tenseleyflow/shithub / 2c82cd2

+The package entrypoint is `entitlements.ForOrg(ctx, deps, orgID)`,

+which loads the local `org_billing_states` projection and returns a

+request-scoped entitlement set. Callers then use `CanUse(feature)` for

+feature decisions and `Limit(name)` for paid limit metadata. The legacy

+`CheckOrgFeature` helper is a thin wrapper for handlers that need only

+one feature. These calls are deterministic and never call Stripe.

+

+Entitlement outcomes are:

+

+- Free organizations receive `upgrade_required` for Team features.

+- Team organizations with `active` or `trialing` subscriptions receive

+  the feature.

+- Team organizations in `past_due` remain usable only while their local

+  grace window has not expired.

+- Team organizations with incomplete, unpaid, paused, canceled, or

+  expired-grace billing receive `billing_action_needed`.

+- Enterprise remains a contact-sales stub and receives

+  `enterprise_contact_sales` until a later Enterprise sprint defines a

+  real feature set.

+

+Handler upgrade helpers map paid-feature denials to HTTP 402 metadata

+and a billing-settings path, but handlers must still perform normal

+authorization first and preserve 404 masking for private resources.

+

+For paid-feature UI, handlers should use the entitlement decision's

+upgrade metadata instead of inventing per-surface billing state. A

+missing Team feature maps to HTTP 402 semantics and a billing-settings

+path after the normal authorization result has already been accepted.

+Enterprise is not implicitly Team-plus; it is a contact-sales

+entitlement result until the Enterprise product contract ships.

+

+	"net/http"

+	"net/url"

+type Limit string

+

+const (

+	LimitOrgPrivateCollaboration Limit = "org.private_collaboration_limit"

+	LimitOrgStorageQuota         Limit = "org.storage_quota"

+	LimitOrgActionsMinutesQuota  Limit = "org.actions_minutes_quota"

+)

+

+	ReasonNone                   Reason = ""

+	ReasonUpgradeRequired        Reason = "upgrade_required"

+	ReasonBillingActionNeeded    Reason = "billing_action_needed"

+	ReasonEnterpriseContactSales Reason = "enterprise_contact_sales"

+	ReasonUnknownFeature         Reason = "unknown_feature"

+type LimitValue struct {

+	Name         Limit

+	Feature      Feature

+	Allowed      bool

+	Defined      bool

+	Unlimited    bool

+	Value        int64

+	Unit         string

+	RequiredPlan billing.Plan

+	Reason       Reason

+}

+

+type UpgradeBanner struct {

+	Message    string

+	ActionText string

+	ActionHref string

+	StatusCode int

+}

+

+type Loader struct {

+	deps Deps

+}

+

+type Set struct {

+	OrgID int64

+	State billing.State

+	now   time.Time

+}

+

+	ErrUnknownLimit   = errors.New("entitlements: unknown limit")

+func New(deps Deps) Loader {

+	return Loader{deps: deps}

+}

+

+func ForOrg(ctx context.Context, deps Deps, orgID int64) (Set, error) {

+	return New(deps).ForOrg(ctx, orgID)

+}

+

+func (l Loader) ForOrg(ctx context.Context, orgID int64) (Set, error) {

+	if l.deps.Pool == nil {

+		return Set{}, ErrPoolRequired

+		return Set{}, ErrOrgIDRequired

+	}

+	state, err := billing.GetOrgBillingState(ctx, billing.Deps{Pool: l.deps.Pool}, orgID)

+	if err != nil {

+		return Set{}, err

+	}

+	now := time.Now().UTC()

+	if l.deps.Now != nil {

+		now = l.deps.Now().UTC()

+	return Set{OrgID: orgID, State: state, now: now}, nil

+}

+

+func CheckOrgFeature(ctx context.Context, deps Deps, orgID int64, feature Feature) (Decision, error) {

+	if !KnownFeature(feature) {

+	set, err := ForOrg(ctx, deps, orgID)

+	return set.CanUse(feature), nil

+}

+

+func (s Set) CanUse(feature Feature) Decision {

+	return decideFeature(s.now, s.State, feature)

+}

+

+func (s Set) Limit(name Limit) (LimitValue, error) {

+	feature, unit, ok := limitFeature(name)

+	if !ok {

+		return LimitValue{

+			Name:   name,

+			Reason: ReasonUnknownFeature,

+		}, ErrUnknownLimit

+	}

+	decision := s.CanUse(feature)

+	value := LimitValue{

+		Name:         name,

+		Feature:      feature,

+		Allowed:      decision.Allowed,

+		Unit:         unit,

+		RequiredPlan: decision.RequiredPlan,

+		Reason:       decision.Reason,

+	}

+	if !decision.Allowed {

+		return value, nil

+	}

+	switch name {

+	case LimitOrgPrivateCollaboration:

+		value.Defined = true

+		value.Unlimited = true

+	case LimitOrgStorageQuota, LimitOrgActionsMinutesQuota:

+		// SP08 owns usage accounting and concrete quota numbers. Until

+		// then, expose entitlement state without pretending metering is enforced.

