From 737da6bd96fcfa6c4d8347013dcb35abbbcb937e Mon Sep 17 00:00:00 2001 From: npeter83 Date: Fri, 19 Jun 2026 14:16:48 +0200 Subject: [PATCH] feat(auth): admin Users page + allow_registration toggle (5a frontend) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit New admin-only Users page (sidebar): Users & roles (list + promote/demote with confirm; self/demo/last-admin guarded server-side), plus the Access requests (Invite whitelist) and Demo whitelist+reset migrated out of Settings → Account (same data/tables — UI relocated only). Settings → Account now holds personal content only. ConfigPanel learns a boolean field type (toggle) for the new allow_registration setting. api methods, new 'users' page/route/nav/header, and EN/HU/DE strings (new users namespace + access group). --- frontend/src/App.tsx | 3 + frontend/src/components/AdminUsers.tsx | 383 ++++++++++++++++++++++ frontend/src/components/ConfigPanel.tsx | 50 ++- frontend/src/components/Header.tsx | 4 +- frontend/src/components/NavSidebar.tsx | 2 + frontend/src/components/SettingsPanel.tsx | 267 +-------------- frontend/src/i18n/locales/de/config.json | 4 +- frontend/src/i18n/locales/de/header.json | 2 + frontend/src/i18n/locales/de/users.json | 21 ++ frontend/src/i18n/locales/en/config.json | 4 +- frontend/src/i18n/locales/en/header.json | 2 + frontend/src/i18n/locales/en/users.json | 21 ++ frontend/src/i18n/locales/hu/config.json | 4 +- frontend/src/i18n/locales/hu/header.json | 2 + frontend/src/i18n/locales/hu/users.json | 21 ++ frontend/src/lib/api.ts | 18 + frontend/src/lib/urlState.ts | 1 + 17 files changed, 528 insertions(+), 281 deletions(-) create mode 100644 frontend/src/components/AdminUsers.tsx create mode 100644 frontend/src/i18n/locales/de/users.json create mode 100644 frontend/src/i18n/locales/en/users.json create mode 100644 frontend/src/i18n/locales/hu/users.json diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx index b807b22..2e2eb22 100644 --- a/frontend/src/App.tsx +++ b/frontend/src/App.tsx @@ -31,6 +31,7 @@ import Playlists from "./components/Playlists"; import Stats from "./components/Stats"; import Scheduler from "./components/Scheduler"; import ConfigPanel from "./components/ConfigPanel"; +import AdminUsers from "./components/AdminUsers"; import SettingsPanel from "./components/SettingsPanel"; import NotificationsPanel from "./components/NotificationsPanel"; import OnboardingWizard from "./components/OnboardingWizard"; @@ -472,6 +473,8 @@ export default function App() { ) : page === "config" && meQuery.data!.role === "admin" ? ( + ) : page === "users" && meQuery.data!.role === "admin" ? ( + ) : page === "playlists" ? ( ) : page === "notifications" ? ( diff --git a/frontend/src/components/AdminUsers.tsx b/frontend/src/components/AdminUsers.tsx new file mode 100644 index 0000000..d3172b1 --- /dev/null +++ b/frontend/src/components/AdminUsers.tsx @@ -0,0 +1,383 @@ +import { useState } from "react"; +import { useTranslation } from "react-i18next"; +import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"; +import { Check, RotateCcw, Shield, Trash2, UserPlus, X } from "lucide-react"; +import { api, type AdminUserRow, type Invite, type Me } from "../lib/api"; +import { notify } from "../lib/notifications"; +import Tooltip from "./Tooltip"; +import { useConfirm } from "./ConfirmProvider"; + +// Admin-only user & access management: roles, access requests (the Invite whitelist), and the +// demo whitelist + reset. Moved out of Settings → Account into its own admin page; the Invite +// and demo data are unchanged (same tables) — only the UI relocated. +export default function AdminUsers({ me }: { me: Me }) { + return ( +
+ + + +
+ ); +} + +function Section({ title, children }: { title: string; children: React.ReactNode }) { + return ( +
+
{title}
+ {children} +
