Rodrigo Rodriguez (Pragmatismo) 49eb6696ea Reorganize chapters and add admin/user views documentation

Chapter renames:
- chapter-09-api -> chapter-09-tools (LLM Tools)
- chapter-10-api -> chapter-10-rest (REST Endpoints)

New documentation:
- chapter-04-gbui/admin-user-views.md: Complete guide to User vs Admin interfaces
  - User Settings (/api/user/*): profile, security, notifications, storage
  - Admin Panel (/api/admin/*): users, groups, bots, DNS, audit
  - Permission levels: guest, user, manager, admin
  - Desktop sync considerations

Updated:
- Drive app docs with sync feature (rclone, desktop-only)
- All cross-references to renamed chapters
- SUMMARY.md with new structure and admin-user-views entry

2025-12-05 06:50:56 -03:00

6 KiB

Raw Blame History

Admin vs User Views

The General Bots Suite separates functionality into two distinct interfaces: the User View for personal productivity and the Admin View for organization management. This separation ensures users only see features relevant to their role while administrators have access to system-wide controls.

Overview

View	Access	Purpose
User View	All authenticated users	Personal settings, files, tasks, calendar
Admin View	Users with `admin` role	Organization management, user provisioning, DNS

User View

The User View is the default interface for all authenticated users. It provides access to personal productivity tools and settings.

Accessing User Settings

Click your avatar in the top-right corner
Select Settings

User Settings Sections

Profile

Display name and avatar
Email address
Language and timezone

Security

Change password
Two-factor authentication (2FA)
Active sessions management
Trusted devices

Appearance

Theme selection (dark, light, blue, purple, green, orange)
Accent color
Font size preferences

Notifications

Email notification preferences
Desktop alerts
Sound settings

Storage

View storage quota usage
Manage connected storage providers
Clear cache

Integrations

API keys for external access
Webhook configurations
Connected OAuth providers

Privacy

Data visibility settings
Online status preferences
Data export and account deletion

User API Endpoints

All user endpoints use the /api/user/ prefix:

Endpoint	Method	Description
`/api/user/profile`	GET, PUT	User profile data
`/api/user/password`	POST	Change password
`/api/user/security/2fa/status`	GET	2FA status
`/api/user/security/2fa/enable`	POST	Enable 2FA
`/api/user/security/sessions`	GET	Active sessions
`/api/user/notifications/preferences`	GET, PUT	Notification settings
`/api/user/storage`	GET	Storage quota
`/api/user/api-keys`	GET, POST, DELETE	API key management
`/api/user/webhooks`	GET, POST, DELETE	Webhook management
`/api/user/data/export`	POST	Request data export

Admin View

The Admin View provides organization-wide management capabilities. Access requires the admin role.

Accessing Admin Panel

Click your avatar in the top-right corner
Select Admin Panel

If you don't see "Admin Panel", you don't have administrator privileges.

Admin Panel Sections

Dashboard

Quick statistics (users, groups, bots, storage)
System health overview
Recent activity feed
Quick action buttons

Users

View all organization users
Create new users
Edit user details and roles
Disable or delete accounts
Reset user passwords

Groups

Create and manage groups
Assign users to groups
Set group permissions
Manage group invitations

Bots

View deployed bots
Bot configuration management
Usage statistics per bot

DNS

Register custom hostnames
Manage DNS records
SSL certificate status

Audit Log

View all system events
Filter by user, action, or date
Export audit reports

Organization Billing (Admin-level)

Organization subscription status
Usage across all users
Payment methods for organization
Invoice history

Admin API Endpoints

All admin endpoints use the /api/admin/ prefix and require admin role:

Endpoint	Method	Description
`/api/admin/dashboard`	GET	Dashboard statistics
`/api/admin/users`	GET, POST	List/create users
`/api/admin/users/:id`	GET, PUT, DELETE	Manage specific user
`/api/admin/groups`	GET, POST	List/create groups
`/api/admin/groups/:id`	GET, PUT, DELETE	Manage specific group
`/api/admin/bots`	GET	List organization bots
`/api/admin/dns`	GET, POST, DELETE	DNS management
`/api/admin/audit`	GET	Audit log entries
`/api/admin/stats/*`	GET	Various statistics
`/api/admin/health`	GET	System health status
`/api/admin/activity/recent`	GET	Recent activity feed

Permission Levels

The system uses role-based access control (RBAC):

Role	User View	Admin View	Description
`guest`	Limited	❌	Read-only chat access
`user`	✅	❌	Standard user features
`manager`	✅	Partial	Can view monitoring
`admin`	✅	✅	Full system access

Checking User Role

In BASIC scripts, check the user's role:

role = user.role

IF role = "admin" THEN
    TALK "Welcome, administrator!"
ELSE
    TALK "Welcome, " + user.name
END IF

Desktop App Considerations

When running the Suite as a desktop application (via Tauri), additional features become available:

Desktop-Only Features

Local file system access
Rclone-based file synchronization
System tray integration
Native notifications

Sync Feature The desktop app can sync local folders with cloud Drive using rclone:

Configure remote in Settings → Storage → Sync
Select local folder to sync
Start/stop sync from Drive sidebar

Note: Sync controls (/files/sync/start, /files/sync/stop) communicate with the local rclone process on the desktop. These features are not available in the web-only version.

Security Best Practices

For Users

Enable 2FA on your account
Review active sessions regularly
Use strong, unique passwords
Revoke unused API keys

For Administrators

Follow principle of least privilege
Review audit logs regularly
Rotate service account credentials
Monitor for unusual activity
Keep user list current (remove departed employees)

Permissions Matrix - Detailed permission definitions
User Authentication - Login and session management
REST Endpoints - Complete API reference
Suite User Manual - End-user guide

6 KiB Raw Blame History