+		value.Defined = false

+	}

+	return value, nil

+}

+

+func KnownFeature(feature Feature) bool {

+	return requiredPlanForFeature(feature) != ""

+}

+

+func KnownLimit(name Limit) bool {

+	_, _, ok := limitFeature(name)

+	return ok

+}

+

+func (d Decision) HTTPStatus() int {

+	if d.Allowed {

+		return http.StatusOK

+	}

+	return http.StatusPaymentRequired

+}

+

+func (d Decision) BillingPath(orgSlug string) string {

+	return "/organizations/" + url.PathEscape(orgSlug) + "/settings/billing"

+}

+

+func (d Decision) UpgradeBanner(label, orgSlug string) UpgradeBanner {

+	banner := UpgradeBanner{

+		ActionText: "Manage billing and plans",

+		ActionHref: d.BillingPath(orgSlug),

+		StatusCode: d.HTTPStatus(),

+	}

+	switch d.Reason {

+	case ReasonBillingActionNeeded:

+		banner.Message = label + " are read-only until Team billing is brought back into good standing."

+	case ReasonEnterpriseContactSales:

+		banner.Message = label + " require a supported enterprise plan. Contact sales to continue."

+	default:

+		banner.Message = label + " require Team billing. Upgrade this organization to continue."

+	return banner

+func limitFeature(name Limit) (Feature, string, bool) {

+	switch name {

+	case LimitOrgPrivateCollaboration:

+		return FeatureOrgPrivateCollaboration, "collaborators", true

+	case LimitOrgStorageQuota:

+		return FeatureOrgStorageQuota, "bytes", true

+	case LimitOrgActionsMinutesQuota:

+		return FeatureOrgActionsMinutesQuota, "minutes", true

+	default:

+		return "", "", false

+	}

+}

+

+	if decision.RequiredPlan == "" {

+		decision.Reason = ReasonUnknownFeature

+		return decision

+	}

+		decision.Reason = ReasonEnterpriseContactSales

+			billing.SubscriptionStatusTrialing:

+			if state.GraceUntil.Valid && !now.After(state.GraceUntil.Time) {

+	"errors"

+	"net/http"

+	"strings"

+				return setSubscription(ctx, deps, orgID, now, billing.PlanTeam, billing.SubscriptionStatusActive, "active")

+			},

+			want:   true,

+			reason: entitlements.ReasonNone,

+		},

+		{

+			name: "team trialing allows feature",

+			mutate: func(ctx context.Context, deps billing.Deps, orgID int64, now time.Time) error {

+				return setSubscription(ctx, deps, orgID, now, billing.PlanTeam, billing.SubscriptionStatusTrialing, "trialing")

+		{

+			name: "team incomplete needs billing action",

+			mutate: func(ctx context.Context, deps billing.Deps, orgID int64, now time.Time) error {

+				return setSubscription(ctx, deps, orgID, now, billing.PlanTeam, billing.SubscriptionStatusIncomplete, "incomplete")

+			},

+			want:   false,

+			reason: entitlements.ReasonBillingActionNeeded,

+		},

+				if err := setSubscription(ctx, deps, orgID, now, billing.PlanTeam, billing.SubscriptionStatusActive, "grace"); err != nil {

+				if err := setSubscription(ctx, deps, orgID, now, billing.PlanTeam, billing.SubscriptionStatusActive, "lapsed"); err != nil {

+		{

+			name: "team locked without grace needs billing action",

+			mutate: func(ctx context.Context, deps billing.Deps, orgID int64, now time.Time) error {

+				return setSubscription(ctx, deps, orgID, now, billing.PlanTeam, billing.SubscriptionStatusPastDue, "locked")

+			},

+			want:   false,

+			reason: entitlements.ReasonBillingActionNeeded,

+		},

+		{

+			name: "enterprise stub does not unlock team features",

+			mutate: func(ctx context.Context, deps billing.Deps, orgID int64, now time.Time) error {

+				return setSubscription(ctx, deps, orgID, now, billing.PlanEnterprise, billing.SubscriptionStatusActive, "enterprise")

