hazo_auth 4.4.1 → 4.5.0

package/dist/components/layouts/user_management/index.js

@@ -13,6 +13,8 @@ import { AlertDialog, AlertDialogAction, AlertDialogCancel, AlertDialogContent,
 import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle, } from "../../ui/dialog";
 import { Input } from "../../ui/input";
 import { Label } from "../../ui/label";
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue, } from "../../ui/select";
+import { UserTypeBadge } from "../../ui/user-type-badge";
 import { RolesMatrix } from "./components/roles_matrix";
 import { ScopeHierarchyTab } from "./components/scope_hierarchy_tab";
 import { ScopeLabelsTab } from "./components/scope_labels_tab";
@@ -34,7 +36,7 @@ import { useHazoAuthConfig } from "../../../contexts/hazo_auth_provider";
  * @param props - Component props
  * @returns User Management layout component
  */
-export function UserManagementLayout({ className, hrbacEnabled = false, multiTenancyEnabled = false, defaultOrg = "" }) {
+export function UserManagementLayout({ className, hrbacEnabled = false, multiTenancyEnabled = false, userTypesEnabled = false, availableUserTypes = [] }) {
     const { apiBasePath } = useHazoAuthConfig();
     // Permission checks
     const authResult = use_hazo_auth();
@@ -70,6 +72,7 @@ export function UserManagementLayout({ className, hrbacEnabled = false, multiTen
     const [assignRolesDialogOpen, setAssignRolesDialogOpen] = useState(false);
     const [selectedUser, setSelectedUser] = useState(null);
     const [usersActionLoading, setUsersActionLoading] = useState(false);
+    const [userTypeUpdateLoading, setUserTypeUpdateLoading] = useState(false);
     // Tab 3: Permissions state
     const [permissions, setPermissions] = useState([]);
     const [permissionsLoading, setPermissionsLoading] = useState(true);
@@ -219,6 +222,47 @@ export function UserManagementLayout({ className, hrbacEnabled = false, multiTen
             setUsersActionLoading(false);
         }
     };
+    // Get user type info by key
+    const getUserTypeInfo = (typeKey) => {
+        if (!typeKey || !userTypesEnabled)
+            return null;
+        return availableUserTypes.find((t) => t.key === typeKey) || null;
+    };
+    // Handle user type change
+    const handleUserTypeChange = async (newType) => {
+        if (!selectedUser)
+            return;
+        setUserTypeUpdateLoading(true);
+        try {
+            const response = await fetch(`${apiBasePath}/user_management/users`, {
+                method: "PATCH",
+                headers: {
+                    "Content-Type": "application/json",
+                },
+                body: JSON.stringify({
+                    user_id: selectedUser.id,
+                    user_type: newType || null,
+                }),
+            });
+            const data = await response.json();
+            if (data.success) {
+                toast.success("User type updated successfully");
+                // Update local state
+                setSelectedUser(Object.assign(Object.assign({}, selectedUser), { user_type: newType || null }));
+                // Reload users list
+                await loadUsers();
+            }
+            else {
+                toast.error(data.error || "Failed to update user type");
+            }
+        }
+        catch (error) {
+            toast.error("Failed to update user type");
+        }
+        finally {
+            setUserTypeUpdateLoading(false);
+        }
+    };
     // Handle migrate permissions
     const handleMigratePermissions = async () => {
         var _a, _b;
@@ -442,14 +486,17 @@ export function UserManagementLayout({ className, hrbacEnabled = false, multiTen
                         showPermissionsTab ? "permissions" :
                             showScopeLabelsTab ? "scope_labels" :
                                 showScopeHierarchyTab ? "scope_hierarchy" :
-                                    showUserScopesTab ? "user_scopes" : "users", className: "cls_user_management_tabs w-full", children: [_jsxs(TabsList, { className: "cls_user_management_tabs_list flex w-full flex-wrap", children: [showUsersTab && (_jsx(TabsTrigger, { value: "users", className: "cls_user_management_tabs_trigger flex-1", children: "Manage Users" })), showRolesTab && (_jsx(TabsTrigger, { value: "roles", className: "cls_user_management_tabs_trigger flex-1", children: "Roles" })), showPermissionsTab && (_jsx(TabsTrigger, { value: "permissions", className: "cls_user_management_tabs_trigger flex-1", children: "Permissions" })), showScopeLabelsTab && (_jsx(TabsTrigger, { value: "scope_labels", className: "cls_user_management_tabs_trigger flex-1", children: "Scope Labels" })), showScopeHierarchyTab && (_jsx(TabsTrigger, { value: "scope_hierarchy", className: "cls_user_management_tabs_trigger flex-1", children: "Scope Hierarchy" })), showUserScopesTab && (_jsx(TabsTrigger, { value: "user_scopes", className: "cls_user_management_tabs_trigger flex-1", children: "User Scopes" })), showOrgsTab && (_jsx(TabsTrigger, { value: "organizations", className: "cls_user_management_tabs_trigger flex-1", children: "Organizations" }))] }), showUsersTab && (_jsx(TabsContent, { value: "users", className: "cls_user_management_tab_users w-full", children: usersLoading ? (_jsx("div", { className: "cls_user_management_users_loading flex items-center justify-center p-8", children: _jsx(Loader2, { className: "h-6 w-6 animate-spin text-slate-400" }) })) : (_jsx("div", { className: "cls_user_management_users_table_container border rounded-lg overflow-auto w-full", children: _jsxs(Table, { className: "cls_user_management_users_table w-full", children: [_jsx(TableHeader, { className: "cls_user_management_users_table_header", children: _jsxs(TableRow, { className: "cls_user_management_users_table_header_row", children: [_jsx(TableHead, { className: "cls_user_management_users_table_header_profile_pic w-16", children: "Photo" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_id", children: "ID" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_name", children: "Name" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_email", children: "Email" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_email_verified", children: "Email Verified" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_is_active", children: "Active" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_last_logon", children: "Last Logon" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_created_at", children: "Created At" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_actions text-right", children: "Actions" })] }) }), _jsx(TableBody, { className: "cls_user_management_users_table_body", children: users.length === 0 ? (_jsx(TableRow, { className: "cls_user_management_users_table_row_empty", children: _jsx(TableCell, { colSpan: 9, className: "text-center text-muted-foreground py-8", children: "No users found." }) })) : (users.map((user) => (_jsxs(TableRow, { className: "cls_user_management_users_table_row cursor-pointer hover:bg-muted/50", onClick: () => {
+                                    showUserScopesTab ? "user_scopes" : "users", className: "cls_user_management_tabs w-full", children: [_jsxs(TabsList, { className: "cls_user_management_tabs_list flex w-full flex-wrap", children: [showUsersTab && (_jsx(TabsTrigger, { value: "users", className: "cls_user_management_tabs_trigger flex-1", children: "Manage Users" })), showRolesTab && (_jsx(TabsTrigger, { value: "roles", className: "cls_user_management_tabs_trigger flex-1", children: "Roles" })), showPermissionsTab && (_jsx(TabsTrigger, { value: "permissions", className: "cls_user_management_tabs_trigger flex-1", children: "Permissions" })), showScopeLabelsTab && (_jsx(TabsTrigger, { value: "scope_labels", className: "cls_user_management_tabs_trigger flex-1", children: "Scope Labels" })), showScopeHierarchyTab && (_jsx(TabsTrigger, { value: "scope_hierarchy", className: "cls_user_management_tabs_trigger flex-1", children: "Scope Hierarchy" })), showUserScopesTab && (_jsx(TabsTrigger, { value: "user_scopes", className: "cls_user_management_tabs_trigger flex-1", children: "User Scopes" })), showOrgsTab && (_jsx(TabsTrigger, { value: "organizations", className: "cls_user_management_tabs_trigger flex-1", children: "Organizations" }))] }), showUsersTab && (_jsx(TabsContent, { value: "users", className: "cls_user_management_tab_users w-full", children: usersLoading ? (_jsx("div", { className: "cls_user_management_users_loading flex items-center justify-center p-8", children: _jsx(Loader2, { className: "h-6 w-6 animate-spin text-slate-400" }) })) : (_jsx("div", { className: "cls_user_management_users_table_container border rounded-lg overflow-auto w-full", children: _jsxs(Table, { className: "cls_user_management_users_table w-full", children: [_jsx(TableHeader, { className: "cls_user_management_users_table_header", children: _jsxs(TableRow, { className: "cls_user_management_users_table_header_row", children: [_jsx(TableHead, { className: "cls_user_management_users_table_header_profile_pic w-16", children: "Photo" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_id", children: "ID" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_name", children: "Name" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_email", children: "Email" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_email_verified", children: "Email Verified" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_is_active", children: "Active" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_last_logon", children: "Last Logon" }), _jsx(TableHead, { className: "cls_user_management_users_table_header_created_at", children: "Created At" }), userTypesEnabled && (_jsx(TableHead, { className: "cls_user_management_users_table_header_user_type", children: "User Type" })), _jsx(TableHead, { className: "cls_user_management_users_table_header_actions text-right", children: "Actions" })] }) }), _jsx(TableBody, { className: "cls_user_management_users_table_body", children: users.length === 0 ? (_jsx(TableRow, { className: "cls_user_management_users_table_row_empty", children: _jsx(TableCell, { colSpan: userTypesEnabled ? 10 : 9, className: "text-center text-muted-foreground py-8", children: "No users found." }) })) : (users.map((user) => (_jsxs(TableRow, { className: "cls_user_management_users_table_row cursor-pointer hover:bg-muted/50", onClick: () => {
                                                 setSelectedUser(user);
                                                 setUserDetailDialogOpen(true);
                                             }, children: [_jsx(TableCell, { className: "cls_user_management_users_table_cell_profile_pic", children: _jsxs(Avatar, { className: "cls_user_management_users_table_avatar h-8 w-8", children: [_jsx(AvatarImage, { src: user.profile_picture_url || undefined, alt: user.name ? `Profile picture of ${user.name}` : "Profile picture", className: "cls_user_management_users_table_avatar_image" }), _jsx(AvatarFallback, { className: "cls_user_management_users_table_avatar_fallback bg-slate-200 text-slate-600 text-xs", children: getUserInitials(user) })] }) }), _jsxs(TableCell, { className: "cls_user_management_users_table_cell_id font-mono text-xs", children: [user.id.substring(0, 8), "..."] }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_name", children: user.name || "-" }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_email", children: user.email_address }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_email_verified", children: user.email_verified ? (_jsx("span", { className: "text-green-600", children: "Yes" })) : (_jsx("span", { className: "text-red-600", children: "No" })) }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_is_active", children: user.is_active ? (_jsx("span", { className: "text-green-600", children: "Active" })) : (_jsx("span", { className: "text-red-600", children: "Inactive" })) }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_last_logon", children: user.last_logon
                                                         ? new Date(user.last_logon).toLocaleDateString()
                                                         : "-" }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_created_at", children: user.created_at
                                                         ? new Date(user.created_at).toLocaleDateString()
-                                                        : "-" }), _jsx(TableCell, { className: "cls_user_management_users_table_cell_actions text-right", children: _jsx(TooltipProvider, { children: _jsxs("div", { className: "cls_user_management_users_table_actions flex items-center justify-end gap-2", onClick: (e) => e.stopPropagation(), children: [_jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsx(Button, { onClick: () => {
+                                                        : "-" }), userTypesEnabled && (_jsx(TableCell, { className: "cls_user_management_users_table_cell_user_type", children: (() => {
+                                                        const typeInfo = getUserTypeInfo(user.user_type);
+                                                        return typeInfo ? (_jsx(UserTypeBadge, { label: typeInfo.label, color: typeInfo.badge_color })) : (_jsx("span", { className: "text-muted-foreground", children: "-" }));
+                                                    })() })), _jsx(TableCell, { className: "cls_user_management_users_table_cell_actions text-right", children: _jsx(TooltipProvider, { children: _jsxs("div", { className: "cls_user_management_users_table_actions flex items-center justify-end gap-2", onClick: (e) => e.stopPropagation(), children: [_jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsx(Button, { onClick: () => {
                                                                                     setSelectedUser(user);
                                                                                     setAssignRolesDialogOpen(true);
                                                                                 }, variant: "outline", size: "sm", className: "cls_user_management_users_table_action_assign_roles", children: _jsx(UserPlus, { className: "h-4 w-4" }) }) }), _jsx(TooltipContent, { children: _jsx("p", { children: "Assign Roles" }) })] }), user.is_active && (_jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsx(Button, { onClick: () => {
@@ -467,7 +514,7 @@ export function UserManagementLayout({ className, hrbacEnabled = false, multiTen
                                                                                 setEditingPermission(permission);
                                                                                 setEditDescription(permission.description);
                                                                                 setEditPermissionDialogOpen(true);
-                                                                            }, variant: "outline", size: "sm", className: "cls_user_management_permissions_table_action_edit", children: [_jsx(Edit, { className: "h-4 w-4 mr-1" }), "Edit"] }), _jsxs(Button, { onClick: () => handleDeletePermission(permission), disabled: permissionsActionLoading, variant: "outline", size: "sm", className: "cls_user_management_permissions_table_action_delete text-destructive", children: [_jsx(Trash2, { className: "h-4 w-4 mr-1" }), "Delete"] })] })) }) })] }, `${permission.source}-${permission.id}-${permission.permission_name}`)))) })] }) }))] }) })), showScopeLabelsTab && (_jsx(TabsContent, { value: "scope_labels", className: "cls_user_management_tab_scope_labels w-full", children: _jsx(ScopeLabelsTab, { defaultOrg: defaultOrg }) })), showScopeHierarchyTab && (_jsx(TabsContent, { value: "scope_hierarchy", className: "cls_user_management_tab_scope_hierarchy w-full", children: _jsx(ScopeHierarchyTab, { defaultOrg: defaultOrg }) })), showUserScopesTab && (_jsx(TabsContent, { value: "user_scopes", className: "cls_user_management_tab_user_scopes w-full", children: _jsx(UserScopesTab, {}) })), showOrgsTab && (_jsx(TabsContent, { value: "organizations", className: "cls_user_management_tab_organizations w-full", children: _jsx(OrgHierarchyTab, { isGlobalAdmin: hasOrgGlobalAdminPermission }) }))] })), _jsx(AlertDialog, { open: deactivateDialogOpen, onOpenChange: setDeactivateDialogOpen, children: _jsxs(AlertDialogContent, { className: "cls_user_management_deactivate_dialog", children: [_jsxs(AlertDialogHeader, { children: [_jsx(AlertDialogTitle, { children: "Deactivate User" }), _jsxs(AlertDialogDescription, { children: ["Are you sure you want to deactivate ", (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.name) || (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.email_address), "? They will not be able to log in until reactivated."] })] }), _jsxs(AlertDialogFooter, { className: "cls_user_management_deactivate_dialog_footer", children: [_jsx(AlertDialogAction, { onClick: handleDeactivateUser, disabled: usersActionLoading, className: "cls_user_management_deactivate_dialog_confirm", children: usersActionLoading ? (_jsxs(_Fragment, { children: [_jsx(Loader2, { className: "h-4 w-4 mr-2 animate-spin" }), "Deactivating..."] })) : ("Deactivate") }), _jsx(AlertDialogCancel, { onClick: () => {
