Redesign user management interface with improved side pane and enhanced permissions (#772)

 ### Summary & Motivation

This introduces a comprehensive redesign of the user management
interface, focusing on improved user experience and proper permission
handling. The main feature is a new user profile side pane that provides
quick access to user details while maintaining context within the user
list.

- Implement a new user profile side pane that slides in from the right
and allows viewing user details without leaving the user list page.
- Add deep linking support for individual users with a new API endpoint
to fetch user details by ID.
- Enhance permission controls by restricting tenant and user management
actions to Owner role only.
- Make the side menu resizable with user preferences saved in local
storage.
- Display tenant name in the side menu instead of the logo.
- Improve responsive behavior with proper mobile handling and dynamic
filter button collapse based on available space.
- Add comprehensive accessibility improvements including aria-labels,
keyboard navigation, and proper semantic HTML.
- Update the change user role flow to use a standard dialog pattern with
OK/Cancel buttons.
- Fix multiple UI issues including table scrolling, z-index layering,
and hover states.
- Add tooltips to icon-only buttons and improve visual feedback for
disabled actions.
- Implement proper data freshness warnings when user data differs
between views.

### Downstream projects

Add TenantName to the SharedSideMenu

```diff
+import { useUserInfo } from "@repo/infrastructure/auth/hooks";

export function SharedSideMenu({ children, ariaLabel }: Readonly<SharedSideMenuProps>) {
+  const userInfo = useUserInfo();

  return (
-    <SideMenu ariaLabel={ariaLabel}>
+    <SideMenu ariaLabel={ariaLabel} tenantName={userInfo?.tenantName}>
```

This change introduces more changes to the UI components. Please review
your application to ensure everything looks as it should.

This change introduces more changes to the AppLayout and is part of a
bigger redesign. Consider looking at these changes holistically.

### Checklist

- [x] I have added tests, or done manual regression tests
- [x] I have updated the documentation, if necessary

Author: tjementum

application/account-management/Api/Endpoints/TenantEndpoints.cs

@@ -19,7 +19,7 @@ public void MapEndpoints(IEndpointRouteBuilder routes)
         ).Produces<TenantResponse>();
 
         group.MapPut("/current", async Task<ApiResult> (UpdateCurrentTenantCommand command, IMediator mediator)
-            => await mediator.Send(command)
+            => (await mediator.Send(command)).AddRefreshAuthenticationTokens()
         );
 
         routes.MapDelete("/internal-api/account-management/tenants/{id}", async Task<ApiResult> (TenantId id, IMediator mediator)

application/account-management/Api/Endpoints/UserEndpoints.cs

@@ -18,6 +18,10 @@ public void MapEndpoints(IEndpointRouteBuilder routes)
             => await mediator.Send(query)
         ).Produces<UsersResponse>();
 
+        group.MapGet("/{id}", async Task<ApiResult<UserDetails>> (UserId id, IMediator mediator)
+            => await mediator.Send(new GetUserByIdQuery(id))
+        ).Produces<UserDetails>();
+
         group.MapGet("/summary", async Task<ApiResult<UserSummaryResponse>> (IMediator mediator)
             => await mediator.Send(new GetUserSummaryQuery())
         ).Produces<UserSummaryResponse>();

application/account-management/Core/Configuration.cs

@@ -30,6 +30,7 @@ public static IServiceCollection AddAccountManagementServices(this IServiceColle
 
         return services
             .AddSharedServices<AccountManagementDbContext>(Assembly)
-            .AddScoped<AvatarUpdater>();
+            .AddScoped<AvatarUpdater>()
+            .AddScoped<UserInfoFactory>();
     }
 }

application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs

@@ -1,11 +1,9 @@
 using JetBrains.Annotations;
-using Mapster;
 using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.AccountManagement.Integrations.Gravatar;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
@@ -22,6 +20,7 @@ public sealed record CompleteLoginCommand(string OneTimePassword) : ICommand, IR
 public sealed class CompleteLoginHandler(
     IUserRepository userRepository,
     ILoginRepository loginRepository,
+    UserInfoFactory userInfoFactory,
     AuthenticationTokenService authenticationTokenService,
     IMediator mediator,
     AvatarUpdater avatarUpdater,
@@ -75,7 +74,8 @@ public async Task<Result> Handle(CompleteLoginCommand command, CancellationToken
         login.MarkAsCompleted();
         loginRepository.Update(login);
 
