e2cbb83397
A bundle of related portal work — picked up while ensuring per-customer
isolation actually works end-to-end and replacing the placeholder Client
landing page. Build green, full test suite 66/66.
Frontend — Client surface
- DashboardPage: replace placeholder with 4 KPI cards (kWh, current kW,
active devices, estimated cost), 24h active-power ECharts mini-chart,
per-device "today/range" table, and a date-range picker with shortcuts
(Today / 7d / 30d / This month / Custom). 30s auto-refresh.
- New Measurements page (/measurements, Client mode, any authenticated
user) with multi-select device filter, full date range incl. an
"All time" shortcut, server-paginated preview, and Excel export.
- "Export to Excel" buttons on: Client Dashboard summary, Client Dashboard
raw measurements, Admin fleet dashboard, Admin customer-detail Cost tab.
- DashboardsPage sidebar items: let the menu item grow and reset
line-height so the two-line title+description doesn't crush.
Frontend — Admin / user mgmt
- RestrictedAdmin role: admin who only sees their assigned customers.
New UserFormDrawer choice + CustomerAccessModal for granting/revoking
per-customer access; surfaced from the Users page.
Backend
- ClosedXML 0.104.2 + ExcelExportService (pure formatter; frozen header,
currency/kWh/kW/date number formats, AdjustToContents).
- DashboardSummaryService computes per-device totals + estimated cost
(hourly bucketing × site's municipality's active tariff, mirroring
FleetCostService for the Admin side).
- New endpoints:
GET /api/dashboard/summary[+/export.xlsx]
GET /api/measurements/raw[+/export.xlsx] (deviceIds, paginated)
GET /api/sites/devices (flat list w/ site name)
GET /api/fleet/dashboard/export.xlsx
GET /api/fleet/customers/{id}/cost/export.xlsx
GET /api/auth/check (cookie-only liveness)
- AdminCustomerAccess: per-user customer scoping for RestrictedAdmin via
Postgres-row-level filter — RlsContext (per-DI-scope state) +
CustomerFilterMiddleware (populates from claims after auth) +
fleet.* DbSets gain HasQueryFilter expressions. Bootstrappers
Elevate() to bypass the filter for trusted system code.
- Migration: 20260518095759_AddAdminCustomerAccess (mapping table,
composite PK on UserId+CustomerId).
Infra / templating (the "spin it up via the template" piece)
- docker-compose.prod.yml + docker-compose.yml: pass WhiteLabel__*,
Application__RunMode, FleetIngest__* through to the container as
${VAR:-default} substitutions. Previously these were silently dropped
in prod — a customer's .env settings for branding/fleet-push never
reached the running process. Latent bug, fixed.
- docker-compose.prod.yml: forwardAuth middleware labels on the
Grafana router pointing at /api/auth/check. Option (a) from the
README's three prod-auth modes — every Grafana request now gates on
a valid portal cookie. Anonymous stays off.
- .env.example rewritten with a Client section, optional FleetIngest
block, and an Admin variant block — annotated on what's required vs.
optional and where the seed-only-on-first-boot caveat applies.
- README "Grafana embedding" table: option (a) now marked active with
an inline note on how to switch modes later.
- OPERATIONS.md step 3 includes the white-label pre-brand .env snippet;
step 4 (formerly "decide Grafana auth mode") updated to reflect
that auth is wired by default.
Tests
- New BrandingSeedFromOptionsTests (5 tests) pins the env-var → IOptions
→ DB seed contract: first read seeds from options; subsequent reads
return the DB row (UI edits survive restarts); EnsureSeededAsync is
idempotent; UpdateAsync falls back to options for blanked fields.
- CustomerTokenGraceTests helper: pass the new RlsContext to
AdminDbContext (SetAll() so existing semantics hold).
Verified end-to-end
- Real Docker spin-up with WhiteLabel__* in a throwaway .env →
/api/branding returned all six fields verbatim (ApplicationName,
LogoUrl, three colors, FooterText).
- curl login → /api/dashboard/summary returned valid JSON →
/api/dashboard/summary/export.xlsx returned a 6.9 KB file the
`file` command identifies as "Microsoft Excel 2007+".
