jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5ffedad02f49b4e9c2abbebe354619734cf166b0
cve-dashboard/.kiro/specs/admin-page-overhaul/requirements.md

9.3 KiB
Raw Blame History

Requirements Document

Introduction

The STEAM Security Dashboard currently has an Admin page (currentPage === 'admin') that renders the UserManagement modal component inline — the same modal triggered from the top-right UserMenu. The page does not follow the dashboard's dark "tactical intelligence" theme and provides no audit log viewing or other administrative capabilities. This feature overhauls the admin page into a dedicated, full-page admin panel that matches the design system and consolidates user management, audit log viewing, and system administration into a single cohesive interface accessible only to Admin-group users.

Glossary

  • Admin_Page: The full-page admin panel rendered when currentPage === 'admin', replacing the current inline modal rendering
  • Dashboard: The STEAM Security Dashboard application
  • Design_System: The color palette, typography, component specs, and interaction patterns defined in DESIGN_SYSTEM.md and App.css
  • Audit_Log_Panel: The section of the Admin_Page that displays paginated, filterable audit log entries
  • User_Management_Panel: The section of the Admin_Page that displays the user list and provides create, edit, delete, and activate/deactivate operations
  • Admin_User: A user whose user_group is Admin
  • Tab_Navigation: The in-page navigation component that switches between Admin_Page sections (User Management, Audit Log, System Info)
  • System_Info_Panel: The section of the Admin_Page that displays system metadata such as active user count, recent login activity, and database statistics

Requirements

Requirement 1: Admin Page Layout and Theme Compliance

User Story: As an admin, I want the admin page to follow the same dark tactical intelligence theme as the rest of the dashboard, so that the experience is visually consistent.

Acceptance Criteria

  1. THE Admin_Page SHALL use the Design_System color palette — --intel-darkest for the page background, --intel-dark and --intel-medium for card backgrounds, and --intel-accent for interactive elements
  2. THE Admin_Page SHALL render as a full-page view within the main content area, matching the layout pattern used by other page components (CompliancePage, ExportsPage, KnowledgeBasePage)
  3. THE Admin_Page SHALL display a page header with the title "Admin Panel" styled in monospace uppercase with the accent text glow defined in the Design_System
  4. THE Admin_Page SHALL use intel-card styled containers for each content section, with the standard gradient backgrounds, border glow, and shadow depth defined in the Design_System
  5. THE Admin_Page SHALL use intel-button styled controls for all interactive buttons, with primary, danger, and success variants as appropriate
  6. THE Admin_Page SHALL use intel-input styled form fields for all text inputs, selects, and date pickers

Requirement 2: Tab-Based Section Navigation

User Story: As an admin, I want to navigate between admin sections using tabs, so that I can quickly switch between user management, audit logs, and system information without leaving the page.

Acceptance Criteria

  1. THE Admin_Page SHALL display a Tab_Navigation component with tabs for "User Management", "Audit Log", and "System Info"
  2. WHEN an Admin_User clicks a tab, THE Tab_Navigation SHALL switch the visible content section to the selected tab and visually indicate the active tab using the --intel-accent color
  3. THE Admin_Page SHALL default to the "User Management" tab when first loaded
  4. THE Tab_Navigation SHALL use monospace uppercase text with letter spacing consistent with the Design_System label typography

Requirement 3: Themed User Management Panel

User Story: As an admin, I want to manage users directly within the themed admin page instead of a white modal overlay, so that user management feels integrated into the dashboard.

Acceptance Criteria

  1. THE User_Management_Panel SHALL display a table of all users with columns for username, email, group, active status, and last login
  2. THE User_Management_Panel SHALL style the user table with dark theme rows using data-row hover effects and --text-primary / --text-secondary text colors from the Design_System
  3. THE User_Management_Panel SHALL display group badges using severity-style badge coloring — Admin in danger color, Standard_User in accent color, Leadership in warning color, Read_Only in muted color
  4. WHEN an Admin_User clicks "Add User", THE User_Management_Panel SHALL display an inline form styled with intel-input fields and intel-button controls
  5. WHEN an Admin_User clicks the edit action on a user row, THE User_Management_Panel SHALL populate the inline form with that user's current data for editing
  6. WHEN an Admin_User clicks the delete action on a user row, THE User_Management_Panel SHALL display a confirmation prompt before sending the delete request
  7. WHEN an Admin_User toggles a user's active status, THE User_Management_Panel SHALL send a PATCH request and update the displayed status without a full page reload
  8. THE User_Management_Panel SHALL prevent an Admin_User from changing their own group or deactivating their own account
  9. IF a user management API request fails, THEN THE User_Management_Panel SHALL display an error message styled with the --intel-danger color

