@nexttylabs/echo 0.5.0 → 0.6.0

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @nexttylabs/echo
 
+## 0.6.0
+
+### Minor Changes
+
+- cc04d9f: Use the organization member role uniformly.
+- 5cfdeb7: feat: support editing user profile
+
+### Patch Changes
+
+- 7dba561: remove legacy changeset files
+- 1e798f1: remove unuse tables and published files
+- e3c4e1c: fix workflow errors
+- daf9abb: first release
+
 ## 0.5.0
 
 ### Minor Changes

package/app/(dashboard)/admin/feedback/[id]/edit/page.tsx

@@ -22,7 +22,7 @@ import { auth } from "@/lib/auth/config";
 import { db } from "@/lib/db";
 import { feedback } from "@/lib/db/schema";
 import { FeedbackEditForm } from "@/components/feedback/feedback-edit-form";
-import { canEditFeedback, type UserRole } from "@/lib/auth/permissions";
+import { canEditFeedback } from "@/lib/auth/permissions";
 import { getOrgContext } from "@/lib/auth/org-context";
 import { getRequestUrl } from "@/lib/http/get-request-url";
 
@@ -39,11 +39,6 @@ export default async function FeedbackEditPage({ params }: PageProps) {
     redirect("/login");
   }
 
-  const userRole = (session.user as { role?: string }).role as UserRole | undefined;
-  if (!userRole || !canEditFeedback(userRole)) {
-    redirect("/admin/feedback");
-  }
-
   const { id } = await params;
   const feedbackId = parseInt(id);
 
@@ -55,6 +50,7 @@ export default async function FeedbackEditPage({ params }: PageProps) {
     throw new Error("Database not configured");
   }
 
+  // Get organization context first
   let organizationId: string | null = null;
   try {
     const url = getRequestUrl(
@@ -72,6 +68,16 @@ export default async function FeedbackEditPage({ params }: PageProps) {
     notFound();
   }
 
+  // Get user role from organization membership
+  const { getUserRoleInOrganization } = await import("@/lib/auth/organization");
+  const userRole = organizationId 
+    ? await getUserRoleInOrganization(db, session.user.id, organizationId)
+    : null;
+    
+  if (!userRole || !canEditFeedback(userRole)) {
+    redirect("/admin/feedback");
+  }
+
   const [row] = await db
     .select({
       title: feedback.title,

package/app/(dashboard)/admin/feedback/new/page.tsx

@@ -30,17 +30,21 @@ export default async function NewFeedbackPage() {
     redirect("/login");
   }
 
-  const userRole = ((session.user as { role?: string }).role ?? "customer") as UserRole;
-  const hasSubmitOnBehalfPermission = canSubmitOnBehalf(userRole);
+  if (!db) {
+    throw new Error("Database not configured");
+  }
 
-  if (!hasSubmitOnBehalfPermission) {
+  // Get user's organization first (which includes their role)
+  const organization = await getUserOrganization(db, session.user.id);
+
+  if (!organization) {
     return (
       <div className="min-h-screen bg-gradient-to-br from-slate-50 via-white to-slate-100 px-4 py-12">
         <div className="mx-auto flex w-full max-w-2xl flex-col gap-6">
-          <div className="rounded-lg border border-red-200 bg-red-50 p-6">
-            <h1 className="text-xl font-semibold text-red-800">权限不足</h1>
-            <p className="mt-2 text-sm text-red-600">
-              您没有代客户提交反馈的权限。请联系管理员获取相应权限。
+          <div className="rounded-lg border border-amber-200 bg-amber-50 p-6">
+            <h1 className="text-xl font-semibold text-amber-800">未找到组织</h1>
+            <p className="mt-2 text-sm text-amber-700">
+              请先加入组织后再代客户提交反馈。
             </p>
           </div>
         </div>
@@ -48,20 +52,18 @@ export default async function NewFeedbackPage() {
     );
   }
 
