// Roster Page — Council Phase 2 P5 // Owns: RosterPage + EditRosterEntryModal + MergeModal // Source of truth: bookateetime-backend/hosting/admin.html lines 2366-2776 // Common deps: window.adminApi, window.AdminStoreContext, components from components.jsx // SAFETY: no raw HTML injection; all user strings render as {value} (auto-escaped by JSX). const { Icon, Checkbox, Avatar, Badge, Stat, PageHeader, BulkBar, Toolbar, Chip, SearchInput, Modal, Drawer, DetailRow, EmptyState, ToastProvider, useToast, Sidebar, Topbar, MigrationBanner, ConflictBanner, RestoredSessionNotice, formatShortDate, formatRelTime, AdminStoreContext, adminApi } = window; const { useState, useEffect, useMemo, useRef } = React; // W4-12 — Local copy of useOnMount (Babel script tags don't share scope cleanly). function useOnMount(fn) { const ref = useRef(false); useEffect(() => { if (ref.current) return; ref.current = true; fn(); }, []); // eslint-disable-line react-hooks/exhaustive-deps } function RosterPage() { const toast = useToast(); const store = React.useContext(AdminStoreContext); const [list, setList] = useState([]); const [loading, setLoading] = useState(true); const [search, setSearch] = useState(''); const [editTarget, setEditTarget] = useState(null); const [mergeOpen, setMergeOpen] = useState(false); // Invite flow state const [inviteTarget, setInviteTarget] = useState(null); // { entry, role: 'member'|'admin' } const [inviteBusy, setInviteBusy] = useState(false); const [inviteStep, setInviteStep] = useState(''); // status text during 2-step admin flow const [adminClaimRecipe, setAdminClaimRecipe] = useState(null); // { name, email, code } shown after admin invite const [roleChangeBusy, setRoleChangeBusy] = useState(false); // shared in-flight guard for Promote/Demote (one at a time) async function loadList() { setLoading(true); try { const roster = await adminApi.getRoster(); setList(roster); // HI-2: guard store.setRoster (context may not have it during HMR / cold start). if (store && typeof store.setRoster === 'function') { store.setRoster(roster.map(p => ({ rosterId: p.rosterId, name: p.name, email: p.email, role: p.role, authStatus: p.authStatus }))); } } catch (e) { toast('Load failed: ' + e.message, { icon: 'error' }); } finally { setLoading(false); } } useOnMount(() => { loadList(); }); // Refresh on tab visibility change (legacy parity) useEffect(() => { function onVisible() { if (document.visibilityState === 'visible') loadList(); } document.addEventListener('visibilitychange', onVisible); return () => document.removeEventListener('visibilitychange', onVisible); }, []); // findDuplicates per legacy lines 2511-2519 function findDuplicates(roster) { const groups = {}; for (const p of roster) { const key = (p.email || '').toLowerCase().trim() || ('name:' + (p.name || '').toLowerCase().trim()); if (!key || key === 'name:') continue; (groups[key] = groups[key] || []).push(p); } return Object.values(groups).filter(g => g.length > 1); } const duplicates = useMemo(() => findDuplicates(list), [list]); // Sort priority: no invite code (candidates) → unauth pending → auth → revoked. // Within each band, alphabetical by name. This surfaces the invite pool first. function inviteSortRank(p) { if (!p.inviteCode) return 0; if (p.authStatus === 'unauth') return 1; if (p.authStatus === 'auth') return 2; return 3; // revoked / unknown } const filtered = list .filter(p => { if (!search) return true; const s = search.toLowerCase(); return (p.name || '').toLowerCase().includes(s) || (p.email || '').toLowerCase().includes(s) || (p.phone || '').includes(s); }) .slice() .sort((a, b) => { const ra = inviteSortRank(a), rb = inviteSortRank(b); if (ra !== rb) return ra - rb; return (a.name || '').localeCompare(b.name || ''); }); // After edit/delete: refresh GroupBuilder picker if active function maybeRefreshGroupBuilder() { const date = sessionStorage.getItem('gbDate'); if (date) { window.adminApi.apiRosterForDate(date).catch(() => {}); } } // ---------- Add Person ---------- const [addForm, setAddForm] = useState({ name: '', email: '', phone: '' }); const [addErr, setAddErr] = useState(''); async function submitAdd() { setAddErr(''); if (!addForm.name.trim() || !addForm.email.trim()) { setAddErr('Name and email are required'); return; } try { const normalized = { name: (addForm.name || '').trim(), email: (addForm.email || '').trim().toLowerCase(), phone: (addForm.phone || '').trim() }; const res = await adminApi.addRosterEntry(normalized); toast('Added