[PM-15179] Implement endpoints to add existing organization to CB provider (#5310)

* Implement endpoints to add existing organization to provider * Run dotnet format * Support MOE * Run dotnet format * Move ProviderClientsController under AC ownership * Move ProviderClientsControllerTests under AC ownership * Jared's feedback
2025-04-04 20:50:21 -05:00 · 2025-02-04 09:02:18 -05:00 · 2025-02-04 09:02:18 -05:00 · f1b9bd9a09
commit f1b9bd9a09
parent 90f308db34
14 changed files with 427 additions and 6 deletions
--- a/bitwarden_license/src/Commercial.Core/Billing/ProviderBillingService.cs
+++ b/bitwarden_license/src/Commercial.Core/Billing/ProviderBillingService.cs
@ -1,12 +1,15 @@
 using System.Globalization;
 using Bit.Commercial.Core.Billing.Models;
+using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
+using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Billing;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Entities;
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Repositories;
 using Bit.Core.Billing.Services;
 using Bit.Core.Billing.Services.Contracts;
@ -24,6 +27,7 @@ using Stripe;
 namespace Bit.Commercial.Core.Billing;

 public class ProviderBillingService(
+    IEventService eventService,
    IGlobalSettings globalSettings,
    ILogger<ProviderBillingService> logger,
    IOrganizationRepository organizationRepository,
@ -31,10 +35,93 @@ public class ProviderBillingService(
    IProviderInvoiceItemRepository providerInvoiceItemRepository,
    IProviderOrganizationRepository providerOrganizationRepository,
    IProviderPlanRepository providerPlanRepository,
+    IProviderUserRepository providerUserRepository,
    IStripeAdapter stripeAdapter,
    ISubscriberService subscriberService,
    ITaxService taxService) : IProviderBillingService
 {
+    [RequireFeature(FeatureFlagKeys.P15179_AddExistingOrgsFromProviderPortal)]
+    public async Task AddExistingOrganization(
+        Provider provider,
+        Organization organization,
+        string key)
+    {
+        await stripeAdapter.SubscriptionUpdateAsync(organization.GatewaySubscriptionId,
+            new SubscriptionUpdateOptions
+            {
+                CancelAtPeriodEnd = false
+            });
+
+        var subscription =
+            await stripeAdapter.SubscriptionCancelAsync(organization.GatewaySubscriptionId,
+                new SubscriptionCancelOptions
+                {
+                    CancellationDetails = new SubscriptionCancellationDetailsOptions
+                    {
+                        Comment = $"Organization was added to Provider with ID {provider.Id}"
+                    },
+                    InvoiceNow = true,
+                    Prorate = true,
+                    Expand = ["latest_invoice", "test_clock"]
+                });
+
+        var now = subscription.TestClock?.FrozenTime ?? DateTime.UtcNow;
+
+        var wasTrialing = subscription.TrialEnd.HasValue && subscription.TrialEnd.Value > now;
+
+        if (!wasTrialing && subscription.LatestInvoice.Status == StripeConstants.InvoiceStatus.Draft)
+        {
+            await stripeAdapter.InvoiceFinalizeInvoiceAsync(subscription.LatestInvoiceId,
+                new InvoiceFinalizeOptions { AutoAdvance = true });
+        }
+
+        var managedPlanType = await GetManagedPlanTypeAsync(provider, organization);
+
+        // TODO: Replace with PricingClient
+        var plan = StaticStore.GetPlan(managedPlanType);
+        organization.Plan = plan.Name;
+        organization.PlanType = plan.Type;
+        organization.MaxCollections = plan.PasswordManager.MaxCollections;
+        organization.MaxStorageGb = plan.PasswordManager.BaseStorageGb;
+        organization.UsePolicies = plan.HasPolicies;
+        organization.UseSso = plan.HasSso;
+        organization.UseGroups = plan.HasGroups;
+        organization.UseEvents = plan.HasEvents;
+        organization.UseDirectory = plan.HasDirectory;
+        organization.UseTotp = plan.HasTotp;
+        organization.Use2fa = plan.Has2fa;
+        organization.UseApi = plan.HasApi;
+        organization.UseResetPassword = plan.HasResetPassword;
+        organization.SelfHost = plan.HasSelfHost;
+        organization.UsersGetPremium = plan.UsersGetPremium;
+        organization.UseCustomPermissions = plan.HasCustomPermissions;
+        organization.UseScim = plan.HasScim;
+        organization.UseKeyConnector = plan.HasKeyConnector;
+        organization.MaxStorageGb = plan.PasswordManager.BaseStorageGb;
+        organization.BillingEmail = provider.BillingEmail!;
+        organization.GatewaySubscriptionId = null;
+        organization.ExpirationDate = null;
+        organization.MaxAutoscaleSeats = null;
+        organization.Status = OrganizationStatusType.Managed;
+
+        var providerOrganization = new ProviderOrganization
+        {
+            ProviderId = provider.Id,
+            OrganizationId = organization.Id,
+            Key = key
+        };
+
+        await Task.WhenAll(
+            organizationRepository.ReplaceAsync(organization),
+            providerOrganizationRepository.CreateAsync(providerOrganization),
+            ScaleSeats(provider, organization.PlanType, organization.Seats!.Value)
+        );
+
+        await eventService.LogProviderOrganizationEventAsync(
+            providerOrganization,
+            EventType.ProviderOrganization_Added);
+    }
+
    public async Task ChangePlan(ChangeProviderPlanCommand command)
    {
        var plan = await providerPlanRepository.GetByIdAsync(command.ProviderPlanId);
@ -206,6 +293,81 @@ public class ProviderBillingService(
        return memoryStream.ToArray();
    }

