feat: wip user permissions management

Author: aeltorio

README.md

@@ -44,7 +44,7 @@ The application is deployed on a CDN as a static SPA (Single Page Application).
 - A product is an item or service that is tested by a tester.
 - The seller is the person who sells the product.
 - Feedback is the opinion given by the tester about the product.
-<img width="1260" alt="Capture d’écran 2025-05-05 à 19 15 36" src="https://github.com/user-attachments/assets/f222c477-59ec-419d-987a-0a3276aa7412" />
+<img width="1260" alt="Statistics dashboard screenshots" src="https://github.com/user-attachments/assets/f222c477-59ec-419d-987a-0a3276aa7412" />
 
 ## Testing and Feedback Process
 

client/package-lock.json

@@ -35,6 +35,7 @@
     "@heroui/snippet": "^2.2.28",
     "@heroui/switch": "^2.2.24",
     "@heroui/system": "^2.4.23",
+    "@heroui/checkbox": "^2.2.24",
     "@heroui/table": "^2.2.27",
     "@heroui/theme": "^2.4.23",
     "@heroui/toast": "^2.0.17",
@@ -86,4 +87,4 @@
     "vite": "^7.2.2",
     "vite-tsconfig-paths": "^5.1.4"
   }
-}
+}

client/package.json

@@ -82,12 +82,12 @@ export const LoginButton: FC<{ text?: string }> = ({ text }) => {
 export const LoginLink: FC<{
   text?: string;
   color?:
-    | "primary"
-    | "foreground"
-    | "secondary"
-    | "success"
-    | "warning"
-    | "danger";
+  | "primary"
+  | "foreground"
+  | "secondary"
+  | "success"
+  | "warning"
+  | "danger";
 }> = ({ text, color }) => {
   const { isAuthenticated, loginWithRedirect } = useAuth0();
   const { t } = useTranslation();
@@ -185,12 +185,12 @@ interface LogoutLinkProps extends LogoutButtonProps {
    * Button color
    */
   color?:
-    | "primary"
-    | "foreground"
-    | "secondary"
-    | "success"
-    | "warning"
-    | "danger";
+  | "primary"
+  | "foreground"
+  | "secondary"
+  | "success"
+  | "warning"
+  | "danger";
 }
 /**
  * Renders a logout link for Auth0 authentication.
@@ -572,6 +572,209 @@ export const useSecuredApi = () => {
     postJson,
     deleteJson,
     hasPermission,
+    // Auth0 Management helpers
+    getAuth0ManagementToken: async () => {
+      try {
+        const tokenResp = await postJson(
+          `${import.meta.env.API_BASE_URL}/__auth0/token`,
+          {},
+        );
+        return tokenResp;
+      } catch (error) {
+        console.error("Failed to get Auth0 management token:", error);
+        throw error;
+      }
+    },
+    listAuth0Users: async (managementToken: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users?per_page=100`,
+          {
+            method: "GET",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to list Auth0 users:", error);
+        throw error;
+      }
+    },
+    listAuth0Roles: async (managementToken: string) => {
+      try {
+        const resp = await fetch(`https://${import.meta.env.AUTH0_DOMAIN}/api/v2/roles`, {
+          method: "GET",
+          headers: {
+            Authorization: `Bearer ${managementToken}`,
+            "Content-Type": "application/json",
+          },
+        });
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to list Auth0 roles:", error);
+        throw error;
+      }
+    },
+    getUserRoles: async (managementToken: string, userId: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users/${encodeURIComponent(userId)}/roles`,
+          {
+            method: "GET",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to get user roles:", error);
+        throw error;
+      }
+    },
+    addUserToRole: async (managementToken: string, roleId: string, userId: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/roles/${encodeURIComponent(roleId)}/users`,
+          {
+            method: "POST",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify({ users: [userId] }),
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to add user to role:", error);
+        throw error;
+      }
+    },
+    removeUserFromRole: async (managementToken: string, roleId: string, userId: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/roles/${encodeURIComponent(roleId)}/users`,
+          {
+            method: "DELETE",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify({ users: [userId] }),
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to remove user from role:", error);
+        throw error;
+      }
+    },
+    patchAuth0User: async (managementToken: string, userId: string, body: any) => {
+      try {
+        const resp = await fetch(`https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users/${encodeURIComponent(userId)}`, {
+          method: "PATCH",
+          headers: {
+            Authorization: `Bearer ${managementToken}`,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify(body),
+        });
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to patch Auth0 user:", error);
+        throw error;
+      }
+    },
+    deleteAuth0User: async (managementToken: string, userId: string) => {
+      try {
+        const resp = await fetch(`https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users/${encodeURIComponent(userId)}`, {
+          method: "DELETE",
+          headers: {
+            Authorization: `Bearer ${managementToken}`,
+            "Content-Type": "application/json",
+          },
+        });
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to delete Auth0 user:", error);
+        throw error;
+      }
+    },
+    getUserPermissions: async (managementToken: string, userId: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users/${encodeURIComponent(userId)}/permissions`,
+          {
+            method: "GET",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to get user permissions:", error);
+        throw error;
+      }
+    },
+    addPermissionToUser: async (managementToken: string, userId: string, permissionName: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users/${encodeURIComponent(userId)}/permissions`,
+          {
+            method: "POST",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+              permissions: [
+                {
+                  resource_server_identifier: import.meta.env.AUTH0_AUDIENCE,
+                  permission_name: permissionName,
+                },
+              ],
+            }),
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to add permission to user:", error);
+        throw error;
+      }
+    },
+    removePermissionFromUser: async (managementToken: string, userId: string, permissionName: string) => {
+      try {
+        const resp = await fetch(
+          `https://${import.meta.env.AUTH0_DOMAIN}/api/v2/users/${encodeURIComponent(userId)}/permissions`,
+          {
+            method: "DELETE",
+            headers: {
+              Authorization: `Bearer ${managementToken}`,
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+              permissions: [
+                {
+                  resource_server_identifier: import.meta.env.AUTH0_AUDIENCE,
+                  permission_name: permissionName,
+                },
+              ],
+            }),
+          },
+        );
+        return await resp.json();
+      } catch (error) {
+        console.error("Failed to remove permission from user:", error);
+        throw error;
+      }
+    },
   };
 };
 

