From 9d43a2a7ccbb5a98f0960fe8b8428571dc222489 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Sun, 1 Mar 2026 10:32:03 -0500 Subject: [PATCH 01/30] temp commit --- app/components/sidebar.rb | 4 +- .../backend/identities_controller.rb | 4 +- app/controllers/backend/kbar_controller.rb | 2 +- .../backend/programs_controller.rb | 94 ------ .../concerns/identity_authorizable.rb | 24 ++ .../developer_app_collaborators_controller.rb | 41 +++ app/controllers/developer_apps_controller.rb | 109 +++++- app/frontend/js/alpine.js | 2 + app/frontend/js/scope-editor.js | 49 +++ app/frontend/stylesheets/application.scss | 1 + .../stylesheets/snippets/developer_apps.scss | 310 ++++++++++++++++++ app/lib/shortcodes.rb | 4 +- app/models/identity.rb | 8 + app/models/oauth_scope.rb | 3 + app/models/program.rb | 13 + app/models/program_collaborator.rb | 8 + app/policies/program_policy.rb | 116 +++++-- app/views/backend/identities/edit.html.erb | 5 + app/views/backend/programs/_program.html.erb | 6 - app/views/backend/programs/edit.html.erb | 9 - app/views/backend/programs/index.html.erb | 45 --- app/views/backend/programs/new.html.erb | 9 - app/views/backend/programs/show.html.erb | 95 ------ app/views/backend/static_pages/index.html.erb | 2 +- app/views/developer_apps/edit.html.erb | 139 ++++++-- app/views/developer_apps/index.html.erb | 83 ++--- app/views/developer_apps/new.html.erb | 115 +++++-- app/views/developer_apps/show.html.erb | 197 +++++++---- app/views/forms/backend/programs/form.rb | 78 ----- config/locales/en.yml | 82 ++++- config/routes.rb | 9 +- db/analytics_schema.rb | 52 +++ ...00_add_can_hq_officialize_to_identities.rb | 5 + ...0226200001_create_program_collaborators.rb | 11 + db/schema.rb | 30 +- spec/factories/backend_users.rb | 25 ++ spec/factories/identities.rb | 8 + spec/factories/program_collaborators.rb | 6 + 38 files changed, 1238 insertions(+), 565 deletions(-) delete mode 100644 app/controllers/backend/programs_controller.rb create mode 100644 app/controllers/concerns/identity_authorizable.rb create mode 100644 app/controllers/developer_app_collaborators_controller.rb create mode 100644 app/frontend/js/scope-editor.js create mode 100644 app/frontend/stylesheets/snippets/developer_apps.scss create mode 100644 app/models/program_collaborator.rb delete mode 100644 app/views/backend/programs/_program.html.erb delete mode 100644 app/views/backend/programs/edit.html.erb delete mode 100644 app/views/backend/programs/index.html.erb delete mode 100644 app/views/backend/programs/new.html.erb delete mode 100644 app/views/backend/programs/show.html.erb delete mode 100644 app/views/forms/backend/programs/form.rb create mode 100644 db/analytics_schema.rb create mode 100644 db/migrate/20260226200000_add_can_hq_officialize_to_identities.rb create mode 100644 db/migrate/20260226200001_create_program_collaborators.rb create mode 100644 spec/factories/backend_users.rb create mode 100644 spec/factories/program_collaborators.rb diff --git a/app/components/sidebar.rb b/app/components/sidebar.rb index ec42f6b8..6ee49383 100644 --- a/app/components/sidebar.rb +++ b/app/components/sidebar.rb @@ -50,8 +50,8 @@ def nav_items items << { label: t("sidebar.addresses"), path: addresses_path, icon: "email" } items << { label: t("sidebar.security"), path: security_path, icon: "private" } - # Add developer link if developer mode is enabled - if current_identity.present? && current_identity.developer_mode? + # Add developer link if developer mode is enabled or user is a program manager/super admin + if current_identity.present? && (current_identity.developer_mode? || current_identity.backend_user&.program_manager? || current_identity.backend_user&.super_admin?) items << { label: t("sidebar.developer"), path: developer_apps_path, icon: "code" } end diff --git a/app/controllers/backend/identities_controller.rb b/app/controllers/backend/identities_controller.rb index 5051e000..7e2d919c 100644 --- a/app/controllers/backend/identities_controller.rb +++ b/app/controllers/backend/identities_controller.rb @@ -182,7 +182,9 @@ def set_identity end def identity_params - params.require(:identity).permit(:first_name, :last_name, :legal_first_name, :legal_last_name, :primary_email, :phone_number, :birthday, :country, :hq_override, :ysws_eligible, :permabanned) + permitted = [ :first_name, :last_name, :legal_first_name, :legal_last_name, :primary_email, :phone_number, :birthday, :country, :hq_override, :ysws_eligible, :permabanned ] + permitted << :can_hq_officialize if current_user&.super_admin? + params.require(:identity).permit(permitted) end def vouch_params diff --git a/app/controllers/backend/kbar_controller.rb b/app/controllers/backend/kbar_controller.rb index 4b5c48b4..4eec40b0 100644 --- a/app/controllers/backend/kbar_controller.rb +++ b/app/controllers/backend/kbar_controller.rb @@ -60,7 +60,7 @@ def search_in_scope(scope, query) id: app.id, label: app.name, sublabel: app.redirect_uri&.truncate(50), - path: "/backend/programs/#{app.id}" + path: "/developer/apps/#{app.id}" } end end diff --git a/app/controllers/backend/programs_controller.rb b/app/controllers/backend/programs_controller.rb deleted file mode 100644 index 0f77c730..00000000 --- a/app/controllers/backend/programs_controller.rb +++ /dev/null @@ -1,94 +0,0 @@ -class Backend::ProgramsController < Backend::ApplicationController - before_action :set_program, only: [ :show, :edit, :update, :destroy, :rotate_credentials ] - - hint :list_navigation, on: :index - hint :back_navigation, on: :index - - def index - authorize Program - - set_keyboard_shortcut(:back, backend_root_path) - - @programs = policy_scope(Program).includes(:identities).order(:name) - end - - def show - authorize @program - @identities_count = @program.identities.distinct.count - end - - def new - @program = Program.new - authorize @program - end - - def create - @program = Program.new(program_params) - authorize @program - - if params[:oauth_application] && params[:oauth_application][:redirect_uri].present? - @program.redirect_uri = params[:oauth_application][:redirect_uri] - end - - if @program.save - redirect_to backend_program_path(@program), notice: "Program was successfully created." - else - render :new, status: :unprocessable_entity - end - end - - def edit - authorize @program - end - - def update - authorize @program - - if params[:oauth_application] && params[:oauth_application][:redirect_uri].present? - @program.redirect_uri = params[:oauth_application][:redirect_uri] - end - - if @program.update(program_params_for_user) - redirect_to backend_program_path(@program), notice: "Program was successfully updated." - else - render :edit, status: :unprocessable_entity - end - end - - def destroy - authorize @program - @program.destroy - redirect_to backend_programs_path, notice: "Program was successfully deleted." - end - - def rotate_credentials - authorize @program - @program.rotate_credentials! - redirect_to backend_program_path(@program), notice: "Credentials have been rotated. Make sure to update any integrations using the old secret/API key." - end - - - private - - def set_program - @program = Program.find(params[:id]) - end - - def program_params - params.require(:program).permit(:name, :description, :active, scopes_array: []) - end - - def program_params_for_user - permitted_params = [ :name, :redirect_uri ] - - if policy(@program).update_scopes? - permitted_params += [ :description, :active, :trust_level, scopes_array: [] ] - end - - if policy(@program).update_onboarding_scenario? - permitted_params << :onboarding_scenario - end - - params.require(:program).permit(permitted_params) - end -end diff --git a/app/controllers/concerns/identity_authorizable.rb b/app/controllers/concerns/identity_authorizable.rb new file mode 100644 index 00000000..511a4de6 --- /dev/null +++ b/app/controllers/concerns/identity_authorizable.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +# Opt-in concern for frontend controllers that want Pundit authorization +# with Identity as the authorization subject (instead of Backend::User). +# +# This does NOT affect backend controllers — they continue using +# Backend::User via Backend::ApplicationController. +module IdentityAuthorizable + extend ActiveSupport::Concern + + included do + include Pundit::Authorization + after_action :verify_authorized + + rescue_from Pundit::NotAuthorizedError do |_e| + flash[:error] = "You're not authorized to do that." + redirect_to root_path + end + + def pundit_user + current_identity + end + end +end diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb new file mode 100644 index 00000000..a9371e34 --- /dev/null +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -0,0 +1,41 @@ +class DeveloperAppCollaboratorsController < ApplicationController + include IdentityAuthorizable + + before_action :set_app + + def create + authorize @app, :manage_collaborators? + + email = params[:email].to_s.strip.downcase + + # Anti-enumeration: always return the same generic message regardless of outcome + identity = Identity.find_by(primary_email: email) + + if identity && identity != @app.owner_identity + @app.program_collaborators.find_or_create_by(identity: identity) + end + + redirect_to developer_app_path(@app), notice: t(".generic_response") + end + + def destroy + authorize @app, :manage_collaborators? + + collaborator = @app.program_collaborators.find(params[:id]) + collaborator.destroy + + redirect_to developer_app_path(@app), notice: t(".success") + rescue ActiveRecord::RecordNotFound + flash[:error] = t("developer_apps.collaborator.not_found") + redirect_to developer_app_path(@app) + end + + private + + def set_app + @app = Program.find(params[:developer_app_id]) + rescue ActiveRecord::RecordNotFound + flash[:error] = t("developer_apps.set_app.not_found") + redirect_to developer_apps_path + end +end diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index 74a486b7..cb70899d 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -1,23 +1,46 @@ class DeveloperAppsController < ApplicationController - before_action :require_developer_mode - before_action :set_app, only: [ :show, :edit, :update, :destroy, :rotate_credentials ] + include IdentityAuthorizable + + before_action :set_app, only: [ :show, :edit, :update, :destroy, :rotate_credentials, :revoke_all_authorizations ] def index - @apps = current_identity.owned_developer_apps.order(created_at: :desc) + authorize Program + + @apps = policy_scope(Program).includes(:owner_identity).order(created_at: :desc) + + if admin? + @apps = @apps.where("oauth_applications.name ILIKE :q OR oauth_applications.uid ILIKE :q", q: "%#{params[:search]}%") if params[:search].present? + if params[:owner_id].present? + @apps = @apps.where(owner_identity_id: params[:owner_id]) + end + end + + @apps = @apps.page(params[:page]).per(25) end def show + authorize @app + @identities_count = @app.identities.distinct.count + @collaborators = @app.program_collaborators.includes(:identity) if policy(@app).manage_collaborators? end def new - @app = Program.new + @app = Program.new(trust_level: :community_untrusted) + authorize @app end def create - @app = Program.new(app_params) - @app.trust_level = :community_untrusted + @app = Program.new(app_params_for_identity) + authorize @app + + unless policy(@app).update_trust_level? + @app.trust_level = :community_untrusted + end @app.owner_identity = current_identity + # Server-side scope enforcement: only allow scopes within this user's tier + enforce_allowed_scopes!(@app, existing_scopes: []) + if @app.save redirect_to developer_app_path(@app), notice: t(".success") else @@ -26,10 +49,19 @@ def create end def edit + authorize @app end def update - if @app.update(app_params) + authorize @app + + existing_scopes = @app.scopes_array.dup + @app.assign_attributes(app_params_for_identity) + + # Server-side scope enforcement: preserve locked scopes, reject unauthorized additions + enforce_allowed_scopes!(@app, existing_scopes: existing_scopes) + + if @app.save redirect_to developer_app_path(@app), notice: t(".success") else render :edit, status: :unprocessable_entity @@ -37,6 +69,7 @@ def update end def destroy + authorize @app app_name = @app.name @app.create_activity :destroy, owner: current_identity, parameters: { name: app_name } @app.destroy @@ -44,27 +77,67 @@ def destroy end def rotate_credentials + authorize @app @app.rotate_credentials! - redirect_to developer_app_path(@app), notice: t(".success") + redirect_to developer_app_path(@app), notice: t(".rotate_credentials.success") end - private - - def require_developer_mode - unless current_identity.developer_mode? - flash[:error] = t(".require_developer_mode") - redirect_to root_path - end + def revoke_all_authorizations + authorize @app + count = @app.access_tokens.update_all(revoked_at: Time.current) + PaperTrail.request.whodunnit = current_identity.id.to_s + @app.paper_trail_event = "revoke_all_authorizations" + @app.paper_trail.save_with_version + redirect_to developer_app_path(@app), notice: t(".revoke_all_authorizations.success", count: count) end + private + def set_app - @app = current_identity.owned_developer_apps.find(params[:id]) + @app = Program.find(params[:id]) rescue ActiveRecord::RecordNotFound flash[:error] = t("developer_apps.set_app.not_found") redirect_to developer_apps_path end - def app_params - params.require(:program).permit(:name, :redirect_uri, scopes_array: []) + # Server-side enforcement: a user can only add/remove scopes within their + # allowed tier. Scopes outside that tier that already exist on the app + # ("locked scopes") are always preserved — a community user editing an + # hq_official app cannot strip `basic_info`, and nobody can inject + # `set_slack_id` via a forged form. + # + # Formula: final = (submitted ∩ allowed) ∪ (existing ∩ ¬allowed) + def enforce_allowed_scopes!(app, existing_scopes:) + allowed = policy(app).allowed_scopes + submitted = app.scopes_array + + user_controlled = submitted & allowed # only keep what they're allowed to touch + locked = existing_scopes - allowed # preserve what they can't touch + + app.scopes_array = (user_controlled + locked).uniq + end + + def app_params_for_identity + permitted = [ :name, :redirect_uri, scopes_array: [] ] + + if policy(@app || Program.new).update_trust_level? + permitted << :trust_level + end + + if policy(@app || Program.new).update_onboarding_scenario? + permitted << :onboarding_scenario + end + + if policy(@app || Program.new).update_active? + permitted << :active + end + + params.require(:program).permit(permitted) + end + + def admin? + backend_user = current_identity.backend_user + backend_user&.program_manager? || backend_user&.super_admin? end + helper_method :admin? end diff --git a/app/frontend/js/alpine.js b/app/frontend/js/alpine.js index 2616eebf..70b01271 100644 --- a/app/frontend/js/alpine.js +++ b/app/frontend/js/alpine.js @@ -2,10 +2,12 @@ import Alpine from 'alpinejs' import { webauthnRegister } from './webauthn-registration.js' import { webauthnAuth } from './webauthn-authentication.js' import { stepUpWebauthn } from './webauthn-step-up.js' +import { scopeEditor } from './scope-editor.js' Alpine.data('webauthnRegister', webauthnRegister) Alpine.data('webauthnAuth', webauthnAuth) Alpine.data('stepUpWebauthn', stepUpWebauthn) +Alpine.data('scopeEditor', scopeEditor) window.Alpine = Alpine Alpine.start() \ No newline at end of file diff --git a/app/frontend/js/scope-editor.js b/app/frontend/js/scope-editor.js new file mode 100644 index 00000000..26b592a6 --- /dev/null +++ b/app/frontend/js/scope-editor.js @@ -0,0 +1,49 @@ +const YSWS_DEFAULT_SCOPES = ['name', 'birthdate', 'address', 'basic_info', 'verification_status']; + +export function scopeEditor({ trustLevel, selectedScopes, allowedScopes, communityScopes, allScopes, yswsDefaults }) { + return { + trustLevel, + selected: [...selectedScopes], + removedScopes: [], + showYswsDefaults: yswsDefaults || false, + + get editableScopes() { + const pool = this.trustLevel === 'hq_official' ? allowedScopes : communityScopes; + return allScopes.filter(s => pool.includes(s.name)); + }, + + // Scopes on the app that this user can't touch — rendered as locked rows + // with hidden inputs so they're preserved on save. + // Uses the *original* selectedScopes (closure over init arg) so a locked + // scope stays locked even if Alpine state is manipulated. + get lockedScopes() { + const editableNames = this.editableScopes.map(s => s.name); + return allScopes.filter(s => + selectedScopes.includes(s.name) && !editableNames.includes(s.name) + ); + }, + + isChecked(name) { return this.selected.includes(name); }, + + toggle(name) { + const i = this.selected.indexOf(name); + if (i >= 0) this.selected.splice(i, 1); + else this.selected.push(name); + }, + + onTrustLevelChange() { + const valid = this.editableScopes.map(s => s.name); + this.removedScopes = this.selected.filter(s => !valid.includes(s)); + this.selected = this.selected.filter(s => valid.includes(s)); + }, + + dismissWarning() { this.removedScopes = []; }, + + applyYswsDefaults() { + this.trustLevel = 'hq_official'; + this.removedScopes = []; + const valid = this.editableScopes.map(s => s.name); + this.selected = YSWS_DEFAULT_SCOPES.filter(s => valid.includes(s)); + }, + }; +} diff --git a/app/frontend/stylesheets/application.scss b/app/frontend/stylesheets/application.scss index c8dc7f8a..6307d210 100644 --- a/app/frontend/stylesheets/application.scss +++ b/app/frontend/stylesheets/application.scss @@ -72,6 +72,7 @@ h3 { font-size: 1.5rem; } @import "./snippets/identities.scss"; @import "./snippets/welcome.scss"; @import "./snippets/email_changes.scss"; +@import "./snippets/developer_apps.scss"; input[type="text"], input[type="email"], diff --git a/app/frontend/stylesheets/snippets/developer_apps.scss b/app/frontend/stylesheets/snippets/developer_apps.scss new file mode 100644 index 00000000..8fad87be --- /dev/null +++ b/app/frontend/stylesheets/snippets/developer_apps.scss @@ -0,0 +1,310 @@ +// Developer Apps UI — IdP management panel styles + +// Form field container +.field-group { + margin-bottom: 1.25rem; + label:first-child { + display: block; + font-weight: 600; + font-size: 0.9rem; + margin-bottom: 0.4rem; + } +} + +// Checkbox + label + optional description row +.checkbox-label { + display: flex; + align-items: flex-start; + gap: 0.6rem; + padding: 0.375rem 0; + cursor: pointer; + input[type="checkbox"] { margin-top: 0.2rem; flex-shrink: 0; } + small { display: block; margin-top: 0.1rem; } +} + +// Secondary button style for tags — replicates Pico's .secondary for buttons +a.button-secondary, +.button-secondary { + background: #fff linear-gradient(180deg, rgba(255,255,255,0) 0%, rgba(0,0,0,0.04) 