Created update button for workspace settings -- these include TIMEZONE and WORKSPACE NAME

2026-05-12 09:42:03 +09:30
parent 62d431818a
commit 60a1cf1b67
8 changed files with 112 additions and 14 deletions
@@ -66,6 +66,7 @@
 15. **Real Login Authentication:** Fixed a security bug where the login screen accepted any password. Bound the input to component state and implemented proper 401 handling with inline error messaging.
 16. **Network Hardening:** Configured the frontend to use a relative `/api` path, allowing the FastAPI backend to be completely shielded behind an Nginx SSL reverse proxy on `127.0.0.1`. No internal ports are now exposed to the public internet.
 17. **API Authentication Enforcement:** Fixed a security vulnerability where API endpoints were publicly accessible without a token. Implemented the `get_current_user` dependency in `backend/auth.py` and applied it to all sensitive routes. Accessing `/tasks`, `/users`, etc. now strictly requires a valid JWT Bearer token.
 18. **Persistent Workspace Settings:** Added a `Workspace` database model and API endpoints (`GET /workspace`, `PATCH /workspace`) to track global settings. Added an "Update workspace" button to the Settings UI, allowing Admins to persist changes to the Workspace Name and Timezone across the entire dashboard.
 ### Phase 3: Advanced Features
 - **Real-time Notifications:** Explore WebSockets for task assignments.
@@ -66,6 +66,19 @@ class ApiService {
    return this.request('/users');
  }
  async getWorkspace() {
    return this.request('/workspace');
  }
  async updateWorkspace(updates) {
    const data = await this.request('/workspace', {
      method: 'PATCH',
      body: JSON.stringify(updates),
    });
    this.notify();
    return data;
  }
  async createUser(userData) {
    const data = await this.request('/users', {
      method: 'POST',
@@ -10,7 +10,7 @@ const TWEAK_DEFAULTS = /*EDITMODE-BEGIN*/{
 const ACCENTS = ['#2A6FDB', '#1F8A5B', '#D97757', '#7A5AF8'];
 function useApiData(authed) {
-  const [data, setData] = React.useState({ tasks: [], users: [], audit: [] });
+  const [data, setData] = React.useState({ tasks: [], users: [], audit: [], workspace: null });
  const [loading, setLoading] = React.useState(true);
  React.useEffect(() => {
@@ -19,13 +19,14 @@ function useApiData(authed) {
    let mounted = true;
    const load = async () => {
      try {
-        const [tasks, users, audit] = await Promise.all([
+        const [tasks, users, audit, workspace] = await Promise.all([
          api.getTasks(),
          api.getUsers(),
-          api.getAudit()
+          api.getAudit(),
          api.getWorkspace()
        ]);
        if (mounted) {
-          setData({ tasks, users, audit });
+          setData({ tasks, users, audit, workspace });
          setLoading(false);
        }
      } catch (e) {
@@ -55,7 +56,7 @@ function App() {
    return 'rod';
  });
-  const { tasks, users: dbUsers, audit, loading } = useApiData(authed);
+  const { tasks, users: dbUsers, audit, workspace, loading } = useApiData(authed);
  const [tab, setTab] = React.useState('overview');
  React.useEffect(() => {
@@ -76,7 +77,7 @@ function App() {
  ]);
  if (!authed) {
-    return <LoginScreen dbUsers={dbUsers} onLogin={async (id, pwd) => {
+    return <LoginScreen dbUsers={dbUsers} workspace={workspace} onLogin={async (id, pwd) => {
      await api.login(id, pwd);
      setMeId(id);
      setAuthed(true);
@@ -211,6 +212,7 @@ function App() {
        onAdd={() => setAdding(meId)}
        onLogs={() => setShowLogs(true)}
        onProfile={() => setShowSettings(true)}
        workspace={workspace}
      />
      <HeadsUp items={headsUp} onDismiss={dismissHU} onOpenTask={openTaskFromAnywhere} />
@@ -308,6 +310,15 @@ function App() {
            await api.changePassword(meId, oldPwd, newPwd);
