RubyGems - rsb-admin - Versions diffs - 0.9.1 - Mend

rsb-admin 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

checksums.yaml +7 -0
data/LICENSE +15 -0
data/README.md +83 -0
data/Rakefile +25 -0
data/app/assets/javascripts/rsb/admin/themes/modern.js +37 -0
data/app/assets/stylesheets/rsb/admin/themes/default.css +1358 -0
data/app/assets/stylesheets/rsb/admin/themes/modern.css +1370 -0
data/app/controllers/concerns/rsb/admin/authorization.rb +21 -0
data/app/controllers/rsb/admin/admin_controller.rb +138 -0
data/app/controllers/rsb/admin/admin_users_controller.rb +110 -0
data/app/controllers/rsb/admin/dashboard_controller.rb +76 -0
data/app/controllers/rsb/admin/profile_controller.rb +146 -0
data/app/controllers/rsb/admin/profile_sessions_controller.rb +45 -0
data/app/controllers/rsb/admin/resources_controller.rb +386 -0
data/app/controllers/rsb/admin/roles_controller.rb +99 -0
data/app/controllers/rsb/admin/sessions_controller.rb +139 -0
data/app/controllers/rsb/admin/settings_controller.rb +203 -0
data/app/controllers/rsb/admin/two_factor_controller.rb +105 -0
data/app/helpers/rsb/admin/authorization_helper.rb +49 -0
data/app/helpers/rsb/admin/branding_helper.rb +38 -0
data/app/helpers/rsb/admin/formatting_helper.rb +205 -0
data/app/helpers/rsb/admin/i18n_helper.rb +148 -0
data/app/helpers/rsb/admin/icons_helper.rb +55 -0
data/app/helpers/rsb/admin/table_helper.rb +132 -0
data/app/helpers/rsb/admin/theme_helper.rb +84 -0
data/app/helpers/rsb/admin/url_helper.rb +109 -0
data/app/mailers/rsb/admin/admin_mailer.rb +37 -0
data/app/models/rsb/admin/admin_session.rb +109 -0
data/app/models/rsb/admin/admin_user.rb +153 -0
data/app/models/rsb/admin/application_record.rb +10 -0
data/app/models/rsb/admin/role.rb +63 -0
data/app/views/layouts/rsb/admin/application.html.erb +45 -0
data/app/views/rsb/admin/admin_mailer/email_verification.html.erb +11 -0
data/app/views/rsb/admin/admin_mailer/email_verification.text.erb +11 -0
data/app/views/rsb/admin/admin_users/_form.html.erb +52 -0
data/app/views/rsb/admin/admin_users/edit.html.erb +10 -0
data/app/views/rsb/admin/admin_users/index.html.erb +77 -0
data/app/views/rsb/admin/admin_users/new.html.erb +10 -0
data/app/views/rsb/admin/admin_users/show.html.erb +85 -0
data/app/views/rsb/admin/dashboard/index.html.erb +36 -0
data/app/views/rsb/admin/profile/edit.html.erb +67 -0
data/app/views/rsb/admin/profile/show.html.erb +155 -0
data/app/views/rsb/admin/resources/_filters.html.erb +58 -0
data/app/views/rsb/admin/resources/_form.html.erb +20 -0
data/app/views/rsb/admin/resources/_pagination.html.erb +33 -0
data/app/views/rsb/admin/resources/_table.html.erb +70 -0
data/app/views/rsb/admin/resources/edit.html.erb +7 -0
data/app/views/rsb/admin/resources/index.html.erb +49 -0
data/app/views/rsb/admin/resources/new.html.erb +7 -0
data/app/views/rsb/admin/resources/page.html.erb +9 -0
data/app/views/rsb/admin/resources/show.html.erb +55 -0
data/app/views/rsb/admin/roles/_form.html.erb +197 -0
data/app/views/rsb/admin/roles/edit.html.erb +7 -0
data/app/views/rsb/admin/roles/index.html.erb +71 -0
data/app/views/rsb/admin/roles/new.html.erb +7 -0
data/app/views/rsb/admin/roles/show.html.erb +99 -0
