hazo_auth 4.4.0 → 4.5.0

package/dist/app/api/hazo_auth/org_management/orgs/route.js

@@ -0,0 +1,315 @@
+// file_description: API route for organization management (list, create, update, soft delete)
+// section: imports
+import { NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "../../../../../lib/hazo_connect_instance.server";
+import { hazo_get_auth } from "../../../../../lib/auth/hazo_get_auth.server";
+import { create_app_logger } from "../../../../../lib/app_logger";
+import { get_filename, get_line_number } from "../../../../../lib/utils/api_route_helpers";
+import { is_multi_tenancy_enabled } from "../../../../../lib/multi_tenancy_config.server";
+import { get_orgs, create_org, update_org, soft_delete_org, get_org_tree, check_user_org_access, } from "../../../../../lib/services/org_service";
+// section: route_config
+export const dynamic = "force-dynamic";
+// section: constants
+const PERMISSION_ORG_MANAGEMENT = "hazo_perm_org_management";
+const PERMISSION_GLOBAL_ADMIN = "hazo_org_global_admin";
+// section: helpers
+async function check_permission(request) {
+    const auth_result = await hazo_get_auth(request, {
+        required_permissions: [PERMISSION_ORG_MANAGEMENT],
+        strict: false,
+    });
+    if (!auth_result.authenticated) {
+        return {
+            authorized: false,
+            error: NextResponse.json({ error: "Authentication required" }, { status: 401 }),
+        };
+    }
+    if (!auth_result.permission_ok) {
+        return {
+            authorized: false,
+            error: NextResponse.json({ error: "Permission denied", missing_permissions: auth_result.missing_permissions }, { status: 403 }),
+        };
+    }
+    // Check if user has global admin permission
+    const is_global_admin = auth_result.permissions.includes(PERMISSION_GLOBAL_ADMIN);
+    return {
+        authorized: true,
+        user_id: auth_result.user.id,
+        user_org_id: auth_result.user.org_id || null,
+        user_root_org_id: auth_result.user.root_org_id || null,
+        is_global_admin,
+    };
+}
+// section: api_handler
+/**
+ * GET - Fetch organizations
+ * Query params:
+ * - action: 'list' | 'tree' (default: 'list')
+ * - include_inactive: boolean (default: false)
+ * - root_org_id: string (optional, filter by root org - required unless global admin)
+ */
+export async function GET(request) {
+    var _a;
+    const logger = create_app_logger();
+    try {
+        // Check if multi-tenancy is enabled
+        if (!is_multi_tenancy_enabled()) {
+            return NextResponse.json({ error: "Multi-tenancy is not enabled", code: "MULTI_TENANCY_DISABLED" }, { status: 400 });
+        }
+        // Check permission
+        const perm_check = await check_permission(request);
+        if (!perm_check.authorized) {
+            return perm_check.error;
+        }
+        const { searchParams } = new URL(request.url);
+        const action = searchParams.get("action") || "list";
+        const include_inactive = searchParams.get("include_inactive") === "true";
+        let root_org_id = searchParams.get("root_org_id") || undefined;
+        const adapter = get_hazo_connect_instance();
+        // If not global admin, restrict to user's org tree
+        if (!perm_check.is_global_admin) {
+            // User must have an org to view orgs
+            if (!perm_check.user_root_org_id && !perm_check.user_org_id) {
+                return NextResponse.json({ error: "You are not assigned to any organization" }, { status: 403 });
+            }
+            // Force filter to user's root org
+            root_org_id = perm_check.user_root_org_id || perm_check.user_org_id || undefined;
+        }
+        if (action === "tree") {
+            // Return hierarchical tree structure
+            const result = await get_org_tree(adapter, root_org_id, include_inactive);
+            if (!result.success) {
+                return NextResponse.json({ error: result.error }, { status: 500 });
+            }
+            return NextResponse.json({
+                success: true,
+                tree: result.tree,
+            });
+        }
+        // List organizations
+        const result = await get_orgs(adapter, {
+            root_org_id,
+            include_inactive,
+        });
+        if (!result.success) {
+            return NextResponse.json({ error: result.error }, { status: 500 });
+        }
+        logger.info("org_management_orgs_fetched", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            root_org_id,
+            count: ((_a = result.orgs) === null || _a === void 0 ? void 0 : _a.length) || 0,
+            is_global_admin: perm_check.is_global_admin,
+        });
+        return NextResponse.json({
+            success: true,
+            orgs: result.orgs,
+        });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("org_management_orgs_fetch_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+        });
+        return NextResponse.json({ error: "Failed to fetch organizations" }, { status: 500 });
+    }
+}
+/**
+ * POST - Create a new organization
+ * Body: { name: string, user_limit?: number, parent_org_id?: string }
+ */
+export async function POST(request) {
+    var _a;
+    const logger = create_app_logger();
+    try {
+        // Check if multi-tenancy is enabled
+        if (!is_multi_tenancy_enabled()) {
+            return NextResponse.json({ error: "Multi-tenancy is not enabled", code: "MULTI_TENANCY_DISABLED" }, { status: 400 });
+        }
+        // Check permission
+        const perm_check = await check_permission(request);
+        if (!perm_check.authorized) {
+            return perm_check.error;
+        }
+        const body = await request.json();
+        const { name, user_limit, parent_org_id } = body;
+        // Validate required fields
+        if (!name || typeof name !== "string" || name.trim().length === 0) {
+            return NextResponse.json({ error: "name is required and must be a non-empty string" }, { status: 400 });
+        }
+        const adapter = get_hazo_connect_instance();
+        // If not global admin, verify user has access to parent org
+        if (!perm_check.is_global_admin && parent_org_id) {
+            const access_check = await check_user_org_access(adapter, perm_check.user_org_id || null, perm_check.user_root_org_id || null, parent_org_id);
+            if (!access_check.has_access) {
+                return NextResponse.json({ error: "You do not have access to the parent organization" }, { status: 403 });
+            }
+        }
+        // If not global admin and no parent_org_id, they can't create root orgs
+        if (!perm_check.is_global_admin && !parent_org_id) {
+            return NextResponse.json({ error: "Only global admins can create root organizations" }, { status: 403 });
+        }
+        const result = await create_org(adapter, {
+            name: name.trim(),
+            user_limit: typeof user_limit === "number" ? user_limit : 0,
+            parent_org_id,
+            created_by: perm_check.user_id,
+        });
+        if (!result.success) {
+            return NextResponse.json({ error: result.error }, { status: 400 });
+        }
+        logger.info("org_management_org_created", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            org_id: (_a = result.org) === null || _a === void 0 ? void 0 : _a.id,
+            name: name.trim(),
+            parent_org_id,
+            created_by: perm_check.user_id,
+        });
+        return NextResponse.json({
+            success: true,
+            org: result.org,
+        }, { status: 201 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("org_management_org_create_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+        });
+        return NextResponse.json({ error: "Failed to create organization" }, { status: 500 });
+    }
+}
+/**
+ * PATCH - Update an existing organization
+ * Body: { org_id: string, name?: string, user_limit?: number }
+ */
+export async function PATCH(request) {
+    const logger = create_app_logger();
+    try {
+        // Check if multi-tenancy is enabled
+        if (!is_multi_tenancy_enabled()) {
+            return NextResponse.json({ error: "Multi-tenancy is not enabled", code: "MULTI_TENANCY_DISABLED" }, { status: 400 });
+        }
+        // Check permission
+        const perm_check = await check_permission(request);
+        if (!perm_check.authorized) {
+            return perm_check.error;
+        }
+        const body = await request.json();
+        const { org_id, name, user_limit } = body;
+        // Validate required fields
+        if (!org_id || typeof org_id !== "string") {
+            return NextResponse.json({ error: "org_id is required" }, { status: 400 });
+        }
+        const adapter = get_hazo_connect_instance();
+        // If not global admin, verify user has access to this org
+        if (!perm_check.is_global_admin) {
+            const access_check = await check_user_org_access(adapter, perm_check.user_org_id || null, perm_check.user_root_org_id || null, org_id);
+            if (!access_check.has_access) {
+                return NextResponse.json({ error: "You do not have access to this organization" }, { status: 403 });
+            }
+        }
+        // Build update data
+        const update_data = {
+            changed_by: perm_check.user_id,
+        };
+        if (name !== undefined) {
+            if (typeof name !== "string" || name.trim().length === 0) {
+                return NextResponse.json({ error: "name must be a non-empty string" }, { status: 400 });
+            }
+            update_data.name = name.trim();
+        }
+        if (user_limit !== undefined) {
+            if (typeof user_limit !== "number" || user_limit < 0) {
+                return NextResponse.json({ error: "user_limit must be a non-negative number" }, { status: 400 });
+            }
+            update_data.user_limit = user_limit;
+        }
+        if (update_data.name === undefined && update_data.user_limit === undefined) {
+            return NextResponse.json({ error: "No update data provided" }, { status: 400 });
+        }
+        const result = await update_org(adapter, org_id, update_data);
+        if (!result.success) {
+            return NextResponse.json({ error: result.error }, { status: 400 });
+        }
+        logger.info("org_management_org_updated", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            org_id,
+            changed_by: perm_check.user_id,
+        });
+        return NextResponse.json({
+            success: true,
+            org: result.org,
+        });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("org_management_org_update_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+        });
+        return NextResponse.json({ error: "Failed to update organization" }, { status: 500 });
+    }
+}
+/**
+ * DELETE - Soft delete an organization (sets active = false)
+ * Query params: org_id
+ */
+export async function DELETE(request) {
+    const logger = create_app_logger();
+    try {
+        // Check if multi-tenancy is enabled
+        if (!is_multi_tenancy_enabled()) {
+            return NextResponse.json({ error: "Multi-tenancy is not enabled", code: "MULTI_TENANCY_DISABLED" }, { status: 400 });
+        }
+        // Check permission
+        const perm_check = await check_permission(request);
+        if (!perm_check.authorized) {
+            return perm_check.error;
+        }
+        const { searchParams } = new URL(request.url);
+        const org_id = searchParams.get("org_id");
+        if (!org_id) {
+            return NextResponse.json({ error: "org_id query parameter is required" }, { status: 400 });
+        }
+        const adapter = get_hazo_connect_instance();
+        // If not global admin, verify user has access to this org
+        if (!perm_check.is_global_admin) {
+            const access_check = await check_user_org_access(adapter, perm_check.user_org_id || null, perm_check.user_root_org_id || null, org_id);
+            if (!access_check.has_access) {
+                return NextResponse.json({ error: "You do not have access to this organization" }, { status: 403 });
+            }
+        }
+        // Soft delete (set active = false)
+        const result = await soft_delete_org(adapter, org_id, perm_check.user_id);
+        if (!result.success) {
+            return NextResponse.json({ error: result.error }, { status: 400 });
+        }
+        logger.info("org_management_org_deactivated", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            org_id,
+            deactivated_by: perm_check.user_id,
+        });
+        return NextResponse.json({
+            success: true,
+            org: result.org,
+            message: "Organization deactivated successfully",
+        });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("org_management_org_deactivate_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+        });
+        return NextResponse.json({ error: "Failed to deactivate organization" }, { status: 500 });
+    }
+}

