AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/app/web/templates/admin_permissions.html
ZdenekSrotyr 2e7d5d1fe9 feat: access request UI — catalog badges, request modal, admin approval page 
Backend:
- access_requests table in DuckDB schema
- AccessRequestRepository with create/approve/deny/list
- API: POST/GET /api/access-requests (submit, my requests, pending, approve, deny)

UI:
- Catalog: lock icon on private tables, "Request Access" button + modal
- Catalog: "Pending" badge for tables with pending requests
- Admin permissions page (/admin/permissions): approve/deny requests,
  grant/revoke permissions, view all user permissions
- Cross-navigation between admin/tables and admin/permissions

733 tests passing.
2026-03-31 12:45:29 +02:00

1240 lines
41 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Permissions Management - {{ config.INSTANCE_NAME }}</title>
{% if not config.THEME_FONT_URL %}
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
{% endif %}
<style>
:root {
/* Colors - Design System */
--primary: #0073D1;
--primary-light: rgba(0, 115, 209, 0.1);
--text-primary: #1A253C;
--text-secondary: #6B7280;
--background: #F5F7FA;
--surface: #FFFFFF;
--border: #E5E7EB;
--border-light: #F3F4F6;
--success: #10B77F;
--success-light: rgba(16, 183, 127, 0.1);
--warning: #F59F0A;
--warning-light: rgba(245, 159, 10, 0.1);
--error: #EA580C;
--error-light: rgba(234, 88, 12, 0.1);
/* Typography */
--font-primary: 'Inter', system-ui, sans-serif;
--font-mono: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
/* Shadows */
--shadow-sm: rgba(0, 0, 0, 0.05) 0px 1px 2px 0px;
--shadow-md: rgba(0, 0, 0, 0.1) 0px 4px 6px -1px;
}
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: var(--font-primary);
font-size: 14px;
color: var(--text-primary);
background: var(--background);
line-height: 1.5;
}
/* ── Header ── */
.header {
background: var(--surface);
border-bottom: 1px solid var(--border);
padding: 0 32px;
height: 72px;
display: flex;
align-items: center;
justify-content: space-between;
position: sticky;
top: 0;
z-index: 100;
}
.header-left {
display: flex;
align-items: center;
gap: 16px;
}
.header-back {
display: flex;
align-items: center;
justify-content: center;
width: 32px;
height: 32px;
border-radius: 6px;
color: var(--text-secondary);
text-decoration: none;
transition: all 0.15s ease;
}
.header-back:hover {
background: var(--border-light);
color: var(--text-primary);
}
.header-logo-group {
display: flex;
flex-direction: column;
justify-content: center;
gap: 2px;
}
.header-logo svg {
display: block;
}
.header-subtitle {
font-size: 11px;
font-weight: 500;
color: var(--text-secondary);
letter-spacing: 0.4px;
text-transform: uppercase;
margin-top: 2px;
}
.header-right {
display: flex;
align-items: center;
gap: 12px;
font-size: 12px;
color: var(--text-secondary);
}
.header-nav-link {
font-size: 12px;
font-weight: 500;
color: var(--primary);
text-decoration: none;
padding: 6px 12px;
border-radius: 6px;
transition: all 0.15s ease;
}
.header-nav-link:hover {
background: var(--primary-light);
}
/* ── Page Title ── */
.page-title {
max-width: 1000px;
margin: 0 auto;
padding: 32px 24px 24px;
}
.page-title h1 {
font-size: 24px;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 4px;
}
.page-title p {
font-size: 14px;
color: var(--text-secondary);
}
/* ── Content Layout ── */
.content {
max-width: 1000px;
margin: 0 auto;
padding: 0 24px 32px;
display: flex;
flex-direction: column;
gap: 24px;
}
/* ── Panel ── */
.panel {
background: var(--surface);
border: 1px solid var(--border);
border-radius: 12px;
overflow: hidden;
box-shadow: var(--shadow-sm);
}
.panel-header {
display: flex;
align-items: center;
justify-content: space-between;
padding: 20px 24px;
border-bottom: 1px solid var(--border-light);
}
.panel-header-left {
display: flex;
align-items: center;
gap: 12px;
}
.panel-header-icon {
width: 36px;
height: 36px;
border-radius: 8px;
display: flex;
align-items: center;
justify-content: center;
