improvement: make query timeout const

fix: update audit log endpoint and nginx timeout to handle lengthy queries
Merge pull request #3184 from Infisical/feat/add-secret-approval-review-comment
2025-08-02 08:27:38 +00:00 · 2025-03-05 16:26:56 -08:00 · 2025-03-05 16:19:07 -08:00 · 2025-03-05 12:24:59 -05:00 · 2025-03-05 10:13:27 -05:00 · 2025-03-05 20:00:45 +05:30
38 changed files with 820 additions and 199 deletions
--- a/.github/workflows/check-api-for-breaking-changes.yml
+++ b/.github/workflows/check-api-for-breaking-changes.yml
@@ -32,10 +32,10 @@ jobs:
        run: touch .env && docker compose -f docker-compose.dev.yml up -d db redis
      - name: Start the server
        run: |
-            echo "SECRET_SCANNING_GIT_APP_ID=793712" >> .env
-            echo "SECRET_SCANNING_PRIVATE_KEY=some-random" >> .env
-            echo "SECRET_SCANNING_WEBHOOK_SECRET=some-random" >> .env
-            docker run --name infisical-api -d -p 4000:4000 -e DB_CONNECTION_URI=$DB_CONNECTION_URI -e REDIS_URL=$REDIS_URL -e JWT_AUTH_SECRET=$JWT_AUTH_SECRET -e ENCRYPTION_KEY=$ENCRYPTION_KEY --env-file .env --entrypoint '/bin/sh' infisical-api -c "npm run migration:latest && ls && node dist/main.mjs"
+          echo "SECRET_SCANNING_GIT_APP_ID=793712" >> .env
+          echo "SECRET_SCANNING_PRIVATE_KEY=some-random" >> .env
+          echo "SECRET_SCANNING_WEBHOOK_SECRET=some-random" >> .env
+          docker run --name infisical-api -d -p 4000:4000 -e DB_CONNECTION_URI=$DB_CONNECTION_URI -e REDIS_URL=$REDIS_URL -e JWT_AUTH_SECRET=$JWT_AUTH_SECRET -e ENCRYPTION_KEY=$ENCRYPTION_KEY --env-file .env --entrypoint '/bin/sh' infisical-api
        env:
          REDIS_URL: redis://172.17.0.1:6379
          DB_CONNECTION_URI: postgres://infisical:infisical@172.17.0.1:5432/infisical?sslmode=disable
@@ -43,7 +43,7 @@ jobs:
          ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218
      - uses: actions/setup-go@v5
        with:
-          go-version: '1.21.5'
+          go-version: "1.21.5"
      - name: Wait for container to be stable and check logs
        run: |
          SECONDS=0
@@ -61,7 +61,7 @@ jobs:
            sleep 2
            SECONDS=$((SECONDS+2))
          done
-      
+
          if [ $HEALTHY -ne 1 ]; then
            echo "Container did not become healthy in time"
            exit 1
--- a/Dockerfile.standalone-infisical
+++ b/Dockerfile.standalone-infisical
@@ -122,6 +122,7 @@ RUN apt-get update && apt-get install -y \
    unixodbc-dev \
    libc-dev \
    freetds-dev \
+		wget \
    openssh-client \
    && rm -rf /var/lib/apt/lists/*

--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,23 +1,22 @@
 # Build stage
-FROM node:20-alpine AS build
+FROM node:20-slim AS build

 WORKDIR /app

 # Required for pkcs11js
-RUN apk --update add \
-        python3 \
-        make \
-        g++ \
-        openssh
+RUN apt-get update && apt-get install -y \
+    python3 \
+    make \
+    g++ \
+    openssh-client

-# install dependencies for TDS driver (required for SAP ASE dynamic secrets)
-RUN apk add --no-cache \
+# Install dependencies for TDS driver (required for SAP ASE dynamic secrets)
+RUN apt-get install -y \
    unixodbc \
-    freetds \
+    freetds-bin \
+    freetds-dev \
    unixodbc-dev \
-    libc-dev \
-    freetds-dev
-
+    libc-dev

 COPY package*.json ./
 RUN npm ci --only-production
@@ -26,36 +25,36 @@ COPY . .
 RUN npm run build

 # Production stage
-FROM node:20-alpine
+FROM node:20-slim
 WORKDIR /app

 ENV npm_config_cache /home/node/.npm

 COPY package*.json ./

-RUN apk --update add \
-        python3 \
-        make \
-        g++
+RUN apt-get update && apt-get install -y \
+    python3 \
+    make \
+    g++

-# install dependencies for TDS driver (required for SAP ASE dynamic secrets)
-RUN apk add --no-cache \
+# Install dependencies for TDS driver (required for SAP ASE dynamic secrets)
+RUN apt-get install -y \
    unixodbc \
-    freetds \
+    freetds-bin \
+    freetds-dev \
    unixodbc-dev \
-    libc-dev \
-    freetds-dev
+    libc-dev

-
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini
+RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini

 RUN npm ci --only-production && npm cache clean --force

 COPY --from=build /app .

-RUN apk add --no-cache bash curl && curl -1sLf \
-  'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
-  && apk add infisical=0.8.1 && apk add --no-cache git
+# Install Infisical CLI
+RUN apt-get install -y curl bash && \
+    curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash && \
+    apt-get update && apt-get install -y infisical=0.8.1 git

 HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \  
  CMD node healthcheck.js
--- a/backend/src/db/migrations/20250305080145_add-secret-review-comment.ts
+++ b/backend/src/db/migrations/20250305080145_add-secret-review-comment.ts
@@ -0,0 +1,19 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  if (!(await knex.schema.hasColumn(TableName.SecretApprovalRequestReviewer, "comment"))) {
+    await knex.schema.alterTable(TableName.SecretApprovalRequestReviewer, (t) => {
+      t.string("comment");
+    });
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  if (await knex.schema.hasColumn(TableName.SecretApprovalRequestReviewer, "comment")) {
+    await knex.schema.alterTable(TableName.SecretApprovalRequestReviewer, (t) => {
+      t.dropColumn("comment");
+    });
+  }
+}
--- a/backend/src/db/schemas/secret-approval-requests-reviewers.ts
+++ b/backend/src/db/schemas/secret-approval-requests-reviewers.ts
@@ -13,7 +13,8 @@ export const SecretApprovalRequestsReviewersSchema = z.object({
  requestId: z.string().uuid(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  reviewerUserId: z.string().uuid()
+  reviewerUserId: z.string().uuid(),
+  comment: z.string().nullable().optional()
 });

 export type TSecretApprovalRequestsReviewers = z.infer<typeof SecretApprovalRequestsReviewersSchema>;
--- a/backend/src/ee/routes/v1/secret-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/secret-approval-request-router.ts
@@ -159,7 +159,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
        id: z.string()
      }),
      body: z.object({
-        status: z.enum([ApprovalStatus.APPROVED, ApprovalStatus.REJECTED])
+        status: z.enum([ApprovalStatus.APPROVED, ApprovalStatus.REJECTED]),
+        comment: z.string().optional()
      }),
      response: {
        200: z.object({
@@ -175,8 +176,25 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        approvalId: req.params.id,
-        status: req.body.status
+        status: req.body.status,
+        comment: req.body.comment
      });
+
+      await server.services.auditLog.createAuditLog({
+        ...req.auditLogInfo,
+        orgId: req.permission.orgId,
+        projectId: review.projectId,
+        event: {
+          type: EventType.SECRET_APPROVAL_REQUEST_REVIEW,
+          metadata: {
+            secretApprovalRequestId: review.requestId,
+            reviewedBy: review.reviewerUserId,
+            status: review.status as ApprovalStatus,
+            comment: review.comment || ""
+          }
+        }
+      });
+
      return { review };
    }
  });
@@ -267,7 +285,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
              environment: z.string(),
              statusChangedByUser: approvalRequestUser.optional(),
              committerUser: approvalRequestUser,
-              reviewers: approvalRequestUser.extend({ status: z.string() }).array(),
+              reviewers: approvalRequestUser.extend({ status: z.string(), comment: z.string().optional() }).array(),
              secretPath: z.string(),
              commits: secretRawSchema
                .omit({ _id: true, environment: true, workspace: true, type: true, version: true })
--- a/backend/src/ee/services/audit-log/audit-log-types.ts
+++ b/backend/src/ee/services/audit-log/audit-log-types.ts
@@ -22,6 +22,7 @@ import {
 } from "@app/services/secret-sync/secret-sync-types";

 import { KmipPermission } from "../kmip/kmip-enum";
+import { ApprovalStatus } from "../secret-approval-request/secret-approval-request-types";

 export type TListProjectAuditLogDTO = {
  filter: {
@@ -165,6 +166,7 @@ export enum EventType {
  SECRET_APPROVAL_REQUEST = "secret-approval-request",
  SECRET_APPROVAL_CLOSED = "secret-approval-closed",
  SECRET_APPROVAL_REOPENED = "secret-approval-reopened",
+  SECRET_APPROVAL_REQUEST_REVIEW = "secret-approval-request-review",
  SIGN_SSH_KEY = "sign-ssh-key",
  ISSUE_SSH_CREDS = "issue-ssh-creds",
  CREATE_SSH_CA = "create-ssh-certificate-authority",
@@ -1314,6 +1316,16 @@ interface SecretApprovalRequest {
  };
 }