package/dist/app/api/hazo_auth/user_management/users/route.d.ts

@@ -8,6 +8,12 @@ export declare function GET(request: NextRequest): Promise<NextResponse<{
     error: string;
 }> | NextResponse<{
     success: boolean;
+    user_types_enabled: boolean;
+    available_user_types: {
+        key: string;
+        label: string;
+        badge_color: string;
+    }[];
     users: {
         id: unknown;
         name: {} | null;
@@ -18,6 +24,7 @@ export declare function GET(request: NextRequest): Promise<NextResponse<{
         created_at: {} | null;
         profile_picture_url: {} | null;
         profile_source: {} | null;
+        user_type: string | null;
     }[];
 }>>;
 /**

package/dist/app/api/hazo_auth/user_management/users/route.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../src/app/api/hazo_auth/user_management/users/route.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAUxD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;IA2D7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IA0E/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C"}
+{"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../src/app/api/hazo_auth/user_management/users/route.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAexD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;IAwE7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IA2G/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C"}

package/dist/app/api/hazo_auth/user_management/users/route.js

@@ -8,6 +8,7 @@ import { get_filename, get_line_number } from "../../../../../lib/utils/api_rout
 import { request_password_reset } from "../../../../../lib/services/password_reset_service";
 import { get_auth_cache } from "../../../../../lib/auth/auth_cache";
 import { get_auth_utility_config } from "../../../../../lib/auth_utility_config.server";
+import { is_user_types_enabled, get_all_user_types, get_user_types_config, } from "../../../../../lib/user_types_config.server";
 // section: route_config
 export const dynamic = 'force-dynamic';
 // section: api_handler
@@ -32,8 +33,19 @@ export async function GET(request) {
             line_number: get_line_number(),
             user_count: users.length,
         });
+        // Check if user types feature is enabled
+        const user_types_enabled = is_user_types_enabled();
+        const available_user_types = user_types_enabled
+            ? get_all_user_types().map((t) => ({
+                key: t.key,
+                label: t.label,
+                badge_color: t.badge_color,
+            }))
+            : [];
         return NextResponse.json({
             success: true,
+            user_types_enabled,
+            available_user_types,
             users: users.map((user) => ({
                 id: user.id,
                 name: user.name || null,
@@ -44,6 +56,7 @@ export async function GET(request) {
                 created_at: user.created_at || null,
                 profile_picture_url: user.profile_picture_url || null,
                 profile_source: user.profile_source || null,
+                user_type: user.user_type || null,
             })),
         }, { status: 200 });
     }
@@ -66,18 +79,43 @@ export async function PATCH(request) {
     const logger = create_app_logger();
     try {
         const body = await request.json();
-        const { user_id, is_active } = body;
-        if (!user_id || typeof is_active !== "boolean") {
-            return NextResponse.json({ error: "user_id and is_active (boolean) are required" }, { status: 400 });
+        const { user_id, is_active, user_type } = body;
+        // user_id is always required
+        if (!user_id) {
+            return NextResponse.json({ error: "user_id is required" }, { status: 400 });
+        }
+        // Build update object based on what's provided
+        const update_data = {
+            changed_at: new Date().toISOString(),
+        };
+        // Handle is_active if provided
+        if (typeof is_active === "boolean") {
+            update_data.is_active = is_active;
+        }
+        // Handle user_type if provided (only when feature is enabled)
+        if (user_type !== undefined) {
+            const config = get_user_types_config();
+            if (config.enable_user_types) {
+                // Allow null to clear the type, or validate type exists
+                if (user_type === null || user_type === "") {
+                    update_data.user_type = null;
+                }
+                else if (config.user_types.has(user_type)) {
+                    update_data.user_type = user_type;
+                }
+                else {
+                    return NextResponse.json({ error: "Invalid user type" }, { status: 400 });
+                }
+            }
+        }
+        // Ensure there's something to update besides changed_at
+        if (Object.keys(update_data).length === 1) {
+            return NextResponse.json({ error: "No valid fields to update" }, { status: 400 });
         }
         const hazoConnect = get_hazo_connect_instance();
         const users_service = createCrudService(hazoConnect, "hazo_users");
-        // Update user with changed_at timestamp
-        const now = new Date().toISOString();
-        await users_service.updateById(user_id, {
-            is_active,
-            changed_at: now,
-        });
+        // Update user
+        await users_service.updateById(user_id, update_data);
         // Invalidate user cache after deactivation
         if (is_active === false) {
             try {
@@ -100,7 +138,7 @@ export async function PATCH(request) {
             filename: get_filename(),
             line_number: get_line_number(),
             user_id,
-            is_active,
+            updated_fields: Object.keys(update_data).filter((k) => k !== "changed_at"),
         });
         return NextResponse.json({ success: true }, { status: 200 });
     }

package/dist/components/layouts/login/hooks/use_login_form.js

@@ -97,10 +97,10 @@ export const use_login_form = ({ dataClient, logger, redirectRoute, successMessa
         const logData = Object.assign({ filename: get_filename(), line_number: get_line_number(), email: values[LOGIN_FIELD_IDS.EMAIL], ip_address: clientIp, timestamp,
             success }, (errorMessage ? { error_message: errorMessage } : {}));
         if (success) {
-            logger.info("login_attempt_successful", logData);
+            logger === null || logger === void 0 ? void 0 : logger.info("login_attempt_successful", logData);
         }
         else {
-            logger.error("login_attempt_failed", logData);
+            logger === null || logger === void 0 ? void 0 : logger.error("login_attempt_failed", logData);
         }
     }, [logger, values, clientIp]);
     const handleSubmit = useCallback(async (event) => {

package/dist/components/layouts/my_settings/components/profile_picture_library_tab.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"profile_picture_library_tab.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/my_settings/components/profile_picture_library_tab.tsx"],"names":[],"mappings":"AAeA,MAAM,MAAM,6BAA6B,GAAG;IAC1C,UAAU,EAAE,OAAO,CAAC;IACpB,kBAAkB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,CAAC;IAC3C,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IAC1C,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uBAAuB,EAAE,MAAM,CAAC;IAChC,uBAAuB,EAAE,MAAM,CAAC;CACjC,CAAC;AAGF;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,EACvC,UAAU,EACV,kBAAkB,EAClB,aAAa,EACb,QAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,qBAAqB,EACrB,oBAAoB,EACpB,uBAAuB,EACvB,uBAAuB,GACxB,EAAE,6BAA6B,2CAyQ/B"}
+{"version":3,"file":"profile_picture_library_tab.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/my_settings/components/profile_picture_library_tab.tsx"],"names":[],"mappings":"AAeA,MAAM,MAAM,6BAA6B,GAAG;IAC1C,UAAU,EAAE,OAAO,CAAC;IACpB,kBAAkB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,CAAC;IAC3C,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IAC1C,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uBAAuB,EAAE,MAAM,CAAC;IAChC,uBAAuB,EAAE,MAAM,CAAC;CACjC,CAAC;AAGF;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,EACvC,UAAU,EACV,kBAAkB,EAClB,aAAa,EACb,QAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,qBAAqB,EACrB,oBAAoB,EACpB,uBAAuB,EACvB,uBAAuB,GACxB,EAAE,6BAA6B,2CAsQ/B"}

package/dist/components/layouts/my_settings/components/profile_picture_library_tab.js

@@ -112,25 +112,19 @@ export function ProfilePictureLibraryTab({ useLibrary, onUseLibraryChange, onPho
     const getInitials = () => {
         return "L";
     };
-    // Map column count to Tailwind grid class
-    const getGridColumnsClass = (columns) => {
-        const columnMap = {
-            1: "grid-cols-1",
-            2: "grid-cols-2",
-            3: "grid-cols-3",
-            4: "grid-cols-4",
-            5: "grid-cols-5",
-            6: "grid-cols-6",
-            7: "grid-cols-7",
-            8: "grid-cols-8",
+    // Get inline style for grid columns (using inline styles instead of Tailwind classes
+    // because dynamic classes like grid-cols-4 may not be included in consuming app's CSS bundle)
+    const getGridColumnsStyle = (columns) => {
+        const validColumns = Math.min(Math.max(columns, 1), 8);
+        return {
+            gridTemplateColumns: `repeat(${validColumns}, minmax(0, 1fr))`,
         };
-        return columnMap[columns] || "grid-cols-4";
     };
-    return (_jsxs("div", { className: "cls_profile_picture_library_tab flex flex-col gap-4", children: [_jsxs("div", { className: "cls_profile_picture_library_tab_switch flex items-center gap-3", children: [_jsx(Switch, { id: "use-library", checked: useLibrary, onCheckedChange: onUseLibraryChange, disabled: disabled, className: "cls_profile_picture_library_tab_switch_input", "aria-label": "Use library photo" }), _jsxs(Label, { htmlFor: "use-library", className: "cls_profile_picture_library_tab_switch_label text-sm font-medium text-[var(--hazo-text-secondary)] cursor-pointer", children: ["Use library photo", _jsx(HazoUITooltip, { message: libraryTooltipMessage, iconSize: tooltipIconSizeSmall, side: "top" })] })] }), _jsxs("div", { className: "cls_profile_picture_library_tab_content grid grid-cols-12 gap-4", children: [_jsxs("div", { className: "cls_profile_picture_library_tab_categories_container flex flex-col gap-2 col-span-3", children: [_jsx(Label, { className: "cls_profile_picture_library_tab_categories_label text-sm font-medium text-[var(--hazo-text-secondary)]", children: "Categories" }), loadingCategories ? (_jsx("div", { className: "cls_profile_picture_library_tab_loading flex items-center justify-center p-8 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px]", children: _jsx(Loader2, { className: "h-6 w-6 text-[var(--hazo-text-subtle)] animate-spin", "aria-hidden": "true" }) })) : categories.length > 0 ? (_jsx(VerticalTabs, { value: selectedCategory || categories[0], onValueChange: setSelectedCategory, className: "cls_profile_picture_library_tab_vertical_tabs", children: _jsx(VerticalTabsList, { className: "cls_profile_picture_library_tab_vertical_tabs_list w-full", children: categories.map((category) => (_jsx(VerticalTabsTrigger, { value: category, className: "cls_profile_picture_library_tab_vertical_tabs_trigger w-full justify-start", children: category }, category))) }) })) : (_jsx("div", { className: "cls_profile_picture_library_tab_no_categories flex items-center justify-center p-8 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px]", children: _jsx("p", { className: "cls_profile_picture_library_tab_no_categories_text text-sm text-[var(--hazo-text-muted)]", children: "No categories available" }) }))] }), _jsxs("div", { className: "cls_profile_picture_library_tab_photos_container flex flex-col gap-2 col-span-6", children: [_jsx(Label, { className: "cls_profile_picture_library_tab_photos_label text-sm font-medium text-[var(--hazo-text-secondary)]", children: "Photos" }), loadingPhotos ? (_jsx("div", { className: "cls_profile_picture_library_tab_photos_loading flex items-center justify-center p-8 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px]", children: _jsx(Loader2, { className: "h-6 w-6 text-[var(--hazo-text-subtle)] animate-spin", "aria-hidden": "true" }) })) : photos.length > 0 ? (_jsx("div", { className: `cls_profile_picture_library_tab_photos_grid grid ${getGridColumnsClass(libraryPhotoGridColumns)} gap-3 overflow-y-auto p-4 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px] max-h-[400px]`, children: photos.map((photoUrl) => (_jsx("button", { type: "button", onClick: () => handlePhotoClick(photoUrl), className: `
+    return (_jsxs("div", { className: "cls_profile_picture_library_tab flex flex-col gap-4", children: [_jsxs("div", { className: "cls_profile_picture_library_tab_switch flex items-center gap-3", children: [_jsx(Switch, { id: "use-library", checked: useLibrary, onCheckedChange: onUseLibraryChange, disabled: disabled, className: "cls_profile_picture_library_tab_switch_input", "aria-label": "Use library photo" }), _jsxs(Label, { htmlFor: "use-library", className: "cls_profile_picture_library_tab_switch_label text-sm font-medium text-[var(--hazo-text-secondary)] cursor-pointer", children: ["Use library photo", _jsx(HazoUITooltip, { message: libraryTooltipMessage, iconSize: tooltipIconSizeSmall, side: "top" })] })] }), _jsxs("div", { className: "cls_profile_picture_library_tab_content grid grid-cols-12 gap-4", children: [_jsxs("div", { className: "cls_profile_picture_library_tab_categories_container flex flex-col gap-2 col-span-3", children: [_jsx(Label, { className: "cls_profile_picture_library_tab_categories_label text-sm font-medium text-[var(--hazo-text-secondary)]", children: "Categories" }), loadingCategories ? (_jsx("div", { className: "cls_profile_picture_library_tab_loading flex items-center justify-center p-8 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px]", children: _jsx(Loader2, { className: "h-6 w-6 text-[var(--hazo-text-subtle)] animate-spin", "aria-hidden": "true" }) })) : categories.length > 0 ? (_jsx(VerticalTabs, { value: selectedCategory || categories[0], onValueChange: setSelectedCategory, className: "cls_profile_picture_library_tab_vertical_tabs", children: _jsx(VerticalTabsList, { className: "cls_profile_picture_library_tab_vertical_tabs_list w-full", children: categories.map((category) => (_jsx(VerticalTabsTrigger, { value: category, className: "cls_profile_picture_library_tab_vertical_tabs_trigger w-full justify-start", children: category }, category))) }) })) : (_jsx("div", { className: "cls_profile_picture_library_tab_no_categories flex items-center justify-center p-8 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px]", children: _jsx("p", { className: "cls_profile_picture_library_tab_no_categories_text text-sm text-[var(--hazo-text-muted)]", children: "No categories available" }) }))] }), _jsxs("div", { className: "cls_profile_picture_library_tab_photos_container flex flex-col gap-2 col-span-6", children: [_jsx(Label, { className: "cls_profile_picture_library_tab_photos_label text-sm font-medium text-[var(--hazo-text-secondary)]", children: "Photos" }), loadingPhotos ? (_jsx("div", { className: "cls_profile_picture_library_tab_photos_loading flex items-center justify-center p-8 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px]", children: _jsx(Loader2, { className: "h-6 w-6 text-[var(--hazo-text-subtle)] animate-spin", "aria-hidden": "true" }) })) : photos.length > 0 ? (_jsx("div", { className: "cls_profile_picture_library_tab_photos_grid grid gap-3 overflow-y-auto p-4 border border-[var(--hazo-border)] rounded-lg bg-[var(--hazo-bg-subtle)] min-h-[400px] max-h-[400px]", style: getGridColumnsStyle(libraryPhotoGridColumns), children: photos.map((photoUrl) => (_jsx("button", { type: "button", onClick: () => handlePhotoClick(photoUrl), className: `
                     cls_profile_picture_library_tab_photo_thumbnail
                     w-full aspect-square rounded-lg overflow-hidden border-2 transition-colors cursor-pointer
                     ${selectedPhoto === photoUrl ? "border-blue-500 ring-2 ring-blue-200" : "border-[var(--hazo-border)] hover:border-[var(--hazo-border-emphasis)]"}
-                  `, style: { minHeight: '80px', minWidth: '80px' }, "aria-label": `Select photo ${photoUrl.split('/').pop()}`, children: _jsx("img", { src: photoUrl, alt: `Library photo ${photoUrl.split('/').pop()}`, className: "cls_profile_picture_library_tab_photo_thumbnail_image w-full h-full object-cover", loading: "lazy", onError: (e) => {
+                  `, style: { minHeight: '80px', minWidth: '80px', aspectRatio: '1/1' }, "aria-label": `Select photo ${photoUrl.split('/').pop()}`, children: _jsx("img", { src: photoUrl, alt: `Library photo ${photoUrl.split('/').pop()}`, className: "cls_profile_picture_library_tab_photo_thumbnail_image w-full h-full object-cover", loading: "lazy", onError: (e) => {
                                             // Fallback if image fails to load
                                             const target = e.target;
                                             target.style.display = 'none';

package/dist/components/layouts/rbac_test/index.d.ts

@@ -2,8 +2,6 @@ export type RbacTestLayoutProps = {
     className?: string;
     /** Whether HRBAC is enabled (passed from server) */
     hrbacEnabled?: boolean;
-    /** Default organization for HRBAC scopes */
-    defaultOrg?: string;
 };
 /**
  * RBAC/HRBAC Test layout component
@@ -11,5 +9,5 @@ export type RbacTestLayoutProps = {
  * @param props - Component props
  * @returns RBAC test layout component
  */
-export declare function RbacTestLayout({ className, hrbacEnabled, defaultOrg, }: RbacTestLayoutProps): import("react/jsx-runtime").JSX.Element;
+export declare function RbacTestLayout({ className, hrbacEnabled, }: RbacTestLayoutProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=index.d.ts.map

package/dist/components/layouts/rbac_test/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/rbac_test/index.tsx"],"names":[],"mappings":"AA2CA,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AA+GF;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,EAC7B,SAAS,EACT,YAAoB,EACpB,UAAe,GAChB,EAAE,mBAAmB,2CAw3BrB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/rbac_test/index.tsx"],"names":[],"mappings":"AA2CA,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB,CAAC;AAgHF;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,EAC7B,SAAS,EACT,YAAoB,GACrB,EAAE,mBAAmB,2CAw3BrB"}

