Add admin user management with role-gated access
Backend: - schemas/user.py: is_admin (validation_alias=is_superuser) on UserOut and UserAdminOut; UserAdminCreate extends UserCreate with is_admin flag - deps.py: get_current_admin dependency — 403 for non-superusers - routers/admin.py: GET/POST /api/admin/users, DELETE and PATCH /active per user; self-delete and self-deactivate blocked - main.py: register /api/admin router - scripts/seed.py: seed test user with is_superuser=True; promotes existing user if already created without the flag Frontend: - api/client.ts: UserData type with is_admin, admin API functions - components/Nav.tsx: Admin link visible only when user.is_admin is true - pages/AdminPage.tsx: user table with add-user form, delete, toggle active - App.tsx: AdminRoute guard (403-redirects non-admins to /); /admin route Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
@@ -17,7 +17,8 @@ A fullstack SaaS web application built with FastAPI, React, and PostgreSQL.
|
||||
- `/api/users/me` — authenticated user info
|
||||
- `/api/profile/me` — GET/PUT personal profile (position, phone, date of birth, address)
|
||||
- Profile data stored in a dedicated `profiles` table; auto-created on first access
|
||||
- Admin role flag (`is_superuser`) stored in `users` table; hidden from all API responses
|
||||
- Admin role flag (`is_superuser`) stored in `users` table; exposed as `is_admin` in API (false for regular users, true for admins)
|
||||
- Admin-only user management at `/admin`: list all users, add users, delete users, toggle active status
|
||||
- All input sanitized before reaching the DB (null-byte rejection, length caps, format validation)
|
||||
- 3 separate Docker containers: `db` (PostgreSQL), `backend` (FastAPI), `frontend` (nginx)
|
||||
- All containers run as non-root users (UID 1001 for backend and frontend, UID 70 for db)
|
||||
|
||||
Reference in New Issue
Block a user