PTS/SkyArtShop
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix admin route access and backend configuration

Browse Source 
- Added /admin redirect to login page in nginx config
- Fixed backend server.js route ordering for proper admin handling
- Updated authentication middleware and routes
- Added user management routes
- Configured PostgreSQL integration
- Updated environment configuration
This commit is contained in:
Local Server
2025-12-13 22:34:11 -06:00
parent 8bb6430a70
commit 703ab57984
253 changed files with 29870 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
Views/AdminUsers/Create.cshtml Executable file
View File

@@ -0,0 +1,154 @@
@model SkyArtShop.Models.AdminUser
@{
ViewData["Title"] = "Create New User";
Layout = "~/Views/Shared/_AdminLayout.cshtml";
var roles = ViewBag.Roles as List<string> ?? new List<string>();
}
<div class="container-fluid py-4">
<div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-user-plus"></i> Create New User</h2>
<a href="/admin/users" class="btn btn-secondary">
<i class="fas fa-arrow-left"></i> Back to Users
</a>
</div>
<div class="row">
<div class="col-lg-8">
<div class="card">
<div class="card-body">
<form method="post" asp-action="Create">
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Full Name *</label>
<input type="text" class="form-control" asp-for="Name" required />
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Email Address *</label>
<input type="email" class="form-control" asp-for="Email" required />
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Password *</label>
<input type="password" class="form-control" name="password" required minlength="6" />
<small class="text-muted">Minimum 6 characters</small>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Phone Number</label>
<input type="tel" class="form-control" asp-for="Phone" />
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Role *</label>
<select class="form-select" asp-for="Role" id="roleSelect" required>
@foreach (var role in roles)
{
<option value="@role">@role</option>
}
</select>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Status</label>
<select class="form-select" asp-for="IsActive">
<option value="true">Active</option>
<option value="false">Inactive</option>
</select>
</div>
</div>
<div class="mb-3">
<label class="form-label">Notes</label>
<textarea class="form-control" asp-for="Notes" rows="3" placeholder="Optional notes about this user..."></textarea>
</div>
<div class="d-grid gap-2 d-md-flex justify-content-md-end">
<a href="/admin/users" class="btn btn-secondary">Cancel</a>
<button type="submit" class="btn btn-primary">
<i class="fas fa-save"></i> Create User
</button>
</div>
</form>
</div>
</div>
</div>
<div class="col-lg-4">
<div class="card">
<div class="card-header">
<h5 class="mb-0"><i class="fas fa-info-circle"></i> Role Permissions</h5>
</div>
<div class="card-body">
<div id="rolePermissions">
<!-- Permissions will be displayed here based on selected role -->
</div>
</div>
</div>
</div>
</div>
</div>
<script>
const rolePermissions = {
'MasterAdmin': [
'Manage Users',
'Manage Products',
'Manage Orders',
'Manage Content',
'Manage Settings',
'View Reports',
'Manage Finances',
'Manage Inventory',
'Manage Customers',
'Manage Blog & Portfolio',
'Full System Access'
],
'Admin': [
'Manage Products',
'Manage Orders',
'Manage Content',
'View Reports',
'Manage Inventory',
'Manage Customers',
'Manage Blog & Portfolio'
],
'Cashier': [
'View Products',
'Manage Orders',
'Process Payments',
'View Customers'
],
'Accountant': [
'View Products',
'View Orders',
'View Reports',
'Manage Finances',
'View Customers',
'Export Data'
]
};
function updateRolePermissions() {
const role = document.getElementById('roleSelect').value;
const permissions = rolePermissions[role] || [];
const container = document.getElementById('rolePermissions');
if (permissions.length > 0) {
let html = '<ul class="list-unstyled mb-0">';
permissions.forEach(perm => {
html += '<li class="mb-2"><i class="fas fa-check text-success"></i> ' + perm + '</li>';
});
html += '</ul>';
container.innerHTML = html;
}
}
document.getElementById('roleSelect').addEventListener('change', updateRolePermissions);
updateRolePermissions(); // Initialize on page load
</script>

