From 3146a04ad8da9e7422ccaaf2ba81d0031894ea39 Mon Sep 17 00:00:00 2001
From: Dev <dev@sharepoint-toolbox.local>
Date: Tue, 7 Apr 2026 12:40:51 +0200
Subject: [PATCH] feat(07-06): implement UserAccessHtmlExportService

- BuildHtml produces self-contained HTML with inline CSS and JS
- Stats cards: Total Accesses, Users Audited, Sites Scanned, High Privilege, External Users
- Per-user summary cards with high-privilege border highlight and guest badge
- Dual-view toggle (By User / By Site) with JS toggleView()
- Collapsible group headers per user and per site via toggleGroup()
- Sortable columns via sortTable() within each group
- Text filter via filterTable() scoping to active view
- Color-coded access type badges: Direct (blue), Group (green), Inherited (gray)
- High-privilege rows with bold text and warning icon
- External user guest badge (orange pill)
- UTF-8 without BOM encoding (matching HtmlExportService pattern)
---
 .../Export/UserAccessHtmlExportService.cs     | 349 ++++++++++++++++++
 1 file changed, 349 insertions(+)
 create mode 100644 SharepointToolbox/Services/Export/UserAccessHtmlExportService.cs
diff --git a/SharepointToolbox/Services/Export/UserAccessHtmlExportService.cs b/SharepointToolbox/Services/Export/UserAccessHtmlExportService.cs
new file mode 100644
index 0000000..de2a55f
--- /dev/null
+++ b/SharepointToolbox/Services/Export/UserAccessHtmlExportService.cs
@@ -0,0 +1,349 @@
+using System.IO;
+using System.Text;
+using SharepointToolbox.Core.Models;
+
+namespace SharepointToolbox.Services.Export;
+
+/// <summary>
+/// Exports user access audit results to a self-contained interactive HTML report.
+/// Produces a single HTML file with dual-view toggle (by-user / by-site),
+/// collapsible groups, sortable columns, filter input, and risk highlighting.
+/// No external CSS/JS dependencies — everything is inline.
+/// </summary>
+public class UserAccessHtmlExportService
+{
+    /// <summary>
+    /// Builds a self-contained HTML string from the supplied user access entries.
+    /// </summary>
+    public string BuildHtml(IReadOnlyList<UserAccessEntry> entries)
+    {
+        // Compute stats
+        var totalAccesses    = entries.Count;
+        var usersAudited     = entries.Select(e => e.UserLogin).Distinct().Count();
+        var sitesScanned     = entries.Select(e => e.SiteUrl).Distinct().Count();
+        var highPrivCount    = entries.Count(e => e.IsHighPrivilege);
+        var externalCount    = entries.Count(e => e.IsExternalUser);
+
+        var sb = new StringBuilder();
+
+        // ── HTML HEAD ──────────────────────────────────────────────────────────
+        sb.AppendLine("<!DOCTYPE html>");
+        sb.AppendLine("<html lang=\"en\">");
+        sb.AppendLine("<head>");
+        sb.AppendLine("<meta charset=\"UTF-8\">");
+        sb.AppendLine("<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">");
+        sb.AppendLine("<title>User Access Audit Report</title>");
+        sb.AppendLine("<style>");
+        sb.AppendLine(@"
+* { box-sizing: border-box; margin: 0; padding: 0; }
+body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #f5f5f5; color: #333; }
+h1 { padding: 20px 24px 10px; font-size: 1.5rem; color: #1a1a2e; }
+.stats { display: flex; gap: 16px; padding: 0 24px 16px; flex-wrap: wrap; }
+.stat-card { background: #fff; border-radius: 8px; padding: 14px 20px; min-width: 160px; box-shadow: 0 1px 4px rgba(0,0,0,.1); }
+.stat-card .value { font-size: 2rem; font-weight: 700; color: #1a1a2e; }
+.stat-card .label { font-size: .8rem; color: #666; margin-top: 2px; }
+/* View toggle */
+.view-toggle { display: flex; gap: 8px; padding: 0 24px 12px; }
+.view-toggle button { padding: 7px 18px; border: 1px solid #ccc; border-radius: 6px; background: #fff; cursor: pointer; font-size: .9rem; }
+.view-toggle button.active { background: #1a1a2e; color: #fff; border-color: #1a1a2e; }
