"use client"; import React, { useCallback, useEffect, useMemo, useState } from "react"; import Link from "next/link"; import { Button } from "@/components/ui/button"; import { Dialog, DialogContent, DialogFooter, DialogHeader, DialogTitle, } from "@/components/ui/dialog"; import { Input } from "@/components/ui/input"; import { Label } from "@/components/ui/label"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow, } from "@/components/ui/table"; import DataService from "@/config/axios"; import { getApiErrorMessage } from "@/lib/api-error"; import { tenantApiPath } from "@/lib/tenant-api"; import { toast } from "sonner"; import { Filter, Pencil, Plus, Search, Shield, Trash2, X } from "lucide-react"; import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs"; import { ClientManagementRolesTableBody } from "./client-management-roles-list"; import ClientWorkspaceLayout, { type ClientWorkspaceChildCtx, } from "./client-workspace-layout"; type RoleClientPop = { _id?: string; name?: string; clientId?: string; }; type RoleRow = { _id: string; name: string; client?: string | RoleClientPop | null; permissions?: { _id?: string; name?: string; label?: string; group?: string }[]; }; type PermissionOpt = { _id: string; name: string; label?: string; group?: string; }; function groupPermissionsByGroup(perms: PermissionOpt[]): [string, PermissionOpt[]][] { const m = new Map(); for (const p of perms) { const g = (p.group && String(p.group).trim()) || "General"; if (!m.has(g)) m.set(g, []); m.get(g)!.push(p); } return Array.from(m.entries()).sort(([a], [b]) => a.localeCompare(b)); } function permissionIdsFromRole(r: RoleRow): string[] { const p = r.permissions; if (!p?.length) return []; return p .map((x) => (x && typeof x === "object" && x._id ? String(x._id) : null)) .filter((x): x is string => !!x); } function PermissionsField({ idPrefix, allPermissions, selectedIds, onToggle, onSelectAll, onClearAll, }: { idPrefix: string; allPermissions: PermissionOpt[]; selectedIds: string[]; onToggle: (id: string) => void; onSelectAll: () => void; onClearAll: () => void; }) { const groups = groupPermissionsByGroup(allPermissions); if (allPermissions.length === 0) { return (

{ "No actions are defined in the system yet. Add permission keys under platform admin (Permissions), or contact support." }

); } const allIds = allPermissions.map((p) => p._id); const allSelected = allIds.length !== 0 && allIds.every((id) => selectedIds.includes(id)); return (
{groups.map(([group, items]) => (

{group}

    {items.map((p) => (
  • onToggle(p._id)} className="mt-1 size-4 shrink-0 rounded border-gray-300" />
    • ))}
))}
); } function formatPermissions(p?: RoleRow["permissions"]) { if (!p || p.length === 0) return "—"; const names = p.map((x) => x.name).filter(Boolean) as string[]; if (names.length === 0) return "—"; const show = names.slice(0, 4).join(", "); return names.length > 4 ? `${show}…` : show; } function clientDbId(r: RoleRow): string | null { if (!r.client) return null; if (typeof r.client === "object" && r.client !== null && "_id" in r.client) { return String((r.client as RoleClientPop)._id); } return String(r.client); } /** True when this role is scoped to the same Client document as the signed-in user / selected workspace. */ function isOrgRoleForCurrentClient(r: RoleRow, userClientDbId: string | undefined): boolean { if (!userClientDbId) return false; const roleClientId = clientDbId(r); return !!roleClientId && roleClientId === String(userClientDbId); } export function ClientRolesTableBody({ ctx, panelTitle = "Roles", panelDescription, tabsNode, }: { ctx: ClientWorkspaceChildCtx; panelTitle?: string; panelDescription?: React.ReactNode; tabsNode?: React.ReactNode; }) { const { tenantApiKey, tenantReady, isSuperAdmin, tenantClientId, workspaceClientDbId } = ctx; const [rows, setRows] = useState([]); const [listLoading, setListLoading] = useState(false); const [permCatalog, setPermCatalog] = useState([]); const [roleOpen, setRoleOpen] = useState(false); const [roleName, setRoleName] = useState(""); const [createPermIds, setCreatePermIds] = useState([]); const [roleSaving, setRoleSaving] = useState(false); const [editOpen, setEditOpen] = useState(false); const [editId, setEditId] = useState(null); const [editName, setEditName] = useState(""); const [editPermIds, setEditPermIds] = useState([]); const [searchInput, setSearchInput] = useState(""); const [appliedSearch, setAppliedSearch] = useState(""); const [page, setPage] = useState(1); const pageSize = 10; const loadRoles = useCallback(async (key: string) => { setListLoading(true); try { const res = await DataService.get(tenantApiPath(key, "/roles")); setRows(res.data?.data || []); } catch (e: unknown) { toast.error(getApiErrorMessage(e, "Could not load roles")); setRows([]); } finally { setListLoading(false); } }, []); const loadPermissions = useCallback(async (key: string) => { try { const res = await DataService.get(tenantApiPath(key, "/permissions")); const data = res.data?.data; setPermCatalog(Array.isArray(data) ? data : []); } catch (e: unknown) { toast.error(getApiErrorMessage(e, "Could not load permission catalog")); setPermCatalog([]); } }, []); useEffect(() => { if (!tenantReady) return; void loadRoles(tenantApiKey); void loadPermissions(tenantApiKey); }, [tenantReady, tenantApiKey, loadRoles, loadPermissions]); const submitRole = async () => { if (!roleName.trim()) { toast.error("Enter a role name"); return; } setRoleSaving(true); try { await DataService.post(tenantApiPath(tenantApiKey, "/roles"), { name: roleName.trim(), permissions: createPermIds, }); toast.success("Role created"); setRoleOpen(false); setRoleName(""); setCreatePermIds([]); await loadRoles(tenantApiKey); } catch (e: unknown) { toast.error(getApiErrorMessage(e, "Could not create role")); } finally { setRoleSaving(false); } }; const openEdit = (r: RoleRow) => { setEditId(r._id); setEditName(r.name); setEditPermIds(permissionIdsFromRole(r)); setEditOpen(true); }; const submitEdit = async () => { if (!editId || !editName.trim()) { toast.error("Enter a role name"); return; } setRoleSaving(true); try { await DataService.patch(tenantApiPath(tenantApiKey, `/roles/${editId}`), { name: editName.trim(), permissions: editPermIds, }); toast.success("Role updated"); setEditOpen(false); setEditId(null); await loadRoles(tenantApiKey); } catch (e: unknown) { toast.error(getApiErrorMessage(e, "Could not update role")); } finally { setRoleSaving(false); } }; const removeRole = async (r: RoleRow) => { if (!isOrgRoleForCurrentClient(r, workspaceClientDbId)) return; if (!confirm(`Delete role “${r.name}”? This cannot be undone if no users use it.`)) return; try { await DataService.delete(tenantApiPath(tenantApiKey, `/roles/${r._id}`)); toast.success("Role deleted"); await loadRoles(tenantApiKey); } catch (e: unknown) { toast.error(getApiErrorMessage(e, "Could not delete role")); } }; if (!tenantReady) { return