-        authenticationTokenService.CreateAndSetAuthenticationTokens(user.Adapt<UserInfo>());
+        var userInfo = await userInfoFactory.CreateUserInfoAsync(user, cancellationToken);
+        authenticationTokenService.CreateAndSetAuthenticationTokens(userInfo);
 
         events.CollectEvent(new LoginCompleted(user.Id, completeEmailConfirmationResult.Value!.ConfirmationTimeInSeconds));
 

application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs

@@ -1,10 +1,9 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using JetBrains.Annotations;
-using Mapster;
 using Microsoft.AspNetCore.Http;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
+using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Domain;
@@ -17,6 +16,7 @@ public sealed record RefreshAuthenticationTokensCommand : ICommand, IRequest<Res
 
 public sealed class RefreshAuthenticationTokensHandler(
     IUserRepository userRepository,
+    UserInfoFactory userInfoFactory,
     IHttpContextAccessor httpContextAccessor,
     AuthenticationTokenService authenticationTokenService,
     ITelemetryEventsCollector events,
@@ -77,7 +77,8 @@ public async Task<Result> Handle(RefreshAuthenticationTokensCommand command, Can
 
         // TODO: Check if the refreshTokenId exists in the database and if the jwtId and refreshTokenVersion are valid
 
-        authenticationTokenService.RefreshAuthenticationTokens(user.Adapt<UserInfo>(), refreshTokenId, refreshTokenVersion, refreshTokenExpires);
+        var userInfo = await userInfoFactory.CreateUserInfoAsync(user, cancellationToken);
+        authenticationTokenService.RefreshAuthenticationTokens(userInfo, refreshTokenId, refreshTokenVersion, refreshTokenExpires);
         events.CollectEvent(new AuthenticationTokensRefreshed());
 
         return Result.Success();

application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs

@@ -1,10 +1,9 @@
 using JetBrains.Annotations;
-using Mapster;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
 using PlatformPlatform.AccountManagement.Features.Tenants.Commands;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
+using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
@@ -20,6 +19,7 @@ public sealed record CompleteSignupCommand(string OneTimePassword, string Prefer
 
 public sealed class CompleteSignupHandler(
     IUserRepository userRepository,
+    UserInfoFactory userInfoFactory,
     AuthenticationTokenService authenticationTokenService,
     IMediator mediator,
     ITelemetryEventsCollector events
@@ -42,7 +42,8 @@ public async Task<Result> Handle(CompleteSignupCommand command, CancellationToke
         if (!createTenantResult.IsSuccess) return Result.From(createTenantResult);
 
         var user = await userRepository.GetByIdAsync(createTenantResult.Value!.UserId, cancellationToken);
-        authenticationTokenService.CreateAndSetAuthenticationTokens(user!.Adapt<UserInfo>());
+        var userInfo = await userInfoFactory.CreateUserInfoAsync(user!, cancellationToken);
+        authenticationTokenService.CreateAndSetAuthenticationTokens(userInfo);
 
         events.CollectEvent(
             new SignupCompleted(createTenantResult.Value.TenantId, completeEmailConfirmationResult.Value!.ConfirmationTimeInSeconds)

application/account-management/Core/Features/Tenants/Commands/UpdateCurrentTenant.cs

@@ -1,7 +1,9 @@
 using FluentValidation;
 using JetBrains.Annotations;
 using PlatformPlatform.AccountManagement.Features.Tenants.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.SharedKernel.Cqrs;
+using PlatformPlatform.SharedKernel.ExecutionContext;
 using PlatformPlatform.SharedKernel.Telemetry;
 
 namespace PlatformPlatform.AccountManagement.Features.Tenants.Commands;
@@ -20,11 +22,19 @@ public UpdateCurrentTenantValidator()
     }
 }
 
-public sealed class UpdateTenantHandler(ITenantRepository tenantRepository, ITelemetryEventsCollector events)
-    : IRequestHandler<UpdateCurrentTenantCommand, Result>
+public sealed class UpdateTenantHandler(
+    ITenantRepository tenantRepository,
+    IExecutionContext executionContext,
+    ITelemetryEventsCollector events
+) : IRequestHandler<UpdateCurrentTenantCommand, Result>
 {
     public async Task<Result> Handle(UpdateCurrentTenantCommand command, CancellationToken cancellationToken)
     {
+        if (executionContext.UserInfo.Role != UserRole.Owner.ToString())
+        {
+            return Result.Forbidden("Only owners are allowed to update tenant information.");
+        }
+
         var tenant = await tenantRepository.GetCurrentTenantAsync(cancellationToken);
 
         tenant.Update(command.Name);

