@objectstack/platform-objects 6.9.0 → 7.1.0

package/dist/pages/index.d.mts

@@ -0,0 +1,73 @@
+import { Page } from '@objectstack/spec/ui';
+
+/**
+ * sys_organization — Record Detail Page (slotted)
+ *
+ * Adds Members / Invitations / Teams tabs to the organization detail
+ * page so an admin can manage the membership graph from a single place
+ * instead of switching between three separate Setup list views.
+ *
+ * The page is `kind: 'slotted'` and overrides only the `tabs` slot —
+ * header, actions, highlights, details and discussion fall through to
+ * the synthesized default, so the organization's own fields and the
+ * existing record-header actions (Set Active, Edit, Delete, Leave) are
+ * preserved.
+ *
+ * Each tab is a `record:related_list` over a child object that already
+ * has `organization_id` as a `Field.lookup('sys_organization')` — the
+ * renderer scopes the list to the current organization automatically
+ * (the related-list runtime uses the parent record id from the page
+ * context as the filter value for `relationshipField`). The per-row
+ * actions defined on each child object (invite_user, cancel_invitation,
+ * remove_member, transfer_ownership, create_team, …) are inherited
+ * unchanged — no admin endpoint has to be re-declared here.
+ *
+ * Notable omissions:
+ *  - **OAuth Apps**: `sys_oauth_application` is owned by `user_id`, not
+ *    `organization_id`. They surface on the user's Account → Developer
+ *    section instead of the org detail.
+ *  - **SSO**: no `sys_sso*` object exists yet. When the SSO plugin lands,
+ *    add a fourth tab here.
+ */
+declare const SysOrganizationDetailPage: Page;
+
+/**
+ * sys_user — Record Detail Page (slotted, default for ALL sys_user records)
+ *
+ * **Audience**: admins browsing user records from Setup.
+ *
+ * The Account App's "Profile" entry no longer routes here — it points at
+ * the `account:profile_card` Console component for a settings-form-style
+ * personal profile. This page therefore optimizes for the admin
+ * use case: scanning a user's signals (email/verification/2FA/role),
+ * reviewing related sessions/orgs/oauth/api-keys, and triggering
+ * admin actions (ban / impersonate / set_role).
+ *
+ * Strategy
+ * --------
+ *  - `kind: 'slotted'` + `isDefault: true`: overrides `highlights`,
+ *    `details`, `tabs` and `discussion`. Header / actions fall through
+ *    to the synthesizer so the object's declared actions
+ *    (`update_my_profile / change_my_password / resend_verification_email
+ *    / ban_user / set_user_role / impersonate_user / …`) still appear
+ *    in the header overflow menu automatically.
+ *  - `highlights` promotes the four signals worth scanning at the top:
+ *    email, verification state, 2FA, platform role. Highlight fields
+ *    are auto-dropped from the details grid below.
+ *  - `details` re-groups remaining fields into sections and hides
+ *    admin-internal audit columns. Banned / ban metadata is still
+ *    editable from the header actions — we just don't show it in
+ *    every user's body.
+ *  - `tabs` is **explicitly curated** to the 4 related lists that matter
+ *    on a user profile (Sessions / Linked Accounts / Organizations /
+ *    Personal OAuth Apps). Without this override, the synthesizer
+ *    auto-generates a tab per object that has a FK to sys_user
+ *    (sys_role.created_by, sys_email.updated_by, sys_user_preference,
+ *    sys_email_template.created_by, …) producing dozens of noisy
+ *    "查看全部" cards on every profile.
+ *  - `discussion: []` removes the Chatter feed — it has no business
+ *    on a personal profile.
+ */
+declare const SysUserDetailPage: Page;
+
+export { SysOrganizationDetailPage, SysUserDetailPage };

package/dist/pages/index.d.ts

@@ -0,0 +1,73 @@
+import { Page } from '@objectstack/spec/ui';
+
+/**
+ * sys_organization — Record Detail Page (slotted)
+ *
+ * Adds Members / Invitations / Teams tabs to the organization detail
+ * page so an admin can manage the membership graph from a single place
+ * instead of switching between three separate Setup list views.
+ *
+ * The page is `kind: 'slotted'` and overrides only the `tabs` slot —
+ * header, actions, highlights, details and discussion fall through to
+ * the synthesized default, so the organization's own fields and the
+ * existing record-header actions (Set Active, Edit, Delete, Leave) are
+ * preserved.