to roster', { icon: 'check' }); try { store.logConfig && store.logConfig('person_added', (res && res.rosterId) || normalized.email, JSON.stringify({ name: normalized.name, email: normalized.email })); } catch (_) {} setAddForm({ name: '', email: '', phone: '' }); await loadList(); maybeRefreshGroupBuilder(); } catch (e) { if (e.errorCode === 'PERSON_EXISTS') { setAddErr('A roster entry with this email already exists. See list below.'); } else { setAddErr(e.message || 'Add failed'); } } } // ---------- Delete Person ---------- async function deleteRosterEntry(rosterId, name) { // KEEP confirm — destructive action deserves a hard pause. if (!confirm(`Delete ${name}? This cannot be undone.`)) return; try { await adminApi.deleteRosterEntry({ rosterId }); toast('Removed from roster', { icon: 'check' }); try { store.logConfig && store.logConfig('person_deleted', rosterId, JSON.stringify({ name })); } catch (_) {} await loadList(); maybeRefreshGroupBuilder(); } catch (e) { if (e.errorCode === 'PERSON_LINKED_TO_USER') { toast('Linked to an active member — revoke the user first via the Snipers tab.', { icon: 'error' }); } else if (e.errorCode === 'PERSON_HAS_ACTIVE_ASSIGNMENTS') { toast(`In ${e.data?.activeCount || 'one or more'} active assignment(s). Cancel those first.`, { icon: 'error' }); } else { toast('Delete failed: ' + (e.message || 'unknown'), { icon: 'error' }); } } } // ---------- Invite from Roster ---------- // Opens the confirm modal for inviting a roster entry as sniper (member) or admin. function openInvite(entry, role) { setInviteStep(''); setInviteTarget({ entry, role }); } async function confirmInvite() { if (!inviteTarget) return; const { entry, role } = inviteTarget; setInviteBusy(true); setInviteStep(role === 'admin' ? 'Step 1 of 2: Inviting…' : 'Inviting…'); try { const payload = { name: (entry.name || '').trim(), email: (entry.email || '').trim().toLowerCase(), phone: (entry.phone || '').trim() || undefined, role: role === 'admin' ? 'admin' : 'member' }; const res = await adminApi.invite(payload); const code = (res && res.code) || '(code minted)'; try { store.logConfig && store.logConfig('roster_invited', entry.rosterId, JSON.stringify({ email: payload.email, role: payload.role, code })); } catch (_) {} if (role === 'admin') { // Step 2 — grant admin custom claim via the admin-Bearer-gated endpoint. // /api/promoteToAdmin lets the browser do this without exposing // SYNC_TOKEN. If the target hasn't signed in to Firebase Auth yet // (no auth user exists), the call returns AUTH_USER_NOT_FOUND — // fall back to surfacing the operator-runbook curl recipe. setInviteStep('Step 2 of 2: Granting admin claim…'); try { await adminApi.promoteToAdmin({ email: payload.email }); toast(`Invited ${payload.name} as admin — code ${code} emailed. Admin claim granted.`, { icon: 'check' }); setInviteTarget(null); setInviteStep(''); } catch (claimErr) { // Surface the runbook recipe so admin can finish manually. Most // common reason: the new admin hasn't signed in to Firebase Auth // even once, so there's no auth user to attach the claim to yet. console.warn('promoteToAdmin failed, falling back to recipe modal', claimErr.errorCode, claimErr.message); setInviteStep(''); setInviteTarget(null); setAdminClaimRecipe({ name: payload.name, email: payload.email, code, reason: claimErr.errorCode === 'AUTH_USER_NOT_FOUND' ? 'New admin must sign in to /admin via Firebase Auth (Google or email link) at least once before the claim can be granted. Then click "Invite as Admin" again, or run the curl recipe below.' : (claimErr.message || 'Step 2 failed — run the curl recipe below.'), }); toast(`Invited as admin — code emailed. Step 2 needs follow-up.`, { icon: 'warning' }); } } else { toast(`Invited ${payload.name} — code ${code} emailed`, { icon: 'check' }); setInviteTarget(null); } await loadList(); } catch (e) { if (e.errorCode === 'EMAIL_ALREADY_LINKED') { toast('Already linked. Revoke first.', { icon: 'error' }); } else { toast('Invite failed: ' + (e.message || 'unknown'), { icon: 'error' }); } } finally { setInviteBusy(false); setInviteStep(''); } } async function handleResend(entry) { if (!entry.inviteCode) return; try { await adminApi.resend({ code: entry.inviteCode }); toast(`Resent code to ${entry.email}`, { icon: 'check' }); } catch (e) { toast('Resend failed: ' + (e.message || 'unknown'), { icon: 'error' }); } } async function handleRevoke(entry) { if (!entry.userId && !entry.rosterId) return; if (!confirm(`Revoke ${entry.name}'s access? Their code will stop working immediately.`)) return; try { await adminApi.revokeUser({ userId: entry.userId || entry.rosterId }); toast(`Revoked ${entry.name}`, { icon: 'check' }); try { store.logConfig && store.logConfig('roster_revoked', entry.rosterId, JSON.stringify({ email: entry.email })); } catch (_) {} await loadList(); } catch (e) { if (e.errorCode === 'PARTIAL_REVOKE') { toast('Partial revoke — some sessions may persist briefly.', { icon: 'warning' }); await loadList(); } else { toast('Revoke failed: ' + (e.message || 'unknown'), { icon: 'error' }); } } } async function handleRevokeAndReissue(entry) { if (!entry.rosterId) return; if (!confirm(`Revoke ${entry.name}'s current code and email a fresh one?`)) return; try { const res = await adminApi.revokeAndReissueToken({ rosterId: entry.rosterId, reason: 'admin_reissue' }); const code = (res && res.code) || '(new code emailed)'; toast(`Reissued — new code ${code} emailed to ${entry.email}`, { icon: 'check' }); try { store.logConfig && store.logConfig('roster_reissued', entry.rosterId, JSON.stringify({ email: entry.email, code })); } catch (_) {} await loadList(); } catch (e) { toast('Reissue failed: ' + (e.message || 'unknown'), { icon: 'error' }); } } // ---------- Revoke current session (per-jti) ---------- // Kills the member's CURRENT token only — the invite code stays valid and // they can re-activate to get a fresh token. Distinct from "Revoke" (which // revokes the invite entirely) and "Revoke + Reissue" (which rotates the // code). Use for: a token leaked / a device needs to be logged out without // disrupting the member's standing. Calls /api/revokeSession. async function handleRevokeSession(entry) { if (!entry.inviteCode && !entry.rosterId) return; if (!confirm(`Revoke ${entry.name}'s current session? Their token stops working immediately, but their invite code stays valid — they can re-activate to get a fresh token.`)) return; try { // Prefer the invite code (= users doc id the server reads lastJti from); // fall back to rosterId, which the server resolves to the active code. await adminApi.revokeSession(entry.inviteCode ? { code: entry.inviteCode } : { rosterId: entry.rosterId }); toast(`Revoked ${entry.name}'s session`, { icon: 'check' }); try { store.logConfig && store.logConfig('roster_session_revoked', entry.rosterId, JSON.stringify({ email: entry.email })); } catch (_) {} await loadList(); } catch (e) { if (e.errorCode === 'NO_ACTIVE_SESSION') { toast('No active session to revoke — use Revoke + Reissue to rotate the code.', { icon: 'warning' }); } else { toast('Revoke session failed: ' + (e.message || 'unknown'), { icon: 'error' }); } } } // ---------- Promote active sniper to admin ---------- // Used by the Active Sniper row branch. Calls /api/promoteToAdmin which // grants the Firebase Auth admin custom claim WITHOUT churning the invite // code or credentials. If the target hasn't signed in to Firebase Auth yet // (AUTH_USER_NOT_FOUND), fall back to the operator runbook recipe modal — // same pattern as the 2-step admin invite flow at ~line 209. async function handlePromoteToAdmin(entry) { if (!entry.email) return; if (roleChangeBusy) return; if (!confirm(`Promote ${entry.name} to admin? This grants the admin claim on their existing account — invite code and credentials are preserved.`)) return; setRoleChangeBusy(true); try { await adminApi.promoteToAdmin({ email: entry.email }); toast(`Promoted ${entry.name} to admin.`, { icon: 'check' }); try { store.logConfig && store.logConfig('roster_promoted_to_admin', entry.rosterId, JSON.stringify({ email: entry.email })); } catch (_) {} // Optimistic local update — row re-renders into the admin-state branch. // Server truth reconciles on next loadList trigger (tab visibility, etc.). setList(prev => prev.map(p => p.rosterId === entry.rosterId ? { ...p, role: 'admin' } : p)); } catch (e) { if (e.errorCode === 'AUTH_USER_NOT_FOUND') { // Sniper activated the extension but never signed into /admin via // Firebase Auth — no auth user exists to attach the claim to. setAdminClaimRecipe({ name: entry.name, email: entry.email, code: entry.inviteCode || '(existing code)', reason: 'This sniper has not signed in to /admin via Firebase Auth (Google or email link) yet, so there is no auth user to attach the admin claim to. Have them sign in once, then click Promote to Admin again — or run the curl recipe below.', }); toast('Promote needs follow-up — see runbook