+                                                                            }, variant: "outline", size: "sm", className: "cls_user_management_permissions_table_action_edit", children: [_jsx(Edit, { className: "h-4 w-4 mr-1" }), "Edit"] }), _jsxs(Button, { onClick: () => handleDeletePermission(permission), disabled: permissionsActionLoading, variant: "outline", size: "sm", className: "cls_user_management_permissions_table_action_delete text-destructive", children: [_jsx(Trash2, { className: "h-4 w-4 mr-1" }), "Delete"] })] })) }) })] }, `${permission.source}-${permission.id}-${permission.permission_name}`)))) })] }) }))] }) })), showScopeLabelsTab && (_jsx(TabsContent, { value: "scope_labels", className: "cls_user_management_tab_scope_labels w-full", children: _jsx(ScopeLabelsTab, {}) })), showScopeHierarchyTab && (_jsx(TabsContent, { value: "scope_hierarchy", className: "cls_user_management_tab_scope_hierarchy w-full", children: _jsx(ScopeHierarchyTab, {}) })), showUserScopesTab && (_jsx(TabsContent, { value: "user_scopes", className: "cls_user_management_tab_user_scopes w-full", children: _jsx(UserScopesTab, {}) })), showOrgsTab && (_jsx(TabsContent, { value: "organizations", className: "cls_user_management_tab_organizations w-full", children: _jsx(OrgHierarchyTab, { isGlobalAdmin: hasOrgGlobalAdminPermission }) }))] })), _jsx(AlertDialog, { open: deactivateDialogOpen, onOpenChange: setDeactivateDialogOpen, children: _jsxs(AlertDialogContent, { className: "cls_user_management_deactivate_dialog", children: [_jsxs(AlertDialogHeader, { children: [_jsx(AlertDialogTitle, { children: "Deactivate User" }), _jsxs(AlertDialogDescription, { children: ["Are you sure you want to deactivate ", (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.name) || (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.email_address), "? They will not be able to log in until reactivated."] })] }), _jsxs(AlertDialogFooter, { className: "cls_user_management_deactivate_dialog_footer", children: [_jsx(AlertDialogAction, { onClick: handleDeactivateUser, disabled: usersActionLoading, className: "cls_user_management_deactivate_dialog_confirm", children: usersActionLoading ? (_jsxs(_Fragment, { children: [_jsx(Loader2, { className: "h-4 w-4 mr-2 animate-spin" }), "Deactivating..."] })) : ("Deactivate") }), _jsx(AlertDialogCancel, { onClick: () => {
                                         setDeactivateDialogOpen(false);
                                         setSelectedUser(null);
                                     }, className: "cls_user_management_deactivate_dialog_cancel", children: "Cancel" })] })] }) }), _jsx(AlertDialog, { open: resetPasswordDialogOpen, onOpenChange: setResetPasswordDialogOpen, children: _jsxs(AlertDialogContent, { className: "cls_user_management_reset_password_dialog", children: [_jsxs(AlertDialogHeader, { children: [_jsx(AlertDialogTitle, { children: "Reset Password" }), _jsxs(AlertDialogDescription, { children: ["Send a password reset email to ", selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.email_address, "? They will receive a link to reset their password."] })] }), _jsxs(AlertDialogFooter, { className: "cls_user_management_reset_password_dialog_footer", children: [_jsx(AlertDialogAction, { onClick: handleResetPassword, disabled: usersActionLoading, className: "cls_user_management_reset_password_dialog_confirm", children: usersActionLoading ? (_jsxs(_Fragment, { children: [_jsx(Loader2, { className: "h-4 w-4 mr-2 animate-spin" }), "Sending..."] })) : ("Send Reset Email") }), _jsx(AlertDialogCancel, { onClick: () => {
@@ -505,7 +552,7 @@ export function UserManagementLayout({ className, hrbacEnabled = false, multiTen
                                                         minute: "2-digit",
                                                         second: "2-digit",
                                                         timeZoneName: "short",
-                                                    }) })) : (_jsx("span", { className: "text-muted-foreground", children: "-" })) })] })] })) }), _jsx(DialogFooter, { className: "cls_user_management_user_detail_dialog_footer", children: _jsx(Button, { onClick: () => setUserDetailDialogOpen(false), variant: "outline", className: "cls_user_management_user_detail_dialog_close", children: "Close" }) })] }) }), _jsx(Dialog, { open: assignRolesDialogOpen, onOpenChange: setAssignRolesDialogOpen, children: _jsxs(DialogContent, { className: "cls_user_management_assign_roles_dialog max-w-4xl max-h-[80vh] overflow-y-auto", children: [_jsxs(DialogHeader, { children: [_jsx(DialogTitle, { children: "Assign Roles to User" }), _jsxs(DialogDescription, { children: ["Select roles to assign to ", (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.name) || (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.email_address), ". Check the roles you want to assign, then click Save."] })] }), _jsx("div", { className: "cls_user_management_assign_roles_dialog_content py-4", children: _jsx(RolesMatrix, { add_button_enabled: false, role_name_selection_enabled: true, permissions_read_only: true, show_save_cancel: true, user_id: selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.id, onSave: (data) => {
+                                                    }) })) : (_jsx("span", { className: "text-muted-foreground", children: "-" })) })] }), userTypesEnabled && (_jsxs("div", { className: "cls_user_management_user_detail_field_user_type flex flex-col gap-2", children: [_jsx(Label, { className: "cls_user_management_user_detail_label font-semibold", children: "User Type" }), _jsxs("div", { className: "cls_user_management_user_detail_user_type_value flex items-center gap-2", children: [_jsxs(Select, { value: selectedUser.user_type || "", onValueChange: (value) => handleUserTypeChange(value), disabled: userTypeUpdateLoading, children: [_jsx(SelectTrigger, { className: "w-48", children: _jsx(SelectValue, { placeholder: "Select user type" }) }), _jsxs(SelectContent, { children: [_jsx(SelectItem, { value: "", children: "None" }), availableUserTypes.map((type) => (_jsx(SelectItem, { value: type.key, children: type.label }, type.key)))] })] }), userTypeUpdateLoading && (_jsx(Loader2, { className: "h-4 w-4 animate-spin text-muted-foreground" }))] })] }))] })) }), _jsx(DialogFooter, { className: "cls_user_management_user_detail_dialog_footer", children: _jsx(Button, { onClick: () => setUserDetailDialogOpen(false), variant: "outline", className: "cls_user_management_user_detail_dialog_close", children: "Close" }) })] }) }), _jsx(Dialog, { open: assignRolesDialogOpen, onOpenChange: setAssignRolesDialogOpen, children: _jsxs(DialogContent, { className: "cls_user_management_assign_roles_dialog max-w-4xl max-h-[80vh] overflow-y-auto", children: [_jsxs(DialogHeader, { children: [_jsx(DialogTitle, { children: "Assign Roles to User" }), _jsxs(DialogDescription, { children: ["Select roles to assign to ", (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.name) || (selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.email_address), ". Check the roles you want to assign, then click Save."] })] }), _jsx("div", { className: "cls_user_management_assign_roles_dialog_content py-4", children: _jsx(RolesMatrix, { add_button_enabled: false, role_name_selection_enabled: true, permissions_read_only: true, show_save_cancel: true, user_id: selectedUser === null || selectedUser === void 0 ? void 0 : selectedUser.id, onSave: (data) => {
                                     // Data is already saved by RolesMatrix component
                                     console.log("User roles saved:", data);
                                     // Refresh users list to show updated roles

