Admin panel init #8742
Admin panel init #8742
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR introduces an admin panel with user impersonation and feature flag management capabilities, along with necessary routing and state management changes.
- Added
useImpersonatehook in/settings/admin/hooks/useImpersonate.tsfor user impersonation but missinglastVisitedViewclearing (Clear lastVisitedView when impersonating #7090) - Added feature flag management table in
/settings/admin/components/SettingsAdminFeatureFlags.tsxwithout loading/error states - Added admin panel access control via
canImpersonateflag inAppRouter.tsxandSettingsNavigationDrawerItems.tsx - Refactored
clearSessioninuseAuth.tsto support both sign-out and impersonation flows - Added admin panel route with conditional rendering based on user permissions in
SettingsRoutes.tsx
11 file(s) reviewed, 12 comment(s)
Edit PR Review Bot Settings | Greptile
| margin-top: ${({ theme }) => theme.spacing(0.5)}; | ||
| `; | ||
|
|
||
| const StyledTableHeaderRow = styled(Table)` |
There was a problem hiding this comment.
logic: StyledTableHeaderRow extends Table instead of TableRow, which could cause layout issues
| <TableHeader>Value</TableHeader> | ||
| </TableRow> | ||
| </StyledTableHeaderRow> | ||
| {currentWorkspace?.featureFlags?.map((flag) => ( |
There was a problem hiding this comment.
style: No handling of empty/undefined featureFlags array - should show empty state message
| `; | ||
|
|
||
| export const SettingsAdminFeatureFlags = () => { | ||
| const currentWorkspace = useRecoilValue(currentWorkspaceState); |
There was a problem hiding this comment.
style: No loading or error state handling when fetching currentWorkspace
| <Section> | ||
| <H2Title title="Feature Flags" description="Manage feature flags." /> | ||
|
|
||
| <Table> |
There was a problem hiding this comment.
style: Table structure creates new Table component for each row instead of reusing one table with multiple rows
packages/twenty-front/src/modules/settings/admin/components/SettingsAdminImpersonateUsers.tsx
Outdated
Show resolved
Hide resolved
| <TextInput | ||
| value={userId} | ||
| onChange={setUserId} | ||
| placeholder="User ID" | ||
| fullWidth | ||
| disabled={isLoading} | ||
| dataTestId="impersonate-input" | ||
| /> |
There was a problem hiding this comment.
style: Consider adding input validation or pattern matching for valid user ID formats
| setCurrentUser(user); | ||
| setTokenPair(tokens); | ||
| await sleep(0); | ||
| window.location.href = AppPath.Index; |
There was a problem hiding this comment.
logic: setIsLoading(false) missing before redirect - loading state will remain true if navigation fails
packages/twenty-front/src/modules/settings/admin/hooks/useImpersonate.ts
Outdated
Show resolved
Hide resolved
packages/twenty-front/src/modules/settings/admin/hooks/useImpersonate.ts
Outdated
Show resolved
Hide resolved
packages/twenty-front/src/modules/settings/admin-panel/hooks/useFeatureFlagsManagement.ts
Outdated
Show resolved
Hide resolved
| }); | ||
|
|
||
| return true; | ||
| } catch (err) { |
There was a problem hiding this comment.
It's unclear for me in what scenario this would happen and why we would not want it displayed to the user (or sent to Sentry if it's a real program error)
packages/twenty-front/src/modules/settings/admin-panel/hooks/useImpersonate.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
PR Summary
(updates since last review)
Based on the latest changes, here's a summary of the key updates to the admin panel implementation:
Added server-side admin panel infrastructure with robust security and data management:
- Added
AdminPanelModule,AdminPanelService, andAdminPanelResolverin server codebase for handling admin operations - Implemented proper authorization guards and input validation for admin operations
- Added GraphQL DTOs and entities for user lookup and feature flag management
Key points to note:
- Server-side implementation includes comprehensive permission checks through
canImpersonateflag - Added proper error handling for invalid inputs and unauthorized access attempts
- Integrated with existing user and workspace entities using TypeORM
- Structured admin panel operations around three core functions: impersonate, userLookup, and updateWorkspaceFeatureFlags
This complements the previous frontend changes and creates a complete admin panel solution with proper security controls and data management capabilities.
38 file(s) reviewed, 38 comment(s)
Edit PR Review Bot Settings | Greptile
| {isAdminPageEnabled && ( | ||
| <> | ||
| <Route path={SettingsPath.Admin} element={<SettingsAdmin />} /> | ||
| <Route | ||
| path={SettingsPath.FeatureFlags} | ||
| element={<SettingsAdminFeatureFlags />} | ||
| /> | ||
| </> | ||
| )} |
There was a problem hiding this comment.
logic: Consider adding a UserAuthGuard or similar auth wrapper around admin routes to ensure double protection against unauthorized access
...s/twenty-front/src/modules/settings/admin-panel/components/SettingsAdminImpersonateUsers.tsx
Show resolved
Hide resolved
| @Field(() => String) | ||
| @IsNotEmpty() | ||
| featureFlag: FeatureFlagKey; |
There was a problem hiding this comment.
logic: featureFlag field is typed as String but accepts FeatureFlagKey enum - should use @field(() => FeatureFlagKey) for proper GraphQL enum type
| @Field(() => Number) | ||
| totalUsers: number; |
There was a problem hiding this comment.
style: consider using Int instead of Number for totalUsers count
packages/twenty-server/src/engine/core-modules/admin-panel/dtos/user-lookup.input.ts
Show resolved
Hide resolved
|
Thanks @ehconitin for your contribution! |
WIP
Related issues -
#7090
#8547
Master issue -
#4499