Client board view: read-only project board proxy via pal-e-docs API #17

New issue

Open

opened 2026-05-10 15:56:35 +00:00 by ldraney · 0 comments

ldraney commented 2026-05-10 15:56:35 +00:00

Owner

Copy link

Type

Feature

Lineage

Follow-up from spike ldraney/pal-enterprises#13. Architecture decision: arch-multi-tenant

Repo

ldraney/pal-enterprises

User Story

As a client
I want to see my project board with current status and progress
So that I have transparency into what is being worked on without needing to ask

Context

Spike #13 concluded that pal-enterprises should proxy board data from pal-e-docs (Option B). pal-e-docs stays internal; pal-enterprises fetches board items server-side and renders a read-only view scoped to the client's project.

Depends on Keycloak project_slug user attribute + protocol mapper being configured first.

File Targets

Files the agent should create or modify:

• app/controllers/client_board_controller.rb — new controller, reads project_slug from OIDC claims, fetches board items from pal-e-docs API
• app/views/client_board/show.html.erb — read-only board view (columns, cards, status)
• config/routes.rb — add GET route for client board
• app/services/pal_e_docs_client.rb — service object for pal-e-docs API calls (board endpoints)

Files the agent should NOT touch:

• pal-e-docs codebase — no changes needed there
• Auth/session logic — reuse existing Keycloak OIDC flow

Acceptance Criteria

• Authenticated client user sees only their project board
• Board displays columns (todo, in_progress, done at minimum) with item cards
• No write actions available — no buttons, no forms, no mutation endpoints
• Unauthenticated users redirected to login
• User without project_slug claim sees a helpful error, not a crash

Test Expectations

• GET /board returns 200 for authenticated user with valid project_slug
• GET /board returns 302 (redirect to login) for unauthenticated user
• Board items match what pal-e-docs API returns for that project
• No POST/PUT/DELETE routes exist for client board

Constraints

• Requires Keycloak project_slug user attribute and protocol mapper (separate ticket or pre-work)
• pal-e-docs API base URL should come from env var (PAL_E_DOCS_URL)
• Use existing CSS design system — no new CSS framework
• Server-side rendering only — no client-side JS calling pal-e-docs

Checklist

• PR opened
• Tests pass
• No unrelated changes

Related

• ldraney/pal-enterprises#13 — spike (parent)
• arch-multi-tenant — architecture decision note
• ldraney/pal-enterprises#9 — owner dashboard (Lucas sees all clients)
• ldraney/pal-enterprises#12 — pal-enterprises-docs repo

### Type Feature ### Lineage Follow-up from spike ldraney/pal-enterprises#13. Architecture decision: [arch-multi-tenant](https://pal-e-docs.tail5b443a.ts.net/note/arch-multi-tenant) ### Repo `ldraney/pal-enterprises` ### User Story As a client I want to see my project board with current status and progress So that I have transparency into what is being worked on without needing to ask ### Context Spike #13 concluded that pal-enterprises should proxy board data from pal-e-docs (Option B). pal-e-docs stays internal; pal-enterprises fetches board items server-side and renders a read-only view scoped to the client's project. Depends on Keycloak `project_slug` user attribute + protocol mapper being configured first. ### File Targets Files the agent should create or modify: - `app/controllers/client_board_controller.rb` — new controller, reads `project_slug` from OIDC claims, fetches board items from pal-e-docs API - `app/views/client_board/show.html.erb` — read-only board view (columns, cards, status) - `config/routes.rb` — add GET route for client board - `app/services/pal_e_docs_client.rb` — service object for pal-e-docs API calls (board endpoints) Files the agent should NOT touch: - pal-e-docs codebase — no changes needed there - Auth/session logic — reuse existing Keycloak OIDC flow ### Acceptance Criteria - [ ] Authenticated client user sees only their project board - [ ] Board displays columns (todo, in_progress, done at minimum) with item cards - [ ] No write actions available — no buttons, no forms, no mutation endpoints - [ ] Unauthenticated users redirected to login - [ ] User without `project_slug` claim sees a helpful error, not a crash ### Test Expectations - [ ] GET /board returns 200 for authenticated user with valid project_slug - [ ] GET /board returns 302 (redirect to login) for unauthenticated user - [ ] Board items match what pal-e-docs API returns for that project - [ ] No POST/PUT/DELETE routes exist for client board ### Constraints - Requires Keycloak `project_slug` user attribute and protocol mapper (separate ticket or pre-work) - pal-e-docs API base URL should come from env var (PAL_E_DOCS_URL) - Use existing CSS design system — no new CSS framework - Server-side rendering only — no client-side JS calling pal-e-docs ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - ldraney/pal-enterprises#13 — spike (parent) - arch-multi-tenant — architecture decision note - ldraney/pal-enterprises#9 — owner dashboard (Lucas sees all clients) - ldraney/pal-enterprises#12 — pal-enterprises-docs repo

ldraney referenced this issue 2026-05-10 15:57:43 +00:00

Client-scoped read-only access to pal-e-docs project boards #13

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

522-payment-email-circuit-fee

add-kaniko-cache

fix-harbor-external-url

fix-kaniko-insecure-pull

fix-pipeline-image-pull

19-woodpecker-ci-pipeline

fix-dockerfile-build-tag

18-dockerfile-arch-migration

7-add-woodpecker-pipeline

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ldraney/pal-enterprises#17

No description provided.