data/app/views/rsb/admin/sessions/new.html.erb +31 -0
data/app/views/rsb/admin/sessions/two_factor.html.erb +39 -0
data/app/views/rsb/admin/settings/_field.html.erb +115 -0
data/app/views/rsb/admin/settings/index.html.erb +61 -0
data/app/views/rsb/admin/shared/_badge.html.erb +1 -0
data/app/views/rsb/admin/shared/_breadcrumbs.html.erb +12 -0
data/app/views/rsb/admin/shared/_empty_state.html.erb +4 -0
data/app/views/rsb/admin/shared/_flash.html.erb +22 -0
data/app/views/rsb/admin/shared/_header.html.erb +50 -0
data/app/views/rsb/admin/shared/_page_tabs.html.erb +21 -0
data/app/views/rsb/admin/shared/_sidebar.html.erb +99 -0
data/app/views/rsb/admin/shared/disabled.html.erb +38 -0
data/app/views/rsb/admin/shared/fields/_checkbox.html.erb +6 -0
data/app/views/rsb/admin/shared/fields/_datetime.html.erb +10 -0
data/app/views/rsb/admin/shared/fields/_email.html.erb +10 -0
data/app/views/rsb/admin/shared/fields/_hidden.html.erb +1 -0
data/app/views/rsb/admin/shared/fields/_json.html.erb +11 -0
data/app/views/rsb/admin/shared/fields/_number.html.erb +10 -0
data/app/views/rsb/admin/shared/fields/_password.html.erb +10 -0
data/app/views/rsb/admin/shared/fields/_select.html.erb +12 -0
data/app/views/rsb/admin/shared/fields/_text.html.erb +10 -0
data/app/views/rsb/admin/shared/fields/_textarea.html.erb +10 -0
data/app/views/rsb/admin/shared/forbidden.html.erb +22 -0
data/app/views/rsb/admin/themes/modern/views/shared/_header.html.erb +77 -0
data/app/views/rsb/admin/themes/modern/views/shared/_sidebar.html.erb +135 -0
data/app/views/rsb/admin/two_factor/backup_codes.html.erb +48 -0
data/app/views/rsb/admin/two_factor/new.html.erb +53 -0
data/config/locales/en.yml +140 -0
data/config/locales/seo.en.yml +21 -0
data/config/routes.rb +59 -0
data/db/migrate/20260208000003_create_rsb_admin_tables.rb +43 -0
data/db/migrate/20260214000001_add_otp_fields_to_rsb_admin_admin_users.rb +9 -0
data/lib/generators/rsb/admin/install/install_generator.rb +45 -0
data/lib/generators/rsb/admin/install/templates/rsb_admin_seeds.rb +24 -0
data/lib/generators/rsb/admin/theme/templates/theme.css.tt +66 -0
data/lib/generators/rsb/admin/theme/theme_generator.rb +218 -0
data/lib/generators/rsb/admin/views/views_generator.rb +262 -0
data/lib/rsb/admin/breadcrumb_item.rb +26 -0
data/lib/rsb/admin/category_registration.rb +177 -0
data/lib/rsb/admin/column_definition.rb +89 -0
data/lib/rsb/admin/configuration.rb +69 -0
data/lib/rsb/admin/engine.rb +34 -0
data/lib/rsb/admin/filter_definition.rb +129 -0
data/lib/rsb/admin/form_field_definition.rb +96 -0
data/lib/rsb/admin/icons.rb +95 -0
data/lib/rsb/admin/page_registration.rb +140 -0
data/lib/rsb/admin/registry.rb +109 -0
data/lib/rsb/admin/resource_dsl_context.rb +139 -0
data/lib/rsb/admin/resource_registration.rb +287 -0
data/lib/rsb/admin/settings_schema.rb +60 -0
data/lib/rsb/admin/test_kit/helpers.rb +316 -0
data/lib/rsb/admin/test_kit/resource_test_case.rb +193 -0
data/lib/rsb/admin/test_kit.rb +11 -0
data/lib/rsb/admin/theme_definition.rb +46 -0
data/lib/rsb/admin/themes/modern.rb +44 -0
data/lib/rsb/admin/version.rb +9 -0
data/lib/rsb/admin.rb +177 -0
data/lib/tasks/rsb/admin_tasks.rake +23 -0
metadata +227 -0