+interface SecretApprovalRequestReview {
+  type: EventType.SECRET_APPROVAL_REQUEST_REVIEW;
+  metadata: {
+    secretApprovalRequestId: string;
+    reviewedBy: string;
+    status: ApprovalStatus;
+    comment: string;
+  };
+}
+
 interface SignSshKey {
  type: EventType.SIGN_SSH_KEY;
  metadata: {
@@ -2482,4 +2494,5 @@ export type Event =
  | KmipOperationRevokeEvent
  | KmipOperationLocateEvent
  | KmipOperationRegisterEvent
-  | CreateSecretRequestEvent;
+  | CreateSecretRequestEvent
+  | SecretApprovalRequestReview;
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts
@@ -100,6 +100,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
        tx.ref("lastName").withSchema("committerUser").as("committerUserLastName"),
        tx.ref("reviewerUserId").withSchema(TableName.SecretApprovalRequestReviewer),
        tx.ref("status").withSchema(TableName.SecretApprovalRequestReviewer).as("reviewerStatus"),
+        tx.ref("comment").withSchema(TableName.SecretApprovalRequestReviewer).as("reviewerComment"),
        tx.ref("email").withSchema("secretApprovalReviewerUser").as("reviewerEmail"),
        tx.ref("username").withSchema("secretApprovalReviewerUser").as("reviewerUsername"),
        tx.ref("firstName").withSchema("secretApprovalReviewerUser").as("reviewerFirstName"),
@@ -162,8 +163,10 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
              reviewerEmail: email,
              reviewerLastName: lastName,
              reviewerUsername: username,
-              reviewerFirstName: firstName
-            }) => (userId ? { userId, status, email, firstName, lastName, username } : undefined)
+              reviewerFirstName: firstName,
+              reviewerComment: comment
+            }) =>
+              userId ? { userId, status, email, firstName, lastName, username, comment: comment ?? "" } : undefined
          },
          {
            key: "approverUserId",
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
@@ -320,6 +320,7 @@ export const secretApprovalRequestServiceFactory = ({
    approvalId,
    actor,
    status,
+    comment,
    actorId,
    actorAuthMethod,
    actorOrgId
@@ -372,15 +373,18 @@ export const secretApprovalRequestServiceFactory = ({
        return secretApprovalRequestReviewerDAL.create(
          {
            status,
+            comment,
            requestId: secretApprovalRequest.id,
            reviewerUserId: actorId
          },
          tx
        );
      }
-      return secretApprovalRequestReviewerDAL.updateById(review.id, { status }, tx);
+
+      return secretApprovalRequestReviewerDAL.updateById(review.id, { status, comment }, tx);
    });
-    return reviewStatus;
+
+    return { ...reviewStatus, projectId: secretApprovalRequest.projectId };
  };

  const updateApprovalStatus = async ({
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-types.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-types.ts
@@ -80,6 +80,7 @@ export type TStatusChangeDTO = {
 export type TReviewRequestDTO = {
  approvalId: string;
  status: ApprovalStatus;
+  comment?: string;
 } & Omit<TProjectPermission, "projectId">;

 export type TApprovalRequestCountDTO = TProjectPermission;
--- a/backend/src/lib/gateway/index.ts
+++ b/backend/src/lib/gateway/index.ts
@@ -2,7 +2,7 @@
 import crypto from "node:crypto";
 import net from "node:net";

-import quic from "@infisical/quic";
+import * as quic from "@infisical/quic";

 import { BadRequestError } from "../errors";
 import { logger } from "../logger";
--- a/backend/src/server/lib/utils.ts
+++ b/backend/src/server/lib/utils.ts
@@ -0,0 +1,8 @@
+export const QUERY_TIMEOUT = 121000; // 2 mins (query timeout) with padding
+
+export const extendTimeout =
+  (timeoutMs: number) =>
+  (request: { raw: { socket: { setTimeout: (ms: number) => void } } }, reply: unknown, done: () => void) => {
+    request.raw.socket.setTimeout(timeoutMs);
+    done();
+  };
--- a/backend/src/server/routes/v1/admin-router.ts
+++ b/backend/src/server/routes/v1/admin-router.ts
@@ -211,6 +211,27 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
    }
  });

+  server.route({
+    method: "PATCH",
+    url: "/user-management/users/:userId/admin-access",
+    config: {
+      rateLimit: writeLimit
+    },
+    schema: {
+      params: z.object({
+        userId: z.string()
+      })
+    },
+    onRequest: (req, res, done) => {
+      verifyAuth([AuthMode.JWT])(req, res, () => {
+        verifySuperAdmin(req, res, done);
+      });
+    },
+    handler: async (req) => {
+      await server.services.superAdmin.grantServerAdminAccessToUser(req.params.userId);
+    }
+  });
+
  server.route({
    method: "GET",
    url: "/encryption-strategies",
--- a/backend/src/server/routes/v1/organization-router.ts
+++ b/backend/src/server/routes/v1/organization-router.ts
@@ -14,6 +14,7 @@ import { AUDIT_LOGS, ORGANIZATIONS } from "@app/lib/api-docs";
 import { getLastMidnightDateISO, removeTrailingSlash } from "@app/lib/fn";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { slugSchema } from "@app/server/lib/schemas";
+import { extendTimeout, QUERY_TIMEOUT } from "@app/server/lib/utils";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { ActorType, AuthMode, MfaMethod } from "@app/services/auth/auth-type";
 import { sanitizedOrganizationSchema } from "@app/services/org/org-schema";
@@ -108,6 +109,7 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
    config: {
      rateLimit: readLimit
    },
+    preHandler: extendTimeout(QUERY_TIMEOUT),
    schema: {
      description: "Get all audit logs for an organization",
      querystring: z.object({
--- a/backend/src/services/integration-auth/integration-app-list.ts
+++ b/backend/src/services/integration-auth/integration-app-list.ts
@@ -134,7 +134,15 @@ const getAppsHeroku = async ({ accessToken }: { accessToken: string }) => {
 * Return list of names of apps for Vercel integration
 * This is re-used for getting custom environments for Vercel
 */
-export const getAppsVercel = async ({ accessToken, teamId }: { teamId?: string | null; accessToken: string }) => {
+export const getAppsVercel = async ({
+  accessToken,
+  teamId,
+  includeCustomEnvironments
+}: {
+  teamId?: string | null;
+  accessToken: string;
+  includeCustomEnvironments?: boolean;
+}) => {
  const apps: Array<{ name: string; appId: string; customEnvironments: Array<{ slug: string; id: string }> }> = [];

  const limit = "20";
@@ -145,12 +153,6 @@ export const getAppsVercel = async ({ accessToken, teamId }: { teamId?: string |
    projects: {
      name: string;
      id: string;
-      customEnvironments?: {
-        id: string;
-        type: string;
-        description: string;
-        slug: string;
-      }[];
    }[];
    pagination: {
      count: number;
@@ -159,6 +161,20 @@ export const getAppsVercel = async ({ accessToken, teamId }: { teamId?: string |
    };
  }

+  const getProjectCustomEnvironments = async (projectId: string) => {
+    const { data } = await request.get<{ environments: { id: string; slug: string }[] }>(
+      `${IntegrationUrls.VERCEL_API_URL}/v9/projects/${projectId}/custom-environments`,
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          "Accept-Encoding": "application/json"
+        }
+      }
+    );
+
+    return data.environments;
+  };
+
  while (hasMorePages) {
    const params: { [key: string]: string } = {
      limit
@@ -180,17 +196,38 @@ export const getAppsVercel = async ({ accessToken, teamId }: { teamId?: string |
      }
    });

-    data.projects.forEach((a) => {
-      apps.push({
-        name: a.name,
-        appId: a.id,
-        customEnvironments:
-          a.customEnvironments?.map((env) => ({
-            slug: env.slug,
-            id: env.id
-          })) ?? []
+    if (includeCustomEnvironments) {
+      const projectsWithCustomEnvironments = await Promise.all(
+        data.projects.map(async (a) => {
+          const customEnvironments = await getProjectCustomEnvironments(a.id);
+
+          return {
+            ...a,
+            customEnvironments
+          };
+        })
+      );
+
+      projectsWithCustomEnvironments.forEach((a) => {
+        apps.push({
+          name: a.name,
+          appId: a.id,
+          customEnvironments:
+            a.customEnvironments?.map((env) => ({
+              slug: env.slug,
+              id: env.id
+            })) ?? []
+        });
      });
-    });
+    } else {
+      data.projects.forEach((a) => {
+        apps.push({
+          name: a.name,
+          appId: a.id,
+          customEnvironments: []
+        });
+      });
+    }

    next = data.pagination.next;

--- a/backend/src/services/integration-auth/integration-auth-service.ts
+++ b/backend/src/services/integration-auth/integration-auth-service.ts
@@ -1851,6 +1851,7 @@ export const integrationAuthServiceFactory = ({
    const { accessToken } = await getIntegrationAccessToken(integrationAuth, shouldUseSecretV2Bridge, botKey);

    const vercelApps = await getAppsVercel({
+      includeCustomEnvironments: true,
      accessToken,
      teamId
    });
--- a/backend/src/services/super-admin/super-admin-service.ts
+++ b/backend/src/services/super-admin/super-admin-service.ts
@@ -291,6 +291,15 @@ export const superAdminServiceFactory = ({
    return user;
  };

+  const grantServerAdminAccessToUser = async (userId: string) => {
+    if (!licenseService.onPremFeatures?.instanceUserManagement) {
+      throw new BadRequestError({
+        message: "Failed to grant server admin access to user due to plan restriction. Upgrade to Infisical's Pro plan."
+      });
+    }
+    await userDAL.updateById(userId, { superAdmin: true });
+  };
+
  const getAdminSlackConfig = async () => {
    const serverCfg = await serverCfgDAL.findById(ADMIN_CONFIG_DB_UUID);

@@ -381,6 +390,7 @@ export const superAdminServiceFactory = ({
    deleteUser,
    getAdminSlackConfig,
    updateRootEncryptionStrategy,
-    getConfiguredEncryptionStrategies
+    getConfiguredEncryptionStrategies,
+    grantServerAdminAccessToUser
  };
 };
--- a/cli/config/infisical-relay.yaml
+++ b/cli/config/infisical-relay.yaml
@@ -1,3 +1,8 @@
 public_ip: 127.0.0.1
 auth_secret: changeThisOnProduction
 realm: infisical.org
+# set port 5349 for tls
+# port: 5349
+# tls_private_key_path: /full-path
+# tls_ca_path:  /full-path
+# tls_cert_path: /full-path
--- a/cli/packages/gateway/connection.go
+++ b/cli/packages/gateway/connection.go
@@ -61,7 +61,6 @@ func handleStream(stream quic.Stream, quicConn quic.Connection) {

 		switch string(cmd) {
 		case "FORWARD-TCP":
-			log.Info().Msg("Starting secure connector proxy...")
 			proxyAddress := string(bytes.Split(args, []byte(" "))[0])
 			destTarget, err := net.Dial("tcp", proxyAddress)
 			if err != nil {
@@ -69,6 +68,7 @@ func handleStream(stream quic.Stream, quicConn quic.Connection) {
 				return
 			}
 			defer destTarget.Close()
+			log.Info().Msgf("Starting secure transmission between %s->%s", quicConn.LocalAddr().String(), destTarget.LocalAddr().String())

 			// Handle buffered data
 			buffered := reader.Buffered()
@@ -87,6 +87,7 @@ func handleStream(stream quic.Stream, quicConn quic.Connection) {
 			}

 			CopyDataFromQuicToTcp(stream, destTarget)
+			log.Info().Msgf("Ending secure transmission between %s->%s", quicConn.LocalAddr().String(), destTarget.LocalAddr().String())
 			return
 		case "PING":
 			if _, err := stream.Write([]byte("PONG\n")); err != nil {
--- a/cli/packages/gateway/gateway.go
+++ b/cli/packages/gateway/gateway.go
@@ -6,11 +6,13 @@ import (
 	"crypto/x509"
 	"fmt"
 	"net"
+	"os"
 	"strings"
 	"sync"
 	"time"

 	"github.com/Infisical/infisical-merge/packages/api"
+	"github.com/Infisical/infisical-merge/packages/systemd"
 	"github.com/go-resty/resty/v2"
 	"github.com/pion/logging"
 	"github.com/pion/turn/v4"
@@ -75,6 +77,10 @@ func (g *Gateway) ConnectWithRelay() error {

 	// Start a new TURN Client and wrap our net.Conn in a STUNConn
 	// This allows us to simulate datagram based communication over a net.Conn
+	logger := logging.NewDefaultLoggerFactory()
+	if os.Getenv("LOG_LEVEL") == "debug" {
+		logger.DefaultLogLevel = logging.LogLevelDebug
+	}
 	cfg := &turn.ClientConfig{
 		STUNServerAddr: relayDetails.TurnServerAddress,
 		TURNServerAddr: relayDetails.TurnServerAddress,
@@ -82,7 +88,7 @@ func (g *Gateway) ConnectWithRelay() error {
 		Username:       relayDetails.TurnServerUsername,
 		Password:       relayDetails.TurnServerPassword,
 		Realm:          relayDetails.TurnServerRealm,
-		LoggerFactory:  logging.NewDefaultLoggerFactory(),
+		LoggerFactory:  logger,
 	}

 	client, err := turn.NewClient(cfg)
@@ -96,10 +102,6 @@ func (g *Gateway) ConnectWithRelay() error {
 		TurnServerAddress:  relayDetails.TurnServerAddress,
 		InfisicalStaticIp:  relayDetails.InfisicalStaticIp,
 	}
-	// if port not specific allow all port
-	if relayDetails.InfisicalStaticIp != "" && !strings.Contains(relayDetails.InfisicalStaticIp, ":") {
-		g.config.InfisicalStaticIp = g.config.InfisicalStaticIp + ":0"
-	}

 	g.client = client
 	return nil
@@ -141,20 +143,15 @@ func (g *Gateway) Listen(ctx context.Context) error {
 	g.config.Certificate = gatewayCert.Certificate
 	g.config.CertificateChain = gatewayCert.CertificateChain

+	errCh := make(chan error, 1)
 	shutdownCh := make(chan bool, 1)

-	if g.config.InfisicalStaticIp != "" {
-		log.Info().Msgf("Found static ip from Infisical: %s. Creating permission IP lifecycle", g.config.InfisicalStaticIp)
-		peerAddr, err := net.ResolveUDPAddr("udp", g.config.InfisicalStaticIp)
-		if err != nil {
-			return fmt.Errorf("Failed to parse infisical static ip: %w", err)
-		}
-		err = g.client.CreatePermission(peerAddr)
-		if err != nil {
-			return fmt.Errorf("Failed to set permission: %w", err)
-		}
+	if err = g.createPermissionForStaticIps(g.config.InfisicalStaticIp); err != nil {
+		return err
 	}

+	g.registerHeartBeat(ctx, errCh)
+
 	cert, err := tls.X509KeyPair([]byte(gatewayCert.Certificate), []byte(gatewayCert.PrivateKey))
 	if err != nil {
 		return fmt.Errorf("failed to parse cert: %w", err)
@@ -175,10 +172,11 @@ func (g *Gateway) Listen(ctx context.Context) error {
 	// Setup QUIC listener on the relayConn
 	quicConfig := &quic.Config{
 		EnableDatagrams: true,
-		MaxIdleTimeout:  30 * time.Second,
-		KeepAlivePeriod: 15 * time.Second,
+		MaxIdleTimeout:  10 * time.Second,
+		KeepAlivePeriod: 2 * time.Second,
 	}

+	g.registerRelayIsActive(ctx, relayUdpConnection.LocalAddr().String(), errCh)
 	quicListener, err := quic.Listen(relayUdpConnection, tlsConfig, quicConfig)
 	if err != nil {
 		return fmt.Errorf("Failed to listen for QUIC: %w", err)
@@ -187,12 +185,8 @@ func (g *Gateway) Listen(ctx context.Context) error {

 	log.Printf("Listener started on %s", quicListener.Addr())

-	errCh := make(chan error, 1)
 	log.Info().Msg("Gateway started successfully")
-	g.registerHeartBeat(errCh, shutdownCh)
-	g.registerRelayIsActive(relayUdpConnection.LocalAddr().String(), tlsConfig, quicConfig, errCh, shutdownCh)

-	// Create a WaitGroup to track active connections
 	var wg sync.WaitGroup

 	go func() {
@@ -244,10 +238,13 @@ func (g *Gateway) Listen(ctx context.Context) error {
 		}
 	}()

+	// make this compatiable with systemd notify mode
+	systemd.SdNotify(false, systemd.SdNotifyReady)
 	select {
 	case <-ctx.Done():
 		log.Info().Msg("Shutting down gateway...")
 	case err = <-errCh:
+		log.Error().Err(err).Msg("Gateway error occurred")
 	}

 	// Signal the accept loop to stop
@@ -270,56 +267,97 @@ func (g *Gateway) Listen(ctx context.Context) error {
 	return err
 }

