Skip to content

fix(ui): user management visibility and reset password API #1484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yottahmd merged 3 commits into from
Dec 14, 2025
Merged

fix(ui): user management visibility and reset password API #1484

yottahmd merged 3 commits into from
Dec 14, 2025

Conversation

@yottahmd
Copy link
Collaborator

@yottahmd yottahmd commented Dec 14, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Bug Fixes

    • Updated password reset API endpoint and request method for compatibility.

  • New Features

    • User Management menu item now displays based on admin privileges and authentication configuration.
    • Reset Password action restricted to admin users only.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Dec 14, 2025
edited
Loading

Walkthrough

Authorization restrictions are added across User Management features: the menu item now requires both admin status and builtin authentication mode; the password reset endpoint path and HTTP method are updated; and the reset password action is gated to admin users only.

Changes

Cohort / File(s) Change Summary
Navigation Gating
ui/src/menu.tsx		 User Management menu item now conditionally renders only when user is admin AND authMode equals "builtin"
Password Reset Configuration
ui/src/pages/users/ResetPasswordModal.tsx		 API endpoint updated from PUT /users/{id}/password to POST /users/{id}/reset-password
User Actions Authorization
ui/src/pages/users/index.tsx		 Reset Password action in user row dropdown now renders only for admin users via useIsAdmin hook

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Multiple files applying the same authorization pattern (isAdmin checks), reducing cognitive load through repetition
  • Straightforward endpoint migration (path and method change) with no behavioral logic modifications
  • Changes are localized and don't affect core data-fetching or error-handling flows

Poem

🐰 Authorization gates now guard the way,
Admins only, come what may,
Password resets in POST's care,
Security stitched everywhere!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the two main changes: restricting user management visibility to admins with 'builtin' authMode, and updating the reset password API endpoint and method.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-user-mgmt-feature
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9841e6e and 07a3bef.

📒 Files selected for processing (3)
  • ui/src/menu.tsx (1 hunks)
  • ui/src/pages/users/ResetPasswordModal.tsx (1 hunks)
  • ui/src/pages/users/index.tsx (3 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
ui/**/*.{ts,tsx,jsx,js}

📄 CodeRabbit inference engine (ui/CLAUDE.md)

ui/**/*.{ts,tsx,jsx,js}: Use developer-centric UI design with high information density, minimal whitespace, compact components, and no unnecessary decorations
Support both light and dark modes for all UI components using Tailwind CSS class pairs like dark:bg-slate-700
NEVER use full-page loading overlays or LoadingIndicator components that hide content - show stale data while fetching updates instead
Use compact modal design with small headers, minimal padding (p-2 or p-3), tight spacing, and support keyboard navigation (arrows, enter, escape)
Use small heights for form elements: select boxes h-7 or smaller, buttons h-7 or h-8, inputs with compact padding (py-0.5 or py-1)
Minimize row heights in tables and lists while maintaining readability, merge related columns, and always handle long text with whitespace-normal break-words
Use consistent metadata styling with bg-slate-200 dark:bg-slate-700 backgrounds and maintain text hierarchy with primary/secondary/muted text colors
Use flexbox-first layouts with min-h-0 and overflow-hidden to prevent layout breaks, account for fixed elements when setting heights
Maintain keyboard navigation support in all interactive components with appropriate focus indicators and ARIA labels

Files:

  • ui/src/menu.tsx
  • ui/src/pages/users/ResetPasswordModal.tsx
  • ui/src/pages/users/index.tsx
ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

ui/**/*.{ts,tsx}: The React + TypeScript frontend resides in ui/, with production bundles copied to internal/service/frontend/assets by make ui
UI code follows ESLint + Prettier (2-space indent) and Tailwind utilities; name React components in PascalCase (JobList.tsx) and hooks with use* (useJobs.ts)

Files:

  • ui/src/menu.tsx
  • ui/src/pages/users/ResetPasswordModal.tsx
  • ui/src/pages/users/index.tsx
🧬 Code graph analysis (1)
ui/src/pages/users/index.tsx (1)
ui/src/contexts/AuthContext.tsx (1)
  • useIsAdmin (149-154)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Build
🔇 Additional comments (3)
ui/src/pages/users/ResetPasswordModal.tsx (1)

75-76: Backend endpoint POST /users/{id}/reset-password is correctly implemented and supports the frontend usage.

The endpoint is properly configured to accept POST requests with the newPassword payload. The backend service layer documents this as an admin action (does not require the old password), which is enforced at the service level via the ResetPassword method.

ui/src/pages/users/index.tsx (1)

3-3: Backend authorization correctly enforces admin requirement for Reset Password action.

The Reset Password action is properly gated:

  • Frontend: useIsAdmin() checks user?.role === 'admin' in builtin auth mode (returns true in non-builtin modes)
  • Backend: ResetUserPassword handler calls a.requireAdmin(ctx) before executing the password reset

The implementation is sound and consistent between frontend and backend.

ui/src/menu.tsx (1)

222-230: User Management correctly gated to builtin auth mode.

The navigation item now requires both admin status and builtin authentication mode. The backend properly enforces this: WithAuthService is only applied when cfg.Server.Auth.Mode == config.AuthModeBuiltin, and all user management endpoints check requireUserManagement() which returns an error if authService is nil.

Comment @coderabbitai help to get the list of available commands and usage tips.

@yottahmd yottahmd merged commit be3e71b into main Dec 14, 2025
2 checks passed
@yottahmd yottahmd deleted the fix-user-mgmt-feature branch December 14, 2025 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yottahmd