171
Views/AdminUsers/Details.cshtml Executable file
View File

@@ -0,0 +1,171 @@
@model SkyArtShop.Models.AdminUser
@{
ViewData["Title"] = "View User";
Layout = "~/Views/Shared/_AdminLayout.cshtml";
}
<div class="container-fluid py-4">
<div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-user"></i> User Details</h2>
<div>
<a href="/admin/users/edit/@Model.Id" class="btn btn-warning">
<i class="fas fa-edit"></i> Edit User
</a>
<a href="/admin/users" class="btn btn-secondary">
<i class="fas fa-arrow-left"></i> Back to Users
</a>
</div>
</div>
<div class="row">
<div class="col-lg-8">
<div class="card">
<div class="card-header">
<h5 class="mb-0"><i class="fas fa-info-circle"></i> Basic Information</h5>
</div>
<div class="card-body">
<table class="table table-borderless">
<tbody>
<tr>
<th width="200">Full Name:</th>
<td><strong>@Model.Name</strong></td>
</tr>
<tr>
<th>Email:</th>
<td>@Model.Email</td>
</tr>
<tr>
<th>Phone:</th>
<td>@(string.IsNullOrEmpty(Model.Phone) ? "Not provided" : Model.Phone)</td>
</tr>
<tr>
<th>Role:</th>
<td>
@if (Model.Role == "MasterAdmin")
{
<span class="badge bg-danger">Master Admin</span>
}
else if (Model.Role == "Admin")
{
<span class="badge bg-primary">Admin</span>
}
else if (Model.Role == "Cashier")
{
<span class="badge bg-success">Cashier</span>
}
else if (Model.Role == "Accountant")
{
<span class="badge bg-info">Accountant</span>
}
</td>
</tr>
<tr>
<th>Status:</th>
<td>
@if (Model.IsActive)
{
<span class="badge bg-success"><i class="bi bi-check-circle-fill"></i> Active</span>
}
else
{
<span class="badge bg-danger"><i class="bi bi-x-circle-fill"></i> Inactive</span>
}
</td>
</tr>
<tr>
<th>Created:</th>
<td>@Model.CreatedAt.ToString("MMMM dd, yyyy HH:mm")</td>
</tr>
<tr>
<th>Created By:</th>
<td>@Model.CreatedBy</td>
</tr>
<tr>
<th>Last Login:</th>
<td>
@if (Model.LastLogin.HasValue)
{
@Model.LastLogin.Value.ToString("MMMM dd, yyyy HH:mm")
}
else
{
<span class="text-muted">Never logged in</span>
}
</td>
</tr>
</tbody>
</table>
@if (!string.IsNullOrEmpty(Model.Notes))
{
<div class="mt-3">
<h6>Notes:</h6>
<p class="text-muted">@Model.Notes</p>
</div>
}
</div>
</div>
</div>
<div class="col-lg-4">
<div class="card">
<div class="card-header">
<h5 class="mb-0"><i class="fas fa-key"></i> Permissions</h5>
</div>
<div class="card-body">
@if (Model.Permissions != null && Model.Permissions.Any())
{
<ul class="list-unstyled mb-0">
@foreach (var permission in Model.Permissions)
{
<li class="mb-2">
<i class="fas fa-check text-success"></i>
@{
var displayPerm = permission.Replace("_", " ");
displayPerm = char.ToUpper(displayPerm[0]) + displayPerm.Substring(1);
}
@displayPerm
</li>
}
</ul>
}
else
{
<p class="text-muted mb-0">No permissions assigned.</p>
}
</div>
</div>
<div class="card mt-3">
<div class="card-body">
<h6 class="mb-3"><i class="fas fa-cog"></i> Quick Actions</h6>
<div class="d-grid gap-2">
<a href="/admin/users/edit/@Model.Id" class="btn btn-sm btn-warning">
<i class="fas fa-edit"></i> Edit User
</a>
@if (Model.Role != "MasterAdmin")
{
<button class="btn btn-sm btn-danger" onclick="deleteUser('@Model.Id', '@Model.Name')">
<i class="fas fa-trash"></i> Delete User
</button>
}
</div>
</div>
</div>
</div>
</div>
</div>
<form method="post" id="deleteForm">
<input type="hidden" name="id" id="deleteUserId" />
</form>
<script>
function deleteUser(id, name) {
if (confirm('Are you sure you want to delete user: ' + name + '?\n\nThis action cannot be undone.')) {
var form = document.getElementById('deleteForm');
form.action = '/admin/users/delete/' + id;
form.submit();
}
}
</script>

