Add customizable home dashboard with per-user pinned apps

- Users can pin/unpin any available service on their home page via a Customize mode; preferences persisted via PATCH /api/users/me/preferences - Time-aware greeting renders the user's display name through React JSX (HTML-escaped by design — no dangerouslySetInnerHTML used) - Added dashboard_app_ids JSON column to users table (migration c7e8f9a0b1d2) - /settings now routes to a placeholder page Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 21:15:33 +02:00
parent 6d626ff266
commit ab15c17ffb
11 changed files with 365 additions and 8 deletions
@@ -1,7 +1,7 @@
 import uuid
 from typing import TYPE_CHECKING

-from sqlalchemy import Boolean, String
+from sqlalchemy import Boolean, JSON, String
 from sqlalchemy.orm import Mapped, mapped_column, relationship

 from app.database import Base
@@ -21,6 +21,8 @@ class User(Base):
    # Role flag — True = admin, False = regular user.
    # Never exposed in API responses; set only by direct DB or admin tooling.
    is_superuser: Mapped[bool] = mapped_column(Boolean, default=False)
+    # List of service IDs pinned to the user's home dashboard.
+    dashboard_app_ids: Mapped[list] = mapped_column(JSON, nullable=False, default=list)

    profile: Mapped["Profile"] = relationship(
        "Profile", back_populates="user", uselist=False, cascade="all, delete-orphan"
@@ -1,8 +1,10 @@
 from fastapi import APIRouter, Depends
+from sqlalchemy.ext.asyncio import AsyncSession

+from app.database import get_db
 from app.deps import get_current_user
 from app.models.user import User
-from app.schemas.user import UserOut
+from app.schemas.user import DashboardPrefsOut, DashboardPrefsUpdate, UserOut

 router = APIRouter()

@@ -10,3 +12,20 @@ router = APIRouter()
@router.get("/me", response_model=UserOut)
 async def get_me(current_user: User = Depends(get_current_user)):
    return current_user
+
+
+@router.get("/me/preferences", response_model=DashboardPrefsOut)
+async def get_preferences(current_user: User = Depends(get_current_user)):
+    return DashboardPrefsOut(app_ids=current_user.dashboard_app_ids or [])
+
+
+@router.patch("/me/preferences", response_model=DashboardPrefsOut)
+async def update_preferences(
+    body: DashboardPrefsUpdate,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    current_user.dashboard_app_ids = body.app_ids
+    await db.commit()
+    await db.refresh(current_user)
+    return DashboardPrefsOut(app_ids=current_user.dashboard_app_ids or [])
@@ -96,3 +96,24 @@ class UserAdminCreate(UserCreate):
 class Token(BaseModel):
    access_token: str
    token_type: str = "bearer"
+
+
+# ── Dashboard preferences ──────────────────────────────────────────────────────
+
+class DashboardPrefsOut(BaseModel):
+    app_ids: list[str]
+
+
+class DashboardPrefsUpdate(BaseModel):
+    app_ids: list[str] = Field(default_factory=list)
+
+    @field_validator("app_ids")
+    @classmethod
+    def validate_app_ids(cls, v: list[str]) -> list[str]:
+        if len(v) > 50:
+            raise ValueError("Cannot pin more than 50 apps")
+        for item in v:
+            # Service IDs are alphanumeric slugs or UUIDs — no HTML/script allowed.
+            if not re.match(r'^[a-zA-Z0-9_\-]{1,64}$', item):
+                raise ValueError(f"Invalid app ID: {item!r}")
+        return v