-  if (!db) {
-    throw new Error("Database not configured");
-  }
-
-  const organization = await getUserOrganization(db, session.user.id);
+  // Get user role from organization membership
+  const userRole = (organization.role as UserRole) || "customer";
+  const hasSubmitOnBehalfPermission = canSubmitOnBehalf(userRole);
 
-  if (!organization) {
+  if (!hasSubmitOnBehalfPermission) {
     return (
       <div className="min-h-screen bg-gradient-to-br from-slate-50 via-white to-slate-100 px-4 py-12">
         <div className="mx-auto flex w-full max-w-2xl flex-col gap-6">
-          <div className="rounded-lg border border-amber-200 bg-amber-50 p-6">
-            <h1 className="text-xl font-semibold text-amber-800">未找到组织</h1>
-            <p className="mt-2 text-sm text-amber-700">
-              请先加入组织后再代客户提交反馈。
+          <div className="rounded-lg border border-red-200 bg-red-50 p-6">
+            <h1 className="text-xl font-semibold text-red-800">权限不足</h1>
+            <p className="mt-2 text-sm text-red-600">
+              您没有代客户提交反馈的权限。请联系管理员获取相应权限。
             </p>
           </div>
         </div>

package/app/(dashboard)/admin/layout.tsx

@@ -15,10 +15,11 @@
  * along with this program. If not, see <https://www.gnu.org/licenses/>.
  */
 
-import { headers } from "next/headers";
+import { cookies, headers } from "next/headers";
 import { redirect } from "next/navigation";
 import { auth } from "@/lib/auth/config";
-import type { UserRole } from "@/lib/auth/permissions";
+import { db } from "@/lib/db";
+import { getUserRoleInOrganization } from "@/lib/auth/organization";
 
 export default async function AdminLayout({
   children,
@@ -36,13 +37,22 @@ export default async function AdminLayout({
     redirect("/login");
   }
 
-  const role = (session.user as { role?: string }).role as
-    | UserRole
-    | undefined;
+  // Get current organization ID from cookie
+  const cookieStore = await cookies();
+  const currentOrgId = cookieStore.get("orgId")?.value;
 
-  if (role !== "admin") {
+  if (!db || !currentOrgId) {
+    redirect("/no-access");
+  }
+
+  // Get user's role in the current organization
+  const role = await getUserRoleInOrganization(db, session.user.id, currentOrgId);
+
+  // Only admin or owner can access admin pages
+  if (role !== "admin" && role !== "owner" && role !== "product_manager") {
     redirect("/no-access");
   }
 
   return <>{children}</>;
 }
+

package/app/(dashboard)/layout.tsx

@@ -39,8 +39,6 @@ export default async function DashboardRootLayout({
     redirect("/login");
   }
 
-  const userRole = (session.user as { role?: string }).role as UserRole || "customer";
-
   // Fetch organizations
   let organizations: Array<{ id: string; name: string; slug: string; role: string }> = [];
   let currentOrgId: string | null = null;
@@ -52,6 +50,10 @@ export default async function DashboardRootLayout({
     currentOrgId = cookieOrgId || organizations[0]?.id || null;
   }
 
+  // Get user role from current organization membership
+  const currentOrg = organizations.find((org) => org.id === currentOrgId);
+  const userRole = (currentOrg?.role as UserRole) || "customer";
+
   return (
     <DashboardLayout
       user={{

package/app/(dashboard)/settings/api-keys/page.tsx

@@ -15,11 +15,13 @@
  * along with this program. If not, see <https://www.gnu.org/licenses/>.
  */
 
-import { headers } from "next/headers";
+import { cookies, headers } from "next/headers";
 import { redirect } from "next/navigation";
 import { getTranslations } from "next-intl/server";
 import { auth } from "@/lib/auth/config";
+import { db } from "@/lib/db";
 import { ApiKeysList } from "@/components/settings/api-keys-list";
+import { getUserRoleInOrganization } from "@/lib/auth/organization";
 import type { UserRole } from "@/lib/auth/permissions";
 
 export async function generateMetadata() {
@@ -37,9 +39,17 @@ export default async function ApiKeysSettingsPage() {
     redirect("/login");
   }
 
