First version of the security module

This commit is contained in:
2026-06-22 13:19:05 +02:00
parent 0392043ee3
commit 498afc7840
64 changed files with 7581 additions and 4 deletions

View File

@@ -0,0 +1,547 @@
/* Security module styles. Prefix: security-. */
.security-form-required {
color: var(--app-color-danger, #b42318);
}
/* --- Check workspace: summary + progress --- */
.security-check-summary {
/* Horizontal padding comes from `.app-details-container > section > *`;
only set vertical padding so the summary stays aligned with the rest. */
padding-block: 1rem 0.75rem;
}
.security-check-meta {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
gap: 0.75rem 1.5rem;
margin: 0;
}
.security-check-meta dt {
font-size: 0.8rem;
color: var(--app-text-muted, #667085);
margin-bottom: 0.15rem;
}
.security-check-meta dd {
margin: 0;
font-weight: 500;
}
.security-check-progress {
/* Full-width progress bar directly under the info section. */
padding-block: 0 1.25rem;
}
.security-check-progress-bar {
height: 8px;
border-radius: 999px;
background: var(--app-muted-border-color, #eaecf0);
overflow: hidden;
}
.security-check-progress-fill {
height: 100%;
background: var(--app-notice-success-border-color, #079455);
transition: width 0.2s ease;
}
.security-check-progress-label {
display: block;
margin-top: 0.35rem;
font-size: 0.8rem;
color: var(--app-muted-color, #667085);
}
/* --- Steps: each step is its own separated card --- */
.security-steps {
display: flex;
flex-direction: column;
gap: 0.75rem;
margin-bottom: 0.75rem;
}
.security-step {
/* Reset Pico's <article> card chrome (extra margin + shadow); we draw our own border. */
margin: 0;
box-shadow: none;
border: 1px solid var(--app-card-border-color, #e4e7ec);
border-radius: var(--app-border-radius, 8px);
padding: 0.9rem 1rem;
background: var(--app-card-background-color, #fff);
}
.security-step.is-done {
border-color: var(--app-notice-success-border-color, #079455);
background: var(--app-notice-success-background-color, #f6fef9);
}
.security-step-head {
display: flex;
align-items: flex-start;
gap: 0.75rem;
/* Reset Pico's <article> > <header> chrome so it isn't a boxed-off sub-section. */
margin: 0;
padding: 0;
border: 0;
background: transparent;
}
.security-step-number {
flex: 0 0 1.75rem;
width: 1.75rem;
height: 1.75rem;
border-radius: 999px;
background: var(--app-muted-border-color, #eaecf0);
color: var(--app-muted-color, #475467);
display: inline-flex;
align-items: center;
justify-content: center;
font-size: 0.85rem;
font-weight: 600;
}
.security-step.is-done .security-step-number {
background: var(--app-notice-success-border-color, #079455);
color: #fff;
}
.security-check-toggle {
display: flex;
align-items: flex-start;
gap: 0.6rem;
cursor: pointer;
margin: 0;
}
.security-step-toggle {
flex: 1 1 auto;
}
.security-step-toggle span {
display: flex;
flex-direction: column;
gap: 0.1rem;
}
/* Match step 5's <h3> headline size so all step card titles are consistent. */
.security-step-toggle strong {
font-size: var(--text-lg);
line-height: var(--leading-tight);
}
.security-check-toggle input[type="checkbox"] {
width: 1.25em;
height: 1.25em;
flex-shrink: 0;
margin: 0.1rem 0 0;
}
.security-completion-meta {
font-size: 0.78rem;
color: var(--app-notice-success-color, #079455);
white-space: nowrap;
margin-left: auto;
}
.security-item-note {
width: 100%;
margin: 0.6rem 0 0;
}
/* Align the per-step note with the indented step fields
(start past the number badge + gap, matching `.security-step-fields`). */
.security-step > .security-item-note {
margin-left: 2.5rem;
width: calc(100% - 2.5rem);
}
.security-step-fields {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 0.6rem 1rem;
margin: 0.75rem 0 0;
padding-left: 2.5rem;
}
/* Long-form text fields take a full row; compact fields (datetimes) sit side by side. */
.security-step-field {
grid-column: 1 / -1;
}
.security-step-field-datetime {
