guru-connect/dashboard/src/api/index.ts at 40c7d860cc1d942a7809aba7921078d244d2c36f - guru-connect - Gitea: Git with a cup of tea

azcomputerguru/guru-connect

Files

Mike Swanson 96b4fd7721

Build and Test / Build Server (Linux) (push) Failing after 4m43s

Details

Build and Test / Build Agent (Windows) (push) Successful in 8m48s

Details

Build and Test / Security Audit (push) Successful in 4m38s

Details

Build and Test / Build Summary (push) Has been skipped

Details

feat(dashboard): GuruConnect v2 Users admin view

Admin-only user management: list, create, edit role/permissions/status,
reset password, and disable/delete, against the v2 users API.

- Admin-gated three ways: AdminRoute on /users (calm access-denied panel
  for non-admins, no redirect loop or data fetch), Sidebar hides the nav
  item, and every mutation relies on the server AdminUser 403 as the real
  authority. isAdmin is derived from the server-validated user, not the
  client token.
- Users table: role badge (admin/operator/viewer), permissions summary,
  enabled/disabled status, created, last-login. Sticky header, skeleton,
  empty/error states. Self row tagged "You".
- Create/edit use the real roles and permission strings
  (view/control/transfer/manage_users/manage_clients); admin permissions
  are server-implicit and shown locked. Passwords: typed or Web Crypto
  generated (rejection-sampled, copy-once reveal), type=password +
  autoComplete=new-password, cleared from state on open/close/success,
  never logged/persisted/in-URL; blank on edit means unchanged.
- Self-lockout guards: cannot disable, delete, or demote your own admin
  account (controls disabled + submit-handler checks, matched on the
  authoritative user id). Server mirrors self-disable/self-delete; the
  self-demotion guard is client-side (server todo filed).
- useUpdateUser sequences user-update then permissions-set; invalidates
  ["users"] on settled so the table reconciles after a partial failure,
  with an actionable message if only permissions failed.

Passed Code Review (no blockers after fixes) and local gates
(tsc/lint/build green). Completes the v2 dashboard view set.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-05-30 14:18:40 -07:00

8 lines

299 B

TypeScript

Raw Blame History

 export * from "./types";
 export { ApiError, http, setTokenProvider, setUnauthorizedHandler } from "./client";
 export * as authApi from "./auth";
 export * as codesApi from "./codes";
 export * as machinesApi from "./machines";
 export * as stubsApi from "./stubs";
 export * as usersApi from "./users";