+ *
+ * Each tab is a `record:related_list` over a child object that already
+ * has `organization_id` as a `Field.lookup('sys_organization')` — the
+ * renderer scopes the list to the current organization automatically
+ * (the related-list runtime uses the parent record id from the page
+ * context as the filter value for `relationshipField`). The per-row
+ * actions defined on each child object (invite_user, cancel_invitation,
+ * remove_member, transfer_ownership, create_team, …) are inherited
+ * unchanged — no admin endpoint has to be re-declared here.
+ *
+ * Notable omissions:
+ *  - **OAuth Apps**: `sys_oauth_application` is owned by `user_id`, not
+ *    `organization_id`. They surface on the user's Account → Developer
+ *    section instead of the org detail.
+ *  - **SSO**: no `sys_sso*` object exists yet. When the SSO plugin lands,
+ *    add a fourth tab here.
+ */
+declare const SysOrganizationDetailPage: Page;
+
+/**
+ * sys_user — Record Detail Page (slotted, default for ALL sys_user records)
+ *
+ * **Audience**: admins browsing user records from Setup.
+ *
+ * The Account App's "Profile" entry no longer routes here — it points at
+ * the `account:profile_card` Console component for a settings-form-style
+ * personal profile. This page therefore optimizes for the admin
+ * use case: scanning a user's signals (email/verification/2FA/role),
+ * reviewing related sessions/orgs/oauth/api-keys, and triggering
+ * admin actions (ban / impersonate / set_role).
+ *
+ * Strategy
+ * --------
+ *  - `kind: 'slotted'` + `isDefault: true`: overrides `highlights`,
+ *    `details`, `tabs` and `discussion`. Header / actions fall through
+ *    to the synthesizer so the object's declared actions
+ *    (`update_my_profile / change_my_password / resend_verification_email
+ *    / ban_user / set_user_role / impersonate_user / …`) still appear
+ *    in the header overflow menu automatically.
+ *  - `highlights` promotes the four signals worth scanning at the top:
+ *    email, verification state, 2FA, platform role. Highlight fields
+ *    are auto-dropped from the details grid below.
+ *  - `details` re-groups remaining fields into sections and hides
+ *    admin-internal audit columns. Banned / ban metadata is still
+ *    editable from the header actions — we just don't show it in
+ *    every user's body.
+ *  - `tabs` is **explicitly curated** to the 4 related lists that matter
+ *    on a user profile (Sessions / Linked Accounts / Organizations /
+ *    Personal OAuth Apps). Without this override, the synthesizer
+ *    auto-generates a tab per object that has a FK to sys_user
+ *    (sys_role.created_by, sys_email.updated_by, sys_user_preference,
+ *    sys_email_template.created_by, …) producing dozens of noisy
+ *    "查看全部" cards on every profile.
+ *  - `discussion: []` removes the Chatter feed — it has no business
+ *    on a personal profile.
+ */
+declare const SysUserDetailPage: Page;
+
+export { SysOrganizationDetailPage, SysUserDetailPage };

package/dist/pages/index.js

@@ -0,0 +1,371 @@
+'use strict';
+
+// src/pages/sys-organization.page.ts
+var SysOrganizationDetailPage = {
+  name: "sys_organization_detail",
+  label: "Organization",
+  type: "record",
+  object: "sys_organization",
+  template: "default",
+  kind: "slotted",
+  isDefault: true,
+  // `regions` is required by the Page schema even for slotted pages —
+  // empty array lets the synthesizer fill in header/details/discussion
+  // while the `slots.tabs` override below replaces the synthesized
+  // tabs strip.
+  regions: [],
+  slots: {
+    tabs: {
+      type: "page:tabs",
+      properties: {
+        type: "line",
+        position: "top",
+        items: [
+          {
+            label: "Members",
+            icon: "users",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_member",
+                  relationshipField: "organization_id",
+                  columns: ["user_id", "role", "created_at"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "Members"
+                }
+              }
+            ]
+          },
+          {
+            label: "Invitations",
+            icon: "mail",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_invitation",
+                  relationshipField: "organization_id",
+                  columns: ["email", "role", "status", "expires_at", "inviter_id"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "Invitations"
+                }
+              }
+            ]
+          },
+          {
+            label: "Teams",
+            icon: "users-round",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_team",
+                  relationshipField: "organization_id",
+                  columns: ["name", "created_at", "updated_at"],
+                  sort: [{ field: "name", order: "asc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "Teams"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  }
+};
+
+// src/pages/sys-user.page.ts
+var SysUserDetailPage = {
+  name: "sys_user_detail",
+  label: "User",
+  type: "record",
+  object: "sys_user",
+  template: "default",
+  kind: "slotted",
+  isDefault: true,
+  regions: [],
+  slots: {
+    // ── Alert banners ─────────────────────────────────────────────
+    // Conditional notices rendered between the page header and the
+    // highlight strip. The unverified-email banner only shows for the
+    // current user viewing their own profile (admins looking at other
+    // users see nothing — they can use Setup actions instead).
+    alerts: [
+      {
+        type: "record:alert",
+        properties: {
+          severity: "warning",
+          icon: "mail",
+          title: "\u90AE\u7BB1\u672A\u9A8C\u8BC1",
+          body: "\u9A8C\u8BC1\u4F60\u7684\u90AE\u7BB1\u4EE5\u63A5\u6536\u5BC6\u7801\u91CD\u7F6E\u548C\u91CD\u8981\u7684\u7CFB\u7EDF\u901A\u77E5\u3002",
+          visible: "record.id == ctx.user.id && record.email_verified == false",
+          dismissible: false,
+          action: {
+            actionName: "resend_verification_email",
+            label: "\u91CD\u65B0\u53D1\u9001\u9A8C\u8BC1\u90AE\u4EF6"
+          }
+        }
+      }
+    ],
+    // ── Highlight chips above the fold ────────────────────────────
+    highlights: {
+      type: "record:highlights",
+      properties: {
+        fields: ["email", "email_verified", "two_factor_enabled", "role"]
+      }
+    },
+    // ── Body / details grid ───────────────────────────────────────
+    details: {
+      type: "record:details",
+      properties: {
+        hideFields: [
+          "id",
+          "banned",
+          "ban_reason",
+          "ban_expires",
+          // already promoted to highlights:
+          "email",
+          "email_verified",
+          "two_factor_enabled",
+          "role"
+        ],
+        sections: [
+          {
+            label: "Identity",
+            fields: ["name", "image"]
+          },
+          {
+            label: "Audit",
+            fields: ["created_at", "updated_at"]
+          }
+        ]
+      }
+    },
+    // ── Tabs: curated related lists ───────────────────────────────
+    // Only the 4 lists that are semantically about THIS user account.
+    // Everything else (sys_role created_by, sys_email_template
+    // updated_by, …) is incidental authorship metadata and would only
+    // create noise.
+    tabs: {
+      type: "page:tabs",
+      properties: {
+        type: "line",
+        position: "top",
+        items: [
+          {
+            label: "Sessions",
+            icon: "monitor",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_session",
+                  relationshipField: "user_id",
+                  columns: ["user_agent", "ip_address", "created_at", "expires_at"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "Sessions"
+                }
+              }
+            ]
+          },
+          {
+            label: "Linked Accounts",
+            icon: "link",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_account",
+                  relationshipField: "user_id",
+                  columns: ["provider_id", "account_id", "created_at"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "Linked Accounts"
+                }
+              }
+            ]
+          },
+          {
+            label: "Organizations",
+            icon: "building-2",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_member",
+                  relationshipField: "user_id",
+                  columns: ["organization_id", "role", "created_at"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "Organizations"
+                }
+              }
+            ]
+          },
+          {
+            label: "OAuth Apps",
+            icon: "key-square",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_oauth_application",
+                  relationshipField: "user_id",
+                  columns: ["name", "client_id", "created_at"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "OAuth Apps"
+                }
+              }
+            ]
+          },
+          // ── Security ──────────────────────────────────────────────
+          // Grouped self-service security controls. Each `record:quick_actions`
+          // pulls its actions by name from the sys_user object metadata
+          // (DRY — definitions stay on the object) and filters by
+          // `location: 'record_section'` so they only render here, not
+          // in the global header row.
+          {
+            label: "Security",
+            icon: "shield",
+            children: [
+              {
+                type: "element:text",
+                properties: {
+                  variant: "subheading",
+                  content: "Password & Sign-in"
+                }
+              },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "caption",
+                  content: "Change your password or the email address associated with this account."
+                }
+              },
+              {
+                type: "record:quick_actions",
+                properties: {
+                  location: "record_section",
+                  align: "start",
+                  actionNames: ["change_my_password", "change_my_email"]
+                }
+              },
+              { type: "element:divider" },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "subheading",
+                  content: "Two-Factor Authentication"
+                }
+              },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "caption",
+                  content: "Add a second layer of security using a TOTP authenticator app. Backup codes let you sign in if you lose your device."