grid-column: auto;
}
.security-step-field label {
display: block;
font-size: 0.82rem;
color: var(--app-muted-color, #475467);
margin-bottom: 0.2rem;
}
.security-step-field textarea,
.security-step-field input[type="datetime-local"] {
margin: 0;
width: 100%;
}
@media (max-width: 640px) {
.security-step-fields {
grid-template-columns: 1fr;
}
.security-step-field-datetime {
grid-column: 1 / -1;
}
}
/* Hint shown (by the workspace JS) while required info fields are still empty. */
.security-step-gate-hint:not([hidden]) {
display: flex;
align-items: center;
gap: 0.4rem;
margin: 0.6rem 0 0;
padding-left: 2.5rem;
font-size: 0.8rem;
color: var(--app-notice-warning-color, #ad7122);
}
/* "Generate PDF customer report" action in the final (report) step. Indented to
2.5rem to line up under the step header text, like the fields/notes above. */
.security-report-action {
margin-top: 0.75rem;
padding-left: 2.5rem;
}
.security-report-action > .secondary {
margin-bottom: 0;
}
.security-report-hint {
display: flex;
align-items: center;
gap: 0.4rem;
margin: 0.4rem 0 0;
font-size: 0.8rem;
}
/* --- Technical checklist --- */
.security-step-tech .security-tech-list {
list-style: none;
margin: 0.75rem 0 0;
/* Indent to 2.5rem so checklist items line up under the step header text
(past the number badge + gap), matching the other steps' fields/notes. */
padding: 0 0 0 2.5rem;
}
.security-step-empty {
margin: 0.75rem 0 0;
padding-left: 2.5rem;
}
.security-tech-section {
font-weight: 600;
margin: 0.9rem 0 0.4rem;
color: var(--app-text, #1d2939);
}
.security-tech-item {
display: flex;
align-items: flex-start;
flex-wrap: wrap;
gap: 0.4rem 0.75rem;
padding: 0.5rem 0;
border-top: 1px solid var(--app-border-subtle, #f2f4f7);
}
.security-tech-label {
display: flex;
flex-direction: column;
gap: 0.1rem;
}
.security-tech-hint {
font-size: 0.78rem;
}
/* Rendered Markdown guidance authored on the template — collapsed by default in
a <details> callout (left accent + info tint) so it clearly reads as the info
for this checkpoint without crowding the form. */
.security-tech-markdown {
flex-basis: 100%;
margin: 0.4rem 0 0.1rem 1.85rem;
padding: 0.4rem 0.75rem;
border-left: 3px solid var(--app-notice-info-border-color, #6b7e99);
border-radius: 0 6px 6px 0;
background: var(--app-notice-info-background-color, #eef1f6);
font-size: 0.85rem;
color: var(--app-color, #1d2939);
}
.security-tech-markdown > summary {
font-weight: 500;
color: var(--app-notice-info-color, #4a5a73);
}
.security-tech-markdown-body > :first-child {
margin-top: 0;
}
.security-tech-markdown-body > :last-child {
margin-bottom: 0;
}
.security-tech-markdown-body :where(ul, ol) {
margin: 0.25rem 0;
padding-left: 1.25rem;
}
.security-tech-markdown-body pre {
padding: 0.5rem 0.75rem;
background: var(--app-card-background-color, #fff);
border-radius: 6px;
overflow-x: auto;
}
.security-tech-item .security-item-note {
flex-basis: 100%;
margin-top: 0.25rem;
}
/* --- Danger zone --- */
.security-danger-zone {
margin-top: 1.5rem;
}
/* Inner wrapper carries the border so it inherits the same 2rem inset
(via `.app-details-container > section > *`) as the steps container. */
.security-danger-zone-inner {
padding: 1rem;
border: 1px solid var(--app-notice-error-border-color, #fda29b);
border-radius: var(--app-border-radius, 8px);
background: var(--app-notice-error-background-color, #fffbfa);
}
.security-danger-zone-inner h3 {
margin: 0 0 0.6rem;
}
.security-danger-actions {
display: flex;
flex-wrap: wrap;
gap: 0.5rem;
}
.security-danger-actions form {
margin: 0;
}
.security-danger-actions button {
margin: 0;
}
/* --- Template edit + fields --- */
.security-field-row {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
gap: 1rem;
}
.security-field {
margin-bottom: 0.9rem;
}
.security-field label {
display: block;
margin-bottom: 0.3rem;
font-weight: 500;
}
.security-field input,
.security-field select {
margin: 0;
}
/* The core `input + small` helper rule (app-shell, @layer layout) applies a
negative margin-top that assumes the input keeps its default bottom margin.
We reset that margin to 0 above, so without this the negative pull drags the
hint up into the input. Restore the app's intended helper-text gap. */
.security-field input + small,
.security-field select + small {
margin-top: calc(var(--app-spacing) * 0.25);
}
.security-active-toggle {
margin-top: 0.5rem;
}
/* --- Schema editor --- */
.security-schema-items {
display: flex;
flex-direction: column;
gap: 0.5rem;
margin: 0.75rem 0;
}
.security-schema-item {
display: flex;
flex-direction: column;
gap: 0.5rem;
padding: 0.5rem;
border: 1px solid var(--app-card-border-color, #e4e7ec);
border-radius: 6px;
background: var(--app-card-background-color, #fff);
}
.security-schema-item-section {
background: var(--app-card-sectioning-background-color, #f9fafb);
}
.security-schema-item-row {
display: flex;
align-items: center;
gap: 0.5rem;
}
.security-schema-markdown {
margin: 0;
width: 100%;
font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace;
font-size: 0.85rem;
}
.security-schema-type {
flex: 0 0 auto;
}
.security-schema-label {
flex: 1 1 40%;
margin: 0;
}
.security-schema-hint {
flex: 1 1 30%;
margin: 0;
}
.security-schema-controls {
display: flex;
gap: 0.2rem;
flex: 0 0 auto;
}
.security-schema-controls button {
margin: 0;
}
.security-schema-toolbar {
display: flex;
gap: 0.5rem;
margin-top: 0.5rem;
}
.security-schema-toolbar button {
margin: 0;
}
@media (max-width: 640px) {
.security-schema-item-row {
flex-wrap: wrap;
}
.security-schema-label,
.security-schema-hint {
flex-basis: 100%;
}
}
/* --- Creation wizard (check + template create views) ---
The .app-wizard-* primitive is shared in spirit with other modules but its
styles are not in core — they live in each module's own stylesheet. This
module is standalone (requires: []) and never loads another module's CSS, so
without these rules the header collapses to block flow (back arrow stacked
above the title). Kept in sync with the helpdesk wizard. Single-step here, so
the step-indicator rules are intentionally omitted. */
.app-wizard-content {
max-width: 32rem;
}
.app-wizard-header {
display: flex;
align-items: center;
gap: calc(var(--app-spacing) * 0.75);
margin-bottom: calc(var(--app-spacing) * 1.25);
}
.app-wizard-back {
display: inline-flex;
align-items: center;
justify-content: center;
width: 2rem;
height: 2rem;
border-radius: var(--app-border-radius);
color: var(--app-muted-color);
text-decoration: none;
transition:
background 0.15s ease,
color 0.15s ease;
}
.app-wizard-back:hover {
background: var(--app-background-muted, #f8f9fa);
color: var(--app-color);
}
.app-wizard-title {
font-size: var(--text-xl, 1.25rem);
font-weight: var(--font-semibold, 600);
margin: 0;
}
.app-wizard-card {
background: var(--app-card-background-color, #fff);
border: 1px solid var(--app-card-border-color, #e5e7eb);
border-radius: calc(var(--app-border-radius) * 2);
padding: calc(var(--app-spacing) * 1.5);
box-shadow: 0 1px 3px rgb(0 0 0 / 0.04);
}
.app-wizard-card-heading {
font-size: var(--text-lg, 1.125rem);
font-weight: var(--font-semibold, 600);
margin: 0 0 0.25rem;
}
.app-wizard-card-description {
font-size: var(--text-sm, 0.875rem);
color: var(--app-muted-color);
margin: 0 0 calc(var(--app-spacing) * 1.25);
}
.app-wizard-field-group {
margin-bottom: calc(var(--app-spacing) * 1.25);
}
.app-wizard-field-group > label {
display: block;
margin-bottom: 0.375rem;
font-size: var(--text-sm, 0.875rem);
font-weight: var(--font-medium, 500);
}
.app-wizard-actions {
display: flex;
justify-content: flex-end;
gap: 0.75rem;
margin-top: calc(var(--app-spacing) * 1.5);
padding-top: calc(var(--app-spacing) * 1.25);
border-top: 1px solid var(--app-card-border-color, #e5e7eb);
}
@media (max-width: 576px) {
.app-wizard-card {
padding: var(--app-spacing);
}
}