package/dist/components/ui/user-type-badge.d.ts

@@ -0,0 +1,23 @@
+export type UserTypeBadgeProps = {
+    /** Display label for the badge */
+    label: string;
+    /** Color - preset name (blue, green, red, etc.) or hex value (#4CAF50) */
+    color: string;
+    /** Additional CSS classes */
+    className?: string;
+};
+/**
+ * UserTypeBadge - Displays a styled badge for user types
+ *
+ * Supports preset colors (blue, green, red, yellow, purple, gray, orange, pink)
+ * and custom hex colors (e.g., #4CAF50).
+ *
+ * @example
+ * // Using preset color
+ * <UserTypeBadge label="Administrator" color="red" />
+ *
+ * // Using custom hex color
+ * <UserTypeBadge label="VIP" color="#FFD700" />
+ */
+export declare function UserTypeBadge({ label, color, className }: UserTypeBadgeProps): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=user-type-badge.d.ts.map

package/dist/components/ui/user-type-badge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-type-badge.d.ts","sourceRoot":"","sources":["../../../src/components/ui/user-type-badge.tsx"],"names":[],"mappings":"AAiBA,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,KAAK,EAAE,MAAM,CAAC;IACd,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAoBF;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,kBAAkB,2CAmC5E"}

package/dist/components/ui/user-type-badge.js

@@ -0,0 +1,42 @@
+// file_description: Badge component for displaying user types with configurable colors
+"use client";
+import { jsx as _jsx } from "react/jsx-runtime";
+import { cn } from "../../lib/utils";
+// section: constants
+const PRESET_COLOR_CLASSES = {
+    blue: "bg-blue-100 text-blue-700 dark:bg-blue-900/30 dark:text-blue-300",
+    green: "bg-green-100 text-green-700 dark:bg-green-900/30 dark:text-green-300",
+    red: "bg-red-100 text-red-700 dark:bg-red-900/30 dark:text-red-300",
+    yellow: "bg-yellow-100 text-yellow-700 dark:bg-yellow-900/30 dark:text-yellow-300",
+    purple: "bg-purple-100 text-purple-700 dark:bg-purple-900/30 dark:text-purple-300",
+    gray: "bg-gray-100 text-gray-700 dark:bg-gray-800 dark:text-gray-300",
+    orange: "bg-orange-100 text-orange-700 dark:bg-orange-900/30 dark:text-orange-300",
+    pink: "bg-pink-100 text-pink-700 dark:bg-pink-900/30 dark:text-pink-300",
+};
+// section: component
+/**
+ * UserTypeBadge - Displays a styled badge for user types
+ *
+ * Supports preset colors (blue, green, red, yellow, purple, gray, orange, pink)
+ * and custom hex colors (e.g., #4CAF50).
+ *
+ * @example
+ * // Using preset color
+ * <UserTypeBadge label="Administrator" color="red" />
+ *
+ * // Using custom hex color
+ * <UserTypeBadge label="VIP" color="#FFD700" />
+ */
+export function UserTypeBadge({ label, color, className }) {
+    const isPreset = color in PRESET_COLOR_CLASSES;
+    if (isPreset) {
+        return (_jsx("span", { className: cn("inline-flex items-center px-2 py-0.5 rounded text-xs font-medium", PRESET_COLOR_CLASSES[color], className), children: label }));
+    }
+    // Custom hex color - use lighter bg with the color as text
+    // Calculate a semi-transparent background from the hex color
+    const style = {
+        backgroundColor: `${color}20`, // 20 = ~12% opacity in hex
+        color: color,
+    };
+    return (_jsx("span", { className: cn("inline-flex items-center px-2 py-0.5 rounded text-xs font-medium", className), style: style, children: label }));
+}

