ethyca-fides 2.58.1rc0__py2.py3-none-any.whl → 2.58.2b0__py2.py3-none-any.whl

fides/api/models/tcf_publisher_restrictions.py

@@ -0,0 +1,186 @@
+from enum import Enum
+from typing import Any, Dict, List, Optional
+
+from pydantic import BaseModel, Field, ValidationError, model_validator
+from sqlalchemy import Column
+from sqlalchemy import Enum as EnumColumn
+from sqlalchemy import ForeignKey, Index, Integer, String
+from sqlalchemy.dialects.postgresql import ARRAY, JSONB
+from sqlalchemy.ext.declarative import declared_attr
+from sqlalchemy.orm import Session
+
+from fides.api.db.base_class import Base
+
+
+class TCFRestrictionType(str, Enum):
+    """Enum for TCF restriction types"""
+
+    purpose_restriction = "purpose_restriction"
+    require_consent = "require_consent"
+    require_legitimate_interest = "require_legitimate_interest"
+
+
+class TCFVendorRestriction(str, Enum):
+    """Enum for TCF vendor restriction types"""
+
+    restrict_all_vendors = "restrict_all_vendors"
+    allow_specific_vendors = "allow_specific_vendors"
+    restrict_specific_vendors = "restrict_specific_vendors"
+
+
+# This is Pydantic model used for validation, not a database model!
+class RangeEntry(BaseModel):
+    """
+    Pydantic model that represents a vendor range entry as per the TCF spec,
+    used for Publisher Restrictions.
+    A range entry must have a start_vendor_id and optionally an end_vendor_id.
+    If end_vendor_id is present, it must be greater than start_vendor_id.
+    """
+
+    start_vendor_id: int = Field(description="The starting vendor ID in the range")
+    end_vendor_id: Optional[int] = Field(
+        default=None, description="The ending vendor ID in the range (inclusive)"
+    )
+
+    @model_validator(mode="after")
+    def validate_vendor_range(self) -> "RangeEntry":
+        """Validates that end_vendor_id is greater than start_vendor_id if present."""
+        if (
+            self.end_vendor_id is not None
+            and self.end_vendor_id <= self.start_vendor_id
+        ):
+            raise ValueError("end_vendor_id must be greater than start_vendor_id")
+        return self
+
+    def get_end(self) -> int:
+        """Get the effective end of the range."""
+        return self.end_vendor_id or self.start_vendor_id
+
+    def overlaps_with(self, other: "RangeEntry") -> bool:
+        """
+        Check if this range overlaps with another range.
+        Two ranges overlap if the end of the range that starts first is greater than
+        or equal to the start of the range that starts second.
+        """
+        # Sort ranges by start_vendor_id
+        first = self if self.start_vendor_id <= other.start_vendor_id else other
+        second = other if self.start_vendor_id <= other.start_vendor_id else self
+
+        # If first range's end is >= second range's start, they overlap
+        return first.get_end() >= second.start_vendor_id
+
+
+class TCFConfiguration(Base):
+    """
+    Stores TCF Configuration settings.
+    """
+
+    @declared_attr
+    def __tablename__(self) -> str:
+        return "tcf_configuration"
+
+    name = Column(String, nullable=False, index=True, unique=True)
+
+
+class TCFPublisherRestriction(Base):
+    """
+    Stores TCF Publisher Restrictions. TCF Publisher Restrictions belong to a TCF Configuration,
+    and specify the restriction type and vendor restriction for a given purpose.
+    """
+
+    @declared_attr
+    def __tablename__(self) -> str:
+        return "tcf_publisher_restriction"
+
+    tcf_configuration_id = Column(
+        String(255),
+        ForeignKey("tcf_configuration.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True,
+    )
+    purpose_id = Column(Integer, nullable=False)
+    restriction_type = Column(EnumColumn(TCFRestrictionType), nullable=False)
+    vendor_restriction = Column(EnumColumn(TCFVendorRestriction), nullable=False)
+
+    # range_entries represents a list of RangeEntry objects as per the TCF spec.
+    # A RangeEntry object will have a start_vendor_id and an end_vendor_id (the
+    # end vendor id is included in the range).
+    # If the range represents a single vendor, then the end_vendor_id can be omitted.
+    # TCF spec also includes an IsARange boolean, which we are omitting because it
+    # can be inferred from the presence of the end_vendor_id.
+    range_entries = Column(
+        ARRAY(JSONB),
+        nullable=True,
+        server_default="{}",
+        default=list,
+    )
+
+    __table_args__ = (
+        Index(
+            "ix_tcf_publisher_restriction_config_purpose",
+            "tcf_configuration_id",
+            "purpose_id",
+        ),
+    )
+
+    @staticmethod
+    def validate_entires_for_vendor_restriction(
+        entries: List[RangeEntry], vendor_restriction: TCFVendorRestriction
+    ) -> None:
+        """
+        Validates that if vendor_restriction is restrict_all_vendors, then the entries list is empty.
+        """
+        if vendor_restriction == TCFVendorRestriction.restrict_all_vendors and entries:
+            raise ValueError("restrict_all_vendors cannot have any range entries")
+
+    @staticmethod
+    def check_for_overlaps(entries: List[RangeEntry]) -> None:
+        """
+        Check for overlapping ranges in a list of RangeEntry objects,
+        raises a ValueError if any pair of RangeEntry overlaps with each other.
+        Sorts the ranges by start_vendor_id and compares adjacent ranges.
+        """
+        # Sort ranges by start_vendor_id
+        sorted_entries = sorted(entries, key=lambda x: x.start_vendor_id)
+
+        # Compare each range with the next one
+        for i in range(len(sorted_entries) - 1):
+            current = sorted_entries[i]
+            next_entry = sorted_entries[i + 1]
+            if current.overlaps_with(next_entry):
+                raise ValueError(
+                    f"Overlapping ranges found: {current.model_dump()} overlaps with {next_entry.model_dump()}"
+                )
+
+    @classmethod
+    def create(
+        cls,
+        db: Session,
+        *,
+        data: Dict[str, Any],
+        check_name: bool = True,
+    ) -> "TCFPublisherRestriction":
+        """
+        Create a new TCFPublisherRestriction with validated range_entries.
+        Validates each range entry using the RangeEntry Pydantic model.
+        """
+        raw_range_entries = data.get("range_entries", [])
+
+        try:
+            # Validate each range entry using the Pydantic model
+            validated_entries = [
+                RangeEntry.model_validate(entry) for entry in raw_range_entries
+            ]
+        except ValidationError as e:
+            raise ValueError(f"Invalid range entry: {str(e)}")
+
+        # Validate the entries for the vendor restriction
+        cls.validate_entires_for_vendor_restriction(
+            validated_entries, data["vendor_restriction"]
+        )
+        # Check for overlapping ranges
+        cls.check_for_overlaps(validated_entries)
+
+        data["range_entries"] = [entry.model_dump() for entry in validated_entries]
+
+        return super().create(db=db, data=data, check_name=check_name)

fides/api/schemas/connection_configuration/connection_config.py

@@ -71,29 +71,23 @@ def mask_sensitive_fields(
     return new_connection_secrets
 
 
-class ConnectionConfigurationResponse(BaseModel):
+class ConnectionConfigSecretsMixin(BaseModel):
     """
-    Describes the returned schema for a ConnectionConfiguration.
+    A schema mixin to declare a connection config `secrets` attribute
+    and handle masking of sensitive values based on `connection_type`
+    and (optionally) a `saas_config`.
     """
 
-    name: Optional[str] = None
-    key: FidesKey
-    description: Optional[str] = None
     connection_type: ConnectionType
-    access: AccessLevel
-    created_at: datetime
-    updated_at: Optional[datetime] = None
-    disabled: Optional[bool] = False
-    last_test_timestamp: Optional[datetime] = None
-    last_test_succeeded: Optional[bool] = None
-    saas_config: Optional[SaaSConfigBase] = None
     secrets: Optional[Dict[str, Any]] = None
-    authorized: Optional[bool] = False
-    enabled_actions: Optional[List[ActionType]] = None
+    saas_config: Optional[SaaSConfigBase] = None
 
     @model_validator(mode="after")
-    def mask_sensitive_values(self) -> "ConnectionConfigurationResponse":
-        """Mask sensitive values in the response."""
+    def mask_sensitive_values(self) -> "ConnectionConfigSecretsMixin":
+        """
+        Mask sensitive values in the `secrets` attribute based on `connection_type`
+        and (optionally) a `saas_config`.
+        """
         if self.secrets is None:
             return self
 
@@ -116,6 +110,26 @@ class ConnectionConfigurationResponse(BaseModel):
         self.secrets = mask_sensitive_fields(cast(dict, self.secrets), secret_schema)
         return self
 
+
+class ConnectionConfigurationResponse(ConnectionConfigSecretsMixin):
+    """
+    Describes the returned schema for a ConnectionConfiguration.
+
+    The mixin base class ensures that `secrets` sensitive values are masked.
+    """
+
+    name: Optional[str] = None
+    key: FidesKey
+    description: Optional[str] = None
+    access: AccessLevel
+    created_at: datetime
+    updated_at: Optional[datetime] = None
+    disabled: Optional[bool] = False
+    last_test_timestamp: Optional[datetime] = None
+    last_test_succeeded: Optional[bool] = None
+    authorized: Optional[bool] = False
+    enabled_actions: Optional[List[ActionType]] = None
+
     model_config = ConfigDict(from_attributes=True)
 
 

fides/api/service/storage/s3.py

@@ -64,7 +64,7 @@ def generic_upload_to_s3(  # pylint: disable=R0913
     size_threshold: int = LARGE_FILE_THRESHOLD,  # 5 MB threshold
 ) -> Optional[AnyHttpUrlString]:
     """
-    Uploads arbitrary data to S3 returned from an access request.
+    Uploads file like objects to S3.
     Handles both small and large uploads.
 