-  const userRole = (session.user as { role?: string }).role as UserRole || "customer";
+  // Get user role from current organization
+  const cookieStore = await cookies();
+  const currentOrgId = cookieStore.get("orgId")?.value;
 
-  if (userRole !== "admin" && userRole !== "product_manager") {
+  let userRole: UserRole = "customer";
+  if (db && currentOrgId) {
+    const role = await getUserRoleInOrganization(db, session.user.id, currentOrgId);
+    userRole = role || "customer";
+  }
+
+  if (userRole !== "owner" && userRole !== "admin" && userRole !== "product_manager") {
     redirect("/settings/profile");
   }
 

package/app/(dashboard)/settings/layout.tsx

@@ -15,10 +15,12 @@
  * along with this program. If not, see <https://www.gnu.org/licenses/>.
  */
 
-import { headers } from "next/headers";
+import { cookies, headers } from "next/headers";
 import { redirect } from "next/navigation";
 import { auth } from "@/lib/auth/config";
+import { db } from "@/lib/db";
 import { SettingsSidebar } from "@/components/settings";
+import { getUserOrganizations } from "@/lib/auth/organization";
 import type { UserRole } from "@/lib/auth/permissions";
 
 export default async function SettingsLayout({
@@ -32,7 +34,27 @@ export default async function SettingsLayout({
     redirect("/login");
   }
 
-  const userRole = (session.user as { role?: string }).role as UserRole || "customer";
+  // Get user role from current organization (same logic as dashboard layout)
+  let userRole: UserRole = "customer";
+  
+  if (db) {
+    const organizations = await getUserOrganizations(db, session.user.id);
+    const cookieStore = await cookies();
+    const cookieOrgId = cookieStore.get("orgId")?.value ?? null;
+    
+    // Check if the cookie org exists in user's organizations
+    // If not, fall back to the first available organization
+    let currentOrg = cookieOrgId 
+      ? organizations.find((org) => org.id === cookieOrgId) 
+      : null;
+    
+    // Fallback to first org if cookie org is not found (stale cookie)
+    if (!currentOrg && organizations.length > 0) {
+      currentOrg = organizations[0];
+    }
+    
+    userRole = (currentOrg?.role as UserRole) || "customer";
+  }
 
   return (
     <div className="flex min-h-[calc(100vh-3.5rem)]">
@@ -41,3 +63,4 @@ export default async function SettingsLayout({
     </div>
   );
 }
+

package/app/(dashboard)/settings/organization/page.tsx

@@ -38,30 +38,29 @@ export default async function OrganizationSettingsPage() {
     redirect("/login");
   }
 
-  const userRole = (session.user as { role?: string }).role as UserRole || "customer";
-
-  if (userRole !== "admin") {
-    redirect("/settings/profile");
-  }
-
   if (!db) {
       throw new Error("Database connection not available");
   }
 
-  // Get all user organizations
+  // Get all user organizations and find current one
   const organizations = await getUserOrganizations(db, session.user.id);
   
   if (organizations.length === 0) {
     redirect("/settings/organizations/new");
   }
 
-  // Get current organization from cookie (same logic as dashboard layout)
+  // Get current organization from cookie
   const cookieStore = await cookies();
   const cookieOrgId = cookieStore.get("orgId")?.value ?? null;
   const currentOrgId = cookieOrgId || organizations[0]?.id || null;
   
