<% content_for :title, "Role Management - #{@application.name}" %>

Role Management for <%= @application.name %>

<%= link_to "← Back to Application", admin_application_path(@application), class: "text-sm text-blue-600 hover:text-blue-500" %>
<% if @application.role_mapping_enabled? %>

Role Mapping Configuration

Mode: <%= @application.role_mapping_mode.humanize %>

<% if @application.role_claim_name.present? %>

Role Claim: <%= @application.role_claim_name %>

<% end %> <% if @application.role_prefix.present? %>

Role Prefix: <%= @application.role_prefix %>

<% end %>
<% else %>

Role Mapping Disabled

Role mapping is currently disabled for this application. Enable it in the application settings to manage roles.

<% end %>

Create New Role

<%= form_with(model: [:admin, @application, ApplicationRole.new], url: create_role_admin_application_path(@application), local: true, class: "space-y-4") do |form| %>
<%= form.label :name, "Role Name", class: "block text-sm font-medium text-gray-700" %> <%= form.text_field :name, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "admin" %>
<%= form.label :display_name, "Display Name", class: "block text-sm font-medium text-gray-700" %> <%= form.text_field :display_name, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "Administrator" %>
<%= form.label :description, class: "block text-sm font-medium text-gray-700" %> <%= form.text_area :description, rows: 2, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "Description of this role's permissions" %>
<%= form.check_box :active, class: "h-4 w-4 rounded border-gray-300 text-blue-600 focus:ring-blue-500" %> <%= form.label :active, "Active", class: "ml-2 block text-sm text-gray-900" %>
<%= form.submit "Create Role", class: "rounded-md bg-blue-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-blue-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-blue-600" %>
<% end %>

Existing Roles

<% if @application_roles.any? %>
<% @application_roles.each do |role| %>
<%= role.name %>
<%= role.display_name %> <% unless role.active %> Inactive <% end %>
<% if role.description.present? %>

<%= role.description %>

<% end %>

Assigned Users:

<% role.users.each do |user| %> <%= user.email_address %> (<%= role.user_role_assignments.find_by(user: user)&.source %>) <%= link_to "×", remove_role_admin_application_path(@application, user_id: user.id, role_id: role.id), method: :post, data: { confirm: "Remove role from #{user.email_address}?" }, class: "ml-1 text-blue-600 hover:text-blue-800" %> <% end %>
<%= link_to "Assign", assign_role_admin_application_path(@application, role_id: role.id, user_id: "REPLACE_USER_ID"), method: :post, class: "text-xs bg-blue-600 px-2 py-1 rounded text-white hover:bg-blue-500", onclick: "this.href = this.href.replace('REPLACE_USER_ID', document.getElementById('assign-user-<%= role.id %>').value); if (this.href.includes('undefined')) { alert('Please select a user'); return false; }" %>
<%= link_to "Edit", "#", class: "text-xs text-gray-600 hover:text-gray-800", onclick: "document.getElementById('edit-role-<%= role.id %>').classList.toggle('hidden'); return false;" %>
<% end %>
<% else %>
No roles configured yet. Create your first role above to get started with role-based access control.
<% end %>