137
Views/AdminUsers/Edit.cshtml Executable file
View File

@@ -0,0 +1,137 @@
@model SkyArtShop.Models.AdminUser
@{
ViewData["Title"] = "Edit User";
Layout = "~/Views/Shared/_AdminLayout.cshtml";
var roles = ViewBag.Roles as List<string> ?? new List<string>();
}
<div class="container-fluid py-4">
<div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-user-edit"></i> Edit User</h2>
<a href="/admin/users" class="btn btn-secondary">
<i class="fas fa-arrow-left"></i> Back to Users
</a>
</div>
<div class="row">
<div class="col-lg-8">
<div class="card">
<div class="card-body">
<form method="post" asp-action="Edit" asp-route-id="@Model.Id">
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Full Name *</label>
<input type="text" class="form-control" asp-for="Name" required />
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Email Address *</label>
<input type="email" class="form-control" asp-for="Email" required />
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">New Password</label>
<input type="password" class="form-control" name="newPassword" minlength="6" />
<small class="text-muted">Leave blank to keep current password</small>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Phone Number</label>
<input type="tel" class="form-control" asp-for="Phone" />
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Role *</label>
@if (Model.Role == "MasterAdmin")
{
<select class="form-select" asp-for="Role" id="roleSelect" required disabled>
@foreach (var role in roles)
{
<option value="@role" selected="@(role == Model.Role)">@role</option>
}
</select>
<small class="text-muted">Master Admin role cannot be changed</small>
<input type="hidden" asp-for="Role" />
}
else
{
<select class="form-select" asp-for="Role" id="roleSelect" required>
@foreach (var role in roles)
{
<option value="@role" selected="@(role == Model.Role)">@role</option>
}
</select>
}
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Status</label>
<select class="form-select" asp-for="IsActive">
<option value="true">Active</option>
<option value="false">Inactive</option>
</select>
</div>
</div>
<div class="mb-3">
<label class="form-label">Notes</label>
<textarea class="form-control" asp-for="Notes" rows="3"></textarea>
</div>
<div class="alert alert-info">
<i class="fas fa-info-circle"></i>
Created: @Model.CreatedAt.ToString("MMMM dd, yyyy HH:mm") by @Model.CreatedBy
</div>
<div class="d-grid gap-2 d-md-flex justify-content-md-end">
<a href="/admin/users" class="btn btn-secondary">Cancel</a>
<button type="submit" class="btn btn-primary">
<i class="fas fa-save"></i> Update User
</button>
</div>
</form>
</div>
</div>
</div>
<div class="col-lg-4">
<div class="card">
<div class="card-header">
<h5 class="mb-0"><i class="fas fa-info-circle"></i> Current Permissions</h5>
</div>
<div class="card-body">
@if (Model.Permissions != null && Model.Permissions.Any())
{
<ul class="list-unstyled mb-0">
@foreach (var permission in Model.Permissions)
{
<li class="mb-2">
<i class="fas fa-check text-success"></i>
@permission.Replace("_", " ").Replace("manage", "Manage").Replace("view", "View")
</li>
}
</ul>
}
else
{
<p class="text-muted mb-0">No specific permissions assigned.</p>
}
</div>
</div>
@if (Model.LastLogin.HasValue)
{
<div class="card mt-3">
<div class="card-body">
<h6><i class="fas fa-clock"></i> Last Login</h6>
<p class="mb-0">@Model.LastLogin.Value.ToString("MMMM dd, yyyy HH:mm")</p>
</div>
</div>
}
</div>
</div>
</div>