+ ); +} + +function Badge({ tone, children }: { tone: "accent" | "muted" | "warning"; children: React.ReactNode }) { + const cls = + tone === "accent" + ? "border-accent/40 text-accent" + : tone === "warning" + ? "border-amber-500/40 text-amber-500" + : "border-border text-muted"; + return ( + {children} + ); +} + +function UsersRoles({ me }: { me: Me }) { + const { t } = useTranslation(); + const qc = useQueryClient(); + const confirm = useConfirm(); + const q = useQuery({ queryKey: ["admin-users"], queryFn: api.adminUsers }); + const setRole = useMutation({ + mutationFn: ({ id, role }: { id: number; role: "user" | "admin" }) => api.setUserRole(id, role), + onSuccess: () => { + qc.invalidateQueries({ queryKey: ["admin-users"] }); + notify({ level: "success", message: t("users.roles.updated") }); + }, + // Errors (e.g. last-admin / self) surface via the global error dialog with the server's detail. + }); + + const onToggle = async (u: AdminUserRow) => { + const makeAdmin = u.role !== "admin"; + const ok = await confirm({ + title: makeAdmin ? t("users.roles.promoteTitle") : t("users.roles.demoteTitle"), + message: t(makeAdmin ? "users.roles.promoteConfirm" : "users.roles.demoteConfirm", { + email: u.email, + }), + confirmLabel: makeAdmin ? t("users.roles.makeAdmin") : t("users.roles.makeUser"), + danger: !makeAdmin, + }); + if (ok) setRole.mutate({ id: u.id, role: makeAdmin ? "admin" : "user" }); + }; + + const rows = q.data ?? []; + + return ( +
+

{t("users.roles.intro")}

+ {rows.length === 0 ? ( +

{t("users.roles.empty")}

+ ) : ( +
+ {rows.map((u) => { + const self = u.id === me.id; + return ( +
+
+
+ {u.display_name ?? u.email.split("@")[0]} + {self && · {t("users.roles.you")}} +
+
{u.email}
+
+ {u.role === "admin" && {t("users.roles.admin")}} + {u.is_demo && {t("users.roles.demo")}} + {!u.is_active && {t("users.roles.pending")}} + {u.is_active && !u.email_verified && ( + {t("users.roles.unverified")} + )} + + + +
+ ); + })} +
+ )} +
+ ); +} + +// --- Access requests (the Invite whitelist) — moved verbatim from Settings → Account ------- + +function AdminInvites() { + const { t } = useTranslation(); + const qc = useQueryClient(); + const invites = useQuery({ queryKey: ["admin-invites"], queryFn: () => api.adminInvites() }); + const [newEmail, setNewEmail] = useState(""); + const refresh = () => { + qc.invalidateQueries({ queryKey: ["admin-invites"] }); + qc.invalidateQueries({ queryKey: ["me"] }); // updates the pending badge + }; + const approve = useMutation({ + mutationFn: (id: number) => api.approveInvite(id), + onSuccess: () => { + refresh(); + notify({ level: "success", message: t("settings.invites.approved") }); + }, + onError: () => notify({ level: "error", message: t("settings.invites.approveFailed") }), + }); + const deny = useMutation({ + mutationFn: (id: number) => api.denyInvite(id), + onSuccess: refresh, + onError: () => notify({ level: "error", message: t("settings.invites.denyFailed") }), + }); + const add = useMutation({ + mutationFn: (email: string) => api.addInvite(email), + onSuccess: () => { + setNewEmail(""); + refresh(); + notify({ level: "success", message: t("settings.invites.addedToWhitelist") }); + }, + onError: () => notify({ level: "error", message: t("settings.invites.addFailed") }), + }); + + const list = invites.data ?? []; + const pending = list.filter((i) => i.status === "pending"); + const decided = list.filter((i) => i.status !== "pending"); + + return ( +
+ {pending.length === 0 ? ( +

{t("settings.invites.noPending")}

+ ) : ( +
+ {pending.map((i) => ( + approve.mutate(i.id)} + onDeny={() => deny.mutate(i.id)} + busy={approve.isPending || deny.isPending} + /> + ))} +
+ )} + +
{ + e.preventDefault(); + if (newEmail.trim()) add.mutate(newEmail.trim()); + }} + className="flex items-center gap-2 mt-3" + > + setNewEmail(e.target.value)} + placeholder={t("settings.invites.addPlaceholder")} + className="flex-1 min-w-0 bg-card border border-border rounded-xl px-3 py-2 text-sm outline-none focus:border-accent" + /> + +