            await api.addAudit({ actor: meId, action: 'password_changed', summary: 'Updated password', target: meId });
          }}
          workspace={workspace}
          onUpdateWorkspace={async (edits) => {
            try {
              await api.updateWorkspace(edits);
              await api.addAudit({ actor: meId, action: 'workspace_updated', summary: 'Updated workspace settings', target: null });
            } catch(e) {
              alert("Failed to update workspace: " + e.message);
            }
          }}
        />
      )}
@@ -147,6 +147,34 @@ def delete_task(task_id: str, db: Session = Depends(get_db), current_user: model
    db.delete(db_task)
    db.commit()
    return {"message": "Task deleted"}
@app.get("/workspace", response_model=schemas.Workspace)
 def read_workspace(db: Session = Depends(get_db), current_user: models.User = Depends(auth.get_current_user)):
    ws = db.query(models.Workspace).first()
    if not ws:
        ws = models.Workspace(id="default", name="murchison-auto", timezone="Pacific/Auckland")
        db.add(ws)
        db.commit()
        db.refresh(ws)
    return ws
@app.patch("/workspace", response_model=schemas.Workspace)
 def update_workspace(ws_update: schemas.WorkspaceUpdate, db: Session = Depends(get_db), current_user: models.User = Depends(auth.get_current_user)):
    if current_user.account_type != "admin":
        raise HTTPException(status_code=403, detail="Not enough permissions")
    ws = db.query(models.Workspace).first()
    if not ws:
        ws = models.Workspace(id="default", name="murchison-auto", timezone="Pacific/Auckland")
        db.add(ws)
    update_data = ws_update.dict(exclude_unset=True)
    for key, value in update_data.items():
        setattr(ws, key, value)
    db.commit()
    db.refresh(ws)
    return ws
@app.get("/audit", response_model=List[schemas.AuditLog])
 def read_audit(db: Session = Depends(get_db), current_user: models.User = Depends(auth.get_current_user)):
    return db.query(models.AuditLog).order_by(models.AuditLog.at.desc()).all()
@@ -82,3 +82,10 @@ class Session(Base):
    device = Column(String, nullable=False)
    location = Column(String)
    last_active = Column(DateTime(timezone=True), server_default=func.now())
 class Workspace(Base):
    __tablename__ = "workspace"
    id = Column(String, primary_key=True)
    name = Column(String, nullable=False)
    timezone = Column(String, nullable=False, default="Pacific/Auckland")
@@ -112,6 +112,19 @@ class Session(SessionBase):
    class Config:
        from_attributes = True
 class WorkspaceBase(BaseModel):
    name: str
    timezone: str
 class WorkspaceUpdate(BaseModel):
    name: Optional[str] = None
    timezone: Optional[str] = None
 class Workspace(WorkspaceBase):
    id: str
    class Config:
        from_attributes = True
 class Token(BaseModel):
    access_token: str
    token_type: str
@@ -1,6 +1,6 @@
 // Screens for Dashy
-function LoginScreen({ onLogin, dbUsers = [] }) {
+function LoginScreen({ onLogin, dbUsers = [], workspace }) {
  const [pickedId, setPickedId] = React.useState('rod');
  const [password, setPassword] = React.useState('');
  const [error, setError] = React.useState('');
@@ -28,7 +28,7 @@ function LoginScreen({ onLogin, dbUsers = [] }) {
          <span className="login__wordmark">Dashy</span>
        </div>
        <h1 className="login__title">Pick up where you left off.</h1>
-        <p className="login__sub">Sign in to your team workspace · <span className="mono">murchison-auto</span></p>
+        <p className="login__sub">Sign in to your team workspace · <span className="mono">{workspace ? workspace.name : 'loading…'}</span></p>
        <div className="login__users">
          {dbUsers.map(u => (
@@ -106,13 +106,13 @@ function BrandMark({ size = 22 }) {
  );
 }
-function TopBar({ me, dbUsers = [], isAdmin, tab, setTab, onAdd, onLogs, onLogout, onProfile }) {
+function TopBar({ me, dbUsers = [], isAdmin, tab, setTab, onAdd, onLogs, onLogout, onProfile, workspace }) {
  return (
    <header className="topbar">
      <div className="topbar__left">
        <span className="topbar__brand"><BrandMark /><span>Dashy</span></span>
        <span className="topbar__divider" />
-        <span className="topbar__workspace">murchison-auto</span>
+        <span className="topbar__workspace">{workspace ? workspace.name : 'loading…'}</span>
      </div>
      <nav className="tabs" role="tablist">
@@ -682,7 +682,7 @@ function FilterChip({ on, onClick, children }) {
  );
 }
-function SettingsScreen({ user, dbUsers, isAdmin, onClose, onSave, onLogout, onSwitchUser, onCreateUser, onDeleteUser, onUpdateUserRole, onChangePassword }) {
+function SettingsScreen({ user, dbUsers, isAdmin, onClose, onSave, onLogout, onSwitchUser, onCreateUser, onDeleteUser, onUpdateUserRole, onChangePassword, workspace, onUpdateWorkspace }) {
  const [name, setName] = React.useState(user.name);
  const [role, setRole] = React.useState(user.role);
  const [photo, setPhoto] = React.useState(user.photo || null);
@@ -887,6 +887,8 @@ function SettingsScreen({ user, dbUsers, isAdmin, onClose, onSave, onLogout, onS
              onCreateUser={onCreateUser}
              onDeleteUser={onDeleteUser}
              onUpdateUserRole={onUpdateUserRole}
              workspace={workspace}
              onUpdateWorkspace={onUpdateWorkspace}
            />
          )}
        </div>
@@ -907,13 +909,21 @@ function ToggleRow({ label, defaultOn = false }) {
  );
 }
-function WorkspaceTab({ user, isAdmin, dbUsers = [], onSwitchUser, onCreateUser, onDeleteUser, onUpdateUserRole }) {
+function WorkspaceTab({ user, isAdmin, dbUsers = [], onSwitchUser, onCreateUser, onDeleteUser, onUpdateUserRole, workspace, onUpdateWorkspace }) {
  const [adding, setAdding] = React.useState(false);
  const [newName, setNewName] = React.useState('');
  const [newRole, setNewRole] = React.useState('');
  const [newType, setNewType] = React.useState('standard');
-  const [wsName, setWsName] = React.useState('murchison-auto');
+  const [wsName, setWsName] = React.useState(workspace ? workspace.name : '');
-  const [wsTz, setWsTz] = React.useState('Pacific/Auckland');
+  const [wsTz, setWsTz] = React.useState(workspace ? workspace.timezone : '');
  const [wsSaved, setWsSaved] = React.useState(false);
  React.useEffect(() => {
    if (workspace) {
      setWsName(workspace.name);
      setWsTz(workspace.timezone);
    }
  }, [workspace]);
  const submit = () => {
    if (!newName.trim()) return;
@@ -921,6 +931,14 @@ function WorkspaceTab({ user, isAdmin, dbUsers = [], onSwitchUser, onCreateUser,
    setNewName(''); setNewRole(''); setNewType('standard'); setAdding(false);
  };
  const handleUpdateWorkspace = async () => {
    await onUpdateWorkspace({ name: wsName, timezone: wsTz });
    setWsSaved(true);
    setTimeout(() => setWsSaved(false), 2000);
  };
  const wsDirty = workspace && (wsName !== workspace.name || wsTz !== workspace.timezone);
  return (
    <>
      <h3 className="settings__h">Switch user</h3>
@@ -1019,6 +1037,13 @@ function WorkspaceTab({ user, isAdmin, dbUsers = [], onSwitchUser, onCreateUser,
          <input className="field__input" value={wsTz} onChange={e => setWsTz(e.target.value)} disabled={!isAdmin} />
        </label>
      </div>
      {isAdmin && (
        <div className="settings__save-row" style={{ marginTop: '1rem' }}>
          {wsSaved && <span className="settings__saved mono"><Icon.Check /> Saved</span>}
          <button className="btn btn--ghost" onClick={() => { setWsName(workspace.name); setWsTz(workspace.timezone); }} disabled={!wsDirty}>Discard</button>
          <button className="btn btn--primary" onClick={handleUpdateWorkspace} disabled={!wsDirty}>Update workspace</button>
        </div>
      )}
    </>
  );
 }