akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Add user management admin page with role, status, and profile editing

Browse Source 
- New /users page with search, inline editing, role/status changes, and deletion
- Model: added updateUserRole, updateUserStatus, deleteUser functions
- API: PUT /api/v1/users/[id] now supports role and status fields, added DELETE
- Safety: cannot change own role/status or delete own account

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
fuomag9
2026-04-05 22:40:10 +02:00
parent 708b908679
commit 94efaad5dd
7 changed files with 471 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
app/api/v1/users/[id]/route.ts
View File

@@ -1,6 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { requireApiUser, requireApiAdmin, apiErrorResponse, ApiAuthError } from "@/src/lib/api-auth";
import { getUserById, updateUserProfile } from "@/src/lib/models/user";
import { getUserById, updateUserProfile, updateUserRole, updateUserStatus, deleteUser } from "@/src/lib/models/user";
function stripPasswordHash(user: Record<string, unknown>) {
const { password_hash: _, ...rest } = user;
@@ -37,10 +37,37 @@ export async function PUT(
{ params }: { params: Promise<{ id: string }> }
) {
try {
await requireApiAdmin(request);
const auth = await requireApiAdmin(request);
const { id } = await params;
const targetId = Number(id);
const body = await request.json();
const user = await updateUserProfile(Number(id), body);
// Handle role change
if (body.role && ["admin", "user", "viewer"].includes(body.role)) {
if (auth.userId === targetId) {
return NextResponse.json({ error: "Cannot change your own role" }, { status: 400 });
}
await updateUserRole(targetId, body.role);
}
// Handle status change
if (body.status && ["active", "disabled"].includes(body.status)) {
if (auth.userId === targetId) {
return NextResponse.json({ error: "Cannot change your own status" }, { status: 400 });
}
await updateUserStatus(targetId, body.status);
}
// Handle profile update
const profileFields: Record<string, unknown> = {};
if (body.email !== undefined) profileFields.email = body.email;
if (body.name !== undefined) profileFields.name = body.name;
if (body.avatar_url !== undefined) profileFields.avatar_url = body.avatar_url;
if (Object.keys(profileFields).length > 0) {
await updateUserProfile(targetId, profileFields as { email?: string; name?: string | null; avatar_url?: string | null });
}
const user = await getUserById(targetId);
if (!user) {
return NextResponse.json({ error: "Not found" }, { status: 404 });
}
@@ -49,3 +76,28 @@ export async function PUT(
return apiErrorResponse(error);
}
}
export async function DELETE(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const auth = await requireApiAdmin(request);
const { id } = await params;
const targetId = Number(id);
if (auth.userId === targetId) {
return NextResponse.json({ error: "Cannot delete your own account" }, { status: 400 });
}
const user = await getUserById(targetId);
if (!user) {
return NextResponse.json({ error: "Not found" }, { status: 404 });
}
await deleteUser(targetId);
return new NextResponse(null, { status: 204 });
} catch (error) {
return apiErrorResponse(error);
}
}