+    [RequireFeature(FeatureFlagKeys.P15179_AddExistingOrgsFromProviderPortal)]
+    public async Task<IEnumerable<AddableOrganization>> GetAddableOrganizations(
+        Provider provider,
+        Guid userId)
+    {
+        var providerUser = await providerUserRepository.GetByProviderUserAsync(provider.Id, userId);
+
+        if (providerUser is not { Status: ProviderUserStatusType.Confirmed })
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        var candidates = await organizationRepository.GetAddableToProviderByUserIdAsync(userId, provider.Type);
+
+        var active = (await Task.WhenAll(candidates.Select(async organization =>
+            {
+                var subscription = await subscriberService.GetSubscription(organization);
+                return (organization, subscription);
+            })))
+            .Where(pair => pair.subscription is
+            {
+                Status:
+                    StripeConstants.SubscriptionStatus.Active or
+                    StripeConstants.SubscriptionStatus.Trialing or
+                    StripeConstants.SubscriptionStatus.PastDue
+            }).ToList();
+
+        if (active.Count == 0)
+        {
+            return [];
+        }
+
+        return await Task.WhenAll(active.Select(async pair =>
+        {
+            var (organization, _) = pair;
+
+            var planName = DerivePlanName(provider, organization);
+
+            var addable = new AddableOrganization(
+                organization.Id,
+                organization.Name,
+                planName,
+                organization.Seats!.Value);
+
+            if (providerUser.Type != ProviderUserType.ServiceUser)
+            {
+                return addable;
+            }
+
+            var applicablePlanType = await GetManagedPlanTypeAsync(provider, organization);
+
+            var requiresPurchase =
+                await SeatAdjustmentResultsInPurchase(provider, applicablePlanType, organization.Seats!.Value);
+
+            return addable with { Disabled = requiresPurchase };
+        }));
+
+        string DerivePlanName(Provider localProvider, Organization localOrganization)
+        {
+            if (localProvider.Type == ProviderType.Msp)
+            {
+                return localOrganization.PlanType switch
+                {
+                    var planType when PlanConstants.EnterprisePlanTypes.Contains(planType) => "Enterprise",
+                    var planType when PlanConstants.TeamsPlanTypes.Contains(planType) => "Teams",
+                    _ => throw new BillingException()
+                };
+            }
+
+            // TODO: Replace with PricingClient
+            var plan = StaticStore.GetPlan(localOrganization.PlanType);
+            return plan.Name;
+        }
+    }
+
    public async Task ScaleSeats(
        Provider provider,
        PlanType planType,
@ -582,4 +744,21 @@ public class ProviderBillingService(