data/app/models/rsb/admin/admin_user.rb ADDED Viewed

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+module RSB
+  module Admin
+    class AdminUser < ApplicationRecord
+      has_secure_password
+      encrypts :otp_secret
+      encrypts :otp_backup_codes
+      belongs_to :role, optional: true
+      has_many :admin_sessions, dependent: :destroy
+      validates :email, presence: true,
+                        uniqueness: { case_sensitive: false },
+                        format: { with: URI::MailTo::EMAIL_REGEXP }
+      validates :password, length: { minimum: 8 }, if: :password_required?
+      validate :pending_email_uniqueness, if: -> { pending_email.present? }
+      normalizes :email, with: ->(e) { e.strip.downcase }
+      def record_sign_in!(ip:)
+        update_columns(last_sign_in_at: Time.current, last_sign_in_ip: ip)
+      end
+      def can?(resource, action)
+        return false unless role # no role = no access
+        role.can?(resource, action)
+      end
+      # Initiates email verification by storing the new email as pending
+      # and generating a verification token.
+      #
+      # @param new_email [String] the new email address to verify
+      # @return [void]
+      # @raise [ActiveRecord::RecordInvalid] if pending_email fails validation
+      def generate_email_verification!(new_email)
+        update!(
+          pending_email: new_email.strip.downcase,
+          email_verification_token: SecureRandom.urlsafe_base64(32),
+          email_verification_sent_at: Time.current
+        )
+      end
+      # Confirms the pending email change by moving pending_email to email
+      # and clearing all verification fields.
+      #
+      # @return [void]
+      # @raise [ActiveRecord::RecordInvalid] if the email update fails
+      def verify_email!
+        update!(
+          email: pending_email,
+          pending_email: nil,
+          email_verification_token: nil,
+          email_verification_sent_at: nil
+        )
+      end
+      # @return [Boolean] true if there is a pending email awaiting verification
+      def email_verification_pending?
+        pending_email.present?
+      end
+      # @return [Boolean] true if the verification token has expired
+      def email_verification_expired?
+        return true unless email_verification_sent_at
+        email_verification_sent_at < RSB::Admin.configuration.email_verification_expiry.ago
+      end
+      # @return [Boolean] true if TOTP 2FA is fully enabled
+      def otp_enabled?
+        otp_secret.present? && otp_required?
+      end
+      # Generates a new TOTP secret. Does NOT save to database —
+      # the secret is returned for QR code display during enrollment.
+      #
+      # @return [String] base32-encoded TOTP secret
+      def generate_otp_secret!
+        ROTP::Base32.random
+      end
+      # Verifies a TOTP code against the stored secret.
+      #
+      # @param code [String] 6-digit TOTP code
+      # @return [Boolean] true if code is valid (with 30s drift tolerance)
+      def verify_otp(code)
+        return false unless otp_secret.present?
+        totp = ROTP::TOTP.new(otp_secret)
+        totp.verify(code.to_s, drift_behind: 30, drift_ahead: 30).present?
+      end
+      # Generates 10 one-time backup codes. Stores bcrypt hashes in the
+      # database. Returns the plaintext codes for one-time display.
+      #
+      # @return [Array<String>] 10 plaintext backup codes (8 alphanumeric chars each)
+      def generate_backup_codes!
+        codes = 10.times.map { SecureRandom.alphanumeric(8) }
+        hashes = codes.map { |code| BCrypt::Password.create(code) }
+        update!(otp_backup_codes: hashes.to_json)
+        codes
+      end
+      # Verifies a backup code against stored hashes. If valid, the
+      # matching hash is removed (consumed) and the array is saved.
+      #
+      # @param code [String] plaintext backup code
+      # @return [Boolean] true if code matched and was consumed
+      def verify_backup_code(code)
+        return false unless otp_backup_codes.present?
+        stored = JSON.parse(otp_backup_codes)
+        matched_index = stored.index { |hash| BCrypt::Password.new(hash) == code }
+        return false unless matched_index
+        stored.delete_at(matched_index)
+        update!(otp_backup_codes: stored.to_json)
+        true
+      end
+      # Disables TOTP 2FA by clearing all OTP fields.
+      #
+      # @return [void]
+      def disable_otp!
+        update!(otp_secret: nil, otp_required: false, otp_backup_codes: nil)
+      end
+      # Builds the otpauth:// URI for QR code generation.
+      #
+      # @param secret [String] base32-encoded TOTP secret
+      # @param issuer [String] application name for authenticator app display
+      # @return [String] otpauth:// URI
+      def otp_provisioning_uri(secret, issuer: 'RSB Admin')
+        ROTP::TOTP.new(secret, issuer: issuer).provisioning_uri(email)
+      end
+      private
+      def password_required?
+        new_record? || password.present?
+      end
+      def pending_email_uniqueness
+        return unless self.class.where.not(id: id).exists?(email: pending_email)
+        errors.add(:pending_email, 'has already been taken')
+      end
+    end
+  end
+end

data/app/models/rsb/admin/application_record.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module RSB
+  module Admin
+    class ApplicationRecord < ActiveRecord::Base
+      self.abstract_class = true
+      self.table_name_prefix = 'rsb_admin_'
+    end
+  end
+end