+ + {decided.length > 0 && ( +
+ + {t("settings.invites.decided", { count: decided.length })} + +
+ {decided.map((i) => ( +
+ {i.email} + + {i.status} + +
+ ))} +
+
+ )} +
+ ); +} + +function AdminDemo() { + const { t } = useTranslation(); + const qc = useQueryClient(); + const confirm = useConfirm(); + const list = useQuery({ queryKey: ["demo-whitelist"], queryFn: () => api.adminDemoWhitelist() }); + const [newEmail, setNewEmail] = useState(""); + + const add = useMutation({ + mutationFn: (email: string) => api.addDemoWhitelist(email), + onSuccess: () => { + setNewEmail(""); + qc.invalidateQueries({ queryKey: ["demo-whitelist"] }); + notify({ level: "success", message: t("settings.demo.added") }); + }, + onError: () => notify({ level: "error", message: t("settings.demo.addFailed") }), + }); + const remove = useMutation({ + mutationFn: (id: number) => api.removeDemoWhitelist(id), + onSuccess: () => qc.invalidateQueries({ queryKey: ["demo-whitelist"] }), + onError: () => notify({ level: "error", message: t("settings.demo.removeFailed") }), + }); + const reset = useMutation({ + mutationFn: () => api.resetDemo(), + onSuccess: (r: { playlists_seeded: number }) => + notify({ + level: "success", + message: t("settings.demo.resetDone", { count: r.playlists_seeded }), + }), + onError: () => notify({ level: "error", message: t("settings.demo.resetFailed") }), + }); + + const rows = list.data ?? []; + + return ( +
+

{t("settings.demo.intro")}

+ + {rows.length > 0 && ( +
+ {rows.map((r) => ( +
+
+
{r.email}
+ {r.added_by && ( +
+ {t("settings.demo.addedBy", { who: r.added_by })} +
+ )} +
+ + + +
+ ))} +
+ )} + +
{ + e.preventDefault(); + if (newEmail.trim()) add.mutate(newEmail.trim()); + }} + className="flex items-center gap-2" + > + setNewEmail(e.target.value)} + placeholder={t("settings.demo.addPlaceholder")} + className="flex-1 min-w-0 bg-card border border-border rounded-xl px-3 py-2 text-sm outline-none focus:border-accent" + /> + +
+ +
+ + + +
+
+ ); +} + +function InviteRow({ + inv, + onApprove, + onDeny, + busy, +}: { + inv: Invite; + onApprove: () => void; + onDeny: () => void; + busy: boolean; +}) { + const { t } = useTranslation(); + return ( +
+
+
{inv.email}
+ {inv.requested_at && ( +
+ {t("settings.invites.requested", { + time: new Date(inv.requested_at).toLocaleString(), + })} +
+ )} +
+ + + + + + +
+ ); +} diff --git a/frontend/src/components/ConfigPanel.tsx b/frontend/src/components/ConfigPanel.tsx index 66d1d4e..9141265 100644 --- a/frontend/src/components/ConfigPanel.tsx +++ b/frontend/src/components/ConfigPanel.tsx @@ -11,7 +11,7 @@ import Tooltip from "./Tooltip"; // applied together via one Save/Discard bar (consistent with the Settings page); nothing hits // the server until Save. Group order is fixed where known so logically related settings (e.g. // Email/SMTP) stay together. -const GROUP_ORDER = ["email", "youtube", "quota", "backfill", "shorts", "batch"]; +const GROUP_ORDER = ["access", "email", "youtube", "quota", "backfill", "shorts", "batch"]; type SaveState = "idle" | "saving" | "saved" | "error"; export default function ConfigPanel() { @@ -58,6 +58,8 @@ export default function ConfigPanel() { if (it.secret) { if (secretReset[key] && !raw.trim()) await api.resetConfig(key); else if (raw.trim()) await api.setConfig(key, raw); + } else if (it.type === "bool") { + await api.setConfig(key, raw === "true"); } else if (raw === "") { if (it.is_set) await api.resetConfig(key); // cleared → fall back to default } else { @@ -191,6 +193,7 @@ function Field({ }) { const { t } = useTranslation(); const isNum = item.type === "int"; + const isBool = item.type === "bool"; const secretDisabled = item.secret && !secretsManageable; // Status line: never reveal a secret's value. @@ -210,8 +213,9 @@ function Field({ } // Reset affordance shows when a DB override exists: clears a non-secret to its default, or - // toggles a secret's reset-on-save (applied on Save, not immediately). - const showReset = item.is_set; + // toggles a secret's reset-on-save (applied on Save, not immediately). A boolean toggle is + // its own control — storing its value is equivalent to the default, so no reset link. + const showReset = item.is_set && !isBool; return (
