"use client"; import { useEffect, useState } from "react"; import { del, get, put } from "@/lib/api"; import { Badge, Field, InfoTip, Notice, Spinner } from "@/components/ui"; import { ROLE_DESCRIPTIONS, ROLE_LABELS, type Role } from "@/lib/roles"; type User = { email: string; name: string; roles: string[]; hasPassword: boolean }; export default function UsersRolesPanel() { const [users, setUsers] = useState(null); const [availableRoles, setAvailableRoles] = useState([]); const [pw, setPw] = useState>({}); const [add, setAdd] = useState({ email: "", name: "", roles: ["monitoring"] as string[], password: "" }); const [error, setError] = useState(null); const [msg, setMsg] = useState(null); const [busy, setBusy] = useState(null); async function load() { try { const d = await get<{ users: User[]; availableRoles: string[] }>("users"); setUsers(d.users); setAvailableRoles(d.availableRoles); } catch (e) { setError((e as Error).message); } } useEffect(() => { load(); }, []); if (error) return Could not load users: {error}; if (!users) return ; const patchUser = (email: string, change: Partial) => setUsers((us) => (us ? us.map((u) => (u.email === email ? { ...u, ...change } : u)) : us)); const toggleRole = (email: string, role: string) => setUsers((us) => us ? us.map((u) => u.email === email ? { ...u, roles: u.roles.includes(role) ? u.roles.filter((r) => r !== role) : [...u.roles, role] } : u, ) : us, ); async function saveUser(u: User) { setBusy(u.email); setMsg(null); try { const payload: Record = { email: u.email, name: u.name, roles: u.roles }; if (pw[u.email]) payload.password = pw[u.email]; const d = await put<{ users: User[] }>("users", payload); setUsers(d.users); setPw((p) => ({ ...p, [u.email]: "" })); setMsg(`Saved ${u.email}.`); } catch (e) { setError((e as Error).message); } finally { setBusy(null); } } async function removeUser(email: string) { if (!window.confirm(`Remove ${email}? They will lose access.`)) return; setBusy(email); setMsg(null); try { const d = await del<{ users: User[] }>(`users/${encodeURIComponent(email)}`); setUsers(d.users); setMsg(`Removed ${email}.`); } catch (e) { setError((e as Error).message); } finally { setBusy(null); } } async function addUser(e: React.FormEvent) { e.preventDefault(); setBusy("__add"); setMsg(null); try { const d = await put<{ users: User[] }>("users", { email: add.email, name: add.name || add.email, roles: add.roles, password: add.password }); setUsers(d.users); setAdd({ email: "", name: "", roles: ["monitoring"], password: "" }); setMsg(`Added ${add.email}.`); } catch (e) { setError((e as Error).message); } finally { setBusy(null); } } const roleChecks = (selected: string[], onToggle: (role: string) => void) => availableRoles.map((role) => ( )); return (

Who can sign in and what they can access. A user with a password signs in with username + password; a user without one signs in via Google (their email must be listed here). Roles control which sections each user sees. The developer login remains as a bootstrap escape hatch.

{msg && {msg}}

Add user

setAdd({ ...add, email: e.target.value })} placeholder="user@digt.ch" className="input" autoComplete="off" /> setAdd({ ...add, name: e.target.value })} className="input" autoComplete="off" />
{roleChecks(add.roles, (role) => setAdd((a) => ({ ...a, roles: a.roles.includes(role) ? a.roles.filter((r) => r !== role) : [...a.roles, role] })))}
setAdd({ ...add, password: e.target.value })} className="input" autoComplete="new-password" />
{users.length === 0 && ( No users yet — add one above. Until then, sign in with the developer login (Superadmin). )} {users.map((u) => (
{u.email} {u.hasPassword ? local + password : Google-only}
patchUser(u.email, { name: e.target.value })} className="input" autoComplete="off" /> setPw((p) => ({ ...p, [u.email]: e.target.value }))} placeholder={u.hasPassword ? "•••••••• (set)" : "no password"} className="input" autoComplete="new-password" />
{roleChecks(u.roles, (role) => toggleRole(u.email, role))}
))}
); }