-  // Find the current organization
+  // Find the current organization and get role from it
   const organization = organizations.find(org => org.id === currentOrgId) || organizations[0];
+  const userRole = (organization?.role as UserRole) || "customer";
+
+  if (userRole !== "owner" && userRole !== "admin") {
+    redirect("/settings/profile");
+  }
 
   if (!organization) {
     redirect("/settings/organizations/new");

package/app/api/feedback/[id]/comments/[commentId]/route.ts

@@ -60,9 +60,17 @@ export async function DELETE(req: NextRequest, { params }: RouteParams) {
     }
 
     const userId = session.user.id;
-    const userRole = (session.user as { role?: string }).role as
-      | UserRole
-      | undefined;
+    
+    // Get user role from organization membership
+    const { cookies } = await import("next/headers");
+    const cookieStore = await cookies();
+    const currentOrgId = cookieStore.get("orgId")?.value;
+    
+    let userRole: UserRole | null = null;
+    if (currentOrgId) {
+      const { getUserRoleInOrganization } = await import("@/lib/auth/organization");
+      userRole = await getUserRoleInOrganization(db, userId, currentOrgId);
+    }
 
     const [existingComment] = await db
       .select({
@@ -80,8 +88,9 @@ export async function DELETE(req: NextRequest, { params }: RouteParams) {
       );
     }
 
+    // Users can delete their own comments, or admins/owners can delete any
     const canDelete =
-      existingComment.userId === userId || userRole === "admin";
+      existingComment.userId === userId || userRole === "admin" || userRole === "owner";
 
     if (!canDelete) {
       return NextResponse.json(

package/app/api/feedback/[id]/reclassify/route.ts

@@ -21,7 +21,7 @@ import { eq, and } from "drizzle-orm";
 import { db } from "@/lib/db";
 import { feedback } from "@/lib/db/schema";
 import { auth } from "@/lib/auth/config";
-import { canUpdateFeedbackStatus, type UserRole } from "@/lib/auth/permissions";
+import { canUpdateFeedbackStatus } from "@/lib/auth/permissions";
 import { classifyFeedback } from "@/lib/services/ai/classifier";
 import { apiError } from "@/lib/api/errors";
 import { getOrgContext } from "@/lib/auth/org-context";
@@ -81,9 +81,9 @@ export async function POST(
       );
     }
 
-    const userRole = (session.user as { role?: string }).role as
-      | UserRole
-      | undefined;
+    // Get user role from organization membership (via context)
+    const { getUserRoleInOrganization } = await import("@/lib/auth/organization");
+    const userRole = await getUserRoleInOrganization(db, session.user.id, context.organizationId);
 
     if (!userRole || !canUpdateFeedbackStatus(userRole)) {
       return NextResponse.json(

package/app/api/organizations/handler.ts

@@ -43,9 +43,7 @@ export function buildCreateOrganizationHandler(deps: CreateOrganizationDeps) {
     if (!session) {
       return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
     }
-    if (session.user.role !== "admin") {
-      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-    }
+    // Any authenticated user can create organizations - they become the owner
 
     let body: unknown;
     try {
@@ -87,7 +85,7 @@ export function buildCreateOrganizationHandler(deps: CreateOrganizationDeps) {
       await tx.insert(organizationMembers).values({
         organizationId,
         userId: session.user.id,
-        role: "admin",
+        role: "owner",
       });
       return [created];
     });

package/components/settings/settings-sidebar.tsx

@@ -32,15 +32,15 @@ interface SettingsSidebarProps {
 export function SettingsSidebar({ userRole }: SettingsSidebarProps) {
   const pathname = usePathname();
   const t = useTranslations("settings");
-  const isAdmin = userRole === "admin";
-  const isAdminOrPM = isAdmin || userRole === "product_manager";
+  const isOwnerOrAdmin = userRole === "owner" || userRole === "admin";
+  const isAdminOrPM = isOwnerOrAdmin || userRole === "product_manager";
 
   const groupedItems = [
     {
       title: t("groups.general"),
       items: [
         { href: "/settings/profile", label: t("items.profile"), icon: User },
-        { href: "/settings/organization", label: t("items.organization"), icon: Users, show: isAdmin },
+        { href: "/settings/organization", label: t("items.organization"), icon: Users, show: isOwnerOrAdmin },
       ],
     },
     {
@@ -71,7 +71,7 @@ export function SettingsSidebar({ userRole }: SettingsSidebarProps) {
         { href: "/settings/widgets", label: t("items.widgetsEmbeds"), icon: LayoutGrid, show: isAdminOrPM },
         { href: "/settings/integrations", label: t("items.integrations"), icon: Plug, show: isAdminOrPM },
 
