feat(admin-console): Stage 3 — users domain

Add the operator console's user-administration pages over the existing *user.Service (no new business logic). - GET /_gm/users paginated account list - GET /_gm/users/{id} account detail: profile, entitlement, sanctions - POST /_gm/users/{id}/block apply permanent_block (reason required) - POST /_gm/users/{id}/entitlement set the entitlement tier - POST /_gm/users/{id}/soft-delete soft-delete the account (cascades) The console depends on a UserAdmin interface (satisfied by *user.Service) so the pages render in tests without a database. All writes flow through the CSRF guard, carry the operator as the audit actor, and answer with a 303 redirect; a generic message page handles not-found, validation, and failure notices. Unblock is intentionally absent — the admin API exposes no remove-sanction endpoint. Tests: list/detail render, not-found, block (with actor/scope/reason assertions), missing-reason 400, bad-CSRF 403, entitlement, soft-delete redirect, and the service-unavailable path. Docs: backend/docs/admin-console.md gains the page inventory.
2026-05-31 20:15:19 +02:00
parent 985e51d25e
commit cf34710b4f
12 changed files with 780 additions and 0 deletions
@@ -80,6 +80,22 @@ exporters on `backend` and `gateway` are wired and enabled in the dev
 deployment so a future Prometheus + Grafana stack can scrape them without code
 changes.

+## Pages
+
+| Path                              | Method   | Purpose                                                        |
+| --------------------------------- | -------- | -------------------------------------------------------------- |
+| `/_gm`, `/_gm/`                   | GET      | Dashboard: health, runtime/mail/notification status, queues.   |
+| `/_gm/assets/*`                   | GET      | Embedded stylesheet.                                           |
+| `/_gm/users`                      | GET      | Paginated account list.                                        |
+| `/_gm/users/{id}`                 | GET      | Account detail: profile, entitlement, active sanctions.        |
+| `/_gm/users/{id}/block`           | POST     | Apply a permanent block (reason required).                     |
+| `/_gm/users/{id}/entitlement`     | POST     | Set the entitlement tier.                                      |
+| `/_gm/users/{id}/soft-delete`     | POST     | Soft-delete the account (cascades).                            |
+
+Each page reuses the same service layer as the corresponding `/api/v1/admin/*`
+JSON endpoint; the console adds no business logic. Unblocking a user is not yet
+available because the JSON admin API exposes no remove-sanction endpoint.
+
 ## Configuration

 | Variable                          | Where   | Notes                                                        |