flex-shrink: 0;
}
.panel-title {
font-size: 16px;
font-weight: 600;
color: var(--text-primary);
}
.panel-subtitle {
font-size: 13px;
color: var(--text-secondary);
margin-top: 1px;
}
.panel-body {
padding: 20px 24px;
}
.panel-body-empty {
padding: 40px 24px;
text-align: center;
color: var(--text-secondary);
font-size: 13px;
}
/* ── Buttons ── */
.btn {
display: inline-flex;
align-items: center;
gap: 6px;
padding: 8px 16px;
border: none;
border-radius: 8px;
font-family: var(--font-primary);
font-size: 13px;
font-weight: 500;
cursor: pointer;
transition: all 0.15s ease;
white-space: nowrap;
}
.btn-primary {
background: var(--primary);
color: white;
}
.btn-primary:hover {
background: #005FA8;
}
.btn-primary:disabled {
opacity: 0.6;
cursor: not-allowed;
}
.btn-secondary {
background: var(--border-light);
color: var(--text-primary);
}
.btn-secondary:hover {
background: var(--border);
}
.btn-success {
background: var(--success-light);
color: #065F46;
}
.btn-success:hover {
background: rgba(16, 183, 127, 0.2);
}
.btn-danger {
background: var(--error-light);
color: var(--error);
}
.btn-danger:hover {
background: rgba(234, 88, 12, 0.2);
}
.btn-sm {
padding: 5px 10px;
font-size: 12px;
border-radius: 6px;
}
.btn-icon {
width: 28px;
height: 28px;
padding: 0;
display: flex;
align-items: center;
justify-content: center;
border-radius: 6px;
background: none;
border: none;
cursor: pointer;
color: var(--text-secondary);
transition: all 0.15s ease;
}
.btn-icon:hover {
background: var(--border-light);
color: var(--text-primary);
}
.btn-icon.danger:hover {
background: var(--error-light);
color: var(--error);
}
/* ── Badges ── */
.badge {
flex-shrink: 0;
font-size: 11px;
font-weight: 500;
border-radius: 6px;
padding: 3px 8px;
white-space: nowrap;
}
.badge-count {
background: var(--warning-light);
color: #92400E;
font-weight: 600;
min-width: 22px;
text-align: center;
}
.badge-read {
background: var(--primary-light);
color: var(--primary);
}
.badge-pending {
background: var(--warning-light);
color: #92400E;
}
/* ── Spinner ── */
.spinner {
display: inline-block;
width: 18px;
height: 18px;
border: 2px solid var(--border);
border-top-color: var(--primary);
border-radius: 50%;
animation: spin 0.6s linear infinite;
}
@keyframes spin {
to { transform: rotate(360deg); }
}
.spinner-lg {
width: 32px;
height: 32px;
border-width: 3px;
}
/* ── Loading state ── */
.loading-state {
display: flex;
flex-direction: column;
align-items: center;
gap: 12px;
padding: 40px 24px;
color: var(--text-secondary);
font-size: 13px;
}
/* ── Toast notification ── */
.toast {
position: fixed;
top: 84px;
right: 24px;
z-index: 200;
background: var(--surface);
border: 1px solid var(--border);
border-radius: 10px;
box-shadow: var(--shadow-md);
padding: 12px 16px;
display: flex;
align-items: center;
gap: 10px;
font-size: 13px;
transform: translateX(120%);
transition: transform 0.3s ease;
max-width: 360px;
}
.toast.visible {
transform: translateX(0);
}
.toast-success {
border-left: 3px solid var(--success);
}
.toast-error {
border-left: 3px solid var(--error);
}
.toast-icon {
width: 20px;
height: 20px;
flex-shrink: 0;
}
/* ── Request cards ── */
.request-card {
display: flex;
align-items: flex-start;
gap: 14px;
padding: 16px 0;
border-bottom: 1px solid var(--border-light);
}
.request-card:last-child {
border-bottom: none;
}
.request-avatar {
width: 36px;
height: 36px;
border-radius: 50%;
background: var(--primary-light);
color: var(--primary);
display: flex;
align-items: center;
justify-content: center;
font-size: 14px;
font-weight: 600;
flex-shrink: 0;
}
.request-info {
flex: 1;
min-width: 0;
}
.request-header {
display: flex;
align-items: center;
gap: 8px;
flex-wrap: wrap;
}
.request-email {
font-weight: 500;
font-size: 13px;
color: var(--text-primary);
}
.request-table {
font-family: var(--font-mono);
font-size: 12px;
color: var(--primary);
background: var(--primary-light);
padding: 1px 7px;
border-radius: 4px;
}
.request-reason {