-        { href: "/settings/danger-zone", label: t("items.dangerZone"), icon: AlertTriangle, show: isAdmin },
+        { href: "/settings/danger-zone", label: t("items.dangerZone"), icon: AlertTriangle, show: isOwnerOrAdmin },
       ],
     },
   ];

package/hooks/use-organization.tsx

@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+"use client";
+
+import {
+  createContext,
+  useContext,
+  useState,
+  useCallback,
+  type ReactNode,
+} from "react";
+import type { UserRole } from "@/lib/auth/permissions";
+
+export interface Organization {
+  id: string;
+  name: string;
+  slug: string;
+  role: UserRole;
+}
+
+interface OrganizationContextValue {
+  currentOrganization: Organization | null;
+  organizations: Organization[];
+  setOrganizations: (orgs: Organization[], currentId?: string | null) => void;
+  setCurrentOrganization: (orgId: string) => void;
+}
+
+const OrganizationContext = createContext<OrganizationContextValue | null>(
+  null
+);
+
+interface OrganizationProviderProps {
+  children: ReactNode;
+  initialOrganizations?: Organization[];
+  initialCurrentOrgId?: string | null;
+}
+
+export function OrganizationProvider({
+  children,
+  initialOrganizations = [],
+  initialCurrentOrgId,
+}: OrganizationProviderProps) {
+  const [organizations, setOrganizationsState] =
+    useState<Organization[]>(initialOrganizations);
+  const [currentOrganization, setCurrentOrganizationState] =
+    useState<Organization | null>(() => {
+      if (initialCurrentOrgId) {
+        return (
+          initialOrganizations.find((o) => o.id === initialCurrentOrgId) || null
+        );
+      }
+      return initialOrganizations[0] || null;
+    });
+
+  const setOrganizations = useCallback(
+    (orgs: Organization[], currentId?: string | null) => {
+      setOrganizationsState(orgs);
+      const current = currentId ? orgs.find((o) => o.id === currentId) : orgs[0];
+      setCurrentOrganizationState(current || null);
+    },
+    []
+  );
+
+  const setCurrentOrganization = useCallback(
+    (orgId: string) => {
+      const org = organizations.find((o) => o.id === orgId);
+      if (org) {
+        setCurrentOrganizationState(org);
+      }
+    },
+    [organizations]
+  );
+
+  return (
+    <OrganizationContext.Provider
+      value={{
+        currentOrganization,
+        organizations,
+        setOrganizations,
+        setCurrentOrganization,
+      }}
+    >
+      {children}
+    </OrganizationContext.Provider>
+  );
+}
+
+export function useOrganization(): OrganizationContextValue {
+  const context = useContext(OrganizationContext);
+  if (!context) {
+    throw new Error(
+      "useOrganization must be used within an OrganizationProvider"
+    );
+  }
+  return context;
+}
+
+export function useCurrentRole(): UserRole | null {
+  const { currentOrganization } = useOrganization();
+  return currentOrganization?.role || null;
+}

package/hooks/use-permissions.ts

@@ -18,34 +18,46 @@
  * along with this program. If not, see <https://www.gnu.org/licenses/>.
  */
 
-import { authClient } from "@/lib/auth/client";
 import {
   hasAllPermissions,
   hasPermission,
   type Permission,
   type UserRole,
 } from "@/lib/auth/permissions";
+import { useCurrentRole } from "@/hooks/use-organization";
 
