trycompai · Marfuen · Nov 24, 2025 · Nov 21, 2025 · Nov 21, 2025 · Nov 24, 2025
diff --git a/apps/api/src/auth/hybrid-auth.guard.ts b/apps/api/src/auth/hybrid-auth.guard.ts
@@ -232,6 +232,7 @@ export class HybridAuthGuard implements CanActivate {
         where: {
           userId,
           organizationId,
+          deactivated: false,
         },
         select: {
           id: true,

diff --git a/apps/api/src/comments/comments.service.ts b/apps/api/src/comments/comments.service.ts
@@ -116,6 +116,7 @@ export class CommentsService {
               name: comment.author.user.name,
               email: comment.author.user.email,
               image: comment.author.user.image,
+              deactivated: comment.author.deactivated,
             },
             attachments,
             createdAt: comment.createdAt,
@@ -154,6 +155,7 @@ export class CommentsService {
         where: {
           userId,
           organizationId,
+          deactivated: false,
         },
         include: {
           user: true,
@@ -211,6 +213,7 @@ export class CommentsService {
           name: member.user.name,
           email: member.user.email,
           image: member.user.image,
+          deactivated: member.deactivated,
         },
         attachments: result.attachments,
         createdAt: result.comment.createdAt,
@@ -284,6 +287,7 @@ export class CommentsService {
           name: existingComment.author.user.name,
           email: existingComment.author.user.email,
           image: existingComment.author.user.image,
+          deactivated: existingComment.author.deactivated,
         },
         attachments,
         createdAt: updatedComment.createdAt,

diff --git a/apps/api/src/comments/dto/comment-responses.dto.ts b/apps/api/src/comments/dto/comment-responses.dto.ts
@@ -89,6 +89,13 @@ export class AuthorResponseDto {
     nullable: true,
   })
   image: string | null;
+
+  @ApiProperty({
+    description: 'Whether the user is deactivated',
+    example: false,
+    nullable: true,
+  })
+  deactivated: boolean;
 }
 
 export class CommentResponseDto {

diff --git a/apps/api/src/devices/devices.service.ts b/apps/api/src/devices/devices.service.ts
@@ -97,6 +97,7 @@ export class DevicesService {
         where: {
           id: memberId,
           organizationId: organizationId,
+          deactivated: false,
         },
         select: {
           id: true,
@@ -165,6 +166,7 @@ export class DevicesService {
         where: {
           id: memberId,
           organizationId: organizationId,
+          deactivated: false,
         },
         select: {
           id: true,

diff --git a/apps/api/src/people/utils/member-queries.ts b/apps/api/src/people/utils/member-queries.ts
@@ -40,7 +40,7 @@ export class MemberQueries {
     organizationId: string,
   ): Promise<PeopleResponseDto[]> {
     return db.member.findMany({
-      where: { organizationId },
+      where: { organizationId, deactivated: false },
       select: this.MEMBER_SELECT,
       orderBy: { createdAt: 'desc' },
     });

diff --git a/apps/api/src/people/utils/member-validator.ts b/apps/api/src/people/utils/member-validator.ts
@@ -47,6 +47,7 @@ export class MemberValidator {
       where: {
         id: memberId,
         organizationId,
+        deactivated: false,
       },
       select: { id: true, userId: true },
     });
@@ -71,6 +72,7 @@ export class MemberValidator {
     const whereClause: any = {
       userId,
       organizationId,
+      deactivated: false,
     };
 
     if (excludeMemberId) {

diff --git a/apps/app/src/actions/add-comment.ts b/apps/app/src/actions/add-comment.ts
@@ -38,6 +38,7 @@ export const addCommentAction = authActionClient
         where: {
           userId: session.userId,
           organizationId: session.activeOrganizationId,
+          deactivated: false,
         },
       });
 

diff --git a/apps/app/src/actions/change-organization.ts b/apps/app/src/actions/change-organization.ts
@@ -28,6 +28,7 @@ export const changeOrganizationAction = authActionClient
       where: {
         userId: user.id,
         organizationId,
+        deactivated: false,
       },
     });
 

diff --git a/apps/app/src/actions/organization/accept-invitation.ts b/apps/app/src/actions/organization/accept-invitation.ts
@@ -69,6 +69,7 @@ export const completeInvitation = authActionClientWithoutOrg
           where: {
             userId: user.id,
             organizationId: invitation.organizationId,
+            deactivated: false,
           },
         });
 

diff --git a/apps/app/src/actions/organization/get-organization-users-action.ts b/apps/app/src/actions/organization/get-organization-users-action.ts
@@ -26,6 +26,7 @@ export const getOrganizationUsersAction = authActionClient
         const users = await db.member.findMany({
           where: {
             organizationId: ctx.session.activeOrganizationId,
+            deactivated: false,
           },
           select: {
             user: {

