Sales dashboard #125
Merged
Sales dashboard #125
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PhiRho
force-pushed
the
sales-dashboard
branch
from
d9f4430 to
0bf48cf
Compare
czue
approved these changes
Sep 5, 2025
There was a problem hiding this comment.
The other way I've seen this type of things done is by splitting permissions into roles and rights. So there is more of a logical hierarchy that says "key management requires the key management right" and then "the key management right belongs to the system admin, team admin, and key manager roles". Then when you do the permission check you instead just check if the role has the right.
Probably not worth a refactor at this stage, but it does make things more declarative and avoid having to have lots of helper functions that combine lists of roles in ways that might be more prone to errors....
| dependency = require_private_ai_access() | ||
| return dependency.check_access(current_user) | ||
|
|
||
| async def check_sales_or_higher(current_user: DBUser = Depends(get_current_user_from_auth)): |
There was a problem hiding this comment.
nit: is there a reason these method names are inconsistent? e.g. get_role_ vs get_ vs check_? might be more readable to standardize on, e.g. get/check_role_<role_name>
app/core/rbac.py
Outdated
| effective_role = self._get_effective_role(user) | ||
|
|
||
| # System users (team_id is None) cannot have team roles | ||
| if user.team_id is None and effective_role in ["admin", "key_creator", "read_only"]: |
There was a problem hiding this comment.
nit: I think these should be using the constants
app/core/rbac.py
Outdated
|
|
||
| def require_private_ai_access(): | ||
| """Require access to private AI operations - allows system users or team key creators""" | ||
| return RBACDependency([UserRole.TEAM_ADMIN, UserRole.KEY_CREATOR, UserRole.SYSTEM_ADMIN, UserRole.USER], require_team_membership=False) |
There was a problem hiding this comment.
is UserRole.USER supposed to be here? it doesn't seem to match the doc string
app/core/rbac.py
Outdated
|
|
||
| def require_key_creator_or_higher(): | ||
| """Require key creator role or higher (team context)""" | ||
| return RBACDependency([UserRole.TEAM_ADMIN, UserRole.KEY_CREATOR, UserRole.SYSTEM_ADMIN], require_team_membership=True) |
There was a problem hiding this comment.
I don't know that it would be worth it, but these might be more readable if you had something like
ADMIN_ROLES = [UserRole.TEAM_ADMIN, UserRole.SYSTEM_ADMIN]
And then here used:
return RBACDependency([UserRole.KEY_CREATOR] + ADMIN_ROLES, require_team_membership=True)
There was a problem hiding this comment.
Looks like you could even maybe use / extend the helper functions defined on UserRole for this
- Introduced a new Sales Dashboard page for monitoring team performance and revenue metrics. - Updated the Admin page to include a link to the Sales Dashboard with an associated icon. - Enhanced sidebar navigation to include the Sales Dashboard link.
- Added interfaces for PrivateAIKey and SpendInfo to manage AI keys and spending data. - Implemented data fetching for AI keys and spend information for each team using React Query. - Introduced filtering and sorting capabilities based on regions and total spend. - Updated UI to display regions and total spend for each team, enhancing visibility of financial metrics.
- Introduced a flexible filtering mechanism allowing users to add, update, and remove filters based on various criteria such as team email, name, products, trial status, and regions. - Enhanced the UI to support dynamic filter inputs and operators, improving user experience in managing team data. - Updated sorting functionality to accommodate new filter options, ensuring accurate data representation. - Refactored existing filter logic to streamline the filtering process and improve performance.
- Introduced a new field for tracking Hubspot import status in the Team interface. - Updated sorting and filtering options to include Hubspot status, enhancing data management capabilities. - Implemented local state management for Hubspot status updates, with a temporary UI for status selection until the API is built. - Enhanced the UI to display and sort teams based on their Hubspot import status, improving visibility and control over team data.
- Added a new field for tracking assigned users in the Team interface, improving team management capabilities. - Implemented local state management for assigned user updates, allowing for real-time editing and display of assigned users. - Enhanced the UI to support editing of assigned users with a dropdown for suggestions, improving user experience. - Updated sorting and filtering options to include assigned users, ensuring comprehensive data representation in the Sales Dashboard.
- Implemented a new endpoint to list teams for the sales dashboard, providing consolidated information including products, regions, spend data, and trial status. - Enhanced data fetching by pre-fetching regions and creating LiteLLM services to optimize performance. - Introduced new schemas for SalesProduct, SalesTeam, and SalesTeamsResponse to structure the response data. - Added comprehensive tests to ensure the functionality and accuracy of the new endpoint, including various scenarios for trial status and spend aggregation.
- Introduced a new RBAC system to manage user permissions and roles, enhancing security and access control across the application. - Added a new `rbac.py` module to define role dependencies and access checks for various user roles, including system admins, team admins, and key creators. - Created a `roles.py` module to define user roles and their hierarchy, ensuring clear role management and validation. - Updated existing security functions to utilize the new RBAC system for permission checks, improving code maintainability and clarity. - Refactored private AI key creation and vector database functions to enforce role-based access, ensuring only authorized users can perform these actions. - Added comprehensive tests for the new RBAC functionality to ensure correct access control behavior across different user roles.
- Added logging to the RBACDependency class to track user access control checks, improving visibility into authorization failures. - Updated the create key mutation in the frontend to include optional owner_id and team_id parameters, enhancing key creation functionality. - Adjusted payload construction for the key creation request to accommodate new parameters, ensuring proper data handling.
- Simplified the trial status calculation logic in the backend to provide clearer status messages based on product activity and payment history. - Updated the Sales Dashboard to reflect the new trial status format, ensuring accurate display of remaining days for active trials. - Removed unused fields and local state management for Hubspot status and assigned users, streamlining the codebase. - Enhanced data fetching for teams to include products and regions directly, improving performance and reducing complexity in the frontend. - Added new tests to validate trial status calculations and ensure correct behavior across various scenarios.
- Added a new role check for sales users, allowing access to specific endpoints and functionalities. - Updated the sales dashboard to include a comprehensive view of team performance, products, and financial metrics. - Enhanced user redirection based on role during login and navigation, improving user experience. - Introduced dynamic filtering options for the sales dashboard, enabling users to manage team data effectively. - Added tests to validate access control for sales users and ensure proper functionality of the sales dashboard.
- Organized imports in private_ai_keys.py and users.py for better readability. - Updated role validation logic to utilize UserRole.get_all_roles() for consistency across user role checks. - Removed unused role definitions and hierarchy from security.py, streamlining the codebase. - Enhanced role management by centralizing role-related functionality in the roles module.
- Replaced direct role checks with new role management functions across multiple API endpoints to enhance consistency and maintainability. - Updated dependencies in billing.py, pricing_tables.py, private_ai_keys.py, products.py, regions.py, teams.py, users.py to utilize get_role_min_* functions. - Streamlined role validation logic in rbac.py and roles.py for improved clarity and organization. - Removed deprecated role assignment validation methods from tests, ensuring alignment with the new role management structure.
PhiRho
force-pushed
the
sales-dashboard
branch
from
e425b21 to
c204d41
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements a bunch of changes necessary for showing a sales dashboard to specific types of systems users
UI
Backend
salesas a role