package/dist/components/layouts/rbac_test/index.js

@@ -60,7 +60,7 @@ function getUserInitials(user) {
  * @param props - Component props
  * @returns RBAC test layout component
  */
-export function RbacTestLayout({ className, hrbacEnabled = false, defaultOrg = "", }) {
+export function RbacTestLayout({ className, hrbacEnabled = false, }) {
     var _a;
     const { apiBasePath } = useHazoAuthConfig();
     const authResult = use_hazo_auth();
@@ -361,7 +361,7 @@ export function RbacTestLayout({ className, hrbacEnabled = false, defaultOrg = "
     }
     return (_jsxs("div", { className: `cls_rbac_test_layout flex flex-col gap-6 p-4 w-full max-w-5xl mx-auto ${className || ""}`, children: [_jsxs("div", { className: "cls_rbac_test_header", children: [_jsx("h1", { className: "text-2xl font-bold", children: "RBAC & HRBAC Test" }), _jsx("p", { className: "text-muted-foreground", children: "Test Role-Based Access Control (RBAC) and Hierarchical RBAC (HRBAC) for any user." })] }), _jsxs(Card, { children: [_jsxs(CardHeader, { children: [_jsxs(CardTitle, { className: "text-lg flex items-center gap-2", children: [_jsx(User, { className: "h-5 w-5" }), "Select User to Test"] }), _jsx(CardDescription, { children: "Choose a user to test their permissions and scope access" })] }), _jsxs(CardContent, { className: "flex flex-col gap-4", children: [_jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(Label, { htmlFor: "user_select", children: "User" }), usersLoading ? (_jsxs("div", { className: "flex items-center gap-2 p-2", children: [_jsx(Loader2, { className: "h-4 w-4 animate-spin" }), _jsx("span", { className: "text-sm text-muted-foreground", children: "Loading users..." })] })) : (_jsxs(Select, { value: selectedUserId, onValueChange: setSelectedUserId, children: [_jsx(SelectTrigger, { id: "user_select", className: "w-full", children: _jsx(SelectValue, { placeholder: "Select a user" }) }), _jsx(SelectContent, { children: users.map((user) => (_jsx(SelectItem, { value: user.id, children: _jsxs("div", { className: "flex items-center gap-2", children: [_jsxs(Avatar, { className: "h-6 w-6", children: [_jsx(AvatarImage, { src: user.profile_picture_url || undefined }), _jsx(AvatarFallback, { className: "bg-slate-200 text-slate-600 text-xs", children: getUserInitials(user) })] }), _jsx("span", { children: user.name || user.email_address }), user.name && (_jsxs("span", { className: "text-muted-foreground text-xs", children: ["(", user.email_address, ")"] }))] }) }, user.id))) })] }))] }), selectedUser && (_jsxs("div", { className: "grid grid-cols-1 md:grid-cols-2 gap-4 p-4 border rounded-lg bg-muted/30", children: [_jsxs("div", { className: "flex items-center gap-3", children: [_jsxs(Avatar, { className: "h-12 w-12", children: [_jsx(AvatarImage, { src: selectedUser.profile_picture_url || undefined }), _jsx(AvatarFallback, { className: "bg-slate-200 text-slate-600", children: getUserInitials(selectedUser) })] }), _jsxs("div", { children: [_jsx("p", { className: "font-medium", children: selectedUser.name || selectedUser.email_address }), selectedUser.name && (_jsx("p", { className: "text-sm text-muted-foreground", children: selectedUser.email_address })), _jsxs("p", { className: "text-xs text-muted-foreground font-mono", children: [selectedUser.id.substring(0, 8), "..."] })] })] }), userDataLoading ? (_jsx("div", { className: "flex items-center justify-center", children: _jsx(Loader2, { className: "h-5 w-5 animate-spin text-slate-400" }) })) : (_jsxs("div", { className: "flex flex-col gap-2", children: [_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Permissions" }), _jsx("div", { className: "flex flex-wrap gap-1 mt-1", children: userPermissions.length > 0 ? (userPermissions.map((p) => (_jsx("span", { className: "px-2 py-0.5 bg-blue-100 text-blue-700 rounded text-xs", children: p }, p)))) : (_jsx("span", { className: "text-muted-foreground text-sm", children: "None" })) })] }), hrbacEnabled && (_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Assigned Scopes" }), _jsx("div", { className: "flex flex-wrap gap-1 mt-1", children: userScopes.length > 0 ? (userScopes.map((s) => (_jsx("span", { className: "px-2 py-0.5 bg-green-100 text-green-700 rounded text-xs", title: `${SCOPE_LEVEL_LABELS[s.scope_type]}: ${s.scope_seq}`, children: s.scope_seq }, `${s.scope_type}-${s.scope_id}`)))) : (_jsx("span", { className: "text-muted-foreground text-sm", children: "None" })) })] }))] }))] }))] })] }), _jsxs(Tabs, { defaultValue: "rbac", className: "w-full", children: [_jsxs(TabsList, { className: "grid w-full grid-cols-2", children: [_jsxs(TabsTrigger, { value: "rbac", className: "flex items-center gap-2", children: [_jsx(Shield, { className: "h-4 w-4" }), "RBAC Test"] }), _jsxs(TabsTrigger, { value: "hrbac", className: "flex items-center gap-2", disabled: !hrbacEnabled, children: [_jsx(FolderTree, { className: "h-4 w-4" }), "HRBAC Test ", !hrbacEnabled && "(Disabled)"] })] }), _jsxs(TabsContent, { value: "rbac", className: "flex flex-col gap-4", children: [_jsxs(Card, { children: [_jsxs(CardHeader, { children: [_jsx(CardTitle, { className: "text-lg", children: "Permission Test" }), _jsx(CardDescription, { children: "Select permissions to test if the selected user has them" })] }), _jsxs(CardContent, { className: "flex flex-col gap-4", children: [permissionsLoading ? (_jsx("div", { className: "flex items-center justify-center p-4", children: _jsx(Loader2, { className: "h-5 w-5 animate-spin text-slate-400" }) })) : (_jsx("div", { className: "grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-2 max-h-[300px] overflow-auto p-2 border rounded", children: availablePermissions.map((perm) => (_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Checkbox, { id: `rbac_${perm.permission_name}`, checked: selectedPermissions.includes(perm.permission_name), onCheckedChange: (checked) => handlePermissionToggle(perm.permission_name, checked) }), _jsxs("label", { htmlFor: `rbac_${perm.permission_name}`, className: "text-sm cursor-pointer flex-1", children: [perm.permission_name, userPermissions.includes(perm.permission_name) && (_jsx(CheckCircle, { className: "inline h-3 w-3 text-green-500 ml-1" }))] })] }, perm.permission_name))) })), _jsxs("div", { className: "flex items-center gap-2 text-sm text-muted-foreground", children: [_jsxs("span", { children: ["Selected: ", selectedPermissions.length, " permission(s)"] }), selectedPermissions.length > 0 && (_jsxs("span", { className: "text-xs", children: ["(", selectedPermissions.join(", "), ")"] }))] }), _jsxs("div", { className: "flex gap-2", children: [_jsx(Button, { onClick: handleRunRbacTest, disabled: rbacTesting || !selectedUserId, children: rbacTesting ? (_jsxs(_Fragment, { children: [_jsx(Loader2, { className: "h-4 w-4 mr-2 animate-spin" }), "Testing..."] })) : (_jsxs(_Fragment, { children: [_jsx(Play, { className: "h-4 w-4 mr-2" }), "Test Permissions"] })) }), _jsx(Button, { onClick: handleClearRbac, variant: "outline", children: "Clear" })] })] })] }), rbacResult && (_jsxs(Card, { className: rbacResult.permission_ok