     :param storage_secrets: S3 storage secrets
@@ -75,6 +75,19 @@ def generic_upload_to_s3(  # pylint: disable=R0913
     """
     logger.info("Starting S3 Upload of {}", file_key)
 
+    # Validate that the document is a file-like object
+    if not hasattr(document, "read") or not hasattr(document, "seek"):
+        raise TypeError(
+            f"The 'document' parameter must be a file-like object supporting 'read' and 'seek'. "
+            f"Received: {type(document)}"
+        )
+
+    # Ensure the file pointer is at the beginning
+    try:
+        document.seek(0)
+    except Exception as e:
+        raise ValueError(f"Failed to reset file pointer for document: {e}")
+
     s3_client = maybe_get_s3_client(auth_method, storage_secrets)
 
     # Define a transfer configuration for multipart uploads

fides/api/task/graph_task.py

@@ -10,7 +10,7 @@ from loguru import logger
 from ordered_set import OrderedSet
 from sqlalchemy.orm import Session
 
-from fides.api.api.deps import get_db_contextmanager as get_db
+from fides.api.api.deps import get_autoclose_db_session as get_db
 from fides.api.common_exceptions import (
     ActionDisabled,
     AwaitingAsyncTaskCallback,

fides/service/error_handling/error_handler.py

@@ -0,0 +1,202 @@
+from functools import wraps
+from typing import Any, Callable, Optional, TypeVar
+
+from fastapi import HTTPException
+from loguru import logger
+from starlette.status import HTTP_400_BAD_REQUEST, HTTP_422_UNPROCESSABLE_ENTITY
+
+T = TypeVar("T")
+
+
+class ErrorHandler:
+    """Utility class for handling errors consistently throughout the application.
+
+    Usage Examples:
+    -----------------------------------------------------------------------------
+
+    1. Basic Validation:
+    ```python
+    from fastapi import FastAPI
+    from fides.service.error_handling.error_handler import ErrorHandler
+
+    app = FastAPI()
+
+    @app.post("/users")
+    def create_user(age: int):
+        # Simple validation
+        ErrorHandler.validate(age >= 18, "User must be 18 or older")
+        return {"message": "User created"}
+
+    @app.get("/items/{item_id}")
+    def get_item(item_id: str):
+        # Direct error raising
+        if not item_id:
+            ErrorHandler.raise_error("Item ID is required", status_code=400)
+        return {"item_id": item_id}
+    ```
+
+    2. Exception Handling Decorator:
+    ```python
+    @app.post("/orders")
+    @ErrorHandler.handle_exceptions("Failed to create order")
+    def create_order(order_data: dict):
+        if not order_data.get("items"):
+            raise ValueError("Order must contain items")
+        # Process order...
+        return {"message": "Order created"}
+
+    @app.get("/products/{product_id}")
+    @ErrorHandler.handle_exceptions("Failed to fetch product", status_code=404)
+    def get_product(product_id: str):
+        product = database.get_product(product_id)
+        if not product:
+            raise ValueError("Product not found")
+        return product
+    ```
+
+    3. Complex Validation:
+    ```python
+    @app.post("/payments")
+    @ErrorHandler.handle_exceptions("Payment processing failed")
+    def process_payment(payment: dict):
+        # Validate amount
+        ErrorHandler.validate(
+            payment.get("amount", 0) > 0,
+            "Payment amount must be positive",
+            HTTP_400_BAD_REQUEST
+        )
+
+        # Validate currency
+        ErrorHandler.validate(
+            payment.get("currency") in ["USD", "EUR"],
+            "Invalid currency",
+            HTTP_400_BAD_REQUEST,
+            "Unsupported currency provided"  # Optional log message
+        )
+
+        # Custom error for insufficient funds
+        if payment.get("amount", 0) > get_balance():
+            ErrorHandler.raise_error(
+                "Insufficient funds",
+                status_code=HTTP_400_BAD_REQUEST,
+                log_message="User attempted payment exceeding balance"
+            )
+
+        return {"status": "payment processed"}
+    ```
+
+    4. Error Logging:
+    ```python
+    @app.post("/imports")
+    @ErrorHandler.handle_exceptions("Import failed")
+    def import_data(data: dict):
+        try:
+            process_import(data)
+        except Exception as e:
+            # Log error with custom message before raising
+            ErrorHandler.raise_error(
+                "Import failed: invalid format",
+                status_code=400,
+                log_message=f"Import failed with error: {str(e)}"
+            )
+        return {"status": "import complete"}
+    ```
+
+    Key Features:
+    - Simple validation with custom error messages
+    - Consistent error handling across endpoints
+    - Built-in error logging
+    - HTTP status code customization
+    - Exception handling decorator for common patterns
+    """
+
+    @staticmethod
+    def raise_error(
+        detail: str,
+        status_code: int = HTTP_422_UNPROCESSABLE_ENTITY,
+        log_message: Optional[str] = None,
+    ) -> None:
+        """Raise an HTTPException with consistent logging.
+
+        Args:
+            detail: Error message to include in the HTTPException
+            status_code: HTTP status code to use (default: 422)
+            log_message: Optional message to log before raising the exception
+
+        Raises:
+            HTTPException: Always raised with the provided details
+        """
+        if log_message:
+            logger.error(log_message)
+        raise HTTPException(status_code=status_code, detail=detail)
+
+    @staticmethod
+    def validate(
+        condition: bool,
+        detail: str,
+        status_code: int = HTTP_400_BAD_REQUEST,
+        log_message: Optional[str] = None,
+    ) -> None:
+        """Validate a condition and raise an error if it's False.
+
+        Args:
+            condition: The condition to check
+            detail: Error message if condition is False
+            status_code: HTTP status code to use if condition is False
+            log_message: Optional message to log before raising the exception
+
+        Raises:
+            HTTPException: If the condition is False
+        """
+        if not condition:
+            ErrorHandler.raise_error(detail, status_code, log_message)
+
+    @classmethod
+    def handle_exceptions(
+        cls, error_message: str, status_code: int = HTTP_422_UNPROCESSABLE_ENTITY
+    ) -> Callable[[Callable[..., T]], Callable[..., T]]:
+        """Decorator to handle exceptions consistently.
+
+        Args:
+            error_message: Base error message to use
+            status_code: HTTP status code to use for unexpected errors
+
+        Returns:
+            Callable: The decorated function that handles exceptions
+
+        Note:
+            This decorator will catch specific exceptions and convert them to HTTPExceptions.
+            HTTPExceptions are re-raised as is, while other exceptions are wrapped with
+            additional context.
+        """
+
+        def decorator(func: Callable[..., T]) -> Callable[..., T]:
+            @wraps(func)
+            def wrapper(*args: Any, **kwargs: Any) -> Optional[T]:
+                try:
+                    return func(*args, **kwargs)
+                except HTTPException:
+                    # Re-raise HTTP exceptions without modification
+                    raise
+                except (ValueError, TypeError, AttributeError, KeyError) as e:
+                    # Handle common validation and data access errors
+                    cls.raise_error(
+                        f"{error_message}: {str(e)}",
+                        status_code,
+                        f"{error_message}: {e}",
+                    )
+                except Exception as e:  # pylint: disable=broad-except
+                    # Log unexpected errors with full context but present a sanitized message
+                    logger.error(
+                        f"Unexpected error in {func.__name__}: {str(e)}", exc_info=True
+                    )
+                    cls.raise_error(
+                        f"{error_message}: An unexpected error occurred",
+                        status_code,
+                        f"{error_message}: Unexpected {type(e).__name__}",
+                    )
+                return None  # This line is never reached but satisfies the return type checker
+
+            return wrapper  # type: ignore[return-value]
+
+        return decorator

