10 KiB
10 KiB
Admin Members Management - Separate Routes Implementation
Overview
This implementation creates a clean separation between family member management and admin member management by introducing dedicated admin routes. This ensures:
/family/*routes are ONLY for actual family members/admin/members/*routes are for admins to manage ALL platform members- No confusion between family relationships and admin access
Issues Fixed
1. 404 Error for Non-Family Members (View Profile)
Problem: When clicking on member cards in the admin dashboard (/admin/members), profiles of non-family members returned a 404 error.
Root Cause: The FamilyController@show method required a UserRelationship record between the authenticated user and the member being viewed. Non-family members don't have this relationship, causing firstOrFail() to throw a 404.
Solution: Modified FamilyController@show method to:
- Check if the authenticated user has the
super-adminrole - Allow super-admins to view any member's profile without requiring a family relationship
- Create a mock relationship object for admin views to maintain compatibility with the existing view
- Maintain the existing family relationship check for regular users
2. 404 Error for Non-Family Members (Edit Profile)
Problem: When accessing /family/{id}/edit for non-family members, the page returned a 404 error.
Root Cause: Same as above - the edit method required a family relationship.
Solution: Modified FamilyController@edit method with the same approach as the show method.
3. Update & Delete Permissions
Problem: Super-admins couldn't update or delete non-family members.
Solution:
- Modified
FamilyController@updatemethod to allow super-admins to update any member - Modified
FamilyController@destroymethod to allow super-admins to delete any member - Added proper redirects based on user role (admins redirect to admin panel, regular users to family dashboard)
- Added protection to prevent users from deleting their own account
4. Pixelated Profile Pictures
Problem: Profile pictures in member cards appeared pixelated and low quality.
Solution: Added CSS image rendering optimizations:
- Added
image-rendering: -webkit-optimize-contrastfor better image quality - Added
image-rendering: crisp-edgesfor sharper rendering - Added
backface-visibility: hiddento prevent rendering issues - Added font smoothing properties for better overall visual quality
New Routes Added
Admin Member Management Routes (routes/web.php)
// All Members Management (Super Admin only)
Route::get('/members/{id}', [PlatformController::class, 'showMember'])->name('platform.members.show');
Route::get('/members/{id}/edit', [PlatformController::class, 'editMember'])->name('platform.members.edit');
Route::put('/members/{id}', [PlatformController::class, 'updateMember'])->name('platform.members.update');
Route::delete('/members/{id}', [PlatformController::class, 'destroyMember'])->name('platform.members.destroy');
Route::post('/members/{id}/upload-picture', [PlatformController::class, 'uploadMemberPicture'])->name('platform.members.upload-picture');
Route::post('/members/{id}/health', [PlatformController::class, 'storeMemberHealth'])->name('platform.members.store-health');
Route::put('/members/{id}/health/{recordId}', [PlatformController::class, 'updateMemberHealth'])->name('platform.members.update-health');
Route::post('/members/{id}/tournament', [PlatformController::class, 'storeMemberTournament'])->name('platform.members.store-tournament');
Family Routes (Unchanged)
Family routes remain restricted to actual family relationships:
Route::get('/family/{id}', [FamilyController::class, 'show'])->name('family.show');
Route::get('/family/{id}/edit', [FamilyController::class, 'edit'])->name('family.edit');
// ... etc
Files Modified
1. routes/web.php
Added: New admin member management routes under /admin/members/* prefix
2. app/Http/Controllers/Admin/PlatformController.php
Added Methods:
showMember($id)- Display member profileeditMember($id)- Show edit formupdateMember(Request $request, $id)- Update memberdestroyMember($id)- Delete memberuploadMemberPicture(Request $request, $id)- Upload profile picturestoreMemberHealth(Request $request, $id)- Add health recordupdateMemberHealth(Request $request, $id, $recordId)- Update health recordstoreMemberTournament(Request $request, $id)- Add tournament record
All methods create mock relationship objects for view compatibility.