                                     ? "border-green-200 bg-green-50/50"
-                                    : "border-red-200 bg-red-50/50", children: [_jsx(CardHeader, { children: _jsx(CardTitle, { className: "text-lg flex items-center gap-2", children: rbacResult.permission_ok ? (_jsxs(_Fragment, { children: [_jsx(CheckCircle, { className: "h-5 w-5 text-green-500" }), _jsx("span", { className: "text-green-700", children: "Permission Check Passed" })] })) : (_jsxs(_Fragment, { children: [_jsx(XCircle, { className: "h-5 w-5 text-red-500" }), _jsx("span", { className: "text-red-700", children: "Permission Check Failed" })] })) }) }), _jsxs(CardContent, { className: "flex flex-col gap-3", children: [rbacResult.error && (_jsx("div", { className: "bg-red-100 border border-red-200 rounded p-3", children: _jsx("p", { className: "text-red-700 text-sm", children: rbacResult.error }) })), _jsxs("div", { className: "grid grid-cols-2 gap-4", children: [_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Authenticated" }), _jsx("p", { className: `text-sm font-medium ${rbacResult.authenticated ? "text-green-600" : "text-red-600"}`, children: rbacResult.authenticated ? "Yes" : "No" })] }), _jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Permission OK" }), _jsx("p", { className: `text-sm font-medium ${rbacResult.permission_ok ? "text-green-600" : "text-red-600"}`, children: rbacResult.permission_ok ? "Yes" : "No" })] })] }), rbacResult.missing_permissions && rbacResult.missing_permissions.length > 0 && (_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Missing Permissions" }), _jsx("div", { className: "flex flex-wrap gap-1 mt-1", children: rbacResult.missing_permissions.map((p) => (_jsx("span", { className: "px-2 py-0.5 bg-red-100 text-red-700 rounded text-xs", children: p }, p))) })] }))] })] }))] }), _jsx(TabsContent, { value: "hrbac", className: "flex flex-col gap-4", children: !hrbacEnabled ? (_jsx(Card, { children: _jsxs(CardContent, { className: "flex flex-col items-center justify-center p-8 gap-4", children: [_jsx(AlertCircle, { className: "h-12 w-12 text-amber-500" }), _jsx("h2", { className: "text-lg font-semibold", children: "HRBAC Not Enabled" }), _jsxs("p", { className: "text-muted-foreground text-center max-w-md", children: ["Enable HRBAC by setting", " ", _jsx("code", { className: "bg-muted px-1 py-0.5 rounded", children: "enable_hrbac = true" }), " in the", " ", _jsx("code", { className: "bg-muted px-1 py-0.5 rounded", children: "[hazo_auth__scope_hierarchy]" }), " ", "section."] })] }) })) : (_jsxs(_Fragment, { children: [_jsxs(Card, { children: [_jsxs(CardHeader, { children: [_jsxs(CardTitle, { className: "text-lg flex items-center justify-between", children: [_jsx("span", { children: "Scope Access Test" }), _jsxs(Button, { variant: "outline", size: "sm", onClick: () => void loadScopeTree(), disabled: treeLoading, children: [_jsx(RefreshCw, { className: `h-4 w-4 mr-2 ${treeLoading ? "animate-spin" : ""}` }), "Refresh"] })] }), _jsx(CardDescription, { children: "Select a scope from the tree and test if the selected user has access" })] }), _jsxs(CardContent, { className: "flex flex-col gap-4", children: [_jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(Label, { children: "Select Scope" }), treeLoading ? (_jsx("div", { className: "flex items-center justify-center p-8 border rounded-lg", children: _jsx(Loader2, { className: "h-6 w-6 animate-spin text-slate-400" }) })) : scopeTree.length === 0 ? (_jsxs("div", { className: "flex flex-col items-center justify-center p-6 border rounded-lg border-dashed", children: [_jsx(FolderTree, { className: "h-8 w-8 text-muted-foreground mb-2" }), _jsx("p", { className: "text-sm text-muted-foreground text-center", children: "No scopes available. Create scopes in User Management first." })] })) : (_jsx("div", { className: "border rounded-lg max-h-[250px] overflow-auto", children: _jsx(TreeView, { data: treeData, expandAll: true, defaultNodeIcon: Building2, defaultLeafIcon: Building2, onSelectChange: handleTreeSelectChange, initialSelectedItemId: selectedTreeItem === null || selectedTreeItem === void 0 ? void 0 : selectedTreeItem.id, className: "w-full" }) }))] }), (selectedTreeItem === null || selectedTreeItem === void 0 ? void 0 : selectedTreeItem.scopeData) && (_jsxs("div", { className: "p-3 border rounded-lg bg-muted/50", children: [_jsxs("p", { className: "text-sm", children: [_jsx("span", { className: "font-medium", children: "Selected:" }), " ", selectedTreeItem.scopeData.name] }), _jsxs("p", { className: "text-xs text-muted-foreground", children: [SCOPE_LEVEL_LABELS[selectedTreeItem.scopeData.level], " -", " ", selectedTreeItem.scopeData.seq, " (", selectedTreeItem.scopeData.org, ")"] })] })), _jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(Label, { children: "Additional Permissions (Optional)" }), permissionsLoading ? (_jsx("div", { className: "flex items-center justify-center p-4", children: _jsx(Loader2, { className: "h-5 w-5 animate-spin text-slate-400" }) })) : (_jsx("div", { className: "grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-2 max-h-[150px] overflow-auto p-2 border rounded", children: availablePermissions.map((perm) => (_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Checkbox, { id: `hrbac_${perm.permission_name}`, checked: hrbacPermissions.includes(perm.permission_name), onCheckedChange: (checked) => handleHrbacPermissionToggle(perm.permission_name, checked) }), _jsx("label", { htmlFor: `hrbac_${perm.permission_name}`, className: "text-sm cursor-pointer flex-1", children: perm.permission_name })] }, perm.permission_name))) }))] }), _jsxs("div", { className: "flex gap-2", children: [_jsx(Button, { onClick: handleRunHrbacTest, disabled: hrbacTesting || !selectedUserId || !(selectedTreeItem === null || selectedTreeItem === void 0 ? void 0 : selectedTreeItem.scopeData), children: hrbacTesting ? (_jsxs(_Fragment, { children: [_jsx(Loader2, { className: "h-4 w-4 mr-2 animate-spin" }), "Testing..."] })) : (_jsxs(_Fragment, { children: [_jsx(Play, { className: "h-4 w-4 mr-2" }), "Test Scope Access"] })) }), _jsx(Button, { onClick: handleClearHrbac, variant: "outline", children: "Clear" })] })] })] }), hrbacResult && (_jsxs(Card, { className: hrbacResult.scope_ok