-func (g *Gateway) registerHeartBeat(errCh chan error, done chan bool) {
+func (g *Gateway) registerHeartBeat(ctx context.Context, errCh chan error) {
 	ticker := time.NewTicker(30 * time.Minute)
+	defer ticker.Stop()

 	go func() {
-		time.Sleep(10 * time.Second)
-		log.Info().Msg("Registering first heart beat")
-		err := api.CallGatewayHeartBeatV1(g.httpClient)
-		if err != nil {
-			log.Error().Msgf("Failed to register heartbeat: %s", err)
-		}
-
 		for {
+			if err := api.CallGatewayHeartBeatV1(g.httpClient); err != nil {
+				errCh <- err
+			} else {
+				log.Info().Msg("Gateway is reachable by Infisical")
+			}
+
 			select {
-			case <-done:
-				ticker.Stop()
+			case <-ctx.Done():
 				return
 			case <-ticker.C:
-				log.Info().Msg("Registering heart beat")
-				err := api.CallGatewayHeartBeatV1(g.httpClient)
-				errCh <- err
 			}
 		}
 	}()
 }

-func (g *Gateway) registerRelayIsActive(serverAddr string, tlsConf *tls.Config, quicConf *quic.Config, errCh chan error, done chan bool) {
+func (g *Gateway) createPermissionForStaticIps(staticIps string) error {
+	if staticIps == "" {
+		return fmt.Errorf("Missing Infisical static ips for permission")
+	}
+
+	splittedIps := strings.Split(staticIps, ",")
+	resolvedIps := make([]net.Addr, 0)
+	for _, ip := range splittedIps {
+		ip = strings.TrimSpace(ip)
+		if ip == "" {
+			continue
+		}
+
+		// if port not specific allow all port
+		if !strings.Contains(ip, ":") {
+			ip = ip + ":0"
+		}
+
+		peerAddr, err := net.ResolveUDPAddr("udp", ip)
+		if err != nil {
+			return fmt.Errorf("Failed to resolve static ip for permission: %w", err)
+		}
+
+		resolvedIps = append(resolvedIps, peerAddr)
+	}
+
+	if err := g.client.CreatePermission(resolvedIps...); err != nil {
+		return fmt.Errorf("Failed to set ip permission: %w", err)
+	}
+	return nil
+}
+
+func (g *Gateway) registerRelayIsActive(ctx context.Context, relayAddress string, errCh chan error) error {
 	ticker := time.NewTicker(10 * time.Second)
+	maxFailures := 3
+	failures := 0

 	go func() {
-		time.Sleep(5 * time.Second)
+		time.Sleep(2 * time.Second)
 		for {
 			select {
-			case <-done:
-				ticker.Stop()
+			case <-ctx.Done():
 				return
 			case <-ticker.C:
+				// Configure TLS to skip verification
+				tlsConfig := &tls.Config{
+					InsecureSkipVerify: true,
+					NextProtos:         []string{"infisical-gateway"},
+				}
+				quicConfig := &quic.Config{
+					EnableDatagrams: true,
+				}
 				func() {
-					ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) // 3s handshake timeout
+					checkCtx, cancel := context.WithTimeout(ctx, 3*time.Second)
 					defer cancel()
-					conn, err := quic.DialAddr(ctx, serverAddr, tlsConf, quicConf)
-					if conn != nil {
-						conn.CloseWithError(0, "connection closed")
+					conn, err := quic.DialAddr(checkCtx, relayAddress, tlsConfig, quicConfig)
+					if err != nil {
+						failures++
+						log.Warn().Err(err).Int("failures", failures).Msg("Relay connection check failed")
+						if failures >= maxFailures {
+							errCh <- fmt.Errorf("relay connection check failed: %w", err)
+						}
 					}
-					// this error means quic connection is alive
-					if err != nil && !strings.Contains(err.Error(), "tls: failed to verify certificate") {
-						errCh <- err
-						return
+					if conn != nil {
+						conn.CloseWithError(0, "closed")
 					}
 				}()
 			}
 		}
 	}()
+
+	return nil
 }
--- a/cli/packages/gateway/relay.go
+++ b/cli/packages/gateway/relay.go
@@ -3,6 +3,7 @@ package gateway
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"net"
@@ -12,10 +13,11 @@ import (
 	"strconv"
 	"syscall"

+	udplistener "github.com/Infisical/infisical-merge/packages/gateway/udp_listener"
+	"github.com/Infisical/infisical-merge/packages/systemd"
 	"github.com/pion/logging"
 	"github.com/pion/turn/v4"
 	"github.com/rs/zerolog/log"
-	"golang.org/x/sys/unix"
 	"gopkg.in/yaml.v2"
 )

@@ -36,8 +38,10 @@ type GatewayRelayConfig struct {
 	RelayMaxPort      uint16 `yaml:"relay_max_port"`
 	TlsCertPath       string `yaml:"tls_cert_path"`
 	TlsPrivateKeyPath string `yaml:"tls_private_key_path"`
+	TlsCaPath         string `yaml:"tls_ca_path"`

 	tls          tls.Certificate
+	tlsCa        string
 	isTlsEnabled bool
 }

@@ -78,19 +82,19 @@ func NewGatewayRelay(configFilePath string) (*GatewayRelay, error) {
 			return nil, errMissingTlsCert
 		}

-		tlsCertFile, err := os.ReadFile(cfg.TlsCertPath)
+		cert, err := tls.LoadX509KeyPair(cfg.TlsCertPath, cfg.TlsPrivateKeyPath)
 		if err != nil {
-			return nil, err
-		}
-		tlsPrivateKeyFile, err := os.ReadFile(cfg.TlsPrivateKeyPath)
-		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("Failed to read load server tls key pair: %w", err)
 		}

-		cert, err := tls.LoadX509KeyPair(string(tlsCertFile), string(tlsPrivateKeyFile))
-		if err != nil {
-			return nil, err
+		if cfg.TlsCaPath != "" {
+			ca, err := os.ReadFile(cfg.TlsCaPath)
+			if err != nil {
+				return nil, fmt.Errorf("Failed to read tls ca: %w", err)
+			}
+			cfg.tlsCa = string(ca)
 		}
+
 		cfg.tls = cert
 		cfg.isTlsEnabled = true
 	}
@@ -115,18 +119,7 @@ func (g *GatewayRelay) Run() error {
 	// this allows us to add logging, storage or modify inbound/outbound traffic
 	// UDP listeners share the same local address:port with setting SO_REUSEPORT and the kernel
 	// will load-balance received packets per the IP 5-tuple
-	listenerConfig := &net.ListenConfig{
-		Control: func(network, address string, conn syscall.RawConn) error { // nolint: revive
-			var operr error
-			if err = conn.Control(func(fd uintptr) {
-				operr = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, unix.SO_REUSEPORT, 1)
-			}); err != nil {
-				return err
-			}
-
-			return operr
-		},
-	}
+	listenerConfig := udplistener.SetupListenerConfig()

 	publicIP := g.Config.PublicIP
 	relayAddressGenerator := &turn.RelayAddressGeneratorPortRange{
@@ -150,8 +143,12 @@ func (g *GatewayRelay) Run() error {
 		}

 		if g.Config.isTlsEnabled {
+			caCertPool := x509.NewCertPool()
+			caCertPool.AppendCertsFromPEM([]byte(g.Config.tlsCa))
+
 			listenerConfigs[i].Listener = tls.NewListener(conn, &tls.Config{
 				Certificates: []tls.Certificate{g.Config.tls},
+				ClientCAs:    caCertPool,
 			})
 		} else {
 			listenerConfigs[i].Listener = conn
@@ -175,6 +172,9 @@ func (g *GatewayRelay) Run() error {
 	}