fides/ui-build/static/admin/404.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><link data-next-font="" rel="preconnect" href="/" crossorigin="anonymous"/><link rel="preload" href="/_next/static/css/113d823fe71f6af0.css" as="style"/><link rel="stylesheet" href="/_next/static/css/113d823fe71f6af0.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-42372ed130431b0a.js"></script><script src="/_next/static/chunks/webpack-2c7ccac5843c4d8e.js" defer=""></script><script src="/_next/static/chunks/framework-c92fc3344e6fd165.js" defer=""></script><script src="/_next/static/chunks/main-24f422f93845a596.js" defer=""></script><script src="/_next/static/chunks/pages/_app-fc89ce7bed454c84.js" defer=""></script><script src="/_next/static/chunks/pages/404-b202c0d8f6fc75c3.js" defer=""></script><script src="/_next/static/7Gn2YyMsVjWkBPSaVWEi9/_buildManifest.js" defer=""></script><script src="/_next/static/7Gn2YyMsVjWkBPSaVWEi9/_ssgManifest.js" defer=""></script><style>.data-ant-cssinjs-cache-path{content:"";}</style></head><body><div id="__next"><div style="height:100%;display:flex"></div></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/404","query":{},"buildId":"7Gn2YyMsVjWkBPSaVWEi9","nextExport":true,"autoExport":true,"isFallback":false,"scriptLoader":[]}</script></body></html>
+<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><link data-next-font="" rel="preconnect" href="/" crossorigin="anonymous"/><link rel="preload" href="/_next/static/css/113d823fe71f6af0.css" as="style"/><link rel="stylesheet" href="/_next/static/css/113d823fe71f6af0.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-42372ed130431b0a.js"></script><script src="/_next/static/chunks/webpack-2c7ccac5843c4d8e.js" defer=""></script><script src="/_next/static/chunks/framework-c92fc3344e6fd165.js" defer=""></script><script src="/_next/static/chunks/main-090643377c8254e6.js" defer=""></script><script src="/_next/static/chunks/pages/_app-d4f59c13cb550ff4.js" defer=""></script><script src="/_next/static/chunks/pages/404-b202c0d8f6fc75c3.js" defer=""></script><script src="/_next/static/u9w7grMtLxEveFsXqNFab/_buildManifest.js" defer=""></script><script src="/_next/static/u9w7grMtLxEveFsXqNFab/_ssgManifest.js" defer=""></script><style>.data-ant-cssinjs-cache-path{content:"";}</style></head><body><div id="__next"><div style="height:100%;display:flex"></div></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/404","query":{},"buildId":"u9w7grMtLxEveFsXqNFab","nextExport":true,"autoExport":true,"isFallback":false,"scriptLoader":[]}</script></body></html>

fides/ui-build/static/admin/_next/static/chunks/{1150-035a721a04f4451e.js → 1150-2642cd9cdc8a52f6.js}