View File

@@ -0,0 +1,80 @@
import { createListPageModule } from '/js/core/app-list-page-module.js';
import { escapeHtml, withCurrentListReturn } from '/js/pages/app-list-utils.js';
createListPageModule({
configId: 'security-checks',
moduleId: 'security-checks',
missingGridMessage: 'Security checks grid init failed: Grid.js missing',
initErrorMessage: 'Security checks grid init failed',
setup: ({ config, gridjs, appBase, initListPage }) => {
const labels = config.labels || {};
const gridOptions = {
gridjs,
container: '#security-checks-grid',
dataUrl: config.dataUrl || 'security/checks-data',
appBase,
columns: [
{
name: labels.customer || 'Customer',
sort: true,
formatter: (cell) => {
const text = escapeHtml(String(cell?.text || ''));
const url = String(cell?.url || '').trim();
if (text === '') {
return gridjs.html('<span class="text-muted">—</span>');
}
if (url === '') {
return gridjs.html(text);
}
return gridjs.html(`<a href="${escapeHtml(withCurrentListReturn(url))}">${text}</a>`);
},
},
{ name: labels.domain || 'Domain', sort: true },
{ name: labels.product || 'Software product', sort: true },
{
name: labels.status || 'Status',
sort: true,
formatter: (cell) => {
const label = escapeHtml(cell?.label || '');
const variant = cell?.variant || 'neutral';
return gridjs.html(`<span class="badge" data-variant="${escapeHtml(variant)}">${label}</span>`);
},
},
{ name: labels.owner || 'Owner', sort: true },
{ name: labels.createdAt || 'Created', sort: true },
{ name: 'edit_url', hidden: true },
],
sortColumns: ['debitor_name', 'domain_url', 'product_name', 'status', null, 'created_at', null],
paginationLimit: 20,
language: config.gridLang || {},
mapData: (data) => (data.data || []).map((row) => [
{ text: row.debitor_name || '', url: row.edit_url || '' },
row.domain_url || '',
row.product_name || '',
{ label: row.status_label || '', variant: row.status_variant || 'neutral' },
row.owner_name || '',
row.created_at || '',
row.edit_url || '',
]),
search: config.gridSearch || null,
filterSchema: config.filterSchema || [],
urlSync: true,
rowInteraction: { linkColumn: 0 },
rowDblClick: {
getUrl: (rowData) => rowData?.cells?.[6]?.data || '',
},
};
const listResult = initListPage({
grid: gridOptions,
filters: {
mode: 'drawer',
chipMeta: config.filterChipMeta || {},
watchInputs: ['#security-checks-search-input'],
},
});
return listResult?.gridConfig || null;
},
});

View File

@@ -0,0 +1,79 @@
import { createListPageModule } from '/js/core/app-list-page-module.js';
import { escapeHtml, withCurrentListReturn } from '/js/pages/app-list-utils.js';
createListPageModule({
configId: 'security-templates',
moduleId: 'security-templates',
missingGridMessage: 'Security templates grid init failed: Grid.js missing',
initErrorMessage: 'Security templates grid init failed',
setup: ({ config, gridjs, appBase, initListPage }) => {
const labels = config.labels || {};
const gridOptions = {
gridjs,
container: '#security-templates-grid',
dataUrl: config.dataUrl || 'security/templates-data',
appBase,
columns: [
{
name: labels.productName || 'Product',
sort: true,
formatter: (cell) => {
const text = escapeHtml(String(cell?.text || ''));
const url = String(cell?.url || '').trim();
if (text === '') {
return gridjs.html('<span class="text-muted">—</span>');
}
if (url === '') {
return gridjs.html(text);
}
return gridjs.html(`<a href="${escapeHtml(withCurrentListReturn(url))}">${text}</a>`);
},
},
{ name: labels.productCode || 'Code', sort: true },
{ name: labels.itemCount || 'Checklist items', sort: false },
{
name: labels.active || 'Active',
sort: true,
formatter: (cell) => {
const active = cell === true || cell === 'true';
const label = active ? (labels.yes || 'Yes') : (labels.no || 'No');
const variant = active ? 'success' : 'neutral';
return gridjs.html(`<span class="badge" data-variant="${variant}">${escapeHtml(label)}</span>`);
},
},
{ name: labels.updatedAt || 'Updated', sort: true },
{ name: 'edit_url', hidden: true },
],
sortColumns: ['product_name', 'product_code', null, 'active', 'updated_at', null],
paginationLimit: 20,
language: config.gridLang || {},
mapData: (data) => (data.data || []).map((row) => [
{ text: row.product_name || row.product_code || '', url: row.edit_url || '' },
row.product_code || '',
String(row.item_count ?? 0),
row.active === true,
row.updated_at || '',
row.edit_url || '',
]),
search: config.gridSearch || null,
filterSchema: config.filterSchema || [],
urlSync: true,
rowInteraction: { linkColumn: 0 },
rowDblClick: {
getUrl: (rowData) => rowData?.cells?.[5]?.data || '',
},
};
const listResult = initListPage({
grid: gridOptions,
filters: {
mode: 'drawer',
chipMeta: config.filterChipMeta || {},
watchInputs: ['#security-templates-search-input'],
},
});
return listResult?.gridConfig || null;
},
});

