@rebasepro/auth 0.1.2 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/LICENSE +21 -6
  2. package/dist/api.d.ts +10 -8
  3. package/dist/index.d.ts +1 -5
  4. package/dist/index.es.js +31 -1217
  5. package/dist/index.es.js.map +1 -1
  6. package/dist/index.umd.js +32 -1214
  7. package/dist/index.umd.js.map +1 -1
  8. package/dist/types.d.ts +13 -8
  9. package/package.json +10 -9
  10. package/src/api.ts +31 -22
  11. package/src/hooks/useBackendUserManagement.ts +10 -1
  12. package/src/hooks/useRebaseAuthController.ts +11 -16
  13. package/src/index.ts +1 -8
  14. package/src/types.ts +6 -5
  15. package/dist/components/AdminViews.d.ts +0 -22
  16. package/dist/components/RebaseAuth.d.ts +0 -6
  17. package/dist/components/RebaseLoginView.d.ts +0 -73
  18. package/src/components/AdminViews.tsx +0 -825
  19. package/src/components/RebaseAuth.tsx +0 -23
  20. package/src/components/RebaseLoginView.tsx +0 -724
package/src/components/AdminViews.tsx DELETED
@@ -1,825 +0,0 @@
1
-
2
- import React, { useCallback, useMemo, useState } from "react";
3
- import {
4
- useSnackbarController,
5
- ConfirmationDialog,
6
- useAuthController
7
- } from "@rebasepro/core";
8
- import { AppView, EntityCollection, Role, SecurityRule, User } from "@rebasepro/types";
9
-
10
- import { Button, Chip, Container, Dialog, DialogActions, DialogContent, DialogTitle, IconButton, Paper, Table, TableBody, TableCell, TableHeader, TableRow, TextField, Typography, CircularProgress, CenteredView, Tooltip, Checkbox, MultiSelect, MultiSelectItem, LoadingButton, getColorSchemeForSeed, ChipColorScheme, ChipColorKey } from "@rebasepro/ui";
11
- import { PlusIcon, Trash2Icon } from "lucide-react";
12
- import { UserManagement } from "../hooks/useBackendUserManagement";
13
-
14
- interface AdminViewsProps {
15
- userManagement: UserManagement;
16
- apiUrl: string;
17
- getAuthToken: () => Promise<string>;
18
- collections?: EntityCollection[];
19
- }
20
-
21
- /**
22
- * Create admin views for user and role management
23
- */
24
- export function createUserManagementAdminViews({ userManagement, apiUrl, getAuthToken, collections = [] }: AdminViewsProps): AppView[] {
25
- return [
26
- {
27
- slug: "dev/users",
28
- name: "CMS Users",
29
- icon: "face",
30
- view: <UsersView userManagement={userManagement} apiUrl={apiUrl} getAuthToken={getAuthToken}/>
31
- },
32
- {
33
- slug: "dev/roles",
34
- name: "Roles",
35
- icon: "gpp_good",
36
- view: <RolesView userManagement={userManagement} collections={collections}/>
37
- }
38
- ];
39
- }
40
-
41
- // ============================================
42
- // RoleChip Component (matches original)
43
- // ============================================
44
- function RoleChip({ role }: { role: Role }) {
45
- let colorScheme: ChipColorScheme | ChipColorKey;
46
- if (role.isAdmin) {
47
- colorScheme = "blue";
48
- } else if (role.id === "editor") {
49
- colorScheme = "yellow";
50
- } else if (role.id === "viewer") {
51
- colorScheme = "gray";
52
- } else {
53
- colorScheme = getColorSchemeForSeed(role.id);
54
- }
55
-
56
- return (
57
- <Chip colorScheme={colorScheme} key={role.id}>
58
- {role.name}
59
- </Chip>
60
- );
61
- }
62
-
63
- // ============================================
64
- // UsersView Component
65
- // ============================================
66
- export function UsersView({ userManagement, apiUrl, getAuthToken }: {
67
- userManagement: UserManagement;
68
- apiUrl: string;
69
- getAuthToken: () => Promise<string>;
70
- }) {
71
- const { users, roles, saveUser, deleteUser, loading } = userManagement;
72
- const usersError = 'usersError' in userManagement ? (userManagement as { usersError?: Error }).usersError : undefined;
73
- const snackbarController = useSnackbarController();
74
- const { user: loggedInUser } = useAuthController();
75
-
76
- const [dialogOpen, setDialogOpen] = useState(false);
77
- const [selectedUser, setSelectedUser] = useState<User | undefined>();
78
- const [deleteConfirmOpen, setDeleteConfirmOpen] = useState(false);
79
- const [userToDelete, setUserToDelete] = useState<User | undefined>();
80
- const [deleteInProgress, setDeleteInProgress] = useState(false);
81
- const [formKey, setFormKey] = useState(0);
82
- const [bootstrapping, setBootstrapping] = useState(false);
83
-
84
- // Check if any admin exists
85
- const hasAdmin = users.some(u => u.roles?.includes("admin"));
86
-
87
- const handleBootstrap = async () => {
88
- setBootstrapping(true);
89
- try {
90
- const token = await getAuthToken();
91
- const response = await fetch(`${apiUrl}/api/admin/bootstrap`, {
92
- method: "POST",
93
- headers: {
94
- "Content-Type": "application/json",
95
- "Authorization": `Bearer ${token}`
96
- }
97
- });
98
- const data = await response.json();
99
- if (!response.ok) {
100
- throw new Error(data.error?.message || "Bootstrap failed");
101
- }
102
- snackbarController.open({ type: "success",
103
- message: "You are now an admin! Refreshing..." });
104
- // Reload to get new roles
105
- window.location.reload();
106
- } catch (error: unknown) {
107
- snackbarController.open({ type: "error",
108
- message: error instanceof Error ? error.message : "Failed to bootstrap admin" });
109
- } finally {
110
- setBootstrapping(false);
111
- }
112
- };
113
-
114
- const handleAddUser = () => {
115
- setSelectedUser(undefined);
116
- setFormKey(k => k + 1);
117
- setDialogOpen(true);
118
- };
119
-
120
- const handleEditUser = (user: User) => {
121
- setSelectedUser(user);
122
- setDialogOpen(true);
123
- };
124
-
125
- const handleClose = () => {
126
- setDialogOpen(false);
127
- setSelectedUser(undefined);
128
- };
129
-
130
- const handleDelete = async () => {
131
- if (!userToDelete) return;
132
- setDeleteInProgress(true);
133
- try {
134
- await deleteUser(userToDelete);
135
- snackbarController.open({ type: "success",
136
- message: "User deleted successfully" });
137
- setDeleteConfirmOpen(false);
138
- setUserToDelete(undefined);
139
- } catch (error: unknown) {
140
- snackbarController.open({ type: "error",
141
- message: error instanceof Error ? error.message : "Error deleting user" });
142
- } finally {
143
- setDeleteInProgress(false);
144
- }
145
- };
146
-
147
- if (loading) {
148
- return <CenteredView><CircularProgress/></CenteredView>;
149
- }
150
-
151
- return (
152
- <Container className="w-full flex flex-col py-4 gap-4" maxWidth={"6xl"}>
153
- {/* Bootstrap warning when no admins */}
154
- {!hasAdmin && loggedInUser && (
155
- <div className="bg-yellow-100 dark:bg-yellow-900 border border-yellow-400 dark:border-yellow-700 rounded p-4 flex items-center justify-between">
156
- <div>
157
- <Typography variant="label" className="text-yellow-800 dark:text-yellow-200">
158
- No admin users exist. You can make yourself an admin.
159
- </Typography>
160
- </div>
161
- <Button
162
- onClick={handleBootstrap}
163
- disabled={bootstrapping}
164
- >
165
- {bootstrapping ? <CircularProgress size="small"/> : "Make me admin"}
166
- </Button>
167
- </div>
168
- )}
169
-
170
- <div className="flex items-center mt-12">
171
- <Typography gutterBottom variant="h4" className="grow" component="h4">
172
- Users
173
- </Typography>
174
- <Button startIcon={<PlusIcon/>} onClick={handleAddUser}>
175
- Add user
176
- </Button>
177
- </div>
178
-
179
- <div className="overflow-auto">
180
- <Table className="w-full">
181
- <TableHeader>
182
- <TableCell header className="truncate w-16"></TableCell>
183
- <TableCell header>Email</TableCell>
184
- <TableCell header>Name</TableCell>
185
- <TableCell header>Roles</TableCell>
186
- </TableHeader>
187
- <TableBody>
188
- {users.map(user => (
189
- <TableRow key={user.uid} onClick={() => handleEditUser(user)}>
190
- <TableCell style={{ width: "64px" }}>
191
- <Tooltip asChild title="Delete this user">
192
- <IconButton
193
- size="small"
194
- onClick={(e) => {
195
- e.stopPropagation();
196
- setUserToDelete(user);
197
- setDeleteConfirmOpen(true);
198
- }}>
199
- <Trash2Icon/>
200
- </IconButton>
201
- </Tooltip>
202
- </TableCell>
203
- <TableCell>{user.email}</TableCell>
204
- <TableCell className="font-medium">{user.displayName}</TableCell>
205
- <TableCell>
206
- <div className="flex flex-wrap gap-2">
207
- {user.roles?.map((roleId: string) => {
208
- const role = roles.find(r => r.id === roleId);
209
- return role ? <RoleChip key={roleId} role={role}/> : <span key={roleId}>{roleId}</span>;
210
- })}
211
- </div>
212
- </TableCell>
213
- </TableRow>
214
- ))}
215
-
216
- {users.length === 0 && (
217
- <TableRow>
218
- <TableCell colspan={4}>
219
- <CenteredView className="flex flex-col gap-4 my-8 items-center">
220
- <Typography variant="label">
221
- {usersError
222
- ? "You don't have permission to view users"
223
- : "There are no users yet"}
224
- </Typography>
225
- {usersError && (
226
- <Typography variant="caption" className="text-surface-500">
227
- Contact an administrator if you need access to this section.
228
- </Typography>
229
- )}
230
- </CenteredView>
231
- </TableCell>
232
- </TableRow>
233
- )}
234
- </TableBody>
235
- </Table>
236
- </div>
237
-
238
- {/* User Edit Dialog */}
239
- <UserDetailsForm
240
- key={selectedUser?.uid ?? `new-${formKey}`}
241
- open={dialogOpen}
242
- user={selectedUser}
243
- roles={roles}
244
- saveUser={saveUser}
245
- handleClose={handleClose}
246
- />
247
-
248
- {/* Delete Confirmation */}
249
- <ConfirmationDialog
250
- open={deleteConfirmOpen}
251
- loading={deleteInProgress}
252
- onAccept={handleDelete}
253
- onCancel={() => { setDeleteConfirmOpen(false); setUserToDelete(undefined); }}
254
- title={<>Delete?</>}
255
- body={<>Are you sure you want to delete this user?</>}
256
- />
257
- </Container>
258
- );
259
- }
260
-
261
- // ============================================
262
- // UserDetailsForm Component (matches original)
263
- // ============================================
264
- function UserDetailsForm({
265
- open,
266
- user: userProp,
267
- roles,
268
- saveUser,
269
- handleClose
270
- }: {
271
- open: boolean;
272
- user?: User;
273
- roles: Role[];
274
- saveUser: (user: User) => Promise<User>;
275
- handleClose: () => void;
276
- }) {
277
- const snackbarController = useSnackbarController();
278
- const isNewUser = !userProp;
279
-
280
