Search user by Role. Account Access users with access

Author: simonredfern

src/routes/(protected)/account-access/accounts/[bank_id]/[account_id]/[view_id]/+page.svelte

@@ -58,27 +58,9 @@
     return { type: "general" as const, message: usersWithAccessError };
   });
 
-  // Group users by view_id and access_source for display in Views Available
-  let usersByView = $derived.by(() => {
-    if (!usersWithAccess?.users) return new Map<string, { direct: string[]; abac: string[] }>();
-    const map = new Map<string, { direct: string[]; abac: string[] }>();
-    for (const user of usersWithAccess.users) {
-      if (!user.views) continue;
-      for (const view of user.views) {
-        if (!map.has(view.view_id)) {
-          map.set(view.view_id, { direct: [], abac: [] });
-        }
-        const entry = map.get(view.view_id)!;
-        const name = user.username || user.user_id || "Unknown";
-        if (view.access_source === "ABAC") {
-          entry.abac.push(name);
-        } else {
-          entry.direct.push(name);
-        }
-      }
-    }
-    return map;
-  });
+  // Users grouped by view_id for display in Views Available
+  let usersByView = $state(new Map<string, { direct: string[]; abac: string[] }>());
+  let viewErrors = $state(new Map<string, string>());
 
   let bankId = $derived(page.params.bank_id || "");
   let accountId = $derived(page.params.account_id || "");
@@ -134,36 +116,72 @@
     }
   }
 
-  async function fetchUsersWithAccess(bankId: string, accountId: string) {
+  async function fetchUsersWithAccess(bankId: string, accountId: string, views: any[]) {
     usersWithAccessLoading = true;
     usersWithAccessError = null;
-    try {
-      const res = await trackedFetch(
-        `/api/obp/banks/${encodeURIComponent(bankId)}/accounts/${encodeURIComponent(accountId)}/users-with-access`
-      );
-      if (!res.ok) {
-        const data = await res.json().catch(() => ({}));
-        throw new Error(data.error || "Failed to fetch users with account access");
+    usersByView = new Map();
+    viewErrors = new Map();
+
+    const settled = await Promise.allSettled(
+      views.map(async (view) => {
+        const res = await trackedFetch(
+          `/api/obp/banks/${encodeURIComponent(bankId)}/accounts/${encodeURIComponent(accountId)}/views/${encodeURIComponent(view.id)}/users-with-access`
+        );
+        if (!res.ok) {
+          const data = await res.json().catch(() => ({}));
+          throw new Error(data.error || `Failed to fetch users with access for view ${view.id}`);
+        }
+        const data = await res.json();
+        return { viewId: view.id, users: data.users || [] };
+      })
+    );
+
+    const map = new Map<string, { direct: string[]; abac: string[] }>();
+    const errors = new Map<string, string>();
+    let anySuccess = false;
+
+    for (let i = 0; i < settled.length; i++) {
+      const result = settled[i];
+      const viewId = views[i].id;
+      if (result.status === "fulfilled") {
+        anySuccess = true;
+        const entry = { direct: [] as string[], abac: [] as string[] };
+        for (const user of result.value.users) {
+          const name = user.username || user.user_id || "Unknown";
+          if (user.access_source === "ABAC") {
+            entry.abac.push(name);
+          } else {
+            entry.direct.push(name);
+          }
+        }
+        map.set(viewId, entry);
+      } else {
+        const msg = result.reason instanceof Error ? result.reason.message : String(result.reason);
+        errors.set(viewId, msg);
       }
-      usersWithAccess = await res.json();
-    } catch (err) {
-      usersWithAccessError = err instanceof Error ? err.message : "Failed to fetch users with account access";
-      usersWithAccess = null;
-    } finally {
-      usersWithAccessLoading = false;
     }
+
+    usersByView = map;
+    viewErrors = errors;
+    usersWithAccess = anySuccess ? { users: [] } : null;
+    if (errors.size > 0 && !anySuccess) {
+      usersWithAccessError = "Failed to fetch users with access for all views";
+    }
+    usersWithAccessLoading = false;
   }
 
   async function loadPage(bankId: string, accountId: string, viewId: string) {
     account = null;
     error = null;
     usersWithAccess = null;
+    usersByView = new Map();
+    viewErrors = new Map();
     await checkAccountAccess(bankId, accountId, viewId);
     if (hasAccountAccess) {
-      await Promise.all([
-        fetchAccount(bankId, accountId, viewId),
-        fetchUsersWithAccess(bankId, accountId)
-      ]);
+      await fetchAccount(bankId, accountId, viewId);
+      if (account?.views_available?.length) {
+        await fetchUsersWithAccess(bankId, accountId, account.views_available);
+      }
     }
   }
 
