mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

admin area

Browse Source
This commit is contained in:
Marc Mintel
2026-01-01 12:10:35 +01:00
parent 02c0cc44e1
commit f001df3744
68 changed files with 10324 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/api/src/app.module.ts
View File

@@ -11,6 +11,7 @@ import { LeagueModule } from './domain/league/LeagueModule';
import { LoggingModule } from './domain/logging/LoggingModule'; import { LoggingModule } from './domain/logging/LoggingModule';
import { MediaModule } from './domain/media/MediaModule'; import { MediaModule } from './domain/media/MediaModule';
import { PaymentsModule } from './domain/payments/PaymentsModule'; import { PaymentsModule } from './domain/payments/PaymentsModule';
import { AdminModule } from './domain/admin/AdminModule';
import { PolicyModule } from './domain/policy/PolicyModule'; import { PolicyModule } from './domain/policy/PolicyModule';
import { ProtestsModule } from './domain/protests/ProtestsModule'; import { ProtestsModule } from './domain/protests/ProtestsModule';
import { RaceModule } from './domain/race/RaceModule'; import { RaceModule } from './domain/race/RaceModule';
@@ -44,6 +45,7 @@ const ENABLE_BOOTSTRAP = getEnableBootstrap();
MediaModule, MediaModule,
PaymentsModule, PaymentsModule,
PolicyModule, PolicyModule,
AdminModule,
], ],
}) })
export class AppModule implements NestModule { export class AppModule implements NestModule {

67
apps/api/src/domain/admin/AdminController.ts Normal file
View File

@@ -0,0 +1,67 @@
import { Controller, Get, Inject, Query, Req, UseGuards } from '@nestjs/common';
import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
import { AdminService } from './AdminService';
import { ListUsersRequestDto } from './dtos/ListUsersRequestDto';
import { UserListResponseDto } from './dtos/UserResponseDto';
import { DashboardStatsResponseDto } from './dto/DashboardStatsResponseDto';
import { RequireAuthenticatedUser } from '../auth/RequireAuthenticatedUser';
import { RequireRoles } from '../auth/RequireRoles';
import { AuthorizationGuard } from '../auth/AuthorizationGuard';
import type { Request } from 'express';
import type { ListUsersInput } from '@core/admin/application/use-cases/ListUsersUseCase';
@ApiTags('admin')
@Controller('admin')
@UseGuards(AuthorizationGuard)
export class AdminController {
constructor(
@Inject(AdminService) private readonly adminService: AdminService,
) {}
@Get('users')
@RequireAuthenticatedUser()
@RequireRoles('owner', 'admin')
@ApiOperation({ summary: 'List all users (Owner/Super Admin only)' })
@ApiResponse({ status: 200, description: 'List of users', type: UserListResponseDto })
@ApiResponse({ status: 403, description: 'Forbidden - not a system admin' })
async listUsers(
@Query() query: ListUsersRequestDto,
@Req() req: Request,
): Promise<UserListResponseDto> {
// Get actorId from request (will be set by auth middleware/guard)
const actorId = (req as Request & { user?: { userId?: string } }).user?.userId || 'current-user';
// Build input with only defined values
const input: ListUsersInput = {
actorId,
page: query.page || 1,
limit: query.limit || 10,
};
if (query.role !== undefined) input.role = query.role;
if (query.status !== undefined) input.status = query.status;
if (query.email !== undefined) input.email = query.email;
if (query.search !== undefined) input.search = query.search;
if (query.sortBy !== undefined) input.sortBy = query.sortBy;
if (query.sortDirection !== undefined) input.sortDirection = query.sortDirection;
return await this.adminService.listUsers(input);
}
@Get('dashboard/stats')
@RequireAuthenticatedUser()
@RequireRoles('owner', 'admin')
@ApiOperation({ summary: 'Get dashboard statistics (Owner/Super Admin only)' })
@ApiResponse({ status: 200, description: 'Dashboard statistics', type: DashboardStatsResponseDto })
@ApiResponse({ status: 403, description: 'Forbidden - not a system admin' })
async getDashboardStats(
@Req() req: Request,
): Promise<DashboardStatsResponseDto> {
// Get actorId from request (will be set by auth middleware/guard)
const actorId = (req as Request & { user?: { userId?: string } }).user?.userId || 'current-user';
const input = { actorId };
return await this.adminService.getDashboardStats(input);
}
}

53
apps/api/src/domain/admin/AdminModule.ts Normal file
View File

@@ -0,0 +1,53 @@
import { Module } from '@nestjs/common';
import { InMemoryAdminPersistenceModule } from '../../persistence/inmemory/InMemoryAdminPersistenceModule';
import { AdminService } from './AdminService';
import { AdminController } from './AdminController';
import { ListUsersPresenter } from './presenters/ListUsersPresenter';
import { DashboardStatsPresenter } from './presenters/DashboardStatsPresenter';
import { AuthModule } from '../auth/AuthModule';
import { ListUsersUseCase } from '@core/admin/application/use-cases/ListUsersUseCase';
import { GetDashboardStatsUseCase } from './use-cases/GetDashboardStatsUseCase';
import type { UseCaseOutputPort } from '@core/shared/application/UseCaseOutputPort';
import type { ListUsersResult } from '@core/admin/application/use-cases/ListUsersUseCase';
import type { DashboardStatsResult } from './use-cases/GetDashboardStatsUseCase';
import type { IAdminUserRepository } from '@core/admin/domain/repositories/IAdminUserRepository';
export const ADMIN_USER_REPOSITORY_TOKEN = 'IAdminUserRepository';
export const LIST_USERS_OUTPUT_PORT_TOKEN = 'ListUsersOutputPort';
export const DASHBOARD_STATS_OUTPUT_PORT_TOKEN = 'DashboardStatsOutputPort';
@Module({
imports: [InMemoryAdminPersistenceModule, AuthModule],
controllers: [AdminController],
providers: [
AdminService,
ListUsersPresenter,
DashboardStatsPresenter,
{
provide: LIST_USERS_OUTPUT_PORT_TOKEN,
useExisting: ListUsersPresenter,
},
{
provide: DASHBOARD_STATS_OUTPUT_PORT_TOKEN,
useExisting: DashboardStatsPresenter,
},
{
provide: ListUsersUseCase,
useFactory: (
repository: IAdminUserRepository,
output: UseCaseOutputPort<ListUsersResult>,
) => new ListUsersUseCase(repository, output),
inject: [ADMIN_USER_REPOSITORY_TOKEN, LIST_USERS_OUTPUT_PORT_TOKEN],
},
{
provide: GetDashboardStatsUseCase,
useFactory: (
repository: IAdminUserRepository,
output: UseCaseOutputPort<DashboardStatsResult>,
) => new GetDashboardStatsUseCase(repository, output),
inject: [ADMIN_USER_REPOSITORY_TOKEN, DASHBOARD_STATS_OUTPUT_PORT_TOKEN],
},
],
exports: [AdminService],
})
export class AdminModule {}

334
apps/api/src/domain/admin/AdminService.test.ts Normal file
View File

@@ -0,0 +1,334 @@
import { AdminService } from './AdminService';
import { AdminUser } from '@core/admin/domain/entities/AdminUser';
import { Result } from '@core/shared/application/Result';
import { vi, describe, it, expect, beforeEach } from 'vitest';
// Mock use cases
const mockListUsersUseCase = {
execute: vi.fn(),
};
const mockGetDashboardStatsUseCase = {
execute: vi.fn(),
};
// Mock presenters
const mockListUsersPresenter = {
present: vi.fn(),
getViewModel: vi.fn(),
};
const mockDashboardStatsPresenter = {
present: vi.fn(),
responseModel: {},
reset: vi.fn(),
};
describe('AdminService', () => {
describe('TDD - Test First', () => {
let service: AdminService;
beforeEach(() => {
vi.clearAllMocks();
service = new AdminService(
mockListUsersUseCase as any,
mockListUsersPresenter as any,
mockGetDashboardStatsUseCase as any,
mockDashboardStatsPresenter as any
);
});
describe('listUsers', () => {
it('should return empty list when no users exist', async () => {
// Arrange
const expectedResult = {
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue(expectedResult);
// Act
const result = await service.listUsers({ actorId: 'actor-1' });
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith({ actorId: 'actor-1' });
expect(mockListUsersPresenter.getViewModel).toHaveBeenCalled();
expect(result).toEqual(expectedResult);
});
it('should return users when they exist', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['admin'],
status: 'active',
});
const expectedResult = {
users: [user1, user2],
total: 2,
page: 1,
limit: 10,
totalPages: 1,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue({
users: [
{ id: 'user-1', email: 'user1@example.com', displayName: 'User 1', roles: ['user'], status: 'active', isSystemAdmin: false, createdAt: user1.createdAt, updatedAt: user1.updatedAt },
{ id: 'user-2', email: 'user2@example.com', displayName: 'User 2', roles: ['admin'], status: 'active', isSystemAdmin: true, createdAt: user2.createdAt, updatedAt: user2.updatedAt },
],
total: 2,
page: 1,
limit: 10,
totalPages: 1,
});
// Act
const result = await service.listUsers({ actorId: 'actor-1' });
// Assert
expect(result.users).toHaveLength(2);
expect(result.total).toBe(2);
});
it('should apply filters correctly', async () => {
// Arrange
const adminUser = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const expectedResult = {
users: [adminUser],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue({
users: [{ id: 'admin-1', email: 'admin@example.com', displayName: 'Admin', roles: ['admin'], status: 'active', isSystemAdmin: true, createdAt: adminUser.createdAt, updatedAt: adminUser.updatedAt }],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
});
// Act
const result = await service.listUsers({
actorId: 'actor-1',
role: 'admin',
status: 'active',
});
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith(
expect.objectContaining({
actorId: 'actor-1',
role: 'admin',
status: 'active',
})
);
expect(result.users).toHaveLength(1);
});
it('should apply pagination correctly', async () => {
// Arrange
const expectedResult = {
users: [],
total: 50,
page: 3,
limit: 10,
totalPages: 5,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue({
users: [],
total: 50,
page: 3,
limit: 10,
totalPages: 5,
});
// Act
const result = await service.listUsers({
actorId: 'actor-1',
page: 3,
limit: 10,
});
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith(
expect.objectContaining({
actorId: 'actor-1',
page: 3,
limit: 10,
})
);
expect(result.page).toBe(3);
expect(result.limit).toBe(10);
expect(result.totalPages).toBe(5);
});
it('should apply sorting correctly', async () => {
// Arrange
const expectedResult = {
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue(expectedResult);
// Act
await service.listUsers({
actorId: 'actor-1',
sortBy: 'email',
sortDirection: 'desc',
});
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith(
expect.objectContaining({
actorId: 'actor-1',
sortBy: 'email',
sortDirection: 'desc',
})
);
});
it('should handle search filter', async () => {
// Arrange
const expectedResult = {
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue(expectedResult);
// Act
await service.listUsers({
actorId: 'actor-1',
search: 'test',
});
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith(
expect.objectContaining({
actorId: 'actor-1',
search: 'test',
})
);
});
it('should handle email filter', async () => {
// Arrange
const expectedResult = {
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue(expectedResult);
// Act
await service.listUsers({
actorId: 'actor-1',
email: 'test@example.com',
});
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith(
expect.objectContaining({
actorId: 'actor-1',
email: 'test@example.com',
})
);
});
it('should throw error when use case fails', async () => {
// Arrange
const error = { code: 'UNAUTHORIZED', details: { message: 'Not authorized' } };
mockListUsersUseCase.execute.mockResolvedValue(Result.err(error));
// Act & Assert
await expect(
service.listUsers({ actorId: 'actor-1' })
).rejects.toThrow('UNAUTHORIZED: Not authorized');
});
it('should handle all filters together', async () => {
// Arrange
const expectedResult = {
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
};
mockListUsersUseCase.execute.mockResolvedValue(Result.ok(expectedResult));
mockListUsersPresenter.getViewModel.mockReturnValue(expectedResult);
// Act
await service.listUsers({
actorId: 'actor-1',
role: 'admin',
status: 'active',
email: 'admin@example.com',
search: 'admin',
page: 2,
limit: 20,
sortBy: 'displayName',
sortDirection: 'asc',
});
// Assert
expect(mockListUsersUseCase.execute).toHaveBeenCalledWith(
expect.objectContaining({
actorId: 'actor-1',
role: 'admin',
status: 'active',
email: 'admin@example.com',
search: 'admin',
page: 2,
limit: 20,
sortBy: 'displayName',
sortDirection: 'asc',
})
);
});
});
});
});

39
apps/api/src/domain/admin/AdminService.ts Normal file
View File

@@ -0,0 +1,39 @@
import { Injectable } from '@nestjs/common';
import { ListUsersUseCase, ListUsersInput } from '@core/admin/application/use-cases/ListUsersUseCase';
import { ListUsersPresenter, ListUsersViewModel } from './presenters/ListUsersPresenter';
import { GetDashboardStatsUseCase, GetDashboardStatsInput } from './use-cases/GetDashboardStatsUseCase';
import { DashboardStatsPresenter, DashboardStatsResponse } from './presenters/DashboardStatsPresenter';
@Injectable()
export class AdminService {
constructor(
private readonly listUsersUseCase: ListUsersUseCase,
private readonly listUsersPresenter: ListUsersPresenter,
private readonly getDashboardStatsUseCase: GetDashboardStatsUseCase,
private readonly dashboardStatsPresenter: DashboardStatsPresenter,
) {}
async listUsers(input: ListUsersInput): Promise<ListUsersViewModel> {
const result = await this.listUsersUseCase.execute(input);
if (result.isErr()) {
const error = result.unwrapErr();
throw new Error(`${error.code}: ${error.details.message}`);
}
return this.listUsersPresenter.getViewModel();
}
async getDashboardStats(input: GetDashboardStatsInput): Promise<DashboardStatsResponse> {
this.dashboardStatsPresenter.reset();
const result = await this.getDashboardStatsUseCase.execute(input);
if (result.isErr()) {
const error = result.unwrapErr();
throw new Error(`${error.code}: ${error.details.message}`);
}
return this.dashboardStatsPresenter.responseModel;
}
}

13
apps/api/src/domain/admin/RequireSystemAdmin.ts Normal file
View File

@@ -0,0 +1,13 @@
import { SetMetadata } from '@nestjs/common';
export const REQUIRE_SYSTEM_ADMIN_METADATA_KEY = 'gridpilot:requireSystemAdmin';
export type RequireSystemAdminMetadata = {
readonly required: true;
};
export function RequireSystemAdmin(): MethodDecorator & ClassDecorator {
return SetMetadata(REQUIRE_SYSTEM_ADMIN_METADATA_KEY, {
required: true,
} satisfies RequireSystemAdminMetadata);
}

80
apps/api/src/domain/admin/dto/DashboardStatsResponseDto.ts Normal file
View File

@@ -0,0 +1,80 @@
import { ApiProperty } from '@nestjs/swagger';
class UserGrowthDto {
@ApiProperty({ description: 'Label for the time period' })
label!: string;
@ApiProperty({ description: 'Number of new users' })
value!: number;
@ApiProperty({ description: 'Color class for the bar' })
color!: string;
}
class RoleDistributionDto {
@ApiProperty({ description: 'Role name' })
label!: string;
@ApiProperty({ description: 'Number of users with this role' })
value!: number;
@ApiProperty({ description: 'Color class for the bar' })
color!: string;
}
class StatusDistributionDto {
@ApiProperty({ description: 'Number of active users' })
active!: number;
@ApiProperty({ description: 'Number of suspended users' })
suspended!: number;
@ApiProperty({ description: 'Number of deleted users' })
deleted!: number;
}
class ActivityTimelineDto {
@ApiProperty({ description: 'Date label' })
date!: string;
@ApiProperty({ description: 'Number of new users' })
newUsers!: number;
@ApiProperty({ description: 'Number of logins' })
logins!: number;
}
export class DashboardStatsResponseDto {
@ApiProperty({ description: 'Total number of users' })
totalUsers!: number;
@ApiProperty({ description: 'Number of active users' })
activeUsers!: number;
@ApiProperty({ description: 'Number of suspended users' })
suspendedUsers!: number;
@ApiProperty({ description: 'Number of deleted users' })
deletedUsers!: number;
@ApiProperty({ description: 'Number of system admins' })
systemAdmins!: number;
@ApiProperty({ description: 'Number of recent logins (last 24h)' })
recentLogins!: number;
@ApiProperty({ description: 'Number of new users today' })
newUsersToday!: number;
@ApiProperty({ type: [UserGrowthDto], description: 'User growth over last 7 days' })
userGrowth!: UserGrowthDto[];
@ApiProperty({ type: [RoleDistributionDto], description: 'Distribution of user roles' })
roleDistribution!: RoleDistributionDto[];
@ApiProperty({ type: StatusDistributionDto, description: 'Distribution of user statuses' })
statusDistribution!: StatusDistributionDto;
@ApiProperty({ type: [ActivityTimelineDto], description: 'Activity timeline for last 7 days' })
activityTimeline!: ActivityTimelineDto[];
}

119
apps/api/src/domain/admin/dtos/ListUsersRequestDto.test.ts Normal file
View File

@@ -0,0 +1,119 @@
import { ListUsersRequestDto } from './ListUsersRequestDto';
describe('ListUsersRequestDto', () => {
describe('TDD - Test First', () => {
it('should create valid DTO with all fields', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.role = 'admin';
dto.status = 'active';
dto.email = 'test@example.com';
dto.search = 'test';
dto.page = 2;
dto.limit = 20;
dto.sortBy = 'email';
dto.sortDirection = 'desc';
// Assert
expect(dto.role).toBe('admin');
expect(dto.status).toBe('active');
expect(dto.email).toBe('test@example.com');
expect(dto.search).toBe('test');
expect(dto.page).toBe(2);
expect(dto.limit).toBe(20);
expect(dto.sortBy).toBe('email');
expect(dto.sortDirection).toBe('desc');
});
it('should create DTO with optional fields undefined', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
// Assert
expect(dto.role).toBeUndefined();
expect(dto.status).toBeUndefined();
expect(dto.email).toBeUndefined();
expect(dto.search).toBeUndefined();
expect(dto.page).toBeUndefined();
expect(dto.limit).toBeUndefined();
expect(dto.sortBy).toBeUndefined();
expect(dto.sortDirection).toBeUndefined();
});
it('should handle partial input', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.page = 1;
dto.limit = 10;
// Assert
expect(dto.page).toBe(1);
expect(dto.limit).toBe(10);
expect(dto.role).toBeUndefined();
expect(dto.status).toBeUndefined();
});
it('should accept string values for all fields', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.role = 'owner';
dto.status = 'suspended';
dto.email = 'suspended@example.com';
dto.search = 'suspended';
dto.page = 3;
dto.limit = 50;
dto.sortBy = 'displayName';
dto.sortDirection = 'asc';
// Assert
expect(dto.role).toBe('owner');
expect(dto.status).toBe('suspended');
expect(dto.email).toBe('suspended@example.com');
expect(dto.search).toBe('suspended');
expect(dto.page).toBe(3);
expect(dto.limit).toBe(50);
expect(dto.sortBy).toBe('displayName');
expect(dto.sortDirection).toBe('asc');
});
it('should handle numeric string values for pagination', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.page = '5' as any;
dto.limit = '25' as any;
// Assert - Should accept the values
expect(dto.page).toBe('5');
expect(dto.limit).toBe('25');
});
it('should handle empty string values', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.role = '';
dto.search = '';
// Assert
expect(dto.role).toBe('');
expect(dto.search).toBe('');
});
it('should handle special characters in search', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.search = 'test@example.com';
// Assert
expect(dto.search).toBe('test@example.com');
});
it('should handle unicode characters', () => {
// Arrange & Act
const dto = new ListUsersRequestDto();
dto.search = 'tëst ñame';
// Assert
expect(dto.search).toBe('tëst ñame');
});
});
});

73
apps/api/src/domain/admin/dtos/ListUsersRequestDto.ts Normal file
View File

@@ -0,0 +1,73 @@
import { ApiPropertyOptional } from '@nestjs/swagger';
import { IsOptional, IsString, IsNumber, Min, Max } from 'class-validator';
export class ListUsersRequestDto {
@ApiPropertyOptional({
description: 'Filter by user role',
enum: ['owner', 'admin', 'user'],
})
@IsOptional()
@IsString()
role?: string;
@ApiPropertyOptional({
description: 'Filter by user status',
enum: ['active', 'suspended', 'deleted'],
})
@IsOptional()
@IsString()
status?: string;
@ApiPropertyOptional({
description: 'Filter by email',
})
@IsOptional()
@IsString()
email?: string;
@ApiPropertyOptional({
description: 'Search by email or display name',
})
@IsOptional()
@IsString()
search?: string;
@ApiPropertyOptional({
description: 'Page number',
default: 1,
minimum: 1,
})
@IsOptional()
@IsNumber()
@Min(1)
page?: number;
@ApiPropertyOptional({
description: 'Items per page',
default: 10,
minimum: 1,
maximum: 100,
})
@IsOptional()
@IsNumber()
@Min(1)
@Max(100)
limit?: number;
@ApiPropertyOptional({
description: 'Sort field',
enum: ['email', 'displayName', 'createdAt', 'lastLoginAt', 'status'],
})
@IsOptional()
@IsString()
sortBy?: 'email' | 'displayName' | 'createdAt' | 'lastLoginAt' | 'status';
@ApiPropertyOptional({
description: 'Sort direction',
enum: ['asc', 'desc'],
default: 'asc',
})
@IsOptional()
@IsString()
sortDirection?: 'asc' | 'desc';
}

232
apps/api/src/domain/admin/dtos/UserResponseDto.test.ts Normal file
View File

@@ -0,0 +1,232 @@
import { UserResponseDto } from './UserResponseDto';
describe('UserResponseDto', () => {
describe('TDD - Test First', () => {
it('should create valid DTO with all fields', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['owner', 'admin'];
dto.status = 'active';
dto.isSystemAdmin = true;
dto.createdAt = new Date('2024-01-01T00:00:00Z');
dto.updatedAt = new Date('2024-01-02T00:00:00Z');
dto.lastLoginAt = new Date('2024-01-03T00:00:00Z');
dto.primaryDriverId = 'driver-456';
// Assert
expect(dto.id).toBe('user-123');
expect(dto.email).toBe('test@example.com');
expect(dto.displayName).toBe('Test User');
expect(dto.roles).toEqual(['owner', 'admin']);
expect(dto.status).toBe('active');
expect(dto.isSystemAdmin).toBe(true);
expect(dto.createdAt).toEqual(new Date('2024-01-01T00:00:00Z'));
expect(dto.updatedAt).toEqual(new Date('2024-01-02T00:00:00Z'));
expect(dto.lastLoginAt).toEqual(new Date('2024-01-03T00:00:00Z'));
expect(dto.primaryDriverId).toBe('driver-456');
});
it('should create DTO with required fields only', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.id).toBe('user-123');
expect(dto.email).toBe('test@example.com');
expect(dto.displayName).toBe('Test User');
expect(dto.roles).toEqual(['user']);
expect(dto.status).toBe('active');
expect(dto.isSystemAdmin).toBe(false);
expect(dto.createdAt).toBeInstanceOf(Date);
expect(dto.updatedAt).toBeInstanceOf(Date);
expect(dto.lastLoginAt).toBeUndefined();
expect(dto.primaryDriverId).toBeUndefined();
});
it('should handle empty roles array', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = [];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.roles).toEqual([]);
});
it('should handle single role', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['admin'];
dto.status = 'active';
dto.isSystemAdmin = true;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.roles).toEqual(['admin']);
expect(dto.isSystemAdmin).toBe(true);
});
it('should handle suspended status', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'suspended';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.status).toBe('suspended');
});
it('should handle deleted status', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'deleted';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.status).toBe('deleted');
});
it('should handle very long display names', () => {
// Arrange
const longName = 'A'.repeat(100);
// Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = longName;
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.displayName).toBe(longName);
});
it('should handle special characters in email', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test+tag@example.co.uk';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.email).toBe('test+tag@example.co.uk');
});
it('should handle unicode in display name', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Tëst Ñame';
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.displayName).toBe('Tëst Ñame');
});
it('should handle UUID format for ID', () => {
// Arrange
const uuid = '550e8400-e29b-41d4-a716-446655440000';
// Act
const dto = new UserResponseDto();
dto.id = uuid;
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
// Assert
expect(dto.id).toBe(uuid);
});
it('should handle numeric primary driver ID', () => {
// Arrange & Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = new Date();
dto.updatedAt = new Date();
dto.primaryDriverId = '123456';
// Assert
expect(dto.primaryDriverId).toBe('123456');
});
it('should handle very old and very new dates', () => {
// Arrange
const oldDate = new Date('1970-01-01T00:00:00Z');
const newDate = new Date('2099-12-31T23:59:59Z');
// Act
const dto = new UserResponseDto();
dto.id = 'user-123';
dto.email = 'test@example.com';
dto.displayName = 'Test User';
dto.roles = ['user'];
dto.status = 'active';
dto.isSystemAdmin = false;
dto.createdAt = oldDate;
dto.updatedAt = newDate;
dto.lastLoginAt = newDate;
// Assert
expect(dto.createdAt).toEqual(oldDate);
expect(dto.updatedAt).toEqual(newDate);
expect(dto.lastLoginAt).toEqual(newDate);
});
});
});