View File

@@ -0,0 +1,108 @@
/**
* Security check workspace — light client-side enhancement of the checklist form.
*
* Progress is authoritative on the server (recomputed on save); this only gives
* live visual feedback: toggles the done-styling on a row and updates the
* progress bar width as items are checked. No business logic.
*/
import { resolveHost } from '/js/core/app-dom.js';
const SELECTOR = '[data-app-component="security-check-workspace"]';
const EMPTY_API = Object.freeze({ destroy: () => {} });
const resolveForm = (root) => {
const host = resolveHost(root);
if (host instanceof HTMLElement && host.matches(SELECTOR)) {
return host;
}
return host.querySelector(SELECTOR);
};
export function initSecurityCheckWorkspace(root = document) {
const form = resolveForm(root);
if (!form) {
return EMPTY_API;
}
const section = form.closest('section') || document;
const fill = section.querySelector('.security-check-progress-fill');
const doneToggles = () => Array.from(form.querySelectorAll('input[type="checkbox"][name$="[done]"]'));
// Step gating: a step's done-checkbox can only be ticked once all of its
// required fields are filled. Authoritative gate lives on the server; this
// just mirrors it so the box is disabled until the fields are complete.
const requiredFields = Array.from(form.querySelectorAll('[data-security-required="1"]'));
const readonly = requiredFields.length > 0 && requiredFields.every((field) => field.disabled);
const gateGroups = [];
new Set(requiredFields.map((field) => field.closest('.security-step'))).forEach((step) => {
if (!step) {
return;
}
const doneBox = step.querySelector('input[type="checkbox"][name$="[done]"]');
if (!doneBox) {
return;
}
gateGroups.push({
doneBox,
hint: step.querySelector('[data-security-gate-hint]'),
fields: requiredFields.filter((field) => field.closest('.security-step') === step),
});
});
const enforceGates = () => {
if (readonly) {
return;
}
gateGroups.forEach(({ doneBox, hint, fields }) => {
const met = fields.every((field) => field.value.trim() !== '');
doneBox.disabled = !met;
if (!met && doneBox.checked) {
doneBox.checked = false;
}
if (hint) {
hint.hidden = met;
}
});
};
const listenerController = new AbortController();
const refresh = () => {
const boxes = doneToggles();
const total = boxes.length;
const done = boxes.filter((b) => b.checked).length;
boxes.forEach((box) => {
const row = box.closest('.security-step, .security-tech-item');
row?.classList.toggle('is-done', box.checked);
});
if (fill && total > 0) {
fill.style.width = `${Math.floor((done / total) * 100)}%`;
}
};
form.addEventListener('change', (event) => {
const target = event.target;
if (target instanceof HTMLInputElement && target.type === 'checkbox' && target.name.endsWith('[done]')) {
refresh();
}
}, { signal: listenerController.signal });
if (!readonly && gateGroups.length > 0) {
const onFieldChange = (event) => {
if (event.target instanceof HTMLElement && event.target.matches('[data-security-required="1"]')) {
enforceGates();
refresh();
}
};
form.addEventListener('input', onFieldChange, { signal: listenerController.signal });
form.addEventListener('change', onFieldChange, { signal: listenerController.signal });
}
enforceGates();
refresh();
return {
destroy: () => listenerController.abort(),
};
}

View File

@@ -0,0 +1,194 @@
/**
* Dynamic domain select for the security-check create wizard.
*
* Listens to the core [data-app-lookup] customer picker and loads the customer's
* domains from the Security BC gateway. Falls back to manual entry when the
* customer has no domains.
*/
import { getJson } from '/js/core/app-http.js';
import { resolveHost } from '/js/core/app-dom.js';
const SELECTOR = '#security-domain-group[data-app-component="security-customer-domain-select"]';
const EMPTY_API = Object.freeze({ destroy: () => {} });
const resolveGroup = (root) => {
const host = resolveHost(root);
if (host instanceof HTMLElement && host.matches(SELECTOR)) {
return host;
}
return host.querySelector(SELECTOR);
};
export function initSecurityCustomerDomainSelect(root = document) {
const group = resolveGroup(root);
if (!group) {
return EMPTY_API;
}
const scope = group.closest('form') || document;
const lookupContainer = scope.querySelector('[data-app-lookup]');
const domainSelect = group.querySelector('#security-domain');
const domainNoInput = group.querySelector('#security-domain-no');
const domainUrlInput = group.querySelector('#security-domain-url');
const feedback = group.querySelector('#security-domain-feedback');
const manualBlock = group.querySelector('#security-domain-manual');
const manualNoInput = group.querySelector('#security-domain-manual-no');
const manualUrlInput = group.querySelector('#security-domain-manual-url');
if (!lookupContainer || !domainSelect) {
return EMPTY_API;
}
const domainsUrl = group.dataset.domainsUrl || '';
const textInitial = group.dataset.textInitial || '';
const textLoading = group.dataset.textLoading || '';
const textSelect = group.dataset.textSelect || '';
const textError = group.dataset.textError || '';
const listenerController = new AbortController();
const requestController = new AbortController();
const on = (target, type, handler, options = {}) => {
if (!target || typeof target.addEventListener !== 'function') {
return;
}
target.addEventListener(type, handler, { ...options, signal: listenerController.signal });
};
const clearOptions = () => {
while (domainSelect.options.length > 0) {
domainSelect.remove(0);
}
};
const addPlaceholder = (text) => {
const opt = document.createElement('option');
opt.value = '';
opt.textContent = text;
domainSelect.appendChild(opt);
};
const setFeedback = (text, variant) => {
if (!feedback) {
return;
}
feedback.textContent = text;
feedback.hidden = !text;
feedback.dataset.variant = variant || '';
};
const showManual = (show) => {
if (!manualBlock) {
return;
}
manualBlock.hidden = !show;
domainSelect.closest('.app-wizard-domain-select-wrap')?.toggleAttribute('hidden', show);
if (!show && manualNoInput) manualNoInput.value = '';
if (!show && manualUrlInput) manualUrlInput.value = '';
if (show) {
if (domainNoInput) domainNoInput.value = '';
if (domainUrlInput) domainUrlInput.value = '';
}
};
const resetDomain = () => {
clearOptions();
addPlaceholder(textInitial);
domainSelect.disabled = true;
if (domainNoInput) domainNoInput.value = '';
if (domainUrlInput) domainUrlInput.value = '';
setFeedback('', '');
showManual(false);
};
const loadDomains = async (debitorNo) => {
clearOptions();
addPlaceholder(textLoading);
domainSelect.disabled = true;
group.setAttribute('aria-busy', 'true');
setFeedback('', '');
try {
const data = await getJson(`${domainsUrl}?debitor_no=${encodeURIComponent(debitorNo)}`, {
signal: requestController.signal,
});
const items = Array.isArray(data) ? data : [];
clearOptions();
addPlaceholder(textSelect);
if (items.length === 0) {
domainSelect.disabled = true;
showManual(true);
return;
}
showManual(false);
items.forEach((item) => {
const opt = document.createElement('option');
opt.value = item.value || '';
opt.textContent = item.label || item.value || '';
opt.dataset.url = item.url || '';
domainSelect.appendChild(opt);
});
domainSelect.disabled = false;
} catch (error) {
if (!(error instanceof Error && error.name === 'AbortError')) {
clearOptions();
addPlaceholder(textSelect);
domainSelect.disabled = true;
setFeedback(textError, 'error');
}
} finally {
group.removeAttribute('aria-busy');
}
};
on(domainSelect, 'change', () => {
const selected = domainSelect.options[domainSelect.selectedIndex];
if (domainNoInput) domainNoInput.value = selected?.value || '';
if (domainUrlInput) domainUrlInput.value = selected?.dataset.url || '';
});
if (manualNoInput) {
on(manualNoInput, 'input', () => {
if (domainNoInput) domainNoInput.value = manualNoInput.value.trim();
});
}
if (manualUrlInput) {
on(manualUrlInput, 'input', () => {
if (domainUrlInput) domainUrlInput.value = manualUrlInput.value.trim();
});
}
on(lookupContainer, 'lookup:select', (event) => {
const debitorNo = event.detail?.value || '';
if (debitorNo) {
void loadDomains(debitorNo);
} else {
resetDomain();
}
});
on(lookupContainer, 'lookup:clear', () => {
resetDomain();
});
const initialDebitor = group.dataset.initialDebitor || '';
const initialDomain = group.dataset.initialDomain || '';
if (initialDebitor) {
void loadDomains(initialDebitor).then(() => {
if (initialDomain && !domainSelect.disabled) {
domainSelect.value = initialDomain;
domainSelect.dispatchEvent(new Event('change'));
}
});
} else if (domainNoInput && domainNoInput.value && manualNoInput) {
manualNoInput.value = domainNoInput.value;
}
return {
destroy: () => {
listenerController.abort();
requestController.abort();
},
};
}

View File

@@ -0,0 +1,80 @@
/**
* Security settings page — toggles the auth-mode sections and runs the
* BC connection test.
*/
import { resolveHost } from '/js/core/app-dom.js';
import { getJson } from '/js/core/app-http.js';
const SELECTOR = '[data-app-component="security-settings"]';
const EMPTY_API = Object.freeze({ destroy: () => {} });
const resolveRoot = (root) => {
const host = resolveHost(root);
if (host instanceof HTMLElement && host.matches(SELECTOR)) {
return host;
}
return host.querySelector(SELECTOR);
};
export function initSecuritySettings(root = document) {
const form = resolveRoot(root);
if (!form) {
return EMPTY_API;
}
const section = form.closest('section') || document;
const listenerController = new AbortController();
const modeSelect = form.querySelector('[data-security-auth-mode]');
const authSections = Array.from(form.querySelectorAll('[data-security-auth-section]'));
const applyMode = () => {
const mode = modeSelect ? modeSelect.value : 'basic';
authSections.forEach((el) => {
el.toggleAttribute('hidden', el.dataset.securityAuthSection !== mode);
});
};
if (modeSelect) {
modeSelect.addEventListener('change', applyMode, { signal: listenerController.signal });
applyMode();
}
const testButton = section.querySelector('[data-security-test-connection]');
const result = section.querySelector('[data-security-test-result]');
if (testButton) {
testButton.addEventListener('click', async () => {
const url = testButton.dataset.url || '';
if (url === '') {
return;
}
testButton.setAttribute('aria-busy', 'true');
testButton.disabled = true;
if (result) {
result.textContent = testButton.dataset.textTesting || 'Testing...';
result.dataset.variant = '';
}
try {
const data = await getJson(url);
if (result) {
const ok = data && data.ok === true;
result.textContent = ok
? (testButton.dataset.textOk || 'Connection successful')
: `${testButton.dataset.textFail || 'Connection failed'}: ${(data && data.error) || ''}`;
result.dataset.variant = ok ? 'success' : 'error';
}
} catch {
if (result) {
result.textContent = testButton.dataset.textFail || 'Connection failed';
result.dataset.variant = 'error';
}
} finally {
testButton.removeAttribute('aria-busy');
testButton.disabled = false;
}
}, { signal: listenerController.signal });
}
return {
destroy: () => listenerController.abort(),
};
}

View File

@@ -0,0 +1,187 @@
/**
* Security check template schema editor.
*
* Edits the per-product technical checklist as an ordered list of items:
* - section: a grouping heading (label only)
* - check: a tracked checkpoint (label + optional hint + optional Markdown guidance)
*
* Serializes the items to the hidden #security-schema-json input on every change
* and on form submit. Item keys are (re)generated server-side on save.
*/
import { resolveHost } from '/js/core/app-dom.js';
import { escapeHtml } from '/js/pages/app-list-utils.js';
const SELECTOR = '#security-schema-editor[data-app-component="security-template-schema-editor"]';
const EMPTY_API = Object.freeze({ destroy: () => {} });
const resolveEditor = (root) => {
const host = resolveHost(root);
if (host instanceof HTMLElement && host.matches(SELECTOR)) {
return host;
}
return host.querySelector(SELECTOR);
};
export function initSecurityTemplateSchemaEditor(root = document) {
const editor = resolveEditor(root);
if (!editor) {
return EMPTY_API;
}
const form = editor.closest('form');
const hidden = form?.querySelector('#security-schema-json');
if (!form || !hidden) {
return EMPTY_API;
}
const labels = {
section: editor.dataset.labelSection || 'Section',
check: editor.dataset.labelCheck || 'Check item',
addSection: editor.dataset.labelAddSection || 'Add section',
addCheck: editor.dataset.labelAddCheck || 'Add check item',
remove: editor.dataset.labelRemove || 'Remove',
moveUp: editor.dataset.labelMoveUp || 'Move up',
moveDown: editor.dataset.labelMoveDown || 'Move down',
phSection: editor.dataset.placeholderSection || 'Section title',
phCheck: editor.dataset.placeholderCheck || 'Check item label',
phHint: editor.dataset.placeholderHint || 'Hint (optional)',
phMarkdown: editor.dataset.placeholderMarkdown || 'Markdown (optional)',
empty: editor.dataset.emptyText || 'No checklist items yet.',
};
const listenerController = new AbortController();
/** @type {{type:string,label:string,hint:string,markdown:string}[]} */
let items = [];
try {
const initial = JSON.parse(document.getElementById('security-schema-initial')?.textContent || '[]');
if (Array.isArray(initial)) {
items = initial.map((it) => ({
type: it && it.type === 'section' ? 'section' : 'check',
label: String((it && it.label) || ''),
hint: String((it && it.hint) || ''),
markdown: String((it && it.markdown) || ''),
}));
}
} catch {
items = [];
}
const serialize = () => {
hidden.value = JSON.stringify(items.map((it) => (
it.type === 'section'
? { type: 'section', label: it.label }
: { type: 'check', label: it.label, hint: it.hint, markdown: it.markdown }
)));
};
const render = () => {
const list = document.createElement('div');
list.className = 'security-schema-items';
if (items.length === 0) {
const empty = document.createElement('p');
empty.className = 'app-muted';
empty.textContent = labels.empty;
list.appendChild(empty);
}
items.forEach((item, index) => {
const row = document.createElement('div');
row.className = `security-schema-item security-schema-item-${item.type}`;
row.dataset.index = String(index);
const topRow = document.createElement('div');
topRow.className = 'security-schema-item-row';
const labelInput = document.createElement('input');
labelInput.type = 'text';
labelInput.className = 'security-schema-label';
labelInput.value = item.label;
labelInput.placeholder = item.type === 'section' ? labels.phSection : labels.phCheck;
labelInput.addEventListener('input', () => { items[index].label = labelInput.value; serialize(); }, { signal: listenerController.signal });
const typeBadge = document.createElement('span');
typeBadge.className = 'security-schema-type badge';
typeBadge.dataset.variant = item.type === 'section' ? 'neutral' : 'info';
typeBadge.textContent = item.type === 'section' ? labels.section : labels.check;
topRow.appendChild(typeBadge);
topRow.appendChild(labelInput);
if (item.type === 'check') {
const hintInput = document.createElement('input');
hintInput.type = 'text';
hintInput.className = 'security-schema-hint';
hintInput.value = item.hint;
hintInput.placeholder = labels.phHint;
hintInput.addEventListener('input', () => { items[index].hint = hintInput.value; serialize(); }, { signal: listenerController.signal });
topRow.appendChild(hintInput);
}
const controls = document.createElement('div');
controls.className = 'security-schema-controls';
controls.innerHTML = `
<button type="button" class="app-icon-button" data-action="up" data-tooltip="${escapeHtml(labels.moveUp)}" aria-label="${escapeHtml(labels.moveUp)}"><i class="bi bi-arrow-up"></i></button>
<button type="button" class="app-icon-button" data-action="down" data-tooltip="${escapeHtml(labels.moveDown)}" aria-label="${escapeHtml(labels.moveDown)}"><i class="bi bi-arrow-down"></i></button>
<button type="button" class="app-icon-button" data-action="remove" data-tooltip="${escapeHtml(labels.remove)}" aria-label="${escapeHtml(labels.remove)}"><i class="bi bi-x-lg"></i></button>
`;
controls.querySelectorAll('button[data-action]').forEach((btn) => {
btn.addEventListener('click', () => {
const action = btn.dataset.action;
if (action === 'remove') {
items.splice(index, 1);
} else if (action === 'up' && index > 0) {
[items[index - 1], items[index]] = [items[index], items[index - 1]];
} else if (action === 'down' && index < items.length - 1) {
[items[index + 1], items[index]] = [items[index], items[index + 1]];
} else {
return;
}
serialize();
render();
}, { signal: listenerController.signal });
});
topRow.appendChild(controls);
row.appendChild(topRow);
if (item.type === 'check') {
const markdownInput = document.createElement('textarea');
markdownInput.className = 'security-schema-markdown';
markdownInput.rows = 2;
markdownInput.value = item.markdown;
markdownInput.placeholder = labels.phMarkdown;
markdownInput.addEventListener('input', () => { items[index].markdown = markdownInput.value; serialize(); }, { signal: listenerController.signal });
row.appendChild(markdownInput);
}
list.appendChild(row);
});
const toolbar = document.createElement('div');
toolbar.className = 'security-schema-toolbar';
const addSection = document.createElement('button');
addSection.type = 'button';
addSection.className = 'secondary outline small';
addSection.innerHTML = `<i class="bi bi-type-h3"></i> ${escapeHtml(labels.addSection)}`;
addSection.addEventListener('click', () => { items.push({ type: 'section', label: '', hint: '', markdown: '' }); serialize(); render(); }, { signal: listenerController.signal });
const addCheck = document.createElement('button');
addCheck.type = 'button';
addCheck.className = 'secondary outline small';
addCheck.innerHTML = `<i class="bi bi-check2-square"></i> ${escapeHtml(labels.addCheck)}`;
addCheck.addEventListener('click', () => { items.push({ type: 'check', label: '', hint: '', markdown: '' }); serialize(); render(); }, { signal: listenerController.signal });
toolbar.appendChild(addCheck);
toolbar.appendChild(addSection);
editor.replaceChildren(list, toolbar);
};
form.addEventListener('submit', serialize, { signal: listenerController.signal });
serialize();
render();
return {
destroy: () => listenerController.abort(),
};
}