ghassan/takeone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
takeone/ADMIN_MEMBERS_FIX.md

231 lines
10 KiB
Markdown
Raw Permalink Blame History

# Admin Members Management - Separate Routes Implementation
## Overview
This implementation creates a clean separation between family member management and admin member management by introducing dedicated admin routes. This ensures:
- `/family/*` routes are ONLY for actual family members
- `/admin/members/*` routes are for admins to manage ALL platform members
- No confusion between family relationships and admin access
## Issues Fixed
### 1. 404 Error for Non-Family Members (View Profile)
**Problem**: When clicking on member cards in the admin dashboard (`/admin/members`), profiles of non-family members returned a 404 error.
**Root Cause**: The `FamilyController@show` method required a `UserRelationship` record between the authenticated user and the member being viewed. Non-family members don't have this relationship, causing `firstOrFail()` to throw a 404.
**Solution**: Modified `FamilyController@show` method to:
- Check if the authenticated user has the `super-admin` role
- Allow super-admins to view any member's profile without requiring a family relationship
- Create a mock relationship object for admin views to maintain compatibility with the existing view
- Maintain the existing family relationship check for regular users
### 2. 404 Error for Non-Family Members (Edit Profile)
**Problem**: When accessing `/family/{id}/edit` for non-family members, the page returned a 404 error.
**Root Cause**: Same as above - the `edit` method required a family relationship.
**Solution**: Modified `FamilyController@edit` method with the same approach as the `show` method.
### 3. Update & Delete Permissions
**Problem**: Super-admins couldn't update or delete non-family members.
**Solution**:
- Modified `FamilyController@update` method to allow super-admins to update any member
- Modified `FamilyController@destroy` method to allow super-admins to delete any member
- Added proper redirects based on user role (admins redirect to admin panel, regular users to family dashboard)
- Added protection to prevent users from deleting their own account
### 4. Pixelated Profile Pictures
**Problem**: Profile pictures in member cards appeared pixelated and low quality.
**Solution**: Added CSS image rendering optimizations:
- Added `image-rendering: -webkit-optimize-contrast` for better image quality
- Added `image-rendering: crisp-edges` for sharper rendering
- Added `backface-visibility: hidden` to prevent rendering issues
- Added font smoothing properties for better overall visual quality
## New Routes Added
### Admin Member Management Routes (`routes/web.php`)
```php
// All Members Management (Super Admin only)
Route::get('/members/{id}', [PlatformController::class, 'showMember'])->name('platform.members.show');
Route::get('/members/{id}/edit', [PlatformController::class, 'editMember'])->name('platform.members.edit');
Route::put('/members/{id}', [PlatformController::class, 'updateMember'])->name('platform.members.update');
Route::delete('/members/{id}', [PlatformController::class, 'destroyMember'])->name('platform.members.destroy');
Route::post('/members/{id}/upload-picture', [PlatformController::class, 'uploadMemberPicture'])->name('platform.members.upload-picture');
Route::post('/members/{id}/health', [PlatformController::class, 'storeMemberHealth'])->name('platform.members.store-health');
Route::put('/members/{id}/health/{recordId}', [PlatformController::class, 'updateMemberHealth'])->name('platform.members.update-health');
Route::post('/members/{id}/tournament', [PlatformController::class, 'storeMemberTournament'])->name('platform.members.store-tournament');
```
### Family Routes (Unchanged)
Family routes remain restricted to actual family relationships:
```php
Route::get('/family/{id}', [FamilyController::class, 'show'])->name('family.show');
Route::get('/family/{id}/edit', [FamilyController::class, 'edit'])->name('family.edit');
// ... etc
```
## Files Modified
### 1. `routes/web.php`
**Added**: New admin member management routes under `/admin/members/*` prefix
### 2. `app/Http/Controllers/Admin/PlatformController.php`
**Added Methods**:
- `showMember($id)` - Display member profile
- `editMember($id)` - Show edit form
- `updateMember(Request $request, $id)` - Update member
- `destroyMember($id)` - Delete member
- `uploadMemberPicture(Request $request, $id)` - Upload profile picture
- `storeMemberHealth(Request $request, $id)` - Add health record
- `updateMemberHealth(Request $request, $id, $recordId)` - Update health record
- `storeMemberTournament(Request $request, $id)` - Add tournament record
All methods create mock relationship objects for view compatibility.