@@ -224,16 +228,20 @@ function Field({
- onChange(e.target.value)} - min={isNum && item.min != null ? item.min : undefined} - max={isNum && item.max != null ? item.max : undefined} - placeholder={item.secret ? "••••••••" : String(item.default ?? "")} - className="w-52 bg-card border border-border rounded-xl px-3 py-1.5 text-sm outline-none focus:border-accent disabled:opacity-50" - /> + {isBool ? ( + onChange(v ? "true" : "false")} /> + ) : ( + onChange(e.target.value)} + min={isNum && item.min != null ? item.min : undefined} + max={isNum && item.max != null ? item.max : undefined} + placeholder={item.secret ? "••••••••" : String(item.default ?? "")} + className="w-52 bg-card border border-border rounded-xl px-3 py-1.5 text-sm outline-none focus:border-accent disabled:opacity-50" + /> + )} {showReset && !secretDisabled && ( + ); +} diff --git a/frontend/src/components/Header.tsx b/frontend/src/components/Header.tsx index c366c1c..b0f1b4b 100644 --- a/frontend/src/components/Header.tsx +++ b/frontend/src/components/Header.tsx @@ -77,7 +77,9 @@ export default function Header({ ? t("header.scheduler") : page === "config" ? t("header.configuration") - : t("header.channelManager")} + : page === "users" + ? t("header.users") + : t("header.channelManager")}
)} diff --git a/frontend/src/components/NavSidebar.tsx b/frontend/src/components/NavSidebar.tsx index 269c0b7..5e6251f 100644 --- a/frontend/src/components/NavSidebar.tsx +++ b/frontend/src/components/NavSidebar.tsx @@ -15,6 +15,7 @@ import { Settings, Shield, SlidersHorizontal, + Users, Tv, UserPlus, } from "lucide-react"; @@ -142,6 +143,7 @@ export default function NavSidebar({ ? [ { page: "scheduler", icon: Activity, label: t("header.account.scheduler") }, { page: "config", icon: SlidersHorizontal, label: t("header.account.config") }, + { page: "users", icon: Users, label: t("header.account.users") }, ] : []; diff --git a/frontend/src/components/SettingsPanel.tsx b/frontend/src/components/SettingsPanel.tsx index c92ddbe..03e108b 100644 --- a/frontend/src/components/SettingsPanel.tsx +++ b/frontend/src/components/SettingsPanel.tsx @@ -1,13 +1,11 @@ -import { useCallback, useEffect, useState, useSyncExternalStore } from "react"; +import { useState } from "react"; import { useTranslation } from "react-i18next"; -import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"; -import { Bell, Check, Monitor, RotateCcw, Save, Trash2, User, UserPlus, X } from "lucide-react"; +import { Bell, Check, Monitor, RotateCcw, Save, User } from "lucide-react"; import { SCHEMES, type Scheme, type ThemePrefs } from "../lib/theme"; -import { api, type Invite, type Me } from "../lib/api"; +import { type Me } from "../lib/api"; import Avatar from "./Avatar"; import { notify, type NotifSettings } from "../lib/notifications"; import Tooltip from "./Tooltip"; -import { useConfirm } from "./ConfirmProvider"; // The Settings page edits server-persisted preferences as a draft: changes apply locally // for instant preview but reach the server only on an explicit Save (or revert on Discard). @@ -412,265 +410,6 @@ function Account({ me, onOpenWizard }: { me: Me; onOpenWizard: () => void }) { )} - {me.role === "admin" && } - {me.role === "admin" && } ); } - -function AdminInvites() { - const { t } = useTranslation(); - const qc = useQueryClient(); - const invites = useQuery({ queryKey: ["admin-invites"], queryFn: () => api.adminInvites() }); - const [newEmail, setNewEmail] = useState(""); - const refresh = () => { - qc.invalidateQueries({ queryKey: ["admin-invites"] }); - qc.invalidateQueries({ queryKey: ["me"] }); // updates the pending badge - }; - const approve = useMutation({ - mutationFn: (id: number) => api.approveInvite(id), - onSuccess: () => { - refresh(); - notify({ level: "success", message: t("settings.invites.approved") }); - }, - onError: () => notify({ level: "error", message: t("settings.invites.approveFailed") }), - }); - const deny = useMutation({ - mutationFn: (id: number) => api.denyInvite(id), - onSuccess: refresh, - onError: () => notify({ level: "error", message: t("settings.invites.denyFailed") }), - }); - const add = useMutation({ - mutationFn: (email: string) => api.addInvite(email), - onSuccess: () => { - setNewEmail(""); - refresh(); - notify({ level: "success", message: t("settings.invites.addedToWhitelist") }); - }, - onError: () => notify({ level: "error", message: t("settings.invites.addFailed") }), - }); - - const list = invites.data ?? []; - const pending = list.filter((i) => i.status === "pending"); - const decided = list.filter((i) => i.status !== "pending"); - - return ( -
- {pending.length === 0 ? ( -

{t("settings.invites.noPending")}

- ) : ( -
- {pending.map((i) => ( - approve.mutate(i.id)} - onDeny={() => deny.mutate(i.id)} - busy={approve.isPending || deny.isPending} - /> - ))} -
- )} - -
{ - e.preventDefault(); - if (newEmail.trim()) add.mutate(newEmail.trim()); - }} - className="flex items-center gap-2 mt-3" - > - setNewEmail(e.target.value)} - placeholder={t("settings.invites.addPlaceholder")} - className="flex-1 min-w-0 bg-card border border-border rounded-xl px-3 py-2 text-sm outline-none focus:border-accent" - /> - -
- - {decided.length > 0 && ( -
- - {t("settings.invites.decided", { count: decided.length })} - -
- {decided.map((i) => ( -
- {i.email} - - {i.status} - -
- ))} -
-
- )} -
- ); -} - -function AdminDemo() { - const { t } = useTranslation(); - const qc = useQueryClient(); - const confirm = useConfirm(); - const list = useQuery({ queryKey: ["demo-whitelist"], queryFn: () => api.adminDemoWhitelist() }); - const [newEmail, setNewEmail] = useState(""); - - const add = useMutation({ - mutationFn: (email: string) => api.addDemoWhitelist(email), - onSuccess: () => { - setNewEmail(""); - qc.invalidateQueries({ queryKey: ["demo-whitelist"] }); - notify({ level: "success", message: t("settings.demo.added") }); - }, - onError: () => notify({ level: "error", message: t("settings.demo.addFailed") }), - }); - const remove = useMutation({ - mutationFn: (id: number) => api.removeDemoWhitelist(id), - onSuccess: () => qc.invalidateQueries({ queryKey: ["demo-whitelist"] }), - onError: () => notify({ level: "error", message: t("settings.demo.removeFailed") }), - }); - const reset = useMutation({ - mutationFn: () => api.resetDemo(), - onSuccess: (r: { playlists_seeded: number }) => - notify({ - level: "success", - message: t("settings.demo.resetDone", { count: r.playlists_seeded }), - }), - onError: () => notify({ level: "error", message: t("settings.demo.resetFailed") }), - }); - - const rows = list.data ?? []; - - return ( -
-

{t("settings.demo.intro")}

- - {rows.length > 0 && ( -
- {rows.map((r) => ( -
-
-
{r.email}
- {r.added_by && ( -
- {t("settings.demo.addedBy", { who: r.added_by })} -
- )} -
- - - -
- ))} -
- )} - -
{ - e.preventDefault(); - if (newEmail.trim()) add.mutate(newEmail.trim()); - }} - className="flex items-center gap-2" - > - setNewEmail(e.target.value)} - placeholder={t("settings.demo.addPlaceholder")} - className="flex-1 min-w-0 bg-card border border-border rounded-xl px-3 py-2 text-sm outline-none focus:border-accent" - /> - -
- -
- - - -
-
- ); -} - -function InviteRow({ - inv, - onApprove, - onDeny, - busy, -}: { - inv: Invite; - onApprove: () => void; - onDeny: () => void; - busy: boolean; -}) { - const { t } = useTranslation(); - return ( -
-
-
{inv.email}
- {inv.requested_at && ( -
- {t("settings.invites.requested", { - time: new Date(inv.requested_at).toLocaleString(), - })} -
- )} -
- - - - - - -
- ); -} diff --git a/frontend/src/i18n/locales/de/config.json b/frontend/src/i18n/locales/de/config.json index e9913cd..2391983 100644 --- a/frontend/src/i18n/locales/de/config.json +++ b/frontend/src/i18n/locales/de/config.json @@ -2,6 +2,7 @@ "intro": "In der Datenbank gespeicherte Betriebseinstellungen — sie überschreiben die Datei-/Env-Standardwerte und wirken ohne erneutes Deployment. Lass ein Feld leer (oder setze es zurück), um auf den Standard zurückzufallen.", "loading": "Konfiguration wird geladen…", "groups": { + "access": "Zugang", "email": "E-Mail / SMTP", "youtube": "YouTube-API", "quota": "Kontingent", @@ -23,7 +24,8 @@ "shorts_probe_batch": { "label": "Shorts-Prüfung — Stapelgröße", "hint": "Wie viele Videos pro Lauf klassifiziert werden." }, "enrich_batch_size": { "label": "Anreicherungs-Stapelgröße", "hint": "videos.list-IDs pro Aufruf (YouTube begrenzt auf 50)." }, "autotag_title_sample": { "label": "Auto-Tag-Titelstichprobe", "hint": "Pro Kanal abgetastete aktuelle Videotitel zur Spracherkennung." }, - "youtube_api_key": { "label": "YouTube-API-Schlüssel", "hint": "Optional. Für öffentliche Lesezugriffe (Kanäle/Videos), damit gemeinsames Nachladen nicht vom OAuth eines Nutzers abhängt. Verschlüsselt gespeichert; nur schreibbar." } + "youtube_api_key": { "label": "YouTube-API-Schlüssel", "hint": "Optional. Für öffentliche Lesezugriffe (Kanäle/Videos), damit gemeinsames Nachladen nicht vom OAuth eines Nutzers abhängt. Verschlüsselt gespeichert; nur schreibbar." }, + "allow_registration": { "label": "Registrierung erlauben", "hint": "Wenn aktiviert, kann jeder eine E-Mail+Passwort-Registrierung einreichen. Für die Anmeldung sind weiterhin E-Mail-Bestätigung und Admin-Freigabe nötig." } }, "save": "Speichern", "saving": "Speichern…", diff --git a/frontend/src/i18n/locales/de/header.json b/frontend/src/i18n/locales/de/header.json index 7c10542..9f43be2 100644 --- a/frontend/src/i18n/locales/de/header.json +++ b/frontend/src/i18n/locales/de/header.json @@ -5,6 +5,7 @@ "usageStats": "Nutzung & Statistik", "scheduler": "Planer", "configuration": "Konfiguration", + "users": "Benutzer", "scope": { "label": "Feed-Quelle", "my": "Meine", @@ -20,6 +21,7 @@ "stats": "Statistik", "scheduler": "Planer", "config": "Konfiguration", + "users": "Benutzer", "settings": "Einstellungen", "about": "Über", "signOut": "Abmelden", diff --git a/frontend/src/i18n/locales/de/users.json b/frontend/src/i18n/locales/de/users.json new file mode 100644 index 0000000..e115bb7 --- /dev/null +++ b/frontend/src/i18n/locales/de/users.json @@ -0,0 +1,21 @@ +{ + "roles": { + "title": "Benutzer & Rollen", + "intro": "Alle, die sich anmelden können. Mache einen Benutzer zum Admin oder wieder zum normalen Benutzer.", + "empty": "Noch keine Benutzer.", + "you": "du", + "admin": "Admin", + "demo": "Demo", + "pending": "Wartet auf Freigabe", + "unverified": "E-Mail nicht bestätigt", + "demoLocked": "Die Rolle des Demo-Kontos kann nicht geändert werden.", + "selfLocked": "Du kannst deine eigene Rolle nicht ändern.", + "makeAdmin": "Zum Admin machen", + "makeUser": "Zum Benutzer machen", + "updated": "Rolle aktualisiert", + "promoteTitle": "Zum Admin machen?", + "demoteTitle": "Admin entfernen?", + "promoteConfirm": "{{email}} vollen Admin-Zugriff geben (Einstellungen, Planer, Benutzerverwaltung)?", + "demoteConfirm": "{{email}} den Admin-Zugriff entziehen? Wird zum normalen Benutzer." + } +} diff --git a/frontend/src/i18n/locales/en/config.json b/frontend/src/i18n/locales/en/config.json index c189cea..a035167 100644 --- a/frontend/src/i18n/locales/en/config.json +++ b/frontend/src/i18n/locales/en/config.json @@ -2,6 +2,7 @@ "intro": "Operational settings stored in the database — these override the file/env defaults