@@ -1 +1 @@
-"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[1150],{7617:function(e,s,t){t.d(s,{q:function(){return a}});var i=t(24246),n=t(77181);let a=e=>{let{label:s,isDisabled:t,...a}=e;return(0,i.jsx)(n.OK9,{"data-testid":"tab-".concat(s),_selected:{fontWeight:"600",color:"complimentary.500",borderColor:"complimentary.500"},fontSize:a.fontSize,fontWeight:"500",color:"gray.500",isDisabled:t||!1,children:s})};s.Z=e=>{let{data:s,border:t="partial",...l}=e;return(0,i.jsxs)(n.mQc,{colorScheme:"complimentary",...l,children:[(0,i.jsx)(n.tdY,{width:"partial"===t?"max-content":void 0,children:s.map(e=>(0,i.jsx)(a,{label:e.label,isDisabled:e.isDisabled,fontSize:l.fontSize},e.label))}),(0,i.jsx)(n.nPR,{children:s.map(e=>(0,i.jsx)(n.x45,{px:0,"data-testid":"tab-panel-".concat(e.label),children:e.content},e.label))})]})}},58452:function(e,s,t){var i=t(24246),n=t(77181);s.Z=e=>{let{isOpen:s,onClose:t,onConfirm:a,onCancel:l,title:r,message:d,cancelButtonText:o,continueButtonText:c,isLoading:h,returnFocusOnClose:x,isCentered:m,testId:u="confirmation-modal",icon:p}=e;return(0,i.jsxs)(n.u_l,{isOpen:s,onClose:t,size:"lg",returnFocusOnClose:null==x||x,isCentered:m,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{textAlign:"center",p:6,"data-testid":u,children:[p?(0,i.jsx)(n.M5Y,{mb:2,children:p}):null,r?(0,i.jsx)(n.xBx,{fontWeight:"medium",pb:0,children:r}):null,d?(0,i.jsx)(n.fef,{children:d}):null,(0,i.jsx)(n.mzw,{children:(0,i.jsxs)(n.MIq,{columns:2,width:"100%",children:[(0,i.jsx)(n.wpx,{onClick:()=>{l&&l(),t()},size:"large",className:"mr-3","data-testid":"cancel-btn",disabled:h,children:o||"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",size:"large",onClick:a,"data-testid":"continue-btn",loading:h,children:c||"Continue"})]})})]})]})}},41150:function(e,s,t){t.d(s,{Z:function(){return H}});var i=t(24246),n=t(77181),a=t(91437),l=()=>(0,i.jsxs)(n.xuv,{children:[(0,i.jsx)(n.xuv,{pb:4,fontSize:"18px",fontWeight:"semibold",children:"Role Description"}),(0,i.jsx)(n.gCW,{spacing:4,children:a.K.map(e=>(0,i.jsxs)(n.xuv,{width:"100%",padding:4,borderRadius:"md",backgroundColor:"gray.75",fontSize:"14px",children:[(0,i.jsx)(n.xuv,{fontWeight:"semibold",children:e.label}),(0,i.jsx)(n.xuv,{color:"gray.700",children:e.description})]},e.roleKey))})]}),r=t(16134),d=t(7617),o=t(21702),c=t(19904),h=t(34090),x=t(86677),m=t(27378),u=t(812),p=t(58452),j=t(77830),w=t(91613),g=t(46628),f=t(86780),b=t(1315),y=t(95492),v=t(65497);let C=e=>{let{assignedSystems:s,onAssignedSystemChange:t}=e,a=(0,r.C)(v.Ux);if((0,v.d6)(a,{skip:!a}),0===s.length)return null;let l=e=>{t(s.filter(s=>s.fides_key!==e.fides_key))};return(0,i.jsxs)(n.iA_,{size:"sm","data-testid":"assign-systems-delete-table",children:[(0,i.jsx)(n.hrZ,{children:(0,i.jsxs)(n.Tr,{children:[(0,i.jsx)(n.Th,{children:"System"}),(0,i.jsx)(n.Th,{})]})}),(0,i.jsx)(n.p3B,{children:s.map(e=>(0,i.jsxs)(n.Tr,{_hover:{bg:"gray.50"},"data-testid":"row-".concat(e.fides_key),children:[(0,i.jsx)(n.Td,{children:e.name}),(0,i.jsx)(n.Td,{textAlign:"end",children:(0,i.jsx)(n.wpx,{"aria-label":"Unassign system from user",icon:(0,i.jsx)(y.l,{}),onClick:()=>l(e),"data-testid":"unassign-btn"})})]},e.fides_key))})]})};var S=e=>{let{allSystems:s,assignedSystems:t,onChange:a}=e,l=e=>{t.find(s=>s.fides_key===e.fides_key)?a(t.filter(s=>s.fides_key!==e.fides_key)):a([...t,e])};return(0,i.jsx)(n.xuv,{overflowY:"auto",maxHeight:"300px",children:(0,i.jsxs)(n.iA_,{size:"sm","data-testid":"assign-systems-table",maxHeight:"50vh",overflowY:"scroll",children:[(0,i.jsx)(n.hrZ,{position:"sticky",top:0,background:"white",zIndex:1,children:(0,i.jsxs)(n.Tr,{children:[(0,i.jsx)(n.Th,{children:"System"}),(0,i.jsx)(n.Th,{children:"Assign"})]})}),(0,i.jsx)(n.p3B,{children:s.map(e=>{let s=!!t.find(s=>s.fides_key===e.fides_key);return(0,i.jsxs)(n.Tr,{_hover:{bg:"gray.50"},"data-testid":"row-".concat(e.fides_key),children:[(0,i.jsx)(n.Td,{children:e.name}),(0,i.jsx)(n.Td,{children:(0,i.jsx)(n.rAg,{checked:s,onChange:()=>l(e),"data-testid":"assign-switch"})})]},e.fides_key)})})]})})};let k=(e,s)=>{var t,i;return(null===(t=e.name)||void 0===t?void 0:t.toLocaleLowerCase().includes(s.toLocaleLowerCase()))||(null===(i=e.description)||void 0===i?void 0:i.toLocaleLowerCase().includes(s.toLocaleLowerCase()))};var _=e=>{let{isOpen:s,onClose:t,assignedSystems:a,onAssignedSystemChange:l}=e,{data:r}=(0,b.K3)(),[d,o]=(0,m.useState)(""),[c,h]=(0,m.useState)(a),x=async()=>{l(c),t()},u=!r||0===r.length,p=(0,m.useMemo)(()=>r?r.filter(e=>k(e,d)):[],[r,d]),j=(0,m.useMemo)(()=>{let e=new Set(c.map(e=>e.fides_key));return p.every(s=>e.has(s.fides_key))},[p,c]);return(0,i.jsxs)(n.u_l,{isOpen:s,onClose:t,size:"2xl",children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{p:8,"data-testid":"confirmation-modal",children:[(0,i.jsxs)(n.xBx,{fontWeight:"medium",display:"flex",justifyContent:"space-between",alignItems:"center",children:[(0,i.jsx)(n.xvT,{children:"Assign systems"}),(0,i.jsxs)(n.j8w,{color:"success",children:["Assigned to ",a.length," systems"]})]}),(0,i.jsx)(n.fef,{"data-testid":"assign-systems-modal-body",children:u?(0,i.jsx)(n.xvT,{children:"No systems found"}):(0,i.jsxs)(n.Kqy,{spacing:4,children:[(0,i.jsxs)(n.kCb,{justifyContent:"space-between",children:[(0,i.jsx)(n.xvT,{fontSize:"sm",flexGrow:1,fontWeight:"medium",children:"Assign systems in your organization to this user"}),(0,i.jsx)(n.xuv,{children:(0,i.jsxs)(n.NIc,{display:"flex",alignItems:"center",children:[(0,i.jsx)(n.lXp,{fontSize:"sm",htmlFor:"assign-all-systems",mb:"0",children:"Assign all systems"}),(0,i.jsx)(n.rAg,{size:"small",id:"assign-all-systems",checked:j,onChange:e=>{e&&r?h(p):h(r?r.filter(e=>!p.includes(e)):[])},"data-testid":"assign-all-systems-toggle"})]})})]}),(0,i.jsx)(f.Z,{search:d,onChange:o,placeholder:"Search for systems","data-testid":"system-search",withIcon:!0}),(0,i.jsx)(S,{allSystems:p,assignedSystems:c,onChange:h})]})}),(0,i.jsx)(n.mzw,{justifyContent:"flex-start",children:(0,i.jsxs)("div",{children:[(0,i.jsx)(n.wpx,{onClick:t,className:"mr-2","data-testid":"cancel-btn",children:"Cancel"}),u?null:(0,i.jsx)(n.wpx,{type:"primary",onClick:x,"data-testid":"confirm-btn",children:"Confirm"})]})})]})]})},P=e=>{let{label:s,roleKey:t,isSelected:a,isDisabled:l,assignedSystems:r,onAssignedSystemChange:d}=e,{setFieldValue:c}=(0,h.u6)(),x=(0,n.qY0)(),m=l?"You do not have sufficient permissions to assign this role.":void 0;return a?(0,i.jsxs)(n.Kqy,{borderRadius:"md",border:"1px solid",borderColor:"gray.200",p:4,backgroundColor:"gray.50","aria-selected":"true",spacing:4,"data-testid":"selected",children:[(0,i.jsxs)(n.kCb,{alignItems:"center",justifyContent:"space-between",children:[(0,i.jsx)(n.xvT,{fontSize:"md",fontWeight:"semibold",children:s}),(0,i.jsx)(n.StI,{})]}),t!==o.A7.APPROVER?(0,i.jsxs)(i.Fragment,{children:[(0,i.jsxs)(n.kCb,{alignItems:"center",children:[(0,i.jsx)(n.xvT,{fontSize:"sm",fontWeight:"semibold",mr:1,children:"Assigned systems"}),(0,i.jsx)(w.Z,{label:"Assigned systems refer to those systems that have been specifically allocated to a user for management purposes. Users assigned to a system possess full edit permissions and are listed as the Data Steward for the respective system."