package/dist/lib/auth/auth_types.d.ts

@@ -26,6 +26,7 @@ export type ScopeAccessInfo = {
  * Result type for hazo_get_auth function
  * Returns authenticated state with user data and permissions, or unauthenticated state
  * Optionally includes scope access information when HRBAC is used
+ * Optionally includes org_ok when require_org option is used
  */
 export type HazoAuthResult = {
     authenticated: true;
@@ -35,12 +36,14 @@ export type HazoAuthResult = {
     missing_permissions?: string[];
     scope_ok?: boolean;
     scope_access_via?: ScopeAccessInfo;
+    org_ok?: boolean;
 } | {
     authenticated: false;
     user: null;
     permissions: [];
     permission_ok: false;
     scope_ok?: false;
+    org_ok?: false;
 };
 /**
  * Options for hazo_get_auth function
@@ -71,6 +74,12 @@ export type HazoAuthOptions = {
      * Used if scope_id is not provided
      */
     scope_seq?: string;
+    /**
+     * If true, throws OrgRequiredError when user has no org_id assigned
+     * Only checked when multi-tenancy is enabled
+     * If false or not set (default), org_id is optional and org fields may be null
+     */
+    require_org?: boolean;
 };
 /**
  * Custom error class for permission denials
@@ -101,4 +110,12 @@ export declare class ScopeAccessError extends Error {
         scope_seq: string;
     }>);
 }
+/**
+ * Custom error class for missing organization assignment
+ * Thrown when require_org: true is set but user has no org_id assigned
+ */
+export declare class OrgRequiredError extends Error {
+    user_id: string;
+    constructor(user_id: string);
+}
 //# sourceMappingURL=auth_types.d.ts.map

package/dist/lib/auth/auth_types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth_types.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_types.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACtB;IACE,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,GACD;IACE,aAAa,EAAE,KAAK,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,EAAE,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AAEN;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IAE/B,mBAAmB,EAAE,MAAM,EAAE;IAC7B,gBAAgB,EAAE,MAAM,EAAE;IAC1B,oBAAoB,EAAE,MAAM,EAAE;IAC9B,qBAAqB,CAAC,EAAE,MAAM;gBAH9B,mBAAmB,EAAE,MAAM,EAAE,EAC7B,gBAAgB,EAAE,MAAM,EAAE,EAC1B,oBAAoB,EAAE,MAAM,EAAE,EAC9B,qBAAqB,CAAC,EAAE,MAAM,YAAA;CAKxC;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IAEhC,UAAU,EAAE,MAAM;IAClB,gBAAgB,EAAE,MAAM;IACxB,WAAW,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;gBAF/E,UAAU,EAAE,MAAM,EAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;CAKzF"}
+{"version":3,"file":"auth_types.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_types.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GACtB;IACE,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;IAEnC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,GACD;IACE,aAAa,EAAE,KAAK,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,EAAE,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,EAAE,KAAK,CAAC;IACjB,MAAM,CAAC,EAAE,KAAK,CAAC;CAChB,CAAC;AAEN;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC;AAEF;;;GAGG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IAE/B,mBAAmB,EAAE,MAAM,EAAE;IAC7B,gBAAgB,EAAE,MAAM,EAAE;IAC1B,oBAAoB,EAAE,MAAM,EAAE;IAC9B,qBAAqB,CAAC,EAAE,MAAM;gBAH9B,mBAAmB,EAAE,MAAM,EAAE,EAC7B,gBAAgB,EAAE,MAAM,EAAE,EAC1B,oBAAoB,EAAE,MAAM,EAAE,EAC9B,qBAAqB,CAAC,EAAE,MAAM,YAAA;CAKxC;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IAEhC,UAAU,EAAE,MAAM;IAClB,gBAAgB,EAAE,MAAM;IACxB,WAAW,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;gBAF/E,UAAU,EAAE,MAAM,EAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;CAKzF;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACtB,OAAO,EAAE,MAAM;gBAAf,OAAO,EAAE,MAAM;CAInC"}

package/dist/lib/auth/auth_types.js

@@ -27,3 +27,14 @@ export class ScopeAccessError extends Error {
         this.name = "ScopeAccessError";
     }
 }
+/**
+ * Custom error class for missing organization assignment
+ * Thrown when require_org: true is set but user has no org_id assigned
+ */
+export class OrgRequiredError extends Error {
+    constructor(user_id) {
+        super(`User ${user_id} is not assigned to an organization`);
+        this.user_id = user_id;
+        this.name = "OrgRequiredError";
+    }
+}

package/dist/lib/auth/hazo_get_auth.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hazo_get_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK1C,OAAO,KAAK,EAAE,cAAc,EAAgB,eAAe,EAAmB,MAAM,cAAc,CAAC;AAiWnG;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,cAAc,CAAC,CAgNzB"}
+{"version":3,"file":"hazo_get_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK1C,OAAO,KAAK,EAAE,cAAc,EAAgB,eAAe,EAAmB,MAAM,cAAc,CAAC;AAiWnG;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,cAAc,CAAC,CAwOzB"}