diff --git a/apps/app/src/actions/policies/accept-requested-policy-changes.ts b/apps/app/src/actions/policies/accept-requested-policy-changes.ts
@@ -82,6 +82,7 @@ export const acceptRequestedPolicyChangesAction = authActionClient
         where: {
           organizationId: session.activeOrganizationId,
           isActive: true,
+          deactivated: false,
         },
         include: {
           user: true,
@@ -131,6 +132,7 @@ export const acceptRequestedPolicyChangesAction = authActionClient
           where: {
             userId: user.id,
             organizationId: session.activeOrganizationId,
+            deactivated: false,
           },
         });
 

diff --git a/apps/app/src/actions/policies/create-new-policy.ts b/apps/app/src/actions/policies/create-new-policy.ts
@@ -39,6 +39,7 @@ export const createPolicyAction = authActionClient
       where: {
         userId: user.id,
         organizationId: activeOrganizationId,
+        deactivated: false,
       },
     });
 

diff --git a/apps/app/src/actions/policies/deny-requested-policy-changes.ts b/apps/app/src/actions/policies/deny-requested-policy-changes.ts
@@ -68,6 +68,7 @@ export const denyRequestedPolicyChangesAction = authActionClient
           where: {
             userId: user.id,
             organizationId: session.activeOrganizationId,
+            deactivated: false,
           },
         });
 

diff --git a/apps/app/src/actions/policies/publish-all.ts b/apps/app/src/actions/policies/publish-all.ts
@@ -41,6 +41,7 @@ export const publishAllPoliciesAction = authActionClient
       where: {
         userId: user.id,
         organizationId: parsedInput.organizationId,
+        deactivated: false,
       },
     });
 
@@ -104,6 +105,7 @@ export const publishAllPoliciesAction = authActionClient
         where: {
           organizationId: parsedInput.organizationId,
           isActive: true,
+          deactivated: false,          
           OR: [
             { role: { contains: Role.employee } },
             { role: { contains: Role.contractor } },

diff --git a/apps/app/src/actions/safe-action.ts b/apps/app/src/actions/safe-action.ts
@@ -231,6 +231,7 @@ export const authWithOrgAccessClient = authActionClient.use(async ({ next, clien
     where: {
       userId: ctx.user.id,
       organizationId,
+      deactivated: false,
     },
   });
 

diff --git a/apps/app/src/app/(app)/[orgId]/frameworks/page.tsx b/apps/app/src/app/(app)/[orgId]/frameworks/page.tsx
@@ -39,6 +39,7 @@ export default async function DashboardPage({ params }: { params: Promise<{ orgI
     where: {
       userId: session.user.id,
       organizationId,
+      deactivated: false,
     },
   });
 

diff --git a/apps/app/src/app/(app)/[orgId]/layout.tsx b/apps/app/src/app/(app)/[orgId]/layout.tsx
@@ -56,6 +56,7 @@ export default async function Layout({
     where: {
       userId: session.user.id,
       organizationId: requestedOrgId,
+      deactivated: false,
     },
   });
 

diff --git a/apps/app/src/app/(app)/[orgId]/people/all/actions/addEmployeeWithoutInvite.ts b/apps/app/src/app/(app)/[orgId]/people/all/actions/addEmployeeWithoutInvite.ts
@@ -25,6 +25,7 @@ export const addEmployeeWithoutInvite = async ({
       where: {
         organizationId: organizationId,
         userId: currentUserId,
+        deactivated: false,
       },
     });
 
@@ -57,16 +58,45 @@ export const addEmployeeWithoutInvite = async ({
       userId = newUser.id;
     }
 
-    const member = await auth.api.addMember({
-      body: {
-        userId: existingUser?.id ?? userId,
+    const finalUserId = existingUser?.id ?? userId;
+
+    // Check if there's an existing member (including deactivated ones) for this user and organization
+    const existingMember = await db.member.findFirst({
+      where: {
+        userId: finalUserId,
         organizationId,
-        role: roles, // Auth API expects role or role array
       },
     });
 
-    // Create training video completion entries for the new member
-    if (member?.id) {
+    let member;
+    if (existingMember) {
+      // If member exists but is deactivated, reactivate it and update roles
+      if (existingMember.deactivated) {
+        const roleString = roles.sort().join(',');
+        member = await db.member.update({
+          where: { id: existingMember.id },
+          data: {
+            deactivated: false,
+            role: roleString,
+          },
+        });
+      } else {
+        // Member already exists and is active, return existing member
+        member = existingMember;
+      }
+    } else {
+      // No existing member, create a new one
+      member = await auth.api.addMember({
+        body: {
+          userId: finalUserId,
+          organizationId,
+          role: roles, // Auth API expects role or role array
+        },
+      });
+    }
+
+    // Create training video completion entries for the new member (only if member was just created/reactivated)
+    if (member?.id && !existingMember) {
       await createTrainingVideoEntries(member.id);
     }