data/app/models/rsb/admin/role.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+module RSB
+  module Admin
+    class Role < ApplicationRecord
+      has_many :admin_users, dependent: :restrict_with_error
+      validates :name, presence: true, uniqueness: true
+      # Permissions column has a database default of {}, so it's never nil in practice
+      # Empty permissions hash is valid (role with no access to anything)
+      # Accept permissions as JSON string from forms (legacy)
+      def permissions_json=(json_string)
+        self.permissions = JSON.parse(json_string)
+      rescue JSON::ParserError
+        errors.add(:permissions, 'is not valid JSON')
+      end
+      # Accept permissions from checkbox form params
+      # Expected format: { "rsb_auth_identities" => ["index", "show"], "plans" => ["index"] }
+      def permissions_checkboxes=(checkbox_params)
+        self.permissions = if checkbox_params.blank?
+                             {}
+                           else
+                             # checkbox_params comes as ActionController::Parameters or Hash
+                             # Filter out the dummy field (used to ensure param is always sent)
+                             checkbox_params.to_h
+                                            .reject { |key, _| key.to_s == '_dummy' }
+                                            .transform_values do |actions|
+                                              Array(actions).map(&:to_s).reject(&:blank?)
+                                            end
+                                            .reject { |_, actions| actions.empty? }
+                           end
+      end
+      # Set superadmin permissions when toggle is "1"
+      def superadmin_toggle=(value)
+        return unless ['1', true].include?(value)
+        self.permissions = { '*' => ['*'] }
+      end
+      # Permissions format:
+      # {
+      #   "identities" => ["index", "show"],
+      #   "plans" => ["index", "show", "new", "create", "edit", "update"],
+      #   "settings" => ["index", "update"],
+      #   "*" => ["*"]  # superadmin
+      # }
+      def can?(resource, action)
+        return true if superadmin?
+        allowed = permissions[resource.to_s] || []
+        allowed.include?(action.to_s) || allowed.include?('*')
+      end
+      def superadmin?
+        permissions['*']&.include?('*') || false
+      end
+    end
+  end
+end

data/app/views/layouts/rsb/admin/application.html.erb ADDED Viewed

@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <%= rsb_seo_meta_tags %>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <%= csrf_meta_tags %>
+  <%= rsb_seo_head_tags %>
+  <%= yield :rsb_head %>
+  <% theme = RSB::Admin.current_theme %>
+  <%= stylesheet_link_tag theme.css, media: "all" %>
+  <% if theme.js %>
+    <%= javascript_include_tag theme.js %>
+  <% end %>
+</head>
+<body class="bg-rsb-bg text-rsb-text font-sans">
+  <% admin_user = respond_to?(:current_admin_user) ? current_admin_user : nil %>
+  <% if admin_user %>
+    <div class="flex min-h-screen">
+      <aside class="w-[250px] bg-rsb-sidebar text-rsb-sidebar-text fixed top-0 left-0 bottom-0 overflow-y-auto py-4">
+        <%= render rsb_admin_partial("shared/sidebar") %>
+      </aside>
+      <div class="ml-[250px] flex-1 min-h-screen">
+        <header class="bg-rsb-card border-b border-rsb-border px-6 h-14 flex items-center justify-between">
+          <%= render rsb_admin_partial("shared/header") %>
+        </header>
+        <main class="p-6">
+          <%= render rsb_admin_partial("shared/flash") %>
+          <%= render rsb_admin_partial("shared/breadcrumbs") %>
+          <%= yield %>
+        </main>
+        <% if respond_to?(:rsb_admin_footer_text) && rsb_admin_footer_text.present? %>
+          <footer class="px-6 py-3 text-xs text-rsb-muted border-t border-rsb-border">
+            <%= rsb_admin_footer_text %>
+          </footer>
+        <% end %>
+      </div>
+    </div>
+  <% else %>
+    <%= render rsb_admin_partial("shared/flash") %>
+    <%= yield %>
+  <% end %>
+  <%= rsb_seo_body_tags %>
+  <%= yield :rsb_body %>
+</body>
+</html>

data/app/views/rsb/admin/admin_mailer/email_verification.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<body>
+  <h2>Verify your new email address</h2>
+  <p>You requested to change your admin email to <strong><%= @admin_user.pending_email %></strong>.</p>
+  <p>Click the link below to verify this email address:</p>
+  <p><a href="<%= @verification_url %>"><%= @verification_url %></a></p>
+  <p>This link will expire in 24 hours.</p>
+  <p>If you did not request this change, you can ignore this email.</p>
+</body>
+</html>

data/app/views/rsb/admin/admin_mailer/email_verification.text.erb ADDED Viewed

@@ -0,0 +1,11 @@
+Verify your new email address
+You requested to change your admin email to <%= @admin_user.pending_email %>.
+Click the link below to verify this email address:
+<%= @verification_url %>
+This link will expire in 24 hours.
+If you did not request this change, you can ignore this email.

data/app/views/rsb/admin/admin_users/_form.html.erb ADDED Viewed

@@ -0,0 +1,52 @@
+<%= form_with model: admin_user, url: url, method: method, local: true, scope: :admin_user do |f| %>
+  <% if admin_user.errors.any? %>
+    <div class="bg-rsb-danger-bg text-rsb-danger-text border border-red-200 px-4 py-3 rounded-rsb mb-4 text-sm">
+      <strong><%= rsb_admin_t("errors.prohibited", count: admin_user.errors.count) %></strong>
+      <ul class="mt-2 pl-6 list-disc">
+        <% admin_user.errors.full_messages.each do |message| %>
+          <li><%= message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="mb-4">
+    <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("columns.email") %></label>
+    <%= f.email_field :email, autofocus: true, class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+  </div>
+  <div class="mb-4">
+    <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("sessions.password") %></label>
+    <%= f.password_field :password, class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+    <% if admin_user.persisted? %>
+      <p class="text-xs text-rsb-muted mt-1"><%= rsb_admin_t("admin_users.leave_blank") %></p>
+    <% else %>
+      <p class="text-xs text-rsb-muted mt-1"><%= rsb_admin_t("admin_users.min_password") %></p>
+    <% end %>
+  </div>
+  <div class="mb-4">
+    <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("admin_users.confirm_password") %></label>
+    <%= f.password_field :password_confirmation, class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+  </div>
+  <div class="mb-4">
+    <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("admin_users.role") %></label>
+    <%= f.select :role_id,
+          RSB::Admin::Role.order(:name).map { |r| [r.name, r.id] },
+          { include_blank: rsb_admin_t("admin_users.no_role") },
+          class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+    <p class="text-xs text-rsb-muted mt-1"><%= rsb_admin_t("admin_users.no_role_hint") %></p>
+  </div>
+  <div class="flex gap-3 mt-6">
+    <button type="submit"
+            class="px-4 py-2 bg-rsb-primary text-rsb-primary-text rounded-rsb text-sm font-medium hover:bg-rsb-primary-hover">
+      <%= rsb_admin_t("shared.save") %>
+    </button>
+    <a href="<%= rsb_admin.admin_users_path %>"
+       class="px-4 py-2 border border-rsb-border text-rsb-text rounded-rsb text-sm hover:bg-rsb-bg">
+      <%= rsb_admin_t("shared.cancel") %>
+    </a>
+  </div>
+<% end %>

data/app/views/rsb/admin/admin_users/edit.html.erb ADDED Viewed

@@ -0,0 +1,10 @@
+<div class="flex justify-between items-center mb-6">
+  <h1 class="text-2xl font-bold"><%= rsb_admin_t("shared.edit") %> <%= rsb_admin_t("admin_users.title").singularize %></h1>
+</div>
+<div class="bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+  <%= render rsb_admin_partial("admin_users/form"),
+    admin_user: @admin_user,
+    url: rsb_admin.admin_user_path(@admin_user),
+    method: :patch %>
+</div>