package/dist/lib/auth/hazo_get_auth.server.js

@@ -2,7 +2,7 @@ import { get_hazo_connect_instance } from "../hazo_connect_instance.server";
 import { createCrudService } from "hazo_connect/server";
 import { create_app_logger } from "../app_logger";
 import { get_filename, get_line_number } from "../utils/api_route_helpers";
-import { PermissionError, ScopeAccessError } from "./auth_types";
+import { PermissionError, ScopeAccessError, OrgRequiredError } from "./auth_types";
 import { get_auth_cache } from "./auth_cache";
 import { get_scope_cache } from "./scope_cache";
 import { get_rate_limiter } from "./auth_rate_limiter";
@@ -436,6 +436,25 @@ export async function hazo_get_auth(request, options) {
             throw new ScopeAccessError(options.scope_type, (options === null || options === void 0 ? void 0 : options.scope_id) || (options === null || options === void 0 ? void 0 : options.scope_seq) || "unknown", scope_result.user_scopes);
         }
     }
+    // Check org requirement if specified (only when multi-tenancy is enabled)
+    let org_ok;
+    if ((options === null || options === void 0 ? void 0 : options.require_org) && is_multi_tenancy_enabled()) {
+        org_ok = !!user.org_id;
+        if (!org_ok) {
+            // Log org requirement failure if permission logging is enabled
+            if (config.log_permission_denials) {
+                const client_ip = get_client_ip(request);
+                logger.warn("auth_utility_org_required_missing", {
+                    filename: get_filename(),
+                    line_number: get_line_number(),
+                    user_id: user.id,
+                    ip: client_ip,
+                });
+            }
+            // Always throw error when org is required but missing
+            throw new OrgRequiredError(user.id);
+        }
+    }
     return {
         authenticated: true,
         user,
@@ -444,5 +463,6 @@ export async function hazo_get_auth(request, options) {
         missing_permissions,
         scope_ok,
         scope_access_via,
+        org_ok,
     };
 }

package/dist/lib/config/default_config.d.ts

@@ -133,6 +133,36 @@ export declare const DEFAULT_MULTI_TENANCY: {
     /** Default user limit per organization (0 = unlimited) */
     readonly default_user_limit: 0;
 };
+export declare const DEFAULT_NAVBAR: {
+    /** Enable navbar on auth pages */
+    readonly enable_navbar: true;
+    /** Logo image path (default: /logo.png in public folder) */
+    readonly logo_path: "/logo.png";
+    /** Logo width in pixels */
+    readonly logo_width: 32;
+    /** Logo height in pixels */
+    readonly logo_height: 32;
+    /** Company/application name displayed next to logo */
+    readonly company_name: "";
+    /** Home link path */
+    readonly home_path: "/";
+    /** Home link label */
+    readonly home_label: "Home";
+    /** Show home link */
+    readonly show_home_link: true;
+    /** Navbar background color (empty = transparent/inherit) */
+    readonly background_color: "";
+    /** Navbar text color (empty = inherit) */
+    readonly text_color: "";
+    /** Navbar height in pixels */
+    readonly height: 64;
+};
+export declare const DEFAULT_USER_TYPES: {
+    /** Enable user types feature (default: false) */
+    readonly enable_user_types: false;
+    /** Default user type for new users (empty = no default) */
+    readonly default_user_type: "";
+};
 export declare const DEFAULT_DEV_LOCK: {
     /** Enable the development lock screen (also requires HAZO_AUTH_DEV_LOCK_ENABLED env var) */
     readonly enable: false;
@@ -329,6 +359,36 @@ export declare const HAZO_AUTH_DEFAULTS: {
         /** Default user limit per organization (0 = unlimited) */
         readonly default_user_limit: 0;
     };
+    readonly navbar: {
+        /** Enable navbar on auth pages */
+        readonly enable_navbar: true;
+        /** Logo image path (default: /logo.png in public folder) */
+        readonly logo_path: "/logo.png";
+        /** Logo width in pixels */
+        readonly logo_width: 32;
+        /** Logo height in pixels */
+        readonly logo_height: 32;
+        /** Company/application name displayed next to logo */
+        readonly company_name: "";
+        /** Home link path */
+        readonly home_path: "/";
+        /** Home link label */
+        readonly home_label: "Home";
+        /** Show home link */
+        readonly show_home_link: true;
+        /** Navbar background color (empty = transparent/inherit) */
+        readonly background_color: "";
+        /** Navbar text color (empty = inherit) */
+        readonly text_color: "";
+        /** Navbar height in pixels */
+        readonly height: 64;
+    };
+    readonly userTypes: {
+        /** Enable user types feature (default: false) */
+        readonly enable_user_types: false;
+        /** Default user type for new users (empty = no default) */
+        readonly default_user_type: "";
+    };
 };
 /**
  * Type representing the complete default configuration structure

