@rebasepro/auth 0.1.2 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/LICENSE +21 -6
  2. package/dist/api.d.ts +10 -8
  3. package/dist/index.d.ts +1 -5
  4. package/dist/index.es.js +31 -1217
  5. package/dist/index.es.js.map +1 -1
  6. package/dist/index.umd.js +32 -1214
  7. package/dist/index.umd.js.map +1 -1
  8. package/dist/types.d.ts +13 -8
  9. package/package.json +10 -9
  10. package/src/api.ts +31 -22
  11. package/src/hooks/useBackendUserManagement.ts +10 -1
  12. package/src/hooks/useRebaseAuthController.ts +11 -16
  13. package/src/index.ts +1 -8
  14. package/src/types.ts +6 -5
  15. package/dist/components/AdminViews.d.ts +0 -22
  16. package/dist/components/RebaseAuth.d.ts +0 -6
  17. package/dist/components/RebaseLoginView.d.ts +0 -73
  18. package/src/components/AdminViews.tsx +0 -825
  19. package/src/components/RebaseAuth.tsx +0 -23
  20. package/src/components/RebaseLoginView.tsx +0 -724
package/dist/index.es.js CHANGED
@@ -1,8 +1,4 @@
1
- import { useState, useRef, useEffect, useCallback, useLayoutEffect } from "react";
2
- import { jsxs, jsx, Fragment } from "react/jsx-runtime";
3
- import { Menu, MenuItem, iconSize, IconButton, Typography, cls, TextField, LoadingButton, Button, CenteredView, CircularProgress, Container, Table, TableHeader, TableCell, TableBody, TableRow, Tooltip, Checkbox, getColorSchemeForSeed, Chip, Dialog, DialogTitle, DialogContent, DialogActions, MultiSelect, MultiSelectItem } from "@rebasepro/ui";
4
- import { MoonIcon, SunIcon, SunMoonIcon, MailIcon, ArrowLeftIcon, PlusIcon, Trash2Icon } from "lucide-react";
5
- import { useModeController, useTranslation, LanguageToggle, ErrorView, RebaseLogo, useRebaseRegistryDispatch, useSnackbarController, ConfirmationDialog, useAuthController } from "@rebasepro/core";
1
+ import { useState, useRef, useEffect, useCallback } from "react";
6
2
  let baseApiUrl = "";
7
3
  function setApiUrl(url) {
8
4
  baseApiUrl = url;
@@ -72,12 +68,11 @@ async function login(email, password) {
72
68
  });
73
69
  return handleResponse(response);
74
70
  }
75
- async function googleLogin(tokenOrPayload, tokenType = "idToken") {
76
- const body = typeof tokenOrPayload === "string" ? { [tokenType]: tokenOrPayload } : tokenOrPayload;
71
+ async function googleLogin(payload) {
77
72
  const response = await fetchWithHandling(`${baseApiUrl}/api/auth/google`, {
78
73
  method: "POST",
79
74
  headers: { "Content-Type": "application/json" },
80
- body: JSON.stringify(body)
75
+ body: JSON.stringify(payload)
81
76
  });
82
77
  return handleResponse(response);
83
78
  }
@@ -90,13 +85,11 @@ async function oauthLogin(providerId, payload) {
90
85
  return handleResponse(response);
91
86
  }
92
87
  async function refreshAccessToken(refreshToken) {
93
- console.log("[AUTH-API] Calling refresh endpoint...");
94
88
  const response = await fetchWithHandling(`${baseApiUrl}/api/auth/refresh`, {
95
89
  method: "POST",
96
90
  headers: { "Content-Type": "application/json" },
97
91
  body: JSON.stringify({ refreshToken })
98
92
  });
99
- console.log("[AUTH-API] Refresh response status:", response.status);
100
93
  return handleResponse(response);
101
94
  }
102
95
  async function logout(refreshToken) {
@@ -198,7 +191,11 @@ async function revokeAllSessions(accessToken) {
198
191
  return handleResponse(response);
199
192
  }
200
193
  let authConfigInflight = null;
194
+ let authConfigCached = null;
201
195
  async function fetchAuthConfig() {
196
+ if (authConfigCached) {
197
+ return authConfigCached;
198
+ }
202
199
  if (authConfigInflight) {
203
200
  return authConfigInflight;
204
201
  }
@@ -210,11 +207,17 @@ async function fetchAuthConfig() {
210
207
  return handleResponse(response);
211
208
  })();
212
209
  try {
213
- return await authConfigInflight;
210
+ const result = await authConfigInflight;
211
+ authConfigCached = result;
212
+ return result;
214
213
  } finally {
215
214
  authConfigInflight = null;
216
215
  }
217
216
  }
217
+ function clearAuthConfigCache() {
218
+ authConfigCached = null;
219
+ authConfigInflight = null;
220
+ }
218
221
  const STORAGE_KEY = "rebase_auth";
219
222
  const TOKEN_REFRESH_BUFFER_MS = 2 * 60 * 1e3;
220
223
  function convertToUser(userInfo) {
@@ -230,13 +233,8 @@ function convertToUser(userInfo) {
230
233
  }
231
234
  function saveAuthToStorage(tokens, user) {
232
235
  try {
233
- const data = {
234
- tokens,
235
- user
236
- };
236
+ const data = { tokens, user };
237
237
  localStorage.setItem(STORAGE_KEY, JSON.stringify(data));
238
- const expiryDate = new Date(tokens.accessTokenExpiresAt);
239
- const expiryStr = Number.isFinite(tokens.accessTokenExpiresAt) ? expiryDate.toISOString() : "invalid";
240
238
  } catch (e) {
241
239
  }
242
240
  }
@@ -283,6 +281,9 @@ function useRebaseAuthController(props = {}) {
283
281
  setApiUrl(apiUrl);
284
282
  }
285
283
  }, [client, apiUrl]);
284
+ const clearError = useCallback(() => {
285
+ setAuthProviderError(null);
286
+ }, []);
286
287
  const clearSessionAndSignOut = useCallback(() => {
287
288
  tokensRef.current = null;
288
289
  clearAuthFromStorage();
@@ -319,7 +320,6 @@ function useRebaseAuthController(props = {}) {
319
320
  if (latestStoredData) {
320
321
  saveAuthToStorage(newTokens, latestStoredData.user);
321
322
  }
322
- const newExpiryStr = Number.isFinite(newTokens.accessTokenExpiresAt) ? new Date(newTokens.accessTokenExpiresAt).toISOString() : "invalid";
323
323
  return newTokens;
324
324
  } catch (error) {
325
325
  if (error instanceof Error && error.code === "NETWORK_ERROR") {
@@ -424,26 +424,20 @@ function useRebaseAuthController(props = {}) {
424
424
  }
425
425
  }, [client, getAuthToken, refreshAccessToken$1, clearSessionAndSignOut]);
426
426
  const handleAuthSuccess = useCallback(async (userInfo, tokens) => {
427
- console.log("[Auth] handleAuthSuccess called, user:", userInfo.email, "uid:", userInfo.uid);
428
427
  tokensRef.current = tokens;
429
428
  let convertedUser = convertToUser(userInfo);
430
429
  if (defineRolesFor) {
431
430
  const customRoles = await defineRolesFor(convertedUser);
432
431
  if (customRoles) {
433
- convertedUser = {
434
- ...convertedUser,
435
- roles: customRoles.map((r) => r.id)
436
- };
432
+ convertedUser = { ...convertedUser, roles: customRoles.map((r) => r.id) };
437
433
  }
438
434
  }
439
435
  saveAuthToStorage(tokens, userInfo);
440
- console.log("[Auth] Calling setUser, roles:", convertedUser.roles);
441
436
  setUser(convertedUser);
442
437
  setAuthError(null);
443
438
  setAuthProviderError(null);
444
439
  setLoginSkipped(false);
445
440
  scheduleTokenRefresh(tokens);
446
- console.log("[Auth] handleAuthSuccess completed");
447
441
  }, [scheduleTokenRefresh, defineRolesFor]);
448
442
  const emailPasswordLogin = useCallback(async (email, password) => {
449
443
  setAuthLoading(true);
@@ -471,11 +465,11 @@ function useRebaseAuthController(props = {}) {
471
465
  setAuthLoading(false);
472
466
  }
473
467
  }, [handleAuthSuccess]);
474
- const googleLogin$1 = useCallback(async (tokenOrPayload, tokenType) => {
468
+ const googleLogin$1 = useCallback(async (payload) => {
475
469
  setAuthLoading(true);
476
470
  setAuthProviderError(null);
477
471
  try {
478
- const response = typeof tokenOrPayload === "string" ? await googleLogin(tokenOrPayload, tokenType ?? "idToken") : await googleLogin(tokenOrPayload);
472
+ const response = await googleLogin(payload);
479
473
  await handleAuthSuccess(response.user, response.tokens);
480
474
  } catch (error) {
481
475
  setAuthProviderError(error);
@@ -769,6 +763,8 @@ function useRebaseAuthController(props = {}) {