client/src/components/auth0.tsx

@@ -6,6 +6,7 @@ import AddNewUser from "@/pages/add-new-user";
 import OldestReadyToRefundPage from "@/pages/oldest-ready-to-refund";
 import ManageDatabasePage from "@/pages/manage-database";
 import StatsPage from "@/pages/stats";
+import UsersAndPermissionsPage from "@/pages/users-and-permissions";
 
 export const siteConfig = () => {
   const t = i18next.t;
@@ -70,6 +71,12 @@ export const siteConfig = () => {
         permission: import.meta.env.BACKUP_PERMISSION,
         component: ManageDatabasePage,
       },
+      {
+        label: i18next.t("users-and-permissions"),
+        href: "/users-and-permissions",
+        permission: import.meta.env.ADMIN_AUTH0_PERMISSION,
+        component: UsersAndPermissionsPage,
+      }
     ],
     links: {
       github: "https://github.com/sctg-development/feedback-flow",

client/src/config/site.ts

@@ -247,5 +247,6 @@
   "feedback-text": "نص التعليق",
   "publication-date": "تاريخ النشر",
   "publication-screenshot": "إثبات النشر",
-  "order-date": "تاريخ الطلب"
-}
+  "order-date": "تاريخ الطلب",
+  "users-and-permissions": "المستخدمون والأذونات"
+}

client/src/locales/base/ar-SA.json

@@ -247,5 +247,6 @@
   "feedback-text": "Feedback Text",
   "publication-date": "Publication Date",
   "publication-screenshot": "Publication Proof",
-  "order-date": "Order date"
-}
+  "order-date": "Order date",
+  "users-and-permissions": "Users and permissions"
+}

client/src/locales/base/en-US.json

@@ -247,5 +247,6 @@
   "feedback-text": "Texto del comentario",
   "publication-date": "Fecha de publicación",
   "publication-screenshot": "Prueba de publicación",
-  "order-date": "fecha de pedido"
-}
+  "order-date": "fecha de pedido",
+  "users-and-permissions": "Usuarios y permisos"
+}

client/src/locales/base/es-ES.json

@@ -247,5 +247,6 @@
   "feedback-text": "Texte du commentaire",
   "publication-date": "Date de publication",
   "publication-screenshot": "Preuve de publication",
-  "order-date": "Date de commande"
-}
+  "order-date": "Date de commande",
+  "users-and-permissions": "Utilisateurs et autorisations"
+}

client/src/locales/base/fr-FR.json

@@ -247,5 +247,6 @@
   "feedback-text": "טקסט המשוב",
   "publication-date": "תאריך הפרסום",
   "publication-screenshot": "הוכחת פרסום",
-  "order-date": "תאריך הזמנה"
-}
+  "order-date": "תאריך הזמנה",
+  "users-and-permissions": "משתמשים והרשאות"
+}