docs: sync from backend 14c231e+378f8f6 — admin user management fixes (v2.8.50–51)

This commit is contained in:
moojttaba
2026-06-03 00:29:23 +03:30
parent 476aac2b08
commit 92d3307f55
3 changed files with 62 additions and 9 deletions

View File

@@ -471,4 +471,61 @@ run end-to-end (require live `ADMIN_TOKEN`).
---
### 2026-06-02 — backend@14c231e, frontend@d7a2a86 — make admin user management work end-to-end (v2.8.50)
**Commits:** `14c231e` (backend), `d7a2a86` (frontend)
**Touched (backend):** `src/services/auth/authStore.ts`, `src/services/user/userRoutes.ts`,
`__tests__/auth-store-pg-query.test.ts`
**Touched (frontend):** `src/actions/user.ts`, `src/types/user.ts`,
`src/sections/user/view/user-list-view.tsx`, `src/sections/user/user-table-row.tsx`,
`src/sections/user/user-quick-edit-form.tsx`, `src/sections/user/user-new-edit-form.tsx`,
`src/sections/request/view/admin/admin-request-list-view.tsx`,
`src/sections/overview/app/view/overview-admin-view.tsx`, `Dockerfile`
**Why:** Admin could not delete users on dev (`DELETE /api/users/admin/:id` → 404). Root cause:
PG rows seeded outside the auth store have NULL `legacy_object_id`; the auth store fabricated a
fresh random `_id` on every read, so no admin action keyed on that id could ever resolve.
Audit of the admin dashboard surfaced further breakage which is also fixed in this pair of
commits:
- Backend: legacy-id self-heal on read; `findById` accepts PG uuids; missing
`/api/users/admin/:userId/toggle-status` and `/dependencies` routes added (frontend called
them under the plural prefix where they did not exist); soft-deleted users excluded from
admin list and all stats; list/detail return full profile address fields.
- Frontend: `updateUserStatus` sent `{status}` but backend reads `{isActive}` — activating a
user actually suspended them; user quick-edit form was a mock (no API call); "حذف کاربر"
button in edit form had no handler; bulk deletes used `Promise.all` (partial failures
hidden); list query params (`query`/`status`) were ignored by the backend (now
`search`/`isActive`); profile payloads now match the backend schema (dotted paths, no
whole-profile overwrite); blocked `aria-hidden` console warnings fixed.
**Verification:** Backend: 10 tests pass (`auth-store-pg-query`, `user-dependencies-repo`,
`repository-factory-modes`), `tsc --noEmit` clean. Frontend: `tsc --noEmit` + eslint clean
(jest suite is broken repo-wide — pre-existing ESM transform issue, unrelated). Smoke test
against dev pending post-deploy (admin will verify delete in UI).
**Linked docs updated:** `03 - API Reference/Admin API.md`, `03 - API Reference/User API.md`
(stale KNOWN BUG notes removed; route availability updated).
---
### 2026-06-03 — backend@378f8f6, frontend@6fe1328 — unblock user creation & purchase requests for native-PG users (v2.8.51)
**Commits:** `378f8f6` (backend), `6fe1328` (frontend)
**Touched (backend):** `src/services/auth/authStore.ts`, `src/services/auth/authController.ts`,
`src/services/user/userRoutes.ts`, `src/services/user/userController.ts`,
`src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `DrizzleUserRepo.ts`,
`DrizzleTrezorAccountRepo.ts`, `DrizzleDerivedDestinationRepo.ts`,
`__tests__/auth-store-pg-query.test.ts`
**Touched (frontend):** `src/actions/user.ts`, user section forms/views (error toasts)
**Why:** Two follow-up dev blockers after v2.8.50:
1. Admin create returned 409 for emails held by soft-deleted accounts (users.email is unique;
deleted rows kept the address and are hidden from the list). Fix: delete releases the email
(`deleted_<id>_<email>`); create/register lazily free emails held by previously deleted rows.
2. Purchase request creation threw "Buyer <id> not found in Postgres id map" — users created
natively in PG (auth store / Telegram / Google / admin create) never get id_map rows. Fix:
resolveId in 4 Drizzle repos falls back to the entity's own legacy_object_id column and
self-heals id_map.
**Verification:** 47 backend tests green across 6 suites, tsc clean (both repos), eslint clean.
Deployed to dev via CI; admin verifies create-user and create-request flows in UI.
**Linked docs updated:** `03 - API Reference/Admin API.md`, `03 - API Reference/User API.md`.
---
<!-- Add new entries above this line. Newest at top. -->