        return providerPlan;
    }
+
+    private async Task<PlanType> GetManagedPlanTypeAsync(
+        Provider provider,
+        Organization organization)
+    {
+        if (provider.Type == ProviderType.MultiOrganizationEnterprise)
+        {
+            return (await providerPlanRepository.GetByProviderId(provider.Id)).First().PlanType;
+        }
+
+        return organization.PlanType switch
+        {
+            var planType when PlanConstants.TeamsPlanTypes.Contains(planType) => PlanType.TeamsMonthly,
+            var planType when PlanConstants.EnterprisePlanTypes.Contains(planType) => PlanType.EnterpriseMonthly,
+            _ => throw new BillingException()
+        };
+    }
 }
--- a/src/Api/AdminConsole/Controllers/ProviderClientsController.cs
+++ b/src/Api/AdminConsole/Controllers/ProviderClientsController.cs
@ -1,4 +1,6 @@
-using Bit.Api.Billing.Models.Requests;
+using Bit.Api.Billing.Controllers;
+using Bit.Api.Billing.Models.Requests;
+using Bit.Core;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Billing.Services;
@ -7,13 +9,15 @@ using Bit.Core.Enums;
 using Bit.Core.Models.Business;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Mvc;

-namespace Bit.Api.Billing.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;

 [Route("providers/{providerId:guid}/clients")]
 public class ProviderClientsController(
    ICurrentContext currentContext,
+    IFeatureService featureService,
    ILogger<BaseProviderController> logger,
    IOrganizationRepository organizationRepository,
    IProviderBillingService providerBillingService,
@ -22,7 +26,10 @@ public class ProviderClientsController(
    IProviderService providerService,
    IUserService userService) : BaseProviderController(currentContext, logger, providerRepository, userService)
 {
+    private readonly ICurrentContext _currentContext = currentContext;
+
    [HttpPost]
+    [SelfHosted(NotSelfHostedOnly = true)]
    public async Task<IResult> CreateAsync(
        [FromRoute] Guid providerId,
        [FromBody] CreateClientOrganizationRequestBody requestBody)
@ -80,6 +87,7 @@ public class ProviderClientsController(
    }

    [HttpPut("{providerOrganizationId:guid}")]
+    [SelfHosted(NotSelfHostedOnly = true)]
    public async Task<IResult> UpdateAsync(
        [FromRoute] Guid providerId,
        [FromRoute] Guid providerOrganizationId,
@ -113,7 +121,7 @@ public class ProviderClientsController(
            clientOrganization.PlanType,
            seatAdjustment);

-        if (seatAdjustmentResultsInPurchase && !currentContext.ProviderProviderAdmin(provider.Id))
+        if (seatAdjustmentResultsInPurchase && !_currentContext.ProviderProviderAdmin(provider.Id))
        {
            return Error.Unauthorized("Service users cannot purchase additional seats.");
        }
@ -127,4 +135,58 @@ public class ProviderClientsController(