- const [displayName, setDisplayName] = useState(userProp?.displayName || "");
281
- const [email, setEmail] = useState(userProp?.email || "");
282
- const [selectedRoleIds, setSelectedRoleIds] = useState<string[]>(
283
- userProp?.roles || ["editor"]
284
- );
285
- const [isSubmitting, setIsSubmitting] = useState(false);
286
- const [errors, setErrors] = useState<{ displayName?: string; email?: string; roles?: string }>({});
287
- const [submitCount, setSubmitCount] = useState(0);
288
-
289
- const validate = () => {
290
- const newErrors: typeof errors = {};
291
- if (!displayName) newErrors.displayName = "Required";
292
- if (!email) newErrors.email = "Required";
293
- else if (!/\S+@\S+\.\S+/.test(email)) newErrors.email = "Invalid email";
294
- if (selectedRoleIds.length === 0) newErrors.roles = "At least one role is required";
295
- setErrors(newErrors);
296
- return Object.keys(newErrors).length === 0;
297
- };
298
-
299
- const handleSubmit = async (e: React.FormEvent) => {
300
- e.preventDefault();
301
- setSubmitCount(c => c + 1);
302
-
303
- if (!validate()) return;
304
-
305
- setIsSubmitting(true);
306
- try {
307
- const userToSave: User = {
308
- uid: userProp?.uid || crypto.randomUUID(),
309
- email,
310
- displayName: displayName || null,
311
- photoURL: userProp?.photoURL || null,
312
- providerId: "custom",
313
- isAnonymous: false,
314
- roles: selectedRoleIds
315
- };
316
- await saveUser(userToSave);
317
- handleClose();
318
- } catch (error: unknown) {
319
- snackbarController.open({ type: "error",
320
- message: error instanceof Error ? error.message : "Failed to save user" });
321
- } finally {
322
- setIsSubmitting(false);
323
- }
324
- };
325
-
326
- const dirty = isNewUser ||
327
- displayName !== (userProp?.displayName || "") ||
328
- email !== (userProp?.email || "") ||
329
- JSON.stringify(selectedRoleIds.sort()) !== JSON.stringify((userProp?.roles || []).sort());
330
-
331
- return (
332
- <Dialog open={open} onOpenChange={(open) => !open ? handleClose() : undefined} maxWidth="4xl">
333
- <form onSubmit={handleSubmit} autoComplete="off" noValidate
334
- style={{ display: "flex",
335
- flexDirection: "column",
336
- position: "relative",
337
- height: "100%" }}>
338
-
339
- <DialogTitle variant="h4" gutterBottom={false}>
340
- User
341
- </DialogTitle>
342
-
343
- <DialogContent className="h-full grow">
344
- <div className="grid grid-cols-12 gap-4">
345
- <div className="col-span-12">
346
- <TextField
347
- name="displayName"
348
- required
349
- error={submitCount > 0 && Boolean(errors.displayName)}
350
- value={displayName}
351
- onChange={(e) => setDisplayName(e.target.value)}
352
- label="Name"
353
- />
354
- <FieldCaption>
355
- {submitCount > 0 && errors.displayName ? errors.displayName : "Name of this user"}
356
- </FieldCaption>
357
- </div>
358
-
359
- <div className="col-span-12">
360
- <TextField
361
- required
362
- error={submitCount > 0 && Boolean(errors.email)}
363
- name="email"
364
- value={email}
365
- onChange={(e) => setEmail(e.target.value)}
366
- label="Email"
367
- disabled={!isNewUser}
368
- />
369
- <FieldCaption>
370
- {submitCount > 0 && errors.email ? errors.email : "Email of this user"}
371
- </FieldCaption>
372
- </div>
373
-
374
- <div className="col-span-12">
375
- <MultiSelect
376
- className="w-full"
377
- label="Roles"
378
- value={selectedRoleIds}
379
- onValueChange={(value: string[]) => setSelectedRoleIds(value)}
380
- >
381
- {roles.map(role => (
382
