feat(api): add validation for deactivated members as approvers

Author: tofikwest

apps/api/src/policies/policies.service.ts

@@ -793,6 +793,11 @@ export class PoliciesService {
       throw new NotFoundException('Approver not found');
     }
 
+    // Cannot assign a deactivated member as approver - they can't log in to approve
+    if (approver.deactivated) {
+      throw new BadRequestException('Cannot assign a deactivated member as approver');
+    }
+
     await db.policy.update({
       where: { id: policyId },
       data: {

apps/app/src/actions/policies/submit-version-for-approval.ts

@@ -67,6 +67,11 @@ export const submitVersionForApprovalAction = authActionClient
       return { success: false, error: 'Approver not found' };
     }
 
+    // Cannot assign a deactivated member as approver - they can't log in to approve
+    if (approver.deactivated) {
+      return { success: false, error: 'Cannot assign a deactivated member as approver' };
+    }
+
     // Update policy to set pending version and status
     await db.policy.update({
       where: { id: policyId },

apps/app/src/app/(app)/[orgId]/policies/[policyId]/components/PdfViewer.tsx

@@ -44,10 +44,23 @@ interface PdfViewerProps {
   isPendingApproval: boolean;
   /** Whether the current version is read-only (published or pending) */
   isVersionReadOnly?: boolean;
+  /** Whether viewing the currently active/published version */
+  isViewingActiveVersion?: boolean;
+  /** Whether viewing a version pending approval */
+  isViewingPendingVersion?: boolean;
   onMutate?: () => void;
 }
 
-export function PdfViewer({ policyId, versionId, pdfUrl, isPendingApproval, isVersionReadOnly = false, onMutate }: PdfViewerProps) {
+export function PdfViewer({ 
+  policyId, 
+  versionId, 
+  pdfUrl, 
+  isPendingApproval, 
+  isVersionReadOnly = false, 
+  isViewingActiveVersion = false,
+  isViewingPendingVersion = false,
+  onMutate 
+}: PdfViewerProps) {
   // Combine both checks - can't modify if pending approval OR version is read-only
   const isReadOnly = isPendingApproval || isVersionReadOnly;
   const router = useRouter();
@@ -269,7 +282,13 @@ export function PdfViewer({ policyId, versionId, pdfUrl, isPendingApproval, isVe
         <div className="space-y-4">
         {isVersionReadOnly && pdfUrl && (
           <div className="flex items-center gap-4 rounded-lg border border-primary/20 bg-primary/10 px-4 py-3 text-sm text-foreground">
-            <span>This version is published. Create a new version to make changes.</span>
+            <span>
+              {isViewingPendingVersion
+                ? 'This version is pending approval and cannot be edited.'
+                : isViewingActiveVersion
+                  ? 'This version is published. Create a new version to make changes.'
+                  : 'This version cannot be edited.'}
+            </span>
           </div>
         )}
         {pdfUrl ? (

apps/app/src/app/(app)/[orgId]/policies/[policyId]/editor/components/PolicyDetails.tsx

@@ -681,6 +681,8 @@ export function PolicyContentManager({
                     pdfUrl={selectedVersion?.pdfUrl}
                     isPendingApproval={isPendingApproval}
                     isVersionReadOnly={isVersionReadOnly}
+                    isViewingActiveVersion={isViewingActiveVersion}
+                    isViewingPendingVersion={isViewingPendingVersion}
                     onMutate={onMutate}
                   />
                 </TabsContent>