# Admin Members Management - Separate Routes Implementation ## Overview This implementation creates a clean separation between family member management and admin member management by introducing dedicated admin routes. This ensures: - `/family/*` routes are ONLY for actual family members - `/admin/members/*` routes are for admins to manage ALL platform members - No confusion between family relationships and admin access ## Issues Fixed ### 1. 404 Error for Non-Family Members (View Profile) **Problem**: When clicking on member cards in the admin dashboard (`/admin/members`), profiles of non-family members returned a 404 error. **Root Cause**: The `FamilyController@show` method required a `UserRelationship` record between the authenticated user and the member being viewed. Non-family members don't have this relationship, causing `firstOrFail()` to throw a 404. **Solution**: Modified `FamilyController@show` method to: - Check if the authenticated user has the `super-admin` role - Allow super-admins to view any member's profile without requiring a family relationship - Create a mock relationship object for admin views to maintain compatibility with the existing view - Maintain the existing family relationship check for regular users ### 2. 404 Error for Non-Family Members (Edit Profile) **Problem**: When accessing `/family/{id}/edit` for non-family members, the page returned a 404 error. **Root Cause**: Same as above - the `edit` method required a family relationship. **Solution**: Modified `FamilyController@edit` method with the same approach as the `show` method. ### 3. Update & Delete Permissions **Problem**: Super-admins couldn't update or delete non-family members. **Solution**: - Modified `FamilyController@update` method to allow super-admins to update any member - Modified `FamilyController@destroy` method to allow super-admins to delete any member - Added proper redirects based on user role (admins redirect to admin panel, regular users to family dashboard) - Added protection to prevent users from deleting their own account ### 4. Pixelated Profile Pictures **Problem**: Profile pictures in member cards appeared pixelated and low quality. **Solution**: Added CSS image rendering optimizations: - Added `image-rendering: -webkit-optimize-contrast` for better image quality - Added `image-rendering: crisp-edges` for sharper rendering - Added `backface-visibility: hidden` to prevent rendering issues - Added font smoothing properties for better overall visual quality ## New Routes Added ### Admin Member Management Routes (`routes/web.php`) ```php // All Members Management (Super Admin only) Route::get('/members/{id}', [PlatformController::class, 'showMember'])->name('platform.members.show'); Route::get('/members/{id}/edit', [PlatformController::class, 'editMember'])->name('platform.members.edit'); Route::put('/members/{id}', [PlatformController::class, 'updateMember'])->name('platform.members.update'); Route::delete('/members/{id}', [PlatformController::class, 'destroyMember'])->name('platform.members.destroy'); Route::post('/members/{id}/upload-picture', [PlatformController::class, 'uploadMemberPicture'])->name('platform.members.upload-picture'); Route::post('/members/{id}/health', [PlatformController::class, 'storeMemberHealth'])->name('platform.members.store-health'); Route::put('/members/{id}/health/{recordId}', [PlatformController::class, 'updateMemberHealth'])->name('platform.members.update-health'); Route::post('/members/{id}/tournament', [PlatformController::class, 'storeMemberTournament'])->name('platform.members.store-tournament'); ``` ### Family Routes (Unchanged) Family routes remain restricted to actual family relationships: ```php Route::get('/family/{id}', [FamilyController::class, 'show'])->name('family.show'); Route::get('/family/{id}/edit', [FamilyController::class, 'edit'])->name('family.edit'); // ... etc ``` ## Files Modified ### 1. `routes/web.php` **Added**: New admin member management routes under `/admin/members/*` prefix ### 2. `app/Http/Controllers/Admin/PlatformController.php` **Added Methods**: - `showMember($id)` - Display member profile - `editMember($id)` - Show edit form - `updateMember(Request $request, $id)` - Update member - `destroyMember($id)` - Delete member - `uploadMemberPicture(Request $request, $id)` - Upload profile picture - `storeMemberHealth(Request $request, $id)` - Add health record - `updateMemberHealth(Request $request, $id, $recordId)` - Update health record - `storeMemberTournament(Request $request, $id)` - Add tournament record All methods create mock relationship objects for view compatibility. ### 3. `app/Http/Controllers/FamilyController.php` **Changes in `show()` method (line 335)**: ```php // Check if user is super-admin or viewing their own profile $isSuperAdmin = $user->hasRole('super-admin'); $isOwnProfile = $user->id == $id; // Get the member to display $member = User::findOrFail($id); // For super-admin or own profile, create a mock relationship if ($isSuperAdmin || $isOwnProfile) { $relationship = (object)[ 'dependent' => $member, 'relationship_type' => $isOwnProfile ? 