From 15c703c01e55455c2b73474a20e61f1c040c52e6 Mon Sep 17 00:00:00 2001
From: Marie <51697796+ijreilly@users.noreply.github.com>
Date: Tue, 17 Jun 2025 09:16:22 +0200
Subject: [PATCH] [permissions] allow checkoutSession if workspace is
 pending_creation (#12638)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes https://github.com/twentyhq/core-team-issues/issues/992

Occasionaly, users can have a subscription created but still have their
workspace not activated and therefore not have a role yet, if they did
not go through the whole flow the first time. This causes a permission
check error while calling checkoutSession, while it shouldn't.

We detected the error through sentry. Since there has been no occurences
for the past three weeks in aggregateCompanies and getCurrentUser
transactions (while we have daily errors in checkoutSession), I assume
it has been fixed in the meantime. If not it will pop again on sentry
anyway !
<img width="798" alt="Capture d’écran 2025-06-16 à 18 38 43"
src="https://github.com/user-attachments/assets/2067c166-8b19-4c83-9270-6e49ee7ae0f5"
/>
---
 .../engine/core-modules/billing/billing.resolver.ts   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts b/packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts
index 4f352b75c..bb3635051 100644
--- a/packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts
@@ -4,6 +4,7 @@ import { UseFilters, UseGuards } from '@nestjs/common';
 import { Args, Mutation, Query, Resolver } from '@nestjs/graphql';
 
 import { isDefined } from 'twenty-shared/utils';
+import { WorkspaceActivationStatus } from 'twenty-shared/workspace';
 
 import { BillingCheckoutSessionInput } from 'src/engine/core-modules/billing/dtos/inputs/billing-checkout-session.input';
 import { BillingSessionInput } from 'src/engine/core-modules/billing/dtos/inputs/billing-session.input';
@@ -86,6 +87,7 @@ export class BillingResolver {
       workspaceId: workspace.id,
       userWorkspaceId,
       isExecutedByApiKey: isDefined(apiKey),
+      workspaceActivationStatus: workspace.activationStatus,
     });
 
     const checkoutSessionParams: BillingPortalCheckoutSessionParameters = {
@@ -169,15 +171,20 @@ export class BillingResolver {
     workspaceId,
     userWorkspaceId,
     isExecutedByApiKey,
+    workspaceActivationStatus,
   }: {
     workspaceId: string;
     userWorkspaceId: string;
     isExecutedByApiKey: boolean;
+    workspaceActivationStatus: WorkspaceActivationStatus;
   }) {
     if (
-      await this.billingService.isSubscriptionIncompleteOnboardingStatus(
+      (await this.billingService.isSubscriptionIncompleteOnboardingStatus(
         workspaceId,
-      )
+      )) ||
+      workspaceActivationStatus ===
+        WorkspaceActivationStatus.PENDING_CREATION ||
+      workspaceActivationStatus === WorkspaceActivationStatus.ONGOING_CREATION
     ) {
       return;
     }