178
Views/AdminUsers/Index.cshtml Executable file
View File

@@ -0,0 +1,178 @@
@model List<SkyArtShop.Models.AdminUser>
@{
ViewData["Title"] = "User Management";
Layout = "~/Views/Shared/_AdminLayout.cshtml";
}
<div class="container-fluid py-4">
<div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-users"></i> User Management</h2>
<a href="/admin/users/create" class="btn btn-primary">
<i class="fas fa-plus"></i> Add New User
</a>
</div>
@if (TempData["Success"] != null)
{
<div class="alert alert-success alert-dismissible fade show" role="alert">
@TempData["Success"]
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
}
@if (TempData["Error"] != null)
{
<div class="alert alert-danger alert-dismissible fade show" role="alert">
@TempData["Error"]
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
}
<div class="card">
<div class="card-body">
@if (Model.Any())
{
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Role</th>
<th>Phone</th>
<th>Status</th>
<th>Created</th>
<th>Last Login</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
@foreach (var user in Model)
{
<tr>
<td>
<strong>@user.Name</strong>
@if (user.Role == "MasterAdmin")
{
<span class="badge bg-danger ms-1">Master</span>
}
</td>
<td>@user.Email</td>
<td>
@if (user.Role == "MasterAdmin")
{
<span class="badge bg-danger">Master Admin</span>
}
else if (user.Role == "Admin")
{
<span class="badge bg-primary">Admin</span>
}
else if (user.Role == "Cashier")
{
<span class="badge bg-success">Cashier</span>
}
else if (user.Role == "Accountant")
{
<span class="badge bg-info">Accountant</span>
}
</td>
<td>@user.Phone</td>
<td>
@if (user.IsActive)
{
<span class="badge bg-success">Active</span>
}
else
{
<span class="badge bg-secondary">Inactive</span>
}
</td>
<td>@user.CreatedAt.ToString("MMM dd, yyyy")</td>
<td>
@if (user.LastLogin.HasValue)
{
@user.LastLogin.Value.ToString("MMM dd, yyyy HH:mm")
}
else
{
<span class="text-muted">Never</span>
}
</td>
<td>
<div class="btn-group" role="group">
<a href="/admin/users/view/@user.Id" class="btn btn-sm btn-info" title="View">
<i class="fas fa-eye"></i>
</a>
<a href="/admin/users/edit/@user.Id" class="btn btn-sm btn-warning" title="Edit">
<i class="fas fa-edit"></i>
</a>
@if (user.Role != "MasterAdmin")
{
<button type="button" class="btn btn-sm btn-danger" title="Delete"
onclick="deleteUser('@user.Id', '@user.Name')">
<i class="fas fa-trash"></i>
</button>
}
</div>
</td>
</tr>
}
</tbody>
</table>
</div>
}
else
{
<div class="text-center py-5">
<i class="fas fa-users fa-3x text-muted mb-3"></i>
<p class="text-muted">No users found. Create your first user to get started.</p>
<a href="/admin/users/create" class="btn btn-primary">
<i class="fas fa-plus"></i> Add New User
</a>
</div>
}
</div>
</div>
<!-- Role Permissions Reference -->
<div class="card mt-4">
<div class="card-header">
<h5 class="mb-0"><i class="fas fa-info-circle"></i> Role Permissions</h5>
</div>
<div class="card-body">
<div class="row">
<div class="col-md-3">
<h6 class="text-danger"><i class="fas fa-crown"></i> Master Admin</h6>
<small class="text-muted">Full system access, can manage all users and settings</small>
</div>
<div class="col-md-3">
<h6 class="text-primary"><i class="fas fa-user-shield"></i> Admin</h6>
<small class="text-muted">Manage products, orders, content, and reports</small>
</div>
<div class="col-md-3">
<h6 class="text-success"><i class="fas fa-cash-register"></i> Cashier</h6>
<small class="text-muted">Process orders and payments, view products</small>
</div>
<div class="col-md-3">
<h6 class="text-info"><i class="fas fa-calculator"></i> Accountant</h6>
<small class="text-muted">View reports, manage finances, export data</small>
</div>
</div>
</div>
</div>
</div>
<!-- Delete Confirmation Modal -->
<form method="post" id="deleteForm">
<input type="hidden" name="id" id="deleteUserId" />
</form>
<script>
function deleteUser(id, name) {
if (confirm('Are you sure you want to delete user: ' + name + '?')) {
var form = document.getElementById('deleteForm');
form.action = '/admin/users/delete/' + id;
form.submit();
}
}
</script>