### 3. `app/Http/Controllers/FamilyController.php`
**Changes in `show()` method (line 335)**:
```php
// Check if user is super-admin or viewing their own profile
$isSuperAdmin = $user->hasRole('super-admin');
$isOwnProfile = $user->id == $id;
// Get the member to display
$member = User::findOrFail($id);
// For super-admin or own profile, create a mock relationship
if ($isSuperAdmin || $isOwnProfile) {
$relationship = (object)[
'dependent' => $member,
'relationship_type' => $isOwnProfile ? 'self' : 'admin_view',
'guardian_user_id' => $user->id,
'dependent_user_id' => $member->id,
];
} else {
// Regular user - must have family relationship
$relationship = UserRelationship::where('guardian_user_id', $user->id)
->where('dependent_user_id', $id)
->with('dependent')
->firstOrFail();
}
```
**Changes in `edit()` method (line 470)**:
- Same logic as `show()` method
- Creates mock relationship for super-admins
- Includes `is_billing_contact` field in mock object
**Changes in `update()` method (line 487)**:
- Made `relationship_type` validation nullable (not required for admin edits)
- Added super-admin and own profile checks
- Only updates relationship record if user is not admin and not editing own profile
- Redirects to admin panel for super-admins, family dashboard for regular users
**Changes in `destroy()` method (line 911)**:
- Added super-admin check
- Added protection against self-deletion
- Only checks family relationship for non-admin users
- Redirects to admin panel for super-admins, family dashboard for regular users
**Reverted Changes**: Removed admin access logic from family controller methods since admin now uses separate routes.
### 4. `resources/views/admin/platform/members.blade.php`
**Changes**:
1. Updated member card links to use `route('admin.platform.members.show')` instead of `route('family.show')`
2. Added CSS image rendering optimizations for better picture quality
### 5. `resources/views/family/edit.blade.php`
**Changes**: Added conditional routing based on `relationship_type`:
- Upload URL: Uses admin route if `admin_view`, family route otherwise
- Form action: Uses admin route if `admin_view`, family route otherwise
- Cancel button: Redirects to admin panel if `admin_view`, family dashboard otherwise
- Delete form: Uses admin route if `admin_view`, family route otherwise
### 6. `resources/views/family/show.blade.php`
**Changes**: Updated form actions for health and tournament modals to use admin routes when `relationship_type === 'admin_view'`
## Route Structure
### Admin Routes (Super Admin Only)
- **View Profile**: `/admin/members/{id}``admin.platform.members.show`
- **Edit Profile**: `/admin/members/{id}/edit``admin.platform.members.edit`
- **Update Profile**: `PUT /admin/members/{id}``admin.platform.members.update`
- **Delete Member**: `DELETE /admin/members/{id}``admin.platform.members.destroy`
- **Upload Picture**: `POST /admin/members/{id}/upload-picture``admin.platform.members.upload-picture`
- **Add Health**: `POST /admin/members/{id}/health``admin.platform.members.store-health`
- **Update Health**: `PUT /admin/members/{id}/health/{recordId}``admin.platform.members.update-health`
- **Add Tournament**: `POST /admin/members/{id}/tournament``admin.platform.members.store-tournament`
### Family Routes (Authenticated Users)
- **View Profile**: `/family/{id}``family.show` (requires family relationship)
- **Edit Profile**: `/family/{id}/edit``family.edit` (requires family relationship)
- **Update Profile**: `PUT /family/{id}``family.update` (requires family relationship)
- **Delete Member**: `DELETE /family/{id}``family.destroy` (requires family relationship)
- All other family routes remain unchanged
## Testing
### Admin Access Testing
1. **View Any Member**:
- Log in as super-admin
- Navigate to `/admin/members`
- Click any member card
- Should load profile at `/admin/members/{id}`
2. **Edit Any Member**:
- From member profile, click edit
- Should navigate to `/admin/members/{id}/edit`
- Make changes and save
- Should redirect to `/admin/members` with success message
3. **Delete Member**:
- From edit page, click "Remove"
- Confirm deletion
- Should redirect to `/admin/members`
- Verify cannot delete own account
4. **Add Health/Tournament Records**:
- From member profile, use "Add Health Update" or "Add Tournament"
- Submit forms
- Should save successfully and reload page
### Family Access Testing
1. **View Family Members**:
- Log in as regular user
- Navigate to `/family`
- Click family member card
- Should load profile at `/family/{id}`
2. **Cannot Access Non-Family**:
- Try to access `/family/{non-family-id}`
- Should return 404 error
3. **Edit Family Members**:
- From family member profile, click edit
- Should navigate to `/family/{id}/edit`
- Make changes and save
- Should redirect to `/family` dashboard
### Image Quality Testing
- Check member cards in `/admin/members`
- Profile pictures should appear crisp and clear
- No pixelation on hover or zoom
## Security Considerations
- Super-admin role check ensures only authorized users can view/edit/delete all member profiles
- Regular users are still restricted to their family members only
- Self-deletion is prevented for all users
- All existing authorization checks remain in place
## Backward Compatibility
- All existing functionality for regular users remains unchanged
- Family relationship checks are still enforced for non-admin users
- The view templates work seamlessly with both real and mock relationship objects
- Redirects are context-aware (admin panel vs family dashboard)
Reference in New Issue View Git Blame Copy Permalink