        return TypedResults.Ok();
    }
+
+    [HttpGet("addable")]
+    [SelfHosted(NotSelfHostedOnly = true)]
+    public async Task<IResult> GetAddableOrganizationsAsync([FromRoute] Guid providerId)
+    {
+        if (!featureService.IsEnabled(FeatureFlagKeys.P15179_AddExistingOrgsFromProviderPortal))
+        {
+            return Error.NotFound();
+        }
+
+        var (provider, result) = await TryGetBillableProviderForServiceUserOperation(providerId);
+
+        if (provider == null)
+        {
+            return result;
+        }
+
+        var userId = _currentContext.UserId;
+
+        if (!userId.HasValue)
+        {
+            return Error.Unauthorized();
+        }
+
+        var addable =
+            await providerBillingService.GetAddableOrganizations(provider, userId.Value);
+
+        return TypedResults.Ok(addable);
+    }
+
+    [HttpPost("existing")]
+    [SelfHosted(NotSelfHostedOnly = true)]
+    public async Task<IResult> AddExistingOrganizationAsync(
+        [FromRoute] Guid providerId,
+        [FromBody] AddExistingOrganizationRequestBody requestBody)
+    {
+        var (provider, result) = await TryGetBillableProviderForServiceUserOperation(providerId);
+
+        if (provider == null)
+        {
+            return result;
+        }
+
+        var organization = await organizationRepository.GetByIdAsync(requestBody.OrganizationId);
+
+        if (organization == null)
+        {
+            return Error.BadRequest("The organization being added to the provider does not exist.");
+        }
+
+        await providerBillingService.AddExistingOrganization(provider, organization, requestBody.Key);
+
+        return TypedResults.Ok();
+    }
 }
--- a/src/Api/Billing/Models/Requests/AddExistingOrganizationRequestBody.cs
+++ b/src/Api/Billing/Models/Requests/AddExistingOrganizationRequestBody.cs
@ -0,0 +1,12 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.Billing.Models.Requests;
+
+public class AddExistingOrganizationRequestBody
+{
+    [Required(ErrorMessage = "'key' must be provided")]
+    public string Key { get; set; }
+
+    [Required(ErrorMessage = "'organizationId' must be provided")]
+    public Guid OrganizationId { get; set; }
+}
--- a/src/Core/AdminConsole/Repositories/IOrganizationRepository.cs
+++ b/src/Core/AdminConsole/Repositories/IOrganizationRepository.cs
@ -1,4 +1,5 @@
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Models.Data.Organizations;

 #nullable enable
@ -22,4 +23,5 @@ public interface IOrganizationRepository : IRepository<Organization, Guid>
    /// Gets the organizations that have a verified domain matching the user's email domain.
    /// </summary>
    Task<ICollection<Organization>> GetByVerifiedUserEmailDomainAsync(Guid userId);
+    Task<ICollection<Organization>> GetAddableToProviderByUserIdAsync(Guid userId, ProviderType providerType);
 }
--- a/src/Core/Billing/Constants/PlanConstants.cs
+++ b/src/Core/Billing/Constants/PlanConstants.cs
@ -0,0 +1,30 @@
+using Bit.Core.Billing.Enums;
+
+namespace Bit.Core.Billing.Constants;
+
+public static class PlanConstants
+{
+    public static List<PlanType> EnterprisePlanTypes =>
+    [
+        PlanType.EnterpriseAnnually2019,
+        PlanType.EnterpriseAnnually2020,
+        PlanType.EnterpriseAnnually2023,
+        PlanType.EnterpriseAnnually,
+        PlanType.EnterpriseMonthly2019,
+        PlanType.EnterpriseMonthly2020,
+        PlanType.EnterpriseMonthly2023,
+        PlanType.EnterpriseMonthly
+    ];
+
+    public static List<PlanType> TeamsPlanTypes =>
+    [
+        PlanType.TeamsAnnually2019,
+        PlanType.TeamsAnnually2020,
+        PlanType.TeamsAnnually2023,
+        PlanType.TeamsAnnually,
+        PlanType.TeamsMonthly2019,
+        PlanType.TeamsMonthly2020,
+        PlanType.TeamsMonthly2023,
+        PlanType.TeamsMonthly
+    ];
+}
--- a/src/Core/Billing/Constants/StripeConstants.cs
+++ b/src/Core/Billing/Constants/StripeConstants.cs
@ -31,6 +31,16 @@ public static class StripeConstants
        public const string TaxIdInvalid = "tax_id_invalid";
    }

+    public static class InvoiceStatus
+    {
+        public const string Draft = "draft";
+    }
+
+    public static class MetadataKeys
+    {
+        public const string OrganizationId = "organizationId";
+    }
+
    public static class PaymentBehavior
    {
        public const string DefaultIncomplete = "default_incomplete";
--- a/src/Core/Billing/Models/AddableOrganization.cs
+++ b/src/Core/Billing/Models/AddableOrganization.cs
@ -0,0 +1,8 @@
+namespace Bit.Core.Billing.Models;
+
+public record AddableOrganization(
+    Guid Id,
+    string Name,
+    string Plan,
+    int Seats,
+    bool Disabled = false);
--- a/src/Core/Billing/Services/IProviderBillingService.cs
+++ b/src/Core/Billing/Services/IProviderBillingService.cs
@ -2,6 +2,7 @@
 using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.Billing.Entities;
 using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Models;
 using Bit.Core.Billing.Services.Contracts;
 using Bit.Core.Models.Business;
 using Stripe;
@ -10,6 +11,11 @@ namespace Bit.Core.Billing.Services;

