Create Page for Admin Role Assignment & Access ControlΒ #204
Description
The Admin Role Management page includes the following functionality:
- β Assign Admin role to other users by entering their email.
- π View a list of all users who currently have the Admin role (including their name and email).
- β Revoke Admin access from other Admin users (excluding self, ideally).
This feature ensures only trusted users can manage administrative privileges, enhancing overall security and control within the application.
π― Objectives
- β Assign Admin role to a user by email.
- π Display a list of all current Admin users.
- β Allow Admins to delete/revoke another Adminβs access.
π Access Control
- This page is restricted to authenticated users with the Admin role.
- If a non-admin user attempts to access the page:
- They should be redirected to a safe route (e.g., dashboard or homepage), or
- They should see an "Access Denied" message.
π API Integration
πΈ 1. Assign Admin Role
- Endpoint:
POST /api/v1/role/create
Payload:
{
"email": "user@example.com"
}
πΉ 2. Get All Admins
- (Assumed endpoint):
GET /api/v1/role/admins - Response Example:
[
{
"name": "John Doe",
"email": "john@example.com",
"role": "admin"
},
...
]
π» 3. Delete Admin Role
- (Assumed endpoint):
DELETE /api/v1/role/admin/:email - Params: Admin email to revoke access from
- β Make sure backend prevents an admin from deleting their own role unless intended.