100%) !important; + background-color: #fff !important; + color: #555 !important; + border: 1px solid rgba(0, 0, 0, 0.1) !important; + box-shadow: + 0 1px 3px rgba(0, 0, 0, 0.08), + inset 0 1px 0 rgba(255, 255, 255, 0.8), + inset 0 -1px 1px rgba(0, 0, 0, 0.04) !important; + display: inline-flex; + align-items: center; + justify-content: center; + text-decoration: none; + border-radius: var(--pico-border-radius); + padding: var(--pico-form-element-spacing-vertical) var(--pico-form-element-spacing-horizontal); + font-size: 1rem; + font-weight: var(--pico-font-weight); + cursor: pointer; + transition: all 0.2s cubic-bezier(0.4, 0, 0.2, 1); + + @include dark-mode { + background: #2c2c2c linear-gradient(180deg, rgba(255,255,255,0) 0%, rgba(0,0,0,0.1) 100%) !important; + color: #d0d0d0 !important; + border-color: rgba(255, 255, 255, 0.1) !important; + box-shadow: + 0 2px 6px rgba(0, 0, 0, 0.4), + inset 0 1px 0 rgba(255, 255, 255, 0.08), + inset 0 -1px 1px rgba(0, 0, 0, 0.3) !important; + } + + &:hover { + transform: translateY(-1px); + background: #fcfcfc linear-gradient(180deg, rgba(255,255,255,0) 0%, rgba(0,0,0,0.02) 100%) !important; + border-color: rgba(0, 0, 0, 0.15) !important; + box-shadow: + 0 4px 12px rgba(0, 0, 0, 0.12), + inset 0 1px 0 rgba(255, 255, 255, 1), + inset 0 -1px 1px rgba(0, 0, 0, 0.05) !important; + + @include dark-mode { + background: #333 linear-gradient(180deg, rgba(255,255,255,0) 0%, rgba(0,0,0,0.15) 100%) !important; + border-color: rgba(255, 255, 255, 0.15) !important; + box-shadow: + 0 4px 12px rgba(0, 0, 0, 0.5), + inset 0 1px 0 rgba(255, 255, 255, 0.1), + inset 0 -1px 1px rgba(0, 0, 0, 0.3) !important; + } + } + + &:active { + transform: translateY(0); + box-shadow: + inset 0 3px 6px rgba(0, 0, 0, 0.15), + inset 0 1px 3px rgba(0, 0, 0, 0.12) !important; + + @include dark-mode { + box-shadow: + inset 0 3px 6px rgba(0, 0, 0, 0.5), + inset 0 1px 3px rgba(0, 0, 0, 0.4) !important; + } + } +} + +// Submit row +.form-actions { display: flex; gap: 0.75rem; margin-top: 1.5rem; flex-wrap: wrap; } + +// Two-panel layout for show page +.dev-panel { + display: grid; + grid-template-columns: 260px 1fr; + gap: $space-6; + align-items: start; + margin-top: $space-5; + @include down($bp-md) { grid-template-columns: 1fr; } +} +.dev-panel-sidebar { display: flex; flex-direction: column; gap: $space-4; } +.dev-panel-main { display: flex; flex-direction: column; gap: $space-4; } + +// Monogram icon for app identity +.app-icon { + width: 48px; height: 48px; + border-radius: $radius-md; + background: linear-gradient(135deg, var(--pico-primary-background, var(--pico-primary)) 0%, var(--pico-primary) 100%); + display: flex; align-items: center; justify-content: center; + font-size: 1.25rem; font-weight: 700; color: white; + flex-shrink: 0; + box-shadow: 0 2px 8px rgba(0,0,0,0.15); + letter-spacing: -0.02em; + &.large { width: 72px; height: 72px; font-size: 1.875rem; border-radius: $radius-lg; margin: 0 auto $space-3; } +} + +// Sidebar identity card internals +.app-identity-name { + font-size: 1.25rem; + margin: 0 0 $space-2; +} + +.app-badge-row { + display: flex; + gap: $space-2; + justify-content: center; + flex-wrap: wrap; + margin-bottom: $space-3; +} + +.dev-panel-sidebar .button-secondary { + text-align: center; + display: block; +} + +// Redirect URI rows in show page +.redirect-uri-list { margin-top: $space-4; } + +.redirect-uri-row { + display: grid; + grid-template-columns: 1fr auto; + gap: $space-2; + align-items: center; + margin-bottom: $space-2; + input[readonly] { + font-family: $font-mono; + font-size: 0.9rem; + } +} + +// Collaborator list in show page +.collaborator-list { margin-top: $space-4; } + +.collaborator-row { + display: flex; + justify-content: space-between; + align-items: center; + padding: $space-2 0; + border-bottom: 1px solid var(--pico-card-border-color); + .collaborator-email { + color: var(--pico-muted-color); + font-size: 0.9rem; + } +} + +.add-collaborator { + margin-top: $space-4; + .add-collaborator-label { + font-size: 0.8rem; + font-weight: 600; + color: var(--pico-muted-color); + text-transform: uppercase; + letter-spacing: 0.04em; + margin: 0 0 $space-2; + } + form { + display: flex; + gap: $space-2; + input[type="email"] { flex: 1; } + } +} + +// Scope description text inside checkbox labels +.checkbox-label small { color: var(--pico-muted-color); } + +// YSWS defaults quick-fill button spacing +.ysws-defaults-btn { margin-bottom: $space-3; } + +// Label/value pair in show sidebar +.app-meta-row { + display: flex; flex-direction: column; gap: 0.2rem; + padding: 0.5rem 0; + border-bottom: 1px solid var(--pico-card-border-color); + &:last-child { border-bottom: none; } + .meta-label { font-size: 0.8rem; font-weight: 600; color: var(--pico-muted-color); text-transform: uppercase; letter-spacing: 0.04em; } + .meta-value { font-size: 0.9375rem; } +} + +// Credential rows — divider-separated, no nested boxes +.credential-block { + padding: $space-3 0; + border-bottom: 1px solid var(--pico-card-border-color); + &:first-of-type { margin-top: $space-3; } + &:last-of-type { border-bottom: none; padding-bottom: 0; } + label { font-size: 0.75rem; font-weight: 600; color: var(--pico-muted-color); text-transform: uppercase; letter-spacing: 0.05em; display: block; margin-bottom: 0.3rem; } + input[readonly] { + font-family: $font-mono; font-size: 0.9rem; + background: transparent; border: none; padding: 0; + cursor: pointer; box-shadow: none; margin: 0; width: 100%; + color: var(--pico-color); + } +} + +.cred-reveal-row { + display: flex; + align-items: center; + gap: $space-2; + .pointer { flex: 1; min-width: 0; } + input[readonly] { width: 100%; } + button { flex-shrink: 0; } +} + +// Danger zone card variant +.danger-card { + border-color: var(--error-border) !important; + h4 { color: var(--error-fg); font-size: 1rem; margin: 0 0 $space-3 0; } +} + +// Thin search strip (replaces heavy section-card for admin search) +.search-bar { + display: flex; + align-items: center; + gap: $space-3; + flex-wrap: wrap; + padding: $space-3 $space-4; + background: var(--surface-2); + border: 1px solid var(--pico-card-border-color); + border-radius: $radius-lg; + margin-bottom: $space-4; + form { display: contents; } + input[type="search"], input[type="text"] { + flex: 1; min-width: 200px; + margin: 0; padding: 0.5rem 0.75rem; font-size: 0.9rem; + } + .search-results-count { + font-size: 0.875rem; + color: var(--pico-muted-color); + margin-left: auto; + } + button, button[type="submit"] { flex-shrink: 0; width: auto; margin: 0; } +} + +// Locked scope checkboxes (user can't touch these) +.checkbox-label.locked { + opacity: 0.55; + cursor: not-allowed; + input[type="checkbox"] { cursor: not-allowed; } +} + +.locked-scopes-label { + font-size: 0.8rem; + font-weight: 600; + color: var(--pico-muted-color); + text-transform: uppercase; + letter-spacing: 0.04em; + margin: $space-3 0 $space-2; +} + +// Warning banner when trust level downgrade strips scopes +.scope-strip-warning { + display: flex; + align-items: center; + gap: $space-2; + flex-wrap: wrap; + padding: $space-2 $space-3; + background: var(--warning-bg); + border: 1px solid var(--warning-border); + border-radius: $radius-md; + font-size: 0.9rem; + margin-bottom: $space-3; + color: var(--warning-fg-strong); + button { margin-left: auto; flex-shrink: 0; } +} + +// Compact app list for index +.app-list { + display: flex; + flex-direction: column; + gap: $space-3; +} + +.app-list-item { + display: flex; + align-items: center; + gap: $space-4; + padding: $space-4; + + .app-list-item-identity { + display: flex; align-items: center; gap: $space-3; flex: 1; min-width: 0; + h3 { margin: 0; font-size: 1rem; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; } + small { color: var(--pico-muted-color); font-size: 0.8125rem; } + } + + .app-list-item-meta { + display: flex; align-items: center; gap: $space-3; flex-shrink: 0; + .client-id { font-family: $font-mono; font-size: 0.8125rem; color: var(--pico-muted-color); } + @include down($bp-md) { .client-id { display: none; } } + } +} diff --git a/app/lib/shortcodes.rb b/app/lib/shortcodes.rb index 68d1e3e1..d9489c86 100644 --- a/app/lib/shortcodes.rb +++ b/app/lib/shortcodes.rb @@ -31,9 +31,9 @@ def all(user = nil) # Common shortcuts << Shortcode.new(code: "LOGS", label: "Audit logs", controller: "backend/audit_logs", action: "index", icon: "⭢", role: :general, path_override: nil) - # Program manager + # Program manager / developer if user&.program_manager? || user&.super_admin? - shortcuts << Shortcode.new(code: "APPS", label: "OAuth2 apps", controller: "backend/programs", action: "index", icon: "⭢", role: :program_manager, path_override: nil) + shortcuts << Shortcode.new(code: "APPS", label: "OAuth2 apps", controller: "developer_apps", action: "index", icon: "⭢", role: :program_manager, path_override: "/developer/apps") end # Super admin (less frequent) diff --git a/app/models/identity.rb b/app/models/identity.rb index 6baa254e..c12e20b5 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -83,6 +83,9 @@ def active_for_backend? has_many :owned_developer_apps, class_name: "Program", foreign_key: :owner_identity_id, dependent: :nullify + has_many :program_collaborators, dependent: :destroy + has_many :collaborated_programs, through: :program_collaborators, source: :program + validates :first_name, :last_name, :country, :primary_email, :birthday, presence: true validates :primary_email, uniqueness: { conditions: -> { where(deleted_at: nil) } } validate :validate_primary_email, if: -> { new_record? || primary_email_changed? } @@ -172,6 +175,11 @@ def self.link_slack_account(code, redirect_uri, current_identity) { success: true, slack_id: slack_id } end + def accessible_developer_apps + Program.where(id: owned_developer_apps.select(:id)) + .or(Program.where(id: collaborated_programs.select(:id))) + end + def slack_linked? = slack_id.present? def onboarding_scenario_instance diff --git a/app/models/oauth_scope.rb b/app/models/oauth_scope.rb index 7723acad..e6cfdd13 100644 --- a/app/models/oauth_scope.rb +++ b/app/models/oauth_scope.rb @@ -126,6 +126,9 @@ def initialize(name:, description:, consent_fields: [], includes: [], icon: nil) BY_NAME = ALL.index_by(&:name).freeze COMMUNITY_ALLOWED = %w[openid profile email name slack_id verification_status].freeze + HQ_OFFICIAL_SCOPES = (COMMUNITY_ALLOWED + %w[basic_info birthdate phone address]).freeze + SUPER_ADMIN_SCOPES = (HQ_OFFICIAL_SCOPES + %w[legal_name]).freeze + # set_slack_id intentionally omitted from all tiers — valid but not assignable via UI def self.find(name) BY_NAME[name.to_s] diff --git a/app/models/program.rb b/app/models/program.rb index 3cbd232b..f504bb83 100644 --- a/app/models/program.rb +++ b/app/models/program.rb @@ -43,6 +43,9 @@ class Program < ApplicationRecord has_many :organizer_positions, class_name: "Backend::OrganizerPosition", foreign_key: :program_id, dependent: :destroy has_many :organizers, through: :organizer_positions, source: :backend_user, class_name: "Backend::User" + has_many :program_collaborators, dependent: :destroy + has_many :collaborator_identities, through: :program_collaborators, source: :identity + belongs_to :owner_identity, class_name: "Identity", optional: true validates :name, presence: true @@ -95,6 +98,16 @@ def onboarding_scenario_instance(identity = nil) onboarding_scenario_class&.new(identity) end + def collaborator?(identity) + return false unless identity + program_collaborators.exists?(identity: identity) + end + + def accessible_by?(identity) + return false unless identity + owner_identity_id == identity.id || collaborator?(identity) + end + def rotate_credentials! self.secret = SecureRandom.hex(32) self.program_key = "prgmk." + SecureRandom.hex(32) diff --git a/app/models/program_collaborator.rb b/app/models/program_collaborator.rb new file mode 100644 index 00000000..6490de55 --- /dev/null +++ b/app/models/program_collaborator.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +class ProgramCollaborator < ApplicationRecord + belongs_to :program + belongs_to :identity + + validates :identity_id, uniqueness: { scope: :program_id } +end diff --git a/app/policies/program_policy.rb b/app/policies/program_policy.rb index adb2eee6..f74b5931 100644 --- a/app/policies/program_policy.rb +++ b/app/policies/program_policy.rb @@ -1,45 +1,121 @@ +# frozen_string_literal: true + +# `user` here is always an Identity (via IdentityAuthorizable). class ProgramPolicy < ApplicationPolicy - def index? = user_is_program_manager? || user_has_assigned_programs? + def index? + user.developer_mode? || admin? + end + + def show? + owner? || collaborator? || admin? + end + + def create? + user.developer_mode? || admin? + end + + def new? + create? + end + + def update? + owner? || collaborator? || admin? + end + + def edit? + update? + end + + def destroy? + owner? || admin? + end + + def update_trust_level? + user.can_hq_officialize? || admin? + end + + def update_scopes? + owner? || collaborator? || admin? + end - def show? = user_is_program_manager? || user_has_access_to_program? + def update_all_scopes? + admin? + end - def create? = user_is_program_manager? + # Returns the list of scope names this user is permitted to add or remove. + # Scopes outside this list that already exist on the app are "locked" — + # preserved on save but not editable by this user. + def allowed_scopes + if super_admin? + OAuthScope::SUPER_ADMIN_SCOPES + elsif user.can_hq_officialize? || admin? + OAuthScope::HQ_OFFICIAL_SCOPES + else + OAuthScope::COMMUNITY_ALLOWED + end + end - def update? = user_is_program_manager? || user_has_access_to_program? + def update_onboarding_scenario? + super_admin? + end - def destroy? = user_is_program_manager? + def update_active? + admin? + end - def update_basic_fields? = user_has_access_to_program? + def view_secret? + owner? || admin? + end - def update_scopes? = user_is_program_manager? + def view_api_key? + admin? + end - def update_onboarding_scenario? = user&.super_admin? + def rotate_credentials? + owner? || admin? + end - def rotate_credentials? = user_is_program_manager? + def revoke_all_authorizations? + owner? || admin? + end + + def manage_collaborators? + owner? + end - class Scope < Scope + class Scope < ApplicationPolicy::Scope def resolve - if user.program_manager? || user.super_admin? - # Program managers and super admins can see all programs + if admin? scope.all else - # Regular users can only see programs they are assigned to - scope.joins(:organizer_positions).where(backend_organizer_positions: { backend_user_id: user.id }) + user.accessible_developer_apps end end + + private + + def admin? + backend_user = user.backend_user + backend_user&.program_manager? || backend_user&.super_admin? + end end private - def user_is_program_manager? - user.present? && (user.program_manager? || user.super_admin?) + def owner? + record.is_a?(Class) ? false : record.owner_identity_id == user.id + end + + def collaborator? + record.is_a?(Class) ? false : record.collaborator?(user) end - def user_has_assigned_programs? - user.present? && user.organized_programs.any? + def admin? + backend_user = user.backend_user + backend_user&.program_manager? || backend_user&.super_admin? end - def user_has_access_to_program? - user_is_program_manager? || (user.present? && user.organized_programs.include?(record)) + def super_admin? + user.backend_user&.super_admin? end end diff --git a/app/views/backend/identities/edit.html.erb b/app/views/backend/identities/edit.html.erb index 9f4cc6bb..59d104f9 100644 --- a/app/views/backend/identities/edit.html.erb +++ b/app/views/backend/identities/edit.html.erb @@ -70,6 +70,11 @@ <%= f.check_box :permabanned %> permanently ban (makes ineligible) +
+ <%= f.label :can_hq_officialize, "can officialize apps" %> + <%= f.check_box :can_hq_officialize %> + allow this identity to promote apps to hq_official +
<% end %> diff --git a/app/views/backend/programs/_program.html.erb b/app/views/backend/programs/_program.html.erb deleted file mode 100644 index e3220aad..00000000 --- a/app/views/backend/programs/_program.html.erb +++ /dev/null @@ -1,6 +0,0 @@ - - <%= inline_icon("briefcase", size: 16) %> - <%= link_to backend_program_path(program), class: "identity-link", target: "_blank" do %> - <%= program.name %> - <% end %> - diff --git a/app/views/backend/programs/edit.html.erb b/app/views/backend/programs/edit.html.erb deleted file mode 100644 index 11ba5f7f..00000000 --- a/app/views/backend/programs/edit.html.erb +++ /dev/null @@ -1,9 +0,0 @@ -
- <%= render Components::Backend::Card.new(title: "edit: #{@program.name}") do %> - <%= render Components::Backend::Item.new(icon: "⭠", href: backend_program_path(@program)) do %> - cancel - <% end %> -
- <%= render Backend::Programs::Form.new @program %> - <% end %> -
diff --git a/app/views/backend/programs/index.html.erb b/app/views/backend/programs/index.html.erb deleted file mode 100644 index ade33cdb..00000000 --- a/app/views/backend/programs/index.html.erb +++ /dev/null @@ -1,45 +0,0 @@ -
- <%= render Components::Backend::Card.new(title: "oauth programs") do %> -
- - - - - - - - - - - - <% @programs.each do |program| %> - - - - - - - - <% end %> - -
nameownerscopesusersactive
- <%= link_to backend_program_path(program) do %> - <%= program.name %> - <% end %> - <% if program.description.present? %> -
<%= truncate(program.description, length: 40) %> - <% end %> - 		- <% if program.owner_identity.present? %> - <%= render Components::UserMention.new(program.owner_identity) %> - <% else %> - HQ - <% end %> - <%= program.scopes.presence || "—" %><%= program.identities.distinct.count %><%= render_checkbox(program.active?) %>
-
-
- <%= render Components::Backend::Item.new(icon: "+", href: new_backend_program_path) do %> - new program - <% end %> - <% end %> -
diff --git a/app/views/backend/programs/new.html.erb b/app/views/backend/programs/new.html.erb deleted file mode 100644 index 293fbd24..00000000 --- a/app/views/backend/programs/new.html.erb +++ /dev/null @@ -1,9 +0,0 @@ -
- <%= render Components::Backend::Card.new(title: "new program") do %> - <%= render Components::Backend::Item.new(icon: "⭠", href: backend_programs_path) do %> - cancel - <% end %> -
- <%= render Backend::Programs::Form.new @program %> - <% end %> -
diff --git a/app/views/backend/programs/show.html.erb b/app/views/backend/programs/show.html.erb deleted file mode 100644 index 9e3e927c..00000000 --- a/app/views/backend/programs/show.html.erb +++ /dev/null @@ -1,95 +0,0 @@ -
- <%= render Components::Backend::Card.new(title: "program: #{@program.name}") do %> - <%= render Components::Backend::Item.new(icon: "⭠", href: backend_programs_path) do %> - back to programs - <% end %> -
-
-