+/* Filter */
+.filter-wrap { padding: 0 24px 12px; }
+#filter { width: 320px; padding: 8px 12px; border: 1px solid #ccc; border-radius: 6px; font-size: .95rem; }
+/* Per-user summary cards */
+.user-summary { padding: 0 24px 16px; display: flex; gap: 12px; flex-wrap: wrap; }
+.user-card { background: #fff; border-radius: 8px; padding: 12px 16px; min-width: 200px; box-shadow: 0 1px 4px rgba(0,0,0,.1); }
+.user-card .user-name { font-weight: 600; font-size: .95rem; color: #1a1a2e; margin-bottom: 4px; }
+.user-card .user-stats { font-size: .8rem; color: #555; }
+.user-card.has-high-priv { border-left: 4px solid #dc2626; }
+/* Table wrap */
+.table-wrap { overflow-x: auto; padding: 0 24px 32px; }
+table { width: 100%; border-collapse: collapse; background: #fff; border-radius: 8px; overflow: hidden; box-shadow: 0 1px 4px rgba(0,0,0,.1); }
+th { background: #1a1a2e; color: #fff; padding: 10px 14px; text-align: left; font-size: .85rem; white-space: nowrap; cursor: pointer; user-select: none; }
+th:hover { background: #2d2d4e; }
+td { padding: 9px 14px; border-bottom: 1px solid #eee; vertical-align: top; font-size: .875rem; }
+tr:last-child td { border-bottom: none; }
+tr:hover td { background: #fafafa; }
+/* Group headers */
+.group-header { cursor: pointer; background: #f0f0f0; padding: 10px 14px; font-weight: 600; font-size: .875rem; }
+.group-header:hover { background: #e8e8e8; }
+.group-header td { background: inherit !important; font-weight: 600; }
+/* Badges */
+.badge { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: .75rem; font-weight: 600; white-space: nowrap; }
+/* Access type badges */
+.access-direct    { background: #dbeafe; color: #1e40af; }
+.access-group     { background: #dcfce7; color: #166534; }
+.access-inherited { background: #f3f4f6; color: #374151; }
+/* High privilege */
+.high-priv { font-weight: 700; }
+/* Guest badge */
+.guest-badge { display: inline-block; padding: 2px 8px; border-radius: 12px; font-size: .75rem; font-weight: 600; background: #fff7ed; color: #9a3412; border: 1px solid #fed7aa; margin-left: 4px; }
+/* User pills */
+.user-pill { display: inline-block; background: #e0e7ff; color: #3730a3; border-radius: 12px; padding: 2px 10px; font-size: .75rem; margin: 2px 3px 2px 0; white-space: nowrap; }
+a { color: #2563eb; text-decoration: none; }
+a:hover { text-decoration: underline; }
+.hidden { display: none; }
+");
+        sb.AppendLine("</style>");
+        sb.AppendLine("</head>");
+
+        // ── BODY ───────────────────────────────────────────────────────────────
+        sb.AppendLine("<body>");
+        sb.AppendLine("<h1>User Access Audit Report</h1>");
+
+        // Stats cards
+        sb.AppendLine("<div class=\"stats\">");
+        sb.AppendLine($"  <div class=\"stat-card\"><div class=\"value\">{totalAccesses}</div><div class=\"label\">Total Accesses</div></div>");
+        sb.AppendLine($"  <div class=\"stat-card\"><div class=\"value\">{usersAudited}</div><div class=\"label\">Users Audited</div></div>");
+        sb.AppendLine($"  <div class=\"stat-card\"><div class=\"value\">{sitesScanned}</div><div class=\"label\">Sites Scanned</div></div>");
+        sb.AppendLine($"  <div class=\"stat-card\"><div class=\"value\">{highPrivCount}</div><div class=\"label\">High Privilege</div></div>");
+        sb.AppendLine($"  <div class=\"stat-card\"><div class=\"value\">{externalCount}</div><div class=\"label\">External Users</div></div>");
+        sb.AppendLine("</div>");
+
+        // Per-user summary cards
+        sb.AppendLine("<div class=\"user-summary\">");
+        var userGroups = entries.GroupBy(e => e.UserLogin).OrderBy(g => g.Key).ToList();
+        foreach (var ug in userGroups)
+        {
+            var uName     = HtmlEncode(ug.First().UserDisplayName);
+            var uLogin    = HtmlEncode(ug.Key);
+            var uTotal    = ug.Count();
