@gelabs/ovr 0.2.2 → 0.3.0

package/dist/{types-CtBC5-TW.d.ts → types-BOgdk0Jw.d.ts}

@@ -101,7 +101,126 @@ declare const baseCopy: {
         readonly dashboard: "Dashboard";
         readonly tickets: "Tickets";
         readonly issueTicket: "Issue ticket";
+        readonly accounts: "Accounts";
+        readonly roles: "Roles";
+        readonly officers: "Officers";
+        readonly logs: "Activity log";
+        readonly more: "More";
+        readonly signOut: "Sign out";
+        readonly signOutConfirmTitle: "Sign out?";
+        readonly signOutConfirmBody: "You'll need to sign in again to issue or manage tickets.";
+        readonly cancel: "Cancel";
         readonly newTicketTitle: "Issue Violation Ticket";
+        readonly accountsPage: {
+            readonly title: "Accounts";
+            readonly subtitle: "Create and manage who can sign in to the enforcer portal. Each account's role decides what it can see and do.";
+            readonly newAccount: "New account";
+            readonly edit: "Edit";
+            readonly editTitle: "Edit account";
+            readonly saveChanges: "Save changes";
+            readonly username: "Username";
+            readonly password: "Password";
+            readonly role: "Role";
+            readonly officer: "Linked officer";
+            readonly officerNone: "— None —";
+            readonly officerHint: "Link an enforcer to an officer record so issued tickets are attributed.";
+            readonly status: "Status";
+            readonly active: "Active";
+            readonly inactive: "Inactive";
+            readonly created: "Created";
+            readonly actions: "Actions";
+            readonly create: "Create account";
+            readonly creating: "Creating…";
+            readonly deactivate: "Deactivate";
+            readonly activate: "Activate";
+            readonly resetPassword: "Reset password";
+            readonly newPassword: "New password";
+            readonly save: "Save";
+            readonly saving: "Saving…";
+            readonly cancel: "Cancel";
+            readonly empty: "No accounts yet — create the first one.";
+            readonly you: "You";
+        };
+        readonly rolesPage: {
+            readonly title: "Roles & permissions";
+            readonly subtitle: "Define what each role can do. Create custom roles, set their permissions, then assign them to accounts.";
+            readonly newRole: "New role";
+            readonly roleName: "Role name";
+            readonly roleNamePlaceholder: "e.g. Cashier, Supervisor";
+            readonly permissions: "Permissions";
+            readonly editPermissions: "Edit permissions";
+            readonly noPermissions: "No permissions";
+            readonly permissionsCount: "permissions";
+            readonly system: "System";
+            readonly custom: "Custom";
+            readonly create: "Create role";
+            readonly creating: "Creating…";
+            readonly save: "Save";
+            readonly saving: "Saving…";
+            readonly saved: "Saved";
+            readonly cancel: "Cancel";
+            readonly delete: "Delete";
+            readonly deleteConfirmTitle: "Delete this role?";
+            readonly deleteConfirmBody: "Move any accounts off this role first. This can't be undone.";
+            readonly lockedHint: "Super Admin always keeps account & role management.";
+            readonly empty: "No roles yet — create the first one.";
+            readonly inUseSuffix: "in use";
+        };
+        readonly logsPage: {
+            readonly title: "Activity log";
+            readonly subtitle: "Audit trail of what accounts did — sign-ins, ticket issuance, and account & role changes.";
+            readonly allActions: "All actions";
+            readonly search: "Search actor or detail…";
+            readonly actor: "Actor";
+            readonly action: "Action";
+            readonly detail: "Detail";
+            readonly when: "When";
+            readonly empty: "No activity recorded yet.";
+            readonly system: "system";
+        };
+        readonly officersPage: {
+            readonly title: "Apprehending officers";
+            readonly subtitle: "Officers who apprehend violations — shown in the Issue-Ticket form and linked to enforcer accounts.";
+            readonly newOfficer: "New officer";
+            readonly name: "Full name";
+            readonly namePlaceholder: "e.g. DELA CRUZ, JUAN P.";
+            readonly badge: "Badge no.";
+            readonly badgePlaceholder: "e.g. A176";
+            readonly office: "Office";
+            readonly officePlaceholder: "e.g. POSO";
+            readonly edit: "Edit";
+            readonly editTitle: "Edit officer";
+            readonly create: "Add officer";
+            readonly creating: "Adding…";
+            readonly save: "Save";
+            readonly saving: "Saving…";
+            readonly cancel: "Cancel";
+            readonly delete: "Remove";
+            readonly deleteConfirmTitle: "Remove this officer?";
+            readonly deleteConfirmBody: "This can't be undone. Officers with issued tickets or a linked account can't be removed.";
+            readonly empty: "No officers yet — add the first one.";
+            readonly actions: "Actions";
+        };
+        readonly notifications: {
+            readonly title: "Notifications";
+            readonly subtitle: "Tickets that need attention — overdue and outstanding.";
+            readonly empty: "You're all caught up.";
+            readonly overdue: "Overdue";
+            readonly outstanding: "Outstanding";
+            readonly viewAll: "View all";
+        };
+        readonly changePassword: {
+            readonly title: "Change password";
+            readonly subtitle: "Enter your current password, then your new one.";
+            readonly current: "Current password";
+            readonly new: "New password";
+            readonly confirm: "Confirm new password";
+            readonly submit: "Update password";
+            readonly saving: "Updating…";
+            readonly cancel: "Cancel";
+            readonly mismatch: "New passwords don't match.";
+            readonly success: "Password updated.";
+        };
         readonly sync: {
             readonly offline: "Offline";
             readonly syncing: "Syncing…";