@@ -431,35 +449,42 @@
               </div>
               {#each account.views_available as view}
                 {@const viewUsers = usersByView.get(view.id)}
+                {@const viewError = viewErrors.get(view.id)}
                 <div class="views-table-row">
                   <div class="views-col-name">
                     <a href="/account-access/accounts/{encodeURIComponent(bankId)}/{encodeURIComponent(accountId)}/{encodeURIComponent(view.id)}/transactions" class="view-name-link">{toTitleCase(view.id)}</a>
                     {#if view.is_public}
                       <span class="view-badge public">PUBLIC</span>
                     {/if}
                   </div>
-                  <div class="views-col-users">
-                    {#if usersWithAccessLoading}
-                      <Loader2 size={14} class="spinner-icon" />
-                    {:else if viewUsers?.direct?.length}
-                      {#each viewUsers.direct as username}
-                        <span class="user-chip direct">{username}</span>
-                      {/each}
-                    {:else if !usersWithAccessError}
-                      <span class="no-users">—</span>
-                    {/if}
-                  </div>
-                  <div class="views-col-users">
-                    {#if usersWithAccessLoading}
-                      <Loader2 size={14} class="spinner-icon" />
-                    {:else if viewUsers?.abac?.length}
-                      {#each viewUsers.abac as username}
-                        <span class="user-chip abac">{username}</span>
-                      {/each}
-                    {:else if !usersWithAccessError}
-                      <span class="no-users">—</span>
-                    {/if}
-                  </div>
+                  {#if viewError}
+                    <div class="views-col-users view-error" style="grid-column: span 2;">
+                      {viewError}
+                    </div>
+                  {:else}
+                    <div class="views-col-users">
+                      {#if usersWithAccessLoading}
+                        <Loader2 size={14} class="spinner-icon" />
+                      {:else if viewUsers?.direct?.length}
+                        {#each viewUsers.direct as username}
+                          <span class="user-chip direct">{username}</span>
+                        {/each}
+                      {:else}
+                        <span class="no-users">—</span>
+                      {/if}
+                    </div>
+                    <div class="views-col-users">
+                      {#if usersWithAccessLoading}
+                        <Loader2 size={14} class="spinner-icon" />
+                      {:else if viewUsers?.abac?.length}
+                        {#each viewUsers.abac as username}
+                          <span class="user-chip abac">{username}</span>
+                        {/each}
+                      {:else}
+                        <span class="no-users">—</span>
+                      {/if}
+                    </div>
+                  {/if}
                 </div>
               {/each}
             </div>
@@ -1183,6 +1208,16 @@
     color: rgb(var(--color-warning-300));
   }
 
+  .view-error {
+    font-size: 0.75rem;
+    color: #dc2626;
+    padding: 0.5rem 0.75rem;
+  }
+
+  :global([data-mode="dark"]) .view-error {
+    color: rgb(var(--color-error-400));
+  }
+
   .no-users {
     color: #d1d5db;
     font-size: 0.875rem;

src/routes/(protected)/users/+page.server.ts

@@ -44,10 +44,14 @@ export const load: PageServerLoad = async ({ locals, url }) => {
     // Fetch users from OBP API - get recent users with pagination
     logger.info("=== USERS API CALL ===");
     const role = url.searchParams.get("role_name");
+    const bankId = url.searchParams.get("bank_id");
     let endpoint = `/obp/v6.0.0/users?limit=100`;
     if (role) {
       endpoint += `&role_name=${encodeURIComponent(role)}`;
     }
+    if (bankId) {
+      endpoint += `&bank_id=${encodeURIComponent(bankId)}`;
+    }
     logger.info(`Request: ${endpoint}`);
 
     const response = await obp_requests.get(endpoint, accessToken);

src/routes/(protected)/users/+page.svelte

@@ -7,9 +7,11 @@
   let { data } = $props<{ data: PageData }>();
 
   let roleFilter = $state(page.url.searchParams.get("role_name") || "");
+  let bankIdFilter = $state(page.url.searchParams.get("bank_id") || "");
   let roles = $state<string[]>([]);
+  let banks = $state<string[]>([]);
 