recipe.', { icon: 'warning' }); } else { toast('Promote failed: ' + (e.message || 'unknown'), { icon: 'warning' }); } } finally { setRoleChangeBusy(false); } } // ---------- Revoke admin (demote to sniper) ---------- // Mirrors handlePromoteToAdmin. Calls /api/revokeAdmin which strips the // Firebase Auth admin custom claim. The member JWT and invite code are // preserved — the user remains an active sniper. brian@bmrkllc.com is // hardcoded-protected on the server (SUPER_ADMIN_PROTECTED). async function handleRevokeAdmin(entry) { if (!entry.email) return; if (roleChangeBusy) return; if (!confirm(`Demote ${entry.name} (${entry.email}) from admin back to sniper? They will lose admin console access. Their invite code and member JWT remain valid.`)) return; setRoleChangeBusy(true); try { await adminApi.revokeAdmin({ email: entry.email }); toast(`Demoted ${entry.name} from admin.`, { icon: 'check' }); try { store.logConfig && store.logConfig('roster_demoted_from_admin', entry.rosterId, JSON.stringify({ email: entry.email, name: entry.name })); } catch (_) {} setList(prev => prev.map(p => p.rosterId === entry.rosterId ? { ...p, role: 'sniper' } : p)); } catch (e) { if (e.errorCode === 'SUPER_ADMIN_PROTECTED') { toast('Cannot demote the super-admin. This protection is hardcoded.', { icon: 'warning' }); } else if (e.errorCode === 'AUTH_USER_NOT_FOUND') { toast('No Firebase Auth user — claim may already be revoked.', { icon: 'warning' }); } else { toast('Demote failed: ' + (e.message || 'unknown'), { icon: 'warning' }); } } finally { setRoleChangeBusy(false); } } // ---------- Bulk Import ---------- const [bulkText, setBulkText] = useState(''); const [bulkOpen, setBulkOpen] = useState(false); const [bulkProgress, setBulkProgress] = useState(null); const [bulkResult, setBulkResult] = useState(null); // HI-4 — comma-safe CSV parser. Handles `"Smith, John",jane@example.com,555` correctly. function parseCSVLine(line) { const result = []; let current = ''; let inQuotes = false; for (let i = 0; i < line.length; i++) { const ch = line[i]; if (ch === '"') { if (inQuotes && line[i + 1] === '"') { current += '"'; i++; } else { inQuotes = !inQuotes; } } else if (ch === ',' && !inQuotes) { result.push(current); current = ''; } else { current += ch; } } result.push(current); return result; } function parseBulkCSV(text) { const lines = text.split(/\r?\n/).filter(l => l.trim()); if (!lines.length) return []; const first = lines[0].toLowerCase(); const startIdx = (first.includes('name') && first.includes('email')) ? 1 : 0; const rows = []; for (let i = startIdx; i < lines.length; i++) { const parts = parseCSVLine(lines[i]); if (parts.length < 2) continue; const [name, email, phone] = parts.map(s => s.trim()); rows.push({ rowNum: i + 1, name, email, phone: phone || '' }); } return rows; } async function runBulk() { const rows = parseBulkCSV(bulkText); if (rows.length === 0) { toast('No rows to import', { icon: 'error' }); return; } if (rows.length > 50) { toast('Maximum 50 rows per import', { icon: 'error' }); return; } let imported = 0, skipped = 0, failed = 0; const failures = []; for (let i = 0; i < rows.length; i++) { const r = rows[i]; setBulkProgress({ current: i + 1, total: rows.length }); if (!r.name || !r.email) { skipped++; failures.push({ row: r.rowNum, reason: 'missing name or email' }); continue; } try { const normalized = { name: (r.name || '').trim(), email: (r.email || '').trim().toLowerCase(), phone: (r.phone || '').trim() }; await adminApi.addRosterEntry(normalized); imported++; } catch (e) { if (e.errorCode === 'PERSON_EXISTS') { skipped++; } else { failed++; failures.push({ row: r.rowNum, reason: e.message }); } } } setBulkProgress(null); setBulkResult({ imported, skipped, failed, failures }); try { store.logConfig && store.logConfig('persons_bulk_imported', '—', JSON.stringify({ imported, skipped, failed })); } catch (_) {} await loadList(); maybeRefreshGroupBuilder(); } const [addOpen, setAddOpen] = useState(false); function openAdd() { setAddErr(''); setAddForm({ name: '', email: '', phone: '' }); setAddOpen(true); } async function submitAddAndClose() { await submitAdd(); // submitAdd resets the form on success; close only if no error surfaced setAddErr(prev => { if (!prev) setAddOpen(false); return prev; }); } return (
{duplicates.length > 0 && ( )} } /> {/* Duplicates banner */} {duplicates.length > 0 && (
{duplicates.length} possible duplicate group(s) detected. Use the Merge button to consolidate.
)}
{filtered.map(p => ( ))} {!loading && filtered.length === 0 && ( )}
Name Email Phone Role Status Created Invite Actions
{p.name || '—'} {p.email || (none)} {p.phone || '—'} {p.role || '—'} {p.authStatus || 'unauth'} {p.createdAt ? formatShortDate(String(p.createdAt).slice(0, 10)) : '—'} {/* Invite action area — state machine per row. Reuses existing adminApi.invite/resend/revokeUser/revokeSession/revokeAndReissueToken. */} {!p.inviteCode && p.role !== 'admin' && (
)} {p.inviteCode && p.authStatus === 'unauth' && p.role !== 'admin' && (
🔑 Code sent: {String(p.inviteCode).slice(0, 9)}…
)} {p.inviteCode && p.authStatus === 'auth' && p.role !== 'admin' && (
✓ Active sniper
)} {p.inviteCode && p.role === 'admin' && p.authStatus !== 'revoked' && (
👑 Admin
{(p.email || '').toLowerCase() === 'brian@bmrkllc.com' ? ( super-admin · cannot demote ) : ( )}
)} {!p.inviteCode && p.role === 'admin' && p.authStatus !== 'revoked' && ( // Anomalous: admin role with no invite code. Render badge only. 👑 Admin (no invite) )} {p.inviteCode && p.authStatus === 'revoked' && ( revoked )}
No roster entries match. Use Add to Roster or Bulk Import.
{/* Add to Roster modal */} setAddOpen(false)} title="Add to Roster">
setAddForm({ ...addForm, name: e.target.value })} />
setAddForm({ ...addForm, email: e.target.value })} />
setAddForm({ ...addForm, phone: e.target.value })} />
{addErr &&
{addErr}
}
{/* Invite confirmation modal */} { if (!inviteBusy) setInviteTarget(null); }} title={inviteTarget ? `Invite as ${inviteTarget.role === 'admin' ? 'Admin' : 'Sniper'}` : 'Invite'} > {inviteTarget && (
Invite {inviteTarget.entry.name} ({inviteTarget.entry.email}) as a{' '} {inviteTarget.role === 'admin' ? 'admin' : 'sniper'}?
An invite code will be minted and emailed automatically. {inviteTarget.role === 'admin' && ( <> Admin sign-in also requires the Firebase Auth admin claim — you'll see the operator runbook step after the invite is sent. )}
{inviteStep && (
{inviteStep}
)}
)} {/* Admin claim recipe modal — shown after a successful admin invite. /api/setAdminClaim requires SYNC_TOKEN (server-only secret), so the browser cannot complete step 2 directly. Operator must run the documented curl recipe. See docs/operations/admin-claim-bootstrap.md. */} setAdminClaimRecipe(null)} title="Finish admin provisioning" maxWidth={640} > {adminClaimRecipe && (
Step 1 of 2 done — {adminClaimRecipe.name} ({adminClaimRecipe.email}) was emailed code{' '} {adminClaimRecipe.code}.
Step 2 of 2 — grant the admin Auth claim. This must be run from a trusted shell (the SYNC_TOKEN secret is not available to the browser). Recipe: 
{`curl -X POST https:///api/setAdminClaim \\
  -H "Content-Type: application/json" \\
  -H "X-Sync-Token: $SYNC_TOKEN" \\
  -d '{"email":"${adminClaimRecipe.email}"}'`}
Full runbook: docs/operations/admin-claim-bootstrap.md. Once the claim is granted,{' '} {adminClaimRecipe.name} can sign in to admin via Firebase Auth.
)} {/* Edit modal */} {editTarget && ( setEditTarget(null)} onSaved={() => { loadList(); maybeRefreshGroupBuilder(); }} /> )} {/* Bulk Import modal */} { setBulkOpen(false); setBulkResult(null); }} title="Bulk Import to Roster (max 50)" >

Paste CSV with columns: name, email, phone (header optional). Max 50 rows.