application/account-management/Core/Features/Users/Domain/UserRepository.cs

@@ -158,15 +158,28 @@ CancellationToken cancellationToken
                 ? users.OrderBy(u => u.ModifiedAt)
                 : users.OrderByDescending(u => u.ModifiedAt),
             SortableUserProperties.Name => sortOrder == SortOrder.Ascending
-                ? users.OrderBy(u => u.FirstName).ThenBy(u => u.LastName)
-                : users.OrderByDescending(u => u.FirstName).ThenByDescending(u => u.LastName),
+                ? users.OrderBy(u => u.FirstName == null ? 1 : 0)
+                    .ThenBy(u => u.FirstName)
+                    .ThenBy(u => u.LastName == null ? 1 : 0)
+                    .ThenBy(u => u.LastName)
+                    .ThenBy(u => u.Email)
+                : users.OrderBy(u => u.FirstName == null ? 0 : 1)
+                    .ThenByDescending(u => u.FirstName)
+                    .ThenBy(u => u.LastName == null ? 0 : 1)
+                    .ThenByDescending(u => u.LastName)
+                    .ThenBy(u => u.Email),
             SortableUserProperties.Email => sortOrder == SortOrder.Ascending
                 ? users.OrderBy(u => u.Email)
                 : users.OrderByDescending(u => u.Email),
             SortableUserProperties.Role => sortOrder == SortOrder.Ascending
                 ? users.OrderBy(u => u.Role)
                 : users.OrderByDescending(u => u.Role),
             _ => users
+                .OrderBy(u => u.FirstName == null ? 1 : 0)
+                .ThenBy(u => u.FirstName)
+                .ThenBy(u => u.LastName == null ? 1 : 0)
+                .ThenBy(u => u.LastName)
+                .ThenBy(u => u.Email)
         };
 
         pageSize ??= 50;

application/account-management/Core/Features/Users/Queries/GetUserById.cs

@@ -0,0 +1,26 @@
+using JetBrains.Annotations;
+using Mapster;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
+using PlatformPlatform.SharedKernel.Cqrs;
+using PlatformPlatform.SharedKernel.Domain;
+
+namespace PlatformPlatform.AccountManagement.Features.Users.Queries;
+
+[PublicAPI]
+public sealed record GetUserByIdQuery(UserId Id) : IRequest<Result<UserDetails>>;
+
+public sealed class GetUserByIdHandler(IUserRepository userRepository)
+    : IRequestHandler<GetUserByIdQuery, Result<UserDetails>>
+{
+    public async Task<Result<UserDetails>> Handle(GetUserByIdQuery query, CancellationToken cancellationToken)
+    {
+        var user = await userRepository.GetByIdAsync(query.Id, cancellationToken);
+
+        if (user is null)
+        {
+            return Result<UserDetails>.NotFound($"User with ID '{query.Id}' not found.");
+        }
+
+        return user.Adapt<UserDetails>();
+    }
+}

application/account-management/Core/Features/Users/Shared/UserInfoFactory.cs

@@ -0,0 +1,38 @@
+using PlatformPlatform.AccountManagement.Features.Tenants.Domain;
+using PlatformPlatform.AccountManagement.Features.Users.Domain;
+using PlatformPlatform.SharedKernel.Authentication;
+
+namespace PlatformPlatform.AccountManagement.Features.Users.Shared;
+
+/// <summary>
+///     Factory for creating UserInfo instances with tenant information.
+///     Centralizes the logic for creating UserInfo to follow SRP and avoid duplication.
+/// </summary>
+public sealed class UserInfoFactory(ITenantRepository tenantRepository)
+{
+    /// <summary>
+    ///     Creates a UserInfo instance from a User entity, including tenant name.
+    /// </summary>
+    /// <param name="user">The user entity</param>
+    /// <param name="cancellationToken">Cancellation token</param>
+    /// <returns>UserInfo with all required properties including tenant name</returns>
+    public async Task<UserInfo> CreateUserInfoAsync(User user, CancellationToken cancellationToken)
+    {
+        var tenant = await tenantRepository.GetByIdAsync(user.TenantId, cancellationToken);
+
+        return new UserInfo
+        {
+            IsAuthenticated = true,
+            Id = user.Id,
+            TenantId = user.TenantId,
+            Role = user.Role.ToString(),
+            Email = user.Email,
+            FirstName = user.FirstName,
+            LastName = user.LastName,
+            Title = user.Title,
+            AvatarUrl = user.Avatar.Url,
+            TenantName = tenant?.Name,
+            Locale = user.Locale
+        };
+    }
+}