details

-
- <% if @program.description.present? %> -

<%= @program.description %>

- <% end %> -
- owner - - <% if @program.owner_identity.present? %> - <%= render Components::UserMention.new(@program.owner_identity) %> - <% else %> - HQ - <% end %> - -
-
- status - <%= @program.active? ? "active" : "inactive" %> -
-
- trust - <%= @program.trust_level.to_s.titleize %> -
-
- scopes - <%= @program.scopes.presence || "none" %> -
-
- users - <%= @identities_count %> -
- <% if @program.onboarding_scenario.present? %> -
- onboarding - <%= @program.onboarding_scenario.titleize %> -
- <% end %> -
-
-
-
-

credentials

-
-
- - -
-
- - -
-
- - -
- <% if policy(@program).rotate_credentials? %> -
- <%= link_to "rotate secret & api key", rotate_credentials_backend_program_path(@program), method: :post, data: { confirm: "are you sure? this will invalidate the current secret and api key. any integrations using them will break." }, class: "btn btn-danger" %> -
- <% end %> -
-
- <% if @program.redirect_uri.present? %> -
-

redirect uris

-
- <% @program.redirect_uri.split.each do |uri| %> -
- <%= uri %> - <%= link_to "auth →", oauth_authorization_path(client_id: @program.uid, redirect_uri: uri, response_type: 'code', scope: @program.scopes), target: '_blank' %> -
- <% end %> -
-
- <% end %> -
- <%= render Components::Backend::Item.new(icon: "✎", href: edit_backend_program_path(@program)) do %> - edit program - <% end %> - <%= render Components::Backend::Item.new(icon: "⭢", href: oauth_application_path(@program), target: "_blank") do %> - oauth app - <% end %> - <%= link_to backend_program_path(@program), method: :delete, data: { confirm: "delete this program and all associated data?" }, class: "item" do %> -
- delete program - <% end %> - <% end %> -
diff --git a/app/views/backend/static_pages/index.html.erb b/app/views/backend/static_pages/index.html.erb index d4e74f15..0d54ae8c 100644 --- a/app/views/backend/static_pages/index.html.erb +++ b/app/views/backend/static_pages/index.html.erb @@ -32,7 +32,7 @@ <% if current_user&.program_manager? || current_user&.super_admin? %> Program manager:
- <%= render Components::Backend::Item.new(icon: "⭢", href: backend_programs_path) do %> + <%= render Components::Backend::Item.new(icon: "⭢", href: developer_apps_path) do %> Manage OAuth2 apps

  [ APPS ]

<% end %> diff --git a/app/views/developer_apps/edit.html.erb b/app/views/developer_apps/edit.html.erb index 6cbaa5d4..bc383421 100644 --- a/app/views/developer_apps/edit.html.erb +++ b/app/views/developer_apps/edit.html.erb @@ -3,6 +3,15 @@ <%= link_to t(".back_to_app"), developer_app_path(@app) %>
+<%# Compute once for Alpine init and server-side locked-scope rendering %> +<% editor_data = { + trustLevel: @app.trust_level, + selectedScopes: @app.scopes_array, + allowedScopes: policy(@app).allowed_scopes, + communityScopes: Program::COMMUNITY_ALLOWED_SCOPES, + allScopes: Program::AVAILABLE_SCOPES + } %> + <%= form_with model: @app, url: developer_app_path(@app), method: :patch, local: true do |f| %> <% if @app.errors.any? %> <%= render Components::Banner.new(kind: :danger) do %> @@ -15,33 +24,119 @@ <% end %> <% end %> -
- <%= f.label :name, t(".app_name") %> - <%= f.text_field :name, required: true %> -
+
+ <%# === Card 1: App Details === %> +
+

