Fix project detail milestones fetch + reset-apikey UI

- Fix: ProjectDetailPage now uses /projects/{id}/milestones instead of /milestones?project_id={code} (fixes 422) - Add: Reset API Key button on UsersPage with permission-based visibility - Add: One-time key display with copy-to-clipboard - Protect admin and acc-mgr accounts from deletion in UI
2026-03-22 05:39:12 +00:00
parent 4fc120f595
commit ce07ee9021
2 changed files with 58 additions and 3 deletions
--- a/src/pages/ProjectDetailPage.tsx
+++ b/src/pages/ProjectDetailPage.tsx
@@ -26,7 +26,7 @@ export default function ProjectDetailPage() {
  const fetchProject = () => {
    api.get<Project>(`/projects/${id}`).then(({ data }) => setProject(data))
    api.get<ProjectMember[]>(`/projects/${id}/members`).then(({ data }) => setMembers(data))
-    api.get<Milestone[]>(`/milestones?project_id=${id}`).then(({ data }) => setMilestones(data))
+    api.get<Milestone[]>(`/projects/${id}/milestones`).then(({ data }) => setMilestones(data))
  }

  useEffect(() => {
--- a/src/pages/UsersPage.tsx
+++ b/src/pages/UsersPage.tsx
@@ -9,6 +9,11 @@ interface RoleOption {
  description?: string | null
 }

+interface ApiKeyPerms {
+  can_reset_self: boolean
+  can_reset_any: boolean
+}
+
 export default function UsersPage() {
  const { user } = useAuth()
  const isAdmin = user?.is_admin === true
@@ -19,6 +24,8 @@ export default function UsersPage() {
  const [saving, setSaving] = useState(false)
  const [message, setMessage] = useState('')
  const [selectedId, setSelectedId] = useState<number | null>(null)
+  const [apikeyPerms, setApikeyPerms] = useState<ApiKeyPerms>({ can_reset_self: false, can_reset_any: false })
+  const [generatedApiKey, setGeneratedApiKey] = useState<string | null>(null)

  const [createForm, setCreateForm] = useState({
    username: '',
@@ -51,6 +58,7 @@ export default function UsersPage() {

  useEffect(() => {
    if (!selectedUser) return
+    setGeneratedApiKey(null)
    setEditForm({
      email: selectedUser.email,
      full_name: selectedUser.full_name || '',
@@ -71,10 +79,12 @@ export default function UsersPage() {

  const fetchData = async () => {
    try {
-      const [usersRes, rolesRes] = await Promise.all([
+      const [usersRes, rolesRes, apikeyRes] = await Promise.all([
        api.get<User[]>('/users'),
        api.get<RoleOption[]>('/roles'),
+        api.get<ApiKeyPerms>('/auth/me/apikey-permissions').catch(() => ({ data: { can_reset_self: false, can_reset_any: false } })),
      ])
+      setApikeyPerms(apikeyRes.data)
      const assignableRoles = rolesRes.data
        .filter((role) => role.name !== 'admin')
        .sort((a, b) => a.name.localeCompare(b.name))
@@ -152,6 +162,29 @@ export default function UsersPage() {
    }
  }

+  const canResetApiKey = (targetUser: User) => {
+    if (apikeyPerms.can_reset_any) return true
+    if (apikeyPerms.can_reset_self && targetUser.id === user?.id) return true
+    return false
+  }
+
+  const handleResetApiKey = async () => {
+    if (!selectedUser) return
+    if (!confirm(`Reset API key for ${selectedUser.username}? The old key will be deactivated.`)) return
+    setSaving(true)
+    setMessage('')
+    setGeneratedApiKey(null)
+    try {
+      const { data } = await api.post(`/users/${selectedUser.id}/reset-apikey`)
+      setGeneratedApiKey(data.api_key)
+      setMessage('API key reset successfully. Copy it now — it will not be shown again.')
+    } catch (err: any) {
+      setMessage(err.response?.data?.detail || 'Failed to reset API key')
+    } finally {
+      setSaving(false)
+    }
+  }
+
  const handleDeleteUser = async () => {
    if (!selectedUser) return
    if (!confirm(`Delete user ${selectedUser.username}? This cannot be undone.`)) return
@@ -274,7 +307,7 @@ export default function UsersPage() {
                  <button className="btn-primary" disabled={saving} onClick={handleSaveUser}>
                    {saving ? 'Saving...' : 'Save Changes'}
                  </button>
-                  <button className="btn-danger" disabled={saving || user?.id === selectedUser.id} onClick={handleDeleteUser}>
+                  <button className="btn-danger" disabled={saving || user?.id === selectedUser.id || selectedUser.is_admin || selectedUser.username === 'acc-mgr'} onClick={handleDeleteUser}>
                    Delete
                  </button>
                </div>
@@ -326,6 +359,28 @@ export default function UsersPage() {
                    Active
                  </label>
                </div>
+
+                {canResetApiKey(selectedUser) && (
+                  <div style={{ marginTop: '8px', padding: '12px', border: '1px solid var(--border)', borderRadius: '8px' }}>
+                    <div style={{ fontWeight: 600, marginBottom: '10px' }}>API Key</div>
+                    <button className="btn-secondary" disabled={saving} onClick={handleResetApiKey}>
+                      🔑 Reset API Key
+                    </button>
+                    {generatedApiKey && (
+                      <div style={{ marginTop: 10, padding: '10px', background: 'rgba(16,185,129,.08)', border: '1px solid rgba(16,185,129,.35)', borderRadius: '6px', wordBreak: 'break-all', fontFamily: 'monospace', fontSize: '13px' }}>
+                        <div style={{ marginBottom: 6, fontWeight: 600, fontFamily: 'inherit' }}>New API Key (copy now!):</div>
+                        <code>{generatedApiKey}</code>
+                        <button
+                          className="btn-sm"
+                          style={{ marginLeft: 8 }}
+                          onClick={() => { navigator.clipboard.writeText(generatedApiKey); setMessage('API key copied to clipboard') }}
+                        >
+                          📋 Copy
+                        </button>
+                      </div>
+                    )}
+                  </div>
+                )}
              </div>
            </>
          ) : (