+			},

+			want:   false,

+			reason: entitlements.ReasonEnterpriseContactSales,

+		},

+func TestForOrgCanUseAndLimit(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool, orgID := setupEntitlementOrg(t)

+	now := time.Now().UTC().Truncate(time.Second)

+	if err := setSubscription(ctx, billing.Deps{Pool: pool}, orgID, now, billing.PlanTeam, billing.SubscriptionStatusActive, "limits"); err != nil {

+		t.Fatalf("set subscription: %v", err)

+	}

+

+	set, err := entitlements.ForOrg(ctx, entitlements.Deps{

+		Pool: pool,

+		Now:  func() time.Time { return now },

+	}, orgID)

+	if err != nil {

+		t.Fatalf("ForOrg: %v", err)

+	}

+	for _, feature := range []entitlements.Feature{

+		entitlements.FeatureOrgSecretTeams,

+		entitlements.FeatureOrgAdvancedBranchProtection,

+		entitlements.FeatureOrgRequiredReviewers,

+		entitlements.FeatureOrgActionsSecrets,

+		entitlements.FeatureOrgActionsVariables,

+		entitlements.FeatureOrgPrivateCollaboration,

+		entitlements.FeatureOrgStorageQuota,

+		entitlements.FeatureOrgActionsMinutesQuota,

+	} {

+		if decision := set.CanUse(feature); !decision.Allowed {

+			t.Fatalf("feature %s decision=%+v, want allowed", feature, decision)

+		}

+	}

+	collab, err := set.Limit(entitlements.LimitOrgPrivateCollaboration)

+	if err != nil {

+		t.Fatalf("Limit private collaboration: %v", err)

+	}

+	if !collab.Allowed || !collab.Defined || !collab.Unlimited || collab.Unit != "collaborators" {

+		t.Fatalf("private collaboration limit = %+v", collab)

+	}

+	storage, err := set.Limit(entitlements.LimitOrgStorageQuota)

+	if err != nil {

+		t.Fatalf("Limit storage: %v", err)

+	}

+	if !storage.Allowed || storage.Defined || storage.Unit != "bytes" {

+		t.Fatalf("storage limit = %+v, want allowed but deferred concrete quota", storage)

+	}

+}

+

+func TestUnknownFeatureAndLimit(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool, orgID := setupEntitlementOrg(t)

+	_, err := entitlements.CheckOrgFeature(ctx, entitlements.Deps{Pool: pool}, orgID, entitlements.Feature("org.mystery"))

+	if !errors.Is(err, entitlements.ErrUnknownFeature) {

+		t.Fatalf("CheckOrgFeature unknown err=%v, want ErrUnknownFeature", err)

+	}

+	set, err := entitlements.ForOrg(ctx, entitlements.Deps{Pool: pool}, orgID)

+	if err != nil {

+		t.Fatalf("ForOrg: %v", err)

+	}

+	_, err = set.Limit(entitlements.Limit("org.mystery_limit"))

+	if !errors.Is(err, entitlements.ErrUnknownLimit) {

+		t.Fatalf("Limit unknown err=%v, want ErrUnknownLimit", err)

+	}

+}

+

+func TestDecisionUpgradeBanner(t *testing.T) {

+	t.Parallel()

+	decision := entitlements.Decision{

+		Feature:      entitlements.FeatureOrgSecretTeams,

+		RequiredPlan: billing.PlanTeam,

+		Reason:       entitlements.ReasonUpgradeRequired,

+	}

+	banner := decision.UpgradeBanner("Secret teams", "acme inc")

+	if banner.StatusCode != http.StatusPaymentRequired {

+		t.Fatalf("status=%d, want 402", banner.StatusCode)

+	}

+	if banner.ActionHref != "/organizations/acme%20inc/settings/billing" {

+		t.Fatalf("href=%q", banner.ActionHref)

+	}

+	if !strings.Contains(banner.Message, "require Team billing") {

+		t.Fatalf("message=%q", banner.Message)

+	}

+}

+

+func setSubscription(ctx context.Context, deps billing.Deps, orgID int64, now time.Time, plan billing.Plan, status billing.SubscriptionStatus, suffix string) error {

+	_, err := billing.ApplySubscriptionSnapshot(ctx, deps, billing.SubscriptionSnapshot{

+		OrgID:                    orgID,

+		Plan:                     plan,

+		Status:                   status,

+		StripeSubscriptionID:     "sub_" + suffix,

+		StripeSubscriptionItemID: "si_" + suffix,

+		CurrentPeriodStart:       now,

+		CurrentPeriodEnd:         now.Add(30 * 24 * time.Hour),

+		LastWebhookEventID:       "evt_" + suffix,

+	})

+	return err

+}

+