Select a client to load roles.

; } const defaultDescription = (

This list shows roles created for this client plus shared global roles visible for your account. Shared/global rows are read-only here; assign roles under{" "} Users .

); const normalizedAppliedSearch = appliedSearch.trim().toLowerCase(); const filteredRows = useMemo(() => { if (!normalizedAppliedSearch) return rows; return rows.filter((r) => { const permissionsSummary = formatPermissions(r.permissions); const haystack = `${r.name || ""} ${permissionsSummary || ""}`.toLowerCase(); return haystack.includes(normalizedAppliedSearch); }); }, [rows, normalizedAppliedSearch]); const totalPages = Math.max(1, Math.ceil(filteredRows.length / pageSize)); const pagedRows = useMemo(() => { const start = (page - 1) * pageSize; return filteredRows.slice(start, start + pageSize); }, [filteredRows, page]); const filterIsActive = normalizedAppliedSearch.length > 0 && searchInput.trim().toLowerCase() === normalizedAppliedSearch; const handleFilterButtonClick = () => { if (filterIsActive) { setAppliedSearch(""); setSearchInput(""); setPage(1); return; } setAppliedSearch(searchInput.trim()); setPage(1); }; useEffect(() => { if (page > totalPages) setPage(totalPages); }, [page, totalPages]); return ( <>

{panelTitle}

setSearchInput(e.target.value)} />
{tabsNode ? (
{tabsNode}
) : null}
{listLoading ? (
Loading roles…
) : ( Name Allowed actions (summary) Actions {pagedRows.length === 0 ? ( {normalizedAppliedSearch ? "No roles match your current filter." : "No organization roles yet. Add one above, or assign platform roles under Users."} ) : ( pagedRows.map((r) => { const org = isOrgRoleForCurrentClient(r, workspaceClientDbId); return ( {r.name} {formatPermissions(r.permissions)} {org ? (
) : ( )} ); }) )}
)}

{`Page ${page} of ${totalPages}`}

{isSuperAdmin && (

Platform-wide role templates:{" "} Super admin — Roles .

)}
{ setRoleOpen(open); if (!open) { setRoleName(""); setCreatePermIds([]); } }} > Add organization role
setRoleName(e.target.value)} />

Saved with this client's id ({tenantClientId ?? "—"}). Names must be unique within this organization.

Choose what users with this role can do in your organization (same permission keys as platform roles).

setCreatePermIds((prev) => prev.includes(id) ? prev.filter((x) => x !== id) : [...prev, id] ) } onSelectAll={() => setCreatePermIds(permCatalog.map((p) => p._id))} onClearAll={() => setCreatePermIds([])} />
{ setEditOpen(open); if (!open) { setEditId(null); setEditName(""); setEditPermIds([]); } }} > Edit organization role
setEditName(e.target.value)} />

Update what users with this role can do.

setEditPermIds((prev) => prev.includes(id) ? prev.filter((x) => x !== id) : [...prev, id] ) } onSelectAll={() => setEditPermIds(permCatalog.map((p) => p._id))} onClearAll={() => setEditPermIds([])} />
); } export default function ClientRolesList() { return ( ctx.isSuperAdmin ? ( ) : null } > {(ctx) => ( Organization roles Management roles } /> Organization roles Management roles } /> )} ); }