+                                    : "border-red-200 bg-red-50/50", children: [_jsx(CardHeader, { children: _jsx(CardTitle, { className: "text-lg flex items-center gap-2", children: rbacResult.permission_ok ? (_jsxs(_Fragment, { children: [_jsx(CheckCircle, { className: "h-5 w-5 text-green-500" }), _jsx("span", { className: "text-green-700", children: "Permission Check Passed" })] })) : (_jsxs(_Fragment, { children: [_jsx(XCircle, { className: "h-5 w-5 text-red-500" }), _jsx("span", { className: "text-red-700", children: "Permission Check Failed" })] })) }) }), _jsxs(CardContent, { className: "flex flex-col gap-3", children: [rbacResult.error && (_jsx("div", { className: "bg-red-100 border border-red-200 rounded p-3", children: _jsx("p", { className: "text-red-700 text-sm", children: rbacResult.error }) })), _jsxs("div", { className: "grid grid-cols-2 gap-4", children: [_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Authenticated" }), _jsx("p", { className: `text-sm font-medium ${rbacResult.authenticated ? "text-green-600" : "text-red-600"}`, children: rbacResult.authenticated ? "Yes" : "No" })] }), _jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Permission OK" }), _jsx("p", { className: `text-sm font-medium ${rbacResult.permission_ok ? "text-green-600" : "text-red-600"}`, children: rbacResult.permission_ok ? "Yes" : "No" })] })] }), rbacResult.missing_permissions && rbacResult.missing_permissions.length > 0 && (_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Missing Permissions" }), _jsx("div", { className: "flex flex-wrap gap-1 mt-1", children: rbacResult.missing_permissions.map((p) => (_jsx("span", { className: "px-2 py-0.5 bg-red-100 text-red-700 rounded text-xs", children: p }, p))) })] }))] })] }))] }), _jsx(TabsContent, { value: "hrbac", className: "flex flex-col gap-4", children: !hrbacEnabled ? (_jsx(Card, { children: _jsxs(CardContent, { className: "flex flex-col items-center justify-center p-8 gap-4", children: [_jsx(AlertCircle, { className: "h-12 w-12 text-amber-500" }), _jsx("h2", { className: "text-lg font-semibold", children: "HRBAC Not Enabled" }), _jsxs("p", { className: "text-muted-foreground text-center max-w-md", children: ["Enable HRBAC by setting", " ", _jsx("code", { className: "bg-muted px-1 py-0.5 rounded", children: "enable_hrbac = true" }), " in the", " ", _jsx("code", { className: "bg-muted px-1 py-0.5 rounded", children: "[hazo_auth__scope_hierarchy]" }), " ", "section."] })] }) })) : (_jsxs(_Fragment, { children: [_jsxs(Card, { children: [_jsxs(CardHeader, { children: [_jsxs(CardTitle, { className: "text-lg flex items-center justify-between", children: [_jsx("span", { children: "Scope Access Test" }), _jsxs(Button, { variant: "outline", size: "sm", onClick: () => void loadScopeTree(), disabled: treeLoading, children: [_jsx(RefreshCw, { className: `h-4 w-4 mr-2 ${treeLoading ? "animate-spin" : ""}` }), "Refresh"] })] }), _jsx(CardDescription, { children: "Select a scope from the tree and test if the selected user has access" })] }), _jsxs(CardContent, { className: "flex flex-col gap-4", children: [_jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(Label, { children: "Select Scope" }), treeLoading ? (_jsx("div", { className: "flex items-center justify-center p-8 border rounded-lg", children: _jsx(Loader2, { className: "h-6 w-6 animate-spin text-slate-400" }) })) : scopeTree.length === 0 ? (_jsxs("div", { className: "flex flex-col items-center justify-center p-6 border rounded-lg border-dashed", children: [_jsx(FolderTree, { className: "h-8 w-8 text-muted-foreground mb-2" }), _jsx("p", { className: "text-sm text-muted-foreground text-center", children: "No scopes available. Create scopes in User Management first." })] })) : (_jsx("div", { className: "border rounded-lg max-h-[250px] overflow-auto", children: _jsx(TreeView, { data: treeData, expandAll: true, defaultNodeIcon: Building2, defaultLeafIcon: Building2, onSelectChange: handleTreeSelectChange, initialSelectedItemId: selectedTreeItem === null || selectedTreeItem === void 0 ? void 0 : selectedTreeItem.id, className: "w-full" }) }))] }), (selectedTreeItem === null || selectedTreeItem === void 0 ? void 0 : selectedTreeItem.scopeData) && (_jsxs("div", { className: "p-3 border rounded-lg bg-muted/50", children: [_jsxs("p", { className: "text-sm", children: [_jsx("span", { className: "font-medium", children: "Selected:" }), " ", selectedTreeItem.scopeData.name] }), _jsxs("p", { className: "text-xs text-muted-foreground", children: [SCOPE_LEVEL_LABELS[selectedTreeItem.scopeData.level], " -", " ", selectedTreeItem.scopeData.seq] })] })), _jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(Label, { children: "Additional Permissions (Optional)" }), permissionsLoading ? (_jsx("div", { className: "flex items-center justify-center p-4", children: _jsx(Loader2, { className: "h-5 w-5 animate-spin text-slate-400" }) })) : (_jsx("div", { className: "grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-2 max-h-[150px] overflow-auto p-2 border rounded", children: availablePermissions.map((perm) => (_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Checkbox, { id: `hrbac_${perm.permission_name}`, checked: hrbacPermissions.includes(perm.permission_name), onCheckedChange: (checked) => handleHrbacPermissionToggle(perm.permission_name, checked) }), _jsx("label", { htmlFor: `hrbac_${perm.permission_name}`, className: "text-sm cursor-pointer flex-1", children: perm.permission_name })] }, perm.permission_name))) }))] }), _jsxs("div", { className: "flex gap-2", children: [_jsx(Button, { onClick: handleRunHrbacTest, disabled: hrbacTesting || !selectedUserId || !(selectedTreeItem === null || selectedTreeItem === void 0 ? void 0 : selectedTreeItem.scopeData), children: hrbacTesting ? (_jsxs(_Fragment, { children: [_jsx(Loader2, { className: "h-4 w-4 mr-2 animate-spin" }), "Testing..."] })) : (_jsxs(_Fragment, { children: [_jsx(Play, { className: "h-4 w-4 mr-2" }), "Test Scope Access"] })) }), _jsx(Button, { onClick: handleClearHrbac, variant: "outline", children: "Clear" })] })] })] }), hrbacResult && (_jsxs(Card, { className: hrbacResult.scope_ok
                                         ? "border-green-200 bg-green-50/50"
                                         : "border-red-200 bg-red-50/50", children: [_jsx(CardHeader, { children: _jsx(CardTitle, { className: "text-lg flex items-center gap-2", children: hrbacResult.scope_ok ? (_jsxs(_Fragment, { children: [_jsx(CheckCircle, { className: "h-5 w-5 text-green-500" }), _jsx("span", { className: "text-green-700", children: "Scope Access Granted" })] })) : (_jsxs(_Fragment, { children: [_jsx(XCircle, { className: "h-5 w-5 text-red-500" }), _jsx("span", { className: "text-red-700", children: "Scope Access Denied" })] })) }) }), _jsxs(CardContent, { className: "flex flex-col gap-3", children: [hrbacResult.error && (_jsx("div", { className: "bg-red-100 border border-red-200 rounded p-3", children: _jsx("p", { className: "text-red-700 text-sm", children: hrbacResult.error }) })), _jsxs("div", { className: "grid grid-cols-2 md:grid-cols-4 gap-4", children: [_jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Authenticated" }), _jsx("p", { className: `text-sm font-medium ${hrbacResult.authenticated ? "text-green-600" : "text-red-600"}`, children: hrbacResult.authenticated ? "Yes" : "No" })] }), _jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Permission OK" }), _jsx("p", { className: `text-sm font-medium ${hrbacResult.permission_ok ? "text-green-600" : "text-red-600"}`, children: hrbacResult.permission_ok ? "Yes" : "No" })] }), _jsxs("div", { children: [_jsx(Label, { className: "text-muted-foreground text-xs", children: "Scope OK" }), _jsx("p", { className: `text-sm font-medium ${hrbacResult.scope_ok === undefined
                                                                         ? "text-muted-foreground"

