docs: add super-admin role documentation
Add comprehensive documentation for the new super-admin role feature: README.md: - Update Users Table schema with isAdmin, isSuperAdmin, lastSeen fields - Add Admin API section with all endpoints - Add User Roles and Permissions section with security rules docs/DOCUMENTATION.md: - Update Users Table schema - Add Admin System section with overview, roles, security rules - Document all admin API endpoints - Add audit logging details - Include JWT token structure - Add setup and deployment instructions CLAUDE.md: - Add Admin System and User Roles section - Document admin service functions - Include security rules - Add JWT token claims structure - Document frontend admin interface Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
49
README.md
49
README.md
@@ -277,6 +277,52 @@ The application will be available at:
|
||||
### Health
|
||||
- `GET /api/health` - Health check endpoint
|
||||
|
||||
### Admin API (Admin Only)
|
||||
|
||||
All admin endpoints require authentication and admin privileges.
|
||||
|
||||
- `GET /api/admin/stats` - Get system-wide statistics
|
||||
- `GET /api/admin/users` - Get all users with statistics
|
||||
- `GET /api/admin/users/:userId` - Get detailed information about a specific user
|
||||
- `POST /api/admin/users/:userId/role` - Update user role (`user`, `admin`, `super-admin`)
|
||||
- `DELETE /api/admin/users/:userId` - Delete a user
|
||||
- `POST /api/admin/impersonate/:userId` - Start impersonating a user
|
||||
- `POST /api/admin/impersonate/stop` - Stop impersonating and return to admin account
|
||||
- `GET /api/admin/impersonation/status` - Get current impersonation status
|
||||
- `GET /api/admin/actions` - Get admin actions log
|
||||
- `GET /api/admin/actions/my` - Get current admin's action log
|
||||
|
||||
### User Roles and Permissions
|
||||
|
||||
The application supports three user roles with different permission levels:
|
||||
|
||||
**Regular User**
|
||||
- View own QSOs
|
||||
- Sync from LoTW and DCL
|
||||
- Track award progress
|
||||
- Manage own credentials
|
||||
|
||||
**Admin**
|
||||
- All user permissions
|
||||
- View system statistics
|
||||
- View all users
|
||||
- Promote/demote regular users to/from admin
|
||||
- Delete regular users
|
||||
- Impersonate regular users (for support)
|
||||
- View admin action log
|
||||
|
||||
**Super Admin**
|
||||
- All admin permissions
|
||||
- Promote/demote admins to/from super-admin
|
||||
- Impersonate other admins (for support)
|
||||
- Full access to all admin functions
|
||||
|
||||
**Security Rules:**
|
||||
- Only super-admins can promote or demote super-admins
|
||||
- Regular admins cannot promote users to super-admin
|
||||
- Super-admins cannot demote themselves
|
||||
- Cannot demote the last super-admin
|
||||
|
||||
## Database Schema
|
||||
|
||||
### Users Table
|
||||
@@ -289,6 +335,9 @@ CREATE TABLE users (
|
||||
lotwUsername TEXT,
|
||||
lotwPassword TEXT,
|
||||
dclApiKey TEXT, -- DCL API key (for future use)
|
||||
isAdmin INTEGER DEFAULT 0 NOT NULL,
|
||||
isSuperAdmin INTEGER DEFAULT 0 NOT NULL,
|
||||
lastSeen INTEGER,
|
||||
createdAt TEXT NOT NULL,
|
||||
updatedAt TEXT NOT NULL
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user