Last Updated: 2026-03-29
Summary
This document audits every existing feature currently under /dashboard/settings and determines whether it belongs at the Workspace Level or the User (Global) Level. A feature belongs at the user level if it would make sense even if the user had zero workspaces.
Analysis Table
| Feature | Currently At | Correct Level | Verdict | Reason |
|---|---|---|---|---|
| Workspace Name (editing) | /dashboard/settings |
Workspace | ✅ Stay | Tied to the specific tenant's display name |
| Workspace ID (read-only) | /dashboard/settings |
Workspace | ✅ Stay | References the current tenantId |
| Workspace Logo | /dashboard/settings |
Workspace | ✅ Stay | Per-tenant branding (stored as logo_url on tenants table) |
| Danger Zone (delete, transfer workspace) | /dashboard/settings |
Workspace | ✅ Stay | Only makes sense in the context of a specific workspace |
| API Keys | /dashboard/settings/api-keys |
Workspace | ✅ Stay | Backend is keyed by tenantId. Keys are per-workspace credentials |
| Billing / Subscription | /dashboard/settings/billing |
Workspace | ✅ Stay (Implemented) | 5-tab billing page with plan management, coins, add-ons, invoices |
| Team Members | /dashboard/settings/members |
Workspace | ✅ Stay (Implemented) | Invite flow, role management, member list — all per-tenant |
| Roles | /dashboard/settings/members (tab) |
Workspace | ✅ Stay (Implemented) | System + custom roles, managed as a tab within the Members page |
| User Profile (name, phone, avatar) | /settings/profile |
User | ✅ Moved | Applies across all workspaces. Now at /settings/profile |
| Password Management (add/change password) | /settings/security |
User | ✅ Moved | Belongs to the user's identity, not to a workspace |
| Connected Accounts (Google, email provider) | /settings/security |
User | ✅ Moved | Auth providers are user-level constructs |
| Notification Preferences | /settings/notifications |
User | ✅ Implemented | 4 toggles: security, invites, billing, product updates |
| Two-Factor Authentication (2FA) | /settings/security |
User | ⏳ Planned | Schema columns exist; full flow not yet built |
What Moves to User Settings
These features currently sit under workspace settings but should be relocated to the new global /settings route:
🔁 Profile → /settings/profile
- Display Name
- Phone Number
- Avatar Upload
Action: Relocate the existing
apps/seller-dashboard/src/app/dashboard/settings/profile/page.tsxtoapps/seller-dashboard/src/app/settings/profile/page.tsx. The workspace settings page should show a short info card with a link to/settings/profileinstead.
🔁 Password Management → /settings/security
- Link password to account (for OAuth users)
- Change existing password
Action: These sections from
profile/page.tsxmove into the dedicated security page.
🔁 Connected Accounts → /settings/security
- Google, email provider list
Action: Move the "Connected Accounts" card from
profile/page.tsxto/settings/security.
🔁 2FA Status → /settings/security (expand to full management)
- Currently shows a badge and "coming soon" text
- Should become a full setup flow: QR code, verify TOTP, recovery codes
Action: Remove the 2FA status card from
profile/page.tsx. Implement a proper 2FA management section at/settings/security.
What Stays at Workspace Settings
| Feature | Why |
|---|---|
| API Keys ✅ | Scoped to tenantId — different keys per workspace |
| Workspace Name, ID, Logo ✅ | Obviously workspace-specific |
| Danger Zone (delete/transfer) ✅ | Operates on a specific workspace |
| Billing ✅ | 5-tab page: Overview, Plans, Invoices, Coins & Add-ons, Billing Info |
| Team Members ✅ | Invite, remove, change roles — all per-tenant |
| Roles ✅ | System + custom roles management |
Proposed Workspace Settings Page (After Moving)
After migration, /dashboard/settings becomes cleaner and focused:
Workspace Settings (/dashboard/settings)
├── Workspace Profile (name, ID, logo) ← Stays
├── API Keys → ← Stays (links to /api-keys sub-page)
├── Billing & Subscription → ← ✅ Implemented (5 tabs)
├── Team Members & Roles → ← ✅ Implemented (invite, roles tab, list)
├── Your User Profile → [Link to /settings/profile]
└── Danger Zone (transfer, delete) ← StaysProposed User Settings Route (After Adding)
User Settings (/settings)
├── Profile (name, phone, avatar) ← ✅ Moved from workspace settings
├── Security
│ ├── Password (add/change) ← ✅ Moved from workspace settings
│ ├── Connected Accounts ← ✅ Moved from workspace settings
│ └── 2FA (full TOTP setup) ← ⏳ Schema ready, UI not yet built
├── Notifications ← ✅ Implemented (4 toggles + API)
├── Appearance (theme) ← ✅ Implemented (next-themes)
├── Workspaces Overview (read-only) ← ✅ Implemented
└── Account Deletion (Danger Zone) ← ⏳ Spec ready, not yet built