-type Session = (typeof authClient)["$Infer"]["Session"];
-
+/**
+ * Check if the current user has a specific permission.
+ * Uses the user's role in the current organization from OrganizationProvider context.
+ * 
+ * @param permission - The permission to check
+ * @param roleOverride - Optional role to use instead of the context role
+ * @returns true if the user has the permission
+ */
 export function useCan(
   permission: Permission,
-  sessionOverride?: Session | null,
+  roleOverride?: UserRole | null,
 ): boolean {
-  const session =
-    sessionOverride === undefined ? authClient.useSession().data : sessionOverride;
-  const role = (session?.user as { role?: UserRole })?.role;
+  const contextRole = useCurrentRole();
+  const role = roleOverride ?? contextRole;
 
   return role ? hasPermission(role, permission) : false;
 }
 
+/**
+ * Check if the current user has all of the specified permissions.
+ * Uses the user's role in the current organization from OrganizationProvider context.
+ * 
+ * @param permissions - Single permission or array of permissions to check
+ * @param roleOverride - Optional role to use instead of the context role
+ * @returns true if the user has all permissions
+ */
 export function useHasPermission(
   permissions: Permission | Permission[],
-  sessionOverride?: Session | null,
+  roleOverride?: UserRole | null,
 ): boolean {
-  const session =
-    sessionOverride === undefined ? authClient.useSession().data : sessionOverride;
-  const role = (session?.user as { role?: UserRole })?.role;
+  const contextRole = useCurrentRole();
+  const role = roleOverride ?? contextRole;
 
   if (!role) {
     return false;
@@ -54,3 +66,4 @@ export function useHasPermission(
   const list = Array.isArray(permissions) ? permissions : [permissions];
   return hasAllPermissions(role, list);
 }
+

package/lib/auth/organization.ts

@@ -19,6 +19,7 @@ import { and, eq } from "drizzle-orm";
 import { db } from "@/lib/db";
 import type { db as database } from "@/lib/db";
 import { organizationMembers, organizations } from "@/lib/db/schema";
+import type { UserRole } from "@/lib/auth/permissions";
 
 type Database = NonNullable<typeof database>;
 
@@ -105,3 +106,22 @@ export async function getCurrentOrganizationId(userId: string): Promise<string |
   const org = await getUserOrganization(db, userId);
   return org?.id || null;
 }
+
+export async function getUserRoleInOrganization(
+  db: Database,
+  userId: string,
+  organizationId: string
+): Promise<UserRole | null> {
+  const [member] = await db
+    .select({ role: organizationMembers.role })
+    .from(organizationMembers)
+    .where(
+      and(
+        eq(organizationMembers.userId, userId),
+        eq(organizationMembers.organizationId, organizationId)
+      )
+    )
+    .limit(1);
+
+  return (member?.role as UserRole) || null;
+}

package/lib/auth/permissions.ts

@@ -16,6 +16,7 @@
  */
 
 export type UserRole =
+  | "owner"
   | "admin"
   | "product_manager"
   | "developer"
@@ -35,6 +36,15 @@ export const PERMISSIONS = {
 export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS];
 
 export const ROLE_PERMISSIONS: Record<UserRole, Permission[]> = {
+  owner: [
+    PERMISSIONS.CREATE_FEEDBACK,
+    PERMISSIONS.SUBMIT_ON_BEHALF,
+    PERMISSIONS.DELETE_FEEDBACK,
+    PERMISSIONS.MANAGE_ORG,
+    PERMISSIONS.UPDATE_FEEDBACK_STATUS,
+    PERMISSIONS.BACKUP_CREATE,
+    PERMISSIONS.BACKUP_VIEW,
+  ],
   admin: [
     PERMISSIONS.CREATE_FEEDBACK,
     PERMISSIONS.SUBMIT_ON_BEHALF,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nexttylabs/echo",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "license": "AGPL-3.0",
   "private": false,
   "publishConfig": {