Remove role override UI since backend enforces user's actual role

The role override dropdown is now misleading since the backend rejects any attempt to set a role that differs from the target user's actual role. Removed the dropdown and added helper text explaining that the token inherits the selected user's role.
2026-06-03 21:00:09 +00:00 · 2026-03-04 17:15:46 -08:00
parent 24aa6afefc
commit 45c8b614e3
1 changed files with 5 additions and 32 deletions
@@ -25,7 +25,6 @@ export function ApiTab() {
  // Admin-specific state
  const [users, setUsers] = useState<UserOption[]>([]);
  const [newTokenUserId, setNewTokenUserId] = useState('');
  const [newTokenRole, setNewTokenRole] = useState('');
  const fetchUsers = useCallback(async () => {
    try {
@@ -46,31 +45,16 @@ export function ApiTab() {
  const handleCreate = async () => {
    const extraBody: Record<string, string> = {};
    if (newTokenUserId) extraBody.userId = newTokenUserId;
    if (newTokenRole) extraBody.role = newTokenRole;
    const created = await api.handleCreate(extraBody);
    // Reset admin-specific fields only when create succeeds
    if (created) {
      setNewTokenUserId('');
      setNewTokenRole('');
    }
  };
  const handleUserChange = (userId: string) => {
    setNewTokenUserId(userId);
    if (userId) {
      const selectedUser = users.find((u) => u.id === userId);
      if (selectedUser && !newTokenRole) {
        setNewTokenRole(selectedUser.role);
      }
    } else {
      setNewTokenRole('');
    }
  };
  const handleCancel = () => {
    api.resetForm();
    setNewTokenUserId('');
    setNewTokenRole('');
  };
  if (api.loading) {
@@ -86,7 +70,7 @@ export function ApiTab() {
      <div>
        <h2 className="text-xl font-semibold text-gray-900 dark:text-gray-100">API Tokens</h2>
        <p className="text-sm text-gray-500 dark:text-gray-400 mt-1">
-          Manage API tokens for all users. Create tokens for any user with any role for programmatic access.{' '}
+          Manage API tokens for all users. Create tokens for any user for programmatic access.{' '}
          <Link href="/api-docs" className="text-blue-600 dark:text-blue-400 hover:underline">
            View API documentation
          </Link>
@@ -176,7 +160,7 @@ export function ApiTab() {
              </label>
              <select
                value={newTokenUserId}
-                onChange={(e) => handleUserChange(e.target.value)}
+                onChange={(e) => setNewTokenUserId(e.target.value)}
                className="w-full rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-800 px-3 py-2 text-sm text-gray-900 dark:text-gray-100 focus:border-blue-500 focus:ring-1 focus:ring-blue-500"
              >
                <option value="">Current user (default)</option>
@@ -186,20 +170,9 @@ export function ApiTab() {
                  </option>
                ))}
              </select>
-            </div>
+              <p className="mt-1 text-xs text-gray-500 dark:text-gray-400">
-            <div>
+                Token will inherit the selected user&apos;s role
-              <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
+              </p>
                Role override
              </label>
              <select
                value={newTokenRole}
                onChange={(e) => setNewTokenRole(e.target.value)}
                className="w-full rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-800 px-3 py-2 text-sm text-gray-900 dark:text-gray-100 focus:border-blue-500 focus:ring-1 focus:ring-blue-500"
              >
                <option value="">User&apos;s default role</option>
                <option value="admin">Admin</option>
                <option value="user">User</option>
              </select>
            </div>
          </div>
          <div className="flex gap-2">