- <MultiSelectItem key={role.id} value={role.id}>
383
- <RoleChip role={role}/>
384
- </MultiSelectItem>
385
- ))}
386
- </MultiSelect>
387
- </div>
388
- </div>
389
- </DialogContent>
390
-
391
- <DialogActions>
392
- <Button variant="text" onClick={handleClose}>
393
- Cancel
394
- </Button>
395
- <LoadingButton
396
- variant="filled"
397
- type="submit"
398
- disabled={!dirty}
399
- loading={isSubmitting}
400
- >
401
- {isNewUser ? "Create user" : "Update"}
402
- </LoadingButton>
403
- </DialogActions>
404
- </form>
405
- </Dialog>
406
- );
407
- }
408
-
409
- // ============================================
410
- // RolesView Component
411
- // ============================================
412
- export function RolesView({ userManagement, collections = [] }: { userManagement: UserManagement, collections?: EntityCollection[] }) {
413
- const { roles, saveRole, deleteRole, loading, allowDefaultRolesCreation } = userManagement;
414
- const rolesError = 'rolesError' in userManagement ? (userManagement as { rolesError?: Error }).rolesError : undefined;
415
- const snackbarController = useSnackbarController();
416
-
417
- const [dialogOpen, setDialogOpen] = useState(false);
418
- const [selectedRole, setSelectedRole] = useState<Role | undefined>();
419
- const [deleteConfirmOpen, setDeleteConfirmOpen] = useState(false);
420
- const [roleToDelete, setRoleToDelete] = useState<Role | undefined>();
421
- const [deleteInProgress, setDeleteInProgress] = useState(false);
422
-
423
- const handleAddRole = () => {
424
- setSelectedRole(undefined);
425
- setDialogOpen(true);
426
- };
427
-
428
- const handleEditRole = (role: Role) => {
429
- setSelectedRole(role);
430
- setDialogOpen(true);
431
- };
432
-
433
- const handleClose = () => {
434
- setDialogOpen(false);
435
- setSelectedRole(undefined);
436
- };
437
-
438
- const handleDelete = async () => {
439
- if (!roleToDelete) return;
440
- setDeleteInProgress(true);
441
- try {
442
- await deleteRole(roleToDelete);
443
- snackbarController.open({ type: "success",
444
- message: "Role deleted successfully" });
445
- setDeleteConfirmOpen(false);
446
- setRoleToDelete(undefined);
447
- } catch (error: unknown) {
448
- snackbarController.open({ type: "error",
449
- message: error instanceof Error ? error.message : "Error deleting role" });
450
- } finally {
451
- setDeleteInProgress(false);
452
- }
453
- };
454
-
455
- const createDefaultRoles = () => {
456
- const defaultRoles: Role[] = [
457
- { id: "admin",
458
- name: "Admin",
459
- isAdmin: true },
460
- { id: "editor",
461
- name: "Editor",
462
- isAdmin: false },
463
- { id: "viewer",
464
- name: "Viewer",
465
- isAdmin: false }
466
- ];
467
- defaultRoles.forEach(role => saveRole(role));
468
- };
469
-
470
- if (loading) {
471
- return <CenteredView><CircularProgress/></CenteredView>;
472
- }
473
-
474
- return (
475
- <Container className="w-full flex flex-col py-4 gap-4" maxWidth={"6xl"}>
476
- <div className="flex items-center mt-12">
477
- <Typography gutterBottom variant="h4" className="grow" component="h4">
478
- Roles
479
- </Typography>
480
- <Button startIcon={<PlusIcon/>} onClick={handleAddRole}>
481
- Add role
482
- </Button>
483
- </div>
484
-
485
- <div className="w-full overflow-auto">
486
- <Table className="w-full">
487
- <TableHeader>
488
- <TableCell header className="w-16"></TableCell>
489
- <TableCell header>Role</TableCell>
490
- <TableCell header className="items-center">Is Admin</TableCell>
491
- </TableHeader>
492
- <TableBody>