font-size: 13px;
color: var(--text-secondary);
margin-top: 4px;
line-height: 1.4;
}
.request-time {
font-size: 11px;
color: var(--text-secondary);
margin-top: 4px;
}
.request-actions {
display: flex;
align-items: center;
gap: 8px;
flex-shrink: 0;
padding-top: 2px;
}
/* ── Permissions table ── */
.perm-table {
width: 100%;
border-collapse: collapse;
}
.perm-table th {
text-align: left;
font-size: 11px;
font-weight: 600;
color: var(--text-secondary);
text-transform: uppercase;
letter-spacing: 0.4px;
padding: 10px 16px;
border-bottom: 1px solid var(--border);
background: var(--background);
}
.perm-table td {
padding: 12px 16px;
font-size: 13px;
border-bottom: 1px solid var(--border-light);
vertical-align: middle;
}
.perm-table tr:last-child td {
border-bottom: none;
}
.perm-table tr:hover td {
background: rgba(243, 244, 246, 0.5);
}
.perm-table .col-user {
max-width: 260px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.perm-table .col-dataset {
font-family: var(--font-mono);
font-size: 12px;
max-width: 280px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.perm-table .col-actions {
width: 80px;
text-align: right;
}
/* ── Modal overlay ── */
.modal-overlay {
display: none;
position: fixed;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: rgba(0, 0, 0, 0.5);
z-index: 1000;
padding: 40px 24px;
overflow-y: auto;
}
.modal-overlay.active {
display: flex;
align-items: flex-start;
justify-content: center;
}
.modal {
max-width: 480px;
width: 100%;
background: var(--surface);
border-radius: 12px;
box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
overflow: hidden;
}
.modal-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 20px 24px;
border-bottom: 1px solid var(--border);
background: var(--background);
}
.modal-header h2 {
font-size: 18px;
font-weight: 600;
}
.modal-close {
width: 32px;
height: 32px;
border: none;
background: none;
cursor: pointer;
border-radius: 6px;
display: flex;
align-items: center;
justify-content: center;
color: var(--text-secondary);
transition: all 0.15s;
}
.modal-close:hover {
background: var(--border-light);
color: var(--text-primary);
}
.modal-body {
padding: 24px;
}
.modal-footer {
display: flex;
justify-content: flex-end;
gap: 10px;
padding: 16px 24px;
border-top: 1px solid var(--border);
background: var(--background);
}
/* ── Form ── */
.form-group {
margin-bottom: 18px;
}
.form-group:last-child {
margin-bottom: 0;
}
.form-label {
display: block;
font-size: 13px;
font-weight: 500;
color: var(--text-primary);
margin-bottom: 6px;
}
.form-select {
width: 100%;
padding: 8px 12px;
border: 1px solid var(--border);
border-radius: 8px;
font-family: var(--font-primary);
font-size: 13px;
color: var(--text-primary);
background: var(--surface);
transition: border-color 0.15s;
cursor: pointer;
appearance: none;
background-image: url("data:image/svg+xml,%3Csvg width='12' height='12' viewBox='0 0 24 24' fill='none' stroke='%236B7280' stroke-width='2' stroke-linecap='round' stroke-linejoin='round' xmlns='http://www.w3.org/2000/svg'%3E%3Cpolyline points='6 9 12 15 18 9'/%3E%3C/svg%3E");
background-repeat: no-repeat;
background-position: right 12px center;
padding-right: 32px;
}
.form-select:focus {
outline: none;
border-color: var(--primary);
box-shadow: 0 0 0 3px rgba(0, 115, 209, 0.1);
}
.form-hint {
font-size: 12px;
color: var(--text-secondary);
margin-top: 4px;
}
/* ── Footer ── */
.footer {
text-align: center;
padding: 24px;
color: var(--text-secondary);
font-size: 12px;
}
.footer a {
color: var(--primary);
text-decoration: none;
}
.footer a:hover {
text-decoration: underline;
}
/* ── Responsive ── */
@media (max-width: 640px) {
.header {
padding: 0 16px;
}
.page-title {
padding: 24px 16px 16px;
}
.content {
padding: 0 16px 24px;
}
.panel-header {
flex-direction: column;
align-items: flex-start;
gap: 12px;
}
.request-card {
flex-direction: column;
gap: 10px;
}
.request-actions {
align-self: flex-end;
}
.perm-table .col-user {
max-width: 120px;
}
.perm-table .col-dataset {