 public interface IProviderBillingService
 {
+    Task AddExistingOrganization(
+        Provider provider,
+        Organization organization,
+        string key);
+
    /// <summary>
    /// Changes the assigned provider plan for the provider.
    /// </summary>
@ -35,6 +41,10 @@ public interface IProviderBillingService
    Task<byte[]> GenerateClientInvoiceReport(
        string invoiceId);

+    Task<IEnumerable<AddableOrganization>> GetAddableOrganizations(
+        Provider provider,
+        Guid userId);
+
    /// <summary>
    /// Scales the <paramref name="provider"/>'s seats for the specified <paramref name="planType"/> using the provided <paramref name="seatAdjustment"/>.
    /// This operation may autoscale the provider's Stripe <see cref="Stripe.Subscription"/> depending on the <paramref name="provider"/>'s seat minimum for the
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@ -172,6 +172,7 @@ public static class FeatureFlagKeys
    public const string SingleTapPasskeyAuthentication = "single-tap-passkey-authentication";
    public const string EnableRiskInsightsNotifications = "enable-risk-insights-notifications";
    public const string EnablePMAuthenticatorSync = "enable-pm-bwa-sync";
+    public const string P15179_AddExistingOrgsFromProviderPortal = "PM-15179-add-existing-orgs-from-provider-portal";

    public static List<string> GetAllKeys()
    {
--- a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationRepository.cs
+++ b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationRepository.cs
@ -1,5 +1,6 @@
 using System.Data;
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Entities;
 using Bit.Core.Models.Data.Organizations;
@ -180,4 +181,19 @@ public class OrganizationRepository : Repository<Organization, Guid>, IOrganizat
            return result.ToList();
        }
    }
+
+    public async Task<ICollection<Organization>> GetAddableToProviderByUserIdAsync(
+        Guid userId,
+        ProviderType providerType)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var result = await connection.QueryAsync<Organization>(
+                $"[{Schema}].[{Table}_ReadAddableToProviderByUserId]",
+                new { UserId = userId, ProviderType = providerType },
+                commandType: CommandType.StoredProcedure);
+
+            return result.ToList();
+        }
+    }
 }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
@ -1,9 +1,12 @@
 using AutoMapper;
 using AutoMapper.QueryableExtensions;
+using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data.Organizations;
 using Bit.Core.Repositories;
+using LinqToDB.Tools;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@ -298,6 +301,41 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
        }
    }