+                }
+              },
+              {
+                type: "record:quick_actions",
+                properties: {
+                  location: "record_section",
+                  align: "start",
+                  actionNames: ["enable_two_factor", "disable_two_factor", "generate_backup_codes"]
+                }
+              },
+              { type: "element:divider" },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "subheading",
+                  content: "Email Verification"
+                }
+              },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "caption",
+                  content: "Verify your email so password resets and notifications reach you. The button appears only while verification is pending."
+                }
+              },
+              {
+                type: "record:quick_actions",
+                properties: {
+                  location: "record_section",
+                  align: "start",
+                  actionNames: ["resend_verification_email"]
+                }
+              },
+              { type: "element:divider" },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "subheading",
+                  content: "Danger Zone"
+                },
+                className: "text-destructive"
+              },
+              {
+                type: "element:text",
+                properties: {
+                  variant: "caption",
+                  content: "Permanent. Once deleted, your account cannot be recovered."
+                }
+              },
+              {
+                type: "record:quick_actions",
+                properties: {
+                  location: "record_section",
+                  align: "start",
+                  actionNames: ["delete_my_account"]
+                }
+              }
+            ]
+          },
+          // ── API Keys ──────────────────────────────────────────────
+          // Programmatic credentials issued for this user. Filtered by
+          // user_id FK; the sys_api_key object's own list-item actions
+          // (revoke / restore) handle row operations.
+          {
+            label: "API Keys",
+            icon: "key-round",
+            children: [
+              {
+                type: "record:related_list",
+                properties: {
+                  objectName: "sys_api_key",
+                  relationshipField: "user_id",
+                  columns: ["name", "prefix", "expires_at", "revoked", "created_at"],
+                  sort: [{ field: "created_at", order: "desc" }],
+                  limit: 25,
+                  showViewAll: true,
+                  title: "API Keys"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    },
+    // ── Suppress the Discussion / Chatter thread ──────────────────
+    discussion: []
+  }
+};
+
+exports.SysOrganizationDetailPage = SysOrganizationDetailPage;
+exports.SysUserDetailPage = SysUserDetailPage;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/pages/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/pages/sys-organization.page.ts","../../src/pages/sys-user.page.ts"],"names":[],"mappings":";;;AAiCO,IAAM,yBAAA,GAAkC;AAAA,EAC7C,IAAA,EAAM,yBAAA;AAAA,EACN,KAAA,EAAO,cAAA;AAAA,EACP,IAAA,EAAM,QAAA;AAAA,EACN,MAAA,EAAQ,kBAAA;AAAA,EACR,QAAA,EAAU,SAAA;AAAA,EACV,IAAA,EAAM,SAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKX,SAAS,EAAC;AAAA,EACV,KAAA,EAAO;AAAA,IACL,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM,WAAA;AAAA,MACN,UAAA,EAAY;AAAA,QACV,IAAA,EAAM,MAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,KAAA,EAAO;AAAA,UACL;AAAA,YACE,KAAA,EAAO,SAAA;AAAA,YACP,IAAA,EAAM,OAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,YAAA;AAAA,kBACZ,iBAAA,EAAmB,iBAAA;AAAA,kBACnB,OAAA,EAAS,CAAC,SAAA,EAAW,MAAA,EAAQ,YAAY,CAAA;AAAA,kBACzC,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF,WACF;AAAA,UACA;AAAA,YACE,KAAA,EAAO,aAAA;AAAA,YACP,IAAA,EAAM,MAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,gBAAA;AAAA,kBACZ,iBAAA,EAAmB,iBAAA;AAAA,kBACnB,SAAS,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAA,EAAU,cAAc,YAAY,CAAA;AAAA,kBAC/D,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF,WACF;AAAA,UACA;AAAA,YACE,KAAA,EAAO,OAAA;AAAA,YACP,IAAA,EAAM,aAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,UAAA;AAAA,kBACZ,iBAAA,EAAmB,iBAAA;AAAA,kBACnB,OAAA,EAAS,CAAC,MAAA,EAAQ,YAAA,EAAc,YAAY,CAAA;AAAA,kBAC5C,MAAM,CAAC,EAAE,OAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,CAAA;AAAA,kBACtC,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF;AACF;AACF;AACF;AACF;AAEJ;;;ACtEO,IAAM,iBAAA,GAA0B;AAAA,EACrC,IAAA,EAAM,iBAAA;AAAA,EACN,KAAA,EAAO,MAAA;AAAA,EACP,IAAA,EAAM,QAAA;AAAA,EACN,MAAA,EAAQ,UAAA;AAAA,EACR,QAAA,EAAU,SAAA;AAAA,EACV,IAAA,EAAM,SAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EAEX,SAAS,EAAC;AAAA,EAEV,KAAA,EAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAML,MAAA,EAAQ;AAAA,MACN;AAAA,QACE,IAAA,EAAM,cAAA;AAAA,QACN,UAAA,EAAY;AAAA,UACV,QAAA,EAAU,SAAA;AAAA,UACV,IAAA,EAAM,MAAA;AAAA,UACN,KAAA,EAAO,gCAAA;AAAA,UACP,IAAA,EAAM,sIAAA;AAAA,UACN,OAAA,EAAS,4DAAA;AAAA,UACT,WAAA,EAAa,KAAA;AAAA,UACb,MAAA,EAAQ;AAAA,YACN,UAAA,EAAY,2BAAA;AAAA,YACZ,KAAA,EAAO;AAAA;AACT;AACF;AACF,KACF;AAAA;AAAA,IAGA,UAAA,EAAY;AAAA,MACV,IAAA,EAAM,mBAAA;AAAA,MACN,UAAA,EAAY;AAAA,QACV,MAAA,EAAQ,CAAC,OAAA,EAAS,gBAAA,EAAkB,sBAAsB,MAAM;AAAA;AAClE,KACF;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,IAAA,EAAM,gBAAA;AAAA,MACN,UAAA,EAAY;AAAA,QACV,UAAA,EAAY;AAAA,UACV,IAAA;AAAA,UACA,QAAA;AAAA,UACA,YAAA;AAAA,UACA,aAAA;AAAA;AAAA,UAEA,OAAA;AAAA,UACA,gBAAA;AAAA,UACA,oBAAA;AAAA,UACA;AAAA,SACF;AAAA,QACA,QAAA,EAAU;AAAA,UACR;AAAA,YACE,KAAA,EAAO,UAAA;AAAA,YACP,MAAA,EAAQ,CAAC,MAAA,EAAQ,OAAO;AAAA,WAC1B;AAAA,UACA;AAAA,YACE,KAAA,EAAO,OAAA;AAAA,YACP,MAAA,EAAQ,CAAC,YAAA,EAAc,YAAY;AAAA;AACrC;AACF;AACF,KACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM,WAAA;AAAA,MACN,UAAA,EAAY;AAAA,QACV,IAAA,EAAM,MAAA;AAAA,QACN,QAAA,EAAU,KAAA;AAAA,QACV,KAAA,EAAO;AAAA,UACL;AAAA,YACE,KAAA,EAAO,UAAA;AAAA,YACP,IAAA,EAAM,SAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,aAAA;AAAA,kBACZ,iBAAA,EAAmB,SAAA;AAAA,kBACnB,OAAA,EAAS,CAAC,YAAA,EAAc,YAAA,EAAc,cAAc,YAAY,CAAA;AAAA,kBAChE,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF,WACF;AAAA,UACA;AAAA,YACE,KAAA,EAAO,iBAAA;AAAA,YACP,IAAA,EAAM,MAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,aAAA;AAAA,kBACZ,iBAAA,EAAmB,SAAA;AAAA,kBACnB,OAAA,EAAS,CAAC,aAAA,EAAe,YAAA,EAAc,YAAY,CAAA;AAAA,kBACnD,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF,WACF;AAAA,UACA;AAAA,YACE,KAAA,EAAO,eAAA;AAAA,YACP,IAAA,EAAM,YAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,YAAA;AAAA,kBACZ,iBAAA,EAAmB,SAAA;AAAA,kBACnB,OAAA,EAAS,CAAC,iBAAA,EAAmB,MAAA,EAAQ,YAAY,CAAA;AAAA,kBACjD,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF,WACF;AAAA,UACA;AAAA,YACE,KAAA,EAAO,YAAA;AAAA,YACP,IAAA,EAAM,YAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,uBAAA;AAAA,kBACZ,iBAAA,EAAmB,SAAA;AAAA,kBACnB,OAAA,EAAS,CAAC,MAAA,EAAQ,WAAA,EAAa,YAAY,CAAA;AAAA,kBAC3C,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF,WACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAOA;AAAA,YACE,KAAA,EAAO,UAAA;AAAA,YACP,IAAA,EAAM,QAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,YAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,SAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,sBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,QAAA,EAAU,gBAAA;AAAA,kBACV,KAAA,EAAO,OAAA;AAAA,kBACP,WAAA,EAAa,CAAC,oBAAA,EAAsB,iBAAiB;AAAA;AACvD,eACF;AAAA,cACA,EAAE,MAAM,iBAAA,EAAkB;AAAA,cAC1B;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,YAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,SAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,sBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,QAAA,EAAU,gBAAA;AAAA,kBACV,KAAA,EAAO,OAAA;AAAA,kBACP,WAAA,EAAa,CAAC,mBAAA,EAAqB,oBAAA,EAAsB,uBAAuB;AAAA;AAClF,eACF;AAAA,cACA,EAAE,MAAM,iBAAA,EAAkB;AAAA,cAC1B;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,YAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,SAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,sBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,QAAA,EAAU,gBAAA;AAAA,kBACV,KAAA,EAAO,OAAA;AAAA,kBACP,WAAA,EAAa,CAAC,2BAA2B;AAAA;AAC3C,eACF;AAAA,cACA,EAAE,MAAM,iBAAA,EAAkB;AAAA,cAC1B;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,YAAA;AAAA,kBACT,OAAA,EAAS;AAAA,iBACX;AAAA,gBACA,SAAA,EAAW;AAAA,eACb;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,cAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,OAAA,EAAS,SAAA;AAAA,kBACT,OAAA,EAAS;AAAA;AACX,eACF;AAAA,cACA;AAAA,gBACE,IAAA,EAAM,sBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,QAAA,EAAU,gBAAA;AAAA,kBACV,KAAA,EAAO,OAAA;AAAA,kBACP,WAAA,EAAa,CAAC,mBAAmB;AAAA;AACnC;AACF;AACF,WACF;AAAA;AAAA;AAAA;AAAA;AAAA,UAKA;AAAA,YACE,KAAA,EAAO,UAAA;AAAA,YACP,IAAA,EAAM,WAAA;AAAA,YACN,QAAA,EAAU;AAAA,cACR;AAAA,gBACE,IAAA,EAAM,qBAAA;AAAA,gBACN,UAAA,EAAY;AAAA,kBACV,UAAA,EAAY,aAAA;AAAA,kBACZ,iBAAA,EAAmB,SAAA;AAAA,kBACnB,SAAS,CAAC,MAAA,EAAQ,QAAA,EAAU,YAAA,EAAc,WAAW,YAAY,CAAA;AAAA,kBACjE,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,kBAC7C,KAAA,EAAO,EAAA;AAAA,kBACP,WAAA,EAAa,IAAA;AAAA,kBACb,KAAA,EAAO;AAAA;AACT;AACF;AACF;AACF;AACF;AACF,KACF;AAAA;AAAA,IAGA,YAAY;AAAC;AAEjB","file":"index.js","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport type { Page } from '@objectstack/spec/ui';\n\n/**\n * sys_organization — Record Detail Page (slotted)\n *\n * Adds Members / Invitations / Teams tabs to the organization detail\n * page so an admin can manage the membership graph from a single place\n * instead of switching between three separate Setup list views.\n *\n * The page is `kind: 'slotted'` and overrides only the `tabs` slot —\n * header, actions, highlights, details and discussion fall through to\n * the synthesized default, so the organization's own fields and the\n * existing record-header actions (Set Active, Edit, Delete, Leave) are\n * preserved.\n *\n * Each tab is a `record:related_list` over a child object that already\n * has `organization_id` as a `Field.lookup('sys_organization')` — the\n * renderer scopes the list to the current organization automatically\n * (the related-list runtime uses the parent record id from the page\n * context as the filter value for `relationshipField`). The per-row\n * actions defined on each child object (invite_user, cancel_invitation,\n * remove_member, transfer_ownership, create_team, …) are inherited\n * unchanged — no admin endpoint has to be re-declared here.\n *\n * Notable omissions:\n *  - **OAuth Apps**: `sys_oauth_application` is owned by `user_id`, not\n *    `organization_id`. They surface on the user's Account → Developer\n *    section instead of the org detail.\n *  - **SSO**: no `sys_sso*` object exists yet. When the SSO plugin lands,\n *    add a fourth tab here.\n */\nexport const SysOrganizationDetailPage: Page = {\n  name: 'sys_organization_detail',\n  label: 'Organization',\n  type: 'record',\n  object: 'sys_organization',\n  template: 'default',\n  kind: 'slotted',\n  isDefault: true,\n  // `regions` is required by the Page schema even for slotted pages —\n  // empty array lets the synthesizer fill in header/details/discussion\n  // while the `slots.tabs` override below replaces the synthesized\n  // tabs strip.\n  regions: [],\n  slots: {\n    tabs: {\n      type: 'page:tabs',\n      properties: {\n        type: 'line',\n        position: 'top',\n        items: [\n          {\n            label: 'Members',\n            icon: 'users',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_member',\n                  relationshipField: 'organization_id',\n                  columns: ['user_id', 'role', 'created_at'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'Members',\n                },\n              },\n            ],\n          },\n          {\n            label: 'Invitations',\n            icon: 'mail',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_invitation',\n                  relationshipField: 'organization_id',\n                  columns: ['email', 'role', 'status', 'expires_at', 'inviter_id'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'Invitations',\n                },\n              },\n            ],\n          },\n          {\n            label: 'Teams',\n            icon: 'users-round',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_team',\n                  relationshipField: 'organization_id',\n                  columns: ['name', 'created_at', 'updated_at'],\n                  sort: [{ field: 'name', order: 'asc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'Teams',\n                },\n              },\n            ],\n          },\n        ],\n      },\n    },\n  },\n};\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport type { Page } from '@objectstack/spec/ui';\n\n/**\n * sys_user — Record Detail Page (slotted, default for ALL sys_user records)\n *\n * **Audience**: admins browsing user records from Setup.\n *\n * The Account App's \"Profile\" entry no longer routes here — it points at\n * the `account:profile_card` Console component for a settings-form-style\n * personal profile. This page therefore optimizes for the admin\n * use case: scanning a user's signals (email/verification/2FA/role),\n * reviewing related sessions/orgs/oauth/api-keys, and triggering\n * admin actions (ban / impersonate / set_role).\n *\n * Strategy\n * --------\n *  - `kind: 'slotted'` + `isDefault: true`: overrides `highlights`,\n *    `details`, `tabs` and `discussion`. Header / actions fall through\n *    to the synthesizer so the object's declared actions\n *    (`update_my_profile / change_my_password / resend_verification_email\n *    / ban_user / set_user_role / impersonate_user / …`) still appear\n *    in the header overflow menu automatically.\n *  - `highlights` promotes the four signals worth scanning at the top:\n *    email, verification state, 2FA, platform role. Highlight fields\n *    are auto-dropped from the details grid below.\n *  - `details` re-groups remaining fields into sections and hides\n *    admin-internal audit columns. Banned / ban metadata is still\n *    editable from the header actions — we just don't show it in\n *    every user's body.\n *  - `tabs` is **explicitly curated** to the 4 related lists that matter\n *    on a user profile (Sessions / Linked Accounts / Organizations /\n *    Personal OAuth Apps). Without this override, the synthesizer\n *    auto-generates a tab per object that has a FK to sys_user\n *    (sys_role.created_by, sys_email.updated_by, sys_user_preference,\n *    sys_email_template.created_by, …) producing dozens of noisy\n *    \"查看全部\" cards on every profile.\n *  - `discussion: []` removes the Chatter feed — it has no business\n *    on a personal profile.\n */\nexport const SysUserDetailPage: Page = {\n  name: 'sys_user_detail',\n  label: 'User',\n  type: 'record',\n  object: 'sys_user',\n  template: 'default',\n  kind: 'slotted',\n  isDefault: true,\n\n  regions: [],\n\n  slots: {\n    // ── Alert banners ─────────────────────────────────────────────\n    // Conditional notices rendered between the page header and the\n    // highlight strip. The unverified-email banner only shows for the\n    // current user viewing their own profile (admins looking at other\n    // users see nothing — they can use Setup actions instead).\n    alerts: [\n      {\n        type: 'record:alert',\n        properties: {\n          severity: 'warning',\n          icon: 'mail',\n          title: '邮箱未验证',\n          body: '验证你的邮箱以接收密码重置和重要的系统通知。',\n          visible: 'record.id == ctx.user.id && record.email_verified == false',\n          dismissible: false,\n          action: {\n            actionName: 'resend_verification_email',\n            label: '重新发送验证邮件',\n          },\n        },\n      },\n    ],\n\n    // ── Highlight chips above the fold ────────────────────────────\n    highlights: {\n      type: 'record:highlights',\n      properties: {\n        fields: ['email', 'email_verified', 'two_factor_enabled', 'role'],\n      },\n    },\n\n    // ── Body / details grid ───────────────────────────────────────\n    details: {\n      type: 'record:details',\n      properties: {\n        hideFields: [\n          'id',\n          'banned',\n          'ban_reason',\n          'ban_expires',\n          // already promoted to highlights:\n          'email',\n          'email_verified',\n          'two_factor_enabled',\n          'role',\n        ],\n        sections: [\n          {\n            label: 'Identity',\n            fields: ['name', 'image'],\n          },\n          {\n            label: 'Audit',\n            fields: ['created_at', 'updated_at'],\n          },\n        ],\n      },\n    },\n\n    // ── Tabs: curated related lists ───────────────────────────────\n    // Only the 4 lists that are semantically about THIS user account.\n    // Everything else (sys_role created_by, sys_email_template\n    // updated_by, …) is incidental authorship metadata and would only\n    // create noise.\n    tabs: {\n      type: 'page:tabs',\n      properties: {\n        type: 'line',\n        position: 'top',\n        items: [\n          {\n            label: 'Sessions',\n            icon: 'monitor',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_session',\n                  relationshipField: 'user_id',\n                  columns: ['user_agent', 'ip_address', 'created_at', 'expires_at'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'Sessions',\n                },\n              },\n            ],\n          },\n          {\n            label: 'Linked Accounts',\n            icon: 'link',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_account',\n                  relationshipField: 'user_id',\n                  columns: ['provider_id', 'account_id', 'created_at'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'Linked Accounts',\n                },\n              },\n            ],\n          },\n          {\n            label: 'Organizations',\n            icon: 'building-2',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_member',\n                  relationshipField: 'user_id',\n                  columns: ['organization_id', 'role', 'created_at'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'Organizations',\n                },\n              },\n            ],\n          },\n          {\n            label: 'OAuth Apps',\n            icon: 'key-square',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_oauth_application',\n                  relationshipField: 'user_id',\n                  columns: ['name', 'client_id', 'created_at'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'OAuth Apps',\n                },\n              },\n            ],\n          },\n          // ── Security ──────────────────────────────────────────────\n          // Grouped self-service security controls. Each `record:quick_actions`\n          // pulls its actions by name from the sys_user object metadata\n          // (DRY — definitions stay on the object) and filters by\n          // `location: 'record_section'` so they only render here, not\n          // in the global header row.\n          {\n            label: 'Security',\n            icon: 'shield',\n            children: [\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'subheading',\n                  content: 'Password & Sign-in',\n                },\n              },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'caption',\n                  content: 'Change your password or the email address associated with this account.',\n                },\n              },\n              {\n                type: 'record:quick_actions',\n                properties: {\n                  location: 'record_section',\n                  align: 'start',\n                  actionNames: ['change_my_password', 'change_my_email'],\n                },\n              },\n              { type: 'element:divider' },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'subheading',\n                  content: 'Two-Factor Authentication',\n                },\n              },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'caption',\n                  content: 'Add a second layer of security using a TOTP authenticator app. Backup codes let you sign in if you lose your device.',\n                },\n              },\n              {\n                type: 'record:quick_actions',\n                properties: {\n                  location: 'record_section',\n                  align: 'start',\n                  actionNames: ['enable_two_factor', 'disable_two_factor', 'generate_backup_codes'],\n                },\n              },\n              { type: 'element:divider' },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'subheading',\n                  content: 'Email Verification',\n                },\n              },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'caption',\n                  content: 'Verify your email so password resets and notifications reach you. The button appears only while verification is pending.',\n                },\n              },\n              {\n                type: 'record:quick_actions',\n                properties: {\n                  location: 'record_section',\n                  align: 'start',\n                  actionNames: ['resend_verification_email'],\n                },\n              },\n              { type: 'element:divider' },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'subheading',\n                  content: 'Danger Zone',\n                },\n                className: 'text-destructive',\n              },\n              {\n                type: 'element:text',\n                properties: {\n                  variant: 'caption',\n                  content: 'Permanent. Once deleted, your account cannot be recovered.',\n                },\n              },\n              {\n                type: 'record:quick_actions',\n                properties: {\n                  location: 'record_section',\n                  align: 'start',\n                  actionNames: ['delete_my_account'],\n                },\n              },\n            ],\n          },\n          // ── API Keys ──────────────────────────────────────────────\n          // Programmatic credentials issued for this user. Filtered by\n          // user_id FK; the sys_api_key object's own list-item actions\n          // (revoke / restore) handle row operations.\n          {\n            label: 'API Keys',\n            icon: 'key-round',\n            children: [\n              {\n                type: 'record:related_list',\n                properties: {\n                  objectName: 'sys_api_key',\n                  relationshipField: 'user_id',\n                  columns: ['name', 'prefix', 'expires_at', 'revoked', 'created_at'],\n                  sort: [{ field: 'created_at', order: 'desc' }],\n                  limit: 25,\n                  showViewAll: true,\n                  title: 'API Keys',\n                },\n              },\n            ],\n          },\n        ],\n      },\n    },\n\n    // ── Suppress the Discussion / Chatter thread ──────────────────\n    discussion: [],\n  },\n};\n"]}