feat: admin role + /admin page to manage custom attributes#522
Open
JeromeBu wants to merge 1 commit into
Open
Conversation
Adds a `role` column on users (default `user`, manual promote-by-SQL)
and a new `/admin` page reachable from the user menu (admin-only). The
page lists `software_attribute_definitions` and lets an administrator
create or edit them; deletion is intentionally deferred since values
are stored in the `softwares.customAttributes` JSONB.
API:
- Migration adding `users.role TEXT NOT NULL DEFAULT 'user'` with a
`CHECK (role IN ('user','admin'))` constraint.
- `adminProcedure` middleware (FORBIDDEN if `currentUser.role !== "admin"`).
- New routes: `getAttributeDefinitions` (logged), `createAttributeDefinition`
and `updateAttributeDefinition` (admin). Server-side check rejects a
duplicate `displayOrder` with CONFLICT.
- `AttributeDefinitionRepository` gains `add` and `update`.
Web:
- New page `web/src/ui/pages/admin/{Admin,AttributeDefinitionFormModal}`
+ `adminAttributes` redux slice; admin link conditionally rendered in
`<AuthButtons>` (shield icon).
- Shared `attributeIcons` module exposes the icon-name → DSFR class map
and the value list, reused by the table and the form button group.
Bootstrap an admin manually:
`UPDATE users SET role = 'admin' WHERE email = '...';`
Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
rolecolumn on users (user|admin, defaultuser, promote manually with SQL) and anadminProceduremiddleware on tRPC./adminpage (admin-only) listingsoftware_attribute_definitionswith create/edit (delete deferred — values are stored in thesoftwares.customAttributesJSONB).adminAttributes, shared icon module, conditional shield-icon link in the user menu.Bootstrap an admin
Migration only sets the column. Promote a user manually:
API surface
getAttributeDefinitionscreateAttributeDefinitionnameand duplicatedisplayOrder(CONFLICT)updateAttributeDefinitionnameandkindare not editableTest plan
pnpm db:up(applies migration1778168171859_add-user-role)psql … -c "\d users"showsrole text NOT NULL DEFAULT 'user'+ check constraintcreateAttributeDefinitionreturns FORBIDDEN;/adminredirects to home; admin link is hiddenUPDATE users SET role='admin' WHERE email='…'then re-login/adminshows the 4 existing definitions with FR labels + identifier underneathnameandkindare disabled, the rest is editable; saving updates the rowstringattributetestFieldwithdisplayInForm = true→ appears in the table and in the software-form123abc/with-dashare rejected; reusing an existingdisplayOrderreturns a CONFLICT alertpnpm fullcheckgreen🤖 Generated with Claude Code