+            var uSites    = ug.Select(e => e.SiteUrl).Distinct().Count();
+            var uHighPriv = ug.Count(e => e.IsHighPrivilege);
+            var uIsExt    = ug.First().IsExternalUser;
+            var cardClass = uHighPriv > 0 ? "user-card has-high-priv" : "user-card";
+
+            sb.AppendLine($"  <div class=\"{cardClass}\">");
+            sb.AppendLine($"    <div class=\"user-name\">{uName}{(uIsExt ? " <span class=\"guest-badge\">Guest</span>" : "")}</div>");
+            sb.AppendLine($"    <div class=\"user-stats\">{uLogin}</div>");
+            sb.AppendLine($"    <div class=\"user-stats\">{uTotal} accesses &bull; {uSites} site(s){(uHighPriv > 0 ? $" &bull; <span style=\"color:#dc2626\">{uHighPriv} high-priv</span>" : "")}</div>");
+            sb.AppendLine("  </div>");
+        }
+        sb.AppendLine("</div>");
+
+        // View toggle buttons
+        sb.AppendLine("<div class=\"view-toggle\">");
+        sb.AppendLine("  <button id=\"btn-user\" class=\"active\" onclick=\"toggleView('user')\">By User</button>");
+        sb.AppendLine("  <button id=\"btn-site\" onclick=\"toggleView('site')\">By Site</button>");
+        sb.AppendLine("</div>");
+
+        // Filter input
+        sb.AppendLine("<div class=\"filter-wrap\">");
+        sb.AppendLine("  <input type=\"text\" id=\"filter\" placeholder=\"Filter results...\" oninput=\"filterTable()\" />");
+        sb.AppendLine("</div>");
+
+        // ── BY-USER VIEW ───────────────────────────────────────────────────────
+        sb.AppendLine("<div id=\"view-user\" class=\"table-wrap\">");
+        sb.AppendLine("<table id=\"tbl-user\">");
+        sb.AppendLine("<thead><tr>");
+        sb.AppendLine("  <th onclick=\"sortTable('user',0)\">Site</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('user',1)\">Object Type</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('user',2)\">Object</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('user',3)\">Permission Level</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('user',4)\">Access Type</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('user',5)\">Granted Through</th>");
+        sb.AppendLine("</tr></thead>");
+        sb.AppendLine("<tbody id=\"tbody-user\">");
+
+        int userGroupIdx = 0;
+        foreach (var ug in userGroups)
+        {
+            var groupId  = $"ugrp{userGroupIdx++}";
+            var uName    = HtmlEncode(ug.First().UserDisplayName);
+            var uIsExt   = ug.First().IsExternalUser;
+            var uCount   = ug.Count();
+            var guestBadge = uIsExt ? " <span class=\"guest-badge\">Guest</span>" : "";
+
+            sb.AppendLine($"<tr class=\"group-header\" onclick=\"toggleGroup('{groupId}')\">");
+            sb.AppendLine($"  <td colspan=\"6\">{uName}{guestBadge} &mdash; {uCount} access(es)</td>");
+            sb.AppendLine("</tr>");
+
+            foreach (var entry in ug)
+            {
+                var rowClass   = entry.IsHighPrivilege ? " class=\"high-priv\"" : "";
+                var accessBadge = AccessTypeBadge(entry.AccessType);
+                var highIcon   = entry.IsHighPrivilege ? " &#9888;" : "";
+
+                sb.AppendLine($"<tr data-group=\"{groupId}\">");
+                sb.AppendLine($"  <td{rowClass}>{HtmlEncode(entry.SiteTitle)}</td>");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.ObjectType)}</td>");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.ObjectTitle)}</td>");
+                sb.AppendLine($"  <td{rowClass}>{HtmlEncode(entry.PermissionLevel)}{highIcon}</td>");
+                sb.AppendLine($"  <td>{accessBadge}</td>");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.GrantedThrough)}</td>");
+                sb.AppendLine("</tr>");
+            }
+        }
+
+        sb.AppendLine("</tbody>");
+        sb.AppendLine("</table>");
+        sb.AppendLine("</div>");
+
+        // ── BY-SITE VIEW ───────────────────────────────────────────────────────
+        sb.AppendLine("<div id=\"view-site\" class=\"table-wrap hidden\">");
+        sb.AppendLine("<table id=\"tbl-site\">");
+        sb.AppendLine("<thead><tr>");
+        sb.AppendLine("  <th onclick=\"sortTable('site',0)\">User</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('site',1)\">Object Type</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('site',2)\">Object</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('site',3)\">Permission Level</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('site',4)\">Access Type</th>");
+        sb.AppendLine("  <th onclick=\"sortTable('site',5)\">Granted Through</th>");
+        sb.AppendLine("</tr></thead>");
+        sb.AppendLine("<tbody id=\"tbody-site\">");
+
+        var siteGroups = entries.GroupBy(e => e.SiteUrl).OrderBy(g => g.Key).ToList();
+        int siteGroupIdx = 0;
+        foreach (var sg in siteGroups)
+        {
+            var groupId   = $"sgrp{siteGroupIdx++}";
+            var siteTitle = HtmlEncode(sg.First().SiteTitle);
+            var sCount    = sg.Count();
+
+            sb.AppendLine($"<tr class=\"group-header\" onclick=\"toggleGroup('{groupId}')\">");
+            sb.AppendLine($"  <td colspan=\"6\">{siteTitle} &mdash; {sCount} access(es)</td>");
+            sb.AppendLine("</tr>");
+
+            foreach (var entry in sg)
+            {
+                var rowClass   = entry.IsHighPrivilege ? " class=\"high-priv\"" : "";
+                var accessBadge = AccessTypeBadge(entry.AccessType);
+                var highIcon   = entry.IsHighPrivilege ? " &#9888;" : "";
+                var guestBadge = entry.IsExternalUser ? " <span class=\"guest-badge\">Guest</span>" : "";
+
+                sb.AppendLine($"<tr data-group=\"{groupId}\">");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.UserDisplayName)}{guestBadge}</td>");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.ObjectType)}</td>");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.ObjectTitle)}</td>");
+                sb.AppendLine($"  <td{rowClass}>{HtmlEncode(entry.PermissionLevel)}{highIcon}</td>");
+                sb.AppendLine($"  <td>{accessBadge}</td>");
+                sb.AppendLine($"  <td>{HtmlEncode(entry.GrantedThrough)}</td>");
+                sb.AppendLine("</tr>");
+            }
+        }
+
+        sb.AppendLine("</tbody>");
+        sb.AppendLine("</table>");
+        sb.AppendLine("</div>");
+
+        // ── INLINE JS ─────────────────────────────────────────────────────────
+        sb.AppendLine("<script>");
+        sb.AppendLine(@"
+var _currentView = 'user';
+var _sortState = {};
+
+function toggleView(view) {
+  _currentView = view;
+  document.getElementById('view-user').classList.toggle('hidden', view !== 'user');
+  document.getElementById('view-site').classList.toggle('hidden', view !== 'site');
+  document.getElementById('btn-user').classList.toggle('active', view === 'user');
+  document.getElementById('btn-site').classList.toggle('active', view === 'site');
+  // Re-apply filter to new view
+  filterTable();
+}
+
+function filterTable() {
+  var input = document.getElementById('filter').value.toLowerCase();
+  var tbodyId = _currentView === 'user' ? 'tbody-user' : 'tbody-site';
+  var tbody = document.getElementById(tbodyId);
+  var rows = tbody.querySelectorAll('tr[data-group]');
+  var groupsWithVisible = {};
+
+  rows.forEach(function(row) {
+    var matches = row.textContent.toLowerCase().indexOf(input) > -1;
+    row.style.display = matches ? '' : 'none';
+    if (matches) {
+      groupsWithVisible[row.getAttribute('data-group')] = true;
+    }
+  });
+
+  // Show/hide group headers based on whether they have visible children
+  var headers = tbody.querySelectorAll('tr.group-header');
+  headers.forEach(function(hdr) {
+    // find next sibling rows until next header
+    var next = hdr.nextElementSibling;
+    var groupId = null;
+    while (next && next.getAttribute('data-group')) {
+      groupId = next.getAttribute('data-group');
+      break;
+    }
+    if (groupId) {
+      hdr.style.display = groupsWithVisible[groupId] ? '' : 'none';
+    }
+  });
+}
+
+function toggleGroup(id) {
+  var rows = document.querySelectorAll('tr[data-group=""' + id + '""]');
+  var isHidden = rows.length > 0 && rows[0].style.display === 'none';
+  rows.forEach(function(r) { r.style.display = isHidden ? '' : 'none'; });
+}
+
+function sortTable(view, col) {
+  var tbodyId = view === 'user' ? 'tbody-user' : 'tbody-site';
+  var tbody = document.getElementById(tbodyId);
+  var key = view + '_' + col;
+  var asc = _sortState[key] !== true;
+  _sortState[key] = asc;
+
+  // Sort within each group separately
+  var groupHeaders = Array.from(tbody.querySelectorAll('tr.group-header'));
+  groupHeaders.forEach(function(hdr) {
+    var groupId = null;
+    var next = hdr.nextElementSibling;
+    while (next && next.getAttribute('data-group')) {
+      groupId = next.getAttribute('data-group');
+      break;
+    }
+    if (!groupId) return;
+    var groupRows = Array.from(tbody.querySelectorAll('tr[data-group=""' + groupId + '""]'));
+    groupRows.sort(function(a, b) {
+      var aText = (a.cells[col] ? a.cells[col].textContent : '').trim().toLowerCase();
+      var bText = (b.cells[col] ? b.cells[col].textContent : '').trim().toLowerCase();
+      return asc ? aText.localeCompare(bText) : bText.localeCompare(aText);
+    });
+    // Re-insert sorted rows after the group header
+    var insertAfter = hdr;
+    groupRows.forEach(function(row) {
+      tbody.insertBefore(row, insertAfter.nextSibling);
+      insertAfter = row;
+    });
+  });
+}
+");
+        sb.AppendLine("</script>");
+        sb.AppendLine("</body>");
+        sb.AppendLine("</html>");
+
+        return sb.ToString();
+    }
+
+    /// <summary>
+    /// Writes the HTML report to the specified file path using UTF-8 without BOM.
+    /// </summary>
+    public async Task WriteAsync(IReadOnlyList<UserAccessEntry> entries, string filePath, CancellationToken ct)
+    {
+        var html = BuildHtml(entries);
+        await File.WriteAllTextAsync(filePath, html, new UTF8Encoding(encoderShouldEmitUTF8Identifier: false), ct);
+    }
+
+    /// <summary>Returns a colored badge span for the given access type.</summary>
+    private static string AccessTypeBadge(AccessType accessType) => accessType switch
+    {
+        AccessType.Direct    => "<span class=\"badge access-direct\">Direct</span>",
+        AccessType.Group     => "<span class=\"badge access-group\">Group</span>",
+        AccessType.Inherited => "<span class=\"badge access-inherited\">Inherited</span>",
+        _                    => $"<span class=\"badge\">{HtmlEncode(accessType.ToString())}</span>"
+    };
+
+    /// <summary>Minimal HTML encoding for text content and attribute values.</summary>
+    private static string HtmlEncode(string value)
+    {
+        if (string.IsNullOrEmpty(value)) return string.Empty;
+        return value
+            .Replace("&",  "&amp;")
+            .Replace("<",  "&lt;")
+            .Replace(">",  "&gt;")
+            .Replace("\"", "&quot;")
+            .Replace("'",  "&#39;");
+    }
+}

Site	Object Type	Object	Permission Level	Access Type	Granted Through
{uName}{guestBadge} — {uCount} access(es)
{HtmlEncode(entry.ObjectType)}	{HtmlEncode(entry.ObjectTitle)}	{accessBadge}	{HtmlEncode(entry.GrantedThrough)}
User	Object Type	Object	Permission Level	Access Type	Granted Through
{siteTitle} — {sCount} access(es)
{HtmlEncode(entry.UserDisplayName)}{guestBadge}	{HtmlEncode(entry.ObjectType)}	{HtmlEncode(entry.ObjectTitle)}	{accessBadge}	{HtmlEncode(entry.GrantedThrough)}