769
763
  fetchSessions: fetchSessions$1,
770
764
  revokeSession: revokeSession$1,
771
765
  revokeAllSessions: revokeAllSessions$1,
766
+ clearError,
767
+ setAuthProviderError,
772
768
  extra,
773
769
  setExtra,
774
770
  capabilities: {
@@ -908,6 +904,12 @@ function useBackendUserManagement(config) {
908
904
  setLoading(false);
909
905
  return;
910
906
  }
907
+ const userRoles = currentUser.roles ?? [];
908
+ const isUserAdmin = userRoles.some((r) => r === "admin" || r === "schema-admin");
909
+ if (!isUserAdmin) {
910
+ setLoading(false);
911
+ return;
912
+ }
911
913
  if (lastLoadedUidRef.current === currentUser.uid) {
912
914
  setLoading(false);
913
915
  return;
@@ -1078,7 +1080,7 @@ function useBackendUserManagement(config) {
1078
1080
  saveRole,
1079
1081
  deleteRole,
1080
1082
  isAdmin,
1081
- allowDefaultRolesCreation: true,
1083
+ allowDefaultRolesCreation: isAdmin,
1082
1084
  includeCollectionConfigPermissions: true,
1083
1085
  defineRolesFor,
1084
1086
  getUser,
@@ -1088,1197 +1090,9 @@ function useBackendUserManagement(config) {
1088
1090
  bootstrapAdmin
1089
1091
  };
1090
1092
  }
1091
- function RebaseLoginView({
1092
- logo,
1093
- authController,
1094
- noUserComponent,
1095
- disableSignupScreen = false,
1096
- disabled = false,
1097
- notAllowedError,
1098
- googleEnabled = false,
1099
- googleClientId
1100
- }) {
1101
- const modeState = useModeController();
1102
- const { mode: colorMode, setMode: setColorMode } = modeState;
1103
- const { t } = useTranslation();
1104
- const [mode, setMode] = useState("buttons");
1105
- const [fadeIn, setFadeIn] = useState(false);
1106
- const [viewVisible, setViewVisible] = useState(true);
1107
- const switchMode = (newMode) => {
1108
- setViewVisible(false);
1109
- setTimeout(() => {
1110
- setMode(newMode);
1111
- setViewVisible(true);
1112
- }, 150);
1113
- };
1114
- const isBootstrapMode = authController.needsSetup;
1115
- useEffect(() => {
1116
- const timer = setTimeout(() => setFadeIn(true), 50);
1117
- return () => clearTimeout(timer);
1118
- }, []);
1119
- function buildErrorView() {
1120
- if (!authController.authProviderError) return null;
1121
- if (authController.user != null) return null;
1122
- return /* @__PURE__ */ jsx("div", { className: "w-full", children: /* @__PURE__ */ jsx(ErrorView, { error: authController.authProviderError.message ?? authController.authProviderError }) });
1123
- }
1124
- let logoComponent;
1125
- if (logo) {
1126
- logoComponent = /* @__PURE__ */ jsx(
1127
- "img",
1128
- {
1129
- src: logo,
1130
- style: {
1131
- height: "100%",
1132
- width: "100%",
1133
- objectFit: "cover"
1134
- },
1135
- alt: "Logo"
1136
- }
1137
- );
1138
- } else {
1139
- logoComponent = /* @__PURE__ */ jsx(RebaseLogo, {});
1140
- }
1141
- let notAllowedMessage;
1142
- if (notAllowedError) {
1143
- if (typeof notAllowedError === "string") {
1144
- notAllowedMessage = notAllowedError;
1145
- } else if (notAllowedError instanceof Error) {
1146
- notAllowedMessage = notAllowedError.message;
1147
- } else {
1148
- notAllowedMessage = "It looks like you don't have access to the CMS, based on the specified Authenticator configuration";
1149
- }
1150
- }
1151
- const showRegistration = !disableSignupScreen && authController.registrationEnabled;
1152
- return /* @__PURE__ */ jsxs(
1153
- "div",
1154
- {
1155
- className: cls(
1156
- "relative flex items-center justify-center h-screen w-screen p-4 transition-opacity duration-500 bg-white dark:bg-surface-900",
1157
- fadeIn ? "opacity-100" : "opacity-0"
1158
- ),
1159
- children: [
1160
- /* @__PURE__ */ jsxs("div", { className: "absolute top-4 right-4 flex items-center gap-1 z-10", children: [
1161
- /* @__PURE__ */ jsx(LanguageToggle, {}),
1162
- /* @__PURE__ */ jsxs(
1163
- Menu,
1164
- {
1165
- trigger: /* @__PURE__ */ jsx(
1166
- IconButton,
1167
- {
1168
- color: "inherit",
1169
- "aria-label": "Toggle theme",
1170
- children: colorMode === "dark" ? /* @__PURE__ */ jsx(MoonIcon, { size: iconSize.small }) : /* @__PURE__ */ jsx(SunIcon, { size: iconSize.small })
1171
- }
1172
- ),
1173
- children: [
1174
- /* @__PURE__ */ jsxs(MenuItem, { onClick: () => setColorMode("dark"), children: [
1175
- /* @__PURE__ */ jsx(MoonIcon, { size: iconSize.smallest }),
1176
- " ",
1177
- t("dark_mode")
1178
- ] }),
1179
- /* @__PURE__ */ jsxs(MenuItem, { onClick: () => setColorMode("light"), children: [
1180
- /* @__PURE__ */ jsx(SunIcon, { size: iconSize.smallest }),
1181
- " ",
1182
- t("light_mode")
1183
- ] }),
1184
- /* @__PURE__ */ jsxs(MenuItem, { onClick: () => setColorMode("system"), children: [
1185
- /* @__PURE__ */ jsx(SunMoonIcon, { size: iconSize.smallest }),
1186
- " ",
1187
- t("system_mode")
1188
- ] })
1189
- ]
1190
- }
1191
- )
1192
- ] }),
1193
- /* @__PURE__ */ jsxs("div", { className: "flex flex-col items-center w-[480px] max-w-full p-8 sm:p-10", children: [
1194
- /* @__PURE__ */ jsx("div", { className: "w-32 h-32 m-2 mb-6", children: logoComponent }),
1195
- notAllowedMessage && /* @__PURE__ */ jsx("div", { className: "p-4 w-full", children: /* @__PURE__ */ jsx(ErrorView, { error: notAllowedMessage }) }),
1196
- mode !== "forgot" && buildErrorView(),
1197
- /* @__PURE__ */ jsxs("div", { className: cls(
1198
- "w-full transition-opacity duration-150",
1199
- viewVisible ? "opacity-100" : "opacity-0"
1200
- ), children: [
1201
- isBootstrapMode && !authController.user && /* @__PURE__ */ jsx(
1202
- LoginForm,
1203
- {
1204
- authController,
1205
- registrationMode: true,
1206
- onClose: () => {
1207
- },
1208
- onForgotPassword: () => {
1209
- },
1210
- noUserComponent,
1211
- disableSignupScreen: false,
1212
- bootstrapMode: true
1213
- }
1214
- ),
1215
- !isBootstrapMode && /* @__PURE__ */ jsxs(Fragment, { children: [
1216
- mode === "buttons" && /* @__PURE__ */ jsxs("div", { className: "w-full flex flex-col gap-3 mt-2", children: [
1217
- /* @__PURE__ */ jsx(
1218
- LoginButton,
1219
- {
1220
- disabled,
1221
- text: "Sign in with email",
1222
- icon: /* @__PURE__ */ jsx(MailIcon, {}),
1223
- onClick: () => switchMode("login")
1224
- }
1225
- ),
1226
- googleEnabled && googleClientId && /* @__PURE__ */ jsx(
1227
- GoogleLoginButton,
1228
- {
1229
- disabled,
1230
- googleClientId,
1231
- authController
1232
- }
1233
- ),
1234
- showRegistration && /* @__PURE__ */ jsx("div", { className: "mt-2 text-center", children: /* @__PURE__ */ jsxs(Typography, { variant: "body2", color: "secondary", children: [
1235
- "Don't have an account?",
1236
- " ",
1237
- /* @__PURE__ */ jsx(
1238
- "button",
1239
- {
1240
- type: "button",
1241
- className: cls(
1242
- "font-semibold hover:underline cursor-pointer",
1243
- "text-primary-600 dark:text-primary-400"
1244
- ),
1245
- onClick: () => switchMode("register"),
1246
- children: "Create one"
1247
- }
1248
- )
1249
- ] }) })
1250
- ] }),
1251
- mode === "login" && /* @__PURE__ */ jsx(
1252
- LoginForm,
1253
- {
1254
- authController,
1255
- registrationMode: false,
1256
- onClose: () => switchMode("buttons"),
1257
- onForgotPassword: () => switchMode("forgot"),
1258
- noUserComponent,
1259
- disableSignupScreen,
1260
- switchToRegister: showRegistration ? () => switchMode("register") : void 0
1261
- }
1262
- ),
1263
- mode === "register" && /* @__PURE__ */ jsx(
1264
- LoginForm,
1265
- {
1266
- authController,
1267
- registrationMode: true,
1268
- onClose: () => switchMode("buttons"),
1269
- onForgotPassword: () => switchMode("forgot"),
1270
- noUserComponent,
1271
- disableSignupScreen,
1272
- switchToLogin: () => switchMode("login")
1273
- }
1274
- ),
1275
- mode === "forgot" && /* @__PURE__ */ jsx(
1276
- ForgotPasswordForm,
1277
- {
1278
- authController,
1279
- onClose: () => switchMode("login")
1280
- }
1281
- )
1282
- ] })
1283
- ] })
1284
- ] })
1285
- ]
1286
- }
1287
- );
1288
- }
1289
- function LoginButton({
1290
- icon,
1291
- onClick,
1292
- text,
1293
- disabled
1294
- }) {
1295
- return /* @__PURE__ */ jsx(
1296
- Button,
1297
- {
1298
- disabled,
1299
- className: "w-full",
1300
- variant: "outlined",
1301
- size: "large",
1302
- onClick,
1303
- children: /* @__PURE__ */ jsxs("div", { className: "flex items-center justify-center w-full gap-3 py-1", children: [
1304
- /* @__PURE__ */ jsx("span", { className: "flex items-center justify-center w-5 h-5", children: icon }),
1305
- /* @__PURE__ */ jsx(Typography, { variant: "button", children: text })
1306
- ] })
1307
- }
1308
- );
1309
- }
1310
- const GoogleIcon = () => /* @__PURE__ */ jsxs("svg", { viewBox: "0 0 24 24", width: "20", height: "20", children: [
1311
- /* @__PURE__ */ jsx(
1312
- "path",
1313
- {
1314
- fill: "#4285F4",
1315
- d: "M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
1316
- }
1317
- ),
1318
- /* @__PURE__ */ jsx(
1319
- "path",
1320
- {
1321
- fill: "#34A853",
1322
- d: "M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
1323
- }
1324
- ),
1325
- /* @__PURE__ */ jsx(
1326
- "path",
1327
- {
1328
- fill: "#FBBC05",
1329
- d: "M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
1330
- }
1331
- ),
1332
- /* @__PURE__ */ jsx(
1333
- "path",
1334
- {
1335
- fill: "#EA4335",
1336
- d: "M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
1337
- }
1338
- )
1339
- ] });
1340
- function GoogleLoginButton({
1341
- disabled,
1342
- googleClientId,
1343
- authController
1344
- }) {
1345
- const codeClientRef = useRef(null);
1346
- useEffect(() => {
1347
- const google = window.google;
1348
- if (!google || codeClientRef.current) return;
1349
- codeClientRef.current = google.accounts.oauth2.initCodeClient({
1350
- client_id: googleClientId,
1351
- scope: "openid email profile",
1352
- ux_mode: "popup",
1353
- callback: async (response) => {
1354
- if (response.error || !response.code) {
1355
- console.error("Google login error:", response.error);
1356
- return;
1357
- }
1358
- try {
1359
- await authController.googleLogin({
1360
- code: response.code,
1361
- redirectUri: "postmessage"
1362
- });
1363
- } catch (err) {
1364
- console.error("Google login error:", err);
1365
- }
1366
- }
1367
- });
1368
- }, [googleClientId, authController]);
1369
- const handleClick = () => {
1370
- if (!codeClientRef.current) {
1371
- console.error("Google Sign-In not loaded");
1372
- return;
1373
- }
1374
- codeClientRef.current.requestCode();
1375
- };
1376
- return /* @__PURE__ */ jsx(
1377
- LoginButton,
1378
- {
1379
- disabled,
1380
- text: "Sign in with Google",
1381
- icon: /* @__PURE__ */ jsx(GoogleIcon, {}),
1382
- onClick: handleClick
1383
- }
1384
- );
1385
- }
1386
- function LoginForm({
1387
- onClose,
1388
- onForgotPassword,
1389
- authController,
1390
- registrationMode,
1391
- noUserComponent,
1392
- disableSignupScreen,
1393
- bootstrapMode = false,
1394
- switchToRegister,
1395
- switchToLogin
1396
- }) {
1397
- const passwordRef = useRef(null);
1398
- const [email, setEmail] = useState();
1399
- const [password, setPassword] = useState();
1400
- const [displayName, setDisplayName] = useState();
1401
- useEffect(() => {
1402
- if (!document) return;
1403
- const escFunction = (event) => {
1404
- if (event.keyCode === 27) {
1405
- onClose();
1406
- }
1407
- };
1408
- document.addEventListener("keydown", escFunction, false);
1409
- return () => {
1410
- document.removeEventListener("keydown", escFunction, false);
1411
- };
1412
- }, [onClose]);
1413
- function handleEnterPassword() {
1414
- if (email && password) {
1415
- authController.emailPasswordLogin(email, password);
1416
- }
1417
- }
1418
- function handleRegistration() {
1419
- if (email && password) {
1420
- authController.register(email, password, displayName);
1421
- }
1422
- }
1423
- const handleSubmit = (event) => {
1424
- event.preventDefault();
1425
- if (registrationMode)
1426
- handleRegistration();
1427
- else
1428
- handleEnterPassword();
1429
- };
1430
- const title = bootstrapMode ? "Welcome!" : registrationMode ? "Create account" : "Sign in";
1431
- const subtitle = bootstrapMode ? "Create your admin account to get started. This account will have admin privileges." : registrationMode ? "Fill in your details to create a new account" : "Enter your credentials to continue";
1432
- const buttonLabel = registrationMode ? "Create account" : "Sign in";
1433
- return /* @__PURE__ */ jsxs("form", { onSubmit: handleSubmit, className: "flex flex-col w-full gap-1 mt-2", children: [
1434
- !bootstrapMode && /* @__PURE__ */ jsx("div", { className: "w-full mb-2 -ml-2.5", children: /* @__PURE__ */ jsx(IconButton, { onClick: onClose, children: /* @__PURE__ */ jsx(ArrowLeftIcon, {}) }) }),
1435
- /* @__PURE__ */ jsx(Typography, { variant: "h6", className: "mb-0.5", children: title }),
1436
- /* @__PURE__ */ jsx(Typography, { variant: "body2", color: "secondary", className: "mb-5", children: subtitle }),
1437
- registrationMode && noUserComponent && /* @__PURE__ */ jsx("div", { className: "w-full mb-2", children: noUserComponent }),
1438
- registrationMode && /* @__PURE__ */ jsxs("div", { className: "w-full mb-3", children: [
1439
- /* @__PURE__ */ jsx(Typography, { variant: "label", color: "secondary", className: "mb-1", children: "Display Name" }),
1440
- /* @__PURE__ */ jsx(
1441
- TextField,
1442
- {
1443
- placeholder: "Jane Doe (optional)",
1444
- className: "w-full",
1445
- value: displayName ?? "",
1446
- disabled: authController.initialLoading,
1447
- type: "text",
1448
- size: "medium",
1449
- onChange: (event) => setDisplayName(event.target.value)
1450
- }
1451
- )
1452
- ] }),
1453
- /* @__PURE__ */ jsxs("div", { className: "w-full mb-3", children: [
1454
- /* @__PURE__ */ jsx(Typography, { variant: "label", color: "secondary", className: "mb-1", children: "Email" }),
1455
- /* @__PURE__ */ jsx(
1456
- TextField,
1457
- {
1458
- placeholder: "you@example.com",
1459
- className: "w-full",
1460
- autoFocus: true,
1461
- value: email ?? "",
1462
- disabled: authController.initialLoading,
1463
- type: "email",
1464
- size: "medium",
1465
- onChange: (event) => setEmail(event.target.value)
1466
- }
1467
- )
1468
- ] }),
1469
- /* @__PURE__ */ jsxs("div", { className: "w-full mb-1", children: [
1470
- /* @__PURE__ */ jsx(Typography, { variant: "label", color: "secondary", className: "mb-1", children: "Password" }),
1471
- /* @__PURE__ */ jsx(
1472
- TextField,
1473
- {
1474
- placeholder: "••••••••",
1475
- className: "w-full",
1476
- value: password ?? "",
1477
- disabled: authController.initialLoading,
1478
- inputRef: passwordRef,
1479
- type: "password",
1480
- size: "medium",
1481
- onChange: (event) => setPassword(event.target.value)
1482
- }
1483
- )
1484
- ] }),
1485
- registrationMode && /* @__PURE__ */ jsx(Typography, { variant: "caption", color: "secondary", className: "mb-3", children: "Password must be 8+ characters with uppercase, lowercase, and a number" }),
1486
- !registrationMode && /* @__PURE__ */ jsx("div", { className: "w-full text-right mb-3", children: /* @__PURE__ */ jsx(
1487
- "button",
1488
- {
1489
- type: "button",
1490
- className: cls(
1491
- "text-xs font-medium hover:underline cursor-pointer",
1492
- "text-primary-600 dark:text-primary-400"
1493
- ),
1494
- onClick: onForgotPassword,
1495
- children: "Forgot password?"