 	log.Info().Msgf("Relay listening on %s\n", connAddress)
+
+	// make this compatiable with systemd notify mode
+	systemd.SdNotify(false, systemd.SdNotifyReady)
 	// Block until user sends SIGINT or SIGTERM
 	sigs := make(chan os.Signal, 1)
 	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
--- a/cli/packages/gateway/udp_listener/listener_unix.go
+++ b/cli/packages/gateway/udp_listener/listener_unix.go
@@ -0,0 +1,26 @@
+//go:build !windows
+// +build !windows
+
+package udplistener
+
+import (
+	"net"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+	// other imports
+)
+
+func SetupListenerConfig() *net.ListenConfig {
+	return &net.ListenConfig{
+		Control: func(network, address string, conn syscall.RawConn) error {
+			var operr error
+			if err := conn.Control(func(fd uintptr) {
+				operr = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, unix.SO_REUSEPORT, 1)
+			}); err != nil {
+				return err
+			}
+			return operr
+		},
+	}
+}
--- a/cli/packages/gateway/udp_listener/listener_windows.go
+++ b/cli/packages/gateway/udp_listener/listener_windows.go
@@ -0,0 +1,18 @@
+//go:build windows
+// +build windows
+
+package udplistener
+
+import (
+	"fmt"
+	"net"
+	"syscall"
+)
+
+func SetupListenerConfig() *net.ListenConfig {
+	return &net.ListenConfig{
+		Control: func(network, address string, conn syscall.RawConn) error {
+			return fmt.Errorf("Infisical relay not supported for windows.")
+		},
+	}
+}
--- a/cli/packages/systemd/daemon.go
+++ b/cli/packages/systemd/daemon.go
@@ -0,0 +1,84 @@
+// Copyright 2014 Docker, Inc.
+// Copyright 2015-2018 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// Package daemon provides a Go implementation of the sd_notify protocol.
+// It can be used to inform systemd of service start-up completion, watchdog
+// events, and other status changes.
+//
+// https://www.freedesktop.org/software/systemd/man/sd_notify.html#Description
+package systemd
+
+import (
+	"net"
+	"os"
+)
+
+const (
+	// SdNotifyReady tells the service manager that service startup is finished
+	// or the service finished loading its configuration.
+	SdNotifyReady = "READY=1"
+
+	// SdNotifyStopping tells the service manager that the service is beginning
+	// its shutdown.
+	SdNotifyStopping = "STOPPING=1"
+
+	// SdNotifyReloading tells the service manager that this service is
+	// reloading its configuration. Note that you must call SdNotifyReady when
+	// it completed reloading.
+	SdNotifyReloading = "RELOADING=1"
+
+	// SdNotifyWatchdog tells the service manager to update the watchdog
+	// timestamp for the service.
+	SdNotifyWatchdog = "WATCHDOG=1"
+)
+
+// SdNotify sends a message to the init daemon. It is common to ignore the error.
+// If `unsetEnvironment` is true, the environment variable `NOTIFY_SOCKET`
+// will be unconditionally unset.
+//
+// It returns one of the following:
+// (false, nil) - notification not supported (i.e. NOTIFY_SOCKET is unset)
+// (false, err) - notification supported, but failure happened (e.g. error connecting to NOTIFY_SOCKET or while sending data)
+// (true, nil) - notification supported, data has been sent
+func SdNotify(unsetEnvironment bool, state string) (bool, error) {
+	socketAddr := &net.UnixAddr{
+		Name: os.Getenv("NOTIFY_SOCKET"),
+		Net:  "unixgram",
+	}
+
+	// NOTIFY_SOCKET not set
+	if socketAddr.Name == "" {
+		return false, nil
+	}
+
+	if unsetEnvironment {
+		if err := os.Unsetenv("NOTIFY_SOCKET"); err != nil {
+			return false, err
+		}
+	}
+
+	conn, err := net.DialUnix(socketAddr.Net, nil, socketAddr)
+	// Error connecting to NOTIFY_SOCKET
+	if err != nil {
+		return false, err
+	}
+	defer conn.Close()
+
+	if _, err = conn.Write([]byte(state)); err != nil {
+		return false, err
+	}
+	return true, nil
+}
--- a/docs/documentation/platform/admin-panel/server-admin.mdx
+++ b/docs/documentation/platform/admin-panel/server-admin.mdx
@@ -76,8 +76,7 @@ This tab allows you to set various rate limits for your Infisical instance. You

 ## User Management Tab

-From this tab, you can view all the users who have signed up for your instance. You can search for users using the search bar and remove them from your instance by pressing the **X** button on their respective row.
-
+From this tab, you can view all the users who have signed up for your instance. You can search for users using the search bar and remove them from your instance by clicking on the three dots icon on the right. Additionally, the Server Admin can grant server administrator access to other users through this menu.
 ![User Management](/images/platform/admin-panels/admin-panel-users.png)

 <Note>
--- a/docs/images/platform/admin-panels/admin-panel-users.png
+++ b/docs/images/platform/admin-panels/admin-panel-users.png
--- a/frontend/src/hooks/api/admin/index.ts
+++ b/frontend/src/hooks/api/admin/index.ts
@@ -3,7 +3,8 @@ export {
  useCreateAdminUser,
  useUpdateAdminSlackConfig,
  useUpdateServerConfig,
-  useUpdateServerEncryptionStrategy
+  useUpdateServerEncryptionStrategy,
+  useAdminGrantServerAdminAccess
 } from "./mutation";
 export {
  useAdminGetUsers,
--- a/frontend/src/hooks/api/admin/mutation.ts
+++ b/frontend/src/hooks/api/admin/mutation.ts
@@ -70,6 +70,21 @@ export const useAdminDeleteUser = () => {
  });
 };

+export const useAdminGrantServerAdminAccess = () => {
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: async (userId: string) => {
+      await apiRequest.patch(`/api/v1/admin/user-management/users/${userId}/admin-access`);
+      return {};
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({
+        queryKey: [adminStandaloneKeys.getUsers]
+      });
+    }
+  });
+};
+
 export const useUpdateAdminSlackConfig = () => {
  const queryClient = useQueryClient();
  return useMutation<AdminSlackConfig, object, TUpdateAdminSlackConfigDTO>({
--- a/frontend/src/hooks/api/auditLogs/constants.tsx
+++ b/frontend/src/hooks/api/auditLogs/constants.tsx
@@ -122,6 +122,7 @@ export const eventToNameMap: { [K in EventType]: string } = {
    "OIDC group membership mapping assigned user to groups",
  [EventType.OIDC_GROUP_MEMBERSHIP_MAPPING_REMOVE_USER]:
    "OIDC group membership mapping removed user from groups",
+  [EventType.SECRET_APPROVAL_REQUEST_REVIEW]: "Review Secret Approval Request",
  [EventType.CREATE_KMIP_CLIENT]: "Create KMIP client",
  [EventType.UPDATE_KMIP_CLIENT]: "Update KMIP client",
  [EventType.DELETE_KMIP_CLIENT]: "Delete KMIP client",
--- a/frontend/src/hooks/api/auditLogs/enums.tsx
+++ b/frontend/src/hooks/api/auditLogs/enums.tsx
@@ -150,5 +150,6 @@ export enum EventType {
  KMIP_OPERATION_ACTIVATE = "kmip-operation-activate",
  KMIP_OPERATION_REVOKE = "kmip-operation-revoke",
  KMIP_OPERATION_LOCATE = "kmip-operation-locate",
-  KMIP_OPERATION_REGISTER = "kmip-operation-register"
+  KMIP_OPERATION_REGISTER = "kmip-operation-register",
+  SECRET_APPROVAL_REQUEST_REVIEW = "secret-approval-request-review"
 }
--- a/frontend/src/hooks/api/secretApprovalRequest/mutation.tsx
+++ b/frontend/src/hooks/api/secretApprovalRequest/mutation.tsx
@@ -13,9 +13,10 @@ export const useUpdateSecretApprovalReviewStatus = () => {
  const queryClient = useQueryClient();

  return useMutation<object, object, TUpdateSecretApprovalReviewStatusDTO>({
-    mutationFn: async ({ id, status }) => {
+    mutationFn: async ({ id, status, comment }) => {
      const { data } = await apiRequest.post(`/api/v1/secret-approval-requests/${id}/review`, {
-        status
+        status,
+        comment
      });
      return data;
    },
--- a/frontend/src/hooks/api/secretApprovalRequest/types.ts
+++ b/frontend/src/hooks/api/secretApprovalRequest/types.ts
@@ -44,6 +44,7 @@ export type TSecretApprovalRequest = {
  reviewers: {
    userId: string;
    status: ApprovalStatus;
+    comment: string;
    email: string;
    firstName: string;
    lastName: string;
@@ -114,6 +115,7 @@ export type TGetSecretApprovalRequestDetails = {

 export type TUpdateSecretApprovalReviewStatusDTO = {
  status: ApprovalStatus;
+  comment?: string;
  id: string;
 };

--- a/frontend/src/pages/admin/OverviewPage/components/UserPanel.tsx
+++ b/frontend/src/pages/admin/OverviewPage/components/UserPanel.tsx
@@ -1,5 +1,5 @@
 import { useState } from "react";
-import { faMagnifyingGlass, faUsers, faXmark } from "@fortawesome/free-solid-svg-icons";
+import { faMagnifyingGlass, faUsers, faEllipsis } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";

 import { UpgradePlanModal } from "@app/components/license/UpgradePlanModal";
@@ -9,7 +9,6 @@ import {
  Button,
  DeleteActionModal,
  EmptyState,
-  IconButton,
  Input,
  Table,
  TableContainer,
@@ -18,21 +17,33 @@ import {
  Td,
  Th,
  THead,
-  Tr
+  Tr,
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger
 } from "@app/components/v2";
 import { useSubscription, useUser } from "@app/context";
 import { useDebounce, usePopUp } from "@app/hooks";
-import { useAdminDeleteUser, useAdminGetUsers } from "@app/hooks/api";
+import {
+  useAdminDeleteUser,
+  useAdminGetUsers,
+  useAdminGrantServerAdminAccess
+} from "@app/hooks/api";
 import { UsePopUpState } from "@app/hooks/usePopUp";

+const deleteUserUpgradePlanMessage = "Deleting users via Admin UI";
+const addServerAdminUpgradePlanMessage = "Granting another user Server Admin permissions";
+
 const UserPanelTable = ({
  handlePopUpOpen
 }: {
  handlePopUpOpen: (
-    popUpName: keyof UsePopUpState<["removeUser", "upgradePlan"]>,
+    popUpName: keyof UsePopUpState<["removeUser", "upgradePlan", "upgradeToServerAdmin"]>,
    data?: {
      username: string;
      id: string;
+      message?: string;
    }
  ) => void;
 }) => {
@@ -87,22 +98,49 @@ const UserPanelTable = ({
                        <Td>
                          {userId !== id && (
                            <div className="flex justify-end">
-                              <IconButton
-                                size="lg"
-                                colorSchema="danger"
-                                variant="plain"
-                                ariaLabel="update"
-                                isDisabled={userId === id}
-                                onClick={() => {
-                                  if (!subscription?.instanceUserManagement) {
-                                    handlePopUpOpen("upgradePlan");
-                                    return;
-                                  }
-                                  handlePopUpOpen("removeUser", { username, id });
-                                }}
-                              >
-                                <FontAwesomeIcon icon={faXmark} />
-                              </IconButton>
+                              <DropdownMenu>
+                                <DropdownMenuTrigger asChild className="rounded-lg">
+                                  <div className="hover:text-primary-400 data-[state=open]:text-primary-400">
+                                    <FontAwesomeIcon size="sm" icon={faEllipsis} />
+                                  </div>
+                                </DropdownMenuTrigger>
+                                <DropdownMenuContent align="start" className="p-1">
+                                  <DropdownMenuItem
+                                    onClick={(e) => {
+                                      e.stopPropagation();
+                                      if (!subscription?.instanceUserManagement) {
+                                        handlePopUpOpen("upgradePlan", {
+                                          username,
+                                          id,
+                                          message: deleteUserUpgradePlanMessage
+                                        });
+                                        return;
+                                      }
+                                      handlePopUpOpen("removeUser", { username, id });
+                                    }}
+                                  >
+                                    Remove User
+                                  </DropdownMenuItem>
+                                  {!superAdmin && (
+                                    <DropdownMenuItem
+                                      onClick={(e) => {
+                                        e.stopPropagation();
+                                        if (!subscription?.instanceUserManagement) {
+                                          handlePopUpOpen("upgradePlan", {
+                                            username,
+                                            id,
+                                            message: addServerAdminUpgradePlanMessage
+                                          });
+                                          return;
+                                        }
+                                        handlePopUpOpen("upgradeToServerAdmin", { username, id });
+                                      }}
+                                    >
+                                      Make User Server Admin
+                                    </DropdownMenuItem>
+                                  )}
+                                </DropdownMenuContent>
+                              </DropdownMenu>
                            </div>
                          )}
                        </Td>
@@ -134,10 +172,12 @@ const UserPanelTable = ({
 export const UserPanel = () => {
  const { handlePopUpToggle, popUp, handlePopUpOpen, handlePopUpClose } = usePopUp([
    "removeUser",
-    "upgradePlan"
+    "upgradePlan",
+    "upgradeToServerAdmin"
  ] as const);

  const { mutateAsync: deleteUser } = useAdminDeleteUser();
+  const { mutateAsync: grantAdminAccess } = useAdminGrantServerAdminAccess();

  const handleRemoveUser = async () => {
    const { id } = popUp?.removeUser?.data as { id: string; username: string };
@@ -158,6 +198,25 @@ export const UserPanel = () => {
    handlePopUpClose("removeUser");
  };

+  const handleGrantServerAdminAccess = async () => {
+    const { id } = popUp?.upgradeToServerAdmin?.data as { id: string; username: string };
+
+    try {
+      await grantAdminAccess(id);
+      createNotification({
+        type: "success",
+        text: "Successfully granted server admin access to user"
+      });
+    } catch {
+      createNotification({
+        type: "error",
+        text: "Error granting server admin access to user"
+      });
+    }
+
+    handlePopUpClose("upgradeToServerAdmin");
+  };
+
  return (
    <div className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4">
      <div className="mb-4">
@@ -173,10 +232,21 @@ export const UserPanel = () => {
        onChange={(isOpen) => handlePopUpToggle("removeUser", isOpen)}
        onDeleteApproved={handleRemoveUser}
      />
+      <DeleteActionModal
+        isOpen={popUp.upgradeToServerAdmin.isOpen}
+        title={`Are you sure want to grant Server Admin permissions to ${
+          (popUp?.upgradeToServerAdmin?.data as { id: string; username: string })?.username || ""
+        }?`}
+        subTitle=""
+        onChange={(isOpen) => handlePopUpToggle("upgradeToServerAdmin", isOpen)}
+        deleteKey="confirm"
+        onDeleteApproved={handleGrantServerAdminAccess}
+        buttonText="Grant Access"
+      />
      <UpgradePlanModal
        isOpen={popUp.upgradePlan.isOpen}
        onOpenChange={(isOpen) => handlePopUpToggle("upgradePlan", isOpen)}
-        text="Deleting users via Admin UI is only available on Infisical's Pro plan and above."
+        text={`${popUp?.upgradePlan?.data?.message} is only available on Infisical's Pro plan and above.`}
      />
    </div>
  );
--- a/frontend/src/pages/organization/AuditLogsPage/components/LogsTable.tsx
+++ b/frontend/src/pages/organization/AuditLogsPage/components/LogsTable.tsx
@@ -106,7 +106,7 @@ export const LogsTable = ({
          className="mb-20 mt-4 px-4 py-3 text-sm"
          isFullWidth
          variant="star"
-          isLoading={isFetchingNextPage}
+          isLoading={isFetchingNextPage || isPending}
          isDisabled={isFetchingNextPage || !hasNextPage}
          onClick={() => fetchNextPage()}
        >
--- a/frontend/src/pages/organization/SecretScanningPage/SecretScanningPage.tsx
+++ b/frontend/src/pages/organization/SecretScanningPage/SecretScanningPage.tsx
@@ -2,7 +2,7 @@ import { useEffect } from "react";
 import { Helmet } from "react-helmet";
 import { useForm } from "react-hook-form";
 import { zodResolver } from "@hookform/resolvers/zod";
-import { useSearch } from "@tanstack/react-router";
+import { useNavigate, useSearch } from "@tanstack/react-router";

 import { OrgPermissionCan } from "@app/components/permissions";
 import { Button, NoticeBanner, PageHeader, Pagination } from "@app/components/v2";
@@ -36,6 +36,8 @@ export const SecretScanningPage = withPermission(
      from: ROUTE_PATHS.Organization.SecretScanning.id
    });

+    const navigate = useNavigate();
+
    const { control, watch } = useForm<SecretScanningFilterFormData>({
      resolver: zodResolver(secretScanningFilterFormSchema),
      defaultValues: {}
@@ -70,8 +72,11 @@ export const SecretScanningPage = withPermission(
    const { mutateAsync: linkGitAppInstallationWithOrganization } =
      useLinkGitAppInstallationWithOrg();
    const { mutateAsync: createNewIntegrationSession } = useCreateNewInstallationSession();
-    const { data: installationStatus, isPending: isSecretScanningInstatllationStatusLoading } =
-      useGetSecretScanningInstallationStatus(organizationId);
+    const {
+      data: installationStatus,
+      isPending: isSecretScanningInstatllationStatusLoading,
+      refetch: refetchSecretScanningInstallationStatus
+    } = useGetSecretScanningInstallationStatus(organizationId);
    const integrationEnabled =
      !isSecretScanningInstatllationStatusLoading && installationStatus?.appInstallationCompleted;

@@ -86,7 +91,10 @@ export const SecretScanningPage = withPermission(
              sessionId: String(queryParams.state)
            });
            if (isLinked) {
-              window.location.reload();
+              await navigate({
+                to: "/organization/secret-scanning"
+              });
+              refetchSecretScanningInstallationStatus();
            }

            console.log("installation verification complete");
--- a/frontend/src/pages/secret-manager/SecretApprovalsPage/components/SecretApprovalRequest/components/SecretApprovalRequestChanges.tsx
+++ b/frontend/src/pages/secret-manager/SecretApprovalsPage/components/SecretApprovalRequest/components/SecretApprovalRequestChanges.tsx
@@ -1,19 +1,36 @@
 import { ReactNode } from "react";
+import { Controller, useForm } from "react-hook-form";
 import {
+  faAngleDown,
  faArrowLeft,
-  faCheck,
  faCheckCircle,
  faCircle,
  faCodeBranch,
+  faComment,
  faFolder,
  faXmarkCircle
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { RadioGroup, RadioGroupIndicator, RadioGroupItem } from "@radix-ui/react-radio-group";
 import { twMerge } from "tailwind-merge";
+import z from "zod";

 import { createNotification } from "@app/components/notifications";
-import { Button, ContentLoader, EmptyState, IconButton, Tooltip } from "@app/components/v2";
+import {
+  Button,
+  ContentLoader,
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuTrigger,
+  EmptyState,
+  FormControl,
+  IconButton,
+  TextArea,
+  Tooltip
+} from "@app/components/v2";
 import { useUser } from "@app/context";
+import { usePopUp } from "@app/hooks";
 import {
  useGetSecretApprovalRequestDetails,
  useUpdateSecretApprovalReviewStatus
@@ -74,6 +91,13 @@ type Props = {
  onGoBack: () => void;
 };

+const reviewFormSchema = z.object({
+  comment: z.string().trim().optional().default(""),
+  status: z.nativeEnum(ApprovalStatus)
+});
+
+type TReviewFormSchema = z.infer<typeof reviewFormSchema>;
+
 export const SecretApprovalRequestChanges = ({
  approvalRequestId,
  onGoBack,
@@ -94,6 +118,16 @@ export const SecretApprovalRequestChanges = ({
    variables
  } = useUpdateSecretApprovalReviewStatus();

+  const { popUp, handlePopUpToggle } = usePopUp(["reviewChanges"] as const);
+  const {
+    control,
+    handleSubmit,
+    reset,
+    formState: { isSubmitting }
+  } = useForm<TReviewFormSchema>({
+    resolver: zodResolver(reviewFormSchema)
+  });
+
  const isApproving = variables?.status === ApprovalStatus.APPROVED && isUpdatingRequestStatus;
  const isRejecting = variables?.status === ApprovalStatus.REJECTED && isUpdatingRequestStatus;

@@ -101,23 +135,23 @@ export const SecretApprovalRequestChanges = ({
  const canApprove = secretApprovalRequestDetails?.policy?.approvers?.some(
    ({ userId }) => userId === userSession.id
  );
+
  const reviewedUsers = secretApprovalRequestDetails?.reviewers?.reduce<
-    Record<string, ApprovalStatus>
+    Record<string, { status: ApprovalStatus; comment: string }>
  >(
    (prev, curr) => ({
      ...prev,
-      [curr.userId]: curr.status
+      [curr.userId]: { status: curr.status, comment: curr.comment }
    }),
    {}
  );
-  const hasApproved = reviewedUsers?.[userSession.id] === ApprovalStatus.APPROVED;
-  const hasRejected = reviewedUsers?.[userSession.id] === ApprovalStatus.REJECTED;

-  const handleSecretApprovalStatusUpdate = async (status: ApprovalStatus) => {
+  const handleSecretApprovalStatusUpdate = async (status: ApprovalStatus, comment: string) => {
    try {
      await updateSecretApprovalRequestStatus({
        id: approvalRequestId,
-        status
+        status,
+        comment
      });
      createNotification({
        type: "success",
@@ -130,6 +164,16 @@ export const SecretApprovalRequestChanges = ({
        text: "Failed to update the request status"
      });
    }
+
+    handlePopUpToggle("reviewChanges", false);
+    reset({
+      comment: "",
+      status: ApprovalStatus.APPROVED
+    });
+  };
+
+  const handleSubmitReview = (data: TReviewFormSchema) => {
+    handleSecretApprovalStatusUpdate(data.status, data.comment);
  };

  if (isSecretApprovalRequestLoading) {
@@ -150,7 +194,7 @@ export const SecretApprovalRequestChanges = ({
  const isMergable =
    secretApprovalRequestDetails?.policy?.approvals <=
    secretApprovalRequestDetails?.policy?.approvers?.filter(
-      ({ userId }) => reviewedUsers?.[userId] === ApprovalStatus.APPROVED
+      ({ userId }) => reviewedUsers?.[userId]?.status === ApprovalStatus.APPROVED
    ).length;
  const hasMerged = secretApprovalRequestDetails?.hasMerged;

@@ -202,27 +246,115 @@ export const SecretApprovalRequestChanges = ({
            </div>
          </div>
          {!hasMerged && secretApprovalRequestDetails.status === "open" && (
-            <>
-              <Button
-                size="xs"
-                leftIcon={hasApproved && <FontAwesomeIcon icon={faCheck} />}
-                onClick={() => handleSecretApprovalStatusUpdate(ApprovalStatus.APPROVED)}
-                isLoading={isApproving}
-                isDisabled={isApproving || hasApproved || !canApprove}
-              >
-                {hasApproved ? "Approved" : "Approve"}
-              </Button>
-              <Button
-                size="xs"
-                colorSchema="danger"
-                leftIcon={hasRejected && <FontAwesomeIcon icon={faCheck} />}
-                onClick={() => handleSecretApprovalStatusUpdate(ApprovalStatus.REJECTED)}
-                isLoading={isRejecting}
-                isDisabled={isRejecting || hasRejected || !canApprove}
-              >
-                {hasRejected ? "Rejected" : "Reject"}
-              </Button>
-            </>
+            <DropdownMenu
+              open={popUp.reviewChanges.isOpen}
+              onOpenChange={(isOpen) => handlePopUpToggle("reviewChanges", isOpen)}
+            >
+              <DropdownMenuTrigger asChild>
+                <Button
+                  variant="outline_bg"
+                  rightIcon={<FontAwesomeIcon className="ml-2" icon={faAngleDown} />}
+                >
+                  Review
+                </Button>
+              </DropdownMenuTrigger>
+              <DropdownMenuContent align="end" asChild className="mt-3">
+                <form onSubmit={handleSubmit(handleSubmitReview)}>
+                  <div className="flex w-[400px] flex-col space-y-2 p-5">
+                    <div className="text-lg font-medium">Finish your review</div>
+                    <Controller
+                      control={control}
+                      name="comment"
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl errorText={error?.message} isError={Boolean(error)}>
+                          <TextArea
+                            {...field}
+                            placeholder="Leave a comment..."
+                            reSize="none"
+                            className="text-md mt-2 h-48 border border-mineshaft-600 bg-bunker-800"
+                          />
+                        </FormControl>
+                      )}
+                    />
+                    <Controller
+                      control={control}
+                      name="status"
+                      defaultValue={ApprovalStatus.APPROVED}
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl errorText={error?.message} isError={Boolean(error)}>
+                          <RadioGroup
+                            value={field.value}
+                            onValueChange={field.onChange}
+                            className="mb-4 space-y-2"
+                            aria-label="Status"
+                          >
+                            <div className="flex items-center gap-2">
+                              <RadioGroupItem
+                                id="approve"
+                                className="h-4 w-4 rounded-full border border-gray-300 text-primary focus:ring-2 focus:ring-mineshaft-500"
+                                value={ApprovalStatus.APPROVED}
+                                aria-labelledby="approve-label"
+                              >
+                                <RadioGroupIndicator className="flex h-full w-full items-center justify-center after:h-2 after:w-2 after:rounded-full after:bg-current" />
+                              </RadioGroupItem>
+                              <span
+                                id="approve-label"
+                                className="cursor-pointer"
+                                onClick={() => field.onChange(ApprovalStatus.APPROVED)}
+                                onKeyDown={(e) => {
+                                  if (e.key === "Enter" || e.key === " ") {
+                                    e.preventDefault();
+                                    field.onChange(ApprovalStatus.APPROVED);
+                                  }
+                                }}
+                                tabIndex={0}
+                                role="button"
+                              >
+                                Approve
+                              </span>
+                            </div>
+                            <div className="flex items-center gap-2">
+                              <RadioGroupItem
+                                id="reject"
+                                className="h-4 w-4 rounded-full border border-gray-300 text-primary focus:ring-2 focus:ring-mineshaft-500"
+                                value={ApprovalStatus.REJECTED}
+                                aria-labelledby="reject-label"
+                              >
+                                <RadioGroupIndicator className="flex h-full w-full items-center justify-center after:h-2 after:w-2 after:rounded-full after:bg-current" />
+                              </RadioGroupItem>
+                              <span
+                                id="reject-label"
+                                className="cursor-pointer"
+                                onClick={() => field.onChange(ApprovalStatus.REJECTED)}
+                                onKeyDown={(e) => {
+                                  if (e.key === "Enter" || e.key === " ") {
+                                    e.preventDefault();
+                                    field.onChange(ApprovalStatus.REJECTED);
+                                  }
+                                }}
+                                tabIndex={0}
+                                role="button"
+                              >
+                                Reject
+                              </span>
+                            </div>
+                          </RadioGroup>
+                        </FormControl>
+                      )}
+                    />
+                    <div className="flex justify-end">
+                      <Button
+                        type="submit"
+                        isLoading={isApproving || isRejecting || isSubmitting}
+                        variant="outline_bg"
+                      >
+                        Submit Review
+                      </Button>
+                    </div>
+                  </div>
+                </form>
+              </DropdownMenuContent>
+            </DropdownMenu>
          )}
        </div>
        <div className="flex flex-col space-y-4">
@@ -240,7 +372,40 @@ export const SecretApprovalRequestChanges = ({
            )
          )}
        </div>
-        <div className="mt-8 flex items-center space-x-6 rounded-lg bg-mineshaft-800 px-5 py-6">
+        <div className="mt-4 flex flex-col items-center rounded-lg">
+          {secretApprovalRequestDetails?.policy?.approvers
+            .filter((requiredApprover) => reviewedUsers?.[requiredApprover.userId])
+            .map((requiredApprover) => {
+              const reviewer = reviewedUsers?.[requiredApprover.userId];
+              return (
+                <div
+                  className="mb-4 flex w-full flex-col rounded-md bg-mineshaft-800 p-6"
+                  key={`required-approver-${requiredApprover.userId}`}
+                >
+                  <div>
+                    <span className="ml-1">
+                      {`${requiredApprover.firstName || ""} ${requiredApprover.lastName || ""}`} (
+                      {requiredApprover?.email}) has{" "}
+                    </span>
+                    <span
+                      className={`${reviewer?.status === ApprovalStatus.APPROVED ? "text-green-500" : "text-red-500"}`}
+                    >
+                      {reviewer?.status === ApprovalStatus.APPROVED ? "approved" : "rejected"}
+                    </span>{" "}
+                    the request.
+                  </div>
+                  {reviewer?.comment && (
+                    <FormControl label="Comment" className="mb-0 mt-2">
+                      <TextArea value={reviewer.comment} isDisabled reSize="none">
+                        {reviewer?.comment && reviewer.comment}
+                      </TextArea>
+                    </FormControl>
+                  )}
+                </div>
+              );
+            })}
+        </div>
+        <div className="flex items-center space-x-6 rounded-lg bg-mineshaft-800 px-5 py-6">
          <SecretApprovalRequestAction
            canApprove={canApprove}
            approvalRequestId={secretApprovalRequestDetails.id}
@@ -258,7 +423,7 @@ export const SecretApprovalRequestChanges = ({
        <div className="text-sm text-bunker-300">Reviewers</div>
        <div className="mt-2 flex flex-col space-y-2 text-sm">
          {secretApprovalRequestDetails?.policy?.approvers.map((requiredApprover) => {
-            const status = reviewedUsers?.[requiredApprover.userId];
+            const reviewer = reviewedUsers?.[requiredApprover.userId];
            return (
              <div
                className="flex flex-nowrap items-center space-x-2 rounded bg-mineshaft-800 px-2 py-1"
@@ -275,8 +440,17 @@ export const SecretApprovalRequestChanges = ({
                  <span className="text-red">*</span>
                </div>
                <div>
-                  <Tooltip content={status || ApprovalStatus.PENDING}>
-                    {getReviewedStatusSymbol(status)}
+                  {reviewer?.comment && (
+                    <Tooltip content={reviewer.comment}>
+                      <FontAwesomeIcon
+                        icon={faComment}
+                        size="xs"
+                        className="mr-1 text-mineshaft-300"
+                      />
+                    </Tooltip>
+                  )}
+                  <Tooltip content={reviewer?.status || ApprovalStatus.PENDING}>
+                    {getReviewedStatusSymbol(reviewer?.status)}
                  </Tooltip>
                </div>
              </div>
@@ -290,7 +464,7 @@ export const SecretApprovalRequestChanges = ({
                )
            )
            .map((reviewer) => {
-              const status = reviewedUsers?.[reviewer.userId];
+              const status = reviewedUsers?.[reviewer.userId].status;
              return (
                <div
                  className="flex flex-nowrap items-center space-x-2 rounded bg-mineshaft-800 px-2 py-1"
@@ -303,6 +477,15 @@ export const SecretApprovalRequestChanges = ({
                    <span className="text-red">*</span>
                  </div>
                  <div>
+                    {reviewer.comment && (
+                      <Tooltip content={reviewer.comment}>
+                        <FontAwesomeIcon
+                          icon={faComment}
+                          size="xs"
+                          className="mr-1 text-mineshaft-300"
+                        />
+                      </Tooltip>
+                    )}
                    <Tooltip content={status || ApprovalStatus.PENDING}>
                      {getReviewedStatusSymbol(status)}
                    </Tooltip>
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -15,6 +15,21 @@ server {
        proxy_cookie_path / "/; HttpOnly; SameSite=strict";
    }

+     location /api/v1/organization/audit-logs {
+        proxy_set_header X-Real-RIP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_pass http://backend:4000;
+        proxy_redirect off;
+
+        proxy_cookie_path / "/; HttpOnly; SameSite=strict";
+
+        proxy_read_timeout 121s; # query timeout with padding
+     }
+
    location /api/v3/migrate {
        client_max_body_size 25M;

--- a/nginx/default.dev.conf
+++ b/nginx/default.dev.conf
@@ -17,6 +17,21 @@ server {
        proxy_cookie_path / "/; HttpOnly; SameSite=strict";
    }

+     location /api/v1/organization/audit-logs {
+        proxy_set_header X-Real-RIP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_pass http://backend:4000;
+        proxy_redirect off;
+
+        proxy_cookie_path / "/; HttpOnly; SameSite=strict";
+
+        proxy_read_timeout 121s; # query timeout with padding
+    }
+
 		location /runtime-ui-env.js {
        proxy_set_header X-Real-RIP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Author	SHA1	Message	Date
Scott Wilson	2c12d8b404	improvement: make query timeout const	2025-03-05 16:26:56 -08:00
Scott Wilson	64fe4187ab	fix: update audit log endpoint and nginx timeout to handle lengthy queries	2025-03-05 16:19:07 -08:00
Maidul Islam	e351a16b5a	Merge pull request #3184 from Infisical/feat/add-secret-approval-review-comment feat: add secret approval review comment	2025-03-05 12:24:59 -05:00
Maidul Islam	2cfca823f2	Merge pull request #3187 from akhilmhdh/feat/connector feat: added ca to cli	2025-03-05 10:13:27 -05:00
=	a8398a7009	feat: added ca to cli	2025-03-05 20:00:45 +05:30
Sheen Capadngan	8c054cedfc	misc: added section for approval and rejections	2025-03-05 22:30:26 +08:00
Maidul Islam	24d4f8100c	Merge pull request #3183 from akhilmhdh/feat/connector feat: fixed cli issues in gateway	2025-03-05 08:26:04 -05:00
Maidul Islam	08f23e2d3c	remove background context	2025-03-05 08:24:56 -05:00
Sheen Capadngan	d1ad605ac4	misc: address nit	2025-03-05 21:19:41 +08:00
Sheen Capadngan	9dd5857ff5	misc: minor UI	2025-03-05 19:32:26 +08:00
Sheen Capadngan	babbacdc96	feat: add secret approval review comment	2025-03-05 19:25:56 +08:00
=	76427f43f7	feat: fixed cli issues in gateway	2025-03-05 16:16:07 +05:30
Maidul Islam	3badcea95b	added permission refresh and main context	2025-03-05 01:07:36 -05:00
Maidul Islam	1a4c0fe8d9	make heartbeat method simple + fix import	2025-03-04 23:21:26 -05:00
Daniel Hougaard	04f6864abc	Merge pull request #3177 from Infisical/improve-secret-scanning-setup Improvement: Clear Secret Scanning Query Params after Setup	2025-03-05 04:05:38 +04:00
Vlad Matsiiako	fcbe0f59d2	Merge pull request #3180 from Infisical/daniel/fix-vercel-custom-envs fix: vercel integration custom envs	2025-03-04 13:45:48 -08:00
Daniel Hougaard	e95b6fdeaa	cleanup	2025-03-05 01:36:06 +04:00
Daniel Hougaard	5391bcd3b2	fix: vercel integration custom envs	2025-03-05 01:33:58 +04:00
Maidul Islam	48fd9e2a56	Merge pull request #3179 from akhilmhdh/feat/connector feat: quick fix for quic	2025-03-04 15:52:48 -05:00
=	7b5926d865	feat: quick fix for quic	2025-03-05 02:14:00 +05:30
Maidul Islam	034123bcdf	Merge pull request #3175 from Infisical/feat/grantServerAdminAccessToUsers Allow server admins to grant server admin access to other users	2025-03-04 15:25:09 -05:00
carlosmonastyrski	f3786788fd	Improve UserPanelTable, moved from useState to handlePopUpOpen	2025-03-04 16:54:28 -03:00
carlosmonastyrski	53f7491441	Update UpgradePlanModal message to show relevant message on user actions	2025-03-04 16:30:22 -03:00
Scott Wilson	5c606fe45f	improvement: replace window reload with query refetch	2025-03-04 10:39:40 -08:00
carlosmonastyrski	bbf60169eb	Update Server Admin Console documentation and add a fix for endpoint /admin-access	2025-03-04 15:29:34 -03:00
Scott Wilson	72dbef97fb	improvement: clear query params after setup to avoid false error messages	2025-03-04 10:14:56 -08:00
carlosmonastyrski	08ec8c9b73	Fix linter issue and remove background colors from dropdown list	2025-03-04 13:58:34 -03:00
carlosmonastyrski	be4adc2759	Allow server admins to grant server admin access to other users	2025-03-04 12:38:27 -03:00