- /api/measurements/raw with and without deviceIds filter returned
correct paginated rows; /export.xlsx with filter produced a valid
7.1 KB xlsx with the meter count in the filename.
- Frontend tsc -b clean; backend dotnet build 0/0; xunit 66/66.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
218 lines
6.9 KiB
TypeScript
218 lines
6.9 KiB
TypeScript
import { useState } from 'react';
|
|
import { Card, Button, Table, Tag, Popconfirm, Modal, Input, Space, message } from 'antd';
|
|
import type { ColumnsType } from 'antd/es/table';
|
|
import { PlusOutlined, EditOutlined, DeleteOutlined, KeyOutlined, ApartmentOutlined } from '@ant-design/icons';
|
|
import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
|
|
import {
|
|
listUsers,
|
|
createUser,
|
|
updateUser,
|
|
deleteUser,
|
|
resetUserPassword,
|
|
type UserListItem,
|
|
type CreateUserPayload,
|
|
type UpdateUserPayload,
|
|
} from '../api/users';
|
|
import { UserFormDrawer } from '../components/users/UserFormDrawer';
|
|
import { CustomerAccessModal } from '../components/users/CustomerAccessModal';
|
|
import { useAppInfo } from '../hooks/useAppInfo';
|
|
|
|
type DrawerMode = { kind: 'create' } | { kind: 'edit'; user: UserListItem };
|
|
|
|
export function UsersPage() {
|
|
const qc = useQueryClient();
|
|
const { isAdmin: isAdminMode } = useAppInfo();
|
|
const [drawerMode, setDrawerMode] = useState<DrawerMode | null>(null);
|
|
const [drawerError, setDrawerError] = useState<string | null>(null);
|
|
const [resetTarget, setResetTarget] = useState<UserListItem | null>(null);
|
|
const [resetValue, setResetValue] = useState('');
|
|
const [accessTarget, setAccessTarget] = useState<UserListItem | null>(null);
|
|
|
|
const { data: users = [], isLoading } = useQuery({
|
|
queryKey: ['admin', 'users'],
|
|
queryFn: listUsers,
|
|
});
|
|
|
|
const invalidate = () => qc.invalidateQueries({ queryKey: ['admin', 'users'] });
|
|
|
|
const createMut = useMutation({
|
|
mutationFn: (payload: CreateUserPayload) => createUser(payload),
|
|
onSuccess: () => {
|
|
message.success('User created');
|
|
setDrawerMode(null);
|
|
setDrawerError(null);
|
|
invalidate();
|
|
},
|
|
onError: (err: unknown) => setDrawerError(errorMessage(err)),
|
|
});
|
|
|
|
const updateMut = useMutation({
|
|
mutationFn: ({ id, payload }: { id: string; payload: UpdateUserPayload }) => updateUser(id, payload),
|
|
onSuccess: () => {
|
|
message.success('User updated');
|
|
setDrawerMode(null);
|
|
setDrawerError(null);
|
|
invalidate();
|
|
},
|
|
onError: (err: unknown) => setDrawerError(errorMessage(err)),
|
|
});
|
|
|
|
const deleteMut = useMutation({
|
|
mutationFn: (id: string) => deleteUser(id),
|
|
onSuccess: () => {
|
|
message.success('User deleted');
|
|
invalidate();
|
|
},
|
|
onError: (err: unknown) => message.error(errorMessage(err)),
|
|
});
|
|
|
|
const resetMut = useMutation({
|
|
mutationFn: ({ id, newPassword }: { id: string; newPassword: string }) =>
|
|
resetUserPassword(id, newPassword),
|
|
onSuccess: () => {
|
|
message.success('Password reset');
|
|
setResetTarget(null);
|
|
setResetValue('');
|
|
},
|
|
onError: (err: unknown) => message.error(errorMessage(err)),
|
|
});
|
|
|
|
const handleSubmit = async (values: CreateUserPayload | UpdateUserPayload) => {
|
|
setDrawerError(null);
|
|
if (drawerMode?.kind === 'edit') {
|
|
await updateMut.mutateAsync({ id: drawerMode.user.id, payload: values as UpdateUserPayload });
|
|
} else {
|
|
await createMut.mutateAsync(values as CreateUserPayload);