package/dist/types.d.ts

@@ -42,6 +42,12 @@ interface Officer {
     badgeNo?: string;
     office: string;
 }
+/** What an admin submits to add/edit an apprehending officer (GE-025). */
+interface NewOfficerInput {
+    name: string;
+    badgeNo?: string;
+    office: string;
+}
 type PaymentMethod = "GCASH" | "MAYA" | "LANDBANK" | "OVER_THE_COUNTER";
 interface Payment {
     method: PaymentMethod;
@@ -65,6 +71,8 @@ interface TicketRecord {
     violations: IssuedViolation[];
     remarks?: string;
     issuedBy?: string;
+    apprehendingEnforcerId?: string;
+    apprehendingEnforcerName?: string;
     assessedAt: string;
     dueDate: string;
     basicFinesTotal: number;
@@ -78,5 +86,89 @@ interface Ticket extends TicketRecord {
     penaltyAmount: number;
     totalAmountDue: number;
 }
+/** Every capability the app gates on. Add a gate by extending this + the catalog. */
+type Permission = "dashboard:view" | "tickets:view" | "tickets:create" | "accounts:manage" | "roles:manage" | "officers:manage" | "logs:view" | "notifications:view";
+interface PermissionDef {
+    key: Permission;
+    label: string;
+    description: string;
+}
+/** The catalog shown in the Roles editor (array order = display order). */
+declare const PERMISSION_CATALOG: PermissionDef[];
+declare const ALL_PERMISSIONS: Permission[];
+/** A role + its permission set. `isSystem` roles can't be renamed or deleted. */
+interface RoleDef {
+    name: string;
+    label: string;
+    isSystem: boolean;
+    permissions: Permission[];
+}
+/** What an admin submits to create a custom role. */
+interface NewRoleInput {
+    label: string;
+    permissions: Permission[];
+}
+/** The built-in roles, seeded into every deployment. */
+declare const SYSTEM_ROLES: RoleDef[];
+/** Default role assigned to a new account / seeded login. */
+declare const DEFAULT_ROLE_NAME = "ENFORCER";
+/** SUPER_ADMIN ALWAYS keeps these (anti-lockout): locked-on in the Roles editor
+ *  and re-asserted server-side, so no one can revoke their own ability to manage
+ *  accounts/roles and lock everyone out. */
+declare const SUPER_ADMIN_LOCKED_PERMISSIONS: Permission[];
+/** Whether a permission set grants a capability. Safe with null/undefined. */
+declare function hasPermission(permissions: readonly string[] | null | undefined, permission: Permission): boolean;
+/** A user account as shown to admins (NEVER carries the password hash). */
+interface UserAccount {
+    id: string;
+    username: string;
+    role: string;
+    roleLabel?: string;
+    active: boolean;
+    officerId: string | null;
+    /** Convenience: the linked officer's display name, if any. */
+    officerName?: string;
+    createdAt: string;
+}
+/** What an admin submits to create an account. The password hash is computed by
+ *  the app (argon2 stays out of the data layer), mirroring the seed path. */
+interface NewUserInput {
+    username: string;
+    passwordHash: string;
+    role: string;
+    officerId?: string | null;
+}
+/** The recorded action kinds (extensible; stored as a string for forward-compat). */
+declare const ACTIVITY_ACTIONS: readonly ["auth.login", "auth.logout", "ticket.issued", "account.create", "account.update", "account.activate", "account.deactivate", "account.password_reset", "account.password_change", "role.create", "role.update", "role.delete", "officer.create", "officer.update", "officer.delete"];
+type ActivityAction = (typeof ACTIVITY_ACTIONS)[number];
+declare const ACTIVITY_ACTION_LABELS: Record<ActivityAction, string>;
+/** One audit-trail entry: who did what, when. */
+interface ActivityLog {
+    id: string;
+    actorId: string | null;
+    actorUsername: string | null;
+    action: string;
+    summary: string;
+    targetType?: string;
+    targetId?: string;
+    createdAt: string;
+}
+/** What the app records for an event (id + createdAt are assigned by the store). */
+interface NewActivityInput {
+    actorId?: string | null;
+    actorUsername?: string | null;
+    action: ActivityAction;
+    summary: string;
+    targetType?: string;
+    targetId?: string;
+}
+/** Filter for an activity-log query. */
+interface ActivityFilter {
+    action?: string;
+    actorId?: string;
+    fromISO?: string;
+    toISO?: string;
+    limit?: number;
+}
 
