Implement Sales Role and Dashboard Enhancements

- Added a new role check for sales users, allowing access to specific endpoints and functionalities.
- Updated the sales dashboard to include a comprehensive view of team performance, products, and financial metrics.
- Enhanced user redirection based on role during login and navigation, improving user experience.
- Introduced dynamic filtering options for the sales dashboard, enabling users to manage team data effectively.
- Added tests to validate access control for sales users and ensure proper functionality of the sales dashboard.

Author: PhiRho

app/api/teams.py

@@ -7,7 +7,7 @@
 
 from app.db.database import get_db
 from app.db.models import DBTeam, DBTeamProduct, DBUser, DBPrivateAIKey, DBRegion, DBProduct
-from app.core.security import check_system_admin, check_specific_team_admin, get_current_user_from_auth
+from app.core.security import check_system_admin, check_specific_team_admin, get_current_user_from_auth, check_sales_or_higher
 from app.schemas.models import (
     Team, TeamCreate, TeamUpdate,
     TeamWithUsers, TeamMergeRequest, TeamMergeResponse
@@ -231,14 +231,14 @@ async def extend_team_trial(
 
     return {"message": "Team trial extended successfully"}
 
-@router.get("/sales/list-teams", response_model=SalesTeamsResponse, dependencies=[Depends(check_system_admin)])
+@router.get("/sales/list-teams", response_model=SalesTeamsResponse, dependencies=[Depends(check_sales_or_higher)])
 async def list_teams_for_sales(
     db: Session = Depends(get_db)
 ):
     """
     Get consolidated team information for sales dashboard.
     Returns all teams with their products, regions, spend data, and trial status.
-    Only accessible by system admin users.
+    Accessible by system admin and sales users.
     """
     try:
         # Pre-fetch all regions once to avoid repeated queries

app/core/security.py

@@ -190,3 +190,8 @@ async def get_private_ai_access(current_user: DBUser = Depends(get_current_user_
     from app.core.rbac import require_private_ai_access
     dependency = require_private_ai_access()
     return dependency.check_access(current_user)
+
+async def check_sales_or_higher(current_user: DBUser = Depends(get_current_user_from_auth)):
+    """Check if the current user is a sales user or system admin."""
+    dependency = require_sales_or_higher()
+    return dependency.check_access(current_user)

frontend/src/app/admin/users/page.tsx

@@ -81,6 +81,7 @@ const USER_ROLES = [
   { value: 'admin', label: 'Admin' },
   { value: 'key_creator', label: 'Key Creator' },
   { value: 'read_only', label: 'Read Only' },
+  { value: 'sales', label: 'Sales' },
 ];
 
 type SortField = 'email' | 'team_name' | 'role' | null;
@@ -406,6 +407,15 @@ export default function UsersPage() {
     void fetchUsers();
   }, [fetchUsers]);
 
+  // Update role when switching between system and team user types
+  useEffect(() => {
+    if (isSystemUser) {
+      setNewUserRole('admin'); // Default to admin for system users
+    } else {
+      setNewUserRole('read_only'); // Default to read_only for team users
+    }
+  }, [isSystemUser]);
+
   if (isLoadingUsers) {
     return (
       <div className="flex items-center justify-center min-h-[400px]">
@@ -452,6 +462,9 @@ export default function UsersPage() {
       if (newUserTeamId) {
         userData.team_id = newUserTeamId;
       }
+    } else {
+      // For system users, also set the role
+      userData.role = newUserRole;
     }
 
     createUserMutation.mutate(userData);
@@ -545,7 +558,7 @@ export default function UsersPage() {
                     </Select>
                   </div>
                   <div className="space-y-2">
-                    <label className="text-sm font-medium">Role</label>
+                    <label className="text-sm font-medium">Team Role</label>
                     <Select
                       value={newUserRole}
                       onValueChange={setNewUserRole}
@@ -554,7 +567,7 @@ export default function UsersPage() {
                         <SelectValue placeholder="Select a role" />
                       </SelectTrigger>
                       <SelectContent>
-                        {USER_ROLES.map((role) => (
+                        {USER_ROLES.filter(role => role.value !== 'sales').map((role) => (
                           <SelectItem key={role.value} value={role.value}>
                             {role.label}
                           </SelectItem>
@@ -564,6 +577,23 @@ export default function UsersPage() {
                   </div>
                 </>
               )}
+              {isSystemUser && (
+                <div className="space-y-2">
+                  <label className="text-sm font-medium">System Role</label>
+                  <Select
+                    value={newUserRole}
+                    onValueChange={setNewUserRole}
+                  >
+                    <SelectTrigger>
+                      <SelectValue placeholder="Select a system role" />
+                    </SelectTrigger>
+                    <SelectContent>
+                      <SelectItem value="admin">Admin</SelectItem>
+                      <SelectItem value="sales">Sales</SelectItem>
+                    </SelectContent>
+                  </Select>
+                </div>
+              )}
               <DialogFooter>
                 <Button
                   type="submit"

frontend/src/app/page.tsx

@@ -10,7 +10,12 @@ export default function Home() {
 
   useEffect(() => {
     if (user) {
-      router.replace('/private-ai-keys');
+      // Redirect sales users to their dashboard
+      if (user.role === 'sales') {
+        router.replace('/sales');
+      } else {
+        router.replace('/private-ai-keys');
+      }
     } else {
       router.replace('/auth/login');
     }