Skip to content

feat(billing): bypass plan limits for platform admins#4463

Closed
TheodoreSpeaks wants to merge 3 commits into
stagingfrom
feat/admin-unlimited-workspaces
Closed

feat(billing): bypass plan limits for platform admins#4463
TheodoreSpeaks wants to merge 3 commits into
stagingfrom
feat/admin-unlimited-workspaces

Conversation

@TheodoreSpeaks
Copy link
Copy Markdown
Collaborator

@TheodoreSpeaks TheodoreSpeaks commented May 6, 2026
edited
Loading

Summary

  • Platform admins (user.role === 'admin') bypass per-plan caps across usage, storage, tables, log retention, and workspace invites — in addition to the existing personal workspace bypass
  • Hoists isPlatformAdmin into lib/auth/platform-admin.ts (+ getPlatformAdminUserIds bulk variant for the list-workspaces endpoint) so the same check serves billing, storage, tables, logs, and invite policy
  • Rate limits intentionally left in place
  • cleanup-dispatcher excludes admin-owned workspaces at the SQL level (LEFT JOIN + ne(user.role, 'admin')) so admin data isn't auto-purged on free/pro/team retention defaults
  • Admin checks parallelized with adjacent subscription/usage fetches in storage/limits.ts and table/billing.ts — no added serial latency on the hot path

Type of Change

  • Improvement

Testing

  • bun run lint — clean
  • bun run check:api-validation:strict — passed
  • bun run type-check — passed
  • bunx vitest run lib/workspaces/policy.test.ts — 23 passed (2 new admin-invite tests)

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link
Copy Markdown

vercel Bot commented May 6, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped May 15, 2026 6:13pm

Request Review

@cursor
Copy link
Copy Markdown

cursor Bot commented May 6, 2026
edited
Loading

PR Summary

Medium Risk
Broadens the set of users who bypass billing-related limits (workspace creation, invites, usage, storage, table limits) based on user.role, so mistakes in role detection or unexpected callers could unintentionally remove paywalls.

Overview
Platform admins now bypass several billing/subscription gates based on user.role === 'admin'.

Adds isPlatformAdmin/getPlatformAdminUserIds and wires them into workspace creation and invite policy (including bulk workspace listing), plus bypasses cost usage caps, storage quota checks, and table feature limits for admin-billed accounts. Cleanup job workspace selection is also updated to exclude admin-owned workspaces, and workspace policy tests are expanded/adjusted to cover admin vs non-admin behavior.

Reviewed by Cursor Bugbot for commit d257bfb. Bugbot is set up for automated code reviews on this repo. Configure here.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 6, 2026
edited
Loading

Greptile Summary

This PR introduces a platform-admin bypass across billing gates — usage caps, storage quotas, table limits, workspace creation, and workspace invites — by hoisting a shared isPlatformAdmin / getPlatformAdminUserIds helper into lib/auth/platform-admin.ts and threading it into each enforcement point. The cleanup-dispatcher is also updated to exclude admin-owned workspaces from auto-purge via a SQL-level LEFT JOIN filter.

  • lib/auth/platform-admin.ts: New module with a single-user isPlatformAdmin and a bulk getPlatformAdminUserIds variant; both query the user.role column directly.
  • storage/limits.ts, table/billing.ts, app/api/workspaces/route.ts: Admin check parallelized with existing subscription/usage fetches so there is no added serial latency on the hot path.
  • usage-monitor.ts: Admin bypass inserted sequentially after the org-owner billing-block loop rather than before it, meaning a platform admin who is a member of any org with a blocked owner would be incorrectly blocked before the bypass fires.

Confidence Score: 4/5

Safe to merge with one ordering fix in usage-monitor.ts; all other bypass points are correctly guarded.

The admin bypass in usage-monitor.ts is inserted after the org-owner billing-block loop, so a platform admin who is a member of any customer org with a frozen or disputed billing account will be incorrectly told their usage is exceeded and have workflow runs rejected. Every other bypass point is correctly placed and parallelized.

apps/sim/lib/billing/calculations/usage-monitor.ts — the isPlatformAdmin check needs to move before the org-owner billing-block loop.