50
apps/api/src/domain/admin/dtos/UserResponseDto.ts Normal file
View File

@@ -0,0 +1,50 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
export class UserResponseDto {
@ApiProperty({ description: 'User ID' })
id: string = '';
@ApiProperty({ description: 'User email' })
email: string = '';
@ApiProperty({ description: 'Display name' })
displayName: string = '';
@ApiProperty({ description: 'User roles', type: [String] })
roles: string[] = [];
@ApiProperty({ description: 'User status' })
status: string = '';
@ApiProperty({ description: 'Whether user is system admin' })
isSystemAdmin: boolean = false;
@ApiProperty({ description: 'Account creation date' })
createdAt: Date = new Date();
@ApiProperty({ description: 'Last update date' })
updatedAt: Date = new Date();
@ApiPropertyOptional({ description: 'Last login date' })
lastLoginAt?: Date;
@ApiPropertyOptional({ description: 'Primary driver ID' })
primaryDriverId?: string;
}
export class UserListResponseDto {
@ApiProperty({ description: 'List of users', type: [UserResponseDto] })
users: UserResponseDto[] = [];
@ApiProperty({ description: 'Total number of users' })
total: number = 0;
@ApiProperty({ description: 'Current page number' })
page: number = 1;
@ApiProperty({ description: 'Items per page' })
limit: number = 10;
@ApiProperty({ description: 'Total number of pages' })
totalPages: number = 0;
}

63
apps/api/src/domain/admin/presenters/DashboardStatsPresenter.ts Normal file
View File

@@ -0,0 +1,63 @@
import type { UseCaseOutputPort } from '@core/shared/application/UseCaseOutputPort';
import type { DashboardStatsResult } from '../use-cases/GetDashboardStatsUseCase';
export interface DashboardStatsResponse {
totalUsers: number;
activeUsers: number;
suspendedUsers: number;
deletedUsers: number;
systemAdmins: number;
recentLogins: number;
newUsersToday: number;
userGrowth: {
label: string;
value: number;
color: string;
}[];
roleDistribution: {
label: string;
value: number;
color: string;
}[];
statusDistribution: {
active: number;
suspended: number;
deleted: number;
};
activityTimeline: {
date: string;
newUsers: number;
logins: number;
}[];
}
export class DashboardStatsPresenter implements UseCaseOutputPort<DashboardStatsResult> {
private _responseModel: DashboardStatsResponse | null = null;
present(result: DashboardStatsResult): void {
this._responseModel = {
totalUsers: result.totalUsers,
activeUsers: result.activeUsers,
suspendedUsers: result.suspendedUsers,
deletedUsers: result.deletedUsers,
systemAdmins: result.systemAdmins,
recentLogins: result.recentLogins,
newUsersToday: result.newUsersToday,
userGrowth: result.userGrowth,
roleDistribution: result.roleDistribution,
statusDistribution: result.statusDistribution,
activityTimeline: result.activityTimeline,
};
}
get responseModel(): DashboardStatsResponse {
if (!this._responseModel) {
throw new Error('No response model available. Call present() first.');
}
return this._responseModel;
}
reset(): void {
this._responseModel = null;
}
}

398
apps/api/src/domain/admin/presenters/ListUsersPresenter.test.ts Normal file
View File

@@ -0,0 +1,398 @@
import { ListUsersPresenter } from './ListUsersPresenter';
import { ListUsersResult } from '@core/admin/application/use-cases/ListUsersUseCase';
import { AdminUser } from '@core/admin/domain/entities/AdminUser';
describe('ListUsersPresenter', () => {
describe('TDD - Test First', () => {
it('should convert result to response DTO with all fields', () => {
// Arrange - Create domain objects
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['user'],
status: 'active',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
lastLoginAt: new Date('2024-01-03T00:00:00Z'),
primaryDriverId: 'driver-1',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User Two',
roles: ['owner'],
status: 'active',
createdAt: new Date('2024-01-04T00:00:00Z'),
updatedAt: new Date('2024-01-05T00:00:00Z'),
lastLoginAt: new Date('2024-01-06T00:00:00Z'),
primaryDriverId: 'driver-2',
});
const result: ListUsersResult = {
users: [user1, user2],
total: 2,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
expect(response.users).toHaveLength(2);
expect(response.total).toBe(2);
expect(response.page).toBe(1);
expect(response.limit).toBe(10);
expect(response.totalPages).toBe(1);
// Check first user
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.id).toBe('user-1');
expect(user0.email).toBe('user1@example.com');
expect(user0.displayName).toBe('User One');
expect(user0.roles).toEqual(['user']);
expect(user0.status).toBe('active');
expect(user0.isSystemAdmin).toBe(false);
expect(user0.createdAt).toEqual(new Date('2024-01-01T00:00:00Z'));
expect(user0.updatedAt).toEqual(new Date('2024-01-02T00:00:00Z'));
expect(user0.lastLoginAt).toEqual(new Date('2024-01-03T00:00:00Z'));
expect(user0.primaryDriverId).toBe('driver-1');
}
// Check second user
const user1Response = response.users[1];
expect(user1Response).toBeDefined();
if (user1Response) {
expect(user1Response.id).toBe('user-2');
expect(user1Response.email).toBe('user2@example.com');
expect(user1Response.displayName).toBe('User Two');
expect(user1Response.roles).toEqual(['owner']);
expect(user1Response.status).toBe('active');
expect(user1Response.isSystemAdmin).toBe(true);
expect(user1Response.createdAt).toEqual(new Date('2024-01-04T00:00:00Z'));
expect(user1Response.updatedAt).toEqual(new Date('2024-01-05T00:00:00Z'));
expect(user1Response.lastLoginAt).toEqual(new Date('2024-01-06T00:00:00Z'));
expect(user1Response.primaryDriverId).toBe('driver-2');
}
});
it('should handle empty user list', () => {
// Arrange
const result: ListUsersResult = {
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
expect(response.users).toEqual([]);
expect(response.total).toBe(0);
expect(response.page).toBe(1);
expect(response.limit).toBe(10);
expect(response.totalPages).toBe(0);
});
it('should handle users without optional fields', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['user'],
status: 'active',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
expect(response.users).toHaveLength(1);
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.lastLoginAt).toBeUndefined();
expect(user0.primaryDriverId).toBeUndefined();
}
});
it('should handle users with multiple roles', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['owner', 'admin'],
status: 'active',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.roles).toEqual(['owner', 'admin']);
expect(user0.isSystemAdmin).toBe(true);
}
});
it('should handle suspended users', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['user'],
status: 'suspended',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.status).toBe('suspended');
}
});
it('should handle deleted users', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['user'],
status: 'deleted',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.status).toBe('deleted');
}
});
it('should handle pagination metadata correctly', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['user'],
status: 'active',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 15,
page: 2,
limit: 5,
totalPages: 3,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
expect(response.total).toBe(15);
expect(response.page).toBe(2);
expect(response.limit).toBe(5);
expect(response.totalPages).toBe(3);
});
it('should handle special characters in user data', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-123',
email: 'test+tag@example.co.uk',
displayName: 'Tëst Ñame',
roles: ['admin-steward'],
status: 'under-review',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
primaryDriverId: 'driver-123',
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.email).toBe('test+tag@example.co.uk');
expect(user0.displayName).toBe('Tëst Ñame');
expect(user0.roles).toEqual(['admin-steward']);
expect(user0.status).toBe('under-review');
expect(user0.primaryDriverId).toBe('driver-123');
}
});
it('should handle very long display names', () => {
// Arrange
const longName = 'A'.repeat(100);
const user1 = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: longName,
roles: ['user'],
status: 'active',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.displayName).toBe(longName);
}
});
it('should handle UUID format for IDs', () => {
// Arrange
const uuid = '550e8400-e29b-41d4-a716-446655440000';
const user1 = AdminUser.create({
id: uuid,
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.id).toBe(uuid);
}
});
it('should handle very old and very new dates', () => {
// Arrange
const oldDate = new Date('1970-01-01T00:00:00Z');
const newDate = new Date('2099-12-31T23:59:59Z');
const user1 = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
createdAt: oldDate,
updatedAt: newDate,
lastLoginAt: newDate,
});
const result: ListUsersResult = {
users: [user1],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
};
// Act
const response = ListUsersPresenter.toResponse(result);
// Assert
const user0 = response.users[0];
expect(user0).toBeDefined();
if (user0) {
expect(user0.createdAt).toEqual(oldDate);
expect(user0.updatedAt).toEqual(newDate);
expect(user0.lastLoginAt).toEqual(newDate);
}
});
});
});

85
apps/api/src/domain/admin/presenters/ListUsersPresenter.ts Normal file
View File

@@ -0,0 +1,85 @@
import { UseCaseOutputPort } from '@core/shared/application/UseCaseOutputPort';
import { ListUsersResult } from '@core/admin/application/use-cases/ListUsersUseCase';
import { UserListResponseDto, UserResponseDto } from '../dtos/UserResponseDto';
import type { AdminUser } from '@core/admin/domain/entities/AdminUser';
export type ListUsersViewModel = UserListResponseDto;
/**
* Presenter to convert application layer result to API response DTO
* Implements UseCaseOutputPort to receive results from the use case
*/
export class ListUsersPresenter implements UseCaseOutputPort<ListUsersResult> {
private viewModel!: ListUsersViewModel;
present(result: ListUsersResult): void {
this.viewModel = {
users: result.users.map(user => this.toUserResponse(user)),
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
};
}
getViewModel(): ListUsersViewModel {
if (!this.viewModel) {
throw new Error('Presenter not presented');
}
return this.viewModel;
}
// Static method for backward compatibility with tests
static toResponse(result: ListUsersResult): UserListResponseDto {
const presenter = new ListUsersPresenter();
presenter.present(result);
return presenter.getViewModel();
}
private toUserResponse(user: AdminUser | Record<string, unknown>): UserResponseDto {
const response = new UserResponseDto();
// Handle both domain objects and plain objects
if (user.id && typeof user.id === 'object' && 'value' in (user.id as Record<string, unknown>)) {
// Domain object
const domainUser = user as AdminUser;
response.id = domainUser.id.value;
response.email = domainUser.email.value;
response.displayName = domainUser.displayName;
response.roles = domainUser.roles.map(r => r.value);
response.status = domainUser.status.value;
response.isSystemAdmin = domainUser.isSystemAdmin();
response.createdAt = domainUser.createdAt;
response.updatedAt = domainUser.updatedAt;
if (domainUser.lastLoginAt) {
response.lastLoginAt = domainUser.lastLoginAt;
}
if (domainUser.primaryDriverId) {
response.primaryDriverId = domainUser.primaryDriverId;
}
} else {
// Plain object (for tests)
const plainUser = user as Record<string, unknown>;
response.id = plainUser.id as string;
response.email = plainUser.email as string;
response.displayName = plainUser.displayName as string;
response.roles = plainUser.roles as string[];
response.status = plainUser.status as string;
response.isSystemAdmin = plainUser.isSystemAdmin as boolean;
response.createdAt = plainUser.createdAt as Date;
response.updatedAt = plainUser.updatedAt as Date;
if (plainUser.lastLoginAt) {
response.lastLoginAt = plainUser.lastLoginAt as Date;
}
if (plainUser.primaryDriverId) {
response.primaryDriverId = plainUser.primaryDriverId as string;
}
}
return response;
}
}

180
apps/api/src/domain/admin/use-cases/GetDashboardStatsUseCase.ts Normal file
View File

@@ -0,0 +1,180 @@
import { Result } from '@core/shared/application/Result';
import type { ApplicationErrorCode } from '@core/shared/errors/ApplicationErrorCode';
import type { UseCaseOutputPort } from '@core/shared/application/UseCaseOutputPort';
import type { IAdminUserRepository } from '@core/admin/domain/repositories/IAdminUserRepository';
import { AuthorizationService } from '@core/admin/domain/services/AuthorizationService';
import { UserId } from '@core/admin/domain/value-objects/UserId';
export interface DashboardStatsResult {
totalUsers: number;
activeUsers: number;
suspendedUsers: number;
deletedUsers: number;
systemAdmins: number;
recentLogins: number;
newUsersToday: number;
userGrowth: {
label: string;
value: number;
color: string;
}[];
roleDistribution: {
label: string;
value: number;
color: string;
}[];
statusDistribution: {
active: number;
suspended: number;
deleted: number;
};
activityTimeline: {
date: string;
newUsers: number;
logins: number;
}[];
}
export type GetDashboardStatsInput = {
actorId: string;
};
export type GetDashboardStatsErrorCode = 'AUTHORIZATION_ERROR' | 'REPOSITORY_ERROR';
export type GetDashboardStatsApplicationError = ApplicationErrorCode<GetDashboardStatsErrorCode, { message: string; details?: unknown }>;
export class GetDashboardStatsUseCase {
constructor(
private readonly adminUserRepo: IAdminUserRepository,
private readonly output: UseCaseOutputPort<DashboardStatsResult>,
) {}
async execute(input: GetDashboardStatsInput): Promise<Result<void, GetDashboardStatsApplicationError>> {
try {
// Get actor (current user)
const actor = await this.adminUserRepo.findById(UserId.fromString(input.actorId));
if (!actor) {
return Result.err({
code: 'AUTHORIZATION_ERROR',
details: { message: 'Actor not found' },
});
}
// Check authorization
if (!AuthorizationService.canListUsers(actor)) {
return Result.err({
code: 'AUTHORIZATION_ERROR',
details: { message: 'User is not authorized to view dashboard' },
});
}
// Get all users
const allUsersResult = await this.adminUserRepo.list();
const allUsers = allUsersResult.users;
// Calculate basic stats
const totalUsers = allUsers.length;
const activeUsers = allUsers.filter(u => u.status.value === 'active').length;
const suspendedUsers = allUsers.filter(u => u.status.value === 'suspended').length;
const deletedUsers = allUsers.filter(u => u.status.value === 'deleted').length;
const systemAdmins = allUsers.filter(u => u.isSystemAdmin()).length;
// Recent logins (last 24 hours)
const oneDayAgo = new Date();
oneDayAgo.setDate(oneDayAgo.getDate() - 1);
const recentLogins = allUsers.filter(u => u.lastLoginAt && u.lastLoginAt > oneDayAgo).length;
// New users today
const today = new Date();
today.setHours(0, 0, 0, 0);
const newUsersToday = allUsers.filter(u => u.createdAt > today).length;
// Role distribution
const roleCounts: Record<string, number> = {};
allUsers.forEach(user => {
user.roles.forEach(role => {
const roleValue = role.value;
roleCounts[roleValue] = (roleCounts[roleValue] || 0) + 1;
});
});
const roleDistribution = Object.entries(roleCounts).map(([role, count]) => ({
label: role.charAt(0).toUpperCase() + role.slice(1),
value: count,
color: role === 'owner' ? 'text-purple-500' : role === 'admin' ? 'text-blue-500' : 'text-gray-500',
}));
// User growth (last 7 days)
const userGrowth: DashboardStatsResult['userGrowth'] = [];
for (let i = 6; i >= 0; i--) {
const date = new Date();
date.setDate(date.getDate() - i);
const dateStr = date.toLocaleDateString('en-US', { month: 'short', day: 'numeric' });
const count = allUsers.filter(u => {
const userDate = new Date(u.createdAt);
return userDate.toDateString() === date.toDateString();
}).length;
userGrowth.push({
label: dateStr,
value: count,
color: 'text-primary-blue',
});
}
// Activity timeline (last 7 days)
const activityTimeline: DashboardStatsResult['activityTimeline'] = [];
for (let i = 6; i >= 0; i--) {
const date = new Date();
date.setDate(date.getDate() - i);
const dateStr = date.toLocaleDateString('en-US', { month: 'short', day: 'numeric' });
const newUsers = allUsers.filter(u => {
const userDate = new Date(u.createdAt);
return userDate.toDateString() === date.toDateString();
}).length;
const logins = allUsers.filter(u => {
const loginDate = u.lastLoginAt;
return loginDate && loginDate.toDateString() === date.toDateString();
}).length;
activityTimeline.push({
date: dateStr,
newUsers,
logins,
});
}
const result: DashboardStatsResult = {
totalUsers,
activeUsers,
suspendedUsers,
deletedUsers,
systemAdmins,
recentLogins,
newUsersToday,
userGrowth,
roleDistribution,
statusDistribution: {
active: activeUsers,
suspended: suspendedUsers,
deleted: deletedUsers,
},
activityTimeline,
};
this.output.present(result);
return Result.ok(undefined);
} catch (error) {
const message = error instanceof Error ? error.message : 'Failed to get dashboard stats';
return Result.err({
code: 'REPOSITORY_ERROR',
details: { message },
});
}
}
}

2
apps/api/src/domain/auth/dtos/AuthDto.ts
View File

@@ -12,6 +12,8 @@ export class AuthenticatedUserDTO {
primaryDriverId?: string; primaryDriverId?: string;
@ApiProperty({ required: false, nullable: true }) @ApiProperty({ required: false, nullable: true })
avatarUrl?: string | null; avatarUrl?: string | null;
@ApiProperty({ required: false, enum: ['driver', 'sponsor', 'league-owner', 'league-steward', 'league-admin', 'system-owner', 'super-admin'] })
role?: 'driver' | 'sponsor' | 'league-owner' | 'league-steward' | 'league-admin' | 'system-owner' | 'super-admin';
} }
export class AuthSessionDTO { export class AuthSessionDTO {

11
apps/api/src/persistence/admin/AdminPersistenceModule.ts Normal file
View File

@@ -0,0 +1,11 @@
/**
* Admin Persistence Module
*
* Abstract module interface for admin persistence.
* Both InMemory and TypeORM implementations should export this.
*/
import { Module } from '@nestjs/common';
@Module({})
export class AdminPersistenceModule {}

7
apps/api/src/persistence/admin/AdminPersistenceTokens.ts Normal file
View File

@@ -0,0 +1,7 @@
/**
* Admin Persistence Tokens
*
* Dependency injection tokens for admin persistence layer.
*/
export const ADMIN_USER_REPOSITORY_TOKEN = 'IAdminUserRepository';

15
apps/api/src/persistence/inmemory/InMemoryAdminPersistenceModule.ts Normal file
View File

@@ -0,0 +1,15 @@
import { InMemoryAdminUserRepository } from '@core/admin/infrastructure/persistence/InMemoryAdminUserRepository';
import { Module } from '@nestjs/common';
import { ADMIN_USER_REPOSITORY_TOKEN } from '../admin/AdminPersistenceTokens';
@Module({
providers: [
{
provide: ADMIN_USER_REPOSITORY_TOKEN,
useClass: InMemoryAdminUserRepository,
},
],
exports: [ADMIN_USER_REPOSITORY_TOKEN],
})
export class InMemoryAdminPersistenceModule {}

26
apps/api/src/persistence/postgres/PostgresAdminPersistenceModule.ts Normal file
View File

@@ -0,0 +1,26 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule, getDataSourceToken } from '@nestjs/typeorm';
import type { DataSource } from 'typeorm';
import { AdminUserOrmEntity } from '@core/admin/infrastructure/typeorm/entities/AdminUserOrmEntity';
import { TypeOrmAdminUserRepository } from '@core/admin/infrastructure/typeorm/repositories/TypeOrmAdminUserRepository';
import { AdminUserOrmMapper } from '@core/admin/infrastructure/typeorm/mappers/AdminUserOrmMapper';
import { ADMIN_USER_REPOSITORY_TOKEN } from '../admin/AdminPersistenceTokens';
const typeOrmFeatureImports = [TypeOrmModule.forFeature([AdminUserOrmEntity])];
@Module({
imports: [...typeOrmFeatureImports],
providers: [
{ provide: AdminUserOrmMapper, useFactory: () => new AdminUserOrmMapper() },
{
provide: ADMIN_USER_REPOSITORY_TOKEN,
useFactory: (dataSource: DataSource, mapper: AdminUserOrmMapper) =>
new TypeOrmAdminUserRepository(dataSource, mapper),
inject: [getDataSourceToken(), AdminUserOrmMapper],
},
],
exports: [ADMIN_USER_REPOSITORY_TOKEN],
})
export class PostgresAdminPersistenceModule {}

26
apps/api/src/persistence/typeorm/TypeOrmAdminPersistenceModule.ts Normal file
View File

@@ -0,0 +1,26 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule, getDataSourceToken } from '@nestjs/typeorm';
import type { DataSource } from 'typeorm';
import { AdminUserOrmEntity } from '@core/admin/infrastructure/typeorm/entities/AdminUserOrmEntity';
import { TypeOrmAdminUserRepository } from '@core/admin/infrastructure/typeorm/repositories/TypeOrmAdminUserRepository';
import { AdminUserOrmMapper } from '@core/admin/infrastructure/typeorm/mappers/AdminUserOrmMapper';
import { ADMIN_USER_REPOSITORY_TOKEN } from '../admin/AdminPersistenceTokens';
const typeOrmFeatureImports = [TypeOrmModule.forFeature([AdminUserOrmEntity])];
@Module({
imports: [...typeOrmFeatureImports],
providers: [
{ provide: AdminUserOrmMapper, useFactory: () => new AdminUserOrmMapper() },
{
provide: ADMIN_USER_REPOSITORY_TOKEN,
useFactory: (dataSource: DataSource, mapper: AdminUserOrmMapper) =>
new TypeOrmAdminUserRepository(dataSource, mapper),
inject: [getDataSourceToken(), AdminUserOrmMapper],
},
],
exports: [ADMIN_USER_REPOSITORY_TOKEN],
})
export class TypeOrmAdminPersistenceModule {}

13
apps/website/app/admin/page.tsx Normal file
View File

@@ -0,0 +1,13 @@
import { AdminLayout } from '@/components/admin/AdminLayout';
import { AdminDashboardPage } from '@/components/admin/AdminDashboardPage';
import { RouteGuard } from '@/lib/gateways/RouteGuard';
export default function AdminPage() {
return (
<RouteGuard config={{ requiredRoles: ['owner', 'admin'] }}>
<AdminLayout>
<AdminDashboardPage />
</AdminLayout>
</RouteGuard>
);
}

13
apps/website/app/admin/users/page.tsx Normal file
View File

@@ -0,0 +1,13 @@
import { AdminLayout } from '@/components/admin/AdminLayout';
import { AdminUsersPage } from '@/components/admin/AdminUsersPage';
import { RouteGuard } from '@/lib/gateways/RouteGuard';
export default function AdminUsers() {
return (
<RouteGuard config={{ requiredRoles: ['owner', 'admin'] }}>
<AdminLayout>
<AdminUsersPage />
</AdminLayout>
</RouteGuard>
);
}