package/dist/components/layouts/shared/components/auth_navbar.d.ts

@@ -0,0 +1,26 @@
+export type AuthNavbarProps = {
+    /** Logo image path */
+    logo_path?: string;
+    /** Logo width in pixels */
+    logo_width?: number;
+    /** Logo height in pixels */
+    logo_height?: number;
+    /** Company/application name displayed next to logo */
+    company_name?: string;
+    /** Home link path */
+    home_path?: string;
+    /** Home link label */
+    home_label?: string;
+    /** Show home link */
+    show_home_link?: boolean;
+    /** Navbar background color */
+    background_color?: string;
+    /** Navbar text color */
+    text_color?: string;
+    /** Navbar height in pixels */
+    height?: number;
+    /** Additional CSS class */
+    className?: string;
+};
+export declare function AuthNavbar({ logo_path, logo_width, logo_height, company_name, home_path, home_label, show_home_link, background_color, text_color, height, className, }: AuthNavbarProps): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=auth_navbar.d.ts.map

package/dist/components/layouts/shared/components/auth_navbar.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth_navbar.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/auth_navbar.tsx"],"names":[],"mappings":"AAWA,MAAM,MAAM,eAAe,GAAG;IAC5B,sBAAsB;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8BAA8B;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wBAAwB;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2BAA2B;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF,wBAAgB,UAAU,CAAC,EACzB,SAAuB,EACvB,UAAe,EACf,WAAgB,EAChB,YAAiB,EACjB,SAAe,EACf,UAAmB,EACnB,cAAqB,EACrB,gBAAgB,EAChB,UAAU,EACV,MAAW,EACX,SAAS,GACV,EAAE,eAAe,2CAiDjB"}