-  // Fetch roles on mount
+  // Fetch roles and banks on mount
   $effect(() => {
     async function fetchRoles() {
       try {
@@ -22,7 +24,19 @@
         console.error("Error fetching roles:", err);
       }
     }
+    async function fetchBanks() {
+      try {
+        const response = await fetch("/api/banks");
+        const result = await response.json();
+        if (result.banks) {
+          banks = result.banks.map((b: any) => b.id).sort();
+        }
+      } catch (err) {
+        console.error("Error fetching banks:", err);
+      }
+    }
     fetchRoles();
+    fetchBanks();
   });
 
   let users = $derived(data.users || []);
@@ -245,6 +259,9 @@
           if (roleFilter.trim()) {
             params.set("role_name", roleFilter.trim());
           }
+          if (bankIdFilter.trim()) {
+            params.set("bank_id", bankIdFilter.trim());
+          }
           const qs = params.toString();
           goto(qs ? `?${qs}` : "/users", { invalidateAll: true });
         }}
@@ -265,13 +282,28 @@
             {/each}
           </select>
         </div>
+        <div style="flex: 0 0 300px;">
+          <label for="bank-id-input" class="block text-sm font-medium mb-2"
+            >Bank ID</label
+          >
+          <select
+            id="bank-id-input"
+            bind:value={bankIdFilter}
+            class="form-input w-full"
+          >
+            <option value="">All banks</option>
+            {#each banks as bank}
+              <option value={bank}>{bank}</option>
+            {/each}
+          </select>
+        </div>
         <button
           type="submit"
           class="btn btn-primary"
         >
-          Filter by Role
+          Filter
         </button>
-        {#if page.url.searchParams.has("role_name")}
+        {#if page.url.searchParams.has("role_name") || page.url.searchParams.has("bank_id")}
           <a href="/users" class="btn btn-secondary">Clear</a>
         {/if}
       </form>
@@ -334,8 +366,8 @@
   <!-- Users List Panel -->
   <div class="panel">
     <div class="panel-header">
-      <h2 class="panel-title">{page.url.searchParams.has("role_name") ? `Users with Role: ${page.url.searchParams.get("role_name")}` : "Recent Users"}</h2>
-      <div class="panel-subtitle">{page.url.searchParams.has("role_name") ? `Filtered by role` : "Most recently created users"} (up to 100)</div>
+      <h2 class="panel-title">{page.url.searchParams.has("role_name") || page.url.searchParams.has("bank_id") ? `Users${page.url.searchParams.has("role_name") ? ` with Role: ${page.url.searchParams.get("role_name")}` : ""}${page.url.searchParams.has("bank_id") ? ` at Bank: ${page.url.searchParams.get("bank_id")}` : ""}` : "Recent Users"}</h2>
+      <div class="panel-subtitle">{page.url.searchParams.has("role_name") || page.url.searchParams.has("bank_id") ? "Filtered results" : "Most recently created users"} (up to 100)</div>
     </div>
     <div class="panel-content">
       {#if users && users.length > 0}

src/routes/api/obp/banks/[bank_id]/accounts/[account_id]/views/[view_id]/users-with-access/+server.ts

@@ -0,0 +1,52 @@
+import { json } from "@sveltejs/kit";
+import type { RequestHandler } from "./$types";
+import { obp_requests } from "$lib/obp/requests";
+import { extractErrorDetails } from "$lib/obp/errors";
+import { SessionOAuthHelper } from "$lib/oauth/sessionHelper";
+import { createLogger } from "$lib/utils/logger";
+
+const logger = createLogger("UsersWithViewAccessAPI");
+
+export const GET: RequestHandler = async ({ locals, params }) => {
+  const session = locals.session;
+
+  if (!session?.data?.user) {
+    return json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const sessionOAuth = SessionOAuthHelper.getSessionOAuth(session);
+  const accessToken = sessionOAuth?.accessToken;
+
+  if (!accessToken) {
+    logger.warn("No access token available for fetching users with view access");
+    return json({ error: "No API access token available" }, { status: 401 });
+  }
+
+  const { bank_id, account_id, view_id } = params;
+
+  if (!bank_id || !account_id || !view_id) {
+    return json({ error: "Bank ID, Account ID and View ID are required" }, { status: 400 });
+  }
+
+  try {
+    logger.info(`Fetching users with access for bank: ${bank_id}, account: ${account_id}, view: ${view_id}`);
+
+    const endpoint = `/obp/v6.0.0/banks/${encodeURIComponent(bank_id)}/accounts/${encodeURIComponent(account_id)}/views/${encodeURIComponent(view_id)}/users-with-access`;
+    const response = await obp_requests.get(endpoint, accessToken);
+
+    logger.info(`Retrieved users with access for view ${view_id}`);
+
+    return json(response, { status: 200 });
+  } catch (err) {
+    logger.error(`Error fetching users with access for view ${view_id}:`, err);
+
+    const { message, obpErrorCode } = extractErrorDetails(err);
+
+    const errorResponse: any = { error: message };
+    if (obpErrorCode) {
+      errorResponse.obpErrorCode = obpErrorCode;
+    }
+
+    return json(errorResponse, { status: 500 });
+  }
+};