data/app/views/rsb/admin/admin_users/index.html.erb ADDED Viewed

@@ -0,0 +1,77 @@
+<div class="flex justify-between items-center mb-6">
+  <h1 class="text-2xl font-bold"><%= rsb_admin_t("admin_users.title") %></h1>
+  <% if rsb_admin_can?("admin_users", "new") %>
+    <a href="<%= rsb_admin.new_admin_user_path %>"
+       class="inline-flex items-center gap-1 px-4 py-2 bg-rsb-primary text-rsb-primary-text rounded-rsb text-sm font-medium hover:bg-rsb-primary-hover transition-colors">
+      <%= rsb_admin_icon("plus", size: 16) %>
+      <%= rsb_admin_t("shared.new", resource: rsb_admin_t("admin_users.title").singularize) %>
+    </a>
+  <% else %>
+    <span class="inline-flex items-center gap-1 px-4 py-2 bg-rsb-primary/50 text-rsb-primary-text/50 rounded-rsb text-sm font-medium pointer-events-none cursor-not-allowed"
+          title="<%= rsb_admin_t("shared.no_access") %>">
+      <%= rsb_admin_icon("plus", size: 16) %>
+      <%= rsb_admin_t("shared.new", resource: rsb_admin_t("admin_users.title").singularize) %>
+    </span>
+  <% end %>
+</div>
+<div class="bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm overflow-hidden">
+  <% if @admin_users.any? %>
+    <div class="overflow-x-auto">
+      <table class="w-full">
+        <thead>
+          <tr>
+            <th class="px-4 py-3 text-left text-xs font-semibold uppercase tracking-wider text-rsb-muted bg-rsb-bg border-b border-rsb-border"><%= rsb_admin_t("columns.email") %></th>
+            <th class="px-4 py-3 text-left text-xs font-semibold uppercase tracking-wider text-rsb-muted bg-rsb-bg border-b border-rsb-border"><%= rsb_admin_t("roles.title") %></th>
+            <th class="px-4 py-3 text-left text-xs font-semibold uppercase tracking-wider text-rsb-muted bg-rsb-bg border-b border-rsb-border"><%= rsb_admin_t("admin_users.last_sign_in") %></th>
+            <th class="px-4 py-3 text-left text-xs font-semibold uppercase tracking-wider text-rsb-muted bg-rsb-bg border-b border-rsb-border"><%= rsb_admin_t("admin_users.last_ip") %></th>
+            <th class="px-4 py-3 text-right text-xs font-semibold uppercase tracking-wider text-rsb-muted bg-rsb-bg border-b border-rsb-border"></th>
+          </tr>
+        </thead>
+        <tbody>
+          <% @admin_users.each do |admin_user| %>
+            <tr class="hover:bg-rsb-bg border-b border-rsb-border last:border-b-0">
+              <td class="px-4 py-3 text-sm">
+                <a href="<%= rsb_admin.admin_user_path(admin_user) %>" class="text-rsb-primary hover:underline"><%= admin_user.email %></a>
+                <% if admin_user == current_admin_user %>
+                  <%= rsb_admin_badge(rsb_admin_t("admin_users.you"), variant: :success) %>
+                <% end %>
+              </td>
+              <td class="px-4 py-3 text-sm">
+                <% if admin_user.role %>
+                  <a href="<%= rsb_admin.role_path(admin_user.role) %>" class="text-rsb-primary hover:underline"><%= admin_user.role.name %></a>
+                <% else %>
+                  <%= rsb_admin_badge(rsb_admin_t("admin_users.no_role"), variant: :warning) %>
+                <% end %>
+              </td>
+              <td class="px-4 py-3 text-sm">
+                <% if admin_user.last_sign_in_at %>
+                  <%= admin_user.last_sign_in_at.strftime("%b %d, %Y %H:%M") %>
+                <% else %>
+                  <span class="text-rsb-muted"><%= rsb_admin_t("admin_users.never") %></span>
+                <% end %>
+              </td>
+              <td class="px-4 py-3 text-sm"><%= admin_user.last_sign_in_ip || "-" %></td>
+              <td class="px-4 py-3 text-sm text-right">
+                <% if rsb_admin_can?("admin_users", "edit") %>
+                  <a href="<%= rsb_admin.edit_admin_user_path(admin_user) %>"
+                     class="text-rsb-muted hover:text-rsb-text" title="<%= rsb_admin_t("shared.edit") %>">
+                    <%= rsb_admin_icon("edit", size: 16) %>
+                  </a>
+                <% else %>
+                  <span class="text-rsb-muted/40 cursor-not-allowed" title="<%= rsb_admin_t("shared.no_access") %>">
+                    <%= rsb_admin_icon("edit", size: 16) %>
+                  </span>
+                <% end %>
+              </td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    </div>
+  <% else %>
+    <%= render rsb_admin_partial("shared/empty_state"),
+      title: rsb_admin_t("shared.no_results", resource: rsb_admin_t("admin_users.title")),
+      message: rsb_admin_t("shared.no_results_message", resource: rsb_admin_t("admin_users.title")) %>
+  <% end %>
+</div>

data/app/views/rsb/admin/admin_users/new.html.erb ADDED Viewed

@@ -0,0 +1,10 @@
+<div class="flex justify-between items-center mb-6">
+  <h1 class="text-2xl font-bold"><%= rsb_admin_t("shared.new", resource: rsb_admin_t("admin_users.title").singularize) %></h1>
+</div>
+<div class="bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+  <%= render rsb_admin_partial("admin_users/form"),
+    admin_user: @admin_user,
+    url: rsb_admin.admin_users_path,
+    method: :post %>
+</div>