package/dist/lib/config/default_config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"default_config.d.ts","sourceRoot":"","sources":["../../../src/lib/config/default_config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,6BAA6B;;;;;;CAMhC,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;;;;CAO1B,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;;;;CASnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;CAGrB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAGX,eAAO,MAAM,yBAAyB;;;;;;CAM5B,CAAC;AAGX,eAAO,MAAM,aAAa;4BACI,MAAM,GAAG,SAAS;;;;;;CAMtC,CAAC;AAGX,eAAO,MAAM,gBAAgB;4BACC,MAAM,GAAG,SAAS;;;;;CAKtC,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;CAIzB,CAAC;AAGX,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAGX,eAAO,MAAM,gBAAgB;0BACE,YAAY,GAAG,cAAc;;;;;CAKlD,CAAC;AAGX,eAAO,MAAM,wBAAwB;;;;;;;;CAQ3B,CAAC;AAGX,eAAO,MAAM,iBAAiB;;CAEpB,CAAC;AAGX,eAAO,MAAM,aAAa;IACxB,kHAAkH;;IAElH,8CAA8C;;IAE9C,iGAAiG;;IAEjG,kDAAkD;;IAElD,0EAA0E;;CAElE,CAAC;AAGX,eAAO,MAAM,qBAAqB;IAChC,oDAAoD;;IAEpD,yDAAyD;;IAEzD,mDAAmD;;IAEnD,0DAA0D;;CAElD,CAAC;AAGX,eAAO,MAAM,gBAAgB;IAC3B,4FAA4F;;IAE5F,+BAA+B;;IAE/B,wCAAwC;;IAExC,4DAA4D;;IAE5D,2BAA2B;;IAE3B,4BAA4B;;IAE5B,4CAA4C;;IAE5C,mDAAmD;;IAEnD,sCAAsC;;IAEtC,yBAAyB;;IAEzB,2CAA2C;;IAE3C,6CAA6C;;IAE7C,8CAA8C;;CAEtC,CAAC;AAGX;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAnJD,MAAM,GAAG,SAAS;;;;;;;;gCAUlB,MAAM,GAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAqDjB,YAAY,GAAG,cAAc;;;;;;;;;;;;;;;;;;;QAyB1D,kHAAkH;;QAElH,8CAA8C;;QAE9C,iGAAiG;;QAEjG,kDAAkD;;QAElD,0EAA0E;;;;QAkB1E,4FAA4F;;QAE5F,+BAA+B;;QAE/B,wCAAwC;;QAExC,4DAA4D;;QAE5D,2BAA2B;;QAE3B,4BAA4B;;QAE5B,4CAA4C;;QAE5C,mDAAmD;;QAEnD,sCAAsC;;QAEtC,yBAAyB;;QAEzB,2CAA2C;;QAE3C,6CAA6C;;QAE7C,8CAA8C;;;;QApC9C,oDAAoD;;QAEpD,yDAAyD;;QAEzD,mDAAmD;;QAEnD,0DAA0D;;;CA6DlD,CAAC;AAGX;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,kBAAkB,CAAC"}
+{"version":3,"file":"default_config.d.ts","sourceRoot":"","sources":["../../../src/lib/config/default_config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,6BAA6B;;;;;;CAMhC,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;;;;CAO1B,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;;;;CASnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;CAGrB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAGX,eAAO,MAAM,yBAAyB;;;;;;CAM5B,CAAC;AAGX,eAAO,MAAM,aAAa;4BACI,MAAM,GAAG,SAAS;;;;;;CAMtC,CAAC;AAGX,eAAO,MAAM,gBAAgB;4BACC,MAAM,GAAG,SAAS;;;;;CAKtC,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;CAIzB,CAAC;AAGX,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAGX,eAAO,MAAM,gBAAgB;0BACE,YAAY,GAAG,cAAc;;;;;CAKlD,CAAC;AAGX,eAAO,MAAM,wBAAwB;;;;;;;;CAQ3B,CAAC;AAGX,eAAO,MAAM,iBAAiB;;CAEpB,CAAC;AAGX,eAAO,MAAM,aAAa;IACxB,kHAAkH;;IAElH,8CAA8C;;IAE9C,iGAAiG;;IAEjG,kDAAkD;;IAElD,0EAA0E;;CAElE,CAAC;AAGX,eAAO,MAAM,qBAAqB;IAChC,oDAAoD;;IAEpD,yDAAyD;;IAEzD,mDAAmD;;IAEnD,0DAA0D;;CAElD,CAAC;AAGX,eAAO,MAAM,cAAc;IACzB,kCAAkC;;IAElC,4DAA4D;;IAE5D,2BAA2B;;IAE3B,4BAA4B;;IAE5B,sDAAsD;;IAEtD,qBAAqB;;IAErB,sBAAsB;;IAEtB,qBAAqB;;IAErB,4DAA4D;;IAE5D,0CAA0C;;IAE1C,8BAA8B;;CAEtB,CAAC;AAGX,eAAO,MAAM,kBAAkB;IAC7B,iDAAiD;;IAEjD,2DAA2D;;CAEnD,CAAC;AAGX,eAAO,MAAM,gBAAgB;IAC3B,4FAA4F;;IAE5F,+BAA+B;;IAE/B,wCAAwC;;IAExC,4DAA4D;;IAE5D,2BAA2B;;IAE3B,4BAA4B;;IAE5B,4CAA4C;;IAE5C,mDAAmD;;IAEnD,sCAAsC;;IAEtC,yBAAyB;;IAEzB,2CAA2C;;IAE3C,6CAA6C;;IAE7C,8CAA8C;;CAEtC,CAAC;AAGX;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCArLD,MAAM,GAAG,SAAS;;;;;;;;gCAUlB,MAAM,GAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAqDjB,YAAY,GAAG,cAAc;;;;;;;;;;;;;;;;;;;QAyB1D,kHAAkH;;QAElH,8CAA8C;;QAE9C,iGAAiG;;QAEjG,kDAAkD;;QAElD,0EAA0E;;;;QAoD1E,4FAA4F;;QAE5F,+BAA+B;;QAE/B,wCAAwC;;QAExC,4DAA4D;;QAE5D,2BAA2B;;QAE3B,4BAA4B;;QAE5B,4CAA4C;;QAE5C,mDAAmD;;QAEnD,sCAAsC;;QAEtC,yBAAyB;;QAEzB,2CAA2C;;QAE3C,6CAA6C;;QAE7C,8CAA8C;;;;QAtE9C,oDAAoD;;QAEpD,yDAAyD;;QAEzD,mDAAmD;;QAEnD,0DAA0D;;;;QAM1D,kCAAkC;;QAElC,4DAA4D;;QAE5D,2BAA2B;;QAE3B,4BAA4B;;QAE5B,sDAAsD;;QAEtD,qBAAqB;;QAErB,sBAAsB;;QAEtB,qBAAqB;;QAErB,4DAA4D;;QAE5D,0CAA0C;;QAE1C,8BAA8B;;;;QAM9B,iDAAiD;;QAEjD,2DAA2D;;;CA+DnD,CAAC;AAGX;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,kBAAkB,CAAC"}

package/dist/lib/config/default_config.js

@@ -156,6 +156,38 @@ export const DEFAULT_MULTI_TENANCY = {
     /** Default user limit per organization (0 = unlimited) */
     default_user_limit: 0,
 };
+// section: navbar
+export const DEFAULT_NAVBAR = {
+    /** Enable navbar on auth pages */
+    enable_navbar: true,
+    /** Logo image path (default: /logo.png in public folder) */
+    logo_path: "/logo.png",
+    /** Logo width in pixels */
+    logo_width: 32,
+    /** Logo height in pixels */
+    logo_height: 32,
+    /** Company/application name displayed next to logo */
+    company_name: "",
+    /** Home link path */
+    home_path: "/",
+    /** Home link label */
+    home_label: "Home",
+    /** Show home link */
+    show_home_link: true,
+    /** Navbar background color (empty = transparent/inherit) */
+    background_color: "",
+    /** Navbar text color (empty = inherit) */
+    text_color: "",
+    /** Navbar height in pixels */
+    height: 64,
+};
+// section: user_types
+export const DEFAULT_USER_TYPES = {
+    /** Enable user types feature (default: false) */
+    enable_user_types: false,
+    /** Default user type for new users (empty = no default) */
+    default_user_type: "",
+};
 // section: dev_lock
 export const DEFAULT_DEV_LOCK = {
     /** Enable the development lock screen (also requires HAZO_AUTH_DEV_LOCK_ENABLED env var) */
@@ -212,4 +244,6 @@ export const HAZO_AUTH_DEFAULTS = {
     oauth: DEFAULT_OAUTH,
     devLock: DEFAULT_DEV_LOCK,
     multiTenancy: DEFAULT_MULTI_TENANCY,
+    navbar: DEFAULT_NAVBAR,
+    userTypes: DEFAULT_USER_TYPES,
 };