-export type { IssuedViolation, Officer, Payment, PaymentMethod, PaymentStatus, Ticket, TicketRecord, TicketStatus, ViolationCatalogItem, ViolationCategory, Violator };
+export { ACTIVITY_ACTIONS, ACTIVITY_ACTION_LABELS, ALL_PERMISSIONS, type ActivityAction, type ActivityFilter, type ActivityLog, DEFAULT_ROLE_NAME, type IssuedViolation, type NewActivityInput, type NewOfficerInput, type NewRoleInput, type NewUserInput, type Officer, PERMISSION_CATALOG, type Payment, type PaymentMethod, type PaymentStatus, type Permission, type PermissionDef, type RoleDef, SUPER_ADMIN_LOCKED_PERMISSIONS, SYSTEM_ROLES, type Ticket, type TicketRecord, type TicketStatus, type UserAccount, type ViolationCatalogItem, type ViolationCategory, type Violator, hasPermission };

package/dist/types.js

@@ -1 +1 @@
-
+export { ACTIVITY_ACTIONS, ACTIVITY_ACTION_LABELS, ALL_PERMISSIONS, DEFAULT_ROLE_NAME, PERMISSION_CATALOG, SUPER_ADMIN_LOCKED_PERMISSIONS, SYSTEM_ROLES, hasPermission } from './chunk-IS3THKTE.js';

package/dist/ui-components-admin/accounts-manager.d.ts

@@ -0,0 +1,52 @@
+import * as React from 'react';
+import { UserAccount, Officer, RoleDef } from '../types.js';
+
+/**
+ * Account management UI (GE-013). Super admins create & manage who can sign in to
+ * the enforcer portal; each account's role decides what it can see/do. The server
+ * actions (create / activate / reset password) are INJECTED by the page so this
+ * component stays free of any app-specific data wiring — mirrors IssuanceForm.
+ *
+ * Online-only: account management needs the server (argon2 + DB). After a mutation
+ * we refresh the route so the server-rendered list reflects the change.
+ */
+
+/** What the create form submits — the page hashes the password server-side. */
+interface CreateAccountInput {
+    username: string;
+    password: string;
+    role: string;
+    officerId: string | null;
+}
+type CreateAccountAction = (input: CreateAccountInput) => Promise<{
+    error?: string;
+} | void>;
+type SetAccountActiveAction = (id: string, active: boolean) => Promise<{
+    error?: string;
+} | void>;
+type ResetAccountPasswordAction = (id: string, password: string) => Promise<{
+    error?: string;
+} | void>;
+interface EditAccountInput {
+    username?: string;
+    role?: string;
+    officerId?: string | null;
+}
+type EditAccountAction = (id: string, patch: EditAccountInput) => Promise<{
+    error?: string;
+} | void>;
+interface AccountsManagerProps {
+    users: UserAccount[];
+    officers: Officer[];
+    /** Roles assignable to accounts (system + custom). */
+    roles: RoleDef[];
+    /** The signed-in user's id — so they can't deactivate their own account. */
+    currentUserId?: string;
+    createAction: CreateAccountAction;
+    editAction: EditAccountAction;
+    setActiveAction: SetAccountActiveAction;
+    resetPasswordAction: ResetAccountPasswordAction;
+}
+declare function AccountsManager({ users, officers, roles, currentUserId, createAction, editAction, setActiveAction, resetPasswordAction, }: AccountsManagerProps): React.JSX.Element;
+
+export { AccountsManager, type AccountsManagerProps, type CreateAccountAction, type CreateAccountInput, type EditAccountAction, type EditAccountInput, type ResetAccountPasswordAction, type SetAccountActiveAction };