data/app/views/rsb/admin/admin_users/show.html.erb ADDED Viewed

@@ -0,0 +1,85 @@
+<div class="flex justify-between items-center mb-6">
+  <h1 class="text-2xl font-bold"><%= @admin_user.email %></h1>
+  <div class="flex gap-2">
+    <% if rsb_admin_can?("admin_users", "edit") %>
+      <a href="<%= rsb_admin.edit_admin_user_path(@admin_user) %>"
+         class="inline-flex items-center gap-1 px-4 py-2 border border-rsb-border rounded-rsb text-sm hover:bg-rsb-bg">
+        <%= rsb_admin_icon("edit", size: 16) %>
+        <%= rsb_admin_t("shared.edit") %>
+      </a>
+    <% else %>
+      <span class="inline-flex items-center gap-1 px-4 py-2 border border-rsb-border/50 rounded-rsb text-sm text-rsb-muted pointer-events-none cursor-not-allowed"
+            title="<%= rsb_admin_t("shared.no_access") %>">
+        <%= rsb_admin_icon("edit", size: 16) %>
+        <%= rsb_admin_t("shared.edit") %>
+      </span>
+    <% end %>
+    <a href="<%= rsb_admin.admin_users_path %>"
+       class="inline-flex items-center gap-1 px-4 py-2 border border-rsb-border rounded-rsb text-sm hover:bg-rsb-bg">
+      <%= rsb_admin_t("shared.back") %>
+    </a>
+  </div>
+</div>
+<div class="bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+  <div class="grid grid-cols-[200px_1fr] gap-4 py-3 border-b border-rsb-border">
+    <strong class="text-sm text-rsb-muted"><%= rsb_admin_t("columns.email") %></strong>
+    <div><%= @admin_user.email %></div>
+  </div>
+  <div class="grid grid-cols-[200px_1fr] gap-4 py-3 border-b border-rsb-border">
+    <strong class="text-sm text-rsb-muted"><%= rsb_admin_t("roles.title") %></strong>
+    <div>
+      <% if @admin_user.role %>
+        <a href="<%= rsb_admin.role_path(@admin_user.role) %>" class="text-rsb-primary hover:underline"><%= @admin_user.role.name %></a>
+        <% if @admin_user.role.superadmin? %>
+          <%= rsb_admin_badge(rsb_admin_t("roles.superadmin"), variant: :success) %>
+        <% end %>
+      <% else %>
+        <%= rsb_admin_badge(rsb_admin_t("admin_users.no_role"), variant: :warning) %>
+      <% end %>
+    </div>
+  </div>
+  <div class="grid grid-cols-[200px_1fr] gap-4 py-3 border-b border-rsb-border">
+    <strong class="text-sm text-rsb-muted"><%= rsb_admin_t("admin_users.last_sign_in") %></strong>
+    <div>
+      <% if @admin_user.last_sign_in_at %>
+        <%= @admin_user.last_sign_in_at.strftime("%B %d, %Y at %I:%M %p") %>
+      <% else %>
+        <span class="text-rsb-muted"><%= rsb_admin_t("admin_users.never_signed_in") %></span>
+      <% end %>
+    </div>
+  </div>
+  <div class="grid grid-cols-[200px_1fr] gap-4 py-3 border-b border-rsb-border">
+    <strong class="text-sm text-rsb-muted"><%= rsb_admin_t("admin_users.last_ip") %></strong>
+    <div><%= @admin_user.last_sign_in_ip || "-" %></div>
+  </div>
+  <div class="grid grid-cols-[200px_1fr] gap-4 py-3">
+    <strong class="text-sm text-rsb-muted"><%= rsb_admin_t("columns.created_at") %></strong>
+    <div><%= @admin_user.created_at.strftime("%B %d, %Y at %I:%M %p") %></div>
+  </div>
+</div>
+<% unless @admin_user == current_admin_user %>
+  <% if rsb_admin_can?("admin_users", "destroy") %>
+    <div class="mt-6 bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+      <h3 class="text-base font-semibold text-rsb-danger mb-4"><%= rsb_admin_t("shared.danger_zone") %></h3>
+      <%= button_to rsb_admin_t("shared.delete") + " " + rsb_admin_t("admin_users.title").singularize,
+            rsb_admin.admin_user_path(@admin_user),
+            method: :delete,
+            data: { turbo_confirm: rsb_admin_t("admin_users.confirm_delete") },
+            class: "px-4 py-2 bg-rsb-danger text-white rounded-rsb text-sm font-medium hover:bg-red-700" %>
+    </div>
+  <% else %>
+    <div class="mt-6 bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+      <h3 class="text-base font-semibold text-rsb-danger mb-4"><%= rsb_admin_t("shared.danger_zone") %></h3>
+      <span class="inline-flex px-4 py-2 bg-rsb-danger/50 text-white/50 rounded-rsb text-sm font-medium pointer-events-none cursor-not-allowed"
+            title="<%= rsb_admin_t("shared.no_access") %>">
+        <%= rsb_admin_t("shared.delete") %> <%= rsb_admin_t("admin_users.title").singularize %>
+      </span>
+    </div>
+  <% end %>
+<% end %>

data/app/views/rsb/admin/dashboard/index.html.erb ADDED Viewed

@@ -0,0 +1,36 @@
+<div class="flex justify-between items-center mb-6">
+  <h1 class="text-2xl font-bold"><%= rsb_admin_t("dashboard.title") %></h1>
+</div>
+<div class="bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+  <h2 class="text-base font-semibold mb-2"><%= rsb_admin_t("dashboard.guide_title") %></h2>
+  <p class="text-sm text-rsb-muted mb-4"><%= rsb_admin_t("dashboard.guide_description") %></p>
+  <div class="bg-rsb-bg border border-rsb-border rounded-rsb p-4 mb-4">
+    <p class="text-xs text-rsb-muted mb-2"><%= rsb_admin_t("dashboard.guide_step1") %></p>
+    <pre class="text-sm overflow-x-auto"><code># config/initializers/rsb_admin.rb
+RSB::Admin.registry.register_dashboard(
+  controller: "admin/dashboard",
+  actions: [
+    { key: :index, label: "Overview" },
+    { key: :metrics, label: "Metrics" }
+  ]
+)</code></pre>
+  </div>
+  <div class="bg-rsb-bg border border-rsb-border rounded-rsb p-4">
+    <p class="text-xs text-rsb-muted mb-2"><%= rsb_admin_t("dashboard.guide_step2") %></p>
+    <pre class="text-sm overflow-x-auto"><code># app/controllers/admin/dashboard_controller.rb
+class Admin::DashboardController < RSB::Admin::AdminController
+  def index
+    @stats = { users: User.count, revenue: Order.sum(:total) }
+  end
+  def metrics
+    @metrics = Metric.recent
+  end
+end</code></pre>
+  </div>
+</div>

data/app/views/rsb/admin/profile/edit.html.erb ADDED Viewed

@@ -0,0 +1,67 @@
+<div class="flex justify-between items-center mb-6">
+  <h1 class="text-2xl font-bold"><%= rsb_admin_t("profile.edit_title") %></h1>
+  <a href="<%= rsb_admin.profile_path %>"
+     class="inline-flex items-center gap-1 px-4 py-2 border border-rsb-border rounded-rsb text-sm hover:bg-rsb-bg">
+    <%= rsb_admin_t("shared.back") %>
+  </a>
+</div>
+<div class="bg-rsb-card border border-rsb-border rounded-rsb-lg shadow-rsb-sm p-6">
+  <%= form_with model: @admin_user, url: rsb_admin.profile_path, method: :patch, local: true, scope: :admin_user do |f| %>
+    <% if @admin_user.errors.any? %>
+      <div class="bg-rsb-danger-bg text-rsb-danger-text border border-red-200 px-4 py-3 rounded-rsb mb-4 text-sm">
+        <strong><%= rsb_admin_t("errors.prohibited", count: @admin_user.errors.count) %></strong>
+        <ul class="mt-2 pl-6 list-disc">
+          <% @admin_user.errors.full_messages.each do |message| %>
+            <li><%= message %></li>
+          <% end %>
+        </ul>
+      </div>
+    <% end %>
+    <div class="mb-4">
+      <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("profile.current_email") %></label>
+      <%= f.email_field :email, autofocus: true, class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+      <% if @admin_user.email_verification_pending? %>
+        <p class="text-xs text-rsb-warning mt-1">
+          <%= rsb_admin_t("profile.pending_email_hint", email: @admin_user.pending_email) %>
+        </p>
+      <% end %>
+    </div>
+    <div class="border-t border-rsb-border mt-6 pt-6">
+      <h3 class="text-sm font-semibold mb-4"><%= rsb_admin_t("profile.new_password") %></h3>
+      <div class="mb-4">
+        <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("profile.new_password") %></label>
+        <%= f.password_field :password, class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+        <p class="text-xs text-rsb-muted mt-1"><%= rsb_admin_t("profile.new_password_hint") %></p>
+      </div>
+      <div class="mb-4">
+        <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("profile.confirm_password") %></label>
+        <%= f.password_field :password_confirmation, class: "w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10" %>
+      </div>
+    </div>
+    <div class="border-t border-rsb-border mt-6 pt-6">
+      <div class="mb-4">
+        <label class="block text-sm font-medium mb-1"><%= rsb_admin_t("profile.current_password") %></label>
+        <input type="password" name="current_password" required
+               class="w-full px-3 py-2 border border-rsb-border rounded-rsb text-sm focus:outline-none focus:border-rsb-primary focus:ring-2 focus:ring-rsb-primary/10">
+        <p class="text-xs text-rsb-muted mt-1"><%= rsb_admin_t("profile.current_password_hint") %></p>
+      </div>
+    </div>
+    <div class="flex gap-3 mt-6">
+      <button type="submit"
+              class="px-4 py-2 bg-rsb-primary text-rsb-primary-text rounded-rsb text-sm font-medium hover:bg-rsb-primary-hover">
+        <%= rsb_admin_t("shared.save") %>
+      </button>
+      <a href="<%= rsb_admin.profile_path %>"
+         class="px-4 py-2 border border-rsb-border text-rsb-text rounded-rsb text-sm hover:bg-rsb-bg">
+        <%= rsb_admin_t("shared.cancel") %>
+      </a>
+    </div>
+  <% end %>
+</div>