1496
- }
1497
- ) }),
1498
- /* @__PURE__ */ jsx(
1499
- LoadingButton,
1500
- {
1501
- type: "submit",
1502
- variant: "filled",
1503
- color: "primary",
1504
- className: "w-full mt-1",
1505
- size: "large",
1506
- loading: authController.authLoading,
1507
- disabled: authController.authLoading || !email || !password,
1508
- children: buttonLabel
1509
- }
1510
- ),
1511
- switchToRegister && /* @__PURE__ */ jsx("div", { className: "mt-4 text-center", children: /* @__PURE__ */ jsxs(Typography, { variant: "body2", color: "secondary", children: [
1512
- "Don't have an account?",
1513
- " ",
1514
- /* @__PURE__ */ jsx(
1515
- "button",
1516
- {
1517
- type: "button",
1518
- className: cls(
1519
- "font-semibold hover:underline cursor-pointer",
1520
- "text-primary-600 dark:text-primary-400"
1521
- ),
1522
- onClick: switchToRegister,
1523
- children: "Create one"
1524
- }
1525
- )
1526
- ] }) }),
1527
- switchToLogin && /* @__PURE__ */ jsx("div", { className: "mt-4 text-center", children: /* @__PURE__ */ jsxs(Typography, { variant: "body2", color: "secondary", children: [
1528
- "Already have an account?",
1529
- " ",
1530
- /* @__PURE__ */ jsx(
1531
- "button",
1532
- {
1533
- type: "button",
1534
- className: cls(
1535
- "font-semibold hover:underline cursor-pointer",
1536
- "text-primary-600 dark:text-primary-400"
1537
- ),
1538
- onClick: switchToLogin,
1539
- children: "Sign in"
1540
- }
1541
- )
1542
- ] }) })
1543
- ] });
1544
- }
1545
- function ForgotPasswordForm({
1546
- onClose,
1547
- authController
1548
- }) {
1549
- const [email, setEmail] = useState("");
1550
- const [submitted, setSubmitted] = useState(false);
1551
- const [error, setError] = useState(null);
1552
- useEffect(() => {
1553
- if (!document) return;
1554
- const escFunction = (event) => {
1555
- if (event.keyCode === 27) {
1556
- onClose();
1557
- }
1558
- };
1559
- document.addEventListener("keydown", escFunction, false);
1560
- return () => {
1561
- document.removeEventListener("keydown", escFunction, false);
1562
- };
1563
- }, [onClose]);
1564
- const handleSubmit = async (event) => {
1565
- event.preventDefault();
1566
- setError(null);
1567
- if (!email) {
1568
- setError("Please enter your email address");
1569
- return;
1570
- }
1571
- try {
1572
- await authController.forgotPassword(email);
1573
- setSubmitted(true);
1574
- } catch (err) {
1575
- if (err instanceof Error && err.code === "EMAIL_NOT_CONFIGURED") {
1576
- setError("Password reset is not available. Please contact your administrator.");
1577
- } else {
1578
- setSubmitted(true);
1579
- }
1580
- }
1581
- };
1582
- if (submitted) {
1583
- return /* @__PURE__ */ jsxs("div", { className: "flex flex-col w-full gap-4 mt-2", children: [
1584
- /* @__PURE__ */ jsx("div", { className: "w-full -ml-2.5", children: /* @__PURE__ */ jsx(IconButton, { onClick: onClose, children: /* @__PURE__ */ jsx(ArrowLeftIcon, {}) }) }),
1585
- /* @__PURE__ */ jsxs("div", { className: cls(
1586
- "text-center rounded-xl p-6",
1587
- "bg-surface-50 dark:bg-surface-950"
1588
- ), children: [
1589
- /* @__PURE__ */ jsx("div", { className: "text-3xl mb-3", children: "📧" }),
1590
- /* @__PURE__ */ jsx(Typography, { variant: "subtitle1", className: "mb-2", children: "Check your email" }),
1591
- /* @__PURE__ */ jsxs(Typography, { variant: "body2", color: "secondary", children: [
1592
- "If an account exists for ",
1593
- /* @__PURE__ */ jsx("strong", { children: email }),
1594
- ", you'll receive a password reset link shortly."
1595
- ] })
1596
- ] }),
1597
- /* @__PURE__ */ jsx(Button, { onClick: onClose, variant: "text", className: "mt-2", children: "Back to sign in" })
1598
- ] });
1599
- }
1600
- return /* @__PURE__ */ jsxs("form", { onSubmit: handleSubmit, className: "flex flex-col w-full gap-1 mt-2", children: [
1601
- /* @__PURE__ */ jsx("div", { className: "w-full mb-2 -ml-2.5", children: /* @__PURE__ */ jsx(IconButton, { onClick: onClose, children: /* @__PURE__ */ jsx(ArrowLeftIcon, {}) }) }),
1602
- /* @__PURE__ */ jsx(Typography, { variant: "h6", className: "mb-0.5", children: "Reset password" }),
1603
- /* @__PURE__ */ jsx(Typography, { variant: "body2", color: "secondary", className: "mb-5", children: "Enter your email and we'll send you a reset link." }),
1604
- error && /* @__PURE__ */ jsx("div", { className: "w-full mb-3", children: /* @__PURE__ */ jsx(ErrorView, { error }) }),
1605
- /* @__PURE__ */ jsxs("div", { className: "w-full mb-3", children: [
1606
- /* @__PURE__ */ jsx(Typography, { variant: "label", color: "secondary", className: "mb-1", children: "Email" }),
1607
- /* @__PURE__ */ jsx(
1608
- TextField,
1609
- {
1610
- placeholder: "you@example.com",
1611
- className: "w-full",
1612
- autoFocus: true,
1613
- value: email,
1614
- type: "email",
1615
- size: "medium",
1616
- onChange: (event) => setEmail(event.target.value)
1617
- }
1618
- )
1619
- ] }),
1620
- /* @__PURE__ */ jsx(
1621
- LoadingButton,
1622
- {
1623
- type: "submit",
1624
- variant: "filled",
1625
- color: "primary",
1626
- className: "w-full",
1627
- size: "large",
1628
- loading: authController.authLoading,
1629
- disabled: authController.authLoading || !email,
1630
- children: "Send reset link"
1631
- }
1632
- )
1633
- ] });
1634
- }
1635
- function RebaseAuth({ loginView }) {
1636
- const dispatch = useRebaseRegistryDispatch();
1637
- const registeredRef = useRef(false);
1638
- useLayoutEffect(() => {
1639
- dispatch.registerAuth({ loginView });
1640
- registeredRef.current = true;
1641
- return () => {
1642
- registeredRef.current = false;
1643
- dispatch.unregisterAuth();
1644
- };
1645
- }, [dispatch, loginView]);
1646
- return null;
1647
- }
1648
- function createUserManagementAdminViews({ userManagement, apiUrl, getAuthToken, collections = [] }) {
1649
- return [
1650
- {
1651
- slug: "dev/users",
1652
- name: "CMS Users",
1653
- icon: "face",
1654
- view: /* @__PURE__ */ jsx(UsersView, { userManagement, apiUrl, getAuthToken })
1655
- },
1656
- {
1657
- slug: "dev/roles",
1658
- name: "Roles",
1659
- icon: "gpp_good",
1660
- view: /* @__PURE__ */ jsx(RolesView, { userManagement, collections })
1661
- }
1662
- ];
1663
- }
1664
- function RoleChip({ role }) {
1665
- let colorScheme;
1666
- if (role.isAdmin) {
1667
- colorScheme = "blue";
1668
- } else if (role.id === "editor") {
1669
- colorScheme = "yellow";
1670
- } else if (role.id === "viewer") {
1671
- colorScheme = "gray";
1672
- } else {
1673
- colorScheme = getColorSchemeForSeed(role.id);
1674
- }
1675
- return /* @__PURE__ */ jsx(Chip, { colorScheme, children: role.name }, role.id);
1676
- }
1677
- function UsersView({ userManagement, apiUrl, getAuthToken }) {
1678
- const { users, roles, saveUser, deleteUser, loading } = userManagement;
1679
- const usersError = "usersError" in userManagement ? userManagement.usersError : void 0;
1680
- const snackbarController = useSnackbarController();
1681
- const { user: loggedInUser } = useAuthController();
1682
- const [dialogOpen, setDialogOpen] = useState(false);
1683
- const [selectedUser, setSelectedUser] = useState();
1684
- const [deleteConfirmOpen, setDeleteConfirmOpen] = useState(false);
1685
- const [userToDelete, setUserToDelete] = useState();
1686
- const [deleteInProgress, setDeleteInProgress] = useState(false);
1687
- const [formKey, setFormKey] = useState(0);
1688
- const [bootstrapping, setBootstrapping] = useState(false);
1689
- const hasAdmin = users.some((u) => u.roles?.includes("admin"));
1690
- const handleBootstrap = async () => {
1691
- setBootstrapping(true);
1692
- try {
1693
- const token = await getAuthToken();
1694
- const response = await fetch(`${apiUrl}/api/admin/bootstrap`, {
1695
- method: "POST",
1696
- headers: {
1697
- "Content-Type": "application/json",
1698
- "Authorization": `Bearer ${token}`
1699
- }
1700
- });
1701
- const data = await response.json();
1702
- if (!response.ok) {
1703
- throw new Error(data.error?.message || "Bootstrap failed");
1704
- }
1705
- snackbarController.open({
1706
- type: "success",
1707
- message: "You are now an admin! Refreshing..."
1708
- });
1709
- window.location.reload();
1710
- } catch (error) {
1711
- snackbarController.open({
1712
- type: "error",
1713
- message: error instanceof Error ? error.message : "Failed to bootstrap admin"
1714
- });
1715
- } finally {
1716
- setBootstrapping(false);
1717
- }
1718
- };
1719
- const handleAddUser = () => {
1720
- setSelectedUser(void 0);
1721
- setFormKey((k) => k + 1);
1722
- setDialogOpen(true);
1723
- };
1724
- const handleEditUser = (user) => {
1725
- setSelectedUser(user);
1726
- setDialogOpen(true);
1727
- };
1728
- const handleClose = () => {
1729
- setDialogOpen(false);
1730
- setSelectedUser(void 0);
1731
- };
1732
- const handleDelete = async () => {
1733
- if (!userToDelete) return;
1734
- setDeleteInProgress(true);
1735
- try {
1736
- await deleteUser(userToDelete);
1737
- snackbarController.open({
1738
- type: "success",
1739
- message: "User deleted successfully"
1740
- });
1741
- setDeleteConfirmOpen(false);
1742
- setUserToDelete(void 0);
1743
- } catch (error) {
1744
- snackbarController.open({
1745
- type: "error",
1746
- message: error instanceof Error ? error.message : "Error deleting user"
1747
- });
1748
- } finally {
1749
- setDeleteInProgress(false);
1750
- }
1751
- };
1752
- if (loading) {
1753
- return /* @__PURE__ */ jsx(CenteredView, { children: /* @__PURE__ */ jsx(CircularProgress, {}) });
1754
- }
1755
- return /* @__PURE__ */ jsxs(Container, { className: "w-full flex flex-col py-4 gap-4", maxWidth: "6xl", children: [
1756
- !hasAdmin && loggedInUser && /* @__PURE__ */ jsxs("div", { className: "bg-yellow-100 dark:bg-yellow-900 border border-yellow-400 dark:border-yellow-700 rounded p-4 flex items-center justify-between", children: [
1757
- /* @__PURE__ */ jsx("div", { children: /* @__PURE__ */ jsx(Typography, { variant: "label", className: "text-yellow-800 dark:text-yellow-200", children: "No admin users exist. You can make yourself an admin." }) }),
1758
- /* @__PURE__ */ jsx(
1759
- Button,
1760
- {
1761
- onClick: handleBootstrap,
1762
- disabled: bootstrapping,
1763
- children: bootstrapping ? /* @__PURE__ */ jsx(CircularProgress, { size: "small" }) : "Make me admin"
1764
- }
1765
- )
1766
- ] }),
1767
- /* @__PURE__ */ jsxs("div", { className: "flex items-center mt-12", children: [
1768
- /* @__PURE__ */ jsx(Typography, { gutterBottom: true, variant: "h4", className: "grow", component: "h4", children: "Users" }),
1769
- /* @__PURE__ */ jsx(Button, { startIcon: /* @__PURE__ */ jsx(PlusIcon, {}), onClick: handleAddUser, children: "Add user" })
1770
- ] }),
1771
- /* @__PURE__ */ jsx("div", { className: "overflow-auto", children: /* @__PURE__ */ jsxs(Table, { className: "w-full", children: [
1772
- /* @__PURE__ */ jsxs(TableHeader, { children: [
1773
- /* @__PURE__ */ jsx(TableCell, { header: true, className: "truncate w-16" }),
1774
- /* @__PURE__ */ jsx(TableCell, { header: true, children: "Email" }),
1775
- /* @__PURE__ */ jsx(TableCell, { header: true, children: "Name" }),
1776
- /* @__PURE__ */ jsx(TableCell, { header: true, children: "Roles" })
1777
- ] }),
1778
- /* @__PURE__ */ jsxs(TableBody, { children: [
1779
- users.map((user) => /* @__PURE__ */ jsxs(TableRow, { onClick: () => handleEditUser(user), children: [
1780
- /* @__PURE__ */ jsx(TableCell, { style: { width: "64px" }, children: /* @__PURE__ */ jsx(Tooltip, { asChild: true, title: "Delete this user", children: /* @__PURE__ */ jsx(
1781
- IconButton,
1782
- {
1783
- size: "small",
1784
- onClick: (e) => {
1785
- e.stopPropagation();
1786
- setUserToDelete(user);
1787
- setDeleteConfirmOpen(true);
1788
- },
1789
- children: /* @__PURE__ */ jsx(Trash2Icon, {})
1790
- }
1791
- ) }) }),
1792
- /* @__PURE__ */ jsx(TableCell, { children: user.email }),
1793
- /* @__PURE__ */ jsx(TableCell, { className: "font-medium", children: user.displayName }),
1794
- /* @__PURE__ */ jsx(TableCell, { children: /* @__PURE__ */ jsx("div", { className: "flex flex-wrap gap-2", children: user.roles?.map((roleId) => {
1795
- const role = roles.find((r) => r.id === roleId);
1796
- return role ? /* @__PURE__ */ jsx(RoleChip, { role }, roleId) : /* @__PURE__ */ jsx("span", { children: roleId }, roleId);
1797
- }) }) })
1798
- ] }, user.uid)),
1799
- users.length === 0 && /* @__PURE__ */ jsx(TableRow, { children: /* @__PURE__ */ jsx(TableCell, { colspan: 4, children: /* @__PURE__ */ jsxs(CenteredView, { className: "flex flex-col gap-4 my-8 items-center", children: [
1800
- /* @__PURE__ */ jsx(Typography, { variant: "label", children: usersError ? "You don't have permission to view users" : "There are no users yet" }),
1801
- usersError && /* @__PURE__ */ jsx(Typography, { variant: "caption", className: "text-surface-500", children: "Contact an administrator if you need access to this section." })
1802
- ] }) }) })
1803
- ] })
1804
- ] }) }),
1805
- /* @__PURE__ */ jsx(
1806
- UserDetailsForm,
1807
- {
1808
- open: dialogOpen,
1809
- user: selectedUser,
1810
- roles,
1811
- saveUser,
1812
- handleClose
1813
- },
1814
- selectedUser?.uid ?? `new-${formKey}`
1815
- ),
1816
- /* @__PURE__ */ jsx(
1817
- ConfirmationDialog,
1818
- {
1819
- open: deleteConfirmOpen,
1820
- loading: deleteInProgress,
1821
- onAccept: handleDelete,
1822
- onCancel: () => {
1823
- setDeleteConfirmOpen(false);
1824
- setUserToDelete(void 0);
1825
- },
1826
- title: /* @__PURE__ */ jsx(Fragment, { children: "Delete?" }),
1827
- body: /* @__PURE__ */ jsx(Fragment, { children: "Are you sure you want to delete this user?" })
1828
- }
1829
- )
1830
- ] });
1831
- }
1832
- function UserDetailsForm({
1833
- open,
1834
- user: userProp,
1835
- roles,
1836
- saveUser,
1837
- handleClose
1838
- }) {
1839
- const snackbarController = useSnackbarController();
1840
- const isNewUser = !userProp;
1841
- const [displayName, setDisplayName] = useState(userProp?.displayName || "");
1842
- const [email, setEmail] = useState(userProp?.email || "");
1843
- const [selectedRoleIds, setSelectedRoleIds] = useState(
1844
- userProp?.roles || ["editor"]
1845
- );
1846
- const [isSubmitting, setIsSubmitting] = useState(false);
1847
- const [errors, setErrors] = useState({});
1848
- const [submitCount, setSubmitCount] = useState(0);
1849
- const validate = () => {
1850
- const newErrors = {};
1851
- if (!displayName) newErrors.displayName = "Required";
1852
- if (!email) newErrors.email = "Required";
1853
- else if (!/\S+@\S+\.\S+/.test(email)) newErrors.email = "Invalid email";
1854
- if (selectedRoleIds.length === 0) newErrors.roles = "At least one role is required";
1855
- setErrors(newErrors);
1856
- return Object.keys(newErrors).length === 0;
1857
- };
1858
- const handleSubmit = async (e) => {
1859
- e.preventDefault();
1860
- setSubmitCount((c) => c + 1);
1861
- if (!validate()) return;
1862
- setIsSubmitting(true);
1863
- try {
1864
- const userToSave = {
1865
- uid: userProp?.uid || crypto.randomUUID(),
1866
- email,
1867
- displayName: displayName || null,
1868
- photoURL: userProp?.photoURL || null,
1869
- providerId: "custom",
1870
- isAnonymous: false,
1871
- roles: selectedRoleIds
1872
- };
1873
- await saveUser(userToSave);
1874
- handleClose();
1875
- } catch (error) {
1876
- snackbarController.open({
1877
- type: "error",
1878
- message: error instanceof Error ? error.message : "Failed to save user"
1879
- });
1880
- } finally {
1881
- setIsSubmitting(false);
1882
- }
1883
- };
1884
- const dirty = isNewUser || displayName !== (userProp?.displayName || "") || email !== (userProp?.email || "") || JSON.stringify(selectedRoleIds.sort()) !== JSON.stringify((userProp?.roles || []).sort());
1885
- return /* @__PURE__ */ jsx(Dialog, { open, onOpenChange: (open2) => !open2 ? handleClose() : void 0, maxWidth: "4xl", children: /* @__PURE__ */ jsxs(
1886
- "form",
1887
- {
1888
- onSubmit: handleSubmit,
1889
- autoComplete: "off",
1890
- noValidate: true,
1891
- style: {
1892
- display: "flex",
1893
- flexDirection: "column",
1894
- position: "relative",
1895
- height: "100%"
1896
- },
1897
- children: [
1898
- /* @__PURE__ */ jsx(DialogTitle, { variant: "h4", gutterBottom: false, children: "User" }),
1899
- /* @__PURE__ */ jsx(DialogContent, { className: "h-full grow", children: /* @__PURE__ */ jsxs("div", { className: "grid grid-cols-12 gap-4", children: [
1900
- /* @__PURE__ */ jsxs("div", { className: "col-span-12", children: [
1901
- /* @__PURE__ */ jsx(
1902
- TextField,
1903
- {
1904
- name: "displayName",
1905
- required: true,
1906
- error: submitCount > 0 && Boolean(errors.displayName),
1907
- value: displayName,
1908
- onChange: (e) => setDisplayName(e.target.value),
1909
- label: "Name"
1910
- }
1911
- ),
1912
- /* @__PURE__ */ jsx(FieldCaption, { children: submitCount > 0 && errors.displayName ? errors.displayName : "Name of this user" })
1913
- ] }),
1914
- /* @__PURE__ */ jsxs("div", { className: "col-span-12", children: [
1915
- /* @__PURE__ */ jsx(
1916
- TextField,
1917
- {
1918
- required: true,
1919
- error: submitCount > 0 && Boolean(errors.email),
1920
- name: "email",
1921
- value: email,
1922
- onChange: (e) => setEmail(e.target.value),
1923
- label: "Email",
1924
- disabled: !isNewUser
1925
- }
1926
- ),
1927
- /* @__PURE__ */ jsx(FieldCaption, { children: submitCount > 0 && errors.email ? errors.email : "Email of this user" })
1928
- ] }),
1929
- /* @__PURE__ */ jsx("div", { className: "col-span-12", children: /* @__PURE__ */ jsx(
1930
- MultiSelect,
1931
- {
1932
- className: "w-full",
1933
- label: "Roles",
1934
- value: selectedRoleIds,
1935
- onValueChange: (value) => setSelectedRoleIds(value),
1936
- children: roles.map((role) => /* @__PURE__ */ jsx(MultiSelectItem, { value: role.id, children: /* @__PURE__ */ jsx(RoleChip, { role }) }, role.id))
1937
- }
1938
- ) })
1939
- ] }) }),
1940
