Files
nick-doc/Issues/ISSUE-010-frontend-admin-updateuserstatus-and-updateuserrole-use-put-b.md
Siavash Sameni dceaf82934 audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs:
- Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md
- 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer).
- Scanner docs from scratch (was zero): architecture, data model, API ref, payment
  flow, operations runbook + repo README.
- Doc-sync updates across API reference, data models, flows, design system.
- Secret Rotation Runbook (08 - Operations) for the exposed credentials.
- Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js.

Issues remain status:open intentionally — the code fixes are uncommitted-then-committed
working-tree changes per repo and aren't "resolved" until merged/deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00

1.3 KiB

issue, title, severity, domain, status, resolved, fix, labels, status, created, source
issue title severity domain status resolved fix labels status created source
010 Frontend admin updateUserStatus and updateUserRole use PUT but backend only accepts PATCH critical User Management resolved 2026-05-29 Changed updateUserStatus and updateUserRole in user.ts from axiosInstance.put to axiosInstance.patch — matches backend PATCH /admin/:userId/status and PATCH /admin/:userId/role routes.
bug
frontend
critical
admin
broken-feature
open 2026-05-29 Doc vs Code Audit 2026-05-29

🔴 Frontend admin updateUserStatus and updateUserRole use PUT but backend only accepts PATCH

Severity: critical Domain: User Management Labels: bug, frontend, critical, admin, broken-feature

Description

user.ts line 162 calls axiosInstance.put() for updateUserStatus and line 175 calls axiosInstance.put() for updateUserRole. Backend registers these as PATCH /api/users/admin/:userId/status and PATCH /api/users/admin/:userId/role. PUT is not registered; calls return 404 or 405.

Current Behavior

Admin status and role update actions fail with 404/405 silently.

Expected Behavior

Both actions should use axiosInstance.patch().

Affected Files

  • frontend/src/actions/user.ts

References