Add the operator console's user-administration pages over the existing
*user.Service (no new business logic).
- GET /_gm/users paginated account list
- GET /_gm/users/{id} account detail: profile, entitlement, sanctions
- POST /_gm/users/{id}/block apply permanent_block (reason required)
- POST /_gm/users/{id}/entitlement set the entitlement tier
- POST /_gm/users/{id}/soft-delete soft-delete the account (cascades)
The console depends on a UserAdmin interface (satisfied by *user.Service) so the
pages render in tests without a database. All writes flow through the CSRF
guard, carry the operator as the audit actor, and answer with a 303 redirect;
a generic message page handles not-found, validation, and failure notices.
Unblock is intentionally absent — the admin API exposes no remove-sanction
endpoint.
Tests: list/detail render, not-found, block (with actor/scope/reason
assertions), missing-reason 400, bad-CSRF 403, entitlement, soft-delete
redirect, and the service-unavailable path.
Docs: backend/docs/admin-console.md gains the page inventory.
This commit is contained in:
Ilia Denisov
@@ -377,6 +377,7 @@ func run(ctx context.Context) (err error) {
|
||||
CSRF: consoleCSRF,
|
||||
Monitor: opsstatus.NewStore(db),
|
||||
Ready: ready,
|
||||
Users: userSvc,
|
||||
Logger: logger,
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user