package/dist/lib/navbar_config.server.d.ts

@@ -0,0 +1,36 @@
+export type NavbarConfig = {
+    /** Enable navbar on auth pages */
+    enable_navbar: boolean;
+    /** Logo image path */
+    logo_path: string;
+    /** Logo width in pixels */
+    logo_width: number;
+    /** Logo height in pixels */
+    logo_height: number;
+    /** Company/application name displayed next to logo */
+    company_name: string;
+    /** Home link path */
+    home_path: string;
+    /** Home link label */
+    home_label: string;
+    /** Show home link */
+    show_home_link: boolean;
+    /** Navbar background color (empty = inherit) */
+    background_color: string;
+    /** Navbar text color (empty = inherit) */
+    text_color: string;
+    /** Navbar height in pixels */
+    height: number;
+};
+/**
+ * Reads navbar configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Navbar configuration options
+ */
+export declare function get_navbar_config(): NavbarConfig;
+/**
+ * Helper to check if navbar is enabled in config
+ * @returns true if navbar is enabled
+ */
+export declare function is_navbar_enabled(): boolean;
+//# sourceMappingURL=navbar_config.server.d.ts.map

package/dist/lib/navbar_config.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"navbar_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/navbar_config.server.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,YAAY,GAAG;IACzB,kCAAkC;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,gDAAgD;IAChD,gBAAgB,EAAE,MAAM,CAAC;IACzB,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,YAAY,CAgFhD;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C"}

package/dist/lib/navbar_config.server.js

@@ -0,0 +1,45 @@
+// file_description: server-only helper to read navbar configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value, get_config_boolean, get_config_number } from "./config/config_loader.server";
+import { DEFAULT_NAVBAR } from "./config/default_config";
+// section: constants
+const SECTION_NAME = "hazo_auth__navbar";
+// section: helpers
+/**
+ * Reads navbar configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Navbar configuration options
+ */
+export function get_navbar_config() {
+    const enable_navbar = get_config_boolean(SECTION_NAME, "enable_navbar", DEFAULT_NAVBAR.enable_navbar);
+    const logo_path = get_config_value(SECTION_NAME, "logo_path", DEFAULT_NAVBAR.logo_path);
+    const logo_width = get_config_number(SECTION_NAME, "logo_width", DEFAULT_NAVBAR.logo_width);
+    const logo_height = get_config_number(SECTION_NAME, "logo_height", DEFAULT_NAVBAR.logo_height);
+    const company_name = get_config_value(SECTION_NAME, "company_name", DEFAULT_NAVBAR.company_name);
+    const home_path = get_config_value(SECTION_NAME, "home_path", DEFAULT_NAVBAR.home_path);
+    const home_label = get_config_value(SECTION_NAME, "home_label", DEFAULT_NAVBAR.home_label);
+    const show_home_link = get_config_boolean(SECTION_NAME, "show_home_link", DEFAULT_NAVBAR.show_home_link);
+    const background_color = get_config_value(SECTION_NAME, "background_color", DEFAULT_NAVBAR.background_color);
+    const text_color = get_config_value(SECTION_NAME, "text_color", DEFAULT_NAVBAR.text_color);
+    const height = get_config_number(SECTION_NAME, "height", DEFAULT_NAVBAR.height);
+    return {
+        enable_navbar,
+        logo_path,
+        logo_width,
+        logo_height,
+        company_name,
+        home_path,
+        home_label,
+        show_home_link,
+        background_color,
+        text_color,
+        height,
+    };
+}
+/**
+ * Helper to check if navbar is enabled in config
+ * @returns true if navbar is enabled
+ */
+export function is_navbar_enabled() {
+    return get_config_boolean(SECTION_NAME, "enable_navbar", DEFAULT_NAVBAR.enable_navbar);
+}

package/dist/lib/scope_hierarchy_config.server.d.ts

@@ -1,12 +1,12 @@
 import type { ScopeLevel } from "./services/scope_service";
 /**
  * Scope hierarchy configuration options for HRBAC
+ * Note: Scopes are now connected to organizations via org_id and root_org_id
+ * foreign keys referencing the hazo_org table.
  */
 export type ScopeHierarchyConfig = {
     /** Whether HRBAC is enabled (default: false) */
     enable_hrbac: boolean;
-    /** Default organization for single-tenant apps (optional) */
-    default_org: string;
     /** Cache TTL in minutes for scope lookups (default: 15) */
     scope_cache_ttl_minutes: number;
     /** Maximum entries in scope cache (default: 5000) */
@@ -19,6 +19,7 @@ export type ScopeHierarchyConfig = {
 /**
  * Reads HRBAC scope hierarchy configuration from hazo_auth_config.ini file
  * Falls back to defaults if config file is not found or section is missing
+ * Note: Scopes are now connected to organizations via org_id/root_org_id FK references
  * @returns Scope hierarchy configuration options
  */
 export declare function get_scope_hierarchy_config(): ScopeHierarchyConfig;
@@ -27,11 +28,6 @@ export declare function get_scope_hierarchy_config(): ScopeHierarchyConfig;
  * Convenience function for quick checks
  */
 export declare function is_hrbac_enabled(): boolean;
-/**
- * Gets the default organization from config
- * Returns empty string if not configured (multi-tenant mode)
- */
-export declare function get_default_org(): string;
 /**
  * Gets the default label for a scope level
  */

package/dist/lib/scope_hierarchy_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scope_hierarchy_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/scope_hierarchy_config.server.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAK3D;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,gDAAgD;IAChD,YAAY,EAAE,OAAO,CAAC;IACtB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,2DAA2D;IAC3D,uBAAuB,EAAE,MAAM,CAAC;IAChC,qDAAqD;IACrD,uBAAuB,EAAE,MAAM,CAAC;IAChC,4CAA4C;IAC5C,aAAa,EAAE,UAAU,EAAE,CAAC;IAC5B,0CAA0C;IAC1C,cAAc,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;CAC5C,CAAC;AA0DF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAkCjE;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C;AAED;;;GAGG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAExC;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAG3D"}
+{"version":3,"file":"scope_hierarchy_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/scope_hierarchy_config.server.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAK3D;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,gDAAgD;IAChD,YAAY,EAAE,OAAO,CAAC;IACtB,2DAA2D;IAC3D,uBAAuB,EAAE,MAAM,CAAC;IAChC,qDAAqD;IACrD,uBAAuB,EAAE,MAAM,CAAC;IAChC,4CAA4C;IAC5C,aAAa,EAAE,UAAU,EAAE,CAAC;IAC5B,0CAA0C;IAC1C,cAAc,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;CAC5C,CAAC;AA0DF;;;;;GAKG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CA8BjE;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAG3D"}