+    public async Task<ICollection<Core.AdminConsole.Entities.Organization>> GetAddableToProviderByUserIdAsync(
+        Guid userId,
+        ProviderType providerType)
+    {
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+
+            var planTypes = providerType switch
+            {
+                ProviderType.Msp => PlanConstants.EnterprisePlanTypes.Concat(PlanConstants.TeamsPlanTypes),
+                ProviderType.MultiOrganizationEnterprise => PlanConstants.EnterprisePlanTypes,
+                _ => []
+            };
+
+            var query =
+                from organizationUser in dbContext.OrganizationUsers
+                join organization in dbContext.Organizations on organizationUser.OrganizationId equals organization.Id
+                where
+                    organizationUser.UserId == userId &&
+                    organizationUser.Type == OrganizationUserType.Owner &&
+                    organizationUser.Status == OrganizationUserStatusType.Confirmed &&
+                    organization.Enabled &&
+                    organization.GatewayCustomerId != null &&
+                    organization.GatewaySubscriptionId != null &&
+                    organization.Seats > 0 &&
+                    organization.Status == OrganizationStatusType.Created &&
+                    !organization.UseSecretsManager &&
+                    organization.PlanType.In(planTypes)
+                select organization;
+
+            return await query.ToArrayAsync();
+        }
+    }
+
    public Task EnableCollectionEnhancements(Guid organizationId)
    {
        throw new NotImplementedException("Collection enhancements migration is not yet supported for Entity Framework.");
--- a/Procedures/Organization_ReadAddableToProviderByUserId.sql
+++ b/Procedures/Organization_ReadAddableToProviderByUserId.sql
@ -0,0 +1,23 @@
+CREATE PROCEDURE [dbo].[Organization_ReadAddableToProviderByUserId]
+    @UserId UNIQUEIDENTIFIER,
+    @ProviderType TINYINT
+AS
+BEGIN
+    SET NOCOUNT ON
+    SELECT O.* FROM [dbo].[OrganizationUser] AS OU
+    JOIN [dbo].[Organization] AS O ON O.[Id] = OU.[OrganizationId]
+    WHERE
+        OU.[UserId] = @UserId AND
+        OU.[Type] = 0 AND
+        OU.[Status] = 2 AND
+        O.[Enabled] = 1 AND
+        O.[GatewayCustomerId] IS NOT NULL AND
+        O.[GatewaySubscriptionId] IS NOT NULL AND
+        O.[Seats] > 0 AND
+        O.[Status] = 1 AND
+        O.[UseSecretsManager] = 0 AND
+        -- All Teams & Enterprise for MSP
+        (@ProviderType = 0 AND O.[PlanType] IN (2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20) OR
+        -- All Enterprise for MOE
+         @ProviderType = 2 AND O.[PlanType] IN (4, 5, 10, 11, 14, 15, 19, 20));
+END
--- a/test/Api.Test/AdminConsole/Controllers/ProviderClientsControllerTests.cs
+++ b/test/Api.Test/AdminConsole/Controllers/ProviderClientsControllerTests.cs
@ -1,5 +1,5 @@
 using System.Security.Claims;
-using Bit.Api.Billing.Controllers;
+using Bit.Api.AdminConsole.Controllers;
 using Bit.Api.Billing.Models.Requests;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
@ -19,10 +19,9 @@ using Microsoft.AspNetCore.Http.HttpResults;
 using NSubstitute;
 using NSubstitute.ReturnsExtensions;
 using Xunit;
-
 using static Bit.Api.Test.Billing.Utilities;

-namespace Bit.Api.Test.Billing.Controllers;
+namespace Bit.Api.Test.AdminConsole.Controllers;

 [ControllerCustomize(typeof(ProviderClientsController))]
 [SutProviderCustomize]
--- a/util/Migrator/DbScripts/2025-01-28_00_Add_Organization_ReadAddableToProviderByUserId.sql
+++ b/util/Migrator/DbScripts/2025-01-28_00_Add_Organization_ReadAddableToProviderByUserId.sql
@ -0,0 +1,31 @@
+-- Drop existing SPROC
+IF OBJECT_ID('[dbo].[Organization_ReadAddableToProviderByUserId') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[Organization_ReadAddableToProviderByUserId]
+END
+GO
+
+CREATE PROCEDURE [dbo].[Organization_ReadAddableToProviderByUserId]
+    @UserId UNIQUEIDENTIFIER,
+    @ProviderType TINYINT
+AS
+BEGIN
+    SET NOCOUNT ON
+    SELECT O.* FROM [dbo].[OrganizationUser] AS OU
+    JOIN [dbo].[Organization] AS O ON O.[Id] = OU.[OrganizationId]
+    WHERE
+        OU.[UserId] = @UserId AND
+        OU.[Type] = 0 AND
+        OU.[Status] = 2 AND
+        O.[Enabled] = 1 AND
+        O.[GatewayCustomerId] IS NOT NULL AND
+        O.[GatewaySubscriptionId] IS NOT NULL AND
+        O.[Seats] > 0 AND
+        O.[Status] = 1 AND
+        O.[UseSecretsManager] = 0 AND
+      -- All Teams & Enterprise for MSP
+        (@ProviderType = 0 AND O.[PlanType] IN (2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20) OR
+            -- All Enterprise for MOE
+         @ProviderType = 2 AND O.[PlanType] IN (4, 5, 10, 11, 14, 15, 19, 20));
+END
+GO