493
- {roles.map(role => {
494
- return (
495
- <TableRow key={role.id} onClick={() => handleEditRole(role)}>
496
- <TableCell style={{ width: "64px" }}>
497
- {!role.isAdmin && (
498
- <Tooltip asChild title="Delete this role">
499
- <IconButton
500
- size="small"
501
- onClick={(e) => {
502
- e.stopPropagation();
503
- setRoleToDelete(role);
504
- setDeleteConfirmOpen(true);
505
- }}>
506
- <Trash2Icon/>
507
- </IconButton>
508
- </Tooltip>
509
- )}
510
- </TableCell>
511
- <TableCell>
512
- <RoleChip role={role}/>
513
- </TableCell>
514
- <TableCell className="items-center">
515
- <Checkbox checked={role.isAdmin ?? false}/>
516
- </TableCell>
517
- </TableRow>
518
- );
519
- })}
520
-
521
- {roles.length === 0 && (
522
- <TableRow>
523
- <TableCell colspan={4}>
524
- <CenteredView className="flex flex-col gap-4 my-8 items-center">
525
- <Typography variant="label">
526
- {rolesError
527
- ? "You don't have permission to view roles"
528
- : "You don\u0026apos;t have any roles yet."}
529
- </Typography>
530
- {rolesError && (
531
- <Typography variant="caption" className="text-surface-500">
532
- Contact an administrator if you need access to this section.
533
- </Typography>
534
- )}
535
- {!rolesError && allowDefaultRolesCreation && (
536
- <Button onClick={createDefaultRoles}>
537
- Create default roles
538
- </Button>
539
- )}
540
- </CenteredView>
541
- </TableCell>
542
- </TableRow>
543
- )}
544
- </TableBody>
545
- </Table>
546
- </div>
547
-
548
- {/* Role Edit Dialog */}
549
- <RoleDetailsForm
550
- key={selectedRole?.id ?? "new"}
551
- open={dialogOpen}
552
- role={selectedRole}
553
- saveRole={saveRole}
554
- handleClose={handleClose}
555
- collections={collections}
556
- />
557
-
558
- {/* Delete Confirmation */}
559
- <ConfirmationDialog
560
- open={deleteConfirmOpen}
561
- loading={deleteInProgress}
562
- onAccept={handleDelete}
563
- onCancel={() => { setDeleteConfirmOpen(false); setRoleToDelete(undefined); }}
564
- title={<>Delete?</>}
565
- body={<>Are you sure you want to delete this role?</>}
566
- />
567
- </Container>
568
- );
569
- }
570
-
571
- // ============================================
572
- // RoleDetailsForm Component
573
- // ============================================
574
- function RoleDetailsForm({
575
- open,
576
- role: roleProp,
577
- saveRole,
578
- handleClose,
579
- collections = []
580
- }: {
581
- open: boolean;
582
- role?: Role;
583
- saveRole: (role: Role) => Promise<void>;
584
- handleClose: () => void;
585
- collections?: EntityCollection[];
586
- }) {
587
- const snackbarController = useSnackbarController();
588
- const isNewRole = !roleProp;
589
-
590
- const [roleId, setRoleId] = useState(roleProp?.id || "");
591
- const [roleName, setRoleName] = useState(roleProp?.name || "");
592
- const [isAdmin, setIsAdmin] = useState(roleProp?.isAdmin ?? false);
593
-
594
- const [isSubmitting, setIsSubmitting] = useState(false);
595
- const [errors, setErrors] = useState<{ id?: string; name?: string }>({});
596
- const [submitCount, setSubmitCount] = useState(0);
597
-
598
- const validate = () => {
599
- const newErrors: typeof errors = {};
600
- if (!roleId) newErrors.id = "Required";
601
- if (!roleName) newErrors.name = "Required";
602
- setErrors(newErrors);
603
- return Object.keys(newErrors).length === 0;
604
- };
605
-
606
- const handleSubmit = async (e: React.FormEvent) => {
607
- e.preventDefault();
608
- setSubmitCount(c => c + 1);
609
-
610
- if (!validate()) return;