Requirement 4: Themed Audit Log Panel

User Story: As an admin, I want to view audit logs in a themed, filterable table within the admin page, so that I can monitor system activity without opening a separate modal.

Acceptance Criteria

  1. THE Audit_Log_Panel SHALL fetch and display paginated audit log entries from the /api/audit-logs endpoint
  2. THE Audit_Log_Panel SHALL display columns for timestamp, username, action, entity type, entity ID, details, and IP address
  3. THE Audit_Log_Panel SHALL style the log table with dark theme rows, monospace font for timestamps and IP addresses, and data-row hover effects
  4. THE Audit_Log_Panel SHALL display action type badges using color-coded status-badge styling — login actions in success color, delete actions in danger color, create actions in accent color, update actions in warning color
  5. THE Audit_Log_Panel SHALL provide filter controls for username (text search), action type (dropdown populated from /api/audit-logs/actions), entity type (dropdown), start date, and end date
  6. THE Audit_Log_Panel SHALL style all filter controls using intel-input and intel-button components from the Design_System
  7. WHEN an Admin_User applies filters, THE Audit_Log_Panel SHALL re-fetch audit logs from page 1 with the selected filter parameters
  8. WHEN an Admin_User clicks a pagination control, THE Audit_Log_Panel SHALL fetch the requested page and display a page indicator showing current page, total pages, and total entry count
  9. THE Audit_Log_Panel SHALL display a "No audit log entries found" message styled with --text-muted color when the query returns zero results
  10. IF the audit log API request fails, THEN THE Audit_Log_Panel SHALL display an error message styled with the --intel-danger color

Requirement 5: System Info Panel

User Story: As an admin, I want to see a summary of system health and usage statistics, so that I can quickly assess the state of the dashboard.

Acceptance Criteria

  1. THE System_Info_Panel SHALL display stat cards showing: total user count, active user count, total audit log entries, and count of users who logged in within the last 7 days
  2. THE System_Info_Panel SHALL style each stat card using the stat-card pattern from the Design_System with the accent-colored top bar and hover lift effect
  3. THE System_Info_Panel SHALL display a "Recent Activity" section showing the 10 most recent audit log entries in a compact list format
  4. WHEN the System_Info_Panel loads, THE System_Info_Panel SHALL fetch statistics from the existing /api/users and /api/audit-logs endpoints
  5. IF any statistics API request fails, THEN THE System_Info_Panel SHALL display a fallback "Unable to load" message in the affected stat card

Requirement 6: Access Control

User Story: As a non-admin user, I want to be prevented from accessing the admin page, so that sensitive administrative functions are protected.

Acceptance Criteria

  1. THE Dashboard SHALL render the Admin_Page content only when the authenticated user belongs to the Admin group
  2. WHEN a non-admin user navigates to the admin page, THE Dashboard SHALL redirect the user to the home page
  3. THE NavDrawer SHALL continue to display the "Admin Panel" navigation item only for Admin-group users
  4. THE UserMenu SHALL continue to provide "Manage Users" and "Audit Log" quick-access links for Admin-group users, opening the respective modals as before

Requirement 7: Loading and Error States

User Story: As an admin, I want to see clear loading indicators and error messages, so that I know when data is being fetched and when something goes wrong.

Acceptance Criteria

  1. WHILE data is being fetched for any Admin_Page section, THE Admin_Page SHALL display a loading spinner styled with the loading-spinner class and --intel-accent color
  2. IF an API request returns an error, THEN THE Admin_Page SHALL display the error message in a container styled with --intel-danger border and text color
  3. WHEN an Admin_User performs a successful create, update, or delete operation, THE Admin_Page SHALL display a brief success notification styled with --intel-success color
Reference in New Issue View Git Blame Copy Permalink