and take effect without a redeploy. Leave a field empty (or reset it) to fall back to the default.", "loading": "Loading configuration…", "groups": { + "access": "Access", "email": "Email / SMTP", "youtube": "YouTube API", "quota": "Quota", @@ -23,7 +24,8 @@ "shorts_probe_batch": { "label": "Shorts probe — batch size", "hint": "How many videos to classify per run." }, "enrich_batch_size": { "label": "Enrichment batch size", "hint": "videos.list ids per call (YouTube caps this at 50)." }, "autotag_title_sample": { "label": "Auto-tag title sample", "hint": "Recent video titles sampled per channel for language detection." }, - "youtube_api_key": { "label": "YouTube API key", "hint": "Optional. Used for public reads (channels/videos) so shared backfill doesn't depend on a user's OAuth. Stored encrypted; write-only." } + "youtube_api_key": { "label": "YouTube API key", "hint": "Optional. Used for public reads (channels/videos) so shared backfill doesn't depend on a user's OAuth. Stored encrypted; write-only." }, + "allow_registration": { "label": "Allow registration", "hint": "When on, anyone can submit an email+password registration. They still need to verify their email and be approved by an admin before they can sign in." } }, "save": "Save", "saving": "Saving…", diff --git a/frontend/src/i18n/locales/en/header.json b/frontend/src/i18n/locales/en/header.json index ce2923c..869c892 100644 --- a/frontend/src/i18n/locales/en/header.json +++ b/frontend/src/i18n/locales/en/header.json @@ -5,6 +5,7 @@ "usageStats": "Usage & stats", "scheduler": "Scheduler", "configuration": "Configuration", + "users": "Users", "scope": { "label": "Feed source", "my": "Mine", @@ -20,6 +21,7 @@ "stats": "Stats", "scheduler": "Scheduler", "config": "Configuration", + "users": "Users", "settings": "Settings", "about": "About", "signOut": "Sign out", diff --git a/frontend/src/i18n/locales/en/users.json b/frontend/src/i18n/locales/en/users.json new file mode 100644 index 0000000..47535f3 --- /dev/null +++ b/frontend/src/i18n/locales/en/users.json @@ -0,0 +1,21 @@ +{ + "roles": { + "title": "Users & roles", + "intro": "Everyone who can sign in. Promote a user to admin, or back to a regular user.", + "empty": "No users yet.", + "you": "you", + "admin": "Admin", + "demo": "Demo", + "pending": "Pending approval", + "unverified": "Unverified email", + "demoLocked": "The demo account's role can't be changed.", + "selfLocked": "You can't change your own role.", + "makeAdmin": "Make admin", + "makeUser": "Make user", + "updated": "Role updated", + "promoteTitle": "Make admin?", + "demoteTitle": "Remove admin?", + "promoteConfirm": "Give {{email}} full admin access (settings, scheduler, user management)?", + "demoteConfirm": "Remove admin access from {{email}}? They'll become a regular user." + } +} diff --git a/frontend/src/i18n/locales/hu/config.json b/frontend/src/i18n/locales/hu/config.json index 21db136..13795e2 100644 --- a/frontend/src/i18n/locales/hu/config.json +++ b/frontend/src/i18n/locales/hu/config.json @@ -2,6 +2,7 @@ "intro": "Az adatbázisban tárolt működési beállítások — felülírják a fájl/env alapértékeket, és újratelepítés nélkül lépnek életbe. Hagyd üresen (vagy állítsd vissza) a mezőt az alapértékhez való visszatéréshez.", "loading": "Konfiguráció betöltése…", "groups": { + "access": "Hozzáférés", "email": "E-mail / SMTP", "youtube": "YouTube API", "quota": "Kvóta", @@ -23,7 +24,8 @@ "shorts_probe_batch": { "label": "Shorts-vizsgálat — kötegméret", "hint": "Futásonként ennyi videót osztályozunk." }, "enrich_batch_size": { "label": "Gazdagítási kötegméret", "hint": "videos.list azonosítók hívásonként (a YouTube 50-ben maximálja)." }, "autotag_title_sample": { "label": "Auto-címke címmintavétel", "hint": "Csatornánként ennyi friss videócímet mintázunk a nyelvfelismeréshez." }, - "youtube_api_key": { "label": "YouTube API-kulcs", "hint": "Opcionális. Publikus olvasásokhoz (csatornák/videók), hogy a megosztott letöltés ne függjön egy felhasználó OAuth-jától. Titkosítva tárolva; csak írható." } + "youtube_api_key": { "label": "YouTube API-kulcs", "hint": "Opcionális. Publikus olvasásokhoz (csatornák/videók), hogy a megosztott letöltés ne függjön egy felhasználó OAuth-jától. Titkosítva tárolva; csak írható." }, + "allow_registration": { "label": "Regisztráció engedélyezése", "hint": "Bekapcsolva bárki beküldhet email+jelszó regisztrációt. Belépéshez továbbra is email-igazolás és admin-jóváhagyás szükséges." } }, "save": "Mentés", "saving": "Mentés…", diff --git a/frontend/src/i18n/locales/hu/header.json b/frontend/src/i18n/locales/hu/header.json index ec12128..db08d44 100644 --- a/frontend/src/i18n/locales/hu/header.json +++ b/frontend/src/i18n/locales/hu/header.json @@ -5,6 +5,7 @@ "usageStats": "Használat és statisztika", "scheduler": "Ütemező", "configuration": "Konfiguráció", + "users": "Felhasználók", "scope": { "label": "Hírfolyam forrása", "my": "Sajátom", @@ -20,6 +21,7 @@ "stats": "Statisztika", "scheduler": "Ütemező", "config": "Konfiguráció", + "users": "Felhasználók", "settings": "Beállítások", "about": "Névjegy", "signOut": "Kijelentkezés", diff --git a/frontend/src/i18n/locales/hu/users.json b/frontend/src/i18n/locales/hu/users.json new file mode 100644 index 0000000..2a8713a --- /dev/null +++ b/frontend/src/i18n/locales/hu/users.json @@ -0,0 +1,21 @@ +{ + "roles": { + "title": "Felhasználók és szerepek", + "intro": "Mindenki, aki be tud lépni. Léptess egy felhasználót adminná, vagy vissza sima felhasználóvá.", + "empty": "Még nincs felhasználó.", + "you": "te", + "admin": "Admin", + "demo": "Demo", + "pending": "Jóváhagyásra vár", + "unverified": "Nem igazolt e-mail", + "demoLocked": "A demo fiók szerepe nem módosítható.", + "selfLocked": "A saját szerepedet nem módosíthatod.", + "makeAdmin": "Adminná tesz", + "makeUser": "Felhasználóvá tesz", + "updated": "Szerep frissítve", + "promoteTitle": "Adminná teszed?", + "demoteTitle": "Elveszed az admin jogot?", + "promoteConfirm": "Teljes admin hozzáférést adsz neki: {{email}} (beállítások, ütemező, felhasználókezelés)?", + "demoteConfirm": "Elveszed az admin jogot tőle: {{email}}? Sima felhasználó lesz." + } +} diff --git a/frontend/src/lib/api.ts b/frontend/src/lib/api.ts index 7372458..eb4676b 100644 --- a/frontend/src/lib/api.ts +++ b/frontend/src/lib/api.ts @@ -458,6 +458,20 @@ export interface SystemConfigData { secrets_manageable: boolean; } +// Admin Users & roles page. +export interface AdminUserRow { + id: number; + email: string; + display_name: string | null; + role: string; // "user" | "admin" + is_active: boolean; + email_verified: boolean; + is_demo: boolean; + has_password: boolean; + has_google: boolean; + created_at: string | null; +} + export const api = { me: (): Promise => req("/api/me"), accounts: (): Promise => req("/api/me/accounts"), @@ -574,6 +588,10 @@ export const api = { req(`/api/admin/config/${key}`, { method: "DELETE" }), testEmail: (): Promise<{ sent: boolean; to: string }> => req("/api/admin/config/test-email", { method: "POST" }), + // --- admin: users & roles --- + adminUsers: (): Promise => req("/api/admin/users"), + setUserRole: (id: number, role: "user" | "admin"): Promise => + req(`/api/admin/users/${id}/role`, { method: "PATCH", body: JSON.stringify({ role }) }), schedulerStatus: (): Promise => req("/api/admin/scheduler"), updateSchedulerJob: (jobId: string, intervalMinutes: number): Promise<{ id: string; interval_minutes: number }> => req(`/api/admin/scheduler/jobs/${jobId}`, { diff --git a/frontend/src/lib/urlState.ts b/frontend/src/lib/urlState.ts index e1ff998..c80d343 100644 --- a/frontend/src/lib/urlState.ts +++ b/frontend/src/lib/urlState.ts @@ -89,6 +89,7 @@ export const PAGES = [ "settings", "scheduler", "config", + "users", "notifications", ] as const;