})]}),(0,i.jsx)(n.wpx,{disabled:l,title:m,type:"primary",size:"small",onClick:x.onOpen,"data-testid":"assign-systems-btn",children:"Assign systems +"}),(0,i.jsx)(C,{assignedSystems:r,onAssignedSystemChange:d}),x.isOpen?(0,i.jsx)(_,{isOpen:x.isOpen,onClose:x.onClose,assignedSystems:r,onAssignedSystemChange:d}):null]}):null]}):(0,i.jsx)(n.wpx,{onClick:()=>{c("roles",[t])},"data-testid":"role-option-".concat(s),title:m,disabled:l,children:s})};let A={roles:[]};var T=()=>{var e;let s=(0,n.pmc)(),t=(0,x.useRouter)(),l=(0,r.C)(v.Ux);(0,v.d6)(l,{skip:!l});let{isOpen:d,onOpen:f,onClose:b}=(0,n.qY0)(),y=(0,r.C)(v.R$),[C,S]=(0,m.useState)(y),[k]=(0,v.G$)();(0,m.useEffect)(()=>{S(y)},[y]);let{data:_,isLoading:T}=(0,v.gU)(null!=l?l:"",{skip:!l}),[R]=(0,v.lD)(),z=async e=>{if(d&&b(),!l)return;let t=e.roles.includes(o.A7.APPROVER),i=await R({user_id:l,payload:{roles:e.roles}});if((0,u.D4)(i)){s((0,g.Vo)((0,u.e$)(i.error)));return}if(!t){let e=C.map(e=>e.fides_key),t=await k({userId:l,fidesKeys:e});if((0,u.D4)(t)){s((0,g.Vo)((0,u.e$)(t.error)));return}}s((0,g.t5)("Permissions updated"))},I=async e=>{l&&(C.length>0&&e.roles.includes(o.A7.APPROVER)?f():await z(e))},q=(0,c.Tg)([o.Sh.USER_PERMISSION_ASSIGN_OWNERS]);if(!l)return null;if(T)return(0,i.jsx)(n.$jN,{});if(!q&&(null==_?void 0:null===(e=_.roles)||void 0===e?void 0:e.includes(o.A7.OWNER)))return(0,i.jsx)(n.xvT,{"data-testid":"insufficient-access",children:"You do not have sufficient access to change this user's permissions."});let E=(null==_?void 0:_.roles)?{roles:_.roles}:A;return(0,i.jsx)(h.J9,{onSubmit:I,initialValues:E,enableReinitialize:!0,children:e=>{let{values:s,isSubmitting:l,dirty:r}=e;return(0,i.jsxs)(h.l0,{children:[(0,i.jsxs)(n.Kqy,{spacing:7,children:[(0,i.jsxs)(n.Kqy,{spacing:3,"data-testid":"role-options",children:[(0,i.jsxs)(n.kCb,{alignItems:"center",children:[(0,i.jsx)(n.xvT,{fontSize:"sm",fontWeight:"semibold",mr:1,children:"User role"}),(0,i.jsx)(w.Z,{label:"A user's role in the organization determines what parts of the UI they can access and which functions are available to them."})]}),a.K.map(e=>{let t=s.roles.indexOf(e.roleKey)>=0;return(0,i.jsx)(P,{isSelected:t,isDisabled:e.roleKey===o.A7.OWNER&&!q,assignedSystems:C,onAssignedSystemChange:S,...e},e.roleKey)})]}),(0,i.jsxs)("div",{children:[(0,i.jsx)(n.wpx,{onClick:()=>t.push(j.e3),children:"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",htmlType:"submit",loading:l,disabled:!r&&C===y,"data-testid":"save-btn",children:"Save"})]})]}),(0,i.jsx)(p.Z,{isOpen:d,onClose:b,onConfirm:()=>z(s),title:"Change role to Approver",testId:"downgrade-to-approver-confirmation-modal",continueButtonText:"Yes",message:(0,i.jsx)(n.xvT,{children:"Switching to an approver role will remove all assigned systems. Do you wish to proceed?"})})]})}})},R=t(61038),z=t(55484),I=t(25980),q=t(40324),E=t(96006);let{useGetEmailInviteStatusQuery:O}=t(78780).u.injectEndpoints({endpoints:e=>({getEmailInviteStatus:e.query({query:()=>({url:"/messaging/email-invite/status"}),providesTags:()=>["Email Invite Status"]})})});var N=t(76174),Z=t(91317),U=t(31883);let W=z.Ry().shape({password:E.a.label("Password"),passwordConfirmation:z.Z_().required().oneOf([z.iH("password")],"Passwords must match").label("Password confirmation")}),D={password:"",passwordConfirmation:""},K=e=>{let s=(0,n.qY0)(),t=(0,n.pmc)(),[i]=(0,v.ls)(),a=async n=>{let a=await i({id:e,new_password:n.password});(0,U.D4)(a)?t((0,g.Vo)((0,u.e$)(a.error))):(t((0,g.t5)("Successfully reset user's password. Please inform the user of their new password.")),s.onClose())};return{...s,handleResetPassword:a}};var V=e=>{let{id:s}=e,{handleResetPassword:t,isOpen:a,onClose:l,onOpen:r}=K(s);return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.wpx,{onClick:r,"data-testid":"reset-password-btn",children:"Reset password"}),(0,i.jsxs)(n.u_l,{isCentered:!0,isOpen:a,onClose:l,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsx)(n.hzk,{children:(0,i.jsx)(h.J9,{initialValues:D,validationSchema:W,onSubmit:t,children:e=>{let{isSubmitting:s,dirty:t,isValid:a}=e;return(0,i.jsxs)(h.l0,{children:[(0,i.jsx)(n.xBx,{children:"Reset Password"}),(0,i.jsx)(n.olH,{}),(0,i.jsx)(n.fef,{children:(0,i.jsxs)(n.Kqy,{direction:"column",spacing:4,children:[(0,i.jsx)(n.xvT,{mb:2,children:"Choose a new password for this user."}),(0,i.jsx)(q.j0,{name:"password",label:"Password",placeholder:"********",type:"password",tooltip:"Password must contain at least 8 characters, 1 number, 1 capital letter, 1 lowercase letter, and at least 1 symbol.",autoComplete:"new-password"}),(0,i.jsx)(q.j0,{name:"passwordConfirmation",label:"Confirm Password",placeholder:"********",type:"password",tooltip:"Must match above password.",autoComplete:"confirm-password"})]})}),(0,i.jsx)(n.mzw,{children:(0,i.jsxs)("div",{className:"w-full gap-2",children:[(0,i.jsx)(n.wpx,{onClick:l,className:"w-1/2",children:"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",disabled:!t||!a,loading:s,htmlType:"submit",className:"w-1/2","data-testid":"submit-btn",children:"Change Password"})]})})]})}})})]})]})};let Y=e=>{let s=(0,n.qY0)(),t=(0,n.pmc)(),[i,a]=(0,m.useState)(""),[l,r]=(0,m.useState)(""),[d,{isLoading:o}]=(0,v.ev)(),c=!!(e&&l&&i),h=async()=>{c&&d({id:e,old_password:i,new_password:l}).unwrap().then(()=>{t((0,g.t5)("Password updated")),s.onClose()})};return{...s,changePasswordValidation:c,handleChange:e=>{"oldPassword"===e.target.name?a(e.target.value):r(e.target.value)},handleChangePassword:h,isLoading:o,newPasswordValue:l,oldPasswordValue:i}};var B=e=>{let{id:s}=e,{changePasswordValidation:t,handleChange:a,handleChangePassword:l,isLoading:r,isOpen:d,newPasswordValue:o,oldPasswordValue:c,onClose:h,onOpen:x}=Y(s);return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.wpx,{onClick:x,"data-testid":"update-password-btn",children:"Update password"}),(0,i.jsxs)(n.u_l,{isCentered:!0,isOpen:d,onClose:h,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{children:[(0,i.jsx)(n.xBx,{children:"Update Password"}),(0,i.jsx)(n.olH,{}),(0,i.jsx)(n.fef,{pb:6,children:(0,i.jsxs)(n.Kqy,{direction:"column",spacing:"15px",children:[(0,i.jsx)(n.NIc,{children:(0,i.jsx)(n.IIB,{isRequired:!0,name:"oldPassword",onChange:a,placeholder:"Old Password",type:"password",value:c,"data-testid":"input-oldPassword"})}),(0,i.jsx)(n.NIc,{children:(0,i.jsx)(n.IIB,{isRequired:!0,name:"newPassword",onChange:a,placeholder:"New Password",type:"password",value:o,"data-testid":"input-newPassword"})})]})}),(0,i.jsxs)(n.mzw,{children:[(0,i.jsx)(n.wpx,{onClick:h,className:"mr-2 w-1/2",children:"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",disabled:!t,loading:r,onClick:l,htmlType:"submit",className:"mr-3 w-1/2","data-testid":"submit-btn",children:"Change Password"})]})]})]})]})},L=()=>{let e=(0,r.C)(v.Ux),s=(0,r.C)(Z.dy),t=!!s&&s.id===e;return(0,i.jsx)(n.xuv,{children:e?(0,i.jsxs)(n.Ugi,{children:[t?