3. app/Http/Controllers/FamilyController.php
Changes in show() method (line 335):
// Check if user is super-admin or viewing their own profile
$isSuperAdmin = $user->hasRole('super-admin');
$isOwnProfile = $user->id == $id;
// Get the member to display
$member = User::findOrFail($id);
// For super-admin or own profile, create a mock relationship
if ($isSuperAdmin || $isOwnProfile) {
$relationship = (object)[
'dependent' => $member,
'relationship_type' => $isOwnProfile ? 'self' : 'admin_view',
'guardian_user_id' => $user->id,
'dependent_user_id' => $member->id,
];
} else {
// Regular user - must have family relationship
$relationship = UserRelationship::where('guardian_user_id', $user->id)
->where('dependent_user_id', $id)
->with('dependent')
->firstOrFail();
}
Changes in edit() method (line 470):
- Same logic as
show()method - Creates mock relationship for super-admins
- Includes
is_billing_contactfield in mock object
Changes in update() method (line 487):
- Made
relationship_typevalidation nullable (not required for admin edits) - Added super-admin and own profile checks
- Only updates relationship record if user is not admin and not editing own profile
- Redirects to admin panel for super-admins, family dashboard for regular users
Changes in destroy() method (line 911):
- Added super-admin check
- Added protection against self-deletion
- Only checks family relationship for non-admin users
- Redirects to admin panel for super-admins, family dashboard for regular users
Reverted Changes: Removed admin access logic from family controller methods since admin now uses separate routes.
4. resources/views/admin/platform/members.blade.php
Changes:
- Updated member card links to use
route('admin.platform.members.show')instead ofroute('family.show') - Added CSS image rendering optimizations for better picture quality
5. resources/views/family/edit.blade.php
Changes: Added conditional routing based on relationship_type:
- Upload URL: Uses admin route if
admin_view, family route otherwise - Form action: Uses admin route if
admin_view, family route otherwise - Cancel button: Redirects to admin panel if
admin_view, family dashboard otherwise - Delete form: Uses admin route if
admin_view, family route otherwise
6. resources/views/family/show.blade.php
Changes: Updated form actions for health and tournament modals to use admin routes when relationship_type === 'admin_view'
Route Structure
Admin Routes (Super Admin Only)
- View Profile:
/admin/members/{id}→admin.platform.members.show - Edit Profile:
/admin/members/{id}/edit→admin.platform.members.edit - Update Profile:
PUT /admin/members/{id}→admin.platform.members.update - Delete Member:
DELETE /admin/members/{id}→admin.platform.members.destroy - Upload Picture:
POST /admin/members/{id}/upload-picture→admin.platform.members.upload-picture - Add Health:
POST /admin/members/{id}/health→admin.platform.members.store-health - Update Health:
PUT /admin/members/{id}/health/{recordId}→admin.platform.members.update-health - Add Tournament:
POST /admin/members/{id}/tournament→admin.platform.members.store-tournament
Family Routes (Authenticated Users)
- View Profile:
/family/{id}→family.show(requires family relationship) - Edit Profile:
/family/{id}/edit→family.edit(requires family relationship) - Update Profile:
PUT /family/{id}→family.update(requires family relationship) - Delete Member:
DELETE /family/{id}→family.destroy(requires family relationship) - All other family routes remain unchanged
Testing
Admin Access Testing
-
View Any Member:
- Log in as super-admin
- Navigate to
/admin/members - Click any member card
- Should load profile at
/admin/members/{id}
-
Edit Any Member:
- From member profile, click edit
- Should navigate to
/admin/members/{id}/edit - Make changes and save
- Should redirect to
/admin/memberswith success message
-
Delete Member:
- From edit page, click "Remove"
- Confirm deletion
- Should redirect to
/admin/members - Verify cannot delete own account
-
Add Health/Tournament Records:
- From member profile, use "Add Health Update" or "Add Tournament"
- Submit forms
- Should save successfully and reload page
Family Access Testing
-
View Family Members:
- Log in as regular user
- Navigate to
/family - Click family member card
- Should load profile at
/family/{id}
-
Cannot Access Non-Family:
- Try to access
/family/{non-family-id} - Should return 404 error
- Try to access
-
Edit Family Members:
- From family member profile, click edit
- Should navigate to
/family/{id}/edit - Make changes and save
- Should redirect to
/familydashboard
Image Quality Testing
- Check member cards in
/admin/members - Profile pictures should appear crisp and clear
- No pixelation on hover or zoom
Security Considerations
- Super-admin role check ensures only authorized users can view/edit/delete all member profiles
- Regular users are still restricted to their family members only
- Self-deletion is prevented for all users
- All existing authorization checks remain in place
Backward Compatibility
- All existing functionality for regular users remains unchanged
- Family relationship checks are still enforced for non-admin users
- The view templates work seamlessly with both real and mock relationship objects
- Redirects are context-aware (admin panel vs family dashboard)