'self' : 'admin_view', 'guardian_user_id' => $user->id, 'dependent_user_id' => $member->id, ]; } else { // Regular user - must have family relationship $relationship = UserRelationship::where('guardian_user_id', $user->id) ->where('dependent_user_id', $id) ->with('dependent') ->firstOrFail(); } ``` **Changes in `edit()` method (line 470)**: - Same logic as `show()` method - Creates mock relationship for super-admins - Includes `is_billing_contact` field in mock object **Changes in `update()` method (line 487)**: - Made `relationship_type` validation nullable (not required for admin edits) - Added super-admin and own profile checks - Only updates relationship record if user is not admin and not editing own profile - Redirects to admin panel for super-admins, family dashboard for regular users **Changes in `destroy()` method (line 911)**: - Added super-admin check - Added protection against self-deletion - Only checks family relationship for non-admin users - Redirects to admin panel for super-admins, family dashboard for regular users **Reverted Changes**: Removed admin access logic from family controller methods since admin now uses separate routes. ### 4. `resources/views/admin/platform/members.blade.php` **Changes**: 1. Updated member card links to use `route('admin.platform.members.show')` instead of `route('family.show')` 2. Added CSS image rendering optimizations for better picture quality ### 5. `resources/views/family/edit.blade.php` **Changes**: Added conditional routing based on `relationship_type`: - Upload URL: Uses admin route if `admin_view`, family route otherwise - Form action: Uses admin route if `admin_view`, family route otherwise - Cancel button: Redirects to admin panel if `admin_view`, family dashboard otherwise - Delete form: Uses admin route if `admin_view`, family route otherwise ### 6. `resources/views/family/show.blade.php` **Changes**: Updated form actions for health and tournament modals to use admin routes when `relationship_type === 'admin_view'` ## Route Structure ### Admin Routes (Super Admin Only) - **View Profile**: `/admin/members/{id}` → `admin.platform.members.show` - **Edit Profile**: `/admin/members/{id}/edit` → `admin.platform.members.edit` - **Update Profile**: `PUT /admin/members/{id}` → `admin.platform.members.update` - **Delete Member**: `DELETE /admin/members/{id}` → `admin.platform.members.destroy` - **Upload Picture**: `POST /admin/members/{id}/upload-picture` → `admin.platform.members.upload-picture` - **Add Health**: `POST /admin/members/{id}/health` → `admin.platform.members.store-health` - **Update Health**: `PUT /admin/members/{id}/health/{recordId}` → `admin.platform.members.update-health` - **Add Tournament**: `POST /admin/members/{id}/tournament` → `admin.platform.members.store-tournament` ### Family Routes (Authenticated Users) - **View Profile**: `/family/{id}` → `family.show` (requires family relationship) - **Edit Profile**: `/family/{id}/edit` → `family.edit` (requires family relationship) - **Update Profile**: `PUT /family/{id}` → `family.update` (requires family relationship) - **Delete Member**: `DELETE /family/{id}` → `family.destroy` (requires family relationship) - All other family routes remain unchanged ## Testing ### Admin Access Testing 1. **View Any Member**: - Log in as super-admin - Navigate to `/admin/members` - Click any member card - Should load profile at `/admin/members/{id}` 2. **Edit Any Member**: - From member profile, click edit - Should navigate to `/admin/members/{id}/edit` - Make changes and save - Should redirect to `/admin/members` with success message 3. **Delete Member**: - From edit page, click "Remove" - Confirm deletion - Should redirect to `/admin/members` - Verify cannot delete own account 4. **Add Health/Tournament Records**: - From member profile, use "Add Health Update" or "Add Tournament" - Submit forms - Should save successfully and reload page ### Family Access Testing 1. **View Family Members**: - Log in as regular user - Navigate to `/family` - Click family member card - Should load profile at `/family/{id}` 2. **Cannot Access Non-Family**: - Try to access `/family/{non-family-id}` - Should return 404 error 3. **Edit Family Members**: - From family member profile, click edit - Should navigate to `/family/{id}/edit` - Make changes and save - Should redirect to `/family` dashboard ### Image Quality Testing - Check member cards in `/admin/members` - Profile pictures should appear crisp and clear - No pixelation on hover or zoom ## Security Considerations - Super-admin role check ensures only authorized users can view/edit/delete all member profiles - Regular users are still restricted to their family members only - Self-deletion is prevented for all users - All existing authorization checks remain in place ## Backward Compatibility - All existing functionality for regular users remains unchanged - Family relationship checks are still enforced for non-admin users - The view templates work seamlessly with both real and mock relationship objects - Redirects are context-aware (admin panel vs family dashboard)