217
apps/website/components/admin/AdminDashboardPage.tsx Normal file
View File

@@ -0,0 +1,217 @@
'use client';
import { useState, useEffect } from 'react';
import { apiClient } from '@/lib/apiClient';
import Card from '@/components/ui/Card';
import { AdminViewModelService } from '@/lib/services/AdminViewModelService';
import { DashboardStatsViewModel } from '@/lib/view-models/AdminUserViewModel';
import {
Users,
Shield,
Activity,
Clock,
AlertTriangle,
RefreshCw
} from 'lucide-react';
export function AdminDashboardPage() {
const [stats, setStats] = useState<DashboardStatsViewModel | null>(null);
const [loading, setLoading] = useState(true);
const [error, setError] = useState<string | null>(null);
useEffect(() => {
loadStats();
}, []);
const loadStats = async () => {
try {
setLoading(true);
setError(null);
const response = await apiClient.admin.getDashboardStats();
// Map DTO to View Model
const viewModel = AdminViewModelService.mapDashboardStats(response);
setStats(viewModel);
} catch (err) {
const message = err instanceof Error ? err.message : 'Failed to load stats';
if (message.includes('403') || message.includes('401')) {
setError('Access denied - You must be logged in as an Owner or Admin');
} else {
setError(message);
}
} finally {
setLoading(false);
}
};
if (loading) {
return (
<div className="flex flex-col items-center justify-center py-20 space-y-3">
<div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary-blue"></div>
<div className="text-gray-400">Loading dashboard...</div>
</div>
);
}
if (error) {
return (
<div className="container mx-auto p-6">
<div className="bg-racing-red/10 border border-racing-red text-racing-red px-4 py-3 rounded-lg flex items-start gap-3">
<AlertTriangle className="w-5 h-5 mt-0.5 flex-shrink-0" />
<div className="flex-1">
<div className="font-medium">Error</div>
<div className="text-sm opacity-90">{error}</div>
</div>
<button
onClick={loadStats}
className="px-3 py-1 text-xs bg-racing-red/20 hover:bg-racing-red/30 rounded"
>
Retry
</button>
</div>
</div>
);
}
if (!stats) {
return null;
}
return (
<div className="container mx-auto p-6 space-y-6">
{/* Header */}
<div className="flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-white">Admin Dashboard</h1>
<p className="text-gray-400 mt-1">System overview and statistics</p>
</div>
<button
onClick={loadStats}
disabled={loading}
className="px-4 py-2 bg-iron-gray border border-charcoal-outline rounded-lg text-white hover:bg-iron-gray/80 transition-colors flex items-center gap-2 disabled:opacity-50"
>
<RefreshCw className={`w-4 h-4 ${loading ? 'animate-spin' : ''}`} />
Refresh
</button>
</div>
{/* Stats Cards */}
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
<Card className="bg-gradient-to-br from-blue-900/20 to-blue-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Total Users</div>
<div className="text-3xl font-bold text-white">{stats.totalUsers}</div>
</div>
<Users className="w-8 h-8 text-blue-400" />
</div>
</Card>
<Card className="bg-gradient-to-br from-purple-900/20 to-purple-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Admins</div>
<div className="text-3xl font-bold text-white">{stats.adminCount}</div>
</div>
<Shield className="w-8 h-8 text-purple-400" />
</div>
</Card>
<Card className="bg-gradient-to-br from-green-900/20 to-green-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Active Users</div>
<div className="text-3xl font-bold text-white">{stats.activeUsers}</div>
</div>
<Activity className="w-8 h-8 text-green-400" />
</div>
</Card>
<Card className="bg-gradient-to-br from-orange-900/20 to-orange-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Recent Logins</div>
<div className="text-3xl font-bold text-white">{stats.recentLogins}</div>
</div>
<Clock className="w-8 h-8 text-orange-400" />
</div>
</Card>
</div>
{/* Activity Overview */}
<div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
{/* Recent Activity */}
<Card>
<h3 className="text-lg font-semibold text-white mb-4">Recent Activity</h3>
<div className="space-y-3">
{stats.recentActivity.length > 0 ? (
stats.recentActivity.map((activity, index) => (
<div
key={index}
className="flex items-center justify-between p-3 bg-iron-gray/30 rounded-lg border border-charcoal-outline/50"
>
<div className="flex-1">
<div className="text-sm text-white">{activity.description}</div>
<div className="text-xs text-gray-500">{activity.timestamp}</div>
</div>
<span className={`px-2 py-1 text-xs rounded-full ${
activity.type === 'user_created' ? 'bg-blue-500/20 text-blue-300' :
activity.type === 'user_suspended' ? 'bg-yellow-500/20 text-yellow-300' :
activity.type === 'user_deleted' ? 'bg-red-500/20 text-red-300' :
'bg-gray-500/20 text-gray-300'
}`}>
{activity.type.replace('_', ' ')}
</span>
</div>
))
) : (
<div className="text-center py-8 text-gray-500">No recent activity</div>
)}
</div>
</Card>
{/* System Status */}
<Card>
<h3 className="text-lg font-semibold text-white mb-4">System Status</h3>
<div className="space-y-4">
<div className="flex items-center justify-between">
<span className="text-sm text-gray-400">System Health</span>
<span className="px-2 py-1 text-xs rounded-full bg-performance-green/20 text-performance-green">
{stats.systemHealth}
</span>
</div>
<div className="flex items-center justify-between">
<span className="text-sm text-gray-400">Total Sessions</span>
<span className="text-white font-medium">{stats.totalSessions}</span>
</div>
<div className="flex items-center justify-between">
<span className="text-sm text-gray-400">Active Sessions</span>
<span className="text-white font-medium">{stats.activeSessions}</span>
</div>
<div className="flex items-center justify-between">
<span className="text-sm text-gray-400">Avg Session Duration</span>
<span className="text-white font-medium">{stats.avgSessionDuration}</span>
</div>
</div>
</Card>
</div>
{/* Quick Actions */}
<Card>
<h3 className="text-lg font-semibold text-white mb-4">Quick Actions</h3>
<div className="grid grid-cols-1 md:grid-cols-3 gap-3">
<button className="px-4 py-3 bg-primary-blue/20 border border-primary-blue/30 text-primary-blue rounded-lg hover:bg-primary-blue/30 transition-colors text-sm font-medium">
View All Users
</button>
<button className="px-4 py-3 bg-purple-500/20 border border-purple-500/30 text-purple-300 rounded-lg hover:bg-purple-500/30 transition-colors text-sm font-medium">
Manage Admins
</button>
<button className="px-4 py-3 bg-orange-500/20 border border-orange-500/30 text-orange-300 rounded-lg hover:bg-orange-500/30 transition-colors text-sm font-medium">
View Audit Log
</button>
</div>
</Card>
</div>
);
}

185
apps/website/components/admin/AdminLayout.tsx Normal file
View File

@@ -0,0 +1,185 @@
'use client';
import { ReactNode, useState } from 'react';
import {
LayoutDashboard,
Users,
Settings,
LogOut,
Shield,
Activity
} from 'lucide-react';
import { useRouter, usePathname } from 'next/navigation';
interface AdminLayoutProps {
children: ReactNode;
}
type AdminTab = 'dashboard' | 'users';
export function AdminLayout({ children }: AdminLayoutProps) {
const router = useRouter();
const pathname = usePathname();
const [isSidebarOpen, setIsSidebarOpen] = useState(true);
// Determine current tab from pathname
const getCurrentTab = (): AdminTab => {
if (pathname === '/admin') return 'dashboard';
if (pathname === '/admin/users') return 'users';
return 'dashboard';
};
const currentTab = getCurrentTab();
const navigation = [
{
id: 'dashboard',
label: 'Dashboard',
icon: LayoutDashboard,
href: '/admin',
description: 'Overview and statistics'
},
{
id: 'users',
label: 'User Management',
icon: Users,
href: '/admin/users',
description: 'Manage all users'
},
{
id: 'settings',
label: 'Settings',
icon: Settings,
href: '/admin/settings',
description: 'System configuration',
disabled: true
}
];
const handleNavigation = (href: string, disabled?: boolean) => {
if (!disabled) {
router.push(href);
}
};
const handleLogout = async () => {
try {
await fetch('/api/auth/logout', { method: 'POST' });
router.push('/');
} catch (error) {
console.error('Logout failed:', error);
}
};
return (
<div className="flex h-screen bg-deep-graphite overflow-hidden">
{/* Sidebar */}
<aside className={`${isSidebarOpen ? 'w-64' : 'w-20'} bg-iron-gray border-r border-charcoal-outline transition-all duration-300 flex flex-col`}>
{/* Logo/Header */}
<div className="p-4 border-b border-charcoal-outline">
<div className="flex items-center gap-2">
<Shield className="w-6 h-6 text-primary-blue" />
{isSidebarOpen && (
<span className="font-bold text-white text-lg">Admin Panel</span>
)}
</div>
{isSidebarOpen && (
<p className="text-xs text-gray-400 mt-1">System Administration</p>
)}
</div>
{/* Navigation */}
<nav className="flex-1 p-2 space-y-1 overflow-y-auto">
{navigation.map((item) => {
const Icon = item.icon;
const isActive = currentTab === item.id;
const isDisabled = item.disabled;
return (
<button
key={item.id}
onClick={() => handleNavigation(item.href, isDisabled)}
disabled={isDisabled}
className={`
w-full flex items-center gap-3 px-3 py-3 rounded-lg
transition-all duration-200 text-left
${isActive
? 'bg-primary-blue/20 text-primary-blue border border-primary-blue/30'
: 'text-gray-300 hover:bg-iron-gray/50 hover:text-white'
}
${isDisabled ? 'opacity-50 cursor-not-allowed' : ''}
`}
>
<Icon className={`w-5 h-5 flex-shrink-0 ${isActive ? 'text-primary-blue' : 'text-gray-400'}`} />
{isSidebarOpen && (
<div className="flex-1 min-w-0">
<div className="font-medium text-sm">{item.label}</div>
<div className="text-xs text-gray-500">{item.description}</div>
</div>
)}
</button>
);
})}
</nav>
{/* Footer */}
<div className="p-2 border-t border-charcoal-outline space-y-1">
<button
onClick={() => setIsSidebarOpen(!isSidebarOpen)}
className="w-full flex items-center gap-3 px-3 py-2 rounded-lg text-gray-300 hover:bg-iron-gray/50 hover:text-white transition-colors"
>
<Activity className="w-5 h-5" />
{isSidebarOpen && <span className="text-sm">Toggle Sidebar</span>}
</button>
<button
onClick={handleLogout}
className="w-full flex items-center gap-3 px-3 py-2 rounded-lg text-racing-red hover:bg-racing-red/10 transition-colors"
>
<LogOut className="w-5 h-5" />
{isSidebarOpen && <span className="text-sm">Logout</span>}
</button>
</div>
</aside>
{/* Main Content */}
<main className="flex-1 flex flex-col overflow-hidden">
{/* Top Bar */}
<header className="bg-iron-gray border-b border-charcoal-outline px-6 py-4">
<div className="flex items-center justify-between">
<div className="flex items-center gap-4">
<div className="p-2 bg-primary-blue/20 rounded-lg">
<Shield className="w-5 h-5 text-primary-blue" />
</div>
<div>
<h2 className="text-lg font-semibold text-white">
{navigation.find(n => n.id === currentTab)?.label || 'Admin'}
</h2>
<p className="text-xs text-gray-400">
{navigation.find(n => n.id === currentTab)?.description}
</p>
</div>
</div>
<div className="flex items-center gap-4">
<div className="flex items-center gap-2 px-3 py-1.5 bg-deep-graphite rounded-lg border border-charcoal-outline">
<Shield className="w-4 h-4 text-purple-500" />
<span className="text-xs font-medium text-purple-400">Super Admin</span>
</div>
<div className="text-right hidden sm:block">
<div className="text-sm font-medium text-white">System Administrator</div>
<div className="text-xs text-gray-400">Full Access</div>
</div>
</div>
</div>
</header>
{/* Content Area */}
<div className="flex-1 overflow-y-auto bg-deep-graphite">
{children}
</div>
</main>
</div>
);
}

341
apps/website/components/admin/AdminUsersPage.tsx Normal file
View File

@@ -0,0 +1,341 @@
'use client';
import { useState, useEffect } from 'react';
import { apiClient } from '@/lib/apiClient';
import Card from '@/components/ui/Card';
import StatusBadge from '@/components/ui/StatusBadge';
import { AdminViewModelService } from '@/lib/services/AdminViewModelService';
import { AdminUserViewModel, UserListViewModel } from '@/lib/view-models/AdminUserViewModel';
import {
Search,
Filter,
RefreshCw,
Users,
Shield,
Trash2,
AlertTriangle
} from 'lucide-react';
export function AdminUsersPage() {
const [userList, setUserList] = useState<UserListViewModel | null>(null);
const [loading, setLoading] = useState(true);
const [error, setError] = useState<string | null>(null);
const [search, setSearch] = useState('');
const [roleFilter, setRoleFilter] = useState('');
const [statusFilter, setStatusFilter] = useState('');
const [deletingUser, setDeletingUser] = useState<string | null>(null);
useEffect(() => {
const timeout = setTimeout(() => {
loadUsers();
}, 300);
return () => clearTimeout(timeout);
}, [search, roleFilter, statusFilter]);
const loadUsers = async () => {
try {
setLoading(true);
setError(null);
const response = await apiClient.admin.listUsers({
search: search || undefined,
role: roleFilter || undefined,
status: statusFilter || undefined,
page: 1,
limit: 50,
});
// Map DTO to View Model
const viewModel = AdminViewModelService.mapUserList(response);
setUserList(viewModel);
} catch (err) {
const message = err instanceof Error ? err.message : 'Failed to load users';
if (message.includes('403') || message.includes('401')) {
setError('Access denied - You must be logged in as an Owner or Admin');
} else {
setError(message);
}
} finally {
setLoading(false);
}
};
const handleUpdateStatus = async (userId: string, newStatus: string) => {
try {
await apiClient.admin.updateUserStatus(userId, newStatus);
await loadUsers();
} catch (err) {
setError(err instanceof Error ? err.message : 'Failed to update status');
}
};
const handleDeleteUser = async (userId: string) => {
if (!confirm('Are you sure you want to delete this user? This action cannot be undone.')) {
return;
}
try {
setDeletingUser(userId);
await apiClient.admin.deleteUser(userId);
await loadUsers();
} catch (err) {
setError(err instanceof Error ? err.message : 'Failed to delete user');
} finally {
setDeletingUser(null);
}
};
const clearFilters = () => {
setSearch('');
setRoleFilter('');
setStatusFilter('');
};
return (
<div className="container mx-auto p-6 space-y-6">
{/* Header */}
<div className="flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-white">User Management</h1>
<p className="text-gray-400 mt-1">Manage and monitor all system users</p>
</div>
<button
onClick={loadUsers}
disabled={loading}
className="px-4 py-2 bg-iron-gray border border-charcoal-outline rounded-lg text-white hover:bg-iron-gray/80 transition-colors flex items-center gap-2 disabled:opacity-50"
>
<RefreshCw className={`w-4 h-4 ${loading ? 'animate-spin' : ''}`} />
Refresh
</button>
</div>
{/* Error Banner */}
{error && (
<div className="bg-racing-red/10 border border-racing-red text-racing-red px-4 py-3 rounded-lg flex items-start gap-3">
<AlertTriangle className="w-5 h-5 mt-0.5 flex-shrink-0" />
<div className="flex-1">
<div className="font-medium">Error</div>
<div className="text-sm opacity-90">{error}</div>
</div>
<button
onClick={() => setError(null)}
className="text-racing-red hover:opacity-70"
>
×
</button>
</div>
)}
{/* Filters Card */}
<Card>
<div className="space-y-4">
<div className="flex items-center justify-between">
<div className="flex items-center gap-2">
<Filter className="w-4 h-4 text-gray-400" />
<span className="font-medium text-white">Filters</span>
</div>
{(search || roleFilter || statusFilter) && (
<button
onClick={clearFilters}
className="text-xs text-primary-blue hover:text-blue-400"
>
Clear all
</button>
)}
</div>
<div className="grid grid-cols-1 md:grid-cols-3 gap-4">
<div className="relative">
<Search className="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-gray-400" />
<input
type="text"
placeholder="Search by email or name..."
value={search}
onChange={(e) => setSearch(e.target.value)}
className="w-full pl-9 pr-3 py-2 bg-deep-graphite border border-charcoal-outline rounded-lg text-white placeholder-gray-500 focus:outline-none focus:border-primary-blue transition-colors"
/>
</div>
<select
value={roleFilter}
onChange={(e) => setRoleFilter(e.target.value)}
className="w-full px-3 py-2 bg-deep-graphite border border-charcoal-outline rounded-lg text-white focus:outline-none focus:border-primary-blue transition-colors"
>
<option value="">All Roles</option>
<option value="owner">Owner</option>
<option value="admin">Admin</option>
<option value="user">User</option>
</select>
<select
value={statusFilter}
onChange={(e) => setStatusFilter(e.target.value)}
className="w-full px-3 py-2 bg-deep-graphite border border-charcoal-outline rounded-lg text-white focus:outline-none focus:border-primary-blue transition-colors"
>
<option value="">All Status</option>
<option value="active">Active</option>
<option value="suspended">Suspended</option>
<option value="deleted">Deleted</option>
</select>
</div>
</div>
</Card>
{/* Users Table */}
<Card>
{loading ? (
<div className="flex flex-col items-center justify-center py-12 space-y-3">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-blue"></div>
<div className="text-gray-400">Loading users...</div>
</div>
) : !userList || !userList.hasUsers ? (
<div className="flex flex-col items-center justify-center py-12 space-y-3">
<Users className="w-12 h-12 text-gray-600" />
<div className="text-gray-400">No users found</div>
<button
onClick={clearFilters}
className="text-primary-blue hover:text-blue-400 text-sm"
>
Clear filters
</button>
</div>
) : (
<div className="overflow-x-auto">
<table className="w-full">
<thead>
<tr className="border-b border-charcoal-outline">
<th className="text-left py-3 px-4 text-xs font-medium text-gray-400 uppercase">User</th>
<th className="text-left py-3 px-4 text-xs font-medium text-gray-400 uppercase">Email</th>
<th className="text-left py-3 px-4 text-xs font-medium text-gray-400 uppercase">Roles</th>
<th className="text-left py-3 px-4 text-xs font-medium text-gray-400 uppercase">Status</th>
<th className="text-left py-3 px-4 text-xs font-medium text-gray-400 uppercase">Last Login</th>
<th className="text-left py-3 px-4 text-xs font-medium text-gray-400 uppercase">Actions</th>
</tr>
</thead>
<tbody>
{userList.users.map((user: AdminUserViewModel, index: number) => (
<tr
key={user.id}
className={`border-b border-charcoal-outline/50 hover:bg-iron-gray/30 transition-colors ${index % 2 === 0 ? 'bg-transparent' : 'bg-iron-gray/10'}`}
>
<td className="py-3 px-4">
<div className="flex items-center gap-3">
<div className="w-8 h-8 rounded-full bg-primary-blue/20 flex items-center justify-center">
<Shield className="w-4 h-4 text-primary-blue" />
</div>
<div>
<div className="font-medium text-white">{user.displayName}</div>
<div className="text-xs text-gray-500">ID: {user.id}</div>
{user.primaryDriverId && (
<div className="text-xs text-gray-500">Driver: {user.primaryDriverId}</div>
)}
</div>
</div>
</td>
<td className="py-3 px-4">
<div className="text-sm text-gray-300">{user.email}</div>
</td>
<td className="py-3 px-4">
<div className="flex flex-wrap gap-1">
{user.roleBadges.map((badge: string, idx: number) => (
<span
key={idx}
className={`px-2 py-1 text-xs rounded-full font-medium ${
user.roles[idx] === 'owner'
? 'bg-purple-500/20 text-purple-300 border border-purple-500/30'
: user.roles[idx] === 'admin'
? 'bg-blue-500/20 text-blue-300 border border-blue-500/30'
: 'bg-gray-500/20 text-gray-300 border border-gray-500/30'
}`}
>
{badge}
</span>
))}
</div>
</td>
<td className="py-3 px-4">
<StatusBadge status={user.statusBadge.label.toLowerCase()} />
</td>
<td className="py-3 px-4">
<div className="text-sm text-gray-400">
{user.lastLoginFormatted}
</div>
</td>
<td className="py-3 px-4">
<div className="flex items-center gap-2">
{user.canSuspend && (
<button
onClick={() => handleUpdateStatus(user.id, 'suspended')}
className="px-3 py-1 text-xs rounded bg-yellow-500/20 text-yellow-300 hover:bg-yellow-500/30 transition-colors"
>
Suspend
</button>
)}
{user.canActivate && (
<button
onClick={() => handleUpdateStatus(user.id, 'active')}
className="px-3 py-1 text-xs rounded bg-performance-green/20 text-performance-green hover:bg-performance-green/30 transition-colors"
>
Activate
</button>
)}
{user.canDelete && (
<button
onClick={() => handleDeleteUser(user.id)}
disabled={deletingUser === user.id}
className="px-3 py-1 text-xs rounded bg-racing-red/20 text-racing-red hover:bg-racing-red/30 transition-colors flex items-center gap-1"
>
<Trash2 className="w-3 h-3" />
{deletingUser === user.id ? 'Deleting...' : 'Delete'}
</button>
)}
</div>
</td>
</tr>
))}
</tbody>
</table>
</div>
)}
</Card>
{/* Stats Summary */}
{userList && (
<div className="grid grid-cols-1 md:grid-cols-3 gap-4">
<Card className="bg-gradient-to-br from-blue-900/20 to-blue-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Total Users</div>
<div className="text-2xl font-bold text-white">{userList.total}</div>
</div>
<Users className="w-6 h-6 text-blue-400" />
</div>
</Card>
<Card className="bg-gradient-to-br from-green-900/20 to-green-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Active</div>
<div className="text-2xl font-bold text-white">
{userList.users.filter(u => u.status === 'active').length}
</div>
</div>
<div className="w-6 h-6 text-green-400"></div>
</div>
</Card>
<Card className="bg-gradient-to-br from-purple-900/20 to-purple-700/10">
<div className="flex items-center justify-between">
<div>
<div className="text-sm text-gray-400 mb-1">Admins</div>
<div className="text-2xl font-bold text-white">
{userList.users.filter(u => u.isSystemAdmin).length}
</div>
</div>
<Shield className="w-6 h-6 text-purple-400" />
</div>
</Card>
</div>
)}
</div>
);
}

51
apps/website/components/profile/UserPill.tsx
View File

@@ -2,7 +2,7 @@
import { useAuth } from '@/lib/auth/AuthContext'; import { useAuth } from '@/lib/auth/AuthContext';
import { AnimatePresence, motion, useReducedMotion } from 'framer-motion'; import { AnimatePresence, motion, useReducedMotion } from 'framer-motion';
import { BarChart3, Building2, ChevronDown, CreditCard, Handshake, LogOut, Megaphone, Paintbrush, Settings, TrendingUp, Trophy } from 'lucide-react'; import { BarChart3, Building2, ChevronDown, CreditCard, Handshake, LogOut, Megaphone, Paintbrush, Settings, TrendingUp, Trophy, Shield } from 'lucide-react';
import Link from 'next/link'; import Link from 'next/link';
import React, { useEffect, useMemo, useState } from 'react'; import React, { useEffect, useMemo, useState } from 'react';
@@ -65,6 +65,31 @@ function useDemoUserMode(): { isDemo: boolean; demoRole: string | null } {
return demoMode; return demoMode;
} }
// Helper to check if user has admin access (Owner or Super Admin)
function useHasAdminAccess(): boolean {
const { session } = useAuth();
const { isDemo, demoRole } = useDemoUserMode();
// Demo users with system-owner or super-admin roles
if (isDemo && (demoRole === 'system-owner' || demoRole === 'super-admin')) {
return true;
}
// Real users - would need role information from session
// For now, we'll check if the user has any admin-related capabilities
// This can be enhanced when the API includes role information
if (!session?.user) return false;
// Check for admin-related email patterns as a temporary measure
const email = session.user.email?.toLowerCase() || '';
const displayName = session.user.displayName?.toLowerCase() || '';
return email.includes('system-owner') ||
email.includes('super-admin') ||
displayName.includes('system owner') ||
displayName.includes('super admin');
}
// Sponsor Pill Component - matches the style of DriverSummaryPill // Sponsor Pill Component - matches the style of DriverSummaryPill
function SponsorSummaryPill({ function SponsorSummaryPill({
onClick, onClick,
@@ -320,6 +345,17 @@ export default function UserPill() {
{/* Menu Items */} {/* Menu Items */}
<div className="py-1 text-sm text-gray-200"> <div className="py-1 text-sm text-gray-200">
{/* Admin link for system-owner and super-admin demo users */}
{(demoRole === 'system-owner' || demoRole === 'super-admin') && (
<Link
href="/admin"
className="flex items-center gap-3 px-4 py-2.5 hover:bg-iron-gray/50 transition-colors"
onClick={() => setIsMenuOpen(false)}
>
<Shield className="h-4 w-4 text-indigo-400" />
<span>Admin Area</span>
</Link>
)}
<div className="px-4 py-2 text-xs text-gray-500 italic"> <div className="px-4 py-2 text-xs text-gray-500 italic">
Demo users have limited profile access Demo users have limited profile access
</div> </div>
@@ -481,6 +517,8 @@ export default function UserPill() {
return null; return null;
} }
const hasAdminAccess = useHasAdminAccess();
return ( return (
<div className="relative inline-flex items-center" data-user-pill> <div className="relative inline-flex items-center" data-user-pill>
<DriverSummaryPill <DriverSummaryPill
@@ -501,6 +539,17 @@ export default function UserPill() {
transition={{ duration: 0.15 }} transition={{ duration: 0.15 }}
> >
<div className="py-1 text-sm text-gray-200"> <div className="py-1 text-sm text-gray-200">
{/* Admin link for Owner/Super Admin users */}
{hasAdminAccess && (
<Link
href="/admin"
className="flex items-center gap-2 px-3 py-2 hover:bg-charcoal-outline/80 transition-colors"
onClick={() => setIsMenuOpen(false)}
>
<Shield className="h-4 w-4 text-indigo-400" />
<span>Admin Area</span>
</Link>
)}
<Link <Link
href="/profile" href="/profile"
className="block px-3 py-2 hover:bg-charcoal-outline/80 transition-colors" className="block px-3 py-2 hover:bg-charcoal-outline/80 transition-colors"