max-width: 120px;
}
.modal {
margin: 16px;
}
}
</style>
{% include '_theme.html' %}
</head>
<body>
<!-- HEADER -->
<header class="header">
<div class="header-left">
<a href="{{ url_for('dashboard') }}" class="header-back" title="Back to Dashboard">
<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M19 12H5M12 19l-7-7 7-7"/>
</svg>
</a>
<div class="header-logo-group">
<div class="header-logo">
{{ config.LOGO_SVG | safe }}
</div>
<span class="header-subtitle">Permissions Management</span>
</div>
</div>
<div class="header-right">
<a href="/admin/tables" class="header-nav-link">Table Management</a>
<span>Admin</span>
</div>
</header>
<!-- PAGE TITLE -->
<div class="page-title">
<h1>Permissions Management</h1>
<p>Review access requests and manage user permissions for datasets</p>
</div>
<!-- CONTENT -->
<div class="content">
<!-- Pending Access Requests Panel -->
<div class="panel">
<div class="panel-header">
<div class="panel-header-left">
<div class="panel-header-icon" style="background: var(--warning-light);">
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#92400E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<circle cx="12" cy="12" r="10"/>
<polyline points="12 6 12 12 16 14"/>
</svg>
</div>
<div>
<div class="panel-title">Pending Access Requests</div>
<div class="panel-subtitle">Review and approve or deny user requests</div>
</div>
</div>
<span class="badge badge-count" id="pendingCount" style="display: none;">0</span>
</div>
<div id="pendingContent">
<div class="loading-state" id="pendingLoading">
<div class="spinner spinner-lg"></div>
<span>Loading requests...</span>
</div>
</div>
</div>
<!-- User Permissions Panel -->
<div class="panel">
<div class="panel-header">
<div class="panel-header-left">
<div class="panel-header-icon" style="background: var(--primary-light);">
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="#0073D1" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<rect x="3" y="11" width="18" height="11" rx="2" ry="2"/>
<path d="M7 11V7a5 5 0 0 1 10 0v4"/>
</svg>
</div>
<div>
<div class="panel-title">User Permissions</div>
<div class="panel-subtitle" id="permSubtitle">All granted dataset permissions</div>
</div>
</div>
<div style="display: flex; gap: 8px;">
<button class="btn btn-secondary btn-sm" onclick="loadPermissions()">
<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<polyline points="23 4 23 10 17 10"/>
<path d="M20.49 15a9 9 0 1 1-2.12-9.36L23 10"/>
</svg>
Refresh
</button>
<button class="btn btn-primary btn-sm" onclick="openGrantModal()">
<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<line x1="12" y1="5" x2="12" y2="19"/>
<line x1="5" y1="12" x2="19" y2="12"/>
</svg>
Grant Access
</button>
</div>
</div>
<div id="permContent">
<div class="loading-state" id="permLoading">
<div class="spinner spinner-lg"></div>
<span>Loading permissions...</span>
</div>
</div>
</div>
</div>
<!-- GRANT PERMISSION MODAL -->
<div class="modal-overlay" id="grantModal">
<div class="modal">
<div class="modal-header">
<h2>Grant Access</h2>
<button class="modal-close" onclick="closeGrantModal()">
<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<line x1="18" y1="6" x2="6" y2="18"/>
<line x1="6" y1="6" x2="18" y2="18"/>
</svg>
</button>
</div>
<div class="modal-body">
<div class="form-group">
<label class="form-label" for="grantUser">User</label>
<select class="form-select" id="grantUser">
<option value="">Select a user...</option>
</select>
</div>
<div class="form-group">
<label class="form-label" for="grantDataset">Table / Dataset</label>
<select class="form-select" id="grantDataset">
<option value="">Select a table...</option>
</select>
<div class="form-hint">The table or dataset to grant access to</div>
</div>
<div class="form-group">
<label class="form-label" for="grantAccess">Access Level</label>
<select class="form-select" id="grantAccess">
<option value="read">Read</option>
</select>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-secondary" onclick="closeGrantModal()">Cancel</button>
<button class="btn btn-primary" id="grantSubmitBtn" onclick="submitGrant()">Grant Access</button>
</div>
</div>
</div>
<!-- TOAST -->
<div class="toast" id="toast">
<div class="toast-icon" id="toastIcon"></div>
<span id="toastMessage"></span>
</div>
<!-- FOOTER -->
<footer class="footer">
<a href="{{ url_for('dashboard') }}">Back to Dashboard</a>
</footer>
<script>
/* ═══════════════════════════════════════════════════════════════
Admin Permissions - JavaScript
═══════════════════════════════════════════════════════════════ */
// Cached data
var usersCache = [];
var tablesCache = [];
// ── Toast notification ──────────────────────────────────────
function showToast(message, type) {
var toast = document.getElementById('toast');
var icon = document.getElementById('toastIcon');
var msg = document.getElementById('toastMessage');
toast.className = 'toast toast-' + type;
msg.textContent = message;
if (type === 'success') {
icon.innerHTML = '<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="#10B77F" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg>';
} else {
icon.innerHTML = '<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="#EA580C" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><line x1="15" y1="9" x2="9" y2="15"/><line x1="9" y1="9" x2="15" y2="15"/></svg>';
}
requestAnimationFrame(function() {
toast.classList.add('visible');
});
setTimeout(function() {
toast.classList.remove('visible');
}, 4000);
}
// ── Helpers ─────────────────────────────────────────────────
function escapeHtml(str) {
if (!str) return '';
var div = document.createElement('div');
div.textContent = str;
return div.innerHTML;
}
function timeAgo(isoString) {
if (!isoString) return '';
var date = new Date(isoString);
var now = new Date();
var seconds = Math.floor((now - date) / 1000);
if (seconds < 60) return 'just now';
var minutes = Math.floor(seconds / 60);
if (minutes < 60) return minutes + (minutes === 1 ? ' minute ago' : ' minutes ago');
var hours = Math.floor(minutes / 60);
if (hours < 24) return hours + (hours === 1 ? ' hour ago' : ' hours ago');
var days = Math.floor(hours / 24);
if (days < 30) return days + (days === 1 ? ' day ago' : ' days ago');
var months = Math.floor(days / 30);
return months + (months === 1 ? ' month ago' : ' months ago');
}
function getInitials(email) {
if (!email) return '?';
var name = email.split('@')[0];
var parts = name.split(/[._-]/);
if (parts.length >= 2) {
return (parts[0][0] + parts[1][0]).toUpperCase();
}
return name.substring(0, 2).toUpperCase();
}
function authHeaders() {
var token = document.cookie.split(';').find(function(c) {
return c.trim().startsWith('access_token=');
});
if (token) {
return {
'Authorization': 'Bearer ' + token.split('=')[1].trim(),
'Content-Type': 'application/json',
};
}
return {'Content-Type': 'application/json'};
}
// ── Pending Access Requests ─────────────────────────────────
function loadPending() {
var el = document.getElementById('pendingContent');
el.innerHTML = '<div class="loading-state"><div class="spinner spinner-lg"></div><span>Loading requests...</span></div>';
fetch('/api/access-requests/pending', {headers: authHeaders()})
.then(function(r) {
if (!r.ok) throw new Error('Failed to load requests');
return r.json();
})
.then(function(data) {
renderPending(data.requests || []);
var countEl = document.getElementById('pendingCount');
var count = (data.requests || []).length;
countEl.textContent = count;
countEl.style.display = count > 0 ? 'inline-block' : 'none';
})
.catch(function(err) {
el.innerHTML = '<div class="panel-body-empty" style="color: var(--error);">Failed to load requests: ' + escapeHtml(err.message) + '</div>';
});
}
function renderPending(requests) {
var el = document.getElementById('pendingContent');
if (!requests || requests.length === 0) {
el.innerHTML = '<div class="panel-body-empty">' +
'<svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="var(--text-secondary)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" style="margin-bottom: 8px; opacity: 0.5;"><path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg><br>' +
'No pending access requests' +
'</div>';
return;
}
var html = '<div class="panel-body">';
requests.forEach(function(req) {
var initials = getInitials(req.user_email);
var email = escapeHtml(req.user_email || req.user_id);
var tableId = escapeHtml(req.table_id);
var reason = escapeHtml(req.reason);
var time = timeAgo(req.created_at);
var reqId = escapeHtml(req.id);
html += '<div class="request-card">';
html += '<div class="request-avatar">' + initials + '</div>';
html += '<div class="request-info">';
html += '<div class="request-header">';
html += '<span class="request-email">' + email + '</span>';
html += '<span class="request-table">' + tableId + '</span>';
html += '</div>';
if (reason) {
html += '<div class="request-reason">' + reason + '</div>';
}
if (time) {
html += '<div class="request-time">' + time + '</div>';
}
html += '</div>';
html += '<div class="request-actions">';
html += '<button class="btn btn-success btn-sm" onclick="approveRequest(\'' + reqId + '\')" title="Approve">';
html += '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"/></svg>';
html += ' Approve</button>';
html += '<button class="btn btn-danger btn-sm" onclick="denyRequest(\'' + reqId + '\')" title="Deny">';
html += '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>';
html += ' Deny</button>';
html += '</div>';
html += '</div>';
});
html += '</div>';
el.innerHTML = html;
}
function approveRequest(id) {
fetch('/api/access-requests/' + id + '/approve', {
method: 'POST',
headers: authHeaders(),
})
.then(function(r) {
if (!r.ok) return r.json().then(function(d) { throw new Error(d.detail || 'Approve failed'); });
return r.json();
})
.then(function() {
showToast('Request approved', 'success');
loadPending();
loadPermissions();
})
.catch(function(err) {
showToast('Failed to approve: ' + err.message, 'error');
});
}
function denyRequest(id) {
if (!confirm('Deny this access request?')) return;
fetch('/api/access-requests/' + id + '/deny', {
method: 'POST',
headers: authHeaders(),
})
.then(function(r) {
if (!r.ok) return r.json().then(function(d) { throw new Error(d.detail || 'Deny failed'); });
return r.json();
})
.then(function() {
showToast('Request denied', 'success');
loadPending();
})
.catch(function(err) {
showToast('Failed to deny: ' + err.message, 'error');
});
}
// ── Permissions ─────────────────────────────────────────────
function loadPermissions() {
var el = document.getElementById('permContent');
el.innerHTML = '<div class="loading-state"><div class="spinner spinner-lg"></div><span>Loading permissions...</span></div>';
fetch('/api/admin/permissions', {headers: authHeaders()})
.then(function(r) {
if (!r.ok) throw new Error('Failed to load permissions');
return r.json();
})
.then(function(data) {
renderPermissions(data.permissions || []);
var count = (data.permissions || []).length;
document.getElementById('permSubtitle').textContent = count + ' permission' + (count !== 1 ? 's' : '') + ' granted';
})
.catch(function(err) {
el.innerHTML = '<div class="panel-body-empty" style="color: var(--error);">Failed to load permissions: ' + escapeHtml(err.message) + '</div>';
});
}
function renderPermissions(permissions) {
var el = document.getElementById('permContent');
if (!permissions || permissions.length === 0) {
el.innerHTML = '<div class="panel-body-empty">' +
'No permissions granted yet. Use "Grant Access" to add permissions.' +
'</div>';
return;
}
var html = '<table class="perm-table">';
html += '<thead><tr>';
html += '<th>User</th>';
html += '<th>Dataset / Table</th>';
html += '<th>Access</th>';
html += '<th class="col-actions"></th>';
html += '</tr></thead>';
html += '<tbody>';
permissions.forEach(function(p) {
var userId = escapeHtml(p.user_id);
var dataset = escapeHtml(p.dataset);
var access = escapeHtml(p.access || 'read');
