+);
 
 export default function ChoosePlanPage() {
   const { plans, v3Subscription, organizationSlug, periodEnd, addOnPricing } =
diff --git a/apps/webapp/app/routes/resources.$organizationSlug.subscription.portal.ts b/apps/webapp/app/routes/resources.$organizationSlug.subscription.portal.ts
@@ -1,45 +1,58 @@
-import { type ActionFunctionArgs } from "@remix-run/server-runtime";
 import { redirect } from "remix-typedjson";
-import { prisma } from "~/db.server";
+import { $replica, prisma } from "~/db.server";
 import { redirectWithErrorMessage } from "~/models/message.server";
 import { customerPortalUrl } from "~/services/platform.v3.server";
-import { requireUserId } from "~/services/session.server";
+import { dashboardLoader } from "~/services/routeBuilders/dashboardBuilder";
 import { OrganizationParamsSchema, v3BillingPath } from "~/utils/pathBuilder";
 
-export async function loader({ request, params }: ActionFunctionArgs) {
-  const userId = await requireUserId(request);
-  const { organizationSlug } = OrganizationParamsSchema.parse(params);
+async function resolveOrgIdFromSlug(slug: string): Promise<string | null> {
+  const org = await $replica.organization.findFirst({ where: { slug }, select: { id: true } });
+  return org?.id ?? null;
+}
 
-  const org = await prisma.organization.findUnique({
-    select: {
-      id: true,
+export const loader = dashboardLoader(
+  {
+    params: OrganizationParamsSchema,
+    context: async (params) => {
+      const organizationId = await resolveOrgIdFromSlug(params.organizationSlug);
+      return organizationId ? { organizationId } : {};
     },
-    where: {
-      slug: organizationSlug,
-      members: {
-        some: {
-          userId,
+    authorization: { action: "manage", resource: { type: "billing" } },
+  },
+  async ({ request, params, user }) => {
+    const { organizationSlug } = params;
+
+    const org = await prisma.organization.findFirst({
+      select: {
+        id: true,
+      },
+      where: {
+        slug: organizationSlug,
+        members: {
+          some: {
+            userId: user.id,
+          },
         },
       },
-    },
-  });
+    });
 
-  if (!org) {
-    return redirectWithErrorMessage(
-      v3BillingPath({ slug: organizationSlug }),
-      request,
-      "Something went wrong. Please try again later."
-    );
-  }
+    if (!org) {
+      return redirectWithErrorMessage(
+        v3BillingPath({ slug: organizationSlug }),
+        request,
+        "Something went wrong. Please try again later."
+      );
+    }
 
-  const result = await customerPortalUrl(org.id, organizationSlug);
-  if (!result || !result.success || !result.customerPortalUrl) {
-    return redirectWithErrorMessage(
-      v3BillingPath({ slug: organizationSlug }),
-      request,
-      "Something went wrong. Please try again later."
-    );
-  }
+    const result = await customerPortalUrl(org.id, organizationSlug);
+    if (!result || !result.success || !result.customerPortalUrl) {
+      return redirectWithErrorMessage(
+        v3BillingPath({ slug: organizationSlug }),
+        request,
+        "Something went wrong. Please try again later."
+      );
+    }
 
-  return redirect(result.customerPortalUrl);
-}
+    return redirect(result.customerPortalUrl);
+  }
+);
diff --git a/apps/webapp/app/routes/resources.orgs.$organizationSlug.select-plan.tsx b/apps/webapp/app/routes/resources.orgs.$organizationSlug.select-plan.tsx