- /* @__PURE__ */ jsxs(DialogActions, { children: [
1941
- /* @__PURE__ */ jsx(Button, { variant: "text", onClick: handleClose, children: "Cancel" }),
1942
- /* @__PURE__ */ jsx(
1943
- LoadingButton,
1944
- {
1945
- variant: "filled",
1946
- type: "submit",
1947
- disabled: !dirty,
1948
- loading: isSubmitting,
1949
- children: isNewUser ? "Create user" : "Update"
1950
- }
1951
- )
1952
- ] })
1953
- ]
1954
- }
1955
- ) });
1956
- }
1957
- function RolesView({ userManagement, collections = [] }) {
1958
- const { roles, saveRole, deleteRole, loading, allowDefaultRolesCreation } = userManagement;
1959
- const rolesError = "rolesError" in userManagement ? userManagement.rolesError : void 0;
1960
- const snackbarController = useSnackbarController();
1961
- const [dialogOpen, setDialogOpen] = useState(false);
1962
- const [selectedRole, setSelectedRole] = useState();
1963
- const [deleteConfirmOpen, setDeleteConfirmOpen] = useState(false);
1964
- const [roleToDelete, setRoleToDelete] = useState();
1965
- const [deleteInProgress, setDeleteInProgress] = useState(false);
1966
- const handleAddRole = () => {
1967
- setSelectedRole(void 0);
1968
- setDialogOpen(true);
1969
- };
1970
- const handleEditRole = (role) => {
1971
- setSelectedRole(role);
1972
- setDialogOpen(true);
1973
- };
1974
- const handleClose = () => {
1975
- setDialogOpen(false);
1976
- setSelectedRole(void 0);
1977
- };
1978
- const handleDelete = async () => {
1979
- if (!roleToDelete) return;
1980
- setDeleteInProgress(true);
1981
- try {
1982
- await deleteRole(roleToDelete);
1983
- snackbarController.open({
1984
- type: "success",
1985
- message: "Role deleted successfully"
1986
- });
1987
- setDeleteConfirmOpen(false);
1988
- setRoleToDelete(void 0);
1989
- } catch (error) {
1990
- snackbarController.open({
1991
- type: "error",
1992
- message: error instanceof Error ? error.message : "Error deleting role"
1993
- });
1994
- } finally {
1995
- setDeleteInProgress(false);
1996
- }
1997
- };
1998
- const createDefaultRoles = () => {
1999
- const defaultRoles = [
2000
- {
2001
- id: "admin",
2002
- name: "Admin",
2003
- isAdmin: true
2004
- },
2005
- {
2006
- id: "editor",
2007
- name: "Editor",
2008
- isAdmin: false
2009
- },
2010
- {
2011
- id: "viewer",
2012
- name: "Viewer",
2013
- isAdmin: false
2014
- }
2015
- ];
2016
- defaultRoles.forEach((role) => saveRole(role));
2017
- };
2018
- if (loading) {
2019
- return /* @__PURE__ */ jsx(CenteredView, { children: /* @__PURE__ */ jsx(CircularProgress, {}) });
2020
- }
2021
- return /* @__PURE__ */ jsxs(Container, { className: "w-full flex flex-col py-4 gap-4", maxWidth: "6xl", children: [
2022
- /* @__PURE__ */ jsxs("div", { className: "flex items-center mt-12", children: [
2023
- /* @__PURE__ */ jsx(Typography, { gutterBottom: true, variant: "h4", className: "grow", component: "h4", children: "Roles" }),
2024
- /* @__PURE__ */ jsx(Button, { startIcon: /* @__PURE__ */ jsx(PlusIcon, {}), onClick: handleAddRole, children: "Add role" })
2025
- ] }),
2026
- /* @__PURE__ */ jsx("div", { className: "w-full overflow-auto", children: /* @__PURE__ */ jsxs(Table, { className: "w-full", children: [
2027
- /* @__PURE__ */ jsxs(TableHeader, { children: [
2028
- /* @__PURE__ */ jsx(TableCell, { header: true, className: "w-16" }),
2029
- /* @__PURE__ */ jsx(TableCell, { header: true, children: "Role" }),
2030
- /* @__PURE__ */ jsx(TableCell, { header: true, className: "items-center", children: "Is Admin" })
2031
- ] }),
2032
- /* @__PURE__ */ jsxs(TableBody, { children: [
2033
- roles.map((role) => {
2034
- return /* @__PURE__ */ jsxs(TableRow, { onClick: () => handleEditRole(role), children: [
2035
- /* @__PURE__ */ jsx(TableCell, { style: { width: "64px" }, children: !role.isAdmin && /* @__PURE__ */ jsx(Tooltip, { asChild: true, title: "Delete this role", children: /* @__PURE__ */ jsx(
2036
- IconButton,
2037
- {
2038
- size: "small",
2039
- onClick: (e) => {
2040
- e.stopPropagation();
2041
- setRoleToDelete(role);
2042
- setDeleteConfirmOpen(true);
2043
- },
2044
- children: /* @__PURE__ */ jsx(Trash2Icon, {})
2045
- }
2046
- ) }) }),
2047
- /* @__PURE__ */ jsx(TableCell, { children: /* @__PURE__ */ jsx(RoleChip, { role }) }),
2048
- /* @__PURE__ */ jsx(TableCell, { className: "items-center", children: /* @__PURE__ */ jsx(Checkbox, { checked: role.isAdmin ?? false }) })
2049
- ] }, role.id);
2050
- }),
2051
- roles.length === 0 && /* @__PURE__ */ jsx(TableRow, { children: /* @__PURE__ */ jsx(TableCell, { colspan: 4, children: /* @__PURE__ */ jsxs(CenteredView, { className: "flex flex-col gap-4 my-8 items-center", children: [
2052
- /* @__PURE__ */ jsx(Typography, { variant: "label", children: rolesError ? "You don't have permission to view roles" : "You don't have any roles yet." }),
2053
- rolesError && /* @__PURE__ */ jsx(Typography, { variant: "caption", className: "text-surface-500", children: "Contact an administrator if you need access to this section." }),
2054
- !rolesError && allowDefaultRolesCreation && /* @__PURE__ */ jsx(Button, { onClick: createDefaultRoles, children: "Create default roles" })
2055
- ] }) }) })
2056
- ] })
2057
- ] }) }),
2058
- /* @__PURE__ */ jsx(
2059
- RoleDetailsForm,
2060
- {
2061
- open: dialogOpen,
2062
- role: selectedRole,
2063
- saveRole,
2064
- handleClose,
2065
- collections
2066
- },
2067
- selectedRole?.id ?? "new"
2068
- ),
2069
- /* @__PURE__ */ jsx(
2070
- ConfirmationDialog,
2071
- {
2072
- open: deleteConfirmOpen,
2073
- loading: deleteInProgress,
2074
- onAccept: handleDelete,
2075
- onCancel: () => {
2076
- setDeleteConfirmOpen(false);
2077
- setRoleToDelete(void 0);
2078
- },
2079
- title: /* @__PURE__ */ jsx(Fragment, { children: "Delete?" }),
2080
- body: /* @__PURE__ */ jsx(Fragment, { children: "Are you sure you want to delete this role?" })
2081
- }
2082
- )
2083
- ] });
2084
- }
2085
- function RoleDetailsForm({
2086
- open,
2087
- role: roleProp,
2088
- saveRole,
2089
- handleClose,
2090
- collections = []
2091
- }) {
2092
- const snackbarController = useSnackbarController();
2093
- const isNewRole = !roleProp;
2094
- const [roleId, setRoleId] = useState(roleProp?.id || "");
2095
- const [roleName, setRoleName] = useState(roleProp?.name || "");
2096
- const [isAdmin, setIsAdmin] = useState(roleProp?.isAdmin ?? false);
2097
- const [isSubmitting, setIsSubmitting] = useState(false);
2098
- const [errors, setErrors] = useState({});
2099
- const [submitCount, setSubmitCount] = useState(0);
2100
- const validate = () => {
2101
- const newErrors = {};
2102
- if (!roleId) newErrors.id = "Required";
2103
- if (!roleName) newErrors.name = "Required";
2104
- setErrors(newErrors);
2105
- return Object.keys(newErrors).length === 0;
2106
- };
2107
- const handleSubmit = async (e) => {
2108
- e.preventDefault();
2109
- setSubmitCount((c) => c + 1);
2110
- if (!validate()) return;
2111
- setIsSubmitting(true);
2112
- try {
2113
- await saveRole({
2114
- id: roleId,
2115
- name: roleName,
2116
- isAdmin
2117
- });
2118
- handleClose();
2119
- } catch (error) {
2120
- snackbarController.open({
2121
- type: "error",
2122
- message: error instanceof Error ? error.message : "Failed to save role"
2123
- });
2124
- } finally {
2125
- setIsSubmitting(false);
2126
- }
2127
- };
2128
- return /* @__PURE__ */ jsx(Dialog, { open, onOpenChange: (open2) => !open2 ? handleClose() : void 0, maxWidth: "6xl", children: /* @__PURE__ */ jsxs(
2129
- "form",
2130
- {
2131
- onSubmit: handleSubmit,
2132
- autoComplete: "off",
2133
- noValidate: true,
2134
- style: {
2135
- display: "flex",
2136
- flexDirection: "column",
2137
- position: "relative",
2138
- height: "100%"
2139
- },
2140
- children: [
2141
- /* @__PURE__ */ jsx(DialogTitle, { variant: "h4", gutterBottom: false, children: "Role" }),
2142
- /* @__PURE__ */ jsx(DialogContent, { className: "h-full grow overflow-y-auto", children: /* @__PURE__ */ jsxs("div", { className: "grid grid-cols-12 gap-4", children: [
2143
- /* @__PURE__ */ jsxs("div", { className: "col-span-12 sm:col-span-4", children: [
2144
- /* @__PURE__ */ jsx(
2145
- TextField,
2146
- {
2147
- name: "id",
2148
- required: true,
2149
- error: submitCount > 0 && Boolean(errors.id),
2150
- value: roleId,
2151
- onChange: (e) => setRoleId(e.target.value),
2152
- label: "Role ID",
2153
- disabled: !isNewRole
2154
- }
2155
- ),
2156
- /* @__PURE__ */ jsx(FieldCaption, { children: submitCount > 0 && errors.id ? errors.id : "Unique identifier for this role" })
2157
- ] }),
2158
- /* @__PURE__ */ jsxs("div", { className: "col-span-12 sm:col-span-4", children: [
2159
- /* @__PURE__ */ jsx(
2160
- TextField,
2161
- {
2162
- name: "name",
2163
- required: true,
2164
- error: submitCount > 0 && Boolean(errors.name),
2165
- value: roleName,
2166
- onChange: (e) => setRoleName(e.target.value),
2167
- label: "Role Name"
2168
- }
2169
- ),
2170
- /* @__PURE__ */ jsx(FieldCaption, { children: submitCount > 0 && errors.name ? errors.name : "Display name for this role" })
2171
- ] }),
2172
- /* @__PURE__ */ jsx("div", { className: "col-span-12 sm:col-span-4 flex items-start pt-2", children: /* @__PURE__ */ jsxs("label", { className: "flex items-center gap-2 cursor-pointer mt-3", children: [
2173
- /* @__PURE__ */ jsx(
2174
- Checkbox,
2175
- {
2176
- checked: isAdmin,
2177
- onCheckedChange: (checked) => setIsAdmin(Boolean(checked))
2178
- }
2179
- ),
2180
- /* @__PURE__ */ jsx("span", { className: "font-medium", children: "Is Admin" })
2181
- ] }) }),
2182
- /* @__PURE__ */ jsx("div", { className: "col-span-12", children: /* @__PURE__ */ jsx(CollectionPermissionsMatrix, { roleId, isAdmin, collections }) })
2183
- ] }) }),
2184
- /* @__PURE__ */ jsxs(DialogActions, { children: [
2185
- /* @__PURE__ */ jsx(Button, { variant: "text", onClick: handleClose, children: "Cancel" }),
2186
- /* @__PURE__ */ jsx(
2187
- LoadingButton,
2188
- {
2189
- variant: "filled",
2190
- type: "submit",
2191
- loading: isSubmitting,
2192
- children: isNewRole ? "Create role" : "Update"
2193
- }
2194
- )
2195
- ] })
2196
- ]
2197
- }
2198
- ) });
2199
- }
2200
- const CRUD_OPS = [
2201
- {
2202
- op: "select",
2203
- label: "Read"
2204
- },
2205
- {
2206
- op: "insert",
2207
- label: "Create"
2208
- },
2209
- {
2210
- op: "update",
2211
- label: "Edit"
2212
- },
2213
- {
2214
- op: "delete",
2215
- label: "Delete"
2216
- }
2217
- ];
2218
- function hasRoleAccess(rules, roleId, op) {
2219
- if (!rules || rules.length === 0) return true;
2220
- const applicable = rules.filter(
2221
- (r) => r.operation === op || r.operation === "all" || r.operations?.includes(op) || r.operations?.includes("all")
2222
- );
2223
- if (applicable.length === 0) return false;
2224
- const forRole = applicable.filter(
2225
- (r) => !r.roles || r.roles.length === 0 || r.roles.includes(roleId) || r.roles.includes("public")
2226
- );
2227
- if (forRole.length === 0) return false;
2228
- for (const r of forRole) {
2229
- if ((r.mode ?? "permissive") === "restrictive") return false;
2230
- }
2231
- return forRole.some((r) => (r.mode ?? "permissive") === "permissive");
2232
- }
2233
- function PermCell({ granted }) {
2234
- return /* @__PURE__ */ jsx(
2235
- "span",
2236
- {
2237
- className: granted ? "text-green-500 dark:text-green-400 text-base select-none" : "text-surface-300 dark:text-surface-600 text-base select-none",
2238
- children: granted ? "✓" : "✗"
2239
- }
2240
- );
2241
- }
2242
- function CollectionPermissionsMatrix({ roleId, isAdmin, collections }) {
2243
- if (!collections || collections.length === 0) {
2244
- return /* @__PURE__ */ jsx("div", { className: "mt-4", children: /* @__PURE__ */ jsx(Typography, { variant: "label", className: "text-surface-400", children: "No collections configured" }) });
2245
- }
2246
- const topLevel = collections;
2247
- return /* @__PURE__ */ jsxs("div", { className: "mt-6", children: [
2248
- /* @__PURE__ */ jsx(Typography, { variant: "label", className: "mb-2 block text-surface-600 dark:text-surface-400 uppercase tracking-wide text-xs", children: "Collection permissions" }),
2249
- /* @__PURE__ */ jsx("div", { className: "rounded-lg border border-surface-200 dark:border-surface-700 overflow-hidden", children: /* @__PURE__ */ jsxs(Table, { children: [
2250
- /* @__PURE__ */ jsx(TableHeader, { children: /* @__PURE__ */ jsxs(TableRow, { children: [
2251
- /* @__PURE__ */ jsx(TableCell, { header: true, children: "Collection" }),
2252
- CRUD_OPS.map(({ op, label }) => /* @__PURE__ */ jsx(TableCell, { header: true, className: "text-center w-24", children: label }, op))
2253
- ] }) }),
2254
- /* @__PURE__ */ jsx(TableBody, { children: topLevel.map((collection) => {
2255
- const extCol = collection;
2256
- const noRules = !extCol.securityRules || extCol.securityRules.length === 0;
2257
- return /* @__PURE__ */ jsxs(TableRow, { children: [
2258
- /* @__PURE__ */ jsxs(TableCell, { children: [
2259
- /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-2", children: [
2260
- /* @__PURE__ */ jsx("span", { className: "font-medium", children: collection.name }),
2261
- noRules && !isAdmin && /* @__PURE__ */ jsx(Tooltip, { title: "No security rules — unrestricted", children: /* @__PURE__ */ jsx(Chip, { className: "text-xs", colorScheme: "yellow", children: "No rules" }) })
2262
- ] }),
2263
- /* @__PURE__ */ jsx("span", { className: "text-xs text-surface-400 font-mono", children: collection.slug })
2264
- ] }),
2265
- CRUD_OPS.map(({ op }) => /* @__PURE__ */ jsx(TableCell, { className: "text-center", children: /* @__PURE__ */ jsx(PermCell, { granted: isAdmin || hasRoleAccess(extCol.securityRules, roleId, op) }) }, op))
2266
- ] }, collection.slug);
2267
- }) })
2268
- ] }) }),
2269
- !roleId && /* @__PURE__ */ jsx(Typography, { variant: "caption", className: "mt-2 text-surface-400 italic", children: "Enter a role ID above to preview permissions" })
2270
- ] });
2271
- }
2272
- function FieldCaption({ children }) {
2273
- return /* @__PURE__ */ jsx(Typography, { variant: "caption", className: "text-surface-500 mt-1.5 ml-1 block", children });
2274
- }
2275
1093
  export {
2276
1094
  AuthApiError,
2277
- RebaseAuth,
2278
- RebaseLoginView,
2279
- RolesView,
2280
- UsersView,
2281
- createUserManagementAdminViews,
1095
+ clearAuthConfigCache,
2282
1096
  fetchAuthConfig,
2283
1097
  getApiUrl,
2284
1098
  setApiUrl,