feat(02-04): implement admin API endpoints — user CRUD, quota management, AI config · f94e8d8b4a - kite

curo/kite

feat(02-04): implement admin API endpoints — user CRUD, quota management, AI config

- GET /api/admin/users: list users (safe fields only, ordered by created_at)
- POST /api/admin/users: create user (password_must_change=True, quota init)
- PATCH /api/admin/users/{id}/status: deactivate/reactivate with sole-admin guard
- POST /api/admin/users/{id}/password-reset: Celery email dispatch (no token returned)
- GET /api/admin/users/{id}/quota: quota view with MB helpers
- PATCH /api/admin/users/{id}/quota: quota adjust with below-usage warning
- PATCH /api/admin/users/{id}/ai-config: assign AI provider/model per user
- _user_to_dict() whitelist helper prevents password_hash/credentials_enc leakage
- No impersonation endpoint (ADMIN-07 enforced by omission)
- get_current_admin Depends() on every handler (SEC-07)
- Updated backend/main.py to include admin_router
- Fixed test: mock send_reset_email.delay to avoid Redis in unit tests

This commit is contained in:

curo1305

2026-05-22 20:01:37 +02:00

parent cbad9acac1

commit f94e8d8b4a

3 changed files with 392 additions and 1 deletions

									
										backend/main.py
									
		+2
		
												View File
												
				@@ -175,4 +175,6 @@ app.include_router(settings_router)

				# Phase 2: auth and admin routers

				from api.auth import router as auth_router  # noqa: E402

				from api.admin import router as admin_router  # noqa: E402

				app.include_router(auth_router)

				app.include_router(admin_router)