Build 2602261605: invite trace and cross-system user lifecycle

2026-02-26 16:06:09 +13:00
parent bd3c0bdade
commit 1b1a3e233b
13 changed files with 976 additions and 16 deletions
--- a/frontend/app/users/[id]/page.tsx
+++ b/frontend/app/users/[id]/page.tsx
@@ -29,8 +29,24 @@ type AdminUser = {
  profile_id?: number | null
  expires_at?: string | null
  is_expired?: boolean
+  invited_by_code?: string | null
+  invited_at?: string | null
 }

+type UserLineage = {
+  invite_code?: string | null
+  invited_by?: string | null
+  invite?: {
+    id?: number
+    code?: string
+    label?: string | null
+    created_by?: string | null
+    created_at?: string | null
+    enabled?: boolean
+    is_usable?: boolean
+  } | null
+} | null
+
 type UserProfileOption = {
  id: number
  name: string
@@ -85,7 +101,9 @@ export default function UserDetailPage() {
  const [expiryInput, setExpiryInput] = useState('')
  const [savingProfile, setSavingProfile] = useState(false)
  const [savingExpiry, setSavingExpiry] = useState(false)
+  const [systemActionBusy, setSystemActionBusy] = useState(false)
  const [actionStatus, setActionStatus] = useState<string | null>(null)
+  const [lineage, setLineage] = useState<UserLineage>(null)

  const loadProfiles = async () => {
    try {
@@ -138,6 +156,7 @@ export default function UserDetailPage() {
      const nextUser = data?.user ?? null
      setUser(nextUser)
      setStats(normalizeStats(data?.stats))
+      setLineage((data?.lineage ?? null) as UserLineage)
      setProfileSelection(
        nextUser?.profile_id == null || Number.isNaN(Number(nextUser?.profile_id))
          ? ''
@@ -315,6 +334,59 @@ export default function UserDetailPage() {
    }
  }

+  const runSystemAction = async (action: 'ban' | 'unban' | 'remove') => {
+    if (!user) return
+    if (action === 'remove') {
+      const confirmed = window.confirm(
+        `Remove ${user.username} from Magent and external systems? This is destructive.`
+      )
+      if (!confirmed) return
+    }
+    if (action === 'ban') {
+      const confirmed = window.confirm(
+        `Ban ${user.username} across systems and disable invites they created?`
+      )
+      if (!confirmed) return
+    }
+    setSystemActionBusy(true)
+    setError(null)
+    setActionStatus(null)
+    try {
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/system-action`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ action }),
+        }
+      )
+      const text = await response.text()
+      let data: any = null
+      try {
+        data = text ? JSON.parse(text) : null
+      } catch {
+        data = null
+      }
+      if (!response.ok) {
+        throw new Error(data?.detail || text || 'Cross-system action failed')
+      }
+      const state = data?.status === 'partial' ? 'partial' : 'complete'
+      if (action === 'remove') {
+        setActionStatus(`User removed (${state}).`)
+        router.push('/users')
+        return
+      }
+      await loadUser()
+      setActionStatus(`${action === 'ban' ? 'Ban' : 'Unban'} completed (${state}).`)
+    } catch (err) {
+      console.error(err)
+      setError(err instanceof Error ? err.message : 'Could not run cross-system action.')
+    } finally {
+      setSystemActionBusy(false)
+    }
+  }
+
  useEffect(() => {
    if (!getToken()) {
      router.push('/login')
@@ -378,6 +450,14 @@ export default function UserDetailPage() {
                    <span className="label">Assigned profile</span>
                    <strong>{user.profile_id ?? 'None'}</strong>
                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Invited by</span>
+                    <strong>{lineage?.invited_by || 'Direct / unknown'}</strong>
+                  </div>
+                  <div className="user-detail-meta-item">
+                    <span className="label">Invite code used</span>
+                    <strong>{lineage?.invite_code || user.invited_by_code || 'None'}</strong>
+                  </div>
                  <div className="user-detail-meta-item">
                    <span className="label">Last login</span>
                    <strong>{formatDateTime(user.last_login_at)}</strong>
@@ -463,9 +543,32 @@ export default function UserDetailPage() {
                    type="button"
                    className="ghost-button"
                    onClick={() => toggleUserBlock(!user.is_blocked)}
+                    disabled={systemActionBusy}
                  >
                    {user.is_blocked ? 'Allow access' : 'Block access'}
                  </button>
+                  <div className="admin-inline-actions">
+                    <button
+                      type="button"
+                      className="ghost-button"
+                      onClick={() => void runSystemAction(user.is_blocked ? 'unban' : 'ban')}
+                      disabled={systemActionBusy}
+                    >
+                      {systemActionBusy
+                        ? 'Working...'
+                        : user.is_blocked
+                        ? 'Unban everywhere'
+                        : 'Ban everywhere'}
+                    </button>
+                    <button
+                      type="button"
+                      className="ghost-button"
+                      onClick={() => void runSystemAction('remove')}
+                      disabled={systemActionBusy}
+                    >
+                      Remove everywhere
+                    </button>
+                  </div>
                  {user.role === 'admin' && (
                    <div className="user-detail-helper">
                      Admins always have auto search/download access.