<%= t(".app_details_heading", default: "App Details") %>

+
+ <%= f.label :name, t(".app_name") %> + <%= f.text_field :name, required: true %> +
+
+ <%= f.label :redirect_uri, t(".redirect_uri") %> + <%= f.text_area :redirect_uri, rows: 3, required: true %> + <%= t ".redirect_uri_hint" %> +
+
-
- <%= f.label :redirect_uri, t(".redirect_uri") %> - <%= f.text_area :redirect_uri, rows: 3, required: true %> - <%= t ".redirect_uri_hint" %> -
+ <%# === Cards 2+3 wrapped in Alpine === %> +
+ + <%# === Card 2: Trust Level (if user can edit it) === %> + <% if policy(@app).update_trust_level? %> +
+

<%= t(".trust_level_heading", default: "Trust Level") %>

+
+ <%= f.label :trust_level, t(".trust_level") %> + <%= f.select :trust_level, + Program.trust_levels.keys.map { |k| [k.titleize, k] }, + {}, { "x-model": "trustLevel", "@change": "onTrustLevelChange()" } %> + <%= t(".trust_level_hint", default: "Controls which scopes the app may request and how the consent screen appears to users.") %> +
+
+ <% end %> + + <%# === Card 3: OAuth Scopes === %> +
+

<%= t(".oauth_scopes_heading", default: "OAuth Scopes") %>

+ + <%# Warning when trust level downgrade stripped scopes %> +
+ <%= t(".scopes_removed", default: "Scopes removed:") %> + + — <%= t(".scopes_not_valid_for_trust_level", default: "not valid for this trust level.") %> + +
+ + <%# Blank input ensures empty array when nothing checked %> + -
- <%= f.label :scopes_array, t(".scopes") %> - - <% Program::COMMUNITY_ALLOWED_SCOPES.each do |scope| %> - + <%# Editable scope checkboxes (Alpine-rendered) %> + + + <%# Locked scopes — hidden inputs to preserve, shown as disabled rows %> + + + <%# Community-only note for users who can't change trust level %> + <% unless policy(@app).update_trust_level? %> + <%= render Components::Banner.new(kind: :info) do %> + <%= t("developer_apps.new.trust_level_note_html").html_safe %> + <% end %> + <% end %> +
+
+ + <%# === Card 4: Admin Settings (if applicable) === %> + <% if policy(@app).update_onboarding_scenario? || policy(@app).update_active? %> +
+

<%= t(".admin_settings_heading", default: "Admin Settings") %>

+ <% if policy(@app).update_onboarding_scenario? %> +
+ <%= f.label :onboarding_scenario, t(".onboarding_scenario") %> + <%= f.select :onboarding_scenario, OnboardingScenarios::Base.available_slugs.map { |s| [s.titleize, s] }, { include_blank: t(".onboarding_default") }, class: "input-field" %> + <%= t ".onboarding_scenario_hint" %> +
+ <% end %> + <% if policy(@app).update_active? %> +
+ +
+ <% end %> +
<% end %> - <%= t ".scopes_hint", scopes: Program::COMMUNITY_ALLOWED_SCOPES.join(", ") %>
-
+
<%= f.submit t(".update"), class: "button" %> <%= link_to t(".cancel"), developer_app_path(@app), class: "button-secondary" %>
diff --git a/app/views/developer_apps/index.html.erb b/app/views/developer_apps/index.html.erb index f220ed27..3f0a0607 100644 --- a/app/views/developer_apps/index.html.erb +++ b/app/views/developer_apps/index.html.erb @@ -1,46 +1,51 @@
-

<%= t ".title" %>

+

<%= admin? ? t(".title_admin") : t(".title") %>

How?..Just <%= link_to "Watch The Free Video", doc_path("tldr"), target: "_blank" %> > - <% if @apps.any? %> -
- <%= link_to t(".create_new"), new_developer_app_path, role: "button" %> +
+ <%= link_to t(".create_new"), new_developer_app_path, role: "button" %> +
+
+ +
+ <% if admin? %> +
+ <%= form_with url: developer_apps_path, method: :get, local: true do %> + <%= text_field_tag :search, params[:search], placeholder: t(".search_placeholder"), type: "search" %> + + <% if params[:search].present? || params[:owner_id].present? %> + <%= link_to "✕ #{t('.clear_filters')}", developer_apps_path, class: "button-secondary small-btn" %> + <% end %> + <% end %> + <%= t(".results_count", count: @apps.total_count) %>
<% end %> -
-<% if @apps.any? %> - <% @apps.each do |app| %> -
-
-
-

<%= link_to app.name, developer_app_path(app) %>

-
- <%= app.scopes_array.join(", ").presence || t(".no_scopes") %> · - <%= app.trust_level.to_s.titleize %> + <% if @apps.any? %> +
+ <% @apps.each do |app| %> +
+
+
+

<%= link_to app.name, developer_app_path(app) %>

+ <%= app.scopes_array.join(", ").presence || t(".no_scopes") %> +
-
-
- <%= link_to t(".edit"), edit_developer_app_path(app), class: "button-secondary", style: "font-size: 0.9rem; padding: 0.4rem 0.8rem;" %> - <%= button_to t(".delete"), developer_app_path(app), method: :delete, class: "danger small-btn", - form: { "hx-confirm": t(".delete_confirm") } %> -
-
- -
-
- <%= t ".client_id" %>: - <%= copy_to_clipboard app.uid, label: t(".click_to_copy_client_id") do %> - <%= app.uid %> - <% end %> -
-
-
+
+ <% if admin? && app.owner_identity %> + <%= app.owner_identity.full_name %> + <% end %> + <%= app.uid %> +
+ + <% end %> +
+ <%= paginate @apps %> + <% else %> +
+
<%= inline_icon("code", size: 48) %>
+

<%= t ".blank_slate.title" %>

+

<%= t ".blank_slate.cta" %>

+ <%= link_to t(".blank_slate.create"), new_developer_app_path, role: "button" %> +
<% end %> -<% else %> -
-
<%= inline_icon("code", size: 48) %>
-

<%= t ".blank_slate.title" %>

-

<%= t ".blank_slate.cta" %>

- <%= link_to t(".blank_slate.create"), new_developer_app_path, role: "button" %> -
-<% end %> +
diff --git a/app/views/developer_apps/new.html.erb b/app/views/developer_apps/new.html.erb index dd2738e5..186c7839 100644 --- a/app/views/developer_apps/new.html.erb +++ b/app/views/developer_apps/new.html.erb @@ -3,6 +3,19 @@ <%= link_to t(".back_to_apps"), developer_apps_path %> +<%# Compute once for Alpine init. + @app.trust_level is community_untrusted from the controller (both the new + action default and the create action's server-side enforcement). On + validation-error re-render it preserves whatever the user submitted. %> +<% editor_data = { + trustLevel: @app.trust_level, + selectedScopes: @app.scopes_array, + allowedScopes: policy(@app).allowed_scopes, + communityScopes: Program::COMMUNITY_ALLOWED_SCOPES, + allScopes: Program::AVAILABLE_SCOPES, + yswsDefaults: policy(@app).update_trust_level? + } %> + <%= form_with model: @app, url: developer_apps_path, method: :post, local: true do |f| %> <% if @app.errors.any? %> <%= render Components::Banner.new(kind: :danger) do %> @@ -15,38 +28,84 @@ <% end %> <% end %> -
- <%= f.label :name, t(".app_name") %> - <%= f.text_field :name, placeholder: t(".app_name_placeholder"), required: true %> -
+
+ <%# === Card 1: App Details === %> +
+

<%= t(".app_details_heading", default: "App Details") %>

+
+ <%= f.label :name, t(".app_name") %> + <%= f.text_field :name, placeholder: t(".app_name_placeholder"), required: true %> +
+
+ <%= f.label :redirect_uri, t(".redirect_uri") %> + <%= f.text_area :redirect_uri, placeholder: t(".redirect_uri_placeholder"), rows: 3, required: true %> + <%= t ".redirect_uri_hint" %> +
+
-
- <%= f.label :redirect_uri, t(".redirect_uri") %> - <%= f.text_area :redirect_uri, placeholder: t(".redirect_uri_placeholder"), rows: 3, required: true %> - <%= t ".redirect_uri_hint" %> -
+ <%# === Cards 2+3 wrapped in Alpine === %> +
-
- <%= f.label :scopes_array, t(".scopes") %> - - <% Program::COMMUNITY_ALLOWED_SCOPES.each do |scope| %> - - <% end %> - <%= t ".scopes_hint", scopes: Program::COMMUNITY_ALLOWED_SCOPES.join(", ") %> + <%# === Card 2: Trust Level (if user can set it) === %> + <% if policy(@app).update_trust_level? %> +
+

<%= t(".trust_level_heading", default: "Trust Level") %>

+
+ <%= f.label :trust_level, t(".trust_level") %> + <%= f.select :trust_level, + Program.trust_levels.keys.map { |k| [k.titleize, k] }, + {}, + { "x-model": "trustLevel", "@change": "onTrustLevelChange()" } %> + <%= t(".trust_level_hint", default: "Controls which scopes the app may request and how the consent screen appears to users.") %> +
+
+ <% end %> + + <%# === Card 3: OAuth Scopes === %> +
+

<%= t(".oauth_scopes_heading", default: "OAuth Scopes") %>

+ + <%# Warning when trust level downgrade stripped scopes %> +
+ <%= t("developer_apps.edit.scopes_removed", default: "Scopes removed:") %> + + — <%= t("developer_apps.edit.scopes_not_valid_for_trust_level", default: "not valid for this trust level.") %> + +
+ + <%# Quick-fill for YSWS programs (HQ officializers only) %> + + + <%# Blank input ensures empty array when nothing checked %> + + + <%# Editable scope checkboxes (Alpine-rendered) %> + + + <%# Community-only note for users who can't change trust level %> + <% unless policy(@app).update_trust_level? %> + <%= render Components::Banner.new(kind: :info) do %> + <%= t(".trust_level_note_html").html_safe %> + <% end %> + <% end %> +
+
-
-
- <%= render Components::Banner.new(kind: :info) do %> - <%= t(".trust_level_note_html").html_safe %> - <% end %> -
+
<%= f.submit t(".create"), class: "button" %> <%= link_to t(".cancel"), developer_apps_path, class: "button-secondary" %>
diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index 0960e864..173c7e44 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -2,73 +2,156 @@

<%= @app.name %>

<%= link_to t(".back_to_apps"), developer_apps_path %>
-<%= render Components::Banner.new(kind: :warning) do %> - <%= t ".security_warning_title" %>
- <%= t ".security_warning_message" %> -<% end %> -
-

<%= t ".oauth_credentials" %>

-
-
- - <%= copy_to_clipboard @app.uid, label: t(".click_to_copy_client_id") do %> - <%= text_field_tag :client_id, @app.uid, readonly: true, style: "font-family: monospace; font-size: 0.9rem; cursor: pointer;", autocomplete: "off" %> - <% end %> -
+
+
+ + <%# Quick actions %> + <%= link_to t(".edit_app"), edit_developer_app_path(@app), class: "button-secondary" %> + + <%# Danger zone %> + <% if policy(@app).rotate_credentials? || policy(@app).destroy? %> +
+

<%= t(".danger_zone") %>

+ <% if policy(@app).rotate_credentials? %> + <%= button_to t(".rotate_credentials"), rotate_credentials_developer_app_path(@app), method: :post, class: "danger small-btn", + form: { onsubmit: "return confirm('#{j t('.rotate_confirm')}')" } %> + <% end %> + <% if policy(@app).revoke_all_authorizations? %> + <%= button_to t(".revoke_all_authorizations"), revoke_all_authorizations_developer_app_path(@app), method: :post, class: "danger small-btn", + form: { onsubmit: "return confirm('#{j t('.revoke_all_authorizations_confirm')}')" } %> + <% end %> + <% if policy(@app).destroy? %> + <%= button_to t(".delete_app"), developer_app_path(@app), method: :delete, class: "danger small-btn", + form: { onsubmit: "return confirm('#{j t('.delete_confirm')}')" } %> + <% end %> +
+ <% end %> + + +
+ <%# Security warning %> + <%= render Components::Banner.new(kind: :warning) do %> + <%= t ".security_warning_title" %>
+ <%= t ".security_warning_message" %> + <% end %> -
-

<%= t ".configuration" %>

+ <%# OAuth Credentials %> +
+

<%= t ".oauth_credentials" %>

+
+ + <%= copy_to_clipboard @app.uid, label: t(".click_to_copy_client_id") do %> + <%= text_field_tag :client_id, @app.uid, readonly: true, autocomplete: "off" %> + <% end %> +
+ <% if policy(@app).view_secret? %> +
+ +
+ <%= copy_to_clipboard @app.secret, label: t(".click_to_copy_client_secret") do %> + + <% end %> + +
+
+ <% end %> + <% if policy(@app).view_api_key? %> +
+ +
+ <%= copy_to_clipboard @app.program_key, label: t(".click_to_copy_api_key") do %> + + <% end %> + +
+
+ <% end %> +
-
-
- -
- <% if @app.scopes_array.any? %> - <%= text_field_tag :scopes, @app.scopes_array.join(", "), readonly: true, autocomplete: "off" %> - <% else %> - <%= t ".no_scopes" %> + <%# Redirect URIs %> +
+

<%= t ".redirect_uris" %>

+
+ <% @app.redirect_uri.split.each do |uri| %> +
+ <%= text_field_tag "redirect_uri_#{uri.hash}", uri, readonly: true, autocomplete: "off" %> + <%= link_to oauth_authorization_path(client_id: @app.uid, redirect_uri: uri, response_type: 'code', scope: @app.scopes), + class: "button-secondary small-btn", target: "_blank" do %> + <%= t(".test_auth") %> <%= inline_icon("external", size: 14) %> + <% end %> +
<% end %> + <%= t ".auth_link_hint" %>
-
+
-
- - <%= text_field_tag :trust_level, @app.trust_level.to_s.titleize, readonly: true, autocomplete: "off" %> -
-
- + <%# Collaborators (owner only) %> + <% if policy(@app).manage_collaborators? %> +
+

<%= t(".collaborators") %>

+
+ <% if @collaborators.any? %> + <% @collaborators.each do |collab| %> +
+
+ <%= collab.identity.full_name %> + <%= collab.identity.primary_email %> +
+ <%= button_to t(".remove_collaborator"), developer_app_collaborator_path(@app, collab), method: :delete, class: "danger small-btn", + form: { onsubmit: "return confirm('#{j t('.remove_collaborator_confirm')}')" } %> +
+ <% end %> + <% else %> +

<%= t(".no_collaborators") %>

+ <% end %> +
+
+

<%= t(".add_collaborator") %>

+ <%= form_with url: developer_app_collaborators_path(@app), method: :post, local: true do |f| %> + <%= email_field_tag :email, nil, placeholder: t(".collaborator_email_placeholder"), required: true %> + + <% end %> +
+
+ <% end %> -
- <%= link_to t(".edit_app"), edit_developer_app_path(@app), class: "button" %> - <%= button_to t(".delete_app"), developer_app_path(@app), method: :delete, class: "danger small-btn", - form: { "hx-confirm": t(".delete_confirm") } %> + <%# Trust level is now managed through the edit form %> +
diff --git a/app/views/forms/backend/programs/form.rb b/app/views/forms/backend/programs/form.rb deleted file mode 100644 index f930b24d..00000000 --- a/app/views/forms/backend/programs/form.rb +++ /dev/null @@ -1,78 +0,0 @@ -class Backend::Programs::Form < ApplicationForm - def view_template(&) - div do - labeled field(:name).input, "Program Name: " - end - div do - label(class: "field-label") { "Redirect URIs (one per line):" } - textarea( - name: "oauth_application[redirect_uri]", - placeholder: "https://example.com/callback", - class: "input-field", - rows: 3, - style: "width: 100%;", - ) { model.redirect_uri } - end - program_manager_tool do - div style: "margin: 1rem 0;" do - label(class: "field-label") { "Trust Level:" } - select( - name: "program[trust_level]", - class: "input-field", - style: "width: 100%; margin-bottom: 1rem;" - ) do - Program.trust_levels.each do |key, value| - option( - value: key, - selected: model.trust_level == key - ) { key.titleize } - end - end - end - - super_admin_tool do - div style: "margin: 1rem 0;" do - label(class: "field-label") { "Onboarding Scenario:" } - select( - name: "program[onboarding_scenario]", - class: "input-field", - style: "width: 100%; margin-bottom: 1rem;" - ) do - option(value: "", selected: model.onboarding_scenario.blank?) { "(default)" } - OnboardingScenarios::Base.available_slugs.each do |slug| - option( - value: slug, - selected: model.onboarding_scenario == slug - ) { slug.titleize } - end - end - small(style: "display: block; color: var(--muted-color); margin-top: -0.5rem;") do - plain "When users sign up through this OAuth app, they'll use this onboarding flow" - end - end - end - - div style: "margin: 1rem 0;" do - label(class: "field-label") { "OAuth Scopes:" } - # Hidden field to ensure empty scopes array is submitted when no checkboxes are checked - input type: "hidden", name: "program[scopes_array][]", value: "" - Program::AVAILABLE_SCOPES.each do |scope| - div class: "checkbox-row" do - scope_checked = model.persisted? ? model.has_scope?(scope[:name]) : false - input( - type: "checkbox", - name: "program[scopes_array][]", - value: scope[:name], - id: "program_scopes_#{scope[:name]}", - checked: scope_checked, - ) - label(for: "program_scopes_#{scope[:name]}", class: "checkbox-label", style: "margin-right: 0.5rem;") { scope[:name] } - small { scope[:description] } - end - end - end - end - - submit model.new_record? ? "Create Program" : "Update Program" - end -end diff --git a/config/locales/en.yml b/config/locales/en.yml index aeb1575f..1e4bfd07 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -151,17 +151,23 @@ en: backend: Admin developer_apps: index: - title: Developers' corner + title: Your Apps + title_admin: All Apps create_new: app me up! no_scopes: No scopes edit: Edit - delete: Delete - delete_confirm: Are you sure you want to delete this app? This cannot be undone. - rotate_credentials: Rotate Secret & API Key - rotate_confirm: Are you sure? This will invalidate your current client secret and API key, breaking any existing integrations using those credentials. - rotate_hint: If your credentials have been compromised, you can rotate them to generate new ones. Just make sure to update your integration with the new credentials afterward! client_id: Client ID click_to_copy_client_id: click to copy client ID + collaborators_count: + one: "%{count} collaborator" + other: "%{count} collaborators" + search_label: Search + search_placeholder: Search by app name... + search_button: Search + clear_filters: Clear + results_count: + one: "1 app" + other: "%{count} apps" blank_slate: title: No OAuth apps yet cta: Create an app to start authenticating with Hack Club! @@ -169,6 +175,16 @@ en: not_found: "App not found (or you're unauthorized?)" show: back_to_apps: ← Back to Apps + details: Details + owner: Owner + status: Status + active: Active + inactive: Inactive + trust_level: Trust Level + scopes: Scopes + no_scopes: No scopes selected + user_count: Users + onboarding_scenario: Onboarding Scenario security_warning_title: Keep your credentials secure! security_warning_message: Never share your client secret publicly or commit it to version control. oauth_credentials: OAuth Credentials @@ -176,32 +192,44 @@ en: click_to_copy_client_id: click to copy client ID client_secret: Client Secret click_to_copy_client_secret: click to copy client secret + reveal: Reveal + hide: Hide + api_key: API Key + click_to_copy_api_key: click to copy API key redirect_uris: Redirect URIs test_auth: Test Auth auth_link_hint: Right click auth links to copy URL - configuration: Configuration - scopes: Scopes - no_scopes: No scopes selected - trust_level: Trust Level + collaborators: Collaborators + no_collaborators: No collaborators yet. + add_collaborator: Add a collaborator + collaborator_email_placeholder: collaborator@example.com + add_button: Add + remove_collaborator: Remove + remove_collaborator_confirm: Remove this collaborator? edit_app: Edit App delete_app: Delete App delete_confirm: Are you sure you want to delete this app? This action cannot be undone and will revoke all existing tokens. - rotate_credentials: Rotate Secret & API Key + rotate_credentials: Rotate Credentials rotate_confirm: Are you sure? This will generate a new client secret and API key. The old ones will stop working immediately. - rotate_hint: If your credentials have been compromised, rotate them here. + danger_zone: Danger Zone + revoke_all_authorizations: Revoke All Tokens + revoke_all_authorizations_confirm: "Revoke all active tokens for this app? Users will be signed out and need to re-authorize." new: title: Create New OAuth App back_to_apps: ← Back to Apps errors_header: one: "%{count} issue prevented this from being saved:" other: "%{count} issues prevented this from being saved:" + app_details_heading: App Details app_name: Application Name app_name_placeholder: Northern California National Bank Online Banking redirect_uri: Redirect URI(s) redirect_uri_placeholder: http://localhost:3000/oauth/callback redirect_uri_hint: Enter one redirect URI per line for OAuth callbacks - scopes: Scopes - scopes_hint: "Community apps are limited to: %{scopes}" + trust_level_heading: Trust Level + trust_level: Trust Level + trust_level_hint: Controls which scopes the app may request and how the consent screen appears to users. + oauth_scopes_heading: OAuth Scopes trust_level_note_html: "Note: Your app will initially be created with community_untrusted trust level.
This means users will see a scarier consent screen when authorizing your app.
Once you've developed your integration, poke Nora to get it promoted." create: Create App cancel: Cancel @@ -211,11 +239,22 @@ en: errors_header: one: "%{count} issue prevented this from being saved:" other: "%{count} issues prevented this from being saved:" + app_details_heading: App Details app_name: Application Name redirect_uri: Redirect URI redirect_uri_hint: Enter one redirect URI per line for OAuth callbacks - scopes: Scopes - scopes_hint: "Community apps are limited to: %{scopes}" + trust_level_heading: Trust Level + trust_level: Trust Level + trust_level_hint: Controls which scopes the app may request and how the consent screen appears to users. + oauth_scopes_heading: OAuth Scopes + scopes_removed: "Scopes removed:" + scopes_not_valid_for_trust_level: not valid for this trust level. + scopes_locked_by_higher_permission: "Managed by a higher-permission user:" + admin_settings_heading: Admin Settings + onboarding_scenario: Onboarding Scenario + onboarding_default: "(default)" + onboarding_scenario_hint: Users signing up through this OAuth app will use this onboarding flow + active: Active update: Update App cancel: Cancel create: @@ -226,10 +265,17 @@ en: success: OAuth app deleted successfully! rotate_credentials: success: OAuth app credentials rotated successfully! - require_developer_mode: - developer_mode_required: Developer mode is not enabled for your account. + revoke_all_authorizations: + success: + one: "Revoked 1 token." + other: "Revoked %{count} tokens." set_app: not_found: OAuth app not found. + developer_app_collaborators: + create: + generic_response: "If an account with this email exists, they've been added as a collaborator." + destroy: + success: Collaborator removed. addresses: first_name: First name last_name: Last name diff --git a/config/routes.rb b/config/routes.rb index 96725605..b6f60636 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -226,11 +226,7 @@ def self.matches?(request) end end - resources :programs do - member do - post :rotate_credentials - end - end + # Programs management moved to DeveloperAppsController (unified UI) post "/break_glass", to: "break_glass#create" @@ -364,7 +360,10 @@ def self.matches?(request) resources :developer_apps, path: "developer/apps" do member do post :rotate_credentials + post :revoke_all_authorizations end + resources :collaborators, only: [ :create, :destroy ], + controller: "developer_app_collaborators" end diff --git a/db/analytics_schema.rb b/db/analytics_schema.rb new file mode 100644 index 00000000..3f11b30c --- /dev/null +++ b/db/analytics_schema.rb @@ -0,0 +1,52 @@ +# This file is auto-generated from the current state of the database. Instead +# of editing this file, please use the migrations feature of Active Record to +# incrementally modify your database, and then regenerate this schema definition. +# +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. +# +# It's strongly recommended that you check this file into your version control system. + +ActiveRecord::Schema[8.0].define(version: 2026_01_12_000002) do + # These are extensions that must be enabled in order to support this database + enable_extension "pg_catalog.plpgsql" + + create_table "ahoy_events", force: :cascade do |t| + t.bigint "visit_id" + t.string "name" + t.jsonb "properties" + t.datetime "time" + t.index ["name", "time"], name: "index_ahoy_events_on_name_and_time" + t.index ["name"], name: "index_ahoy_events_on_name" + t.index ["properties"], name: "index_ahoy_events_on_properties", using: :gin + t.index ["time"], name: "index_ahoy_events_on_time" + t.index ["visit_id"], name: "index_ahoy_events_on_visit_id" + end + + create_table "ahoy_visits", force: :cascade do |t| + t.string "visit_token" + t.string "visitor_token" + t.string "ip" + t.text "user_agent" + t.text "referrer" + t.string "referring_domain" + t.text "landing_page" + t.string "browser" + t.string "os" + t.string "device_type" + t.string "utm_source" + t.string "utm_medium" + t.string "utm_campaign" + t.string "utm_term" + t.string "utm_content" + t.datetime "started_at" + t.index ["started_at"], name: "index_ahoy_visits_on_started_at" + t.index ["visit_token"], name: "index_ahoy_visits_on_visit_token", unique: true + t.index ["visitor_token"], name: "index_ahoy_visits_on_visitor_token" + end + + add_foreign_key "ahoy_events", "ahoy_visits", column: "visit_id" +end diff --git a/db/migrate/20260226200000_add_can_hq_officialize_to_identities.rb b/db/migrate/20260226200000_add_can_hq_officialize_to_identities.rb new file mode 100644 index 00000000..99679822 --- /dev/null +++ b/db/migrate/20260226200000_add_can_hq_officialize_to_identities.rb @@ -0,0 +1,5 @@ +class AddCanHqOfficializeToIdentities < ActiveRecord::Migration[8.0] + def change + add_column :identities, :can_hq_officialize, :boolean, default: false, null: false + end +end diff --git a/db/migrate/20260226200001_create_program_collaborators.rb b/db/migrate/20260226200001_create_program_collaborators.rb new file mode 100644 index 00000000..5fc8028b --- /dev/null +++ b/db/migrate/20260226200001_create_program_collaborators.rb @@ -0,0 +1,11 @@ +class CreateProgramCollaborators < ActiveRecord::Migration[8.0] + def change + create_table :program_collaborators do |t| + t.references :program, null: false, foreign_key: { to_table: :oauth_applications } + t.references :identity, null: false, foreign_key: true + t.timestamps + end + + add_index :program_collaborators, [:program_id, :identity_id], unique: true + end +end diff --git a/db/schema.rb b/db/schema.rb index 87fdef8a..cab71e3f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2026_02_18_200000) do +ActiveRecord::Schema[8.0].define(version: 2026_02_26_200001) do # These are extensions that must be enabled in order to support this database enable_extension "pg_catalog.plpgsql" enable_extension "pgcrypto" @@ -301,8 +301,8 @@ t.boolean "saml_debug" t.boolean "is_in_workspace", default: false, null: false t.string "slack_dm_channel_id" - t.string "webauthn_id" t.boolean "is_alum", default: false + t.boolean "can_hq_officialize", default: false, null: false t.index "lower((primary_email)::text)", name: "idx_identities_unique_primary_email", unique: true, where: "(deleted_at IS NULL)" t.index ["aadhaar_number_bidx"], name: "index_identities_on_aadhaar_number_bidx", unique: true t.index ["deleted_at"], name: "index_identities_on_deleted_at" @@ -446,6 +446,7 @@ t.integer "sign_count" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.datetime "compromised_at" t.index ["external_id"], name: "index_identity_webauthn_credentials_on_external_id", unique: true t.index ["identity_id"], name: "index_identity_webauthn_credentials_on_identity_id" end @@ -526,6 +527,16 @@ t.index ["access_grant_id"], name: "index_oauth_openid_requests_on_access_grant_id" end + create_table "program_collaborators", force: :cascade do |t| + t.bigint "program_id", null: false + t.bigint "identity_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["identity_id"], name: "index_program_collaborators_on_identity_id" + t.index ["program_id", "identity_id"], name: "index_program_collaborators_on_program_id_and_identity_id", unique: true + t.index ["program_id"], name: "index_program_collaborators_on_program_id" + end + create_table "settings", force: :cascade do |t| t.string "key", null: false t.text "value" @@ -587,18 +598,6 @@ t.index ["item_type", "item_id"], name: "index_versions_on_item_type_and_item_id" end - create_table "webauthn_credentials", force: :cascade do |t| - t.bigint "identity_id", null: false - t.string "external_id", null: false - t.string "public_key", null: false - t.string "nickname", null: false - t.integer "sign_count", default: 0, null: false - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.index ["external_id"], name: "index_webauthn_credentials_on_external_id", unique: true - t.index ["identity_id"], name: "index_webauthn_credentials_on_identity_id" - end - add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id" add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" add_foreign_key "addresses", "identities" @@ -628,8 +627,9 @@ add_foreign_key "oauth_access_tokens", "identities", column: "resource_owner_id" add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id" add_foreign_key "oauth_openid_requests", "oauth_access_grants", column: "access_grant_id", on_delete: :cascade + add_foreign_key "program_collaborators", "identities" + add_foreign_key "program_collaborators", "oauth_applications", column: "program_id" add_foreign_key "verifications", "identities" add_foreign_key "verifications", "identity_aadhaar_records", column: "aadhaar_record_id" add_foreign_key "verifications", "identity_documents" - add_foreign_key "webauthn_credentials", "identities" end diff --git a/spec/factories/backend_users.rb b/spec/factories/backend_users.rb new file mode 100644 index 00000000..ed9d2cec --- /dev/null +++ b/spec/factories/backend_users.rb @@ -0,0 +1,25 @@ +FactoryBot.define do + factory :backend_user, class: "Backend::User" do + sequence(:username) { |n| "admin#{n}" } + active { true } + super_admin { false } + program_manager { false } + manual_document_verifier { false } + human_endorser { false } + all_fields_access { false } + can_break_glass { false } + association :identity + + trait :super_admin do + super_admin { true } + end + + trait :program_manager do + program_manager { true } + end + + trait :mdv do + manual_document_verifier { true } + end + end +end diff --git a/spec/factories/identities.rb b/spec/factories/identities.rb index c5308980..192a3388 100644 --- a/spec/factories/identities.rb +++ b/spec/factories/identities.rb @@ -17,5 +17,13 @@ identity.update(primary_address: address) end end + + trait :can_hq_officialize do + can_hq_officialize { true } + end + + trait :developer do + developer_mode { true } + end end end diff --git a/spec/factories/program_collaborators.rb b/spec/factories/program_collaborators.rb new file mode 100644 index 00000000..de6829be --- /dev/null +++ b/spec/factories/program_collaborators.rb @@ -0,0 +1,6 @@ +FactoryBot.define do + factory :program_collaborator do + association :program + association :identity + end +end From e96c40f7d25303d82e04c6b88296debcdb726e28 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 13:07:35 -0500 Subject: [PATCH 02/30] lemme do it --- app/policies/program_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/policies/program_policy.rb b/app/policies/program_policy.rb index f74b5931..6b49eabe 100644 --- a/app/policies/program_policy.rb +++ b/app/policies/program_policy.rb @@ -80,7 +80,7 @@ def revoke_all_authorizations? end def manage_collaborators? - owner? + owner? || admin? end class Scope < ApplicationPolicy::Scope From 4767d165c5b8c5ef0e096872e858adb0758f0c59 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 13:12:35 -0500 Subject: [PATCH 03/30] nope --- db/analytics_schema.rb | 52 ------------------------------------------ 1 file changed, 52 deletions(-) delete mode 100644 db/analytics_schema.rb diff --git a/db/analytics_schema.rb b/db/analytics_schema.rb deleted file mode 100644 index 3f11b30c..00000000 --- a/db/analytics_schema.rb +++ /dev/null @@ -1,52 +0,0 @@ -# This file is auto-generated from the current state of the database. Instead -# of editing this file, please use the migrations feature of Active Record to -# incrementally modify your database, and then regenerate this schema definition. -# -# This file is the source Rails uses to define your schema when running `bin/rails -# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to -# be faster and is potentially less error prone than running all of your -# migrations from scratch. Old migrations may fail to apply correctly if those -# migrations use external dependencies or application code. -# -# It's strongly recommended that you check this file into your version control system. - -ActiveRecord::Schema[8.0].define(version: 2026_01_12_000002) do - # These are extensions that must be enabled in order to support this database - enable_extension "pg_catalog.plpgsql" - - create_table "ahoy_events", force: :cascade do |t| - t.bigint "visit_id" - t.string "name" - t.jsonb "properties" - t.datetime "time" - t.index ["name", "time"], name: "index_ahoy_events_on_name_and_time" - t.index ["name"], name: "index_ahoy_events_on_name" - t.index ["properties"], name: "index_ahoy_events_on_properties", using: :gin - t.index ["time"], name: "index_ahoy_events_on_time" - t.index ["visit_id"], name: "index_ahoy_events_on_visit_id" - end - - create_table "ahoy_visits", force: :cascade do |t| - t.string "visit_token" - t.string "visitor_token" - t.string "ip" - t.text "user_agent" - t.text "referrer" - t.string "referring_domain" - t.text "landing_page" - t.string "browser" - t.string "os" - t.string "device_type" - t.string "utm_source" - t.string "utm_medium" - t.string "utm_campaign" - t.string "utm_term" - t.string "utm_content" - t.datetime "started_at" - t.index ["started_at"], name: "index_ahoy_visits_on_started_at" - t.index ["visit_token"], name: "index_ahoy_visits_on_visit_token", unique: true - t.index ["visitor_token"], name: "index_ahoy_visits_on_visitor_token" - end - - add_foreign_key "ahoy_events", "ahoy_visits", column: "visit_id" -end From 226c9f1926d709977099b25bdc3cf490969fd39a Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 13:21:46 -0500 Subject: [PATCH 04/30] let them do it too --- app/policies/program_policy.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/policies/program_policy.rb b/app/policies/program_policy.rb index 6b49eabe..bb3852f2 100644 --- a/app/policies/program_policy.rb +++ b/app/policies/program_policy.rb @@ -64,7 +64,7 @@ def update_active? end def view_secret? - owner? || admin? + owner? || admin? || collaborator? end def view_api_key? @@ -72,7 +72,7 @@ def view_api_key? end def rotate_credentials? - owner? || admin? + owner? || admin? || collaborator? end def revoke_all_authorizations? From 1247f88781831c1e2377297feaf40d7c2f62128e Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 13:46:03 -0500 Subject: [PATCH 05/30] collab invite model --- ...app_collaborator_invitations_controller.rb | 35 +++++++++++++++++++ .../developer_app_collaborators_controller.rb | 9 +++-- app/controllers/developer_apps_controller.rb | 7 +++- app/models/identity.rb | 10 +++++- app/models/program.rb | 5 +-- app/models/program_collaborator.rb | 29 +++++++++++++-- app/views/developer_apps/index.html.erb | 10 ++++++ app/views/developer_apps/show.html.erb | 13 ++++++- config/locales/en.yml | 14 +++++++- config/routes.rb | 7 ++++ ...001_add_status_to_program_collaborators.rb | 14 ++++++++ ..._null_identity_on_program_collaborators.rb | 8 +++++ db/schema.rb | 8 +++-- spec/factories/program_collaborators.rb | 6 ++++ 14 files changed, 162 insertions(+), 13 deletions(-) create mode 100644 app/controllers/developer_app_collaborator_invitations_controller.rb create mode 100644 db/migrate/20260302000001_add_status_to_program_collaborators.rb create mode 100644 db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb diff --git a/app/controllers/developer_app_collaborator_invitations_controller.rb b/app/controllers/developer_app_collaborator_invitations_controller.rb new file mode 100644 index 00000000..8c907563 --- /dev/null +++ b/app/controllers/developer_app_collaborator_invitations_controller.rb @@ -0,0 +1,35 @@ +class DeveloperAppCollaboratorInvitationsController < ApplicationController + include IdentityAuthorizable + + before_action :set_app + skip_after_action :verify_authorized, only: %i[accept decline] + + # Invitee accepts + def accept + invitation = current_identity.pending_collaboration_invitations.find(params[:id]) + invitation.update!(identity: current_identity) if invitation.identity_id.nil? + invitation.accept! + redirect_to developer_apps_path, notice: t(".success") + end + + # Invitee declines + def decline + invitation = current_identity.pending_collaboration_invitations.find(params[:id]) + invitation.decline! + redirect_to developer_apps_path, notice: t(".success") + end + + # Owner cancels + def cancel + authorize @app, :manage_collaborators? + invitation = @app.program_collaborators.pending.find(params[:id]) + invitation.cancel! + redirect_to developer_app_path(@app), notice: t(".success") + end + + private + + def set_app + @app = Program.find(params[:developer_app_id]) + end +end diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index a9371e34..59fbce8b 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -8,11 +8,14 @@ def create email = params[:email].to_s.strip.downcase - # Anti-enumeration: always return the same generic message regardless of outcome + # Anti-enumeration: always create a pending record regardless of whether + # the identity exists. The owner sees the same "Pending" row either way. identity = Identity.find_by(primary_email: email) - if identity && identity != @app.owner_identity - @app.program_collaborators.find_or_create_by(identity: identity) + unless identity&.id == @app.owner_identity_id + @app.program_collaborators.find_or_create_by(invited_email: email) do |pc| + pc.identity = identity + end end redirect_to developer_app_path(@app), notice: t(".generic_response") diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index cb70899d..777618c7 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -16,12 +16,17 @@ def index end @apps = @apps.page(params[:page]).per(25) + + @pending_invitations = current_identity.pending_collaboration_invitations end def show authorize @app @identities_count = @app.identities.distinct.count - @collaborators = @app.program_collaborators.includes(:identity) if policy(@app).manage_collaborators? + if policy(@app).manage_collaborators? + @collaborators = @app.program_collaborators.accepted.includes(:identity) + @pending_invitations_for_app = @app.program_collaborators.pending + end end def new diff --git a/app/models/identity.rb b/app/models/identity.rb index c12e20b5..845b1a7b 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -84,7 +84,8 @@ def active_for_backend? has_many :owned_developer_apps, class_name: "Program", foreign_key: :owner_identity_id, dependent: :nullify has_many :program_collaborators, dependent: :destroy - has_many :collaborated_programs, through: :program_collaborators, source: :program + has_many :collaborated_programs, -> { merge(ProgramCollaborator.accepted) }, + through: :program_collaborators, source: :program validates :first_name, :last_name, :country, :primary_email, :birthday, presence: true validates :primary_email, uniqueness: { conditions: -> { where(deleted_at: nil) } } @@ -175,6 +176,13 @@ def self.link_slack_account(code, redirect_uri, current_identity) { success: true, slack_id: slack_id } end + def pending_collaboration_invitations + ProgramCollaborator.pending + .where(identity_id: id) + .or(ProgramCollaborator.pending.where(identity_id: nil, invited_email: primary_email)) + .includes(:program) + end + def accessible_developer_apps Program.where(id: owned_developer_apps.select(:id)) .or(Program.where(id: collaborated_programs.select(:id))) diff --git a/app/models/program.rb b/app/models/program.rb index f504bb83..48958602 100644 --- a/app/models/program.rb +++ b/app/models/program.rb @@ -44,7 +44,8 @@ class Program < ApplicationRecord has_many :organizers, through: :organizer_positions, source: :backend_user, class_name: "Backend::User" has_many :program_collaborators, dependent: :destroy - has_many :collaborator_identities, through: :program_collaborators, source: :identity + has_many :collaborator_identities, -> { merge(ProgramCollaborator.accepted) }, + through: :program_collaborators, source: :identity belongs_to :owner_identity, class_name: "Identity", optional: true @@ -100,7 +101,7 @@ def onboarding_scenario_instance(identity = nil) def collaborator?(identity) return false unless identity - program_collaborators.exists?(identity: identity) + program_collaborators.accepted.exists?(identity: identity) end def accessible_by?(identity) diff --git a/app/models/program_collaborator.rb b/app/models/program_collaborator.rb index 6490de55..3541d58d 100644 --- a/app/models/program_collaborator.rb +++ b/app/models/program_collaborator.rb @@ -1,8 +1,33 @@ # frozen_string_literal: true class ProgramCollaborator < ApplicationRecord + include AASM + belongs_to :program - belongs_to :identity + belongs_to :identity, optional: true + + validates :invited_email, presence: true + validates :invited_email, uniqueness: { scope: :program_id, conditions: -> { visible } } + validates :identity_id, uniqueness: { scope: :program_id }, allow_nil: true + + scope :visible, -> { where(status: %w[pending accepted]) } + + aasm column: :status, timestamps: true do + state :pending, initial: true + state :accepted + state :declined + state :cancelled + + event :accept do + transitions from: :pending, to: :accepted + end + + event :decline do + transitions from: :pending, to: :declined + end - validates :identity_id, uniqueness: { scope: :program_id } + event :cancel do + transitions from: :pending, to: :cancelled + end + end end diff --git a/app/views/developer_apps/index.html.erb b/app/views/developer_apps/index.html.erb index 3f0a0607..633102ba 100644 --- a/app/views/developer_apps/index.html.erb +++ b/app/views/developer_apps/index.html.erb @@ -6,6 +6,16 @@ +<% if @pending_invitations.any? %> + <% @pending_invitations.each do |invitation| %> + <%= render Components::Banner.new(kind: :info) do %> + <%= t(".invitation_banner", app_name: invitation.program.name) %> + <%= button_to t(".accept_invitation"), accept_developer_app_collaborator_invite_path(invitation.program, invitation), method: :post, class: "small-btn" %> + <%= button_to t(".decline_invitation"), decline_developer_app_collaborator_invite_path(invitation.program, invitation), method: :post, class: "small-btn danger" %> + <% end %> + <% end %> +<% end %> +
<% if admin? %>
diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index 173c7e44..2066197a 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -131,7 +131,6 @@ <% @collaborators.each do |collab| %>
- <%= collab.identity.full_name %> <%= collab.identity.primary_email %>
<%= button_to t(".remove_collaborator"), developer_app_collaborator_path(@app, collab), method: :delete, class: "danger small-btn", @@ -141,6 +140,18 @@ <% else %>

<%= t(".no_collaborators") %>

<% end %> + + <% if @pending_invitations_for_app.any? %> + <% @pending_invitations_for_app.each do |inv| %> +
+
+ <%= inv.invited_email %> + <%= t(".pending_badge") %> +
+ <%= button_to t(".cancel_invitation"), cancel_developer_app_collaborator_invite_path(@app, inv), method: :post, class: "danger small-btn" %> +
+ <% end %> + <% end %>

<%= t(".add_collaborator") %>

diff --git a/config/locales/en.yml b/config/locales/en.yml index 1e4bfd07..53dd89c0 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -165,6 +165,9 @@ en: search_placeholder: Search by app name... search_button: Search clear_filters: Clear + invitation_banner: "You've been invited to collaborate on %{app_name}." + accept_invitation: Accept + decline_invitation: Decline results_count: one: "1 app" other: "%{count} apps" @@ -206,6 +209,8 @@ en: add_button: Add remove_collaborator: Remove remove_collaborator_confirm: Remove this collaborator? + pending_badge: Pending + cancel_invitation: Cancel Invitation edit_app: Edit App delete_app: Delete App delete_confirm: Are you sure you want to delete this app? This action cannot be undone and will revoke all existing tokens. @@ -273,9 +278,16 @@ en: not_found: OAuth app not found. developer_app_collaborators: create: - generic_response: "If an account with this email exists, they've been added as a collaborator." + generic_response: "If an account with this email exists, they'll receive an invitation to collaborate." destroy: success: Collaborator removed. + developer_app_collaborator_invitations: + accept: + success: "You are now a collaborator on this app." + decline: + success: "Invitation declined." + cancel: + success: "Invitation cancelled." addresses: first_name: First name last_name: Last name diff --git a/config/routes.rb b/config/routes.rb index b6f60636..fa444060 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -364,6 +364,13 @@ def self.matches?(request) end resources :collaborators, only: [ :create, :destroy ], controller: "developer_app_collaborators" + resources :collaborator_invites, only: [], controller: "developer_app_collaborator_invitations" do + member do + post :accept + post :decline + post :cancel + end + end end diff --git a/db/migrate/20260302000001_add_status_to_program_collaborators.rb b/db/migrate/20260302000001_add_status_to_program_collaborators.rb new file mode 100644 index 00000000..08de67d7 --- /dev/null +++ b/db/migrate/20260302000001_add_status_to_program_collaborators.rb @@ -0,0 +1,14 @@ +class AddStatusToProgramCollaborators < ActiveRecord::Migration[8.0] + def change + add_column :program_collaborators, :status, :string, default: "pending", null: false + add_column :program_collaborators, :accepted_at, :datetime + add_column :program_collaborators, :invited_email, :string + + # Backfill existing rows as accepted + reversible do |dir| + dir.up do + ProgramCollaborator.update_all(status: "accepted", accepted_at: Time.current) + end + end + end +end diff --git a/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb b/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb new file mode 100644 index 00000000..cbc89904 --- /dev/null +++ b/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb @@ -0,0 +1,8 @@ +class AllowNullIdentityOnProgramCollaborators < ActiveRecord::Migration[8.0] + def change + change_column_null :program_collaborators, :identity_id, true + add_index :program_collaborators, [:program_id, :invited_email], unique: true, + where: "status IN ('pending', 'accepted')", + name: "idx_program_collabs_on_program_email_visible" + end +end diff --git a/db/schema.rb b/db/schema.rb index cab71e3f..25bf43c6 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2026_02_26_200001) do +ActiveRecord::Schema[8.0].define(version: 2026_03_02_000002) do # These are extensions that must be enabled in order to support this database enable_extension "pg_catalog.plpgsql" enable_extension "pgcrypto" @@ -529,11 +529,15 @@ create_table "program_collaborators", force: :cascade do |t| t.bigint "program_id", null: false - t.bigint "identity_id", null: false + t.bigint "identity_id" t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.string "status", default: "pending", null: false + t.datetime "accepted_at" + t.string "invited_email" t.index ["identity_id"], name: "index_program_collaborators_on_identity_id" t.index ["program_id", "identity_id"], name: "index_program_collaborators_on_program_id_and_identity_id", unique: true + t.index ["program_id", "invited_email"], name: "idx_program_collabs_on_program_email_visible", unique: true, where: "((status)::text = ANY ((ARRAY['pending'::character varying, 'accepted'::character varying])::text[]))" t.index ["program_id"], name: "index_program_collaborators_on_program_id" end diff --git a/spec/factories/program_collaborators.rb b/spec/factories/program_collaborators.rb index de6829be..09066601 100644 --- a/spec/factories/program_collaborators.rb +++ b/spec/factories/program_collaborators.rb @@ -2,5 +2,11 @@ factory :program_collaborator do association :program association :identity + invited_email { identity.primary_email } + + trait :accepted do + status { "accepted" } + accepted_at { Time.current } + end end end From e075f8cb06324115f32178e8796169ace05d4b4b Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 13:58:53 -0500 Subject: [PATCH 06/30] better visuals on progman --- .../stylesheets/snippets/banners.scss | 20 ++++++++++ .../stylesheets/snippets/developer_apps.scss | 22 ++++------- .../stylesheets/snippets/email_changes.scss | 6 +-- .../stylesheets/snippets/skeumorphic.scss | 39 +++++++++++++++++++ app/views/developer_apps/index.html.erb | 12 ++++-- app/views/developer_apps/show.html.erb | 38 +++++++++++------- config/locales/en.yml | 1 + 7 files changed, 102 insertions(+), 36 deletions(-) diff --git a/app/frontend/stylesheets/snippets/banners.scss b/app/frontend/stylesheets/snippets/banners.scss index e9b2d318..b30ed734 100644 --- a/app/frontend/stylesheets/snippets/banners.scss +++ b/app/frontend/stylesheets/snippets/banners.scss @@ -85,4 +85,24 @@ &.purple { @include banner-purple; } +} + +.banner-actions { + display: flex; + gap: 0.75rem; + flex-shrink: 0; + margin-left: auto; + form { display: inline; } + + @media (max-width: 768px) { + margin-left: 0; + margin-top: 0.75rem; + } +} + +.banner:has(.banner-actions) > .grow { + display: flex; + align-items: center; + gap: 1rem; + flex-wrap: wrap; } \ No newline at end of file diff --git a/app/frontend/stylesheets/snippets/developer_apps.scss b/app/frontend/stylesheets/snippets/developer_apps.scss index 8fad87be..cd07f64c 100644 --- a/app/frontend/stylesheets/snippets/developer_apps.scss +++ b/app/frontend/stylesheets/snippets/developer_apps.scss @@ -167,17 +167,15 @@ a.button-secondary, .add-collaborator { margin-top: $space-4; .add-collaborator-label { - font-size: 0.8rem; - font-weight: 600; - color: var(--pico-muted-color); - text-transform: uppercase; - letter-spacing: 0.04em; - margin: 0 0 $space-2; + @extend .label-upper; + margin-bottom: $space-2; } form { display: flex; gap: $space-2; - input[type="email"] { flex: 1; } + align-items: center; + input[type="email"] { flex: 1; margin: 0; } + button { padding-block: var(--pico-form-element-spacing-vertical); line-height: normal; margin: 0; } } } @@ -193,7 +191,7 @@ a.button-secondary, padding: 0.5rem 0; border-bottom: 1px solid var(--pico-card-border-color); &:last-child { border-bottom: none; } - .meta-label { font-size: 0.8rem; font-weight: 600; color: var(--pico-muted-color); text-transform: uppercase; letter-spacing: 0.04em; } + .meta-label { @extend .label-upper; } .meta-value { font-size: 0.9375rem; } } @@ -203,7 +201,7 @@ a.button-secondary, border-bottom: 1px solid var(--pico-card-border-color); &:first-of-type { margin-top: $space-3; } &:last-of-type { border-bottom: none; padding-bottom: 0; } - label { font-size: 0.75rem; font-weight: 600; color: var(--pico-muted-color); text-transform: uppercase; letter-spacing: 0.05em; display: block; margin-bottom: 0.3rem; } + label { @extend .label-upper; display: block; margin-bottom: 0.3rem; } input[readonly] { font-family: $font-mono; font-size: 0.9rem; background: transparent; border: none; padding: 0; @@ -259,11 +257,7 @@ a.button-secondary, } .locked-scopes-label { - font-size: 0.8rem; - font-weight: 600; - color: var(--pico-muted-color); - text-transform: uppercase; - letter-spacing: 0.04em; + @extend .label-upper; margin: $space-3 0 $space-2; } diff --git a/app/frontend/stylesheets/snippets/email_changes.scss b/app/frontend/stylesheets/snippets/email_changes.scss index e8687bf9..05f462c3 100644 --- a/app/frontend/stylesheets/snippets/email_changes.scss +++ b/app/frontend/stylesheets/snippets/email_changes.scss @@ -21,11 +21,7 @@ } } .email-label { - font-size: 0.75rem; - font-weight: 600; - text-transform: uppercase; - letter-spacing: 0.05em; - color: var(--text-muted-strong); + @extend .label-upper; margin-bottom: 0.25rem; } .email-item { diff --git a/app/frontend/stylesheets/snippets/skeumorphic.scss b/app/frontend/stylesheets/snippets/skeumorphic.scss index 9ff728e7..b4c32e7c 100644 --- a/app/frontend/stylesheets/snippets/skeumorphic.scss +++ b/app/frontend/stylesheets/snippets/skeumorphic.scss @@ -209,6 +209,45 @@ color: $fg; } +// Generic uppercase muted label — section dividers, field labels, meta labels +.label-upper { + font-size: 0.8rem; + font-weight: 600; + color: var(--text-muted-strong); + text-transform: uppercase; + letter-spacing: 0.04em; + margin: 0; +} + +.badge { + @include badge(var(--surface-2), var(--text-muted-strong)); + border: 1px solid var(--surface-2-border); + + &.success { + background: var(--success-bg); + color: var(--success-fg-strong); + border-color: var(--success-border); + } + + &.warning, &.pending { + background: var(--warning-bg); + color: var(--warning-fg-strong); + border-color: var(--warning-border); + } + + &.info { + background: var(--info-bg); + color: var(--info-fg-strong); + border-color: var(--info-border); + } + + &.danger { + background: var(--error-bg); + color: var(--error-fg-strong); + border-color: var(--error-border); + } +} + @mixin page-title($size: 1.25rem, $mb: 1.25rem) { font-size: $size; font-weight: 600; diff --git a/app/views/developer_apps/index.html.erb b/app/views/developer_apps/index.html.erb index 633102ba..4642d984 100644 --- a/app/views/developer_apps/index.html.erb +++ b/app/views/developer_apps/index.html.erb @@ -9,9 +9,15 @@ <% if @pending_invitations.any? %> <% @pending_invitations.each do |invitation| %> <%= render Components::Banner.new(kind: :info) do %> - <%= t(".invitation_banner", app_name: invitation.program.name) %> - <%= button_to t(".accept_invitation"), accept_developer_app_collaborator_invite_path(invitation.program, invitation), method: :post, class: "small-btn" %> - <%= button_to t(".decline_invitation"), decline_developer_app_collaborator_invite_path(invitation.program, invitation), method: :post, class: "small-btn danger" %> + <%= t(".invitation_banner", app_name: invitation.program.name) %> + <% end %> <% end %> <% end %> diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index 2066197a..7be9a624 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -130,34 +130,44 @@ <% if @collaborators.any? %> <% @collaborators.each do |collab| %>
-
- <%= collab.identity.primary_email %> -
- <%= button_to t(".remove_collaborator"), developer_app_collaborator_path(@app, collab), method: :delete, class: "danger small-btn", + <%= collab.identity.primary_email %> + <%= button_to t(".remove_collaborator"), + developer_app_collaborator_path(@app, collab), + method: :delete, class: "danger small-btn", form: { onsubmit: "return confirm('#{j t('.remove_collaborator_confirm')}')" } %>
<% end %> <% else %> -

<%= t(".no_collaborators") %>

+ <% unless @pending_invitations_for_app.any? %> +

<%= t(".no_collaborators") %>

+ <% end %> <% end %> +
- <% if @pending_invitations_for_app.any? %> + <% if @pending_invitations_for_app.any? %> +

+ <%= t(".pending_invitations_heading") %> +

+
<% @pending_invitations_for_app.each do |inv| %>
-
- <%= inv.invited_email %> - <%= t(".pending_badge") %> +
+ <%= inv.invited_email %> + <%= t(".pending_badge") %>
- <%= button_to t(".cancel_invitation"), cancel_developer_app_collaborator_invite_path(@app, inv), method: :post, class: "danger small-btn" %> + <%= button_to t(".cancel_invitation"), + cancel_developer_app_collaborator_invite_path(@app, inv), + method: :post, class: "secondary small-btn" %>
<% end %> - <% end %> -
+
+ <% end %> +
-

<%= t(".add_collaborator") %>

+

<%= t(".add_collaborator") %>

<%= form_with url: developer_app_collaborators_path(@app), method: :post, local: true do |f| %> <%= email_field_tag :email, nil, placeholder: t(".collaborator_email_placeholder"), required: true %> - + <% end %>
diff --git a/config/locales/en.yml b/config/locales/en.yml index 53dd89c0..c5cd88e8 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -211,6 +211,7 @@ en: remove_collaborator_confirm: Remove this collaborator? pending_badge: Pending cancel_invitation: Cancel Invitation + pending_invitations_heading: Pending Invitations edit_app: Edit App delete_app: Delete App delete_confirm: Are you sure you want to delete this app? This action cannot be undone and will revoke all existing tokens. From 848ead1fc4fab8116a0e4ecc2cb5c7c1b9d75897 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 14:05:31 -0500 Subject: [PATCH 07/30] waow --- .../stylesheets/snippets/developer_apps.scss | 24 ++++++++++--------- app/views/developer_apps/show.html.erb | 21 +++++++++------- config/locales/en.yml | 4 ++-- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/app/frontend/stylesheets/snippets/developer_apps.scss b/app/frontend/stylesheets/snippets/developer_apps.scss index cd07f64c..7e6a253c 100644 --- a/app/frontend/stylesheets/snippets/developer_apps.scss +++ b/app/frontend/stylesheets/snippets/developer_apps.scss @@ -143,10 +143,7 @@ a.button-secondary, gap: $space-2; align-items: center; margin-bottom: $space-2; - input[readonly] { - font-family: $font-mono; - font-size: 0.9rem; - } + .button-secondary { margin: 0; } } // Collaborator list in show page @@ -195,18 +192,24 @@ a.button-secondary, .meta-value { font-size: 0.9375rem; } } -// Credential rows — divider-separated, no nested boxes +// Credential rows — divider-separated .credential-block { padding: $space-3 0; border-bottom: 1px solid var(--pico-card-border-color); &:first-of-type { margin-top: $space-3; } &:last-of-type { border-bottom: none; padding-bottom: 0; } label { @extend .label-upper; display: block; margin-bottom: 0.3rem; } - input[readonly] { - font-family: $font-mono; font-size: 0.9rem; - background: transparent; border: none; padding: 0; - cursor: pointer; box-shadow: none; margin: 0; width: 100%; - color: var(--pico-color); +} + +.credential-value { + font-family: $font-mono; + font-size: 0.875rem; + color: var(--pico-color); + word-break: break-all; + cursor: pointer; + &.credential-masked { + color: var(--pico-muted-color); + letter-spacing: 0.1em; } } @@ -215,7 +218,6 @@ a.button-secondary, align-items: center; gap: $space-2; .pointer { flex: 1; min-width: 0; } - input[readonly] { width: 100%; } button { flex-shrink: 0; } } diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index 7be9a624..d2faf1fd 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -78,28 +78,30 @@
<%= copy_to_clipboard @app.uid, label: t(".click_to_copy_client_id") do %> - <%= text_field_tag :client_id, @app.uid, readonly: true, autocomplete: "off" %> + <%= @app.uid %> <% end %>
<% if policy(@app).view_secret? %> -
+
<%= copy_to_clipboard @app.secret, label: t(".click_to_copy_client_secret") do %> - + <%= @app.secret %> + [hidden] <% end %> - +
<% end %> <% if policy(@app).view_api_key? %> -
+
<%= copy_to_clipboard @app.program_key, label: t(".click_to_copy_api_key") do %> - + <%= @app.program_key %> + [hidden] <% end %> - +
<% end %> @@ -111,14 +113,15 @@
<% @app.redirect_uri.split.each do |uri| %>
- <%= text_field_tag "redirect_uri_#{uri.hash}", uri, readonly: true, autocomplete: "off" %> + <%= copy_to_clipboard uri, label: t(".click_to_copy_redirect_uri") do %> + <%= uri %> + <% end %> <%= link_to oauth_authorization_path(client_id: @app.uid, redirect_uri: uri, response_type: 'code', scope: @app.scopes), class: "button-secondary small-btn", target: "_blank" do %> <%= t(".test_auth") %> <%= inline_icon("external", size: 14) %> <% end %>
<% end %> - <%= t ".auth_link_hint" %>
diff --git a/config/locales/en.yml b/config/locales/en.yml index c5cd88e8..f0a8c054 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -197,11 +197,11 @@ en: click_to_copy_client_secret: click to copy client secret reveal: Reveal hide: Hide - api_key: API Key + api_key: prgmK click_to_copy_api_key: click to copy API key redirect_uris: Redirect URIs test_auth: Test Auth - auth_link_hint: Right click auth links to copy URL + click_to_copy_redirect_uri: click to copy redirect URI collaborators: Collaborators no_collaborators: No collaborators yet. add_collaborator: Add a collaborator From 208b855480016563d45f7bbdfaa9407b7f3903f5 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 14:06:36 -0500 Subject: [PATCH 08/30] danger will robinson --- app/frontend/stylesheets/snippets/developer_apps.scss | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/frontend/stylesheets/snippets/developer_apps.scss b/app/frontend/stylesheets/snippets/developer_apps.scss index 7e6a253c..822df71d 100644 --- a/app/frontend/stylesheets/snippets/developer_apps.scss +++ b/app/frontend/stylesheets/snippets/developer_apps.scss @@ -225,6 +225,10 @@ a.button-secondary, .danger-card { border-color: var(--error-border) !important; h4 { color: var(--error-fg); font-size: 1rem; margin: 0 0 $space-3 0; } + display: flex; + flex-direction: column; + gap: $space-2; + form { display: contents; } } // Thin search strip (replaces heavy section-card for admin search) From ad28b17c4d586ff5996ce5c4a3166711ae89b6e5 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 14:48:26 -0500 Subject: [PATCH 09/30] show apps on backend & link user --- .../backend/identities_controller.rb | 3 ++ app/views/backend/identities/show.html.erb | 33 +++++++++++++++++++ app/views/developer_apps/show.html.erb | 10 ++++-- 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/app/controllers/backend/identities_controller.rb b/app/controllers/backend/identities_controller.rb index 7e2d919c..35530e75 100644 --- a/app/controllers/backend/identities_controller.rb +++ b/app/controllers/backend/identities_controller.rb @@ -53,6 +53,9 @@ def show @all_programs = @identity.all_programs.distinct + @owned_apps = @identity.owned_developer_apps + @collaborated_apps = @identity.collaborated_programs + verification_ids = @identity.verifications.pluck(:id) document_ids = @identity.documents.pluck(:id) break_glass_record_ids = BreakGlassRecord.where(break_glassable_type: "Identity::Document", break_glassable_id: document_ids).pluck(:id) diff --git a/app/views/backend/identities/show.html.erb b/app/views/backend/identities/show.html.erb index 84b0ecc5..150c5b65 100644 --- a/app/views/backend/identities/show.html.erb +++ b/app/views/backend/identities/show.html.erb @@ -156,6 +156,39 @@ <% end %>
+
+

developed apps

+
+ <% if @owned_apps.any? || @collaborated_apps.any? %> +
+ + + + + + + + + <% @owned_apps.each do |app| %> + + + + + <% end %> + <% @collaborated_apps.each do |app| %> + + + + + <% end %> + +
approle
<%= link_to app.name, developer_app_path(app) %> <%= app.trust_level.to_s.titleize %>owner
<%= link_to app.name, developer_app_path(app) %> <%= app.trust_level.to_s.titleize %>collaborator
+
+ <% else %> +
no developer apps
+ <% end %> +
+

audit log

diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index d2faf1fd..294c3c32 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -17,7 +17,7 @@ <% if admin? && @app.owner_identity %>
<%= t(".owner") %> - <%= @app.owner_identity.full_name %> + <%= link_to @app.owner_identity.full_name, backend_identity_path(@app.owner_identity) %>
<% end %>
@@ -133,7 +133,13 @@ <% if @collaborators.any? %> <% @collaborators.each do |collab| %>
- <%= collab.identity.primary_email %> + + <% if admin? %> + <%= link_to collab.identity.primary_email, backend_identity_path(collab.identity) %> + <% else %> + <%= collab.identity.primary_email %> + <% end %> + <%= button_to t(".remove_collaborator"), developer_app_collaborator_path(@app, collab), method: :delete, class: "danger small-btn", From 4a4ae44f17d227ad041698957a1eeb0d0f95aa93 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:24:12 -0500 Subject: [PATCH 10/30] first pass on app auditability! --- app/components/identity_mention.rb | 37 ++++++++++++ app/components/public_activity/snippet.rb | 25 ++++---- ...app_collaborator_invitations_controller.rb | 4 ++ .../developer_app_collaborators_controller.rb | 3 + app/controllers/developer_apps_controller.rb | 12 ++++ .../stylesheets/snippets/developer_apps.scss | 41 +++++++++++++ app/models/concerns/auditable.rb | 58 ++++++++++++++++++ app/models/program.rb | 23 ++++++- app/views/developer_apps/show.html.erb | 10 +++- .../public_activity/program/_change.html.erb | 60 +++++++++++++++++++ .../program/_collaborator_accepted.html.erb | 3 + .../program/_collaborator_cancelled.html.erb | 7 +++ .../program/_collaborator_declined.html.erb | 3 + .../program/_collaborator_invited.html.erb | 7 +++ .../program/_collaborator_removed.html.erb | 7 +++ .../public_activity/program/_create.html.erb | 4 +- .../public_activity/program/_destroy.html.erb | 4 +- .../_revoke_all_authorizations.html.erb | 3 + .../program/_rotate_credentials.html.erb | 3 + .../public_activity/program/_update.html.erb | 4 +- config/locales/en.yml | 2 + 21 files changed, 302 insertions(+), 18 deletions(-) create mode 100644 app/components/identity_mention.rb create mode 100644 app/models/concerns/auditable.rb create mode 100644 app/views/public_activity/program/_change.html.erb create mode 100644 app/views/public_activity/program/_collaborator_accepted.html.erb create mode 100644 app/views/public_activity/program/_collaborator_cancelled.html.erb create mode 100644 app/views/public_activity/program/_collaborator_declined.html.erb create mode 100644 app/views/public_activity/program/_collaborator_invited.html.erb create mode 100644 app/views/public_activity/program/_collaborator_removed.html.erb create mode 100644 app/views/public_activity/program/_revoke_all_authorizations.html.erb create mode 100644 app/views/public_activity/program/_rotate_credentials.html.erb diff --git a/app/components/identity_mention.rb b/app/components/identity_mention.rb new file mode 100644 index 00000000..9760a140 --- /dev/null +++ b/app/components/identity_mention.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +class Components::IdentityMention < Components::Base + register_value_helper :current_identity + + def initialize(identity) + @identity = identity + end + + def view_template + if @identity.nil? + i { "System" } + return + end + + span(class: "identity-mention") do + plain display_name + + if @identity.backend_user + plain " " + abbr(title: "#{@identity.first_name} #{@identity.last_name} is an admin") { "⚡" } + end + end + end + + private + + def display_name + if @identity == current_identity + "You" + elsif current_identity&.backend_user + "#{@identity.first_name} #{@identity.last_name}" + else + @identity.first_name + end + end +end diff --git a/app/components/public_activity/snippet.rb b/app/components/public_activity/snippet.rb index b5d9acaf..9a0f7bf6 100644 --- a/app/components/public_activity/snippet.rb +++ b/app/components/public_activity/snippet.rb @@ -1,24 +1,29 @@ # frozen_string_literal: true class Components::PublicActivity::Snippet < Components::Base - def initialize(activity, owner: nil) + def initialize(activity, owner: nil, owner_component: nil) @activity = activity @owner = owner + @owner_component = owner_component end def view_template tr do td do - owner = @owner || @activity.owner - - if owner.nil? - i { "System" } - elsif owner.is_a?(::Backend::User) - render Components::UserMention.new(owner) - elsif owner.is_a?(::Identity) - render Components::UserMention.new(owner) + if @owner_component + render @owner_component else - render owner + owner = @owner || @activity.owner + + if owner.nil? + i { "System" } + elsif owner.is_a?(::Backend::User) + render Components::UserMention.new(owner) + elsif owner.is_a?(::Identity) + render Components::UserMention.new(owner) + else + render owner + end end end td { yield } diff --git a/app/controllers/developer_app_collaborator_invitations_controller.rb b/app/controllers/developer_app_collaborator_invitations_controller.rb index 8c907563..ddc5a406 100644 --- a/app/controllers/developer_app_collaborator_invitations_controller.rb +++ b/app/controllers/developer_app_collaborator_invitations_controller.rb @@ -9,6 +9,7 @@ def accept invitation = current_identity.pending_collaboration_invitations.find(params[:id]) invitation.update!(identity: current_identity) if invitation.identity_id.nil? invitation.accept! + @app.create_activity :collaborator_accepted, owner: current_identity redirect_to developer_apps_path, notice: t(".success") end @@ -16,6 +17,7 @@ def accept def decline invitation = current_identity.pending_collaboration_invitations.find(params[:id]) invitation.decline! + @app.create_activity :collaborator_declined, owner: current_identity redirect_to developer_apps_path, notice: t(".success") end @@ -23,7 +25,9 @@ def decline def cancel authorize @app, :manage_collaborators? invitation = @app.program_collaborators.pending.find(params[:id]) + email = invitation.invited_email invitation.cancel! + @app.create_activity :collaborator_cancelled, owner: current_identity, parameters: { cancelled_email: email } redirect_to developer_app_path(@app), notice: t(".success") end diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index 59fbce8b..2fea969e 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -16,6 +16,7 @@ def create @app.program_collaborators.find_or_create_by(invited_email: email) do |pc| pc.identity = identity end + @app.create_activity :collaborator_invited, owner: current_identity, parameters: { invited_email: email } end redirect_to developer_app_path(@app), notice: t(".generic_response") @@ -25,7 +26,9 @@ def destroy authorize @app, :manage_collaborators? collaborator = @app.program_collaborators.find(params[:id]) + email = collaborator.invited_email collaborator.destroy + @app.create_activity :collaborator_removed, owner: current_identity, parameters: { removed_email: email } redirect_to developer_app_path(@app), notice: t(".success") rescue ActiveRecord::RecordNotFound diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index 777618c7..7c8ca981 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -27,6 +27,11 @@ def show @collaborators = @app.program_collaborators.accepted.includes(:identity) @pending_invitations_for_app = @app.program_collaborators.pending end + @activities = PublicActivity::Activity + .where(trackable: @app) + .includes(:owner) + .order(created_at: :desc) + .limit(50) end def new @@ -60,6 +65,7 @@ def edit def update authorize @app + snapshot = @app.audit_snapshot existing_scopes = @app.scopes_array.dup @app.assign_attributes(app_params_for_identity) @@ -67,6 +73,10 @@ def update enforce_allowed_scopes!(@app, existing_scopes: existing_scopes) if @app.save + changes = @app.audit_diff(snapshot) + if changes.any? + @app.create_activity :change, owner: current_identity, parameters: { changes: changes } + end redirect_to developer_app_path(@app), notice: t(".success") else render :edit, status: :unprocessable_entity @@ -84,6 +94,7 @@ def destroy def rotate_credentials authorize @app @app.rotate_credentials! + @app.create_activity :rotate_credentials, owner: current_identity redirect_to developer_app_path(@app), notice: t(".rotate_credentials.success") end @@ -93,6 +104,7 @@ def revoke_all_authorizations PaperTrail.request.whodunnit = current_identity.id.to_s @app.paper_trail_event = "revoke_all_authorizations" @app.paper_trail.save_with_version + @app.create_activity :revoke_all_authorizations, owner: current_identity, parameters: { count: count } redirect_to developer_app_path(@app), notice: t(".revoke_all_authorizations.success", count: count) end diff --git a/app/frontend/stylesheets/snippets/developer_apps.scss b/app/frontend/stylesheets/snippets/developer_apps.scss index 822df71d..366b1e4e 100644 --- a/app/frontend/stylesheets/snippets/developer_apps.scss +++ b/app/frontend/stylesheets/snippets/developer_apps.scss @@ -283,6 +283,47 @@ a.button-secondary, button { margin-left: auto; flex-shrink: 0; } } +// Activity log table (frontend equivalent of backend table styles) +.dev-panel-main .table-container { + overflow-x: auto; + + table { + width: 100%; + border-collapse: collapse; + font-size: 0.875rem; + + th { + text-align: left; + font-size: 0.75rem; + text-transform: uppercase; + letter-spacing: 0.04em; + color: var(--pico-muted-color); + padding: $space-2 $space-3; + border-bottom: 2px solid var(--pico-muted-border-color); + } + + td { + padding: $space-2 $space-3; + border-bottom: 1px solid var(--pico-muted-border-color); + vertical-align: top; + } + + tr:hover td { + background: var(--pico-card-background-color); + } + } +} + +// Identity mention — inline actor display for frontend +.identity-mention { + font-weight: 600; + white-space: nowrap; + abbr { + text-decoration: none; + cursor: help; + } +} + // Compact app list for index .app-list { display: flex; diff --git a/app/models/concerns/auditable.rb b/app/models/concerns/auditable.rb new file mode 100644 index 00000000..b4ce9240 --- /dev/null +++ b/app/models/concerns/auditable.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +module Auditable + extend ActiveSupport::Concern + + included do + class_attribute :auditable_fields, default: {} + end + + class_methods do + # Declare fields to track. Types: :scalar (default), :array, :boolean + # label: human-readable name for the field + # transform: optional lambda to format values for display + def audit_field(name, type: :scalar, label: nil, transform: nil) + self.auditable_fields = auditable_fields.merge( + name => { type: type, label: label || name.to_s.humanize, transform: transform } + ) + end + end + + # Snapshot current values for declared fields + def audit_snapshot + auditable_fields.each_with_object({}) do |(name, _config), hash| + val = send(name) + hash[name] = val.is_a?(Array) ? val.dup : val + end + end + + # Compute structured diff between snapshot and current state + def audit_diff(snapshot) + changes = {} + auditable_fields.each do |name, config| + old_val = snapshot[name] + new_val = send(name) + + case config[:type] + when :array + old_arr = Array(old_val) + new_arr = Array(new_val) + added = new_arr - old_arr + removed = old_arr - new_arr + next if added.empty? && removed.empty? + changes[name] = { added: added, removed: removed } + when :boolean + next if old_val == new_val + changes[name] = { from: old_val, to: new_val } + else # :scalar + next if old_val == new_val + transform = config[:transform] + changes[name] = { + from: transform&.call(old_val) || old_val, + to: transform&.call(new_val) || new_val + } + end + end + changes + end +end diff --git a/app/models/program.rb b/app/models/program.rb index 48958602..de2fbe6a 100644 --- a/app/models/program.rb +++ b/app/models/program.rb @@ -24,7 +24,24 @@ class Program < ApplicationRecord self.table_name = "oauth_applications" include PublicActivity::Model - tracked owner: ->(controller, model) { model.owner_identity }, recipient: ->(controller, model) { model.owner_identity }, only: [ :create, :update, :destroy ] + tracked owner: ->(controller, _model) { controller&.user_for_public_activity }, only: [ :create ] + + include Auditable + + audit_field :name, label: "app name" + audit_field :trust_level, transform: ->(v) { v.to_s.titleize } + audit_field :scopes_array, type: :array, label: "scopes" + audit_field :redirect_uris, type: :array, label: "redirect URIs" + audit_field :active, type: :boolean + audit_field :onboarding_scenario, transform: ->(v) { v&.titleize } + + COLLABORATOR_ACTIVITY_KEYS = %w[ + program.collaborator_invited + program.collaborator_removed + program.collaborator_accepted + program.collaborator_declined + program.collaborator_cancelled + ].freeze has_paper_trail @@ -86,6 +103,10 @@ def scopes_array=(array) self.scopes = Doorkeeper::OAuth::Scopes.from_array(Array(array).reject(&:blank?)).to_s end + def redirect_uris + redirect_uri.to_s.split + end + def has_scope?(scope_name) = scopes.include?(scope_name.to_s) def authorized_for_identity?(identity) = authorized_tokens.exists?(resource_owner: identity) diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index 294c3c32..05016be7 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -182,6 +182,14 @@ <% end %> - <%# Trust level is now managed through the edit form %> + <%# Activity Log %> +
+

<%= t(".activity_log") %>

+ <% if @activities.any? %> + <%= render Components::PublicActivity::Container.new(@activities) %> + <% else %> +

<%= t(".no_activity") %>

+ <% end %> +
diff --git a/app/views/public_activity/program/_change.html.erb b/app/views/public_activity/program/_change.html.erb new file mode 100644 index 00000000..f140b971 --- /dev/null +++ b/app/views/public_activity/program/_change.html.erb @@ -0,0 +1,60 @@ +<% + changes = activity.parameters[:changes] || activity.parameters["changes"] + phrases = [] + + if changes.present? + changes.each do |field, diff| + field = field.to_s + diff = diff.symbolize_keys if diff.respond_to?(:symbolize_keys) + + case field + when "trust_level" + if diff[:to].to_s.downcase.gsub(" ", "_") == "hq_official" + phrases << "marked this app as HQ Official" + else + phrases << "changed trust level to #{ERB::Util.html_escape(diff[:to])}" + end + when "name" + phrases << "renamed app from #{ERB::Util.html_escape(diff[:from])} to #{ERB::Util.html_escape(diff[:to])}" + when "active" + if diff[:to] == true || diff[:to] == "true" + phrases << "reactivated this app" + else + phrases << "deactivated this app" + end + when "scopes_array" + added = Array(diff[:added]) + removed = Array(diff[:removed]) + if added.any? + phrases << "added scopes: #{added.map { |s| ERB::Util.html_escape(s) }.join(', ')}" + end + if removed.any? + phrases << "removed scopes: #{removed.map { |s| ERB::Util.html_escape(s) }.join(', ')}" + end + when "redirect_uris" + added = Array(diff[:added]) + removed = Array(diff[:removed]) + if added.any? + tooltip = added.map { |u| ERB::Util.html_escape(u) }.join("\n") + phrases << "added #{added.size} redirect #{added.size == 1 ? 'URI' : 'URIs'}" + end + if removed.any? + tooltip = removed.map { |u| ERB::Util.html_escape(u) }.join("\n") + phrases << "removed #{removed.size} redirect #{removed.size == 1 ? 'URI' : 'URIs'}" + end + when "onboarding_scenario" + if diff[:to].present? + phrases << "changed onboarding scenario to #{ERB::Util.html_escape(diff[:to])}" + else + phrases << "removed onboarding scenario" + end + end + end + end + + phrases << "updated app settings" if phrases.empty? +%> + +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + <%= safe_join(phrases.map(&:html_safe), "; ") %>. +<% end %> diff --git a/app/views/public_activity/program/_collaborator_accepted.html.erb b/app/views/public_activity/program/_collaborator_accepted.html.erb new file mode 100644 index 00000000..0207b06c --- /dev/null +++ b/app/views/public_activity/program/_collaborator_accepted.html.erb @@ -0,0 +1,3 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + accepted the collaboration invitation. +<% end %> diff --git a/app/views/public_activity/program/_collaborator_cancelled.html.erb b/app/views/public_activity/program/_collaborator_cancelled.html.erb new file mode 100644 index 00000000..ebe839d7 --- /dev/null +++ b/app/views/public_activity/program/_collaborator_cancelled.html.erb @@ -0,0 +1,7 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + <% if policy(activity.trackable).manage_collaborators? %> + cancelled invitation for <%= activity.parameters[:cancelled_email] || activity.parameters["cancelled_email"] %>. + <% else %> + cancelled an invitation. + <% end %> +<% end %> diff --git a/app/views/public_activity/program/_collaborator_declined.html.erb b/app/views/public_activity/program/_collaborator_declined.html.erb new file mode 100644 index 00000000..77fc4d00 --- /dev/null +++ b/app/views/public_activity/program/_collaborator_declined.html.erb @@ -0,0 +1,3 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + declined the collaboration invitation. +<% end %> diff --git a/app/views/public_activity/program/_collaborator_invited.html.erb b/app/views/public_activity/program/_collaborator_invited.html.erb new file mode 100644 index 00000000..3185bb4c --- /dev/null +++ b/app/views/public_activity/program/_collaborator_invited.html.erb @@ -0,0 +1,7 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + <% if policy(activity.trackable).manage_collaborators? %> + invited <%= activity.parameters[:invited_email] || activity.parameters["invited_email"] %> to collaborate. + <% else %> + invited a new collaborator. + <% end %> +<% end %> diff --git a/app/views/public_activity/program/_collaborator_removed.html.erb b/app/views/public_activity/program/_collaborator_removed.html.erb new file mode 100644 index 00000000..e3f5a280 --- /dev/null +++ b/app/views/public_activity/program/_collaborator_removed.html.erb @@ -0,0 +1,7 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + <% if policy(activity.trackable).manage_collaborators? %> + removed <%= activity.parameters[:removed_email] || activity.parameters["removed_email"] %>. + <% else %> + removed a collaborator. + <% end %> +<% end %> diff --git a/app/views/public_activity/program/_create.html.erb b/app/views/public_activity/program/_create.html.erb index 9d570c53..4b6aff4f 100644 --- a/app/views/public_activity/program/_create.html.erb +++ b/app/views/public_activity/program/_create.html.erb @@ -1,3 +1,3 @@ -<%= render Components::PublicActivity::Snippet.new(activity, owner: activity.trackable&.owner_identity) do %> - created OAuth application "<%= activity.trackable&.name %>". +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + created this app. <% end %> diff --git a/app/views/public_activity/program/_destroy.html.erb b/app/views/public_activity/program/_destroy.html.erb index 57be427d..2543cea3 100644 --- a/app/views/public_activity/program/_destroy.html.erb +++ b/app/views/public_activity/program/_destroy.html.erb @@ -1,3 +1,3 @@ -<%= render Components::PublicActivity::Snippet.new(activity, owner: activity.trackable&.owner_identity) do %> - deleted OAuth application "<%= activity.parameters[:name] || 'Unknown' %>". +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + deleted this app. <% end %> diff --git a/app/views/public_activity/program/_revoke_all_authorizations.html.erb b/app/views/public_activity/program/_revoke_all_authorizations.html.erb new file mode 100644 index 00000000..c7926c67 --- /dev/null +++ b/app/views/public_activity/program/_revoke_all_authorizations.html.erb @@ -0,0 +1,3 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + revoked all authorizations (<%= activity.parameters[:count] || activity.parameters["count"] || 0 %> tokens). +<% end %> diff --git a/app/views/public_activity/program/_rotate_credentials.html.erb b/app/views/public_activity/program/_rotate_credentials.html.erb new file mode 100644 index 00000000..06fb4786 --- /dev/null +++ b/app/views/public_activity/program/_rotate_credentials.html.erb @@ -0,0 +1,3 @@ +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + rotated credentials. +<% end %> diff --git a/app/views/public_activity/program/_update.html.erb b/app/views/public_activity/program/_update.html.erb index efc2ec0a..fbe12909 100644 --- a/app/views/public_activity/program/_update.html.erb +++ b/app/views/public_activity/program/_update.html.erb @@ -1,3 +1,3 @@ -<%= render Components::PublicActivity::Snippet.new(activity, owner: activity.trackable&.owner_identity) do %> - updated OAuth application "<%= activity.trackable&.name %>". +<%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> + updated app settings. <% end %> diff --git a/config/locales/en.yml b/config/locales/en.yml index f0a8c054..856a9ee1 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -212,6 +212,8 @@ en: pending_badge: Pending cancel_invitation: Cancel Invitation pending_invitations_heading: Pending Invitations + activity_log: Activity Log + no_activity: No activity recorded yet. edit_app: Edit App delete_app: Delete App delete_confirm: Are you sure you want to delete this app? This action cannot be undone and will revoke all existing tokens. From 76b37378670121d0562d2ef5dfa15aab804fef54 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:28:29 -0500 Subject: [PATCH 11/30] no lastnaming admins --- app/components/identity_mention.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/components/identity_mention.rb b/app/components/identity_mention.rb index 9760a140..5ee50984 100644 --- a/app/components/identity_mention.rb +++ b/app/components/identity_mention.rb @@ -18,7 +18,7 @@ def view_template if @identity.backend_user plain " " - abbr(title: "#{@identity.first_name} #{@identity.last_name} is an admin") { "⚡" } + abbr(title: "#{@identity.first_name} is an admin") { "⚡" } end end end From 6aef84a37dc9ace86ac0b6befdd51116c963a087 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:32:12 -0500 Subject: [PATCH 12/30] async frame that shit! --- app/controllers/developer_apps_controller.rb | 7 ++++++- app/frontend/stylesheets/snippets/_utilities.scss | 9 +++++++++ app/policies/program_policy.rb | 4 ++++ app/views/developer_apps/activity_log.html.erb | 5 +++++ app/views/developer_apps/show.html.erb | 12 ++++++------ config/locales/en.yml | 1 + config/routes.rb | 1 + 7 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 app/views/developer_apps/activity_log.html.erb diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index 7c8ca981..4023963b 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -1,7 +1,7 @@ class DeveloperAppsController < ApplicationController include IdentityAuthorizable - before_action :set_app, only: [ :show, :edit, :update, :destroy, :rotate_credentials, :revoke_all_authorizations ] + before_action :set_app, only: [ :show, :edit, :update, :destroy, :rotate_credentials, :revoke_all_authorizations, :activity_log ] def index authorize Program @@ -27,11 +27,16 @@ def show @collaborators = @app.program_collaborators.accepted.includes(:identity) @pending_invitations_for_app = @app.program_collaborators.pending end + end + + def activity_log + authorize @app @activities = PublicActivity::Activity .where(trackable: @app) .includes(:owner) .order(created_at: :desc) .limit(50) + render layout: "htmx" end def new diff --git a/app/frontend/stylesheets/snippets/_utilities.scss b/app/frontend/stylesheets/snippets/_utilities.scss index 90c5d15b..c9f84c23 100644 --- a/app/frontend/stylesheets/snippets/_utilities.scss +++ b/app/frontend/stylesheets/snippets/_utilities.scss @@ -5,3 +5,12 @@ .container { @include container(); } .container-md { @include container(1000px); } .container-sm { @include container(720px); } + +// HTMX loader — hidden by default, shown when a sibling triggers a request +.hx-loader { + display: none; + margin-top: $space-3; +} +.htmx-request ~ .hx-loader { + display: block; +} diff --git a/app/policies/program_policy.rb b/app/policies/program_policy.rb index bb3852f2..dfe6df7a 100644 --- a/app/policies/program_policy.rb +++ b/app/policies/program_policy.rb @@ -79,6 +79,10 @@ def revoke_all_authorizations? owner? || admin? end + def activity_log? + show? + end + def manage_collaborators? owner? || admin? end diff --git a/app/views/developer_apps/activity_log.html.erb b/app/views/developer_apps/activity_log.html.erb new file mode 100644 index 00000000..537f66c5 --- /dev/null +++ b/app/views/developer_apps/activity_log.html.erb @@ -0,0 +1,5 @@ +<% if @activities.any? %> + <%= render Components::PublicActivity::Container.new(@activities) %> +<% else %> +

<%= t("developer_apps.show.no_activity") %>

+<% end %> diff --git a/app/views/developer_apps/show.html.erb b/app/views/developer_apps/show.html.erb index 05016be7..274a9ec4 100644 --- a/app/views/developer_apps/show.html.erb +++ b/app/views/developer_apps/show.html.erb @@ -182,14 +182,14 @@ <% end %> - <%# Activity Log %> + <%# Activity Log (async) %>

<%= t(".activity_log") %>

- <% if @activities.any? %> - <%= render Components::PublicActivity::Container.new(@activities) %> - <% else %> -

<%= t(".no_activity") %>

- <% end %> + <%= render Components::BootlegTurboButton.new( + activity_log_developer_app_path(@app), + text: t(".show_activity"), + id: "activity-log-container" + ) %>
diff --git a/config/locales/en.yml b/config/locales/en.yml index 856a9ee1..3ccc1ec1 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -213,6 +213,7 @@ en: cancel_invitation: Cancel Invitation pending_invitations_heading: Pending Invitations activity_log: Activity Log + show_activity: Load Activity Log no_activity: No activity recorded yet. edit_app: Edit App delete_app: Delete App diff --git a/config/routes.rb b/config/routes.rb index fa444060..8f05ba3b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -361,6 +361,7 @@ def self.matches?(request) member do post :rotate_credentials post :revoke_all_authorizations + get :activity_log end resources :collaborators, only: [ :create, :destroy ], controller: "developer_app_collaborators" From 8d263ee7d49e290bd868b6f414fa86bca629214f Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:09:14 -0500 Subject: [PATCH 13/30] waugh --- app/components/bootleg_turbo_button.rb | 23 +++++++++++++++++++++++ app/frontend/js/scope-editor.js | 12 +++++++++--- 2 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 app/components/bootleg_turbo_button.rb diff --git a/app/components/bootleg_turbo_button.rb b/app/components/bootleg_turbo_button.rb new file mode 100644 index 00000000..45a86072 --- /dev/null +++ b/app/components/bootleg_turbo_button.rb @@ -0,0 +1,23 @@ +class Components::BootlegTurboButton < Components::Base + def initialize(path, text:, **opts) + @path = path + @text = text + @opts = opts + end + + def view_template + container_id = @opts.delete(:id) || "btb-#{@path.parameterize}" + div(id: container_id, class: "btb-container") do + button( + class: "secondary small-btn", + hx_get: @path, + hx_target: "##{container_id}", + hx_swap: "innerHTML", + **@opts + ) { @text } + div(class: "hx-loader") do + vite_image_tag "images/loader.gif", style: "image-rendering: pixelated;" + end + end + end +end diff --git a/app/frontend/js/scope-editor.js b/app/frontend/js/scope-editor.js index 26b592a6..66ce2961 100644 --- a/app/frontend/js/scope-editor.js +++ b/app/frontend/js/scope-editor.js @@ -32,9 +32,15 @@ export function scopeEditor({ trustLevel, selectedScopes, allowedScopes, communi }, onTrustLevelChange() { - const valid = this.editableScopes.map(s => s.name); - this.removedScopes = this.selected.filter(s => !valid.includes(s)); - this.selected = this.selected.filter(s => valid.includes(s)); + // Determine which scopes are valid for the new trust level, + // scoped to what this user is allowed to touch. + const trustValid = this.trustLevel === 'hq_official' ? allowedScopes : communityScopes; + this.removedScopes = this.selected.filter(s => + allowedScopes.includes(s) && !trustValid.includes(s) + ); + this.selected = this.selected.filter(s => + trustValid.includes(s) || !allowedScopes.includes(s) + ); }, dismissWarning() { this.removedScopes = []; }, From 930e5ec4d18e434ca83b5d94a1111847ac99c747 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:10:57 -0500 Subject: [PATCH 14/30] can't add yourself --- app/controllers/developer_app_collaborators_controller.rb | 5 +++++ config/locales/en.yml | 1 + 2 files changed, 6 insertions(+) diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index 2fea969e..3c2503e5 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -8,6 +8,11 @@ def create email = params[:email].to_s.strip.downcase + if email == @app.owner_identity&.primary_email + redirect_to developer_app_path(@app), alert: t(".cannot_add_self") + return + end + # Anti-enumeration: always create a pending record regardless of whether # the identity exists. The owner sees the same "Pending" row either way. identity = Identity.find_by(primary_email: email) diff --git a/config/locales/en.yml b/config/locales/en.yml index 3ccc1ec1..2f635c98 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -283,6 +283,7 @@ en: developer_app_collaborators: create: generic_response: "If an account with this email exists, they'll receive an invitation to collaborate." + cannot_add_self: "That's you, you goof!" destroy: success: Collaborator removed. developer_app_collaborator_invitations: From c47276a0d0e31d6c87d6845afd466881bbfc2e73 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:19:47 -0500 Subject: [PATCH 15/30] fix reinvite --- .../developer_app_collaborators_controller.rb | 18 +++++++++++++----- config/locales/en.yml | 3 ++- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index 3c2503e5..60d78607 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -13,18 +13,26 @@ def create return end - # Anti-enumeration: always create a pending record regardless of whether - # the identity exists. The owner sees the same "Pending" row either way. identity = Identity.find_by(primary_email: email) unless identity&.id == @app.owner_identity_id - @app.program_collaborators.find_or_create_by(invited_email: email) do |pc| + collaborator = @app.program_collaborators.find_or_create_by(invited_email: email) do |pc| pc.identity = identity end - @app.create_activity :collaborator_invited, owner: current_identity, parameters: { invited_email: email } + + reinvited = collaborator.declined? || collaborator.cancelled? + collaborator.update!(status: :pending, identity: identity) if reinvited + + if collaborator.previously_new_record? || reinvited + @app.create_activity :collaborator_invited, owner: current_identity, parameters: { invited_email: email } + redirect_to developer_app_path(@app), notice: t(".invited") + else + redirect_to developer_app_path(@app), alert: t(".already_invited") + end + return end - redirect_to developer_app_path(@app), notice: t(".generic_response") + redirect_to developer_app_path(@app), notice: t(".invited") end def destroy diff --git a/config/locales/en.yml b/config/locales/en.yml index 2f635c98..979a99c4 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -282,7 +282,8 @@ en: not_found: OAuth app not found. developer_app_collaborators: create: - generic_response: "If an account with this email exists, they'll receive an invitation to collaborate." + invited: "Invitation sent!" + already_invited: "This person has already been invited." cannot_add_self: "That's you, you goof!" destroy: success: Collaborator removed. From 929d6b23be0283846a53c419b458e5528943fc2f Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:31:02 -0500 Subject: [PATCH 16/30] sidebar badging --- app/components/sidebar.rb | 6 ++++-- app/frontend/stylesheets/snippets/sidebar.scss | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/app/components/sidebar.rb b/app/components/sidebar.rb index 6ee49383..a81ccf48 100644 --- a/app/components/sidebar.rb +++ b/app/components/sidebar.rb @@ -52,7 +52,8 @@ def nav_items # Add developer link if developer mode is enabled or user is a program manager/super admin if current_identity.present? && (current_identity.developer_mode? || current_identity.backend_user&.program_manager? || current_identity.backend_user&.super_admin?) - items << { label: t("sidebar.developer"), path: developer_apps_path, icon: "code" } + pending_count = current_identity.pending_collaboration_invitations.count + items << { label: t("sidebar.developer"), path: developer_apps_path, icon: "code", badge: pending_count } end items << { label: t("sidebar.docs"), path: docs_path, icon: "docs" } @@ -95,12 +96,13 @@ def render_navigation end end - def render_nav_item(label:, path:, icon: nil) + def render_nav_item(label:, path:, icon: nil, badge: nil) is_active = @current_path == path link_to(path, class: [ "sidebar-nav-item", ("active" if is_active) ].compact.join(" ")) do span(class: "nav-icon") { inline_icon(icon, size: 24) } if icon span(class: "nav-label") { label } + span(class: "nav-badge") { badge.to_s } if badge && badge > 0 end end diff --git a/app/frontend/stylesheets/snippets/sidebar.scss b/app/frontend/stylesheets/snippets/sidebar.scss index cbfab3f3..17c679c0 100644 --- a/app/frontend/stylesheets/snippets/sidebar.scss +++ b/app/frontend/stylesheets/snippets/sidebar.scss @@ -135,6 +135,22 @@ font-size: 0.95rem; letter-spacing: -0.01em; } + + .nav-badge { + margin-left: auto; + min-width: 20px; + height: 20px; + padding: 0 6px; + border-radius: 10px; + background: color-mix(in srgb, var(--pico-primary) 70%, grey); + color: white; + font-size: 0.7rem; + font-weight: 700; + display: inline-flex; + align-items: center; + justify-content: center; + line-height: 1; + } } .sidebar-user { From 0d76e911d72c02a5043b82d1db2c088d56bc227e Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:38:45 -0500 Subject: [PATCH 17/30] lint... --- app/views/public_activity/verification/_reject.html.erb | 2 +- db/migrate/20260226200001_create_program_collaborators.rb | 2 +- ...260302000002_allow_null_identity_on_program_collaborators.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/public_activity/verification/_reject.html.erb b/app/views/public_activity/verification/_reject.html.erb index d3250ee0..8c768a00 100644 --- a/app/views/public_activity/verification/_reject.html.erb +++ b/app/views/public_activity/verification/_reject.html.erb @@ -14,5 +14,5 @@ reason_name = Verification::DocumentVerification::REJECTION_REASON_NAMES[reason] || reason %> for <%= reason_name.downcase %><% end - %>. + %>. <% end %> diff --git a/db/migrate/20260226200001_create_program_collaborators.rb b/db/migrate/20260226200001_create_program_collaborators.rb index 5fc8028b..e8d485c2 100644 --- a/db/migrate/20260226200001_create_program_collaborators.rb +++ b/db/migrate/20260226200001_create_program_collaborators.rb @@ -6,6 +6,6 @@ def change t.timestamps end - add_index :program_collaborators, [:program_id, :identity_id], unique: true + add_index :program_collaborators, [ :program_id, :identity_id ], unique: true end end diff --git a/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb b/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb index cbc89904..4d1b8077 100644 --- a/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb +++ b/db/migrate/20260302000002_allow_null_identity_on_program_collaborators.rb @@ -1,7 +1,7 @@ class AllowNullIdentityOnProgramCollaborators < ActiveRecord::Migration[8.0] def change change_column_null :program_collaborators, :identity_id, true - add_index :program_collaborators, [:program_id, :invited_email], unique: true, + add_index :program_collaborators, [ :program_id, :invited_email ], unique: true, where: "status IN ('pending', 'accepted')", name: "idx_program_collabs_on_program_email_visible" end From 30c3f2c48024987b672c0d112d46a6d725014e87 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:51:35 -0500 Subject: [PATCH 18/30] gotta be on the app! --- ...eloper_app_collaborator_invitations_controller.rb | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/app/controllers/developer_app_collaborator_invitations_controller.rb b/app/controllers/developer_app_collaborator_invitations_controller.rb index ddc5a406..5b616fa7 100644 --- a/app/controllers/developer_app_collaborator_invitations_controller.rb +++ b/app/controllers/developer_app_collaborator_invitations_controller.rb @@ -6,7 +6,11 @@ class DeveloperAppCollaboratorInvitationsController < ApplicationController # Invitee accepts def accept - invitation = current_identity.pending_collaboration_invitations.find(params[:id]) + invitation = @app.program_collaborators.pending.where( + "(identity_id = ? OR (identity_id IS NULL AND invited_email = ?))", + current_identity.id, + current_identity.primary_email + ).find(params[:id]) invitation.update!(identity: current_identity) if invitation.identity_id.nil? invitation.accept! @app.create_activity :collaborator_accepted, owner: current_identity @@ -15,7 +19,11 @@ def accept # Invitee declines def decline - invitation = current_identity.pending_collaboration_invitations.find(params[:id]) + invitation = @app.program_collaborators.pending.where( + "(identity_id = ? OR (identity_id IS NULL AND invited_email = ?))", + current_identity.id, + current_identity.primary_email + ).find(params[:id]) invitation.decline! @app.create_activity :collaborator_declined, owner: current_identity redirect_to developer_apps_path, notice: t(".success") From bf26e955e0d78e38eb0fa0f7b924a287c8a4c3e3 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:52:42 -0500 Subject: [PATCH 19/30] let that get rescued by applcon --- app/controllers/developer_app_collaborators_controller.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index 60d78607..9f186213 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -44,9 +44,6 @@ def destroy @app.create_activity :collaborator_removed, owner: current_identity, parameters: { removed_email: email } redirect_to developer_app_path(@app), notice: t(".success") - rescue ActiveRecord::RecordNotFound - flash[:error] = t("developer_apps.collaborator.not_found") - redirect_to developer_app_path(@app) end private From 0aa976aa482351331f45ad69bab31a7c0e46b1d4 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:53:27 -0500 Subject: [PATCH 20/30] already in revoke_all_authorizations --- app/controllers/developer_apps_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index 4023963b..7d517086 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -110,7 +110,7 @@ def revoke_all_authorizations @app.paper_trail_event = "revoke_all_authorizations" @app.paper_trail.save_with_version @app.create_activity :revoke_all_authorizations, owner: current_identity, parameters: { count: count } - redirect_to developer_app_path(@app), notice: t(".revoke_all_authorizations.success", count: count) + redirect_to developer_app_path(@app), notice: t(".success", count: count) end private From 0b9fba281f35f337f0a1d672a201f75314c99a37 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:54:14 -0500 Subject: [PATCH 21/30] woag --- app/controllers/developer_apps_controller.rb | 2 +- config/locales/en.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index 7d517086..a8b9e2b8 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -100,7 +100,7 @@ def rotate_credentials authorize @app @app.rotate_credentials! @app.create_activity :rotate_credentials, owner: current_identity - redirect_to developer_app_path(@app), notice: t(".rotate_credentials.success") + redirect_to developer_app_path(@app), notice: t(".success") end def revoke_all_authorizations diff --git a/config/locales/en.yml b/config/locales/en.yml index 979a99c4..57a3d4b4 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -273,7 +273,7 @@ en: destroy: success: OAuth app deleted successfully! rotate_credentials: - success: OAuth app credentials rotated successfully! + success: OAuth app credentials rotated successfully. revoke_all_authorizations: success: one: "Revoked 1 token." From 962d4e747b190001fe2a2bcc5da19a58e4e034f0 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 18:56:13 -0500 Subject: [PATCH 22/30] the routes you grew up with no longer exist --- app/views/backend/identities/show.html.erb | 2 +- app/views/public_activity/o_auth_token/_create.html.erb | 2 +- app/views/public_activity/o_auth_token/_revoke.html.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/backend/identities/show.html.erb b/app/views/backend/identities/show.html.erb index 150c5b65..00d31a4c 100644 --- a/app/views/backend/identities/show.html.erb +++ b/app/views/backend/identities/show.html.erb @@ -144,7 +144,7 @@ <% @all_programs.each do |program| %> - <%= link_to program.name, backend_program_path(program) %> + <%= link_to program.name, developer_app_path(program) %> <%= program.scopes.presence || "—" %> <% end %> diff --git a/app/views/public_activity/o_auth_token/_create.html.erb b/app/views/public_activity/o_auth_token/_create.html.erb index 67f16648..ffb6db37 100644 --- a/app/views/public_activity/o_auth_token/_create.html.erb +++ b/app/views/public_activity/o_auth_token/_create.html.erb @@ -2,7 +2,7 @@ <% app_name = activity.trackable&.application&.name || "(deleted app #{activity.trackable&.application_id})" app_link = if defined?(current_user) && current_user.is_a?(Backend::User) && activity.trackable&.application - link_to app_name, backend_program_path(activity.trackable.application) + link_to app_name, developer_app_path(activity.trackable.application) else app_name end diff --git a/app/views/public_activity/o_auth_token/_revoke.html.erb b/app/views/public_activity/o_auth_token/_revoke.html.erb index 004a4577..93e47573 100644 --- a/app/views/public_activity/o_auth_token/_revoke.html.erb +++ b/app/views/public_activity/o_auth_token/_revoke.html.erb @@ -2,7 +2,7 @@ <% app_name = activity.trackable&.application&.name || "(deleted app #{activity.trackable&.application_id})" app_link = if defined?(current_user) && current_user.is_a?(Backend::User) && activity.trackable&.application - link_to app_name, backend_program_path(activity.trackable.application) + link_to app_name, developer_app_path(activity.trackable.application) else app_name end From a6760aa81f4674e5c983ab4134b240974b27586c Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 19:04:55 -0500 Subject: [PATCH 23/30] what would the UI for that even be? --- app/controllers/developer_apps_controller.rb | 3 --- app/views/developer_apps/index.html.erb | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index a8b9e2b8..04672cf5 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -10,9 +10,6 @@ def index if admin? @apps = @apps.where("oauth_applications.name ILIKE :q OR oauth_applications.uid ILIKE :q", q: "%#{params[:search]}%") if params[:search].present? - if params[:owner_id].present? - @apps = @apps.where(owner_identity_id: params[:owner_id]) - end end @apps = @apps.page(params[:page]).per(25) diff --git a/app/views/developer_apps/index.html.erb b/app/views/developer_apps/index.html.erb index 4642d984..9d395448 100644 --- a/app/views/developer_apps/index.html.erb +++ b/app/views/developer_apps/index.html.erb @@ -28,7 +28,7 @@ <%= form_with url: developer_apps_path, method: :get, local: true do %> <%= text_field_tag :search, params[:search], placeholder: t(".search_placeholder"), type: "search" %> - <% if params[:search].present? || params[:owner_id].present? %> + <% if params[:search].present? %> <%= link_to "✕ #{t('.clear_filters')}", developer_apps_path, class: "button-secondary small-btn" %> <% end %> <% end %> From ef6ac1a0e1ed4ebe21f5b8b72a474b6118a2db44 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 19:08:22 -0500 Subject: [PATCH 24/30] sorch --- app/controllers/developer_apps_controller.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index 04672cf5..e4fea29e 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -9,7 +9,11 @@ def index @apps = policy_scope(Program).includes(:owner_identity).order(created_at: :desc) if admin? - @apps = @apps.where("oauth_applications.name ILIKE :q OR oauth_applications.uid ILIKE :q", q: "%#{params[:search]}%") if params[:search].present? + @apps = @apps.where( + "oauth_applications.name ILIKE :q OR oauth_applications.uid = :uid", + q: "%#{params[:search]}%", + uid: params[:search] + ) end @apps = @apps.page(params[:page]).per(25) From 75d198e50d9afe843ee8cfb0931a1c225d65470c Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 19:10:33 -0500 Subject: [PATCH 25/30] much better! --- .../stylesheets/snippets/developer_apps.scss | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/app/frontend/stylesheets/snippets/developer_apps.scss b/app/frontend/stylesheets/snippets/developer_apps.scss index 366b1e4e..55e0f299 100644 --- a/app/frontend/stylesheets/snippets/developer_apps.scss +++ b/app/frontend/stylesheets/snippets/developer_apps.scss @@ -242,17 +242,23 @@ a.button-secondary, border: 1px solid var(--pico-card-border-color); border-radius: $radius-lg; margin-bottom: $space-4; - form { display: contents; } + form { + display: flex; + align-items: center; + gap: $space-3; + flex: 1; + min-width: 0; + } input[type="search"], input[type="text"] { flex: 1; min-width: 200px; - margin: 0; padding: 0.5rem 0.75rem; font-size: 0.9rem; + margin: 0; padding: 0.5rem 0.75rem 0.5rem 2.5rem; font-size: 0.9rem; } .search-results-count { font-size: 0.875rem; color: var(--pico-muted-color); margin-left: auto; } - button, button[type="submit"] { flex-shrink: 0; width: auto; margin: 0; } + button, button[type="submit"] { flex-shrink: 0; width: auto; margin: 0; padding: 0.5rem 1rem; white-space: nowrap; } } // Locked scope checkboxes (user can't touch these) From ba68bf651f1e9812d7d69e209a62bab40245ea5a Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 19:18:20 -0500 Subject: [PATCH 26/30] frickin validations --- app/controllers/developer_app_collaborators_controller.rb | 6 ++++++ app/models/program_collaborator.rb | 4 ++-- config/locales/en.yml | 1 + 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index 9f186213..d31d2048 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -20,6 +20,12 @@ def create pc.identity = identity end + unless collaborator.persisted? + alert_message = collaborator.errors.full_messages.to_sentence.presence || t(".invalid_email") + redirect_to developer_app_path(@app), alert: alert_message + return + end + reinvited = collaborator.declined? || collaborator.cancelled? collaborator.update!(status: :pending, identity: identity) if reinvited diff --git a/app/models/program_collaborator.rb b/app/models/program_collaborator.rb index 3541d58d..f5232806 100644 --- a/app/models/program_collaborator.rb +++ b/app/models/program_collaborator.rb @@ -6,9 +6,9 @@ class ProgramCollaborator < ApplicationRecord belongs_to :program belongs_to :identity, optional: true - validates :invited_email, presence: true + validates :invited_email, presence: true, 'valid_email_2/email': true validates :invited_email, uniqueness: { scope: :program_id, conditions: -> { visible } } - validates :identity_id, uniqueness: { scope: :program_id }, allow_nil: true + validates :identity_id, uniqueness: { scope: :program_id, conditions: -> { visible } }, allow_nil: true scope :visible, -> { where(status: %w[pending accepted]) } diff --git a/config/locales/en.yml b/config/locales/en.yml index 57a3d4b4..b9571698 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -285,6 +285,7 @@ en: invited: "Invitation sent!" already_invited: "This person has already been invited." cannot_add_self: "That's you, you goof!" + invalid_email: "Please enter a valid email address." destroy: success: Collaborator removed. developer_app_collaborator_invitations: From 2187a256ccdf83700f4c537f154996d48e83ec4f Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 19:35:44 -0500 Subject: [PATCH 27/30] unschema --- db/schema.rb | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/db/schema.rb b/db/schema.rb index 25bf43c6..1b74f528 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -301,6 +301,7 @@ t.boolean "saml_debug" t.boolean "is_in_workspace", default: false, null: false t.string "slack_dm_channel_id" + t.string "webauthn_id" t.boolean "is_alum", default: false t.boolean "can_hq_officialize", default: false, null: false t.index "lower((primary_email)::text)", name: "idx_identities_unique_primary_email", unique: true, where: "(deleted_at IS NULL)" @@ -446,7 +447,6 @@ t.integer "sign_count" t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.datetime "compromised_at" t.index ["external_id"], name: "index_identity_webauthn_credentials_on_external_id", unique: true t.index ["identity_id"], name: "index_identity_webauthn_credentials_on_identity_id" end @@ -602,6 +602,18 @@ t.index ["item_type", "item_id"], name: "index_versions_on_item_type_and_item_id" end + create_table "webauthn_credentials", force: :cascade do |t| + t.bigint "identity_id", null: false + t.string "external_id", null: false + t.string "public_key", null: false + t.string "nickname", null: false + t.integer "sign_count", default: 0, null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["external_id"], name: "index_webauthn_credentials_on_external_id", unique: true + t.index ["identity_id"], name: "index_webauthn_credentials_on_identity_id" + end + add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id" add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" add_foreign_key "addresses", "identities" @@ -636,4 +648,5 @@ add_foreign_key "verifications", "identities" add_foreign_key "verifications", "identity_aadhaar_records", column: "aadhaar_record_id" add_foreign_key "verifications", "identity_documents" + add_foreign_key "webauthn_credentials", "identities" end From bc2d74c1270ca70b0250e57067dcca458eacb94d Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 19:36:35 -0500 Subject: [PATCH 28/30] better collaborator logic --- ...app_collaborator_invitations_controller.rb | 40 +++++++------------ .../developer_app_collaborators_controller.rb | 39 ++++++++---------- app/models/program_collaborator.rb | 5 +++ app/policies/program_collaborator_policy.rb | 32 +++++++++++++++ 4 files changed, 69 insertions(+), 47 deletions(-) create mode 100644 app/policies/program_collaborator_policy.rb diff --git a/app/controllers/developer_app_collaborator_invitations_controller.rb b/app/controllers/developer_app_collaborator_invitations_controller.rb index 5b616fa7..59390aec 100644 --- a/app/controllers/developer_app_collaborator_invitations_controller.rb +++ b/app/controllers/developer_app_collaborator_invitations_controller.rb @@ -1,47 +1,37 @@ class DeveloperAppCollaboratorInvitationsController < ApplicationController include IdentityAuthorizable - before_action :set_app - skip_after_action :verify_authorized, only: %i[accept decline] + before_action :set_invitation # Invitee accepts def accept - invitation = @app.program_collaborators.pending.where( - "(identity_id = ? OR (identity_id IS NULL AND invited_email = ?))", - current_identity.id, - current_identity.primary_email - ).find(params[:id]) - invitation.update!(identity: current_identity) if invitation.identity_id.nil? - invitation.accept! - @app.create_activity :collaborator_accepted, owner: current_identity + authorize @invitation + @invitation.update!(identity: current_identity) if @invitation.identity_id.nil? + @invitation.accept! + @invitation.program.create_activity :collaborator_accepted, owner: current_identity redirect_to developer_apps_path, notice: t(".success") end # Invitee declines def decline - invitation = @app.program_collaborators.pending.where( - "(identity_id = ? OR (identity_id IS NULL AND invited_email = ?))", - current_identity.id, - current_identity.primary_email - ).find(params[:id]) - invitation.decline! - @app.create_activity :collaborator_declined, owner: current_identity + authorize @invitation + @invitation.decline! + @invitation.program.create_activity :collaborator_declined, owner: current_identity redirect_to developer_apps_path, notice: t(".success") end # Owner cancels def cancel - authorize @app, :manage_collaborators? - invitation = @app.program_collaborators.pending.find(params[:id]) - email = invitation.invited_email - invitation.cancel! - @app.create_activity :collaborator_cancelled, owner: current_identity, parameters: { cancelled_email: email } - redirect_to developer_app_path(@app), notice: t(".success") + authorize @invitation + email = @invitation.invited_email + @invitation.cancel! + @invitation.program.create_activity :collaborator_cancelled, owner: current_identity, parameters: { cancelled_email: email } + redirect_to developer_app_path(@invitation.program), notice: t(".success") end private - def set_app - @app = Program.find(params[:developer_app_id]) + def set_invitation + @invitation = ProgramCollaborator.find(params[:id]) end end diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index d31d2048..f8ef8f9f 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -15,30 +15,25 @@ def create identity = Identity.find_by(primary_email: email) - unless identity&.id == @app.owner_identity_id - collaborator = @app.program_collaborators.find_or_create_by(invited_email: email) do |pc| - pc.identity = identity - end - - unless collaborator.persisted? - alert_message = collaborator.errors.full_messages.to_sentence.presence || t(".invalid_email") - redirect_to developer_app_path(@app), alert: alert_message - return - end - - reinvited = collaborator.declined? || collaborator.cancelled? - collaborator.update!(status: :pending, identity: identity) if reinvited - - if collaborator.previously_new_record? || reinvited - @app.create_activity :collaborator_invited, owner: current_identity, parameters: { invited_email: email } - redirect_to developer_app_path(@app), notice: t(".invited") - else - redirect_to developer_app_path(@app), alert: t(".already_invited") - end + collaborator = @app.program_collaborators.find_or_create_by(invited_email: email) do |pc| + pc.identity = identity + end + + unless collaborator.persisted? + alert_message = collaborator.errors.full_messages.to_sentence.presence || t(".invalid_email") + redirect_to developer_app_path(@app), alert: alert_message return end - redirect_to developer_app_path(@app), notice: t(".invited") + reinvited = collaborator.declined? || collaborator.cancelled? + collaborator.update!(status: :pending, identity: identity) if reinvited + + if collaborator.previously_new_record? || reinvited + @app.create_activity :collaborator_invited, owner: current_identity, parameters: { invited_email: email } + redirect_to developer_app_path(@app), notice: t(".invited") + else + redirect_to developer_app_path(@app), alert: t(".already_invited") + end end def destroy @@ -46,7 +41,7 @@ def destroy collaborator = @app.program_collaborators.find(params[:id]) email = collaborator.invited_email - collaborator.destroy + collaborator.remove! @app.create_activity :collaborator_removed, owner: current_identity, parameters: { removed_email: email } redirect_to developer_app_path(@app), notice: t(".success") diff --git a/app/models/program_collaborator.rb b/app/models/program_collaborator.rb index f5232806..8a9b2c26 100644 --- a/app/models/program_collaborator.rb +++ b/app/models/program_collaborator.rb @@ -17,6 +17,7 @@ class ProgramCollaborator < ApplicationRecord state :accepted state :declined state :cancelled + state :removed event :accept do transitions from: :pending, to: :accepted @@ -29,5 +30,9 @@ class ProgramCollaborator < ApplicationRecord event :cancel do transitions from: :pending, to: :cancelled end + + event :remove do + transitions from: %i[pending accepted], to: :removed + end end end diff --git a/app/policies/program_collaborator_policy.rb b/app/policies/program_collaborator_policy.rb new file mode 100644 index 00000000..63fcd50a --- /dev/null +++ b/app/policies/program_collaborator_policy.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +class ProgramCollaboratorPolicy < ApplicationPolicy + def accept? + record.pending? && belongs_to_user? + end + + def decline? + record.pending? && belongs_to_user? + end + + def cancel? + manage_collaborators? + end + + private + + def belongs_to_user? + record.identity_id == user.id || + (record.identity_id.nil? && record.invited_email == user.primary_email) + end + + def manage_collaborators? + program = record.program + program.owner_identity_id == user.id || admin? + end + + def admin? + backend_user = user.backend_user + backend_user&.program_manager? || backend_user&.super_admin? + end +end From 1e4f20e1663efae17bc39f3abc65a7c6447d8369 Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 20:57:03 -0500 Subject: [PATCH 29/30] buncha cleanup --- .../developer_app_collaborators_controller.rb | 12 +++++++----- app/controllers/developer_apps_controller.rb | 6 ++++++ app/models/concerns/auditable.rb | 4 ++-- app/models/program.rb | 5 ----- app/models/program_collaborator.rb | 4 ++++ app/policies/program_collaborator_policy.rb | 4 ++++ 6 files changed, 23 insertions(+), 12 deletions(-) diff --git a/app/controllers/developer_app_collaborators_controller.rb b/app/controllers/developer_app_collaborators_controller.rb index f8ef8f9f..7433afc3 100644 --- a/app/controllers/developer_app_collaborators_controller.rb +++ b/app/controllers/developer_app_collaborators_controller.rb @@ -25,10 +25,13 @@ def create return end - reinvited = collaborator.declined? || collaborator.cancelled? - collaborator.update!(status: :pending, identity: identity) if reinvited + reinvitable = collaborator.may_reinvite? + if reinvitable + collaborator.identity = identity + collaborator.reinvite! + end - if collaborator.previously_new_record? || reinvited + if collaborator.previously_new_record? || reinvitable @app.create_activity :collaborator_invited, owner: current_identity, parameters: { invited_email: email } redirect_to developer_app_path(@app), notice: t(".invited") else @@ -37,9 +40,8 @@ def create end def destroy - authorize @app, :manage_collaborators? - collaborator = @app.program_collaborators.find(params[:id]) + authorize collaborator, :remove? email = collaborator.invited_email collaborator.remove! @app.create_activity :collaborator_removed, owner: current_identity, parameters: { removed_email: email } diff --git a/app/controllers/developer_apps_controller.rb b/app/controllers/developer_apps_controller.rb index e4fea29e..398cd8c4 100644 --- a/app/controllers/developer_apps_controller.rb +++ b/app/controllers/developer_apps_controller.rb @@ -37,6 +37,12 @@ def activity_log .includes(:owner) .order(created_at: :desc) .limit(50) + .to_a + + # Preload backend_user through the polymorphic owner to avoid N+1 in IdentityMention + identities = @activities.filter_map { |a| a.owner if a.owner_type == "Identity" } + ActiveRecord::Associations::Preloader.new(records: identities, associations: :backend_user).call if identities.any? + render layout: "htmx" end diff --git a/app/models/concerns/auditable.rb b/app/models/concerns/auditable.rb index b4ce9240..1bb6cd5b 100644 --- a/app/models/concerns/auditable.rb +++ b/app/models/concerns/auditable.rb @@ -48,8 +48,8 @@ def audit_diff(snapshot) next if old_val == new_val transform = config[:transform] changes[name] = { - from: transform&.call(old_val) || old_val, - to: transform&.call(new_val) || new_val + from: transform ? transform.call(old_val) : old_val, + to: transform ? transform.call(new_val) : new_val } end end diff --git a/app/models/program.rb b/app/models/program.rb index de2fbe6a..c4ca21b2 100644 --- a/app/models/program.rb +++ b/app/models/program.rb @@ -72,7 +72,6 @@ class Program < ApplicationRecord validates :redirect_uri, presence: true validates :scopes, presence: true validate :validate_community_scopes - validate :validate_developer_owned_apps before_validation :generate_uid, on: :create before_validation :generate_secret, on: :create @@ -176,10 +175,6 @@ def validate_community_scopes end end - def validate_developer_owned_apps - # No restrictions - admins can set developer apps to any trust level - end - def generate_uid self.uid = SecureRandom.hex(16) if uid.blank? end diff --git a/app/models/program_collaborator.rb b/app/models/program_collaborator.rb index 8a9b2c26..b6292fd4 100644 --- a/app/models/program_collaborator.rb +++ b/app/models/program_collaborator.rb @@ -34,5 +34,9 @@ class ProgramCollaborator < ApplicationRecord event :remove do transitions from: %i[pending accepted], to: :removed end + + event :reinvite do + transitions from: %i[declined cancelled removed], to: :pending + end end end diff --git a/app/policies/program_collaborator_policy.rb b/app/policies/program_collaborator_policy.rb index 63fcd50a..c8566bad 100644 --- a/app/policies/program_collaborator_policy.rb +++ b/app/policies/program_collaborator_policy.rb @@ -13,6 +13,10 @@ def cancel? manage_collaborators? end + def remove? + manage_collaborators? + end + private def belongs_to_user? From b3ee023b5324ed43968ecab0b905f39bbaea990c Mon Sep 17 00:00:00 2001 From: 24c02 <163450896+24c02@users.noreply.github.com> Date: Mon, 2 Mar 2026 21:20:35 -0500 Subject: [PATCH 30/30] see #191 --- app/policies/program_policy.rb | 13 +++++++++---- .../program/_collaborator_cancelled.html.erb | 2 +- .../program/_collaborator_invited.html.erb | 2 +- .../program/_collaborator_removed.html.erb | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/app/policies/program_policy.rb b/app/policies/program_policy.rb index dfe6df7a..cc1de801 100644 --- a/app/policies/program_policy.rb +++ b/app/policies/program_policy.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true -# `user` here is always an Identity (via IdentityAuthorizable). +# `user` is normally an Identity (via IdentityAuthorizable), but may be a +# Backend::User when activity partials render in the backend context. class ProgramPolicy < ApplicationPolicy def index? user.developer_mode? || admin? @@ -114,12 +115,16 @@ def collaborator? record.is_a?(Class) ? false : record.collaborator?(user) end + def resolve_backend_user + user.is_a?(Backend::User) ? user : user.backend_user + end + def admin? - backend_user = user.backend_user - backend_user&.program_manager? || backend_user&.super_admin? + bu = resolve_backend_user + bu&.program_manager? || bu&.super_admin? end def super_admin? - user.backend_user&.super_admin? + resolve_backend_user&.super_admin? end end diff --git a/app/views/public_activity/program/_collaborator_cancelled.html.erb b/app/views/public_activity/program/_collaborator_cancelled.html.erb index ebe839d7..84c4f283 100644 --- a/app/views/public_activity/program/_collaborator_cancelled.html.erb +++ b/app/views/public_activity/program/_collaborator_cancelled.html.erb @@ -1,5 +1,5 @@ <%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> - <% if policy(activity.trackable).manage_collaborators? %> + <% if activity.trackable && policy(activity.trackable).manage_collaborators? rescue false %> cancelled invitation for <%= activity.parameters[:cancelled_email] || activity.parameters["cancelled_email"] %>. <% else %> cancelled an invitation. diff --git a/app/views/public_activity/program/_collaborator_invited.html.erb b/app/views/public_activity/program/_collaborator_invited.html.erb index 3185bb4c..921db474 100644 --- a/app/views/public_activity/program/_collaborator_invited.html.erb +++ b/app/views/public_activity/program/_collaborator_invited.html.erb @@ -1,5 +1,5 @@ <%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> - <% if policy(activity.trackable).manage_collaborators? %> + <% if activity.trackable && policy(activity.trackable).manage_collaborators? rescue false %> invited <%= activity.parameters[:invited_email] || activity.parameters["invited_email"] %> to collaborate. <% else %> invited a new collaborator. diff --git a/app/views/public_activity/program/_collaborator_removed.html.erb b/app/views/public_activity/program/_collaborator_removed.html.erb index e3f5a280..e75c3ad0 100644 --- a/app/views/public_activity/program/_collaborator_removed.html.erb +++ b/app/views/public_activity/program/_collaborator_removed.html.erb @@ -1,5 +1,5 @@ <%= render Components::PublicActivity::Snippet.new(activity, owner_component: Components::IdentityMention.new(activity.owner)) do %> - <% if policy(activity.trackable).manage_collaborators? %> + <% if activity.trackable && policy(activity.trackable).manage_collaborators? rescue false %> removed <%= activity.parameters[:removed_email] || activity.parameters["removed_email"] %>. <% else %> removed a collaborator.