611
-
612
- setIsSubmitting(true);
613
- try {
614
- await saveRole({
615
- id: roleId,
616
- name: roleName,
617
- isAdmin
618
- });
619
- handleClose();
620
- } catch (error: unknown) {
621
- snackbarController.open({ type: "error",
622
- message: error instanceof Error ? error.message : "Failed to save role" });
623
- } finally {
624
- setIsSubmitting(false);
625
- }
626
- };
627
-
628
- return (
629
- <Dialog open={open} onOpenChange={(open) => !open ? handleClose() : undefined} maxWidth="6xl">
630
- <form onSubmit={handleSubmit} autoComplete="off" noValidate
631
- style={{ display: "flex",
632
- flexDirection: "column",
633
- position: "relative",
634
- height: "100%" }}>
635
-
636
- <DialogTitle variant="h4" gutterBottom={false}>
637
- Role
638
- </DialogTitle>
639
-
640
- <DialogContent className="h-full grow overflow-y-auto">
641
- <div className="grid grid-cols-12 gap-4">
642
- <div className="col-span-12 sm:col-span-4">
643
- <TextField
644
- name="id"
645
- required
646
- error={submitCount > 0 && Boolean(errors.id)}
647
- value={roleId}
648
- onChange={(e) => setRoleId(e.target.value)}
649
- label="Role ID"
650
- disabled={!isNewRole}
651
- />
652
- <FieldCaption>
653
- {submitCount > 0 && errors.id ? errors.id : "Unique identifier for this role"}
654
- </FieldCaption>
655
- </div>
656
-
657
- <div className="col-span-12 sm:col-span-4">
658
- <TextField
659
- name="name"
660
- required
661
- error={submitCount > 0 && Boolean(errors.name)}
662
- value={roleName}
663
- onChange={(e) => setRoleName(e.target.value)}
664
- label="Role Name"
665
- />
666
- <FieldCaption>
667
- {submitCount > 0 && errors.name ? errors.name : "Display name for this role"}
668
- </FieldCaption>
669
- </div>
670
-
671
- <div className="col-span-12 sm:col-span-4 flex items-start pt-2">
672
- <label className="flex items-center gap-2 cursor-pointer mt-3">
673
- <Checkbox
674
- checked={isAdmin}
675
- onCheckedChange={(checked) => setIsAdmin(Boolean(checked))}
676
- />
677
- <span className="font-medium">Is Admin</span>
678
- </label>
679
- </div>
680
-
681
- {/* Permissions matrix */}
682
- <div className="col-span-12">
683
- <CollectionPermissionsMatrix roleId={roleId} isAdmin={isAdmin} collections={collections}/>
684
- </div>
685
- </div>
686
- </DialogContent>
687
-
688
- <DialogActions>
689
- <Button variant="text" onClick={handleClose}>
690
- Cancel
691
- </Button>
692
- <LoadingButton
693
- variant="filled"
694
- type="submit"
695
- loading={isSubmitting}
696
- >
697
- {isNewRole ? "Create role" : "Update"}
698
- </LoadingButton>
699
- </DialogActions>
700
- </form>
701
- </Dialog>
702
- );
703
- }
704
-
705
- // ============================================
706
- // CollectionPermissionsMatrix Component
707
- // ============================================
708
- const CRUD_OPS = [
709
- { op: "select" as const,
710
- label: "Read" },
711
- { op: "insert" as const,
712
- label: "Create" },
713
- { op: "update" as const,
714
- label: "Edit" },
715
- { op: "delete" as const,
716
- label: "Delete" }
717
- ];
718
-
719
- /** Inline check: does roleId have access for this operation on these securityRules? */
720
- function hasRoleAccess(
721
- rules: SecurityRule[] | undefined,
722
- roleId: string,
723
- op: "select" | "insert" | "update" | "delete"
724
- ): boolean {
725
- if (!rules || rules.length === 0) return true; // no rules = unrestricted
726
- const applicable = rules.filter(r =>
727
- r.operation === op || r.operation === "all" ||
