Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-06-15 10:43:36 -06:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
screentinker/frontend/js/views/workspace-members.js
ScreenTinker caa9fd0f40 feat(workspaces): mutation UI for members (slice 2B) 
Completes P2 user-management. Adds the full admin surface for managing
workspace membership: invite modal, role change, member remove, cancel
pending invite. All admin-gated client-side via can_admin from /me,
server-gated via canAdminWorkspace.

Component additions:
- NEW workspace-members-invite-modal.js (~115 LOC). Mirrors
  workspace-rename-modal.js pattern (imperative open + listeners + close
  + esc/click-outside/enter). Two key differences: onSuccess callback
  instead of window.location.reload (allows targeted re-render of
  pending-invites section), and mapError callback so the parent's
  mapMutationError is the single regex-to-i18n source of truth (instead
  of duplicating in the modal).
- workspace-members.js: header invite button (can_admin gated), per-row
  affordances (role select + remove on direct members, cancel on invited
  rows, none on via_org rows), exported mapMutationError mapper,
  re-render on both success AND error for role-select to resync state
  when the server rejects.
- 4 api.js helpers (inviteWorkspaceMember, cancelWorkspaceInvite,
  updateWorkspaceMemberRole, removeWorkspaceMember).
- 24 i18n keys under members.modal.*, members.button.*,
  members.confirm.*, members.error.*, members.success.*
- CSS for .member-actions family (action buttons + role select + hover
  states).

UX decisions:
- Direct-member rows: role <select> replaces role text in same column;
  remove button right of detail
- via_org rows: no actions cell (server would 403; UI respects boundary)
- Invited rows: cancel button only (handoff rule was over-broad -
  cancel-invite IS a valid mutation on invited rows, refined during 2B
  survey)
- Role select fires on change, no Save button (matches teams.js pattern;
  mitigations for accidental clicks noted in handoff if reports come in)
- Mutations re-fetch + re-render rather than optimistic updates -
  simpler, no state-drift bugs, endpoints respond fast
- /invites endpoint skipped entirely when !can_admin (saves a request;
  server still enforces)

Verification: 21/21 Playwright assertions PASS across 6 cases (invite
happy path, invite collision, role change, remove member, last-admin
block, cancel invite). Test infrastructure stashed at
~/Documents/screentinker-2b-playwright-2026-05.py.

Closes P2 (user-management feature). Slice 1+3 backend landed c4fbd2b,
2A read-only view landed 8db171d, 2C accept-invite handler landed
399af54, 2B mutation UI landed here.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 14:45:34 -05:00

288 lines
12 KiB
JavaScript
Raw Blame History

// Workspace members view. Slice 2A established the read-only listing;
// slice 2B adds the mutation surface (invite modal + per-row role change /
// remove / cancel-invite) gated by can_admin from /me.
//
// Affordance rules (locked from 2A's CSS design, refined during 2B):
// - direct-member rows: role select + remove button
// - via_org rows: no actions (server would 403; access lives in org_members)
// - invited rows: cancel-invite button only (server returns 200)
// Server enforces all three boundaries; UI must match.
import { api } from '../api.js';
import { t } from '../i18n.js';
import { showToast } from '../components/toast.js';
import { openInviteMemberModal } from '../components/workspace-members-invite-modal.js';
export async function render(container, workspaceId) {
container.innerHTML = `
<div class="page-header">
<h1>${t('members.title')}</h1>
<div id="membersHeaderActions"></div>
</div>
<div id="workspaceMembersContent" style="color:var(--text-muted)">${t('members.loading')}</div>
`;
const content = document.getElementById('workspaceMembersContent');
const headerActions = document.getElementById('membersHeaderActions');
// Fetch members, invites, and /me (for can_admin) in parallel. /me is the
// source of truth for can_admin in THIS workspace - the same field the
// switcher uses to gate the members icon.
let members, meWorkspace;
try {
const [m, me] = await Promise.all([
api.getWorkspaceMembers(workspaceId),
api.getMe().catch(() => null),
]);
members = m;
meWorkspace = (me?.accessible_workspaces || []).find(w => w.id === workspaceId) || null;
} catch (err) {
const msg = err.message || '';
if (/Workspace access required|Workspace not found/.test(msg)) {
content.innerHTML = renderError(t('members.workspace_not_found'));
} else {
content.innerHTML = renderError(t('members.load_error', { error: esc(msg) }));
}
return;
}
const canAdmin = !!(meWorkspace && meWorkspace.can_admin);
const workspaceName = meWorkspace?.name || '';
// /invites is admin-only. Non-admins get 403; suppress silently. We could
// skip the call entirely when !canAdmin to save a request, but defending
// in depth: if /me drift ever leaves can_admin stale, the server still
// returns the right answer.
let invites = null;
if (canAdmin) {
try {
invites = await api.getWorkspaceInvites(workspaceId);
} catch (err) {
console.warn('getWorkspaceInvites failed:', err.message);
invites = null;
}
}
// Invite button - admin only, opens modal.
if (canAdmin) {
headerActions.innerHTML = `
<button class="btn btn-primary" id="inviteMemberBtn">${t('members.button.invite')}</button>
`;
document.getElementById('inviteMemberBtn').addEventListener('click', () => {
openInviteMemberModal({ id: workspaceId, name: workspaceName }, {
onSuccess: (result) => {
showToast(t('members.success.invite_sent', { email: result.email }), 'success');
render(container, workspaceId);
},
mapError: mapMutationError,
});
});
}
const direct = members.filter(m => !m.via_org);
const viaOrg = members.filter(m => m.via_org);
content.innerHTML = `
${renderSection({
titleKey: 'members.section.direct',
count: direct.length,
emptyKey: 'members.empty.members',
rows: direct.map(m => renderMemberRow(m, { showJoined: true, canAdmin })).join(''),
})}
${viaOrg.length > 0 ? renderSection({
titleKey: 'members.section.via_org',
count: viaOrg.length,
emptyKey: null,
rows: viaOrg.map(m => renderMemberRow(m, { showJoined: false, viaOrg: true, canAdmin })).join(''),
}) : ''}
${invites !== null ? renderSection({
titleKey: 'members.section.pending',
count: invites.length,
emptyKey: 'members.empty.invites',
rows: invites.map(inv => renderInviteRow(inv, { canAdmin })).join(''),
}) : ''}
`;
if (canAdmin) attachMutationHandlers(container, workspaceId);
}
function renderSection({ titleKey, count, emptyKey, rows }) {
const countLabel = count > 0
? `<span style="color:var(--text-muted);font-weight:400;font-size:13px"> (${count})</span>`
: '';
const body = (count === 0 && emptyKey)
? `<p style="color:var(--text-muted);font-size:13px">${t(emptyKey)}</p>`
: `<div class="members-list">${rows}</div>`;
return `
<div class="settings-section" style="margin-bottom:24px">
<h3 style="font-size:15px;margin-bottom:12px">${t(titleKey)}${countLabel}</h3>
${body}
</div>
`;
}
function renderMemberRow(m, opts = {}) {
const { showJoined = false, viaOrg = false, canAdmin = false } = opts;
const initial = ((m.name || m.email || '?')[0] || '?').toUpperCase();
const rightCell = viaOrg
? `<span class="member-via-org">${t('members.via_org_label')}</span>`
: (showJoined ? esc(formatDate(m.joined_at)) : '');
// Role cell: select for direct-member rows when canAdmin, plain text otherwise.
const roleCell = (canAdmin && !viaOrg)
? `<select class="member-role-select" data-member-id="${esc(m.user_id)}" aria-label="${esc(t('members.col.role'))}">
${WORKSPACE_ROLES.map(r => `<option value="${r}"${r === m.role ? ' selected' : ''}>${esc(t('members.role.' + r))}</option>`).join('')}
</select>`
: `<div class="member-role">${esc(t('members.role.' + m.role))}</div>`;
// Actions cell: remove on direct-member rows only when canAdmin.
const actionsCell = (canAdmin && !viaOrg)
? `<div class="member-actions">
<button class="member-action-btn member-action-btn--danger" type="button"
data-remove-member="${esc(m.user_id)}"
data-member-name="${esc(m.name || m.email)}"
aria-label="${esc(t('members.button.remove'))}"
title="${esc(t('members.button.remove'))}">${REMOVE_ICON}</button>
</div>`
: '';
return `
<div class="member-row${viaOrg ? ' member-row--via-org' : ''}">
<div class="member-avatar">${esc(initial)}</div>
<div class="member-meta">
<div class="member-name">${esc(m.name || m.email)}</div>
<div class="member-email">${esc(m.email)}</div>
</div>
${roleCell}
<div class="member-detail">${rightCell}</div>
${actionsCell}
</div>
`;
}
function renderInviteRow(inv, opts = {}) {
const { canAdmin = false } = opts;
const initial = ((inv.email || '?')[0] || '?').toUpperCase();
const invitedBy = inv.invited_by_email
? t('members.invited_by', { email: inv.invited_by_email })
: '';
const expires = t('members.expires_in', { when: formatDate(inv.expires_at) });
// Refined affordance rule: invited rows DO get one action - cancel.
const actionsCell = canAdmin
? `<div class="member-actions">
<button class="member-action-btn member-action-btn--danger" type="button"
data-cancel-invite="${esc(inv.id)}"
data-invite-email="${esc(inv.email)}"
aria-label="${esc(t('members.button.cancel_invite'))}"
title="${esc(t('members.button.cancel_invite'))}">${REMOVE_ICON}</button>
</div>`
: '';
return `
<div class="member-row member-row--invited">
<div class="member-avatar member-avatar--muted">${esc(initial)}</div>
<div class="member-meta">
<div class="member-name">
${esc(inv.email)}
<span class="member-badge">${t('members.invited_label')}</span>
</div>
<div class="member-email">${esc(invitedBy)}</div>
</div>
<div class="member-role">${esc(t('members.role.' + inv.role))}</div>
<div class="member-detail">${esc(expires)}</div>
${actionsCell}
</div>
`;
}
// Wire all mutation handlers after innerHTML write. Each handler: confirm
// (if destructive), call API, on success toast + re-render, on error toast
// + re-render (to revert UI state in case the failed mutation was an
// optimistic display - belt and suspenders).
function attachMutationHandlers(container, workspaceId) {
// Role change - fires on <select> change.
container.querySelectorAll('select[data-member-id]').forEach(sel => {
sel.addEventListener('change', async () => {
const userId = sel.dataset.memberId;
const newRole = sel.value;
try {
await api.updateWorkspaceMemberRole(workspaceId, userId, newRole);
showToast(t('members.success.role_changed'), 'success');
render(container, workspaceId);
} catch (err) {
showToast(mapMutationError(err), 'error');
render(container, workspaceId);
}
});
});
// Remove member - confirm then DELETE.
container.querySelectorAll('[data-remove-member]').forEach(btn => {
btn.addEventListener('click', async () => {
const userId = btn.dataset.removeMember;
const name = btn.dataset.memberName;
if (!confirm(t('members.confirm.remove_member', { name }))) return;
try {
await api.removeWorkspaceMember(workspaceId, userId);
showToast(t('members.success.member_removed', { name }), 'success');
render(container, workspaceId);
} catch (err) {
showToast(mapMutationError(err), 'error');
}
});
});
// Cancel pending invite - confirm then DELETE.
container.querySelectorAll('[data-cancel-invite]').forEach(btn => {
btn.addEventListener('click', async () => {
const inviteId = btn.dataset.cancelInvite;
const email = btn.dataset.inviteEmail;
if (!confirm(t('members.confirm.cancel_invite', { email }))) return;
try {
await api.cancelWorkspaceInvite(workspaceId, inviteId);
showToast(t('members.success.invite_cancelled'), 'success');
render(container, workspaceId);
} catch (err) {
showToast(mapMutationError(err), 'error');
}
});
});
}
// Map a backend mutation-error message to a translated user-facing string.
// Exported so the invite modal can reuse the same mapper (single source of
// truth - the "third regex mapper" per the slice 2A follow-up note;
// cumulative-debt cleanup tracked there).
//
// Order matters - most specific patterns first. Server message stability is
// the implicit contract; if the regex chain ever produces wrong matches,
// it's because server wording changed without updating this mapper.
export function mapMutationError(err) {
const msg = err?.message || '';
if (/rate limit/i.test(msg)) return t('members.error.rate_limit');
if (/already pending/i.test(msg)) return t('members.error.invite_exists');
if (/Cannot demote the last admin/i.test(msg)) return t('members.error.last_admin_demote');
if (/Cannot remove the last admin/i.test(msg)) return t('members.error.last_admin_remove');
if (/already a member/i.test(msg)) return t('members.error.already_member');
if (/Valid email required/i.test(msg)) return t('members.error.invalid_email');
if (/Cannot remove the organization owner/i.test(msg)) return t('members.error.org_owner_remove');
if (/Email send failed/i.test(msg)) return t('members.error.email_send_failed');
return t('members.error.mutation_generic', { error: msg });
}
function renderError(message) {
return `<div style="color:var(--danger);font-size:14px;padding:16px;background:var(--bg-input);border-radius:6px">${message}</div>`;
}
function formatDate(ts) {
if (!ts) return '';
return new Date(ts * 1000).toLocaleDateString(undefined, { month: 'short', day: 'numeric', year: 'numeric' });
}
function esc(s) {
return String(s ?? '').replace(/[&<>"']/g, c => ({ '&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;' }[c]));
}
const WORKSPACE_ROLES = ['workspace_admin', 'workspace_editor', 'workspace_viewer'];
const REMOVE_ICON = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>';
Reference in a new issue View git blame Copy permalink