Important Files Changed

Filename Overview
apps/sim/lib/auth/platform-admin.ts New module extracting isPlatformAdmin (single-user) and getPlatformAdminUserIds (bulk) from the DB; straightforward queries with correct use of inArray and early-exit for empty input.
apps/sim/lib/billing/calculations/usage-monitor.ts Admin bypass inserted after the org-owner billing-block loop; a platform admin who is a member of any org with a blocked owner will be incorrectly told usage is exceeded before reaching the bypass.
apps/sim/lib/billing/cleanup-dispatcher.ts LEFT JOIN on user + or(isNull(user.role), ne(user.role, 'admin')) correctly excludes admin-owned workspaces from both free and pro/team cleanup queries.
apps/sim/lib/billing/storage/limits.ts isPlatformAdmin parallelized with storage-usage and limit fetches; admin bypass fires before quota math. Clean.
apps/sim/lib/table/billing.ts isPlatformAdmin parallelized with getHighestPrioritySubscription; subscription result is unused for admins but the trade-off is intentional. Clean.
apps/sim/lib/workspaces/policy.ts isPlatformAdmin check correctly placed after org-subscription block and before personal-plan limits; admin in org context without owner/admin org-role falls back to personal mode (documented in tests).
apps/sim/lib/workspaces/policy.test.ts Four new test cases cover admin personal bypass, admin in org context, admin as org member only, and non-admin plan enforcement; mockDbResults updated to reflect two-query pattern.
apps/sim/app/api/workspaces/route.ts getPlatformAdminUserIds bulk-fetched in parallel with existing subscription lookups; billedUserIsPlatformAdmin threaded into evaluateWorkspaceInvitePolicy. Clean.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[checkServerSideUsageLimits] --> B{isBillingEnabled?}
    B -- No --> Z[return not exceeded]
    B -- Yes --> C[Fetch userStats]
    C --> D{User billing-blocked?}
    D -- Yes --> E[return isExceeded=true]
    D -- No --> F[Fetch org memberships]
    F --> G{Any org owner billing-blocked?}
    G -- Yes --> H[return isExceeded=true admin bypass not yet reached]
    G -- No --> I{isPlatformAdmin?}
    I -- Yes --> J[return isExceeded=false limit=MAX_SAFE_INT]
    I -- No --> K[checkUsageStatus]
    K --> L[return usage result]
Loading

Reviews (2): Last reviewed commit: "feat(billing): bypass plan limits for pl..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 6, 2026
View reviewed changes
Comment thread apps/sim/lib/workspaces/policy.ts
Comment thread apps/sim/lib/workspaces/policy.ts
@TheodoreSpeaks
feat(billing): bypass plan limits for platform admins
d257bfb 
Extends the platform-admin bypass across usage caps, storage quota,
table limits, log retention, and workspace invites. Hoists isPlatformAdmin
into a shared helper for reuse.
@TheodoreSpeaks TheodoreSpeaks changed the title feat(workspaces): bypass personal workspace limit for platform admins feat(billing): bypass plan limits for platform admins May 15, 2026
@TheodoreSpeaks
Copy link
Copy Markdown
Collaborator Author

TheodoreSpeaks commented May 15, 2026

@greptile review

greptile-apps[bot]
greptile-apps Bot reviewed May 15, 2026
View reviewed changes
Comment thread apps/sim/lib/billing/calculations/usage-monitor.ts
Comment on lines +341 to +348
if (await isPlatformAdmin(userId)) {
logger.info('Bypassing usage cap for platform admin', { userId, currentUsage })
return {
isExceeded: false,
currentUsage,
limit: Number.MAX_SAFE_INTEGER,
}
}
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Admin bypass after org-owner billing-block check

The isPlatformAdmin guard is placed after the org-owner billing-block loop (lines 304–338). That loop iterates every organization the calling user belongs to and returns isExceeded: true if any org owner is billing-blocked. A platform admin who has been added as a member to a customer org (e.g., for support or testing) whose owner has a billing dispute or frozen account will hit that early-return and never reach the admin bypass — causing their own workflow runs to be rejected as usage-exceeded. Moving the isPlatformAdmin check to before the org-owner loop (or parallelizing it with the initial stats fetch) would prevent the false block.

@waleedlatif1 waleedlatif1 deleted the feat/admin-unlimited-workspaces branch May 15, 2026 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheodoreSpeaks