231 lines
10 KiB
Markdown
231 lines
10 KiB
Markdown
# Admin Members Management - Separate Routes Implementation
|
|
|
|
## Overview
|
|
|
|
This implementation creates a clean separation between family member management and admin member management by introducing dedicated admin routes. This ensures:
|
|
- `/family/*` routes are ONLY for actual family members
|
|
- `/admin/members/*` routes are for admins to manage ALL platform members
|
|
- No confusion between family relationships and admin access
|
|
|
|
## Issues Fixed
|
|
|
|
### 1. 404 Error for Non-Family Members (View Profile)
|
|
**Problem**: When clicking on member cards in the admin dashboard (`/admin/members`), profiles of non-family members returned a 404 error.
|
|
|
|
**Root Cause**: The `FamilyController@show` method required a `UserRelationship` record between the authenticated user and the member being viewed. Non-family members don't have this relationship, causing `firstOrFail()` to throw a 404.
|
|
|
|
**Solution**: Modified `FamilyController@show` method to:
|
|
- Check if the authenticated user has the `super-admin` role
|
|
- Allow super-admins to view any member's profile without requiring a family relationship
|
|
- Create a mock relationship object for admin views to maintain compatibility with the existing view
|
|
- Maintain the existing family relationship check for regular users
|
|
|
|
### 2. 404 Error for Non-Family Members (Edit Profile)
|
|
**Problem**: When accessing `/family/{id}/edit` for non-family members, the page returned a 404 error.
|
|
|
|
**Root Cause**: Same as above - the `edit` method required a family relationship.
|
|
|
|
**Solution**: Modified `FamilyController@edit` method with the same approach as the `show` method.
|
|
|
|
### 3. Update & Delete Permissions
|
|
**Problem**: Super-admins couldn't update or delete non-family members.
|
|
|
|
**Solution**:
|
|
- Modified `FamilyController@update` method to allow super-admins to update any member
|
|
- Modified `FamilyController@destroy` method to allow super-admins to delete any member
|
|
- Added proper redirects based on user role (admins redirect to admin panel, regular users to family dashboard)
|
|
- Added protection to prevent users from deleting their own account
|
|
|
|
### 4. Pixelated Profile Pictures
|
|
**Problem**: Profile pictures in member cards appeared pixelated and low quality.
|
|
|
|
**Solution**: Added CSS image rendering optimizations:
|
|
- Added `image-rendering: -webkit-optimize-contrast` for better image quality
|
|
- Added `image-rendering: crisp-edges` for sharper rendering
|
|
- Added `backface-visibility: hidden` to prevent rendering issues
|
|
- Added font smoothing properties for better overall visual quality
|
|
|
|
## New Routes Added
|
|
|
|
### Admin Member Management Routes (`routes/web.php`)
|
|
```php
|
|
// All Members Management (Super Admin only)
|
|
Route::get('/members/{id}', [PlatformController::class, 'showMember'])->name('platform.members.show');
|
|
Route::get('/members/{id}/edit', [PlatformController::class, 'editMember'])->name('platform.members.edit');
|
|
Route::put('/members/{id}', [PlatformController::class, 'updateMember'])->name('platform.members.update');
|
|
Route::delete('/members/{id}', [PlatformController::class, 'destroyMember'])->name('platform.members.destroy');
|
|
Route::post('/members/{id}/upload-picture', [PlatformController::class, 'uploadMemberPicture'])->name('platform.members.upload-picture');
|
|
Route::post('/members/{id}/health', [PlatformController::class, 'storeMemberHealth'])->name('platform.members.store-health');
|
|
Route::put('/members/{id}/health/{recordId}', [PlatformController::class, 'updateMemberHealth'])->name('platform.members.update-health');
|
|
Route::post('/members/{id}/tournament', [PlatformController::class, 'storeMemberTournament'])->name('platform.members.store-tournament');
|
|
```
|
|
|
|
### Family Routes (Unchanged)
|
|
Family routes remain restricted to actual family relationships:
|
|
```php
|
|
Route::get('/family/{id}', [FamilyController::class, 'show'])->name('family.show');
|
|
Route::get('/family/{id}/edit', [FamilyController::class, 'edit'])->name('family.edit');
|
|
// ... etc
|
|
```
|
|
|
|
## Files Modified
|
|
|
|
### 1. `routes/web.php`
|
|
**Added**: New admin member management routes under `/admin/members/*` prefix
|
|
|
|
### 2. `app/Http/Controllers/Admin/PlatformController.php`
|
|
**Added Methods**:
|
|
- `showMember($id)` - Display member profile
|
|
- `editMember($id)` - Show edit form
|
|
- `updateMember(Request $request, $id)` - Update member
|
|
- `destroyMember($id)` - Delete member
|
|
- `uploadMemberPicture(Request $request, $id)` - Upload profile picture
|
|
- `storeMemberHealth(Request $request, $id)` - Add health record
|
|
- `updateMemberHealth(Request $request, $id, $recordId)` - Update health record
|
|
- `storeMemberTournament(Request $request, $id)` - Add tournament record
|
|
|
|
All methods create mock relationship objects for view compatibility.
|
|
|
|
### 3. `app/Http/Controllers/FamilyController.php`
|
|
|
|
**Changes in `show()` method (line 335)**:
|
|
```php
|
|
// Check if user is super-admin or viewing their own profile
|
|
$isSuperAdmin = $user->hasRole('super-admin');
|
|
$isOwnProfile = $user->id == $id;
|
|
|
|
// Get the member to display
|
|
$member = User::findOrFail($id);
|
|
|
|
// For super-admin or own profile, create a mock relationship
|
|
if ($isSuperAdmin || $isOwnProfile) {
|
|
$relationship = (object)[
|
|
'dependent' => $member,
|
|
'relationship_type' => $isOwnProfile ? 'self' : 'admin_view',
|
|
'guardian_user_id' => $user->id,
|
|
'dependent_user_id' => $member->id,
|
|
];
|
|
} else {
|
|
// Regular user - must have family relationship
|
|
$relationship = UserRelationship::where('guardian_user_id', $user->id)
|
|
->where('dependent_user_id', $id)
|
|
->with('dependent')
|
|
->firstOrFail();
|
|
}
|
|
```
|
|
|
|
**Changes in `edit()` method (line 470)**:
|
|
- Same logic as `show()` method
|
|
- Creates mock relationship for super-admins
|
|
- Includes `is_billing_contact` field in mock object
|
|
|
|
**Changes in `update()` method (line 487)**:
|
|
- Made `relationship_type` validation nullable (not required for admin edits)
|
|
- Added super-admin and own profile checks
|
|
- Only updates relationship record if user is not admin and not editing own profile
|
|
- Redirects to admin panel for super-admins, family dashboard for regular users
|
|
|
|
**Changes in `destroy()` method (line 911)**:
|
|
- Added super-admin check
|
|
- Added protection against self-deletion
|
|
- Only checks family relationship for non-admin users
|
|
- Redirects to admin panel for super-admins, family dashboard for regular users
|
|
|
|
**Reverted Changes**: Removed admin access logic from family controller methods since admin now uses separate routes.
|
|
|
|
### 4. `resources/views/admin/platform/members.blade.php`
|
|
**Changes**:
|
|
1. Updated member card links to use `route('admin.platform.members.show')` instead of `route('family.show')`
|
|
2. Added CSS image rendering optimizations for better picture quality
|
|
|
|
### 5. `resources/views/family/edit.blade.php`
|
|
**Changes**: Added conditional routing based on `relationship_type`:
|
|
- Upload URL: Uses admin route if `admin_view`, family route otherwise
|
|
- Form action: Uses admin route if `admin_view`, family route otherwise
|
|
- Cancel button: Redirects to admin panel if `admin_view`, family dashboard otherwise
|
|
- Delete form: Uses admin route if `admin_view`, family route otherwise
|
|
|
|
### 6. `resources/views/family/show.blade.php`
|
|
**Changes**: Updated form actions for health and tournament modals to use admin routes when `relationship_type === 'admin_view'`
|
|
|
|
## Route Structure
|
|
|
|
### Admin Routes (Super Admin Only)
|
|
- **View Profile**: `/admin/members/{id}` → `admin.platform.members.show`
|
|
- **Edit Profile**: `/admin/members/{id}/edit` → `admin.platform.members.edit`
|
|
- **Update Profile**: `PUT /admin/members/{id}` → `admin.platform.members.update`
|
|
- **Delete Member**: `DELETE /admin/members/{id}` → `admin.platform.members.destroy`
|
|
- **Upload Picture**: `POST /admin/members/{id}/upload-picture` → `admin.platform.members.upload-picture`
|
|
- **Add Health**: `POST /admin/members/{id}/health` → `admin.platform.members.store-health`
|
|
- **Update Health**: `PUT /admin/members/{id}/health/{recordId}` → `admin.platform.members.update-health`
|
|
- **Add Tournament**: `POST /admin/members/{id}/tournament` → `admin.platform.members.store-tournament`
|
|
|
|
### Family Routes (Authenticated Users)
|
|
- **View Profile**: `/family/{id}` → `family.show` (requires family relationship)
|
|
- **Edit Profile**: `/family/{id}/edit` → `family.edit` (requires family relationship)
|
|
- **Update Profile**: `PUT /family/{id}` → `family.update` (requires family relationship)
|
|
- **Delete Member**: `DELETE /family/{id}` → `family.destroy` (requires family relationship)
|
|
- All other family routes remain unchanged
|
|
|
|
## Testing
|
|
|
|
### Admin Access Testing
|
|
1. **View Any Member**:
|
|
- Log in as super-admin
|
|
- Navigate to `/admin/members`
|
|
- Click any member card
|
|
- Should load profile at `/admin/members/{id}`
|
|
|
|
2. **Edit Any Member**:
|
|
- From member profile, click edit
|
|
- Should navigate to `/admin/members/{id}/edit`
|
|
- Make changes and save
|
|
- Should redirect to `/admin/members` with success message
|
|
|
|
3. **Delete Member**:
|
|
- From edit page, click "Remove"
|
|
- Confirm deletion
|
|
- Should redirect to `/admin/members`
|
|
- Verify cannot delete own account
|
|
|
|
4. **Add Health/Tournament Records**:
|
|
- From member profile, use "Add Health Update" or "Add Tournament"
|
|
- Submit forms
|
|
- Should save successfully and reload page
|
|
|
|
### Family Access Testing
|
|
1. **View Family Members**:
|
|
- Log in as regular user
|
|
- Navigate to `/family`
|
|
- Click family member card
|
|
- Should load profile at `/family/{id}`
|
|
|
|
2. **Cannot Access Non-Family**:
|
|
- Try to access `/family/{non-family-id}`
|
|
- Should return 404 error
|
|
|
|
3. **Edit Family Members**:
|
|
- From family member profile, click edit
|
|
- Should navigate to `/family/{id}/edit`
|
|
- Make changes and save
|
|
- Should redirect to `/family` dashboard
|
|
|
|
### Image Quality Testing
|
|
- Check member cards in `/admin/members`
|
|
- Profile pictures should appear crisp and clear
|
|
- No pixelation on hover or zoom
|
|
|
|
## Security Considerations
|
|
|
|
- Super-admin role check ensures only authorized users can view/edit/delete all member profiles
|
|
- Regular users are still restricted to their family members only
|
|
- Self-deletion is prevented for all users
|
|
- All existing authorization checks remain in place
|
|
|
|
## Backward Compatibility
|
|
|
|
- All existing functionality for regular users remains unchanged
|
|
- Family relationship checks are still enforced for non-admin users
|
|
- The view templates work seamlessly with both real and mock relationship objects
|
|
- Redirects are context-aware (admin panel vs family dashboard)
|