@cfxlabsinc/b2b-services
    Preparing search index...

    Class AdminDashboardUserService

    Identity + status management for the admin dashboard's user population.

    Sourced from the Cloudflare Access JWT — every request upserts into admin.dashboard_user keyed on cf_access_sub. Roles are looked up server-side at request time (see AdminDashboardRoleService).

    Index

    Constructors

    constructor

    Properties

    db ownerEmails

    Methods

    search update upsert

    Constructors

    Properties

    db: B2bDatabase
    ownerEmails: ReadonlySet<string>

    Lower-cased bootstrap allowlist — emails granted the owner role on first sight. Pulumi-managed via ADMIN_DASHBOARD_OWNER_EMAILS. Empty by default; check happens on INSERT only — existing users are never re-granted via this mechanism.

    Methods

    • Parameters

      • input: {
            cfAccessSubs?: string[];
            ids?: string[];
            page?: number;
            pageSize?: number;
            query?: string;
            roleIds?: string[];
            statuses?: ("ACTIVE" | "DISABLED")[];
        }
        • OptionalcfAccessSubs?: string[]

          Cloudflare Access JWT sub claim values; the identity key for the user row.

        • Optionalids?: string[]

          External ids (adusr_…) of users to filter by.

        • Optionalpage?: number
        • OptionalpageSize?: number
        • Optionalquery?: string
        • OptionalroleIds?: string[]

          External ids of roles to filter by; matches users whose roleId is in this set.

        • Optionalstatuses?: ("ACTIVE" | "DISABLED")[]

      Returns Promise<
          {
              ok: true;
              value: { hasNext: boolean; items: AdminDashboardUser[]; total: number };
          },
      >

    • Insert-on-first-sight / refresh-on-every-request from the verified Cloudflare Access JWT claims. Returns DISABLED if the row exists but has been deactivated; the dashboard auth wrapper redirects to /forbidden on that error.

      Idempotent: status is never flipped DISABLED → ACTIVE by this method.

      Parameters

      • input: {
            email: string;
            firstName?: string;
            hostedDomain?: string;
            lastName?: string;
            sub: string;
        }

      Returns Promise<
          | { ok: true; value: AdminDashboardUser }
          | { error: ServiceError; ok: false },
      >

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods