admin/users table with update-claims #242 #325
Conversation
There was a problem hiding this comment.
Awesome work! Looking great. Added some comments, let me know if you'd like to further discuss anything.
For the style, I think the individual pages look great. Not sure how best to layout the main admin page. Could be good to sync with Nat and see if he has some input. A sidebar similar to the profile would be great, though not sure it'd work well with a table.
Re: the roles - sorry not quite understanding. Do you mean that we're not validating which roles are available to use as the claims?
| const updateClaim = useCallback(async () => { | ||
| // show in UI before it goes through | ||
| setChecked(!checked) | ||
| const updatedClaims = await adminService.updateClaims( | ||
| user.externalId, | ||
| role.id, | ||
| !checked | ||
| ) | ||
| // Then update with server-side result | ||
| setChecked(updatedClaims.claims.includes(role.id)) | ||
| }, [checked]) |
There was a problem hiding this comment.
It'd be nice to have a confirmation warning when you change the value. Wondering if a dropdown or something more intentional may work well - just concerned with accidental clicks. Though a warning would hopefully prevent that also. Also, there may be additional roles down the road, so a dropdown could be more flexible, but also that hasn't been discussed and may not be needed. Curious to hear what you think on that.
There was a problem hiding this comment.
I'd recommend just using window.confirm until we have our own confirmation component/context built.
There was a problem hiding this comment.
For now as window.confirm. Will move to dropdown if y'all prefer.
Will also pull the PR changes to this repo if all's kosher; just realized I made those on another project
Edited comment from @lefnire
| } catch { | ||
| throw new BadRequest('Unable to set claims') | ||
| } | ||
| const firebaseUser = await admin.auth().getUser(userExternalId) |
There was a problem hiding this comment.
Perhaps we should add a check to see if the user is editing their own account, here and/or in the UI, since that probably should be prevented.
| const submitSearch = useCallback( | ||
| debounce((value) => { | ||
| setSearchDebounced(value) | ||
| }, 200), | ||
| [] | ||
| ) |
There was a problem hiding this comment.
The search works great currently, but wondering if it's worth adding a new library. We could wait until the search term is submitted, or possibly build a similar utility ourselves. Curious how others feel though.
There was a problem hiding this comment.
Cool cool, I'll follow y'all's lead. With lodash.get in there, would we be interested in just lodash - since I'm adding lodash.debounce? Lotsa handies in Lodash. And we'd just double-ensure tree-shaking (eg npm i lodash-es, or import x from 'lodash/x') so no added bloat
There was a problem hiding this comment.
I'm not really familiar with all the different tools lodash offers, but open to it if it seemed worthwhile, though I'm not sure it's needed to add for this purpose. @smonn Did you had lodash originally? Do you think this would be a benefit to the application?
There was a problem hiding this comment.
If we can ensure lodash doesn't bloat our JS bundle too much I'm okay with adding some utilities from there. Check output sizes for the web project before and after referencing it.
From my experience though, lodash haven't always played well with tree-shaking features and importing just a single module gives you a lot more than you bargained for. There's also a risk a future developer that is less familiar with these concepts imports all of lodash, if we allow it here.
There was a problem hiding this comment.
While on the subject of bundle sizes, assuming you use VS Code, I recommend this extension: https://marketplace.visualstudio.com/items?itemName=wix.vscode-import-cost
There was a problem hiding this comment.
@smonn that's an awesome extension! I'll install it asap
There was a problem hiding this comment.
GTK on destructuring, looks good if direct lodash import. Also verified I wasn't tripping with icons [1]. This plugin will be a boon, glad you pointed it out. You never know which modules handle restructuring well, and it's a PITA to direct-import every little thing.
[1] actually, getting different results in PyCharm's Import Cost. Will investigate some on how these extensions shake out via Next.js Bundle Analyzer
There was a problem hiding this comment.
Here's w lodash.get/debounce -> lodash (plain) + tree-shook imports. More than happy to not do this route btw, and just add "search" button
|
Thanks for the review @dallashuggins! I'll tackle these bits.
Just mean that currently (AFAIK), Firebase custom claims is synonymous with Roles (because there's only one claim I see in the codebase: and that's |
@lefnire Aw okay, gotcha - thanks for clarifying! No plans to use claims for anything outside of roles, I think it makes sense to have those be synonymous. |
|
|
||
| export const getServerSideProps: GetServerSideProps = async (context) => { | ||
| // Check if the user is admin (check again on render, to prevent caching of claims) | ||
| const user = await isAuthenticatedUserAdmin(context) |
There was a problem hiding this comment.
We should be able to drop getServerSideProps here entirely and just use useAdmin({ redirectIfNotAdmin: true }) in the component.
There was a problem hiding this comment.
Since this is an admin page though, shouldn't we kick a user out ASAP? Can also explore Next's new middleware feature: https://nextjs.org/docs/middleware
There was a problem hiding this comment.
When we tried to do this before it was way too aggressive (often kicked me out even though I was logged in as an admin). I'm not sure why this happened but based on the behavior, my guess would be something to do with refresh tokens.
There was a problem hiding this comment.
Ideally, we'd be able to do this on the backend but if it's actually not possible (ie: firebase needs to look at cookies or something), I don't really see a problem with a client-side redirect.
|
|
||
| // Find payer | ||
| if (search?.length > 0) { | ||
| const ilikeSearch = `%${search}%` |
There was a problem hiding this comment.
Do we need to do any sanitizing here?
There was a problem hiding this comment.
I assumed any value in a non-raw is escaped, so even though it's interpolated here it's passed to .where(.., ilikeSearch) and .orWhere. Some poking around https://github.com/knex/documentation/issues/73#issuecomment-572482153 , I'm not completely sure now...
| const submitSearch = useCallback( | ||
| debounce((value) => { | ||
| setSearchDebounced(value) | ||
| }, 200), | ||
| [] | ||
| ) |
There was a problem hiding this comment.
While on the subject of bundle sizes, assuming you use VS Code, I recommend this extension: https://marketplace.visualstudio.com/items?itemName=wix.vscode-import-cost
|
Updated PR with changes requested. The bit I'm not sure about is |
|
@lefnire I actually don't see |
|
@afraser sorry, forgot to mention - Just noticed some changes I need to make; I was assuming axios (still on ky). |
|
@lefnire Ah I forgot about the layout. And yes, I think it makes the most sense to keep it consistent with the other pages. Sorry for the run around. It's been a bit since I hooked up the admin views. |
|
added getServerSideProps back, fixed ky v axios |
|
@lefnire looks like CI isn't going to run until we get this into a branch. Everything looks good to me though. Appreciate the attention to detail on the sorting and filtering. |
WIP for admin/users knex/documentation#242. Pushing now to get eyes on obvious shortcomings, and to put a fire under my butt to stop impostering.