728
- r.operations?.includes(op) || r.operations?.includes("all")
729
- );
730
- if (applicable.length === 0) return false;
731
- const forRole = applicable.filter(r =>
732
- !r.roles || r.roles.length === 0 || r.roles.includes(roleId) || r.roles.includes("public")
733
- );
734
- if (forRole.length === 0) return false;
735
- // Restrictive rules: any failing one denies immediately
736
- for (const r of forRole) {
737
- if ((r.mode ?? "permissive") === "restrictive") return false;
738
- }
739
- return forRole.some(r => (r.mode ?? "permissive") === "permissive");
740
- }
741
-
742
- function PermCell({ granted }: { granted: boolean }) {
743
- return (
744
- <span className={granted
745
- ? "text-green-500 dark:text-green-400 text-base select-none"
746
- : "text-surface-300 dark:text-surface-600 text-base select-none"}
747
- >
748
- {granted ? "✓" : "✗"}
749
- </span>
750
- );
751
- }
752
-
753
- function CollectionPermissionsMatrix({ roleId, isAdmin, collections }: { roleId: string; isAdmin: boolean; collections: EntityCollection[] }) {
754
- if (!collections || collections.length === 0) {
755
- return (
756
- <div className="mt-4">
757
- <Typography variant="label" className="text-surface-400">No collections configured</Typography>
758
- </div>
759
- );
760
- }
761
-
762
- const topLevel = collections;
763
-
764
- return (
765
- <div className="mt-6">
766
- <Typography variant="label" className="mb-2 block text-surface-600 dark:text-surface-400 uppercase tracking-wide text-xs">
767
- Collection permissions
768
- </Typography>
769
- <div className="rounded-lg border border-surface-200 dark:border-surface-700 overflow-hidden">
770
- <Table>
771
- <TableHeader>
772
- <TableRow>
773
- <TableCell header>Collection</TableCell>
774
- {CRUD_OPS.map(({ op, label }) => (
775
- <TableCell key={op} header className="text-center w-24">{label}</TableCell>
776
- ))}
777
- </TableRow>
778
- </TableHeader>
779
- <TableBody>
780
- {topLevel.map((collection) => {
781
- const extCol = collection as EntityCollection & { securityRules?: SecurityRule[] };
782
- const noRules = !extCol.securityRules || extCol.securityRules.length === 0;
783
- return (
784
- <TableRow key={collection.slug}>
785
- <TableCell>
786
- <div className="flex items-center gap-2">
787
- <span className="font-medium">{collection.name}</span>
788
- {noRules && !isAdmin && (
789
- <Tooltip title="No security rules — unrestricted">
790
- <Chip className="text-xs" colorScheme="yellow">No rules</Chip>
791
- </Tooltip>
792
- )}
793
- </div>
794
- <span className="text-xs text-surface-400 font-mono">{collection.slug}</span>
795
- </TableCell>
796
- {CRUD_OPS.map(({ op }) => (
797
- <TableCell key={op} className="text-center">
798
- <PermCell granted={isAdmin || hasRoleAccess(extCol.securityRules, roleId, op)}/>
799
- </TableCell>
800
- ))}
801
- </TableRow>
802
- );
803
- })}
804
- </TableBody>
805
- </Table>
806
- </div>
807
- {!roleId && (
808
- <Typography variant="caption" className="mt-2 text-surface-400 italic">
809
- Enter a role ID above to preview permissions
810
- </Typography>
811
- )}
812
- </div>
813
- );
814
- }
815
-
816
- // ============================================
817
- // Internal Components
818
- // ============================================
819
- function FieldCaption({ children }: React.PropsWithChildren) {
820
- return (
821
- <Typography variant="caption" className="text-surface-500 mt-1.5 ml-1 block">
822
- {children}
823
- </Typography>
824
- );
825
- }