(0,i.jsx)(B,{id:e}):null,(0,i.jsx)(c.ZP,{scopes:[o.Sh.USER_PASSWORD_RESET],children:(0,i.jsx)(V,{id:e})})]}):null})};let F={username:"",first_name:"",email_address:"",last_name:"",password:""},M=z.Ry().shape({username:z.Z_().required().label("Username"),email_address:z.Z_().email().required().label("Email address"),first_name:z.Z_().label("First name"),last_name:z.Z_().label("Last name"),password:E.a.label("Password")});var $=e=>{let{onSubmit:s,initialValues:t,canEditNames:a}=e,l=(0,x.useRouter)(),d=(0,n.pmc)(),o=(0,r.T)(),c=(0,n.qY0)(),m=(0,r.C)(v.ZC),{data:p}=O(),w=null==p?void 0:p.enabled,{flags:f}=(0,I.Vb)(),b=!m,C=!b&&!a,S=b&&!w,k=async e=>{let{password:t,...i}=e,n=await s(S?e:i);if((0,u.D4)(n)){d((0,g.Vo)((0,u.e$)(n.error)));return}d((0,g.t5)("".concat(b?"User created. By default, new users are set to the Viewer role. To change the role, please go to the Permissions tab.":"User updated."))),(null==n?void 0:n.data)&&o((0,v.Vv)(n.data.id))},_=M,{data:P}=(0,N.qv)(),A=!f.ssoAuthentication||!(null==P?void 0:P.length);return A||(_=M.shape({password:E.a.optional().label("Password")})),_=S?_:_.omit(["password"]),(0,i.jsx)(h.J9,{onSubmit:k,initialValues:null!=t?t:F,validationSchema:_,children:e=>{let{dirty:s,isSubmitting:t,isValid:a}=e;return(0,i.jsx)(h.l0,{children:(0,i.jsxs)(n.Kqy,{maxW:["xs","xs","100%"],width:"100%",spacing:7,children:[(0,i.jsxs)(n.Kqy,{spacing:6,maxWidth:"55%",children:[(0,i.jsxs)(n.kCb,{children:[(0,i.jsxs)(n.xvT,{display:"flex",alignItems:"center",fontSize:"sm",fontWeight:"semibold",children:["Profile"," ",(null==m?void 0:m.disabled)&&(0,i.jsx)(n.j8w,{color:"success",className:"ml-2","data-testid":"invite-sent-badge",children:"Invite sent"})]}),(0,i.jsx)(n.xuv,{marginLeft:"auto",children:(0,i.jsxs)(n.Ugi,{children:[(0,i.jsx)(L,{}),b?null:(0,i.jsxs)(n.xuv,{children:[(0,i.jsx)(n.wpx,{"aria-label":"delete",icon:(0,i.jsx)(y.l,{}),onClick:c.onOpen,"data-testid":"delete-user-btn"}),(0,i.jsx)(R.Z,{user:m,...c})]})]})})]}),(0,i.jsx)(q.j0,{name:"username",label:"Username",variant:"block",placeholder:"Enter new username",disabled:!b,isRequired:!0}),(0,i.jsx)(q.j0,{name:"email_address",label:"Email address",variant:"block",placeholder:"Enter email of user",isRequired:!0}),(0,i.jsx)(q.j0,{name:"first_name",label:"First Name",variant:"block",placeholder:"Enter first name of user",disabled:C}),(0,i.jsx)(q.j0,{name:"last_name",label:"Last Name",variant:"block",placeholder:"Enter last name of user",disabled:C}),S?(0,i.jsx)(q.j0,{name:"password",label:"Password",variant:"block",placeholder:"********",type:"password",tooltip:"Password must contain at least 8 characters, 1 number, 1 capital letter, 1 lowercase letter, and at least 1 symbol.",isRequired:A}):null]}),(0,i.jsxs)("div",{children:[(0,i.jsx)(n.wpx,{onClick:()=>l.push(j.e3),className:"mr-3",children:"Cancel"}),(0,i.jsx)(n.wpx,{htmlType:"submit",type:"primary",disabled:!s||!a,loading:t,"data-testid":"save-user-btn",children:"Save"})]})]})})}})},H=e=>{let{onSubmit:s,initialValues:t,...a}=e,h=(0,r.C)(v.Ux);(0,v.Fk)(h,{skip:!h});let x=(0,c.Tg)([o.Sh.USER_PERMISSION_UPDATE]),m=[{label:"Profile",content:(0,i.jsx)($,{onSubmit:s,initialValues:t,...a})},{label:"Permissions",content:(0,i.jsxs)(n.kCb,{gap:"97px",children:[(0,i.jsx)(n.xuv,{w:{base:"100%",md:"50%",xl:"50%"},children:(0,i.jsx)(T,{})}),(0,i.jsx)(n.xuv,{position:"absolute",top:"96px",right:6,height:"calc(100% + 100px)",overflowY:"scroll",padding:6,w:"35%",borderLeftWidth:"1px",children:(0,i.jsx)(l,{})})]}),isDisabled:!h||!x}];return(0,i.jsx)(d.Z,{data:m})}},31883:function(e,s,t){t.d(s,{Bw:function(){return i.Bw},D4:function(){return i.D4}});var i=t(19043)}}]);
+"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[1150],{7617:function(e,s,t){t.d(s,{q:function(){return a}});var i=t(24246),n=t(77181);let a=e=>{let{label:s,isDisabled:t,...a}=e;return(0,i.jsx)(n.OK9,{"data-testid":"tab-".concat(s),_selected:{fontWeight:"600",color:"complimentary.500",borderColor:"complimentary.500"},fontSize:a.fontSize,fontWeight:"500",color:"gray.500",isDisabled:t||!1,children:s})};s.Z=e=>{let{data:s,border:t="partial",...l}=e;return(0,i.jsxs)(n.mQc,{colorScheme:"complimentary",...l,children:[(0,i.jsx)(n.tdY,{width:"partial"===t?"max-content":void 0,children:s.map(e=>(0,i.jsx)(a,{label:e.label,isDisabled:e.isDisabled,fontSize:l.fontSize},e.label))}),(0,i.jsx)(n.nPR,{children:s.map(e=>(0,i.jsx)(n.x45,{px:0,"data-testid":"tab-panel-".concat(e.label),children:e.content},e.label))})]})}},58452:function(e,s,t){var i=t(24246),n=t(77181);s.Z=e=>{let{isOpen:s,onClose:t,onConfirm:a,onCancel:l,title:r,message:d,cancelButtonText:o,continueButtonText:c,isLoading:h,returnFocusOnClose:x,isCentered:m,testId:u="confirmation-modal",icon:p}=e;return(0,i.jsxs)(n.u_l,{isOpen:s,onClose:t,size:"lg",returnFocusOnClose:null==x||x,isCentered:m,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{textAlign:"center",p:6,"data-testid":u,children:[p?(0,i.jsx)(n.M5Y,{mb:2,children:p}):null,r?(0,i.jsx)(n.xBx,{fontWeight:"medium",pb:0,children:r}):null,d?(0,i.jsx)(n.fef,{children:d}):null,(0,i.jsx)(n.mzw,{children:(0,i.jsxs)(n.MIq,{columns:2,width:"100%",children:[(0,i.jsx)(n.wpx,{onClick:()=>{l&&l(),t()},size:"large",className:"mr-3","data-testid":"cancel-btn",disabled:h,children:o||"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",size:"large",onClick:a,"data-testid":"continue-btn",loading:h,children:c||"Continue"})]})})]})]})}},41150:function(e,s,t){t.d(s,{Z:function(){return H}});var i=t(24246),n=t(77181),a=t(91437),l=()=>(0,i.jsxs)(n.xuv,{children:[(0,i.jsx)(n.xuv,{pb:4,fontSize:"18px",fontWeight:"semibold",children:"Role Description"}),(0,i.jsx)(n.gCW,{spacing:4,children:a.K.map(e=>(0,i.jsxs)(n.xuv,{width:"100%",padding:4,borderRadius:"md",backgroundColor:"gray.75",fontSize:"14px",children:[(0,i.jsx)(n.xuv,{fontWeight:"semibold",children:e.label}),(0,i.jsx)(n.xuv,{color:"gray.700",children:e.description})]},e.roleKey))})]}),r=t(16134),d=t(7617),o=t(28120),c=t(19904),h=t(34090),x=t(86677),m=t(27378),u=t(812),p=t(58452),j=t(77830),w=t(91613),g=t(46628),f=t(86780),b=t(1315),y=t(95492),v=t(65497);let C=e=>{let{assignedSystems:s,onAssignedSystemChange:t}=e,a=(0,r.C)(v.Ux);if((0,v.d6)(a,{skip:!a}),0===s.length)return null;let l=e=>{t(s.filter(s=>s.fides_key!==e.fides_key))};return(0,i.jsxs)(n.iA_,{size:"sm","data-testid":"assign-systems-delete-table",children:[(0,i.jsx)(n.hrZ,{children:(0,i.jsxs)(n.Tr,{children:[(0,i.jsx)(n.Th,{children:"System"}),(0,i.jsx)(n.Th,{})]})}),(0,i.jsx)(n.p3B,{children:s.map(e=>(0,i.jsxs)(n.Tr,{_hover:{bg:"gray.50"},"data-testid":"row-".concat(e.fides_key),children:[(0,i.jsx)(n.Td,{children:e.name}),(0,i.jsx)(n.Td,{textAlign:"end",children:(0,i.jsx)(n.wpx,{"aria-label":"Unassign system from user",icon:(0,i.jsx)(y.l,{}),onClick:()=>l(e),"data-testid":"unassign-btn"})})]},e.fides_key))})]})};var S=e=>{let{allSystems:s,assignedSystems:t,onChange:a}=e,l=e=>{t.find(s=>s.fides_key===e.fides_key)?a(t.filter(s=>s.fides_key!==e.fides_key)):a([...t,e])};return(0,i.jsx)(n.xuv,{overflowY:"auto",maxHeight:"300px",children:(0,i.jsxs)(n.iA_,{size:"sm","data-testid":"assign-systems-table",maxHeight:"50vh",overflowY:"scroll",children:[(0,i.jsx)(n.hrZ,{position:"sticky",top:0,background:"white",zIndex:1,children:(0,i.jsxs)(n.Tr,{children:[(0,i.jsx)(n.Th,{children:"System"}),(0,i.jsx)(n.Th,{children:"Assign"})]})}),(0,i.jsx)(n.p3B,{children:s.map(e=>{let s=!!t.find(s=>s.fides_key===e.fides_key);return(0,i.jsxs)(n.Tr,{_hover:{bg:"gray.50"},"data-testid":"row-".concat(e.fides_key),children:[(0,i.jsx)(n.Td,{children:e.name}),(0,i.jsx)(n.Td,{children:(0,i.jsx)(n.rAg,{checked:s,onChange:()=>l(e),"data-testid":"assign-switch"})})]},e.fides_key)})})]})})};let k=(e,s)=>{var t,i;return(null===(t=e.name)||void 0===t?void 0:t.toLocaleLowerCase().includes(s.toLocaleLowerCase()))||(null===(i=e.description)||void 0===i?void 0:i.toLocaleLowerCase().includes(s.toLocaleLowerCase()))};var _=e=>{let{isOpen:s,onClose:t,assignedSystems:a,onAssignedSystemChange:l}=e,{data:r}=(0,b.K3)(),[d,o]=(0,m.useState)(""),[c,h]=(0,m.useState)(a),x=async()=>{l(c),t()},u=!r||0===r.length,p=(0,m.useMemo)(()=>r?r.filter(e=>k(e,d)):[],[r,d]),j=(0,m.useMemo)(()=>{let e=new Set(c.map(e=>e.fides_key));return p.every(s=>e.has(s.fides_key))},[p,c]);return(0,i.jsxs)(n.u_l,{isOpen:s,onClose:t,size:"2xl",children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{p:8,"data-testid":"confirmation-modal",children:[(0,i.jsxs)(n.xBx,{fontWeight:"medium",display:"flex",justifyContent:"space-between",alignItems:"center",children:[(0,i.jsx)(n.xvT,{children:"Assign systems"}),(0,i.jsxs)(n.j8w,{color:"success",children:["Assigned to ",a.length," systems"]})]}),(0,i.jsx)(n.fef,{"data-testid":"assign-systems-modal-body",children:u?(0,i.jsx)(n.xvT,{children:"No systems found"}):(0,i.jsxs)(n.Kqy,{spacing:4,children:[(0,i.jsxs)(n.kCb,{justifyContent:"space-between",children:[(0,i.jsx)(n.xvT,{fontSize:"sm",flexGrow:1,fontWeight:"medium",children:"Assign systems in your organization to this user"}),(0,i.jsx)(n.xuv,{children:(0,i.jsxs)(n.NIc,{display:"flex",alignItems:"center",children:[(0,i.jsx)(n.lXp,{fontSize:"sm",htmlFor:"assign-all-systems",mb:"0",children:"Assign all systems"}),(0,i.jsx)(n.rAg,{size:"small",id:"assign-all-systems",checked:j,onChange:e=>{e&&r?h(p):h(r?r.filter(e=>!p.includes(e)):[])},"data-testid":"assign-all-systems-toggle"})]})})]}),(0,i.jsx)(f.Z,{search:d,onChange:o,placeholder:"Search for systems","data-testid":"system-search",withIcon:!0}),(0,i.jsx)(S,{allSystems:p,assignedSystems:c,onChange:h})]})}),(0,i.jsx)(n.mzw,{justifyContent:"flex-start",children:(0,i.jsxs)("div",{children:[(0,i.jsx)(n.wpx,{onClick:t,className:"mr-2","data-testid":"cancel-btn",children:"Cancel"}),u?null:(0,i.jsx)(n.wpx,{type:"primary",onClick:x,"data-testid":"confirm-btn",children:"Confirm"})]})})]})]})},P=e=>{let{label:s,roleKey:t,isSelected:a,isDisabled:l,assignedSystems:r,onAssignedSystemChange:d}=e,{setFieldValue:c}=(0,h.u6)(),x=(0,n.qY0)(),m=l?"You do not have sufficient permissions to assign this role.":void 0;return a?(0,i.jsxs)(n.Kqy,{borderRadius:"md",border:"1px solid",borderColor:"gray.200",p:4,backgroundColor:"gray.50","aria-selected":"true",spacing:4,"data-testid":"selected",children:[(0,i.jsxs)(n.kCb,{alignItems:"center",justifyContent:"space-between",children:[(0,i.jsx)(n.xvT,{fontSize:"md",fontWeight:"semibold",children:s}),(0,i.jsx)(n.StI,{})]}),t!==o.A7.APPROVER?(0,i.jsxs)(i.Fragment,{children:[(0,i.jsxs)(n.kCb,{alignItems:"center",children:[(0,i.jsx)(n.xvT,{fontSize:"sm",fontWeight:"semibold",mr:1,children:"Assigned systems"}),(0,i.jsx)(w.Z,{label:"Assigned systems refer to those systems that have been specifically allocated to a user for management purposes. Users assigned to a system possess full edit permissions and are listed as the Data Steward for the respective system."})]}),(0,i.jsx)(n.wpx,{disabled:l,title:m,type:"primary",size:"small",onClick:x.onOpen,"data-testid":"assign-systems-btn",children:"Assign systems +"}),(0,i.jsx)(C,{assignedSystems:r,onAssignedSystemChange:d}),x.isOpen?(0,i.jsx)(_,{isOpen:x.isOpen,onClose:x.onClose,assignedSystems:r,onAssignedSystemChange:d}):null]}):null]}):(0,i.jsx)(n.wpx,{onClick:()=>{c("roles",[t])},"data-testid":"role-option-".concat(s),title:m,disabled:l,children:s})};let A={roles:[]};var T=()=>{var e;let s=(0,n.pmc)(),t=(0,x.useRouter)(),l=(0,r.C)(v.Ux);(0,v.d6)(l,{skip:!l});let{isOpen:d,onOpen:f,onClose:b}=(0,n.qY0)(),y=(0,r.C)(v.R$),[C,S]=(0,m.useState)(y),[k]=(0,v.G$)();(0,m.useEffect)(()=>{S(y)},[y]);let{data:_,isLoading:T}=(0,v.gU)(null!=l?l:"",{skip:!l}),[R]=(0,v.lD)(),z=async e=>{if(d&&b(),!l)return;let t=e.roles.includes(o.A7.APPROVER),i=await R({user_id:l,payload:{roles:e.roles}});if((0,u.D4)(i)){s((0,g.Vo)((0,u.e$)(i.error)));return}if(!t){let e=C.map(e=>e.fides_key),t=await k({userId:l,fidesKeys:e});if((0,u.D4)(t)){s((0,g.Vo)((0,u.e$)(t.error)));return}}s((0,g.t5)("Permissions updated"))},I=async e=>{l&&(C.length>0&&e.roles.includes(o.A7.APPROVER)?f():await z(e))},q=(0,c.Tg)([o.Sh.USER_PERMISSION_ASSIGN_OWNERS]);if(!l)return null;if(T)return(0,i.jsx)(n.$jN,{});if(!q&&(null==_?void 0:null===(e=_.roles)||void 0===e?void 0:e.includes(o.A7.OWNER)))return(0,i.jsx)(n.xvT,{"data-testid":"insufficient-access",children:"You do not have sufficient access to change this user's permissions."});let E=(null==_?void 0:_.roles)?{roles:_.roles}:A;return(0,i.jsx)(h.J9,{onSubmit:I,initialValues:E,enableReinitialize:!0,children:e=>{let{values:s,isSubmitting:l,dirty:r}=e;return(0,i.jsxs)(h.l0,{children:[(0,i.jsxs)(n.Kqy,{spacing:7,children:[(0,i.jsxs)(n.Kqy,{spacing:3,"data-testid":"role-options",children:[(0,i.jsxs)(n.kCb,{alignItems:"center",children:[(0,i.jsx)(n.xvT,{fontSize:"sm",fontWeight:"semibold",mr:1,children:"User role"}),(0,i.jsx)(w.Z,{label:"A user's role in the organization determines what parts of the UI they can access and which functions are available to them."})]}),a.K.map(e=>{let t=s.roles.indexOf(e.roleKey)>=0;return(0,i.jsx)(P,{isSelected:t,isDisabled:e.roleKey===o.A7.OWNER&&!q,assignedSystems:C,onAssignedSystemChange:S,...e},e.roleKey)})]}),(0,i.jsxs)("div",{children:[(0,i.jsx)(n.wpx,{onClick:()=>t.push(j.e3),children:"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",htmlType:"submit",loading:l,disabled:!r&&C===y,"data-testid":"save-btn",children:"Save"})]})]}),(0,i.jsx)(p.Z,{isOpen:d,onClose:b,onConfirm:()=>z(s),title:"Change role to Approver",testId:"downgrade-to-approver-confirmation-modal",continueButtonText:"Yes",message:(0,i.jsx)(n.xvT,{children:"Switching to an approver role will remove all assigned systems. Do you wish to proceed?"})})]})}})},R=t(61038),z=t(55484),I=t(25980),q=t(40324),E=t(96006);let{useGetEmailInviteStatusQuery:O}=t(78780).u.injectEndpoints({endpoints:e=>({getEmailInviteStatus:e.query({query:()=>({url:"/messaging/email-invite/status"}),providesTags:()=>["Email Invite Status"]})})});var N=t(76174),Z=t(91317),U=t(31883);let W=z.Ry().shape({password:E.a.label("Password"),passwordConfirmation:z.Z_().required().oneOf([z.iH("password")],"Passwords must match").label("Password confirmation")}),D={password:"",passwordConfirmation:""},K=e=>{let s=(0,n.qY0)(),t=(0,n.pmc)(),[i]=(0,v.ls)(),a=async n=>{let a=await i({id:e,new_password:n.password});(0,U.D4)(a)?t((0,g.Vo)((0,u.e$)(a.error))):(t((0,g.t5)("Successfully reset user's password. Please inform the user of their new password.")),s.onClose())};return{...s,handleResetPassword:a}};var V=e=>{let{id:s}=e,{handleResetPassword:t,isOpen:a,onClose:l,onOpen:r}=K(s);return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.wpx,{onClick:r,"data-testid":"reset-password-btn",children:"Reset password"}),(0,i.jsxs)(n.u_l,{isCentered:!0,isOpen:a,onClose:l,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsx)(n.hzk,{children:(0,i.jsx)(h.J9,{initialValues:D,validationSchema:W,onSubmit:t,children:e=>{let{isSubmitting:s,dirty:t,isValid:a}=e;return(0,i.jsxs)(h.l0,{children:[(0,i.jsx)(n.xBx,{children:"Reset Password"}),(0,i.jsx)(n.olH,{}),(0,i.jsx)(n.fef,{children:(0,i.jsxs)(n.Kqy,{direction:"column",spacing:4,children:[(0,i.jsx)(n.xvT,{mb:2,children:"Choose a new password for this user."}),(0,i.jsx)(q.j0,{name:"password",label:"Password",placeholder:"********",type:"password",tooltip:"Password must contain at least 8 characters, 1 number, 1 capital letter, 1 lowercase letter, and at least 1 symbol.",autoComplete:"new-password"}),(0,i.jsx)(q.j0,{name:"passwordConfirmation",label:"Confirm Password",placeholder:"********",type:"password",tooltip:"Must match above password.",autoComplete:"confirm-password"})]})}),(0,i.jsx)(n.mzw,{children:(0,i.jsxs)("div",{className:"w-full gap-2",children:[(0,i.jsx)(n.wpx,{onClick:l,className:"w-1/2",children:"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",disabled:!t||!a,loading:s,htmlType:"submit",className:"w-1/2","data-testid":"submit-btn",children:"Change Password"})]})})]})}})})]})]})};let Y=e=>{let s=(0,n.qY0)(),t=(0,n.pmc)(),[i,a]=(0,m.useState)(""),[l,r]=(0,m.useState)(""),[d,{isLoading:o}]=(0,v.ev)(),c=!!(e&&l&&i),h=async()=>{c&&d({id:e,old_password:i,new_password:l}).unwrap().then(()=>{t((0,g.t5)("Password updated")),s.onClose()})};return{...s,changePasswordValidation:c,handleChange:e=>{"oldPassword"===e.target.name?a(e.target.value):r(e.target.value)},handleChangePassword:h,isLoading:o,newPasswordValue:l,oldPasswordValue:i}};var B=e=>{let{id:s}=e,{changePasswordValidation:t,handleChange:a,handleChangePassword:l,isLoading:r,isOpen:d,newPasswordValue:o,oldPasswordValue:c,onClose:h,onOpen:x}=Y(s);return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.wpx,{onClick:x,"data-testid":"update-password-btn",children:"Update password"}),(0,i.jsxs)(n.u_l,{isCentered:!0,isOpen:d,onClose:h,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{children:[(0,i.jsx)(n.xBx,{children:"Update Password"}),(0,i.jsx)(n.olH,{}),(0,i.jsx)(n.fef,{pb:6,children:(0,i.jsxs)(n.Kqy,{direction:"column",spacing:"15px",children:[(0,i.jsx)(n.NIc,{children:(0,i.jsx)(n.IIB,{isRequired:!0,name:"oldPassword",onChange:a,placeholder:"Old Password",type:"password",value:c,"data-testid":"input-oldPassword"})}),(0,i.jsx)(n.NIc,{children:(0,i.jsx)(n.IIB,{isRequired:!0,name:"newPassword",onChange:a,placeholder:"New Password",type:"password",value:o,"data-testid":"input-newPassword"})})]})}),(0,i.jsxs)(n.mzw,{children:[(0,i.jsx)(n.wpx,{onClick:h,className:"mr-2 w-1/2",children:"Cancel"}),(0,i.jsx)(n.wpx,{type:"primary",disabled:!t,loading:r,onClick:l,htmlType:"submit",className:"mr-3 w-1/2","data-testid":"submit-btn",children:"Change Password"})]})]})]})]})},L=()=>{let e=(0,r.C)(v.Ux),s=(0,r.C)(Z.dy),t=!!s&&s.id===e;return(0,i.jsx)(n.xuv,{children:e?(0,i.jsxs)(n.Ugi,{children:[t?(0,i.jsx)(B,{id:e}):null,(0,i.jsx)(c.ZP,{scopes:[o.Sh.USER_PASSWORD_RESET],children:(0,i.jsx)(V,{id:e})})]}):null})};let F={username:"",first_name:"",email_address:"",last_name:"",password:""},M=z.Ry().shape({username:z.Z_().required().label("Username"),email_address:z.Z_().email().required().label("Email address"),first_name:z.Z_().label("First name"),last_name:z.Z_().label("Last name"),password:E.a.label("Password")});var $=e=>{let{onSubmit:s,initialValues:t,canEditNames:a}=e,l=(0,x.useRouter)(),d=(0,n.pmc)(),o=(0,r.T)(),c=(0,n.qY0)(),m=(0,r.C)(v.ZC),{data:p}=O(),w=null==p?void 0:p.enabled,{flags:f}=(0,I.Vb)(),b=!m,C=!b&&!a,S=b&&!w,k=async e=>{let{password:t,...i}=e,n=await s(S?e:i);if((0,u.D4)(n)){d((0,g.Vo)((0,u.e$)(n.error)));return}d((0,g.t5)("".concat(b?"User created. By default, new users are set to the Viewer role. To change the role, please go to the Permissions tab.":"User updated."))),(null==n?void 0:n.data)&&o((0,v.Vv)(n.data.id))},_=M,{data:P}=(0,N.qv)(),A=!f.ssoAuthentication||!(null==P?void 0:P.length);return A||(_=M.shape({password:E.a.optional().label("Password")})),_=S?_:_.omit(["password"]),(0,i.jsx)(h.J9,{onSubmit:k,initialValues:null!=t?t:F,validationSchema:_,children:e=>{let{dirty:s,isSubmitting:t,isValid:a}=e;return(0,i.jsx)(h.l0,{children:(0,i.jsxs)(n.Kqy,{maxW:["xs","xs","100%"],width:"100%",spacing:7,children:[(0,i.jsxs)(n.Kqy,{spacing:6,maxWidth:"55%",children:[(0,i.jsxs)(n.kCb,{children:[(0,i.jsxs)(n.xvT,{display:"flex",alignItems:"center",fontSize:"sm",fontWeight:"semibold",children:["Profile"," ",(null==m?void 0:m.disabled)&&(0,i.jsx)(n.j8w,{color:"success",className:"ml-2","data-testid":"invite-sent-badge",children:"Invite sent"})]}),(0,i.jsx)(n.xuv,{marginLeft:"auto",children:(0,i.jsxs)(n.Ugi,{children:[(0,i.jsx)(L,{}),b?null:(0,i.jsxs)(n.xuv,{children:[(0,i.jsx)(n.wpx,{"aria-label":"delete",icon:(0,i.jsx)(y.l,{}),onClick:c.onOpen,"data-testid":"delete-user-btn"}),(0,i.jsx)(R.Z,{user:m,...c})]})]})})]}),(0,i.jsx)(q.j0,{name:"username",label:"Username",variant:"block",placeholder:"Enter new username",disabled:!b,isRequired:!0}),(0,i.jsx)(q.j0,{name:"email_address",label:"Email address",variant:"block",placeholder:"Enter email of user",isRequired:!0}),(0,i.jsx)(q.j0,{name:"first_name",label:"First Name",variant:"block",placeholder:"Enter first name of user",disabled:C}),(0,i.jsx)(q.j0,{name:"last_name",label:"Last Name",variant:"block",placeholder:"Enter last name of user",disabled:C}),S?(0,i.jsx)(q.j0,{name:"password",label:"Password",variant:"block",placeholder:"********",type:"password",tooltip:"Password must contain at least 8 characters, 1 number, 1 capital letter, 1 lowercase letter, and at least 1 symbol.",isRequired:A}):null]}),(0,i.jsxs)("div",{children:[(0,i.jsx)(n.wpx,{onClick:()=>l.push(j.e3),className:"mr-3",children:"Cancel"}),(0,i.jsx)(n.wpx,{htmlType:"submit",type:"primary",disabled:!s||!a,loading:t,"data-testid":"save-user-btn",children:"Save"})]})]})})}})},H=e=>{let{onSubmit:s,initialValues:t,...a}=e,h=(0,r.C)(v.Ux);(0,v.Fk)(h,{skip:!h});let x=(0,c.Tg)([o.Sh.USER_PERMISSION_UPDATE]),m=[{label:"Profile",content:(0,i.jsx)($,{onSubmit:s,initialValues:t,...a})},{label:"Permissions",content:(0,i.jsxs)(n.kCb,{gap:"97px",children:[(0,i.jsx)(n.xuv,{w:{base:"100%",md:"50%",xl:"50%"},children:(0,i.jsx)(T,{})}),(0,i.jsx)(n.xuv,{position:"absolute",top:"96px",right:6,height:"calc(100% + 100px)",overflowY:"scroll",padding:6,w:"35%",borderLeftWidth:"1px",children:(0,i.jsx)(l,{})})]}),isDisabled:!h||!x}];return(0,i.jsx)(d.Z,{data:m})}},31883:function(e,s,t){t.d(s,{Bw:function(){return i.Bw},D4:function(){return i.D4}});var i=t(19043)}}]);