|
|
}
|
|
};
|
|
|
|
const columns: ColumnsType<UserListItem> = [
|
|
{ title: 'Email', dataIndex: 'email', key: 'email' },
|
|
{ title: 'Name', dataIndex: 'displayName', key: 'displayName' },
|
|
{
|
|
title: 'Roles',
|
|
dataIndex: 'roles',
|
|
key: 'roles',
|
|
render: (roles: string[]) =>
|
|
roles.length === 0
|
|
? <Tag>User</Tag>
|
|
: roles.map((r) => <Tag color={r === 'Admin' ? 'blue' : undefined} key={r}>{r}</Tag>),
|
|
},
|
|
{
|
|
title: 'Active',
|
|
dataIndex: 'isActive',
|
|
key: 'isActive',
|
|
render: (active: boolean) => active ? <Tag color="green">Active</Tag> : <Tag color="red">Disabled</Tag>,
|
|
},
|
|
{
|
|
title: 'Created',
|
|
dataIndex: 'createdAt',
|
|
key: 'createdAt',
|
|
render: (v: string) => new Date(v).toLocaleString(),
|
|
},
|
|
{
|
|
title: 'Actions',
|
|
key: 'actions',
|
|
render: (_, user) => (
|
|
<Space>
|
|
<Button
|
|
size="small"
|
|
icon={<EditOutlined />}
|
|
onClick={() => { setDrawerError(null); setDrawerMode({ kind: 'edit', user }); }}
|
|
>
|
|
Edit
|
|
</Button>
|
|
{isAdminMode && user.roles.includes('RestrictedAdmin') && (
|
|
<Button
|
|
size="small"
|
|
icon={<ApartmentOutlined />}
|
|
onClick={() => setAccessTarget(user)}
|
|
>
|
|
Customer access
|
|
</Button>
|
|
)}
|
|
<Button
|
|
size="small"
|
|
icon={<KeyOutlined />}
|
|
onClick={() => { setResetValue(''); setResetTarget(user); }}
|
|
>
|
|
Reset password
|
|
</Button>
|
|
<Popconfirm
|
|
title={`Delete ${user.email}?`}
|
|
okText="Delete"
|
|
okButtonProps={{ danger: true }}
|
|
onConfirm={() => deleteMut.mutate(user.id)}
|
|
>
|
|
<Button size="small" danger icon={<DeleteOutlined />}>Delete</Button>
|
|
</Popconfirm>
|
|
</Space>
|
|
),
|
|
},
|
|
];
|
|
|
|
return (
|
|
<Card
|
|
title="Users"
|
|
extra={
|
|
<Button
|
|
type="primary"
|
|
icon={<PlusOutlined />}
|
|
onClick={() => { setDrawerError(null); setDrawerMode({ kind: 'create' }); }}
|
|
>
|
|
New user
|
|
</Button>
|
|
}
|
|
>
|
|
<Table<UserListItem>
|
|
rowKey="id"
|
|
columns={columns}
|
|
dataSource={users}
|
|
loading={isLoading}
|
|
pagination={{ pageSize: 20 }}
|
|
/>
|
|
|
|
<UserFormDrawer
|
|
open={drawerMode !== null}
|
|
mode={drawerMode}
|
|
submitting={createMut.isPending || updateMut.isPending}
|
|
error={drawerError}
|
|
onClose={() => { setDrawerMode(null); setDrawerError(null); }}
|
|
onSubmit={handleSubmit}
|
|
/>
|
|
|
|
<Modal
|
|
title={resetTarget ? `Reset password for ${resetTarget.email}` : 'Reset password'}
|
|
open={resetTarget !== null}
|
|
confirmLoading={resetMut.isPending}
|
|
onCancel={() => { setResetTarget(null); setResetValue(''); }}
|
|
onOk={() => resetTarget && resetMut.mutate({ id: resetTarget.id, newPassword: resetValue })}
|
|
okText="Reset"
|
|
okButtonProps={{ disabled: resetValue.length < 8 }}
|
|
>
|
|
<Input.Password
|
|
placeholder="New password (min 8 chars, upper + lower + digit)"
|
|
value={resetValue}
|
|
onChange={(e) => setResetValue(e.target.value)}
|
|
autoComplete="new-password"
|
|
/>
|
|
</Modal>
|
|
|
|
<CustomerAccessModal
|
|
open={accessTarget !== null}
|
|
user={accessTarget}
|
|
onClose={() => setAccessTarget(null)}
|
|
/>
|
|
</Card>
|
|
);
|
|
}
|
|
|
|
function errorMessage(err: unknown): string {
|
|
if (typeof err === 'object' && err !== null && 'response' in err) {
|
|
const data = (err as { response?: { data?: { error?: string; errors?: string[] } } }).response?.data;
|
|
if (data?.error) return data.error;
|
|
if (data?.errors?.length) return data.errors.join('; ');
|
|
}
|
|
return 'Request failed.';
|
|
}
|