@fishawack/lab-velocity 2.0.0-beta.5 → 2.0.0-beta.50

package/_Build/vue/modules/AuthModule/js/router.js

@@ -3,8 +3,22 @@
 import { h } from "vue";
 import { RouterView } from "vue-router";
 
+import { routes as resourceRoutes } from "../../resource/index.js";
+
+import defaultUserResource from "../routes/PUsers/resource.js";
+import defaultCompanyResource from "../routes/PCompanies/resource.js";
+import defaultTeamResource from "../routes/PTeams/resource.js";
+import defaultIntegrationResource from "../routes/PIntegrations/resource.js";
+
 // Admin routes export - minimal auth flow (headless login only)
-export function adminRoutes(node) {
+export function adminRoutes(node, overrides = {}) {
+    const {
+        userResource = defaultUserResource,
+        companyResource = defaultCompanyResource,
+        teamResource = defaultTeamResource,
+        integrationResource = defaultIntegrationResource,
+    } = overrides;
+
     return [
         {
             path: "/auth",
@@ -37,96 +51,25 @@ export function adminRoutes(node) {
                         : require("../routes/logincallback.vue").default,
                     name: "auth.callback",
                 },
-            ],
-        },
-        {
-            path: "/users",
-            component: node
-                ? ""
-                : require("../adminRoutes/PUsers/parent.vue").default,
-            children: [
                 {
-                    path: "",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PUsers/Children/index.vue")
-                              .default,
-                    name: "users.index",
-                },
-                {
-                    path: "create",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PUsers/Children/create.vue")
-                              .default,
-                    name: "users.create",
-                },
-                {
-                    path: ":id",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PUsers/Children/show.vue")
-                              .default,
-                    name: "users.show",
-                },
-                {
-                    path: ":id/edit",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PUsers/Children/edit.vue")
-                              .default,
-                    name: "users.edit",
-                },
-            ],
-        },
-        {
-            path: "/companies",
-            component: node
-                ? ""
-                : require("../adminRoutes/PCompanies/parent.vue").default,
-            children: [
-                {
-                    path: "",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PCompanies/Children/index.vue")
-                              .default,
-                    name: "companies.index",
-                },
-                {
-                    path: "create",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PCompanies/Children/create.vue")
-                              .default,
-                    name: "companies.create",
-                },
-                {
-                    path: ":id",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PCompanies/Children/show.vue")
-                              .default,
-                    name: "companies.show",
-                },
-                {
-                    path: ":id/edit",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PCompanies/Children/edit.vue")
-                              .default,
-                    name: "companies.edit",
-                },
-                {
-                    path: ":id/upload",
-                    component: node
-                        ? ""
-                        : require("../adminRoutes/PCompanies/Children/Upload/upload.vue")
-                              .default,
-                    name: "companies.upload",
+                    path: "verify",
+                    component: require("../routes/verify.vue").default,
+                    name: "auth.verify",
                 },
             ],
         },
+        ...resourceRoutes(node, ...userResource),
+        ...resourceRoutes(node, ...companyResource, [
+            ...resourceRoutes(node, teamResource[0], {
+                ...teamResource[1],
+                routeName: "companies.teams",
+            }),
+        ]),
+        ...resourceRoutes(node, teamResource[0], {
+            ...teamResource[1],
+            routeName: "teams",
+        }),
+        ...resourceRoutes(node, ...integrationResource),
     ];
 }
 
@@ -241,50 +184,84 @@ export function routes(node) {
 }
 
 export function beforeEach(router, store) {
+    let initialLoad = true;
+
+    // These routes must always be reachable regardless of auth/verification state.
+    // Without this, force_password_change or unverified state can trap the user with
+    // no way to log out or complete an SSO callback.
+    const ALWAYS_ALLOW = new Set(["auth.logout", "auth.callback"]);
+
     router.beforeEach(async (to, from, next) => {
-        // If authenticated query param is present, assume authentication has happened elsewhere and attempt to fetch user data
-        if (to.query.authenticated && !store.getters.authenticated) {
+        // Refresh user state on initial page load (handles cross-app state sync)
+        // or when authenticated query param is present (bypass/redirect flow)
+        if (
+            (store.getters.authenticated && initialLoad) ||
+            to.query.authenticated
+        ) {
             await store.dispatch("getUser", {
                 errors: (e) => console.error(e),
             });
         }
 
+        initialLoad = false;
+
         const { user, redirect } = store.state.auth;
+        const isGuestRoute = to.matched.some((d) => d.meta.guest) === true;
 
-        // User verification handling and redirect if user alrady verified but accessing an expired verification route
+        // Logout and SSO callback must always be reachable — prevents every
+        // possible "stuck" scenario caused by state-based redirects below.
+        if (ALWAYS_ALLOW.has(to.name)) {
+            return next();
+        }
+
+        // Redirect already-verified users away from verification routes
         if (
             to.query.verified ||
             (to.name === "auth.expired-verification" && user?.email_verified_at)
         ) {
-            next({ name: "auth.success-verify" });
-        } else if (store.getters.authenticated) {
-            // User is authenticated - check permissions and redirect appropriately
-            if (user.force_password_change && to.name !== "auth.force-reset") {
-                // User needs to change password - redirect to force reset
-                next({ name: "auth.force-reset" });
-            } else if (to.name === "auth.login") {
-                // Already logged in user hitting login
-                next({ name: redirect });
-            } else if (
+            return next({ name: "auth.success-verify" });
+        }
+
+        if (store.getters.authenticated) {
+            // 1. Email verification is the highest priority redirect.
+            //    Must come before force_password_change — there is no point forcing
+            //    a password change on an account that hasn't been verified yet.
+            //    Guest routes, auth.verify and auth.expired-verification are exempt
+            //    so the user can always complete or re-request verification.
+            if (
                 !user?.email_verified_at &&
-                to.matched.some((d) => d.meta.guest) !== true
+                !isGuestRoute &&
+                to.name !== "auth.verify" &&
+                to.name !== "auth.expired-verification"
             ) {
-                // User needs email verification and trying to access protected route
-                next({ name: "auth.verify" });
-            } else {
-                // User is authenticated and authorized - proceed
-                next();
+                return next({ name: "auth.verify" });
             }
-        } else {
-            // User is not authenticated - handle guest routes and login redirects
-            if (to.matched.some((d) => d.meta.guest) === true) {
-                // Route allows guest access - proceed
-                next();
-            } else {
-                // Protected route requires authentication - redirect to standard login
-                next({ name: "auth.login" });
+
+            // 2. Force password change applies only after verification is satisfied.
+            //    Guest routes are exempt so the user can still navigate within /auth
+            //    (e.g. auth.verify, auth.expired-verification) without looping.
+            if (
+                user?.force_password_change &&
+                !isGuestRoute &&
+                to.name !== "auth.force-reset"
+            ) {
+                return next({ name: "auth.force-reset" });
+            }
+
+            // 3. Redirect an already-authenticated user away from the login page
+            if (to.name === "auth.login") {
+                return next({ name: redirect });
             }
+
+            return next();
+        }
+
+        // Unauthenticated: allow guest routes, otherwise redirect to login
+        if (isGuestRoute) {
+            return next();
         }
+
+        return next({ name: "auth.login" });
     });
 }
 

package/_Build/vue/modules/AuthModule/js/store.js

@@ -7,6 +7,9 @@ const store = {
             intended: null,
             user: null,
             redirect: process.env.HYDRATE_REDIRECT ?? "index",
+            logo: process.env.HYDRATE_LOGO ?? "example-logo",
+            logoReverse:
+                process.env.HYDRATE_LOGO_REVERSE ?? process.env.HYDRATE_LOGO,
             contact:
                 process.env.HYDRATE_CONTACT ?? "mailto:det@avalerehealth.com",
         };
@@ -15,12 +18,18 @@ const store = {
     getters: {
         authenticated: (state) => !!state.user,
         can: (state) => (permission) => {
-            return state.user?.permissions
-                .map(({ name }) => name)
-                .includes(permission);
+            const arr = Array.isArray(permission) ? permission : [permission];
+            const userPermissions = state.user?.permissions.map(
+                ({ name }) => name,
+            );
+
+            return arr.every((name) => userPermissions?.includes(name));
         },
         hasRole: (state) => (role) => {
-            return state.user?.roles.map(({ name }) => name).includes(role);
+            const arr = Array.isArray(role) ? role : [role];
+            const userRoles = state.user?.roles.map(({ name }) => name);
+
+            return arr.every((name) => userRoles?.includes(name));
         },
     },
 
@@ -38,7 +47,7 @@ const store = {
     },
 
     actions: {
-        getUser({ commit }, { errors, query = "", params }) {
+        getUser({ commit }, { errors = console.log, query = "", params } = {}) {
             return axios
                 .get(`/api/users/self${query}`, {
                     params,
@@ -51,11 +60,19 @@ const store = {
                 .catch(errors);
         },
 
-        logout({ commit }, { errors }) {
+        logout({ commit }) {
             commit("setUser", null);
 
             return axios.post("/logout");
         },
+
+        stopImpersonating({ commit }) {
+            return axios.post("/api/users/impersonate/stop").then((res) => {
+                commit("setUser", res.data.data);
+
+                return res.data.data;
+            });
+        },
     },
 };
 

package/_Build/vue/modules/AuthModule/routes/PCompanies/columns.js

@@ -0,0 +1,268 @@
+import { h, resolveComponent } from "vue";
+import { ElInput } from "element-plus";
+
+import VelBasic from "../../../../components/form/basic.vue";
+import VelButton from "../../../../components/basic/Button.vue";
+import VelSelect from "../../../../components/form/Select.vue";
+import VelFormRole from "../../../../components/layout/FormRole.vue";
+import Chip from "../../../../components/layout/Chip.vue";
+import Chips from "../../../../components/layout/Chips.vue";
+
+export default [
+    {
+        key: "name",
+        sortable: true,
+    },
+    {
+        key: "primary_contact",
+        label: "Primary Contact",
+        condition: {
+            table: false,
+            form: {
+                write: ({ method }) => method === "patch",
+            },
+        },
+        preparation: ({ form }) => form.primary_contact?.id,
+        render: {
+            read: ({ model }) => h("span", model.primary_contact?.name),
+            write: ({ $route }) =>
+                h(VelSelect, {
+                    endpoint: `api/users`,
+                    params: {
+                        "filter[company_id]": $route.params.companiesId,
+                    },
+                    labelKey: "name",
+                    filterable: true,
+                    searchParam: "name",
+                }),
+        },
+    },
+    {
+        key: "primary_contact_email",
+        label: "Primary Contact Email",
+        condition: {
+            table: false,
+            form: false,
+        },
+        render: {
+            read: ({ model }) => h("span", model.primary_contact?.email),
+        },
+    },
+    {
+        key: "primary_contact_contacted",
+        label: "Primary Contact Contacted",
+        condition: {
+            table: false,
+            form: false,
+        },
+        render: {
+            read: ({ model }) =>
+                h("span", String(!!model.primary_contact_contacted)),
+        },
+    },
+    {
+        key: "domains",
+        condition: {
+            table: false,
+        },
+        initial: ({ model }) => model?.domains || [],
+        render: {
+            read: ({ model }) => h("span", model.domains.join(", ")),
+            write: ({ form }) =>
+                h("div", { class: "form__group vel-basic" }, [
+                    h("p", { class: "my-0" }, [
+                        "Domain/s ",
+                        h("sup", { class: "color-status-red-100" }, "*"),
+                    ]),
+                    h(
+                        "ul",
+                        { class: "list-none pl-0 mt mb-2" },
+                        form.domains.map((domain, index) =>
+                            h("li", { key: index, class: "mb-0.5" }, [
+                                h(
+                                    ElInput,
+                                    {
+                                        modelValue: form.domains[index],
+                                        "onUpdate:modelValue": (val) => {
+                                            form.domains[index] = val;
+                                        },
+                                        placeholder: "avalerehealth.com",
+                                    },
+                                    {
+                                        prepend: () => "@",
+                                        append: () =>
+                                            h(
+                                                VelButton,
+                                                {
+                                                    type: "danger",
+                                                    onClick: () =>
+                                                        form.domains.splice(
+                                                            index,
+                                                            1,
+                                                        ),
+                                                },
+                                                () =>
+                                                    h(
+                                                        resolveComponent(
+                                                            "GSvg",
+                                                        ),
+                                                        {
+                                                            class: "vel-icon",
+                                                            name: "icon-trash",
+                                                        },
+                                                    ),
+                                            ),
+                                    },
+                                ),
+                                form.errors?.has?.(`domains.${index}`) &&
+                                    h(
+                                        "small",
+                                        {
+                                            class: "form__error vel-basic__error",
+                                        },
+                                        form.errors.first(`domains.${index}`),
+                                    ),
+                            ]),
+                        ),
+                    ),
+                    h("div", [
+                        h(
+                            VelButton,
+                            {
+                                onClick: () => form.domains.push(""),
+                            },
+                            () => [
+                                "Add Domain ",
+                                h(resolveComponent("GIcon"), {
+                                    name: "icon-plus",
+                                    embed: true,
+                                    asis: true,
+                                    class: "fill-0 icon--0.5 ml",
+                                }),
+                            ],
+                        ),
+                    ]),
+                ]),
+        },
+    },
+    {
+        key: "seats",
+        label: "Available Seats",
+        type: "number",
+        min: 0,
+        condition: {
+            table: false,
+        },
+    },
+    {
+        key: "user_count",
+        label: "Total Users",
+        width: "150",
+        condition: {
+            form: false,
+        },
+    },
+    {
+        key: "sso_enabled",
+        label: "SSO Enabled",
+        condition: {
+            table: false,
+            form: false,
+        },
+    },
+    {
+        key: "roles",
+        label: "Role",
+        condition: {
+            description: false,
+            form: {
+                write: ({ $store }) => $store.getters.can("edit roles"),
+            },
+        },
+        initial: ({ model }) =>
+            model?.roles.map((val) => ({
+                label: val.label,
+                value: val.id,
+            })) || [],
+        preparation: ({ form }) =>
+            form.roles.map((d) => (typeof d === "object" ? d.value : d)),
+        render: {
+            read: ({ model }) =>
+                h(
+                    model.roles.length === 1 ? Chip : Chips,
+                    model.roles.length === 1
+                        ? {
+                              name: model.roles[0].name,
+                              label: model.roles[0].label,
+                          }
+                        : { array: model.roles },
+                ),
+            write: ({ model, form }) =>
+                h(VelFormRole, {
+                    overrides: model?.overrides_roles_and_permissions,
+                    form,
+                }),
+        },
+    },
+    {
+        key: "sso_type",
+        label: "Provider",
+        condition: {
+            table: false,
+            description: false,
+            form: {
+                write: ({ $store }) => $store.getters.can("edit sso"),
+            },
+        },
+        initial: ({ model }) => model?.sso_type || undefined,
+        preparation: ({ form }) => form.sso_type?.value,
+        render: {
+            write: () =>
+                h(VelSelect, {
+                    clearable: true,
+                    class: "mt-2",
+                    options: [
+                        { value: "azure", label: "azure" },
+                        { value: "google", label: "google" },
+                    ],
+                }),
+        },
+    },
+    {
+        key: "sso_client_id",
+        label: "Key",
+        condition: {
+            table: false,
+            description: false,
+            form: {
+                write: ({ $store }) => $store.getters.can("edit sso"),
+            },
+        },
+        initial: ({ model }) => model?.sso_client_id || undefined,
+    },
+    {
+        key: "sso_tenant",
+        label: "Tenant",
+        condition: {
+            table: false,
+            description: false,
+            form: {
+                write: ({ $store }) => $store.getters.can("edit sso"),
+            },
+        },
+        initial: ({ model }) => model?.sso_tenant || undefined,
+    },
+    {
+        key: "sso_client_secret",
+        label: "Secret",
+        type: "password",
+        condition: {
+            table: false,
+            description: false,
+            form: {
+                write: ({ $store }) => $store.getters.can("edit sso"),
+            },
+        },
+        initial: ({ model }) => model?.sso_client_secret || undefined,
+    },
+];