html += '<tr>';
html += '<td class="col-user">' + userId + '</td>';
html += '<td class="col-dataset">' + dataset + '</td>';
html += '<td><span class="badge badge-read">' + access + '</span></td>';
html += '<td class="col-actions">';
html += '<button class="btn-icon danger" onclick="revokePermission(\'' + userId + '\', \'' + dataset + '\')" title="Revoke access">';
html += '<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="3 6 5 6 21 6"/><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"/></svg>';
html += '</button>';
html += '</td>';
html += '</tr>';
});
html += '</tbody></table>';
el.innerHTML = html;
}
function revokePermission(userId, dataset) {
if (!confirm('Revoke access for "' + userId + '" to "' + dataset + '"?')) return;
fetch('/api/admin/permissions', {
method: 'DELETE',
headers: authHeaders(),
body: JSON.stringify({user_id: userId, dataset: dataset, access: 'none'}),
})
.then(function(r) {
if (!r.ok) return r.json().then(function(d) { throw new Error(d.detail || 'Revoke failed'); });
return r.json();
})
.then(function() {
showToast('Permission revoked', 'success');
loadPermissions();
})
.catch(function(err) {
showToast('Failed to revoke: ' + err.message, 'error');
});
}
// ── Grant Modal ─────────────────────────────────────────────
function openGrantModal() {
document.getElementById('grantModal').classList.add('active');
loadModalData();
}
function closeGrantModal() {
document.getElementById('grantModal').classList.remove('active');
}
function loadModalData() {
// Load users
fetch('/api/users', {headers: authHeaders()})
.then(function(r) { return r.ok ? r.json() : []; })
.then(function(users) {
usersCache = Array.isArray(users) ? users : [];
var select = document.getElementById('grantUser');
select.innerHTML = '<option value="">Select a user...</option>';
usersCache.forEach(function(u) {
var opt = document.createElement('option');
opt.value = u.id;
opt.textContent = u.email + (u.name ? ' (' + u.name + ')' : '');
select.appendChild(opt);
});
})
.catch(function() {});
// Load tables from admin registry
fetch('/api/admin/registered-tables', {headers: authHeaders()})
.then(function(r) { return r.ok ? r.json() : {tables: []}; })
.then(function(data) {
tablesCache = data.tables || [];
var select = document.getElementById('grantDataset');
select.innerHTML = '<option value="">Select a table...</option>';
tablesCache.forEach(function(t) {
var opt = document.createElement('option');
opt.value = t.id || t.name;
opt.textContent = t.name || t.id;
select.appendChild(opt);
});
})
.catch(function() {});
}
function submitGrant() {
var userId = document.getElementById('grantUser').value;
var dataset = document.getElementById('grantDataset').value;
var access = document.getElementById('grantAccess').value;
if (!userId || !dataset) {
showToast('Please select a user and a table', 'error');
return;
}
var btn = document.getElementById('grantSubmitBtn');
btn.disabled = true;
btn.textContent = 'Granting...';
fetch('/api/admin/permissions', {
method: 'POST',
headers: authHeaders(),
body: JSON.stringify({user_id: userId, dataset: dataset, access: access}),
})
.then(function(r) {
if (!r.ok) return r.json().then(function(d) { throw new Error(d.detail || 'Grant failed'); });
return r.json();
})
.then(function() {
showToast('Access granted', 'success');
closeGrantModal();
loadPermissions();
})
.catch(function(err) {
showToast('Failed to grant: ' + err.message, 'error');
})
.finally(function() {
btn.disabled = false;
btn.textContent = 'Grant Access';
});
}
// Close modal on backdrop click
document.getElementById('grantModal').addEventListener('click', function(e) {
if (e.target === this) closeGrantModal();
});
// Close modal on Escape key
document.addEventListener('keydown', function(e) {
if (e.key === 'Escape') closeGrantModal();
});
// ── Init ────────────────────────────────────────────────────
loadPending();
loadPermissions();
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink