Build 2602261717: master invite policy and self-service invite controls

2026-02-26 17:18:40 +13:00
parent 23c57da3cc
commit 6a5d2c4310
10 changed files with 844 additions and 157 deletions
--- a/frontend/app/users/[id]/page.tsx
+++ b/frontend/app/users/[id]/page.tsx
@@ -25,6 +25,7 @@ type AdminUser = {
  last_login_at?: string | null
  is_blocked?: boolean
  auto_search_enabled?: boolean
+  invite_management_enabled?: boolean
  jellyseerr_user_id?: number | null
  profile_id?: number | null
  expires_at?: string | null
@@ -240,6 +241,30 @@ export default function UserDetailPage() {
    }
  }

+  const updateInviteManagementEnabled = async (enabled: boolean) => {
+    if (!user) return
+    try {
+      setActionStatus(null)
+      const baseUrl = getApiBase()
+      const response = await authFetch(
+        `${baseUrl}/admin/users/${encodeURIComponent(user.username)}/invite-access`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ enabled }),
+        }
+      )
+      if (!response.ok) {
+        throw new Error('Update failed')
+      }
+      await loadUser()
+      setActionStatus(`Invite management ${enabled ? 'enabled' : 'disabled'} for this user.`)
+    } catch (err) {
+      console.error(err)
+      setError('Could not update invite access.')
+    }
+  }
+
  const applyProfileToUser = async (profileOverride?: string | null) => {
    if (!user) return
    const profileValue = profileOverride ?? profileSelection
@@ -539,6 +564,15 @@ export default function UserDetailPage() {
                    />
                    <span>Allow auto search/download</span>
                  </label>
+                  <label className="toggle">
+                    <input
+                      type="checkbox"
+                      checked={Boolean(user.invite_management_enabled ?? false)}
+                      disabled={user.role === 'admin'}
+                      onChange={(event) => updateInviteManagementEnabled(event.target.checked)}
+                    />
+                    <span>Allow self-service invites</span>
+                  </label>
                  <button
                    type="button"
                    className="ghost-button"
@@ -571,7 +605,7 @@ export default function UserDetailPage() {
                  </div>
                  {user.role === 'admin' && (
                    <div className="user-detail-helper">
-                      Admins always have auto search/download access.
+                      Admins always have auto search/download and invite-management access.
                    </div>
                  )}
                </div>