145
apps/website/lib/api/admin/AdminApiClient.ts Normal file
View File

@@ -0,0 +1,145 @@
import { BaseApiClient } from '../base/BaseApiClient';
import type { ErrorReporter } from '@/lib/interfaces/ErrorReporter';
import type { Logger } from '@/lib/interfaces/Logger';
export interface UserDto {
id: string;
email: string;
displayName: string;
roles: string[];
status: string;
isSystemAdmin: boolean;
createdAt: Date;
updatedAt: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
}
export interface UserListResponse {
users: UserDto[];
total: number;
page: number;
limit: number;
totalPages: number;
}
export interface ListUsersQuery {
role?: string;
status?: string;
email?: string;
search?: string;
page?: number;
limit?: number;
sortBy?: 'email' | 'displayName' | 'createdAt' | 'lastLoginAt' | 'status';
sortDirection?: 'asc' | 'desc';
}
export interface DashboardStats {
totalUsers: number;
activeUsers: number;
suspendedUsers: number;
deletedUsers: number;
systemAdmins: number;
recentLogins: number;
newUsersToday: number;
userGrowth: {
label: string;
value: number;
color: string;
}[];
roleDistribution: {
label: string;
value: number;
color: string;
}[];
statusDistribution: {
active: number;
suspended: number;
deleted: number;
};
activityTimeline: {
date: string;
newUsers: number;
logins: number;
}[];
}
/**
* Admin API Client
*
* Provides methods for admin operations like user management.
* Only accessible to users with Owner or Super Admin roles.
*/
export class AdminApiClient extends BaseApiClient {
/**
* List all users with filtering, sorting, and pagination
* Requires Owner or Super Admin role
*/
async listUsers(query: ListUsersQuery = {}): Promise<UserListResponse> {
const params = new URLSearchParams();
if (query.role) params.append('role', query.role);
if (query.status) params.append('status', query.status);
if (query.email) params.append('email', query.email);
if (query.search) params.append('search', query.search);
if (query.page) params.append('page', query.page.toString());
if (query.limit) params.append('limit', query.limit.toString());
if (query.sortBy) params.append('sortBy', query.sortBy);
if (query.sortDirection) params.append('sortDirection', query.sortDirection);
return this.get<UserListResponse>(`/admin/users?${params.toString()}`);
}
/**
* Get a single user by ID
* Requires Owner or Super Admin role
*/
async getUser(userId: string): Promise<UserDto> {
return this.get<UserDto>(`/admin/users/${userId}`);
}
/**
* Update user roles
* Requires Owner role only
*/
async updateUserRoles(userId: string, roles: string[]): Promise<UserDto> {
return this.patch<UserDto>(`/admin/users/${userId}/roles`, { roles });
}
/**
* Update user status (activate/suspend/delete)
* Requires Owner or Super Admin role
*/
async updateUserStatus(userId: string, status: string): Promise<UserDto> {
return this.patch<UserDto>(`/admin/users/${userId}/status`, { status });
}
/**
* Delete a user (soft delete)
* Requires Owner or Super Admin role
*/
async deleteUser(userId: string): Promise<void> {
return this.delete(`/admin/users/${userId}`);
}
/**
* Create a new user
* Requires Owner or Super Admin role
*/
async createUser(userData: {
email: string;
displayName: string;
roles: string[];
primaryDriverId?: string;
}): Promise<UserDto> {
return this.post<UserDto>(`/admin/users`, userData);
}
/**
* Get dashboard statistics
* Requires Owner or Super Admin role
*/
async getDashboardStats(): Promise<DashboardStats> {
return this.get<DashboardStats>(`/admin/dashboard/stats`);
}
}

3
apps/website/lib/api/index.ts
View File

@@ -10,6 +10,7 @@ import { PaymentsApiClient } from './payments/PaymentsApiClient';
import { DashboardApiClient } from './dashboard/DashboardApiClient'; import { DashboardApiClient } from './dashboard/DashboardApiClient';
import { PenaltiesApiClient } from './penalties/PenaltiesApiClient'; import { PenaltiesApiClient } from './penalties/PenaltiesApiClient';
import { ProtestsApiClient } from './protests/ProtestsApiClient'; import { ProtestsApiClient } from './protests/ProtestsApiClient';
import { AdminApiClient } from './admin/AdminApiClient';
import { ConsoleLogger } from '@/lib/infrastructure/logging/ConsoleLogger'; import { ConsoleLogger } from '@/lib/infrastructure/logging/ConsoleLogger';
import { EnhancedErrorReporter } from '@/lib/infrastructure/EnhancedErrorReporter'; import { EnhancedErrorReporter } from '@/lib/infrastructure/EnhancedErrorReporter';
@@ -31,6 +32,7 @@ export class ApiClient {
public readonly dashboard: DashboardApiClient; public readonly dashboard: DashboardApiClient;
public readonly penalties: PenaltiesApiClient; public readonly penalties: PenaltiesApiClient;
public readonly protests: ProtestsApiClient; public readonly protests: ProtestsApiClient;
public readonly admin: AdminApiClient;
constructor(baseUrl: string) { constructor(baseUrl: string) {
const logger = new ConsoleLogger(); const logger = new ConsoleLogger();
@@ -52,6 +54,7 @@ export class ApiClient {
this.dashboard = new DashboardApiClient(baseUrl, errorReporter, logger); this.dashboard = new DashboardApiClient(baseUrl, errorReporter, logger);
this.penalties = new PenaltiesApiClient(baseUrl, errorReporter, logger); this.penalties = new PenaltiesApiClient(baseUrl, errorReporter, logger);
this.protests = new ProtestsApiClient(baseUrl, errorReporter, logger); this.protests = new ProtestsApiClient(baseUrl, errorReporter, logger);
this.admin = new AdminApiClient(baseUrl, errorReporter, logger);
} }
} }

2
apps/website/lib/auth/AuthContext.tsx
View File

@@ -14,7 +14,7 @@ import { useRouter } from 'next/navigation';
import type { SessionViewModel } from '@/lib/view-models/SessionViewModel'; import type { SessionViewModel } from '@/lib/view-models/SessionViewModel';
import { useServices } from '@/lib/services/ServiceProvider'; import { useServices } from '@/lib/services/ServiceProvider';
type AuthContextValue = { export type AuthContextValue = {
session: SessionViewModel | null; session: SessionViewModel | null;
loading: boolean; loading: boolean;
login: (returnTo?: string) => void; login: (returnTo?: string) => void;

173
apps/website/lib/blockers/AuthorizationBlocker.test.ts Normal file
View File

@@ -0,0 +1,173 @@
/**
* Tests for AuthorizationBlocker
*/
import { describe, it, expect, beforeEach } from 'vitest';
import { AuthorizationBlocker, AuthorizationBlockReason } from './AuthorizationBlocker';
import type { SessionViewModel } from '@/lib/view-models/SessionViewModel';
describe('AuthorizationBlocker', () => {
let blocker: AuthorizationBlocker;
// Mock SessionViewModel
const createMockSession = (overrides?: Partial<SessionViewModel>): SessionViewModel => {
const base: SessionViewModel = {
userId: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
isAuthenticated: true,
avatarInitials: 'TU',
greeting: 'Hello, Test User!',
hasDriverProfile: false,
authStatusDisplay: 'Logged In',
user: {
userId: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
primaryDriverId: null,
avatarUrl: null,
},
};
return { ...base, ...overrides };
};
describe('constructor', () => {
it('should create blocker with required roles', () => {
blocker = new AuthorizationBlocker(['owner', 'admin']);
expect(blocker).toBeDefined();
});
it('should create blocker with empty roles array', () => {
blocker = new AuthorizationBlocker([]);
expect(blocker).toBeDefined();
});
});
describe('updateSession', () => {
beforeEach(() => {
blocker = new AuthorizationBlocker(['owner']);
});
it('should update session state', () => {
const session = createMockSession();
blocker.updateSession(session);
expect(blocker.canExecute()).toBe(true);
});
it('should handle null session', () => {
blocker.updateSession(null);
expect(blocker.canExecute()).toBe(false);
expect(blocker.getReason()).toBe('loading');
});
});
describe('canExecute', () => {
beforeEach(() => {
blocker = new AuthorizationBlocker(['owner', 'admin']);
});
it('returns false when session is null', () => {
blocker.updateSession(null);
expect(blocker.canExecute()).toBe(false);
});
it('returns false when not authenticated', () => {
const session = createMockSession({ isAuthenticated: false });
blocker.updateSession(session);
expect(blocker.canExecute()).toBe(false);
});
it('returns true when authenticated (temporary workaround)', () => {
const session = createMockSession();
blocker.updateSession(session);
expect(blocker.canExecute()).toBe(true);
});
});
describe('getReason', () => {
beforeEach(() => {
blocker = new AuthorizationBlocker(['owner']);
});
it('returns loading when session is null', () => {
blocker.updateSession(null);
expect(blocker.getReason()).toBe('loading');
});
it('returns unauthenticated when not authenticated', () => {
const session = createMockSession({ isAuthenticated: false });
blocker.updateSession(session);
expect(blocker.getReason()).toBe('unauthenticated');
});
it('returns enabled when authenticated (temporary)', () => {
const session = createMockSession();
blocker.updateSession(session);
expect(blocker.getReason()).toBe('enabled');
});
});
describe('block and release', () => {
beforeEach(() => {
blocker = new AuthorizationBlocker(['owner']);
});
it('block should set session to null', () => {
const session = createMockSession();
blocker.updateSession(session);
expect(blocker.canExecute()).toBe(true);
blocker.block();
expect(blocker.canExecute()).toBe(false);
expect(blocker.getReason()).toBe('loading');
});
it('release should be no-op', () => {
const session = createMockSession();
blocker.updateSession(session);
blocker.release();
expect(blocker.canExecute()).toBe(true);
});
});
describe('getBlockMessage', () => {
beforeEach(() => {
blocker = new AuthorizationBlocker(['owner']);
});
it('returns correct message for loading', () => {
blocker.updateSession(null);
expect(blocker.getBlockMessage()).toBe('Loading user data...');
});
it('returns correct message for unauthenticated', () => {
const session = createMockSession({ isAuthenticated: false });
blocker.updateSession(session);
expect(blocker.getBlockMessage()).toBe('You must be logged in to access the admin area.');
});
it('returns correct message for enabled', () => {
const session = createMockSession();
blocker.updateSession(session);
expect(blocker.getBlockMessage()).toBe('Access granted');
});
});
describe('multiple required roles', () => {
it('should handle multiple roles', () => {
blocker = new AuthorizationBlocker(['owner', 'admin', 'super-admin']);
const session = createMockSession();
blocker.updateSession(session);
expect(blocker.canExecute()).toBe(true);
});
});
});

105
apps/website/lib/blockers/AuthorizationBlocker.ts Normal file
View File

@@ -0,0 +1,105 @@
/**
* Blocker: AuthorizationBlocker
*
* Frontend blocker that prevents unauthorized access to admin features.
* This is a UX improvement, NOT a security mechanism.
* Security is enforced by backend Guards.
*/
import { Blocker } from './Blocker';
import type { SessionViewModel } from '@/lib/view-models/SessionViewModel';
export type AuthorizationBlockReason =
| 'loading' // User data not loaded yet
| 'unauthenticated' // User not logged in
| 'unauthorized' // User logged in but lacks required role
| 'insufficient_role' // User has role but not high enough
| 'enabled'; // Access granted
export class AuthorizationBlocker extends Blocker {
private currentSession: SessionViewModel | null = null;
private requiredRoles: string[] = [];
constructor(requiredRoles: string[]) {
super();
this.requiredRoles = requiredRoles;
}
/**
* Update the current session state
*/
updateSession(session: SessionViewModel | null): void {
this.currentSession = session;
}
/**
* Check if user can execute (access admin area)
*/
canExecute(): boolean {
return this.getReason() === 'enabled';
}
/**
* Get the current block reason
*/
getReason(): AuthorizationBlockReason {
if (!this.currentSession) {
return 'loading';
}
if (!this.currentSession.isAuthenticated) {
return 'unauthenticated';
}
// Note: SessionViewModel doesn't currently have role property
// This is a known architectural gap. For now, we'll check if
// the user has admin capabilities through other means
// In a real implementation, we would need to:
// 1. Add role to SessionViewModel
// 2. Add role to AuthenticatedUserDTO
// 3. Add role to User entity
// For now, we'll simulate based on email or other indicators
// This is a temporary workaround until the backend role system is implemented
return 'enabled'; // Allow access for demo purposes
}
/**
* Block access (for testing/demo purposes)
*/
block(): void {
// Simulate blocking by setting session to null
this.currentSession = null;
}
/**
* Release the block
*/
release(): void {
// No-op - blocking is state-based, not persistent
}
/**
* Get user-friendly message for block reason
*/
getBlockMessage(): string {
const reason = this.getReason();
switch (reason) {
case 'loading':
return 'Loading user data...';
case 'unauthenticated':
return 'You must be logged in to access the admin area.';
case 'unauthorized':
return 'You do not have permission to access the admin area.';
case 'insufficient_role':
return `Admin access requires one of: ${this.requiredRoles.join(', ')}`;
case 'enabled':
return 'Access granted';
default:
return 'Access denied';
}
}
}

2
apps/website/lib/blockers/index.ts
View File

@@ -2,3 +2,5 @@ export { Blocker } from './Blocker';
export { CapabilityBlocker } from './CapabilityBlocker'; export { CapabilityBlocker } from './CapabilityBlocker';
export { SubmitBlocker } from './SubmitBlocker'; export { SubmitBlocker } from './SubmitBlocker';
export { ThrottleBlocker } from './ThrottleBlocker'; export { ThrottleBlocker } from './ThrottleBlocker';
export { AuthorizationBlocker } from './AuthorizationBlocker';
export type { AuthorizationBlockReason } from './AuthorizationBlocker';

140
apps/website/lib/gateways/AuthGateway.ts Normal file
View File

@@ -0,0 +1,140 @@
/**
* Gateway: AuthGateway
*
* Component-based gateway that manages authentication state and access control.
* Follows clean architecture by orchestrating between auth context and blockers.
*
* Gateways are the entry point for component-level access control.
* They coordinate between services, blockers, and the UI.
*/
import type { SessionViewModel } from '@/lib/view-models/SessionViewModel';
import type { AuthContextValue } from '@/lib/auth/AuthContext';
import { AuthorizationBlocker } from '@/lib/blockers/AuthorizationBlocker';
export interface AuthGatewayConfig {
/** Required roles for access (empty array = any authenticated user) */
requiredRoles?: string[];
/** Whether to redirect if unauthorized */
redirectOnUnauthorized?: boolean;
/** Redirect path if unauthorized */
unauthorizedRedirectPath?: string;
}
export class AuthGateway {
private blocker: AuthorizationBlocker;
private config: Required<AuthGatewayConfig>;
constructor(
private authContext: AuthContextValue,
config: AuthGatewayConfig = {}
) {
this.config = {
requiredRoles: config.requiredRoles || [],
redirectOnUnauthorized: config.redirectOnUnauthorized ?? true,
unauthorizedRedirectPath: config.unauthorizedRedirectPath || '/auth/login',
};
this.blocker = new AuthorizationBlocker(this.config.requiredRoles);
}
/**
* Check if current user has access
*/
canAccess(): boolean {
// Update blocker with current session
this.blocker.updateSession(this.authContext.session);
return this.blocker.canExecute();
}
/**
* Get the current access state
*/
getAccessState(): {
canAccess: boolean;
reason: string;
isLoading: boolean;
isAuthenticated: boolean;
} {
const reason = this.blocker.getReason();
return {
canAccess: this.canAccess(),
reason: this.blocker.getBlockMessage(),
isLoading: reason === 'loading',
isAuthenticated: this.authContext.session?.isAuthenticated ?? false,
};
}
/**
* Enforce access control - throws if access denied
* Used for programmatic access control
*/
enforceAccess(): void {
if (!this.canAccess()) {
const reason = this.blocker.getBlockMessage();
throw new Error(`Access denied: ${reason}`);
}
}
/**
* Redirect to unauthorized page if needed
* Returns true if redirect was performed
*/
redirectIfUnauthorized(): boolean {
if (this.canAccess()) {
return false;
}
if (this.config.redirectOnUnauthorized) {
// Note: We can't use router here since this is a pure class
// The component using this gateway should handle the redirect
return true;
}
return false;
}
/**
* Get redirect path for unauthorized access
*/
getUnauthorizedRedirectPath(): string {
return this.config.unauthorizedRedirectPath;
}
/**
* Refresh the gateway state (e.g., after login/logout)
*/
refresh(): void {
this.blocker.updateSession(this.authContext.session);
}
/**
* Check if user is loading
*/
isLoading(): boolean {
return this.blocker.getReason() === 'loading';
}
/**
* Check if user is authenticated
*/
isAuthenticated(): boolean {
return this.authContext.session?.isAuthenticated ?? false;
}
/**
* Get current session
*/
getSession(): SessionViewModel | null {
return this.authContext.session;
}
/**
* Get block reason for debugging
*/
getBlockReason(): string {
return this.blocker.getReason();
}
}

72
apps/website/lib/gateways/AuthGuard.tsx Normal file
View File

@@ -0,0 +1,72 @@
/**
* Component: AuthGuard
*
* Protects routes that require authentication but not specific roles.
* Uses the same Gateway pattern for consistency.
*/
'use client';
import { ReactNode } from 'react';
import { RouteGuard } from './RouteGuard';
interface AuthGuardProps {
children: ReactNode;
/**
* Path to redirect to if not authenticated
*/
redirectPath?: string;
/**
* Custom loading component (optional)
*/
loadingComponent?: ReactNode;
/**
* Custom unauthorized component (optional)
*/
unauthorizedComponent?: ReactNode;
}
/**
* AuthGuard Component
*
* Protects child components requiring authentication.
*
* Usage:
* ```tsx
* <AuthGuard>
* <ProtectedPage />
* </AuthGuard>
* ```
*/
export function AuthGuard({
children,
redirectPath = '/auth/login',
loadingComponent,
unauthorizedComponent,
}: AuthGuardProps) {
return (
<RouteGuard
config={{
requiredRoles: [], // Any authenticated user
redirectOnUnauthorized: true,
unauthorizedRedirectPath: redirectPath,
}}
loadingComponent={loadingComponent}
unauthorizedComponent={unauthorizedComponent}
>
{children}
</RouteGuard>
);
}
/**
* useAuth Hook
*
* Simplified hook for checking authentication status.
*
* Usage:
* ```tsx
* const { isAuthenticated, loading } = useAuth();
* ```
*/
export { useRouteGuard as useAuthAccess } from './RouteGuard';

137
apps/website/lib/gateways/RouteGuard.tsx Normal file
View File

@@ -0,0 +1,137 @@
/**
* Component: RouteGuard
*
* Higher-order component that protects routes using Gateways and Blockers.
* Follows clean architecture by separating concerns:
* - Gateway handles access logic
* - Blocker handles prevention logic
* - Component handles UI rendering
*/
'use client';
import { ReactNode, useEffect, useState } from 'react';
import { useRouter } from 'next/navigation';
import { useAuth } from '@/lib/auth/AuthContext';
import { AuthGateway, AuthGatewayConfig } from './AuthGateway';
import { LoadingState } from '@/components/shared/LoadingState';
interface RouteGuardProps {
children: ReactNode;
config?: AuthGatewayConfig;
/**
* Custom loading component (optional)
*/
loadingComponent?: ReactNode;
/**
* Custom unauthorized component (optional)
*/
unauthorizedComponent?: ReactNode;
}
/**
* RouteGuard Component
*
* Protects child components based on authentication and authorization rules.
* Uses Gateway pattern for access control.
*
* Usage:
* ```tsx
* <RouteGuard config={{ requiredRoles: ['owner', 'admin'] }}>
* <AdminDashboard />
* </RouteGuard>
* ```
*/
export function RouteGuard({
children,
config = {},
loadingComponent,
unauthorizedComponent,
}: RouteGuardProps) {
const router = useRouter();
const authContext = useAuth();
const [gateway] = useState(() => new AuthGateway(authContext, config));
const [accessState, setAccessState] = useState(gateway.getAccessState());
// Update gateway when auth context changes
useEffect(() => {
gateway.refresh();
setAccessState(gateway.getAccessState());
}, [authContext.session, authContext.loading, gateway]);
// Handle redirects
useEffect(() => {
if (!accessState.canAccess && !accessState.isLoading) {
if (config.redirectOnUnauthorized !== false) {
const redirectPath = gateway.getUnauthorizedRedirectPath();
// Use a small delay to show unauthorized message briefly
const timer = setTimeout(() => {
router.push(redirectPath);
}, 500);
return () => clearTimeout(timer);
}
}
}, [accessState, gateway, router, config.redirectOnUnauthorized]);
// Show loading state
if (accessState.isLoading) {
return loadingComponent || (
<div className="flex items-center justify-center min-h-screen">
<LoadingState message="Loading..." className="min-h-screen" />
</div>
);
}
// Show unauthorized state
if (!accessState.canAccess) {
return unauthorizedComponent || (
<div className="flex items-center justify-center min-h-screen">
<div className="bg-iron-gray p-8 rounded-lg border border-charcoal-outline max-w-md text-center">
<h2 className="text-xl font-bold text-racing-red mb-4">Access Denied</h2>
<p className="text-gray-300 mb-6">{accessState.reason}</p>
<button
onClick={() => router.push('/auth/login')}
className="px-4 py-2 bg-primary-blue text-white rounded hover:bg-blue-600 transition-colors"
>
Go to Login
</button>
</div>
</div>
);
}
// Render protected content
return <>{children}</>;
}
/**
* useRouteGuard Hook
*
* Hook for programmatic access control within components.
*
* Usage:
* ```tsx
* const { canAccess, reason, isLoading } = useRouteGuard({ requiredRoles: ['admin'] });
* ```
*/
export function useRouteGuard(config: AuthGatewayConfig = {}) {
const authContext = useAuth();
const [gateway] = useState(() => new AuthGateway(authContext, config));
const [state, setState] = useState(gateway.getAccessState());
useEffect(() => {
gateway.refresh();
setState(gateway.getAccessState());
}, [authContext.session, authContext.loading, gateway]);
return {
canAccess: state.canAccess,
reason: state.reason,
isLoading: state.isLoading,
isAuthenticated: state.isAuthenticated,
enforceAccess: () => gateway.enforceAccess(),
redirectIfUnauthorized: () => gateway.redirectIfUnauthorized(),
};
}

13
apps/website/lib/gateways/index.ts Normal file
View File

@@ -0,0 +1,13 @@
/**
* Gateways - Component-based access control
*
* Follows clean architecture by separating concerns:
* - Blockers: Prevent execution (frontend UX)
* - Gateways: Orchestrate access control
* - Guards: Enforce security (backend)
*/
export { AuthGateway } from './AuthGateway';
export type { AuthGatewayConfig } from './AuthGateway';
export { RouteGuard, useRouteGuard } from './RouteGuard';
export { AuthGuard, useAuthAccess } from './AuthGuard';

44
apps/website/lib/services/AdminViewModelService.ts Normal file
View File

@@ -0,0 +1,44 @@
import type { UserDto, DashboardStats, UserListResponse } from '@/lib/api/admin/AdminApiClient';
import { AdminUserViewModel, DashboardStatsViewModel, UserListViewModel } from '@/lib/view-models/AdminUserViewModel';
/**
* AdminViewModelService
*
* Service layer responsible for mapping API DTOs to View Models.
* This is where the transformation from API data to UI-ready state happens.
*/
export class AdminViewModelService {
/**
* Map a single user DTO to a View Model
*/
static mapUser(dto: UserDto): AdminUserViewModel {
return new AdminUserViewModel(dto);
}
/**
* Map an array of user DTOs to View Models
*/
static mapUsers(dtos: UserDto[]): AdminUserViewModel[] {
return dtos.map(dto => this.mapUser(dto));
}
/**
* Map dashboard stats DTO to View Model
*/
static mapDashboardStats(dto: DashboardStats): DashboardStatsViewModel {
return new DashboardStatsViewModel(dto);
}
/**
* Map user list response to View Model
*/
static mapUserList(response: UserListResponse): UserListViewModel {
return new UserListViewModel({
users: response.users,
total: response.total,
page: response.page,
limit: response.limit,
totalPages: response.totalPages,
});
}
}

324
apps/website/lib/view-models/AdminUserViewModel.test.ts Normal file
View File

@@ -0,0 +1,324 @@
import { describe, it, expect } from 'vitest';
import { AdminUserViewModel, DashboardStatsViewModel, UserListViewModel } from './AdminUserViewModel';
import type { UserDto, DashboardStats } from '@/lib/api/admin/AdminApiClient';
describe('AdminUserViewModel', () => {
const createBaseDto = (): UserDto => ({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
isSystemAdmin: false,
createdAt: new Date('2024-01-01T00:00:00Z'),
updatedAt: new Date('2024-01-02T00:00:00Z'),
lastLoginAt: new Date('2024-01-15T10:30:00Z'),
primaryDriverId: 'driver-456',
});
it('maps core fields from DTO', () => {
const dto = createBaseDto();
const vm = new AdminUserViewModel(dto);
expect(vm.id).toBe('user-123');
expect(vm.email).toBe('test@example.com');
expect(vm.displayName).toBe('Test User');
expect(vm.roles).toEqual(['user']);
expect(vm.status).toBe('active');
expect(vm.isSystemAdmin).toBe(false);
expect(vm.primaryDriverId).toBe('driver-456');
});
it('converts dates to Date objects', () => {
const dto = createBaseDto();
const vm = new AdminUserViewModel(dto);
expect(vm.createdAt).toBeInstanceOf(Date);
expect(vm.updatedAt).toBeInstanceOf(Date);
expect(vm.lastLoginAt).toBeInstanceOf(Date);
expect(vm.createdAt.toISOString()).toBe('2024-01-01T00:00:00.000Z');
});
it('handles missing lastLoginAt', () => {
const dto = createBaseDto();
delete dto.lastLoginAt;
const vm = new AdminUserViewModel(dto);
expect(vm.lastLoginAt).toBeUndefined();
expect(vm.lastLoginFormatted).toBe('Never');
});
it('formats role badges correctly', () => {
const owner = new AdminUserViewModel({ ...createBaseDto(), roles: ['owner'] });
const admin = new AdminUserViewModel({ ...createBaseDto(), roles: ['admin'] });
const user = new AdminUserViewModel({ ...createBaseDto(), roles: ['user'] });
const custom = new AdminUserViewModel({ ...createBaseDto(), roles: ['custom-role'] });
expect(owner.roleBadges).toEqual(['Owner']);
expect(admin.roleBadges).toEqual(['Admin']);
expect(user.roleBadges).toEqual(['User']);
expect(custom.roleBadges).toEqual(['custom-role']);
});
it('derives status badge correctly', () => {
const active = new AdminUserViewModel({ ...createBaseDto(), status: 'active' });
const suspended = new AdminUserViewModel({ ...createBaseDto(), status: 'suspended' });
const deleted = new AdminUserViewModel({ ...createBaseDto(), status: 'deleted' });
expect(active.statusBadge).toEqual({ label: 'Active', variant: 'performance-green' });
expect(suspended.statusBadge).toEqual({ label: 'Suspended', variant: 'yellow-500' });
expect(deleted.statusBadge).toEqual({ label: 'Deleted', variant: 'racing-red' });
});
it('formats dates for display', () => {
const dto = createBaseDto();
const vm = new AdminUserViewModel(dto);
expect(vm.lastLoginFormatted).toBe('1/15/2024');
expect(vm.createdAtFormatted).toBe('1/1/2024');
});
it('derives action permissions correctly', () => {
const active = new AdminUserViewModel({ ...createBaseDto(), status: 'active' });
const suspended = new AdminUserViewModel({ ...createBaseDto(), status: 'suspended' });
const deleted = new AdminUserViewModel({ ...createBaseDto(), status: 'deleted' });
expect(active.canSuspend).toBe(true);
expect(active.canActivate).toBe(false);
expect(active.canDelete).toBe(true);
expect(suspended.canSuspend).toBe(false);
expect(suspended.canActivate).toBe(true);
expect(suspended.canDelete).toBe(true);
expect(deleted.canSuspend).toBe(false);
expect(deleted.canActivate).toBe(false);
expect(deleted.canDelete).toBe(false);
});
it('handles multiple roles', () => {
const dto = { ...createBaseDto(), roles: ['owner', 'admin'] };
const vm = new AdminUserViewModel(dto);
expect(vm.roleBadges).toEqual(['Owner', 'Admin']);
});
});
describe('DashboardStatsViewModel', () => {
const createBaseData = (): DashboardStats => ({
totalUsers: 100,
activeUsers: 70,
suspendedUsers: 10,
deletedUsers: 20,
systemAdmins: 5,
recentLogins: 25,
newUsersToday: 3,
userGrowth: [
{ label: 'Mon', value: 5, color: 'text-primary-blue' },
{ label: 'Tue', value: 8, color: 'text-primary-blue' },
],
roleDistribution: [
{ label: 'Owner', value: 2, color: 'text-purple-500' },
{ label: 'Admin', value: 3, color: 'text-blue-500' },
{ label: 'User', value: 95, color: 'text-gray-500' },
],
statusDistribution: {
active: 70,
suspended: 10,
deleted: 20,
},
activityTimeline: [
{ date: 'Mon', newUsers: 2, logins: 10 },
{ date: 'Tue', newUsers: 3, logins: 15 },
],
});
it('maps all core fields from data', () => {
const data = createBaseData();
const vm = new DashboardStatsViewModel(data);
expect(vm.totalUsers).toBe(100);
expect(vm.activeUsers).toBe(70);
expect(vm.suspendedUsers).toBe(10);
expect(vm.deletedUsers).toBe(20);
expect(vm.systemAdmins).toBe(5);
expect(vm.recentLogins).toBe(25);
expect(vm.newUsersToday).toBe(3);
});
it('computes active rate correctly', () => {
const vm = new DashboardStatsViewModel(createBaseData());
expect(vm.activeRate).toBe(70); // 70%
expect(vm.activeRateFormatted).toBe('70%');
});
it('computes admin ratio correctly', () => {
const vm = new DashboardStatsViewModel(createBaseData());
// 5 admins, 95 non-admins => 1:19
expect(vm.adminRatio).toBe('1:19');
});
it('derives activity level correctly', () => {
const lowEngagement = new DashboardStatsViewModel({
...createBaseData(),
totalUsers: 100,
recentLogins: 10, // 10% engagement
});
expect(lowEngagement.activityLevel).toBe('low');
const mediumEngagement = new DashboardStatsViewModel({
...createBaseData(),
totalUsers: 100,
recentLogins: 35, // 35% engagement
});
expect(mediumEngagement.activityLevel).toBe('medium');
const highEngagement = new DashboardStatsViewModel({
...createBaseData(),
totalUsers: 100,
recentLogins: 60, // 60% engagement
});
expect(highEngagement.activityLevel).toBe('high');
});
it('handles zero users safely', () => {
const vm = new DashboardStatsViewModel({
...createBaseData(),
totalUsers: 0,
activeUsers: 0,
systemAdmins: 0,
recentLogins: 0,
});
expect(vm.activeRate).toBe(0);
expect(vm.activeRateFormatted).toBe('0%');
expect(vm.adminRatio).toBe('1:1');
expect(vm.activityLevel).toBe('low');
});
it('preserves arrays from input', () => {
const data = createBaseData();
const vm = new DashboardStatsViewModel(data);
expect(vm.userGrowth).toEqual(data.userGrowth);
expect(vm.roleDistribution).toEqual(data.roleDistribution);
expect(vm.activityTimeline).toEqual(data.activityTimeline);
});
});
describe('UserListViewModel', () => {
const createDto = (overrides: Partial<UserDto> = {}): UserDto => ({
id: 'user-1',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
isSystemAdmin: false,
createdAt: new Date('2024-01-01'),
updatedAt: new Date('2024-01-02'),
...overrides,
});
it('wraps user DTOs in AdminUserViewModel instances', () => {
const data = {
users: [createDto({ id: 'user-1' }), createDto({ id: 'user-2' })],
total: 2,
page: 1,
limit: 10,
totalPages: 1,
};
const vm = new UserListViewModel(data);
expect(vm.users).toHaveLength(2);
expect(vm.users[0]).toBeInstanceOf(AdminUserViewModel);
expect(vm.users[0].id).toBe('user-1');
expect(vm.users[1].id).toBe('user-2');
});
it('exposes pagination metadata', () => {
const data = {
users: [createDto()],
total: 50,
page: 2,
limit: 10,
totalPages: 5,
};
const vm = new UserListViewModel(data);
expect(vm.total).toBe(50);
expect(vm.page).toBe(2);
expect(vm.limit).toBe(10);
expect(vm.totalPages).toBe(5);
});
it('derives hasUsers correctly', () => {
const withUsers = new UserListViewModel({
users: [createDto()],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
});
const withoutUsers = new UserListViewModel({
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
});
expect(withUsers.hasUsers).toBe(true);
expect(withoutUsers.hasUsers).toBe(false);
});
it('derives showPagination correctly', () => {
const withPagination = new UserListViewModel({
users: [createDto()],
total: 20,
page: 1,
limit: 10,
totalPages: 2,
});
const withoutPagination = new UserListViewModel({
users: [createDto()],
total: 5,
page: 1,
limit: 10,
totalPages: 1,
});
expect(withPagination.showPagination).toBe(true);
expect(withoutPagination.showPagination).toBe(false);
});
it('calculates start and end indices correctly', () => {
const vm = new UserListViewModel({
users: [createDto(), createDto(), createDto()],
total: 50,
page: 2,
limit: 10,
totalPages: 5,
});
expect(vm.startIndex).toBe(11); // (2-1) * 10 + 1
expect(vm.endIndex).toBe(13); // min(2 * 10, 50)
});
it('handles empty list indices', () => {
const vm = new UserListViewModel({
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
});
expect(vm.startIndex).toBe(0);
expect(vm.endIndex).toBe(0);
});
});

220
apps/website/lib/view-models/AdminUserViewModel.ts Normal file
View File

@@ -0,0 +1,220 @@
import type { UserDto } from '@/lib/api/admin/AdminApiClient';
/**
* AdminUserViewModel
*
* View Model for admin user management.
* Transforms API DTO into UI-ready state with formatting and derived fields.
*/
export class AdminUserViewModel {
id: string;
email: string;
displayName: string;
roles: string[];
status: string;
isSystemAdmin: boolean;
createdAt: Date;
updatedAt: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
// UI-specific derived fields
readonly roleBadges: string[];
readonly statusBadge: { label: string; variant: string };
readonly lastLoginFormatted: string;
readonly createdAtFormatted: string;
readonly canSuspend: boolean;
readonly canActivate: boolean;
readonly canDelete: boolean;
constructor(dto: UserDto) {
this.id = dto.id;
this.email = dto.email;
this.displayName = dto.displayName;
this.roles = dto.roles;
this.status = dto.status;
this.isSystemAdmin = dto.isSystemAdmin;
this.createdAt = new Date(dto.createdAt);
this.updatedAt = new Date(dto.updatedAt);
this.lastLoginAt = dto.lastLoginAt ? new Date(dto.lastLoginAt) : undefined;
this.primaryDriverId = dto.primaryDriverId;
// Derive role badges
this.roleBadges = this.roles.map(role => {
switch (role) {
case 'owner': return 'Owner';
case 'admin': return 'Admin';
case 'user': return 'User';
default: return role;
}
});
// Derive status badge
this.statusBadge = this.getStatusBadge();
// Format dates
this.lastLoginFormatted = this.lastLoginAt
? this.lastLoginAt.toLocaleDateString()
: 'Never';
this.createdAtFormatted = this.createdAt.toLocaleDateString();
// Derive action permissions
this.canSuspend = this.status === 'active';
this.canActivate = this.status === 'suspended';
this.canDelete = this.status !== 'deleted';
}
private getStatusBadge(): { label: string; variant: string } {
switch (this.status) {
case 'active':
return { label: 'Active', variant: 'performance-green' };
case 'suspended':
return { label: 'Suspended', variant: 'yellow-500' };
case 'deleted':
return { label: 'Deleted', variant: 'racing-red' };
default:
return { label: this.status, variant: 'gray-500' };
}
}
}
/**
* DashboardStatsViewModel
*
* View Model for admin dashboard statistics.
* Provides formatted statistics and derived metrics for UI.
*/
export class DashboardStatsViewModel {
totalUsers: number;
activeUsers: number;
suspendedUsers: number;
deletedUsers: number;
systemAdmins: number;
recentLogins: number;
newUsersToday: number;
userGrowth: {
label: string;
value: number;
color: string;
}[];
roleDistribution: {
label: string;
value: number;
color: string;
}[];
statusDistribution: {
active: number;
suspended: number;
deleted: number;
};
activityTimeline: {
date: string;
newUsers: number;
logins: number;
}[];
// UI-specific derived fields
readonly activeRate: number;
readonly activeRateFormatted: string;
readonly adminRatio: string;
readonly activityLevel: 'low' | 'medium' | 'high';
constructor(data: {
totalUsers: number;
activeUsers: number;
suspendedUsers: number;
deletedUsers: number;
systemAdmins: number;
recentLogins: number;
newUsersToday: number;
userGrowth: {
label: string;
value: number;
color: string;
}[];
roleDistribution: {
label: string;
value: number;
color: string;
}[];
statusDistribution: {
active: number;
suspended: number;
deleted: number;
};
activityTimeline: {
date: string;
newUsers: number;
logins: number;
}[];
}) {
this.totalUsers = data.totalUsers;
this.activeUsers = data.activeUsers;
this.suspendedUsers = data.suspendedUsers;
this.deletedUsers = data.deletedUsers;
this.systemAdmins = data.systemAdmins;
this.recentLogins = data.recentLogins;
this.newUsersToday = data.newUsersToday;
this.userGrowth = data.userGrowth;
this.roleDistribution = data.roleDistribution;
this.statusDistribution = data.statusDistribution;
this.activityTimeline = data.activityTimeline;
// Derive active rate
this.activeRate = this.totalUsers > 0 ? (this.activeUsers / this.totalUsers) * 100 : 0;
this.activeRateFormatted = `${Math.round(this.activeRate)}%`;
// Derive admin ratio
const nonAdmins = Math.max(1, this.totalUsers - this.systemAdmins);
this.adminRatio = `1:${Math.floor(nonAdmins / Math.max(1, this.systemAdmins))}`;
// Derive activity level
const engagementRate = this.totalUsers > 0 ? (this.recentLogins / this.totalUsers) * 100 : 0;
if (engagementRate < 20) {
this.activityLevel = 'low';
} else if (engagementRate < 50) {
this.activityLevel = 'medium';
} else {
this.activityLevel = 'high';
}
}
}
/**
* UserListViewModel
*
* View Model for user list with pagination and filtering state.
*/
export class UserListViewModel {
users: AdminUserViewModel[];
total: number;
page: number;
limit: number;
totalPages: number;
// UI-specific derived fields
readonly hasUsers: boolean;
readonly showPagination: boolean;
readonly startIndex: number;
readonly endIndex: number;
constructor(data: {
users: UserDto[];
total: number;
page: number;
limit: number;
totalPages: number;
}) {
this.users = data.users.map(dto => new AdminUserViewModel(dto));
this.total = data.total;
this.page = data.page;
this.limit = data.limit;
this.totalPages = data.totalPages;
// Derive UI state
this.hasUsers = this.users.length > 0;
this.showPagination = this.totalPages > 1;
this.startIndex = this.users.length > 0 ? (this.page - 1) * this.limit + 1 : 0;
this.endIndex = this.users.length > 0 ? (this.page - 1) * this.limit + this.users.length : 0;
}
}

51
core/admin/application/ports/IAdminUserRepository.ts Normal file
View File

@@ -0,0 +1,51 @@
import { AdminUser } from '../../domain/entities/AdminUser';
import { UserId } from '../../domain/value-objects/UserId';
import { Email } from '../../domain/value-objects/Email';
import { UserRole } from '../../domain/value-objects/UserRole';
import { UserStatus } from '../../domain/value-objects/UserStatus';
export interface UserFilter {
role?: UserRole;
status?: UserStatus;
email?: Email;
search?: string;
}
export interface UserSort {
field: 'email' | 'displayName' | 'createdAt' | 'lastLoginAt' | 'status';
direction: 'asc' | 'desc';
}
export interface UserPagination {
page: number;
limit: number;
}
export interface UserListQuery {
filter?: UserFilter;
sort?: UserSort | undefined;
pagination?: UserPagination | undefined;
}
export interface UserListResult {
users: AdminUser[];
total: number;
page: number;
limit: number;
totalPages: number;
}
/**
* Output port for user management operations
* Implemented by infrastructure layer
*/
export interface IAdminUserRepository {
findById(id: UserId): Promise<AdminUser | null>;
findByEmail(email: Email): Promise<AdminUser | null>;
emailExists(email: Email): Promise<boolean>;
list(query?: UserListQuery): Promise<UserListResult>;
count(filter?: UserFilter): Promise<number>;
create(user: AdminUser): Promise<AdminUser>;
update(user: AdminUser): Promise<AdminUser>;
delete(id: UserId): Promise<void>;
}

394
core/admin/application/use-cases/ListUsersUseCase.test.ts Normal file
View File

@@ -0,0 +1,394 @@
import { vi, describe, it, expect, beforeEach } from 'vitest';
import { ListUsersUseCase, ListUsersResult } from './ListUsersUseCase';
import { IAdminUserRepository } from '../ports/IAdminUserRepository';
import { AdminUser } from '../../domain/entities/AdminUser';
import { UseCaseOutputPort } from '@core/shared/application/UseCaseOutputPort';
import { AuthorizationService } from '../../domain/services/AuthorizationService';
// Mock the authorization service
vi.mock('../../domain/services/AuthorizationService');
// Mock repository
const mockRepository = {
findById: vi.fn(),
findByEmail: vi.fn(),
emailExists: vi.fn(),
list: vi.fn(),
count: vi.fn(),
create: vi.fn(),
update: vi.fn(),
delete: vi.fn(),
} as unknown as IAdminUserRepository;
// Mock output port
const mockOutputPort = {
present: vi.fn(),
} as unknown as UseCaseOutputPort<ListUsersResult>;
describe('ListUsersUseCase', () => {
let useCase: ListUsersUseCase;
let actor: AdminUser;
beforeEach(() => {
vi.clearAllMocks();
// Reset all mocks
vi.mocked(mockRepository.findById).mockReset();
vi.mocked(mockRepository.list).mockReset();
vi.mocked(mockRepository.count).mockReset();
vi.mocked(AuthorizationService.canListUsers).mockReset();
// Setup default successful authorization
vi.mocked(AuthorizationService.canListUsers).mockReturnValue(true);
useCase = new ListUsersUseCase(mockRepository, mockOutputPort);
// Create actor (owner)
actor = AdminUser.create({
id: 'actor-123',
email: 'owner@example.com',
roles: ['owner'],
status: 'active',
displayName: 'Owner User',
});
// Setup repository to return actor when findById is called
vi.mocked(mockRepository.findById).mockResolvedValue(actor);
});
describe('TDD - Test First', () => {
it('should return empty list when no users exist', async () => {
// Arrange
vi.mocked(mockRepository.list).mockResolvedValue({
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
});
vi.mocked(mockRepository.count).mockResolvedValue(0);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockOutputPort.present).toHaveBeenCalledWith({
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
});
});
it('should return users when they exist', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
roles: ['user'],
status: 'active',
displayName: 'User One',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
roles: ['admin'],
status: 'active',
displayName: 'User Two',
});
vi.mocked(mockRepository.list).mockResolvedValue({
users: [user1, user2],
total: 2,
page: 1,
limit: 10,
totalPages: 1,
});
vi.mocked(mockRepository.count).mockResolvedValue(2);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockOutputPort.present).toHaveBeenCalledWith({
users: [user1, user2],
total: 2,
page: 1,
limit: 10,
totalPages: 1,
});
});
it('should filter by role', async () => {
// Arrange
const adminUser = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
roles: ['admin'],
status: 'active',
displayName: 'Admin User',
});
vi.mocked(mockRepository.list).mockResolvedValue({
users: [adminUser],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
});
vi.mocked(mockRepository.count).mockResolvedValue(1);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
role: 'admin',
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockRepository.list).toHaveBeenCalledWith(
expect.objectContaining({
filter: expect.objectContaining({
role: expect.objectContaining({ value: 'admin' }),
}),
})
);
});
it('should filter by status', async () => {
// Arrange
const suspendedUser = AdminUser.create({
id: 'suspended-1',
email: 'suspended@example.com',
roles: ['user'],
status: 'suspended',
displayName: 'Suspended User',
});
vi.mocked(mockRepository.list).mockResolvedValue({
users: [suspendedUser],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
});
vi.mocked(mockRepository.count).mockResolvedValue(1);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
status: 'suspended',
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockRepository.list).toHaveBeenCalledWith(
expect.objectContaining({
filter: expect.objectContaining({
status: expect.objectContaining({ value: 'suspended' }),
}),
})
);
});
it('should search by email or display name', async () => {
// Arrange
const matchingUser = AdminUser.create({
id: 'match-1',
email: 'search@example.com',
roles: ['user'],
status: 'active',
displayName: 'Search User',
});
vi.mocked(mockRepository.list).mockResolvedValue({
users: [matchingUser],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
});
vi.mocked(mockRepository.count).mockResolvedValue(1);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
search: 'search',
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockRepository.list).toHaveBeenCalledWith(
expect.objectContaining({
filter: expect.objectContaining({
search: 'search',
}),
})
);
});
it('should paginate results', async () => {
// Arrange
const users = Array.from({ length: 5 }, (_, i) =>
AdminUser.create({
id: `user-${i}`,
email: `user${i}@example.com`,
roles: ['user'],
status: 'active',
displayName: `User ${i}`,
})
);
vi.mocked(mockRepository.list).mockResolvedValue({
users: users.slice(0, 2),
total: 5,
page: 1,
limit: 2,
totalPages: 3,
});
vi.mocked(mockRepository.count).mockResolvedValue(5);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
page: 1,
limit: 2,
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockRepository.list).toHaveBeenCalledWith(
expect.objectContaining({
pagination: { page: 1, limit: 2 },
})
);
});
it('should sort results', async () => {
// Arrange
vi.mocked(mockRepository.list).mockResolvedValue({
users: [],
total: 0,
page: 1,
limit: 10,
totalPages: 0,
});
vi.mocked(mockRepository.count).mockResolvedValue(0);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
sortBy: 'email',
sortDirection: 'desc',
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockRepository.list).toHaveBeenCalledWith(
expect.objectContaining({
sort: {
field: 'email',
direction: 'desc',
},
})
);
});
it('should return error when actor is not authorized', async () => {
// Arrange
const regularUser = AdminUser.create({
id: 'regular-1',
email: 'regular@example.com',
roles: ['user'],
status: 'active',
displayName: 'Regular User',
});
// Mock authorization to fail
vi.mocked(AuthorizationService.canListUsers).mockReturnValue(false);
// Act
const result = await useCase.execute({
actorId: regularUser.id.value,
});
// Assert
expect(result.isErr()).toBe(true);
const error = result.unwrapErr();
expect(error.code).toBe('AUTHORIZATION_ERROR');
expect(error.details.message).toContain('not authorized');
});
it('should handle repository errors gracefully', async () => {
// Arrange
vi.mocked(mockRepository.list).mockRejectedValue(new Error('Database connection failed'));
// Act
const result = await useCase.execute({
actorId: actor.id.value,
});
// Assert
expect(result.isErr()).toBe(true);
const error = result.unwrapErr();
expect(error.code).toBe('REPOSITORY_ERROR');
expect(error.details.message).toContain('Database connection failed');
});
it('should apply multiple filters together', async () => {
// Arrange
const matchingUser = AdminUser.create({
id: 'match-1',
email: 'admin@example.com',
roles: ['admin'],
status: 'active',
displayName: 'Admin User',
});
vi.mocked(mockRepository.list).mockResolvedValue({
users: [matchingUser],
total: 1,
page: 1,
limit: 10,
totalPages: 1,
});
vi.mocked(mockRepository.count).mockResolvedValue(1);
// Act
const result = await useCase.execute({
actorId: actor.id.value,
role: 'admin',
status: 'active',
search: 'admin',
});
// Assert
expect(result.isOk()).toBe(true);
expect(mockRepository.list).toHaveBeenCalledWith(
expect.objectContaining({
filter: expect.objectContaining({
role: expect.objectContaining({ value: 'admin' }),
status: expect.objectContaining({ value: 'active' }),
search: 'admin',
}),
})
);
});
});
});

166
core/admin/application/use-cases/ListUsersUseCase.ts Normal file
View File

@@ -0,0 +1,166 @@
import { Result } from '@core/shared/application/Result';
import type { ApplicationErrorCode } from '@core/shared/errors/ApplicationErrorCode';
import type { UseCaseOutputPort } from '@core/shared/application/UseCaseOutputPort';
import type { IAdminUserRepository } from '../ports/IAdminUserRepository';
import { AuthorizationService } from '../../domain/services/AuthorizationService';
import { UserId } from '../../domain/value-objects/UserId';
import { UserRole } from '../../domain/value-objects/UserRole';
import { UserStatus } from '../../domain/value-objects/UserStatus';
import { Email } from '../../domain/value-objects/Email';
import type { AdminUser } from '../../domain/entities/AdminUser';
export type ListUsersInput = {
actorId: string;
role?: string;
status?: string;
email?: string;
search?: string;
page?: number;
limit?: number;
sortBy?: 'email' | 'displayName' | 'createdAt' | 'lastLoginAt' | 'status';
sortDirection?: 'asc' | 'desc';
};
export type ListUsersResult = {
users: AdminUser[];
total: number;
page: number;
limit: number;
totalPages: number;
};
export type ListUsersErrorCode =
| 'USER_NOT_FOUND'
| 'VALIDATION_ERROR'
| 'AUTHORIZATION_ERROR'
| 'REPOSITORY_ERROR';
export type ListUsersApplicationError = ApplicationErrorCode<ListUsersErrorCode, { message: string; details?: unknown }>;
/**
* Application Use Case: ListUsersUseCase
*
* Lists users with filtering, sorting, and pagination.
* Only accessible to system administrators (Owner/Admin).
*/
export class ListUsersUseCase {
constructor(
private readonly adminUserRepository: IAdminUserRepository,
private readonly output: UseCaseOutputPort<ListUsersResult>,
) {}
async execute(
input: ListUsersInput,
): Promise<
Result<
void,
ListUsersApplicationError
>
> {
try {
// Get actor (current user)
const actor = await this.adminUserRepository.findById(UserId.fromString(input.actorId));
if (!actor) {
return Result.err({
code: 'AUTHORIZATION_ERROR',
details: { message: 'Actor not found' },
});
}
// Check authorization
if (!AuthorizationService.canListUsers(actor)) {
return Result.err({
code: 'AUTHORIZATION_ERROR',
details: { message: 'User is not authorized to list users' },
});
}
// Build filter
const filter: {
role?: UserRole;
status?: UserStatus;
email?: Email;
search?: string;
} = {};
if (input.role) {
filter.role = UserRole.fromString(input.role);
}
if (input.status) {
filter.status = UserStatus.fromString(input.status);
}
if (input.email) {
filter.email = Email.fromString(input.email);
}
if (input.search) {
filter.search = input.search;
}
// Build sort
const sort = input.sortBy ? {
field: input.sortBy,
direction: input.sortDirection || 'asc',
} : undefined;
// Build pagination
const pagination = input.page && input.limit ? {
page: input.page,
limit: input.limit,
} : undefined;
// Execute query
const query: {
filter?: {
role?: UserRole;
status?: UserStatus;
email?: Email;
search?: string;
};
sort?: {
field: 'email' | 'displayName' | 'createdAt' | 'lastLoginAt' | 'status';
direction: 'asc' | 'desc';
};
pagination?: {
page: number;
limit: number;
};
} = {};
if (Object.keys(filter).length > 0) {
query.filter = filter;
}
if (sort) {
query.sort = sort;
}
if (pagination) {
query.pagination = pagination;
}
const result = await this.adminUserRepository.list(query);
// Pass domain objects to output port
this.output.present({
users: result.users,
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages,
});
return Result.ok(undefined);
} catch (error) {
const message = error instanceof Error ? error.message : 'Failed to list users';
if (error instanceof Error && error.message.includes('validation')) {
return Result.err({
code: 'VALIDATION_ERROR',
details: { message },
});
}
return Result.err({
code: 'REPOSITORY_ERROR',
details: { message },
});
}
}
}

531
core/admin/domain/entities/AdminUser.test.ts Normal file
View File

@@ -0,0 +1,531 @@
import { AdminUser } from './AdminUser';
import { UserRole } from '../value-objects/UserRole';
describe('AdminUser', () => {
describe('TDD - Test First', () => {
it('should create a valid admin user', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'admin@example.com',
displayName: 'Admin User',
roles: ['owner'],
status: 'active',
});
// Assert
expect(user.id.value).toBe('user-123');
expect(user.email.value).toBe('admin@example.com');
expect(user.displayName).toBe('Admin User');
expect(user.roles).toHaveLength(1);
expect(user.roles[0]!.value).toBe('owner');
expect(user.status.value).toBe('active');
});
it('should validate email format', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'invalid-email',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Assert - Email should be created but validation happens in value object
expect(user.email.value).toBe('invalid-email');
});
it('should detect system admin (owner)', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Assert
expect(owner.isSystemAdmin()).toBe(true);
expect(admin.isSystemAdmin()).toBe(true);
expect(user.isSystemAdmin()).toBe(false);
});
it('should handle multiple roles', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'multi@example.com',
displayName: 'Multi Role',
roles: ['owner', 'admin'],
status: 'active',
});
// Assert
expect(user.roles).toHaveLength(2);
expect(user.roles.map(r => r.value)).toContain('owner');
expect(user.roles.map(r => r.value)).toContain('admin');
});
it('should handle suspended status', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'suspended@example.com',
displayName: 'Suspended User',
roles: ['user'],
status: 'suspended',
});
// Assert
expect(user.status.value).toBe('suspended');
expect(user.isActive()).toBe(false);
});
it('should handle optional fields', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'minimal@example.com',
displayName: 'Minimal User',
roles: ['user'],
status: 'active',
});
// Assert
expect(user.primaryDriverId).toBeUndefined();
expect(user.lastLoginAt).toBeUndefined();
});
it('should handle all optional fields', () => {
// Arrange
const now = new Date();
// Act
const user = AdminUser.create({
id: 'user-123',
email: 'full@example.com',
displayName: 'Full User',
roles: ['user'],
status: 'active',
primaryDriverId: 'driver-456',
lastLoginAt: now,
});
// Assert
expect(user.primaryDriverId).toBe('driver-456');
expect(user.lastLoginAt).toEqual(now);
});
it('should handle createdAt and updatedAt', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Assert
expect(user.createdAt).toBeInstanceOf(Date);
expect(user.updatedAt).toBeInstanceOf(Date);
});
it('should handle role assignment with validation', () => {
// Arrange & Act
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Assert - Should accept any role string (validation happens in value object)
expect(user.roles).toHaveLength(1);
expect(user.roles[0]!.value).toBe('user');
});
it('should handle status changes', () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Act - Use domain method to change status
user.suspend();
// Assert
expect(user.status.value).toBe('suspended');
});
it('should check if user is active', () => {
// Arrange
const activeUser = AdminUser.create({
id: 'user-123',
email: 'active@example.com',
displayName: 'Active User',
roles: ['user'],
status: 'active',
});
const suspendedUser = AdminUser.create({
id: 'user-456',
email: 'suspended@example.com',
displayName: 'Suspended User',
roles: ['user'],
status: 'suspended',
});
// Assert
expect(activeUser.isActive()).toBe(true);
expect(suspendedUser.isActive()).toBe(false);
});
it('should handle role management', () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Act
user.addRole(UserRole.fromString('admin'));
// Assert
expect(user.roles).toHaveLength(2);
expect(user.hasRole('admin')).toBe(true);
});
it('should handle display name updates', () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Old Name',
roles: ['user'],
status: 'active',
});
// Act
user.updateDisplayName('New Name');
// Assert
expect(user.displayName).toBe('New Name');
});
it('should handle login recording', () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
const beforeLogin = user.lastLoginAt;
// Act
user.recordLogin();
// Assert
expect(user.lastLoginAt).toBeDefined();
expect(user.lastLoginAt).not.toEqual(beforeLogin);
});
it('should handle summary generation', () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['owner'],
status: 'active',
lastLoginAt: new Date(),
});
// Act
const summary = user.toSummary();
// Assert
expect(summary.id).toBe('user-123');
expect(summary.email).toBe('test@example.com');
expect(summary.displayName).toBe('Test User');
expect(summary.roles).toEqual(['owner']);
expect(summary.status).toBe('active');
expect(summary.isSystemAdmin).toBe(true);
expect(summary.lastLoginAt).toBeDefined();
});
it('should handle equality comparison', () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
const user3 = AdminUser.create({
id: 'user-456',
email: 'other@example.com',
displayName: 'Other User',
roles: ['user'],
status: 'active',
});
// Assert
expect(user1.equals(user2)).toBe(true);
expect(user1.equals(user3)).toBe(false);
expect(user1.equals(undefined)).toBe(false);
});
it('should handle management permissions', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Assert - Owner can manage everyone
expect(owner.canManage(admin)).toBe(true);
expect(owner.canManage(user)).toBe(true);
expect(owner.canManage(owner)).toBe(true); // Can manage self
// Admin can manage users but not admins/owners
expect(admin.canManage(user)).toBe(true);
expect(admin.canManage(admin)).toBe(false);
expect(admin.canManage(owner)).toBe(false);
// User cannot manage anyone except self
expect(user.canManage(user)).toBe(true);
expect(user.canManage(admin)).toBe(false);
expect(user.canManage(owner)).toBe(false);
});
it('should handle role modification permissions', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Assert - Only owner can modify roles
expect(owner.canModifyRoles(user)).toBe(true);
expect(owner.canModifyRoles(admin)).toBe(true);
expect(owner.canModifyRoles(owner)).toBe(false); // Cannot modify own roles
expect(admin.canModifyRoles(user)).toBe(false);
expect(user.canModifyRoles(user)).toBe(false);
});
it('should handle status change permissions', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Assert - Owner can change anyone's status
expect(owner.canChangeStatus(user)).toBe(true);
expect(owner.canChangeStatus(admin)).toBe(true);
expect(owner.canChangeStatus(owner)).toBe(false); // Cannot change own status
// Admin can change user status but not admin/owner
expect(admin.canChangeStatus(user)).toBe(true);
expect(admin.canChangeStatus(admin)).toBe(false);
expect(admin.canChangeStatus(owner)).toBe(false);
// User cannot change status
expect(user.canChangeStatus(user)).toBe(false);
expect(user.canChangeStatus(admin)).toBe(false);
expect(user.canChangeStatus(owner)).toBe(false);
});
it('should handle deletion permissions', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Assert - Owner can delete anyone except self
expect(owner.canDelete(user)).toBe(true);
expect(owner.canDelete(admin)).toBe(true);
expect(owner.canDelete(owner)).toBe(false); // Cannot delete self
// Admin can delete users but not admins/owners
expect(admin.canDelete(user)).toBe(true);
expect(admin.canDelete(admin)).toBe(false);
expect(admin.canDelete(owner)).toBe(false);
// User cannot delete anyone
expect(user.canDelete(user)).toBe(false);
expect(user.canDelete(admin)).toBe(false);
expect(user.canDelete(owner)).toBe(false);
});
it('should handle authority comparison', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Assert
expect(owner.hasHigherAuthorityThan(admin)).toBe(true);
expect(owner.hasHigherAuthorityThan(user)).toBe(true);
expect(admin.hasHigherAuthorityThan(user)).toBe(true);
expect(admin.hasHigherAuthorityThan(owner)).toBe(false);
expect(user.hasHigherAuthorityThan(admin)).toBe(false);
});
it('should handle role display names', () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['owner', 'admin'],
status: 'active',
});
// Act
const displayNames = user.getRoleDisplayNames();
// Assert
expect(displayNames).toContain('Owner');
expect(displayNames).toContain('Admin');
});
});
});

485
core/admin/domain/entities/AdminUser.ts Normal file
View File

@@ -0,0 +1,485 @@
import type { IEntity } from '@core/shared/domain';
import { UserId } from '../value-objects/UserId';
import { Email } from '../value-objects/Email';
import { UserRole } from '../value-objects/UserRole';
import { UserStatus } from '../value-objects/UserStatus';
import { AdminDomainValidationError, AdminDomainInvariantError } from '../errors/AdminDomainError';
export interface AdminUserProps {
id: UserId;
email: Email;
roles: UserRole[];
status: UserStatus;
displayName: string;
createdAt: Date;
updatedAt: Date;
lastLoginAt: Date | undefined;
primaryDriverId: string | undefined;
}
export class AdminUser implements IEntity<UserId> {
readonly id: UserId;
private _email: Email;
private _roles: UserRole[];
private _status: UserStatus;
private _displayName: string;
private _createdAt: Date;
private _updatedAt: Date;
private _lastLoginAt: Date | undefined;
private _primaryDriverId: string | undefined;
private constructor(props: AdminUserProps) {
this.id = props.id;
this._email = props.email;
this._roles = props.roles;
this._status = props.status;
this._displayName = props.displayName;
this._createdAt = props.createdAt;
this._updatedAt = props.updatedAt;
this._lastLoginAt = props.lastLoginAt;
this._primaryDriverId = props.primaryDriverId;
}
/**
* Factory method to create a new AdminUser
* Validates all business rules and invariants
*/
static create(props: {
id: string;
email: string;
roles: string[];
status: string;
displayName: string;
createdAt?: Date;
updatedAt?: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
}): AdminUser {
// Validate required fields
if (!props.id || props.id.trim().length === 0) {
throw new AdminDomainValidationError('User ID is required');
}
if (!props.email || props.email.trim().length === 0) {
throw new AdminDomainValidationError('Email is required');
}
if (!props.roles || props.roles.length === 0) {
throw new AdminDomainValidationError('At least one role is required');
}
if (!props.status || props.status.trim().length === 0) {
throw new AdminDomainValidationError('Status is required');
}
if (!props.displayName || props.displayName.trim().length === 0) {
throw new AdminDomainValidationError('Display name is required');
}
// Validate display name length
const trimmedName = props.displayName.trim();
if (trimmedName.length < 2 || trimmedName.length > 100) {
throw new AdminDomainValidationError('Display name must be between 2 and 100 characters');
}
// Create value objects
const id = UserId.fromString(props.id);
const email = Email.fromString(props.email);
const roles = props.roles.map(role => UserRole.fromString(role));
const status = UserStatus.fromString(props.status);
// Validate role hierarchy - ensure no duplicate roles
const uniqueRoles = new Set(roles.map(r => r.toString()));
if (uniqueRoles.size !== roles.length) {
throw new AdminDomainValidationError('Duplicate roles are not allowed');
}
const now = props.createdAt ?? new Date();
return new AdminUser({
id,
email,
roles,
status,
displayName: trimmedName,
createdAt: now,
updatedAt: props.updatedAt ?? now,
lastLoginAt: props.lastLoginAt ?? undefined,
primaryDriverId: props.primaryDriverId ?? undefined,
});
}
/**
* Rehydrate from storage
*/
static rehydrate(props: {
id: string;
email: string;
roles: string[];
status: string;
displayName: string;
createdAt: Date;
updatedAt: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
}): AdminUser {
return this.create(props);
}
// Getters
get email(): Email {
return this._email;
}
get roles(): UserRole[] {
return [...this._roles];
}
get status(): UserStatus {
return this._status;
}
get displayName(): string {
return this._displayName;
}
get createdAt(): Date {
return new Date(this._createdAt.getTime());
}
get updatedAt(): Date {
return new Date(this._updatedAt.getTime());
}
get lastLoginAt(): Date | undefined {
return this._lastLoginAt ? new Date(this._lastLoginAt.getTime()) : undefined;
}
get primaryDriverId(): string | undefined {
return this._primaryDriverId;
}
// Domain methods
/**
* Add a role to the user
* Cannot add duplicate roles
* Cannot add owner role if user already has other roles
*/
addRole(role: UserRole): void {
if (this._roles.some(r => r.equals(role))) {
throw new AdminDomainInvariantError(`Role ${role.value} is already assigned`);
}
// If adding owner role, user must have no other roles
if (role.value === 'owner' && this._roles.length > 0) {
throw new AdminDomainInvariantError('Cannot add owner role to user with existing roles');
}
// If user has owner role, cannot add other roles
if (this._roles.some(r => r.value === 'owner')) {
throw new AdminDomainInvariantError('Owner cannot have additional roles');
}
this._roles.push(role);
this._updatedAt = new Date();
}
/**
* Remove a role from the user
* Cannot remove the last role
* Cannot remove owner role (must be transferred first)
*/
removeRole(role: UserRole): void {
const roleIndex = this._roles.findIndex(r => r.equals(role));
if (roleIndex === -1) {
throw new AdminDomainInvariantError(`Role ${role.value} not found`);
}
if (this._roles.length === 1) {
throw new AdminDomainInvariantError('Cannot remove the last role from user');
}
if (role.value === 'owner') {
throw new AdminDomainInvariantError('Cannot remove owner role. Transfer ownership first.');
}
this._roles.splice(roleIndex, 1);
this._updatedAt = new Date();
}
/**
* Update user status
*/
updateStatus(newStatus: UserStatus): void {
if (this._status.equals(newStatus)) {
throw new AdminDomainInvariantError(`User already has status ${newStatus.value}`);
}
this._status = newStatus;
this._updatedAt = new Date();
}
/**
* Check if user has a specific role
*/
hasRole(roleValue: string): boolean {
return this._roles.some(r => r.value === roleValue);
}
/**
* Check if user is a system administrator
*/
isSystemAdmin(): boolean {
return this._roles.some(r => r.isSystemAdmin());
}
/**
* Check if user has higher authority than another user
*/
hasHigherAuthorityThan(other: AdminUser): boolean {
// Get highest role for each user
const hierarchy: Record<string, number> = {
user: 0,
admin: 1,
owner: 2,
};
const myHighest = Math.max(...this._roles.map(r => hierarchy[r.value] ?? 0));
const otherHighest = Math.max(...other._roles.map(r => hierarchy[r.value] ?? 0));
return myHighest > otherHighest;
}
/**
* Update last login timestamp
*/
recordLogin(): void {
this._lastLoginAt = new Date();
this._updatedAt = new Date();
}
/**
* Update display name (only for admin operations)
*/
updateDisplayName(newName: string): void {
const trimmed = newName.trim();
if (trimmed.length < 2 || trimmed.length > 100) {
throw new AdminDomainValidationError('Display name must be between 2 and 100 characters');
}
this._displayName = trimmed;
this._updatedAt = new Date();
}
/**
* Update email
*/
updateEmail(newEmail: Email): void {
if (this._email.equals(newEmail)) {
throw new AdminDomainInvariantError('Email is already the same');
}
this._email = newEmail;
this._updatedAt = new Date();
}
/**
* Check if user is active
*/
isActive(): boolean {
return this._status.isActive();
}
/**
* Suspend user
*/
suspend(): void {
if (this._status.isSuspended()) {
throw new AdminDomainInvariantError('User is already suspended');
}
if (this._status.isDeleted()) {
throw new AdminDomainInvariantError('Cannot suspend a deleted user');
}
this._status = UserStatus.create('suspended');
this._updatedAt = new Date();
}
/**
* Activate user
*/
activate(): void {
if (this._status.isActive()) {
throw new AdminDomainInvariantError('User is already active');
}
if (this._status.isDeleted()) {
throw new AdminDomainInvariantError('Cannot activate a deleted user');
}
this._status = UserStatus.create('active');
this._updatedAt = new Date();
}
/**
* Soft delete user
*/
delete(): void {
if (this._status.isDeleted()) {
throw new AdminDomainInvariantError('User is already deleted');
}
this._status = UserStatus.create('deleted');
this._updatedAt = new Date();
}
/**
* Get role display names
*/
getRoleDisplayNames(): string[] {
return this._roles.map(r => {
switch (r.value) {
case 'owner': return 'Owner';
case 'admin': return 'Admin';
case 'user': return 'User';
default: return r.value;
}
});
}
/**
* Check if this user can manage another user
* Owner can manage everyone (including self)
* Admin can manage users but not admins/owners (including self)
* User can manage self only
*/
canManage(target: AdminUser): boolean {
// Owner can manage everyone
if (this.hasRole('owner')) {
return true;
}
// Admin can manage non-admin users
if (this.hasRole('admin')) {
// Cannot manage admins/owners (including self)
if (target.isSystemAdmin()) {
return false;
}
// Can manage non-admin users
return true;
}
// User can only manage self
return this.id.equals(target.id);
}
/**
* Check if this user can modify roles of target user
* Only owner can modify roles
*/
canModifyRoles(target: AdminUser): boolean {
// Only owner can modify roles
if (!this.hasRole('owner')) {
return false;
}
// Cannot modify own roles (prevents accidental lockout)
if (this.id.equals(target.id)) {
return false;
}
return true;
}
/**
* Check if this user can change status of target user
* Owner can change anyone's status
* Admin can change user status but not other admins/owners
*/
canChangeStatus(target: AdminUser): boolean {
if (this.id.equals(target.id)) {
return false; // Cannot change own status
}
if (this.hasRole('owner')) {
return true;
}
if (this.hasRole('admin')) {
return !target.isSystemAdmin();
}
return false;
}
/**
* Check if this user can delete target user
* Owner can delete anyone except self
* Admin can delete users but not admins/owners
*/
canDelete(target: AdminUser): boolean {
if (this.id.equals(target.id)) {
return false; // Cannot delete self
}
if (this.hasRole('owner')) {
return true;
}
if (this.hasRole('admin')) {
return !target.isSystemAdmin();
}
return false;
}
/**
* Get summary for display
*/
toSummary(): {
id: string;
email: string;
displayName: string;
roles: string[];
status: string;
isSystemAdmin: boolean;
lastLoginAt?: Date;
} {
const summary: {
id: string;
email: string;
displayName: string;
roles: string[];
status: string;
isSystemAdmin: boolean;
lastLoginAt?: Date;
} = {
id: this.id.value,
email: this._email.value,
displayName: this._displayName,
roles: this._roles.map(r => r.value),
status: this._status.value,
isSystemAdmin: this.isSystemAdmin(),
};
if (this._lastLoginAt) {
summary.lastLoginAt = this._lastLoginAt;
}
return summary;
}
/**
* Equals comparison
*/
equals(other?: AdminUser): boolean {
if (!other) {
return false;
}
return this.id.equals(other.id);
}
}

45
core/admin/domain/errors/AdminDomainError.ts Normal file
View File

@@ -0,0 +1,45 @@
import type { IDomainError, CommonDomainErrorKind } from '@core/shared/errors';
export abstract class AdminDomainError extends Error implements IDomainError<CommonDomainErrorKind> {
readonly type = 'domain' as const;
readonly context = 'admin-domain';
abstract readonly kind: CommonDomainErrorKind;
constructor(message: string) {
super(message);
Object.setPrototypeOf(this, new.target.prototype);
}
}
export class AdminDomainValidationError
extends AdminDomainError
implements IDomainError<'validation'>
{
readonly kind = 'validation' as const;
constructor(message: string) {
super(message);
}
}
export class AdminDomainInvariantError
extends AdminDomainError
implements IDomainError<'invariant'>
{
readonly kind = 'invariant' as const;
constructor(message: string) {
super(message);
}
}
export class AuthorizationError
extends AdminDomainError
implements IDomainError<'authorization'>
{
readonly kind = 'authorization' as const;
constructor(message: string) {
super(message);
}
}

114
core/admin/domain/repositories/IAdminUserRepository.ts Normal file
View File

@@ -0,0 +1,114 @@
import { AdminUser } from '../entities/AdminUser';
import { UserId } from '../value-objects/UserId';
import { Email } from '../value-objects/Email';
import { UserRole } from '../value-objects/UserRole';
import { UserStatus } from '../value-objects/UserStatus';
export interface UserFilter {
role?: UserRole;
status?: UserStatus;
email?: Email;
search?: string;
}
export interface UserSort {
field: 'email' | 'displayName' | 'createdAt' | 'lastLoginAt' | 'status';
direction: 'asc' | 'desc';
}
export interface UserPagination {
page: number;
limit: number;
}
export interface UserListQuery {
filter?: UserFilter;
sort?: UserSort | undefined;
pagination?: UserPagination | undefined;
}
export interface UserListResult {
users: AdminUser[];
total: number;
page: number;
limit: number;
totalPages: number;
}
export interface StoredAdminUser {
id: string;
email: string;
roles: string[];
status: string;
displayName: string;
createdAt: Date;
updatedAt: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
}
/**
* Repository interface for AdminUser entity
* Follows clean architecture - this is an output port from application layer
*/
export interface IAdminUserRepository {
/**
* Find user by ID
*/
findById(id: UserId): Promise<AdminUser | null>;
/**
* Find user by email
*/
findByEmail(email: Email): Promise<AdminUser | null>;
/**
* Check if email exists
*/
emailExists(email: Email): Promise<boolean>;
/**
* Check if user exists by ID
*/
existsById(id: UserId): Promise<boolean>;
/**
* Check if user exists by email
*/
existsByEmail(email: Email): Promise<boolean>;
/**
* List users with filtering, sorting, and pagination
*/
list(query?: UserListQuery): Promise<UserListResult>;
/**
* Count users matching filter
*/
count(filter?: UserFilter): Promise<number>;
/**
* Create a new user
*/
create(user: AdminUser): Promise<AdminUser>;
/**
* Update existing user
*/
update(user: AdminUser): Promise<AdminUser>;
/**
* Delete user (soft delete)
*/
delete(id: UserId): Promise<void>;
/**
* Get user for storage
*/
toStored(user: AdminUser): StoredAdminUser;
/**
* Rehydrate user from storage
*/
fromStored(stored: StoredAdminUser): AdminUser;
}

747
core/admin/domain/services/AuthorizationService.test.ts Normal file
View File

@@ -0,0 +1,747 @@
import { AuthorizationService } from './AuthorizationService';
import { AdminUser } from '../entities/AdminUser';
describe('AuthorizationService', () => {
describe('TDD - Test First', () => {
describe('canListUsers', () => {
it('should allow owner to list users', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
// Act
const canList = AuthorizationService.canListUsers(owner);
// Assert
expect(canList).toBe(true);
});
it('should allow admin to list users', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
// Act
const canList = AuthorizationService.canListUsers(admin);
// Assert
expect(canList).toBe(true);
});
it('should deny regular user from listing users', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canList = AuthorizationService.canListUsers(user);
// Assert
expect(canList).toBe(false);
});
it('should deny suspended admin from listing users', () => {
// Arrange
const suspendedAdmin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'suspended',
});
// Act
const canList = AuthorizationService.canListUsers(suspendedAdmin);
// Assert
expect(canList).toBe(false);
});
it('should allow owner with multiple roles to list users', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
// Act
const canList = AuthorizationService.canListUsers(owner);
// Assert
expect(canList).toBe(true);
});
});
describe('canPerformAction with manage', () => {
it('should allow owner to manage any user', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canManage = AuthorizationService.canPerformAction(owner, 'manage', targetUser);
// Assert
expect(canManage).toBe(true);
});
it('should allow admin to manage non-admin users', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canManage = AuthorizationService.canPerformAction(admin, 'manage', targetUser);
// Assert
expect(canManage).toBe(true);
});
it('should deny admin from managing other admins', () => {
// Arrange
const admin1 = AdminUser.create({
id: 'admin-1',
email: 'admin1@example.com',
displayName: 'Admin 1',
roles: ['admin'],
status: 'active',
});
const admin2 = AdminUser.create({
id: 'admin-2',
email: 'admin2@example.com',
displayName: 'Admin 2',
roles: ['admin'],
status: 'active',
});
// Act
const canManage = AuthorizationService.canPerformAction(admin1, 'manage', admin2);
// Assert
expect(canManage).toBe(false);
});
it('should deny regular user from managing anyone', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
// Act
const canManage = AuthorizationService.canPerformAction(user, 'manage', targetUser);
// Assert
expect(canManage).toBe(false);
});
it('should allow admin to manage suspended users', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const suspendedUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'suspended',
});
// Act
const canManage = AuthorizationService.canPerformAction(admin, 'manage', suspendedUser);
// Assert
expect(canManage).toBe(true);
});
});
describe('canPerformAction with modify_roles', () => {
it('should allow owner to modify roles', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canModify = AuthorizationService.canPerformAction(owner, 'modify_roles', targetUser);
// Assert
expect(canModify).toBe(true);
});
it('should deny admin from modifying roles', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canModify = AuthorizationService.canPerformAction(admin, 'modify_roles', targetUser);
// Assert
expect(canModify).toBe(false);
});
it('should deny regular user from modifying roles', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
// Act
const canModify = AuthorizationService.canPerformAction(user, 'modify_roles', targetUser);
// Assert
expect(canModify).toBe(false);
});
});
describe('canPerformAction with change_status', () => {
it('should allow owner to change any status', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canChange = AuthorizationService.canPerformAction(owner, 'change_status', targetUser);
// Assert
expect(canChange).toBe(true);
});
it('should allow admin to change non-admin status', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canChange = AuthorizationService.canPerformAction(admin, 'change_status', targetUser);
// Assert
expect(canChange).toBe(true);
});
it('should deny admin from changing admin status', () => {
// Arrange
const admin1 = AdminUser.create({
id: 'admin-1',
email: 'admin1@example.com',
displayName: 'Admin 1',
roles: ['admin'],
status: 'active',
});
const admin2 = AdminUser.create({
id: 'admin-2',
email: 'admin2@example.com',
displayName: 'Admin 2',
roles: ['admin'],
status: 'active',
});
// Act
const canChange = AuthorizationService.canPerformAction(admin1, 'change_status', admin2);
// Assert
expect(canChange).toBe(false);
});
it('should deny regular user from changing status', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
// Act
const canChange = AuthorizationService.canPerformAction(user, 'change_status', targetUser);
// Assert
expect(canChange).toBe(false);
});
});
describe('canPerformAction with delete', () => {
it('should allow owner to delete any user', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canDelete = AuthorizationService.canPerformAction(owner, 'delete', targetUser);
// Assert
expect(canDelete).toBe(true);
});
it('should allow admin to delete non-admin users', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const canDelete = AuthorizationService.canPerformAction(admin, 'delete', targetUser);
// Assert
expect(canDelete).toBe(true);
});
it('should deny admin from deleting other admins', () => {
// Arrange
const admin1 = AdminUser.create({
id: 'admin-1',
email: 'admin1@example.com',
displayName: 'Admin 1',
roles: ['admin'],
status: 'active',
});
const admin2 = AdminUser.create({
id: 'admin-2',
email: 'admin2@example.com',
displayName: 'Admin 2',
roles: ['admin'],
status: 'active',
});
// Act
const canDelete = AuthorizationService.canPerformAction(admin1, 'delete', admin2);
// Assert
expect(canDelete).toBe(false);
});
it('should deny regular user from deleting anyone', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
// Act
const canDelete = AuthorizationService.canPerformAction(user, 'delete', targetUser);
// Assert
expect(canDelete).toBe(false);
});
it('should allow owner to delete suspended users', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const suspendedUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'suspended',
});
// Act
const canDelete = AuthorizationService.canPerformAction(owner, 'delete', suspendedUser);
// Assert
expect(canDelete).toBe(true);
});
});
describe('getPermissions', () => {
it('should return correct permissions for owner', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
// Act
const permissions = AuthorizationService.getPermissions(owner);
// Assert
expect(permissions).toContain('users.view');
expect(permissions).toContain('users.list');
expect(permissions).toContain('users.manage');
expect(permissions).toContain('users.roles.modify');
expect(permissions).toContain('users.status.change');
expect(permissions).toContain('users.create');
expect(permissions).toContain('users.delete');
expect(permissions).toContain('users.export');
});
it('should return correct permissions for admin', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
// Act
const permissions = AuthorizationService.getPermissions(admin);
// Assert
expect(permissions).toContain('users.view');
expect(permissions).toContain('users.list');
expect(permissions).toContain('users.manage');
expect(permissions).toContain('users.status.change');
expect(permissions).toContain('users.create');
expect(permissions).toContain('users.delete');
expect(permissions).not.toContain('users.roles.modify');
expect(permissions).not.toContain('users.export');
});
it('should return empty permissions for regular user', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const permissions = AuthorizationService.getPermissions(user);
// Assert
expect(permissions).toEqual([]);
});
it('should return empty permissions for suspended admin', () => {
// Arrange
const suspendedAdmin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'suspended',
});
// Act
const permissions = AuthorizationService.getPermissions(suspendedAdmin);
// Assert
expect(permissions).toEqual([]);
});
});
describe('hasPermission', () => {
it('should return true for owner with users.view permission', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
// Act
const hasPermission = AuthorizationService.hasPermission(owner, 'users.view');
// Assert
expect(hasPermission).toBe(true);
});
it('should return false for admin with users.roles.modify permission', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
// Act
const hasPermission = AuthorizationService.hasPermission(admin, 'users.roles.modify');
// Assert
expect(hasPermission).toBe(false);
});
it('should return false for regular user with any permission', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act
const hasPermission = AuthorizationService.hasPermission(user, 'users.view');
// Assert
expect(hasPermission).toBe(false);
});
});
describe('enforce', () => {
it('should not throw for authorized action', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
// Act & Assert - Should not throw
expect(() => {
AuthorizationService.enforce(owner, 'manage', targetUser);
}).not.toThrow();
});
it('should throw for unauthorized action', () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
const targetUser = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
// Act & Assert - Should throw
expect(() => {
AuthorizationService.enforce(user, 'manage', targetUser);
}).toThrow();
});
});
describe('enforcePermission', () => {
it('should not throw for authorized permission', () => {
// Arrange
const owner = AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner',
roles: ['owner'],
status: 'active',
});
// Act & Assert - Should not throw
expect(() => {
AuthorizationService.enforcePermission(owner, 'users.view');
}).not.toThrow();
});
it('should throw for unauthorized permission', () => {
// Arrange
const admin = AdminUser.create({
id: 'admin-1',
email: 'admin@example.com',
displayName: 'Admin',
roles: ['admin'],
status: 'active',
});
// Act & Assert - Should throw
expect(() => {
AuthorizationService.enforcePermission(admin, 'users.roles.modify');
}).toThrow();
});
});
});
});

283
core/admin/domain/services/AuthorizationService.ts Normal file
View File

@@ -0,0 +1,283 @@
import { AdminUser } from '../entities/AdminUser';
import { AuthorizationError } from '../errors/AdminDomainError';
/**
* Domain service for authorization checks
* Stateless service that enforces access control rules
*/
export class AuthorizationService {
/**
* Check if an actor can perform an action on a target user
*/
static canPerformAction(
actor: AdminUser,
action: 'view' | 'manage' | 'modify_roles' | 'change_status' | 'delete',
target?: AdminUser
): boolean {
// Actors must be system admins and active
if (!actor.isSystemAdmin() || !actor.isActive()) {
return false;
}
switch (action) {
case 'view':
return this.canView(actor, target);
case 'manage':
return this.canManage(actor, target);
case 'modify_roles':
return this.canModifyRoles(actor, target);
case 'change_status':
return this.canChangeStatus(actor, target);
case 'delete':
return this.canDelete(actor, target);
default:
return false;
}
}
/**
* Check if actor can view target user
*/
private static canView(actor: AdminUser, target?: AdminUser): boolean {
if (!target) {
// Viewing list - only admins can view
return actor.isSystemAdmin();
}
// Can always view self
if (actor.id.equals(target.id)) {
return true;
}
// Owner can view everyone
if (actor.hasRole('owner')) {
return true;
}
// Admin can view non-admin users
if (actor.hasRole('admin')) {
return !target.isSystemAdmin();
}
return false;
}
/**
* Check if actor can manage target user
*/
private static canManage(actor: AdminUser, target?: AdminUser): boolean {
if (!target) {
return false;
}
// Can always manage self
if (actor.id.equals(target.id)) {
return true;
}
// Owner can manage everyone
if (actor.hasRole('owner')) {
return true;
}
// Admin can manage non-admin users
if (actor.hasRole('admin')) {
return !target.isSystemAdmin();
}
return false;
}
/**
* Check if actor can modify roles of target user
*/
private static canModifyRoles(actor: AdminUser, target?: AdminUser): boolean {
if (!target) {
return false;
}
// Only owner can modify roles
if (!actor.hasRole('owner')) {
return false;
}
// Cannot modify own roles (prevents accidental lockout)
if (actor.id.equals(target.id)) {
return false;
}
return true;
}
/**
* Check if actor can change status of target user
*/
private static canChangeStatus(actor: AdminUser, target?: AdminUser): boolean {
if (!target) {
return false;
}
// Cannot change own status
if (actor.id.equals(target.id)) {
return false;
}
// Owner can change anyone's status
if (actor.hasRole('owner')) {
return true;
}
// Admin can change user status but not other admins/owners
if (actor.hasRole('admin')) {
return !target.isSystemAdmin();
}
return false;
}
/**
* Check if actor can delete target user
*/
private static canDelete(actor: AdminUser, target?: AdminUser): boolean {
if (!target) {
return false;
}
// Cannot delete self
if (actor.id.equals(target.id)) {
return false;
}
// Owner can delete anyone
if (actor.hasRole('owner')) {
return true;
}
// Admin can delete users but not admins/owners
if (actor.hasRole('admin')) {
return !target.isSystemAdmin();
}
return false;
}
/**
* Enforce authorization - throws if not authorized
*/
static enforce(
actor: AdminUser,
action: 'view' | 'manage' | 'modify_roles' | 'change_status' | 'delete',
target?: AdminUser
): void {
if (!this.canPerformAction(actor, action, target)) {
const actionLabel = action.replace('_', ' ');
const targetLabel = target ? `user ${target.email.value}` : 'user list';
throw new AuthorizationError(
`User ${actor.email.value} is not authorized to ${actionLabel} ${targetLabel}`
);
}
}
/**
* Check if actor can list users
*/
static canListUsers(actor: AdminUser): boolean {
return actor.isSystemAdmin() && actor.isActive();
}
/**
* Check if actor can create users
*/
static canCreateUsers(actor: AdminUser): boolean {
// Only owner can create users with admin roles
// Admin can create regular users
return actor.isSystemAdmin() && actor.isActive();
}
/**
* Check if actor can assign a specific role
*/
static canAssignRole(actor: AdminUser, roleToAssign: string, target?: AdminUser): boolean {
// Only owner can assign owner or admin roles
if (roleToAssign === 'owner' || roleToAssign === 'admin') {
return actor.hasRole('owner');
}
// Admin can assign user role
if (roleToAssign === 'user') {
// Admin can assign user role to non-admin users
// Owner can assign user role to anyone
if (actor.hasRole('owner')) {
return true;
}
if (actor.hasRole('admin')) {
if (!target) {
return true;
}
return !target.isSystemAdmin();
}
}
return false;
}
/**
* Get permissions for actor
*/
static getPermissions(actor: AdminUser): string[] {
const permissions: string[] = [];
if (!actor.isSystemAdmin() || !actor.isActive()) {
return permissions;
}
// Base permissions for all admins
permissions.push(
'users.view',
'users.list'
);
// Admin permissions
if (actor.hasRole('admin')) {
permissions.push(
'users.manage',
'users.status.change',
'users.create',
'users.delete'
);
}
// Owner permissions
if (actor.hasRole('owner')) {
permissions.push(
'users.manage',
'users.roles.modify',
'users.status.change',
'users.create',
'users.delete',
'users.export'
);
}
return permissions;
}
/**
* Check if actor has specific permission
*/
static hasPermission(actor: AdminUser, permission: string): boolean {
const permissions = this.getPermissions(actor);
return permissions.includes(permission);
}
/**
* Enforce permission - throws if not authorized
*/
static enforcePermission(actor: AdminUser, permission: string): void {
if (!this.hasPermission(actor, permission)) {
throw new AuthorizationError(
`User ${actor.email.value} does not have permission: ${permission}`
);
}
}
}

95
core/admin/domain/value-objects/Email.test.ts Normal file
View File

@@ -0,0 +1,95 @@
import { Email } from './Email';
describe('Email', () => {
describe('TDD - Test First', () => {
it('should create a valid email from string', () => {
// Arrange & Act
const email = Email.fromString('test@example.com');
// Assert
expect(email.value).toBe('test@example.com');
});
it('should trim whitespace', () => {
// Arrange & Act
const email = Email.fromString(' test@example.com ');
// Assert
expect(email.value).toBe('test@example.com');
});
it('should throw error for empty string', () => {
// Arrange & Act & Assert
expect(() => Email.fromString('')).toThrow('Email cannot be empty');
expect(() => Email.fromString(' ')).toThrow('Email cannot be empty');
});
it('should throw error for null or undefined', () => {
// Arrange & Act & Assert
expect(() => Email.fromString(null as unknown as string)).toThrow('Email cannot be empty');
expect(() => Email.fromString(undefined as unknown as string)).toThrow('Email cannot be empty');
});
it('should handle various email formats', () => {
// Arrange & Act
const email1 = Email.fromString('user@example.com');
const email2 = Email.fromString('user.name@example.com');
const email3 = Email.fromString('user+tag@example.co.uk');
// Assert
expect(email1.value).toBe('user@example.com');
expect(email2.value).toBe('user.name@example.com');
expect(email3.value).toBe('user+tag@example.co.uk');
});
it('should support equals comparison', () => {
// Arrange
const email1 = Email.fromString('test@example.com');
const email2 = Email.fromString('test@example.com');
const email3 = Email.fromString('other@example.com');
// Assert
expect(email1.equals(email2)).toBe(true);
expect(email1.equals(email3)).toBe(false);
});
it('should support toString', () => {
// Arrange
const email = Email.fromString('test@example.com');
// Assert
expect(email.toString()).toBe('test@example.com');
});
it('should handle case sensitivity', () => {
// Arrange & Act
const email1 = Email.fromString('Test@Example.com');
const email2 = Email.fromString('test@example.com');
// Assert - Should preserve case but compare as-is
expect(email1.value).toBe('Test@Example.com');
expect(email2.value).toBe('test@example.com');
});
it('should handle international characters', () => {
// Arrange & Act
const email = Email.fromString('tëst@ëxample.com');
// Assert
expect(email.value).toBe('tëst@ëxample.com');
});
it('should handle very long emails', () => {
// Arrange
const longLocal = 'a'.repeat(100);
const longDomain = 'b'.repeat(100);
const longEmail = `${longLocal}@${longDomain}.com`;
// Act
const email = Email.fromString(longEmail);
// Assert
expect(email.value).toBe(longEmail);
});
});
});

46
core/admin/domain/value-objects/Email.ts Normal file
View File

@@ -0,0 +1,46 @@
import { IValueObject } from '@core/shared/domain';
import { AdminDomainValidationError } from '../errors/AdminDomainError';
export interface EmailProps {
value: string;
}
export class Email implements IValueObject<EmailProps> {
readonly value: string;
private constructor(value: string) {
this.value = value;
}
static create(value: string): Email {
// Handle null/undefined
if (value === null || value === undefined) {
throw new AdminDomainValidationError('Email cannot be empty');
}
const trimmed = value.trim();
if (!trimmed) {
throw new AdminDomainValidationError('Email cannot be empty');
}
// No format validation - accept any non-empty string
return new Email(trimmed);
}
static fromString(value: string): Email {
return this.create(value);
}
get props(): EmailProps {
return { value: this.value };
}
toString(): string {
return this.value;
}
equals(other: IValueObject<EmailProps>): boolean {
return this.value === other.props.value;
}
}

90
core/admin/domain/value-objects/UserId.test.ts Normal file
View File

@@ -0,0 +1,90 @@
import { UserId } from './UserId';
describe('UserId', () => {
describe('TDD - Test First', () => {
it('should create a valid user id from string', () => {
// Arrange & Act
const userId = UserId.fromString('user-123');
// Assert
expect(userId.value).toBe('user-123');
});
it('should trim whitespace', () => {
// Arrange & Act
const userId = UserId.fromString(' user-123 ');
// Assert
expect(userId.value).toBe('user-123');
});
it('should throw error for empty string', () => {
// Arrange & Act & Assert
expect(() => UserId.fromString('')).toThrow('User ID cannot be empty');
expect(() => UserId.fromString(' ')).toThrow('User ID cannot be empty');
});
it('should throw error for null or undefined', () => {
// Arrange & Act & Assert
expect(() => UserId.fromString(null as unknown as string)).toThrow('User ID cannot be empty');
expect(() => UserId.fromString(undefined as unknown as string)).toThrow('User ID cannot be empty');
});
it('should handle special characters', () => {
// Arrange & Act
const userId = UserId.fromString('user-123_test@example');
// Assert
expect(userId.value).toBe('user-123_test@example');
});
it('should support equals comparison', () => {
// Arrange
const userId1 = UserId.fromString('user-123');
const userId2 = UserId.fromString('user-123');
const userId3 = UserId.fromString('user-456');
// Assert
expect(userId1.equals(userId2)).toBe(true);
expect(userId1.equals(userId3)).toBe(false);
});
it('should support toString', () => {
// Arrange
const userId = UserId.fromString('user-123');
// Assert
expect(userId.toString()).toBe('user-123');
});
it('should handle very long IDs', () => {
// Arrange
const longId = 'a'.repeat(1000);
// Act
const userId = UserId.fromString(longId);
// Assert
expect(userId.value).toBe(longId);
});
it('should handle UUID format', () => {
// Arrange
const uuid = '550e8400-e29b-41d4-a716-446655440000';
// Act
const userId = UserId.fromString(uuid);
// Assert
expect(userId.value).toBe(uuid);
});
it('should handle numeric string IDs', () => {
// Arrange & Act
const userId = UserId.fromString('123456');
// Assert
expect(userId.value).toBe('123456');
});
});
});

38
core/admin/domain/value-objects/UserId.ts Normal file
View File

@@ -0,0 +1,38 @@
import { IValueObject } from '@core/shared/domain';
import { AdminDomainValidationError } from '../errors/AdminDomainError';
export interface UserIdProps {
value: string;
}
export class UserId implements IValueObject<UserIdProps> {
readonly value: string;
private constructor(value: string) {
this.value = value;
}
static create(id: string): UserId {
if (!id || id.trim().length === 0) {
throw new AdminDomainValidationError('User ID cannot be empty');
}
return new UserId(id.trim());
}
static fromString(id: string): UserId {
return this.create(id);
}
get props(): UserIdProps {
return { value: this.value };
}
equals(other: IValueObject<UserIdProps>): boolean {
return this.value === other.props.value;
}
toString(): string {
return this.value;
}
}

103
core/admin/domain/value-objects/UserRole.test.ts Normal file
View File

@@ -0,0 +1,103 @@
import { UserRole } from './UserRole';
describe('UserRole', () => {
describe('TDD - Test First', () => {
it('should create a valid role from string', () => {
// Arrange & Act
const role = UserRole.fromString('owner');
// Assert
expect(role.value).toBe('owner');
});
it('should trim whitespace', () => {
// Arrange & Act
const role = UserRole.fromString(' admin ');
// Assert
expect(role.value).toBe('admin');
});
it('should throw error for empty string', () => {
// Arrange & Act & Assert
expect(() => UserRole.fromString('')).toThrow('Role cannot be empty');
expect(() => UserRole.fromString(' ')).toThrow('Role cannot be empty');
});
it('should throw error for null or undefined', () => {
// Arrange & Act & Assert
expect(() => UserRole.fromString(null as unknown as string)).toThrow('Role cannot be empty');
expect(() => UserRole.fromString(undefined as unknown as string)).toThrow('Role cannot be empty');
});
it('should handle all valid roles', () => {
// Arrange & Act
const owner = UserRole.fromString('owner');
const admin = UserRole.fromString('admin');
const user = UserRole.fromString('user');
// Assert
expect(owner.value).toBe('owner');
expect(admin.value).toBe('admin');
expect(user.value).toBe('user');
});
it('should detect system admin roles', () => {
// Arrange
const owner = UserRole.fromString('owner');
const admin = UserRole.fromString('admin');
const user = UserRole.fromString('user');
// Assert
expect(owner.isSystemAdmin()).toBe(true);
expect(admin.isSystemAdmin()).toBe(true);
expect(user.isSystemAdmin()).toBe(false);
});
it('should support equals comparison', () => {
// Arrange
const role1 = UserRole.fromString('owner');
const role2 = UserRole.fromString('owner');
const role3 = UserRole.fromString('admin');
// Assert
expect(role1.equals(role2)).toBe(true);
expect(role1.equals(role3)).toBe(false);
});
it('should support toString', () => {
// Arrange
const role = UserRole.fromString('owner');
// Assert
expect(role.toString()).toBe('owner');
});
it('should handle custom roles', () => {
// Arrange & Act
const customRole = UserRole.fromString('steward');
// Assert
expect(customRole.value).toBe('steward');
expect(customRole.isSystemAdmin()).toBe(false);
});
it('should handle case sensitivity', () => {
// Arrange & Act
const role1 = UserRole.fromString('Owner');
const role2 = UserRole.fromString('owner');
// Assert - Should preserve case but compare as-is
expect(role1.value).toBe('Owner');
expect(role2.value).toBe('owner');
});
it('should handle special characters in role names', () => {
// Arrange & Act
const role = UserRole.fromString('admin-steward');
// Assert
expect(role.value).toBe('admin-steward');
});
});
});

74
core/admin/domain/value-objects/UserRole.ts Normal file
View File

@@ -0,0 +1,74 @@
import { IValueObject } from '@core/shared/domain';
import { AdminDomainValidationError } from '../errors/AdminDomainError';
export type UserRoleValue = string;
export interface UserRoleProps {
value: UserRoleValue;
}
export class UserRole implements IValueObject<UserRoleProps> {
readonly value: UserRoleValue;
private constructor(value: UserRoleValue) {
this.value = value;
}
static create(value: UserRoleValue): UserRole {
// Handle null/undefined
if (value === null || value === undefined) {
throw new AdminDomainValidationError('Role cannot be empty');
}
const trimmed = value.trim();
if (!trimmed) {
throw new AdminDomainValidationError('Role cannot be empty');
}
return new UserRole(trimmed);
}
static fromString(value: string): UserRole {
return this.create(value);
}
get props(): UserRoleProps {
return { value: this.value };
}
toString(): UserRoleValue {
return this.value;
}
equals(other: IValueObject<UserRoleProps>): boolean {
return this.value === other.props.value;
}
/**
* Check if this role is a system administrator role
*/
isSystemAdmin(): boolean {
const lower = this.value.toLowerCase();
return lower === 'owner' || lower === 'admin';
}
/**
* Check if this role has higher authority than another role
*/
hasHigherAuthorityThan(other: UserRole): boolean {
const hierarchy: Record<string, number> = {
user: 0,
admin: 1,
owner: 2,
};
const myValue = this.value.toLowerCase();
const otherValue = other.value.toLowerCase();
const myRank = hierarchy[myValue] ?? 0;
const otherRank = hierarchy[otherValue] ?? 0;
return myRank > otherRank;
}
}

127
core/admin/domain/value-objects/UserStatus.test.ts Normal file
View File

@@ -0,0 +1,127 @@
import { UserStatus } from './UserStatus';
describe('UserStatus', () => {
describe('TDD - Test First', () => {
it('should create a valid status from string', () => {
// Arrange & Act
const status = UserStatus.fromString('active');
// Assert
expect(status.value).toBe('active');
});
it('should trim whitespace', () => {
// Arrange & Act
const status = UserStatus.fromString(' suspended ');
// Assert
expect(status.value).toBe('suspended');
});
it('should throw error for empty string', () => {
// Arrange & Act & Assert
expect(() => UserStatus.fromString('')).toThrow('Status cannot be empty');
expect(() => UserStatus.fromString(' ')).toThrow('Status cannot be empty');
});
it('should throw error for null or undefined', () => {
// Arrange & Act & Assert
expect(() => UserStatus.fromString(null as unknown as string)).toThrow('Status cannot be empty');
expect(() => UserStatus.fromString(undefined as unknown as string)).toThrow('Status cannot be empty');
});
it('should handle all valid statuses', () => {
// Arrange & Act
const active = UserStatus.fromString('active');
const suspended = UserStatus.fromString('suspended');
const deleted = UserStatus.fromString('deleted');
// Assert
expect(active.value).toBe('active');
expect(suspended.value).toBe('suspended');
expect(deleted.value).toBe('deleted');
});
it('should detect active status', () => {
// Arrange
const active = UserStatus.fromString('active');
const suspended = UserStatus.fromString('suspended');
const deleted = UserStatus.fromString('deleted');
// Assert
expect(active.isActive()).toBe(true);
expect(suspended.isActive()).toBe(false);
expect(deleted.isActive()).toBe(false);
});
it('should detect suspended status', () => {
// Arrange
const active = UserStatus.fromString('active');
const suspended = UserStatus.fromString('suspended');
const deleted = UserStatus.fromString('deleted');
// Assert
expect(active.isSuspended()).toBe(false);
expect(suspended.isSuspended()).toBe(true);
expect(deleted.isSuspended()).toBe(false);
});
it('should detect deleted status', () => {
// Arrange
const active = UserStatus.fromString('active');
const suspended = UserStatus.fromString('suspended');
const deleted = UserStatus.fromString('deleted');
// Assert
expect(active.isDeleted()).toBe(false);
expect(suspended.isDeleted()).toBe(false);
expect(deleted.isDeleted()).toBe(true);
});
it('should support equals comparison', () => {
// Arrange
const status1 = UserStatus.fromString('active');
const status2 = UserStatus.fromString('active');
const status3 = UserStatus.fromString('suspended');
// Assert
expect(status1.equals(status2)).toBe(true);
expect(status1.equals(status3)).toBe(false);
});
it('should support toString', () => {
// Arrange
const status = UserStatus.fromString('active');
// Assert
expect(status.toString()).toBe('active');
});
it('should handle custom statuses', () => {
// Arrange & Act
const customStatus = UserStatus.fromString('pending');
// Assert
expect(customStatus.value).toBe('pending');
expect(customStatus.isActive()).toBe(false);
});
it('should handle case sensitivity', () => {
// Arrange & Act
const status1 = UserStatus.fromString('Active');
const status2 = UserStatus.fromString('active');
// Assert - Should preserve case but compare as-is
expect(status1.value).toBe('Active');
expect(status2.value).toBe('active');
});
it('should handle special characters in status names', () => {
// Arrange & Act
const status = UserStatus.fromString('under-review');
// Assert
expect(status.value).toBe('under-review');
});
});
});

59
core/admin/domain/value-objects/UserStatus.ts Normal file
View File

@@ -0,0 +1,59 @@
import { IValueObject } from '@core/shared/domain';
import { AdminDomainValidationError } from '../errors/AdminDomainError';
export type UserStatusValue = string;
export interface UserStatusProps {
value: UserStatusValue;
}
export class UserStatus implements IValueObject<UserStatusProps> {
readonly value: UserStatusValue;
private constructor(value: UserStatusValue) {
this.value = value;
}
static create(value: UserStatusValue): UserStatus {
// Handle null/undefined
if (value === null || value === undefined) {
throw new AdminDomainValidationError('Status cannot be empty');
}
const trimmed = value.trim();
if (!trimmed) {
throw new AdminDomainValidationError('Status cannot be empty');
}
return new UserStatus(trimmed);
}
static fromString(value: string): UserStatus {
return this.create(value);
}
get props(): UserStatusProps {
return { value: this.value };
}
toString(): UserStatusValue {
return this.value;
}
equals(other: IValueObject<UserStatusProps>): boolean {
return this.value === other.props.value;
}
isActive(): boolean {
return this.value === 'active';
}
isSuspended(): boolean {
return this.value === 'suspended';
}
isDeleted(): boolean {
return this.value === 'deleted';
}
}

790
core/admin/infrastructure/persistence/InMemoryAdminUserRepository.test.ts Normal file
View File

@@ -0,0 +1,790 @@
import { InMemoryAdminUserRepository } from './InMemoryAdminUserRepository';
import { AdminUser } from '../../domain/entities/AdminUser';
import { UserRole } from '../../domain/value-objects/UserRole';
import { UserStatus } from '../../domain/value-objects/UserStatus';
describe('InMemoryAdminUserRepository', () => {
describe('TDD - Test First', () => {
let repository: InMemoryAdminUserRepository;
beforeEach(() => {
repository = new InMemoryAdminUserRepository();
});
describe('create', () => {
it('should create a new user', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Act
const result = await repository.create(user);
// Assert
expect(result).toStrictEqual(user);
const found = await repository.findById(user.id);
expect(found).toStrictEqual(user);
});
it('should throw error when creating user with duplicate email', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'test@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
// Act & Assert
await expect(repository.create(user2)).rejects.toThrow('Email already exists');
});
it('should throw error when creating user with duplicate ID', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-1',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
// Act & Assert
await expect(repository.create(user2)).rejects.toThrow('User ID already exists');
});
});
describe('findById', () => {
it('should find user by ID', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
await repository.create(user);
// Act
const found = await repository.findById(user.id);
// Assert
expect(found).toStrictEqual(user);
});
it('should return null for non-existent user', async () => {
// Arrange
const nonExistentId = AdminUser.create({
id: 'non-existent',
email: 'dummy@example.com',
displayName: 'Dummy',
roles: ['user'],
status: 'active',
}).id;
// Act
const found = await repository.findById(nonExistentId);
// Assert
expect(found).toBeNull();
});
});
describe('findByEmail', () => {
it('should find user by email', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
await repository.create(user);
// Act
const found = await repository.findByEmail(user.email);
// Assert
expect(found).toStrictEqual(user);
});
it('should return null for non-existent email', async () => {
// Arrange
const nonExistentEmail = AdminUser.create({
id: 'dummy',
email: 'non-existent@example.com',
displayName: 'Dummy',
roles: ['user'],
status: 'active',
}).email;
// Act
const found = await repository.findByEmail(nonExistentEmail);
// Assert
expect(found).toBeNull();
});
});
describe('emailExists', () => {
it('should return true when email exists', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-123',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
await repository.create(user);
// Act
const exists = await repository.emailExists(user.email);
// Assert
expect(exists).toBe(true);
});
it('should return false when email does not exist', async () => {
// Arrange
const nonExistentEmail = AdminUser.create({
id: 'dummy',
email: 'non-existent@example.com',
displayName: 'Dummy',
roles: ['user'],
status: 'active',
}).email;
// Act
const exists = await repository.emailExists(nonExistentEmail);
// Assert
expect(exists).toBe(false);
});
});
describe('list', () => {
it('should return empty list when no users exist', async () => {
// Act
const result = await repository.list({});
// Assert
expect(result.users).toEqual([]);
expect(result.total).toBe(0);
expect(result.page).toBe(1);
expect(result.limit).toBe(10);
expect(result.totalPages).toBe(0);
});
it('should return all users when no filters provided', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['admin'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act
const result = await repository.list({});
// Assert
expect(result.users).toHaveLength(2);
expect(result.total).toBe(2);
expect(result.page).toBe(1);
expect(result.limit).toBe(10);
expect(result.totalPages).toBe(1);
});
it('should filter by role', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const admin1 = AdminUser.create({
id: 'admin-1',
email: 'admin1@example.com',
displayName: 'Admin 1',
roles: ['admin'],
status: 'active',
});
await repository.create(user1);
await repository.create(admin1);
// Act
const result = await repository.list({
filter: { role: UserRole.fromString('admin') },
});
// Assert
expect(result.users).toHaveLength(1);
expect(result.users[0]?.id.value).toBe('admin-1');
expect(result.total).toBe(1);
});
it('should filter by status', async () => {
// Arrange
const activeUser = AdminUser.create({
id: 'user-1',
email: 'active@example.com',
displayName: 'Active User',
roles: ['user'],
status: 'active',
});
const suspendedUser = AdminUser.create({
id: 'user-2',
email: 'suspended@example.com',
displayName: 'Suspended User',
roles: ['user'],
status: 'suspended',
});
await repository.create(activeUser);
await repository.create(suspendedUser);
// Act
const result = await repository.list({
filter: { status: UserStatus.fromString('suspended') },
});
// Assert
expect(result.users).toHaveLength(1);
expect(result.users[0]?.id.value).toBe('user-2');
expect(result.total).toBe(1);
});
it('should filter by email', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'other@example.com',
displayName: 'Other User',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act
const result = await repository.list({
filter: { email: user1.email },
});
// Assert
expect(result.users).toHaveLength(1);
expect(result.users[0]?.id.value).toBe('user-1');
expect(result.total).toBe(1);
});
it('should filter by search (email or display name)', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'search@example.com',
displayName: 'Search User',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'other@example.com',
displayName: 'Other User',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act
const result = await repository.list({
filter: { search: 'search' },
});
// Assert
expect(result.users).toHaveLength(1);
expect(result.users[0]?.id.value).toBe('user-1');
expect(result.total).toBe(1);
});
it('should apply pagination', async () => {
// Arrange - Create 15 users
for (let i = 1; i <= 15; i++) {
const user = AdminUser.create({
id: `user-${i}`,
email: `user${i}@example.com`,
displayName: `User ${i}`,
roles: ['user'],
status: 'active',
});
await repository.create(user);
}
// Act - Get page 2 with limit 5
const result = await repository.list({
pagination: { page: 2, limit: 5 },
});
// Assert
expect(result.users).toHaveLength(5);
expect(result.total).toBe(15);
expect(result.page).toBe(2);
expect(result.limit).toBe(5);
expect(result.totalPages).toBe(3);
expect(result.users[0]?.id.value).toBe('user-6');
});
it('should sort by email ascending', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'zebra@example.com',
displayName: 'Zebra',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'alpha@example.com',
displayName: 'Alpha',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act
const result = await repository.list({
sort: { field: 'email', direction: 'asc' },
});
// Assert
expect(result.users).toHaveLength(2);
expect(result.users[0]?.id.value).toBe('user-2');
expect(result.users[1]?.id.value).toBe('user-1');
});
it('should sort by display name descending', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'Zebra',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'Alpha',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act
const result = await repository.list({
sort: { field: 'displayName', direction: 'desc' },
});
// Assert
expect(result.users).toHaveLength(2);
expect(result.users[0]?.id.value).toBe('user-1');
expect(result.users[1]?.id.value).toBe('user-2');
});
it('should apply multiple filters together', async () => {
// Arrange
const matchingUser = AdminUser.create({
id: 'user-1',
email: 'admin@example.com',
displayName: 'Admin User',
roles: ['admin'],
status: 'active',
});
const nonMatchingUser1 = AdminUser.create({
id: 'user-2',
email: 'user@example.com',
displayName: 'User',
roles: ['user'],
status: 'active',
});
const nonMatchingUser2 = AdminUser.create({
id: 'user-3',
email: 'admin-suspended@example.com',
displayName: 'Admin User',
roles: ['admin'],
status: 'suspended',
});
await repository.create(matchingUser);
await repository.create(nonMatchingUser1);
await repository.create(nonMatchingUser2);
// Act
const result = await repository.list({
filter: {
role: UserRole.fromString('admin'),
status: UserStatus.fromString('active'),
search: 'admin',
},
});
// Assert
expect(result.users).toHaveLength(1);
expect(result.users[0]?.id.value).toBe('user-1');
expect(result.total).toBe(1);
});
});
describe('count', () => {
it('should return 0 when no users exist', async () => {
// Act
const count = await repository.count();
// Assert
expect(count).toBe(0);
});
it('should return correct count of all users', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['admin'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act
const count = await repository.count();
// Assert
expect(count).toBe(2);
});
it('should count with filters', async () => {
// Arrange
const activeUser = AdminUser.create({
id: 'user-1',
email: 'active@example.com',
displayName: 'Active User',
roles: ['user'],
status: 'active',
});
const suspendedUser = AdminUser.create({
id: 'user-2',
email: 'suspended@example.com',
displayName: 'Suspended User',
roles: ['user'],
status: 'suspended',
});
await repository.create(activeUser);
await repository.create(suspendedUser);
// Act
const count = await repository.count({
status: UserStatus.fromString('active'),
});
// Assert
expect(count).toBe(1);
});
});
describe('update', () => {
it('should update existing user', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
await repository.create(user);
// Act
user.updateDisplayName('Updated Name');
const updated = await repository.update(user);
// Assert
expect(updated.displayName).toBe('Updated Name');
const found = await repository.findById(user.id);
expect(found?.displayName).toBe('Updated Name');
});
it('should throw error when updating non-existent user', async () => {
// Arrange
const user = AdminUser.create({
id: 'non-existent',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
// Act & Assert
await expect(repository.update(user)).rejects.toThrow('User not found');
});
it('should throw error when updating with duplicate email', async () => {
// Arrange
const user1 = AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User 1',
roles: ['user'],
status: 'active',
});
const user2 = AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User 2',
roles: ['user'],
status: 'active',
});
await repository.create(user1);
await repository.create(user2);
// Act - Try to change user2's email to user1's email
user2.updateEmail(user1.email);
// Assert
await expect(repository.update(user2)).rejects.toThrow('Email already exists');
});
});
describe('delete', () => {
it('should delete existing user', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
await repository.create(user);
// Act
await repository.delete(user.id);
// Assert
const found = await repository.findById(user.id);
expect(found).toBeNull();
});
it('should throw error when deleting non-existent user', async () => {
// Arrange
const nonExistentId = AdminUser.create({
id: 'non-existent',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
}).id;
// Act & Assert
await expect(repository.delete(nonExistentId)).rejects.toThrow('User not found');
});
it('should reduce count after deletion', async () => {
// Arrange
const user = AdminUser.create({
id: 'user-1',
email: 'test@example.com',
displayName: 'Test User',
roles: ['user'],
status: 'active',
});
await repository.create(user);
const initialCount = await repository.count();
// Act
await repository.delete(user.id);
// Assert
const finalCount = await repository.count();
expect(finalCount).toBe(initialCount - 1);
});
});
describe('integration scenarios', () => {
it('should handle complete user lifecycle', async () => {
// Arrange - Create user
const user = AdminUser.create({
id: 'user-1',
email: 'lifecycle@example.com',
displayName: 'Lifecycle User',
roles: ['user'],
status: 'active',
});
// Act - Create
await repository.create(user);
let found = await repository.findById(user.id);
expect(found).toStrictEqual(user);
// Act - Update
user.updateDisplayName('Updated Lifecycle');
user.addRole(UserRole.fromString('admin'));
await repository.update(user);
found = await repository.findById(user.id);
expect(found?.displayName).toBe('Updated Lifecycle');
expect(found?.hasRole('admin')).toBe(true);
// Act - Delete
await repository.delete(user.id);
found = await repository.findById(user.id);
expect(found).toBeNull();
});
it('should handle complex filtering and pagination', async () => {
// Arrange - Create mixed users
const users = [
AdminUser.create({
id: 'owner-1',
email: 'owner@example.com',
displayName: 'Owner User',
roles: ['owner'],
status: 'active',
}),
AdminUser.create({
id: 'admin-1',
email: 'admin1@example.com',
displayName: 'Admin One',
roles: ['admin'],
status: 'active',
}),
AdminUser.create({
id: 'admin-2',
email: 'admin2@example.com',
displayName: 'Admin Two',
roles: ['admin'],
status: 'suspended',
}),
AdminUser.create({
id: 'user-1',
email: 'user1@example.com',
displayName: 'User One',
roles: ['user'],
status: 'active',
}),
AdminUser.create({
id: 'user-2',
email: 'user2@example.com',
displayName: 'User Two',
roles: ['user'],
status: 'active',
}),
];
for (const user of users) {
await repository.create(user);
}
// Act - Get active admins, sorted by email, page 1, limit 2
const result = await repository.list({
filter: {
role: UserRole.fromString('admin'),
status: UserStatus.fromString('active'),
},
sort: { field: 'email', direction: 'asc' },
pagination: { page: 1, limit: 2 },
});
// Assert
expect(result.users).toHaveLength(1);
expect(result.users[0]?.id.value).toBe('admin-1');
expect(result.total).toBe(1);
expect(result.totalPages).toBe(1);
});
});
});
});

257
core/admin/infrastructure/persistence/InMemoryAdminUserRepository.ts Normal file
View File

@@ -0,0 +1,257 @@
import { IAdminUserRepository, UserFilter, UserListQuery, UserListResult, StoredAdminUser } from '../../domain/repositories/IAdminUserRepository';
import { AdminUser } from '../../domain/entities/AdminUser';
import { UserId } from '../../domain/value-objects/UserId';
import { Email } from '../../domain/value-objects/Email';
/**
* In-memory implementation of AdminUserRepository for testing and development
* Follows TDD - created with tests first
*/
export class InMemoryAdminUserRepository implements IAdminUserRepository {
private storage: Map<string, StoredAdminUser> = new Map();
async findById(id: UserId): Promise<AdminUser | null> {
const stored = this.storage.get(id.value);
return stored ? this.fromStored(stored) : null;
}
async findByEmail(email: Email): Promise<AdminUser | null> {
for (const stored of this.storage.values()) {
if (stored.email === email.value) {
return this.fromStored(stored);
}
}
return null;
}
async emailExists(email: Email): Promise<boolean> {
for (const stored of this.storage.values()) {
if (stored.email === email.value) {
return true;
}
}
return false;
}
async existsById(id: UserId): Promise<boolean> {
return this.storage.has(id.value);
}
async existsByEmail(email: Email): Promise<boolean> {
return this.emailExists(email);
}
async list(query?: UserListQuery): Promise<UserListResult> {
let users: AdminUser[] = [];
// Get all users
for (const stored of this.storage.values()) {
users.push(this.fromStored(stored));
}
// Apply filters
if (query?.filter) {
users = users.filter(user => {
if (query.filter?.role && !user.roles.some(r => r.equals(query.filter!.role!))) {
return false;
}
if (query.filter?.status && !user.status.equals(query.filter.status)) {
return false;
}
if (query.filter?.email && !user.email.equals(query.filter.email)) {
return false;
}
if (query.filter?.search) {
const search = query.filter.search.toLowerCase();
const matchesEmail = user.email.value.toLowerCase().includes(search);
const matchesDisplayName = user.displayName.toLowerCase().includes(search);
if (!matchesEmail && !matchesDisplayName) {
return false;
}
}
return true;
});
}
const total = users.length;
// Apply sorting
if (query?.sort) {
const { field, direction } = query.sort;
users.sort((a, b) => {
let aVal: string | number | Date;
let bVal: string | number | Date;
switch (field) {
case 'email':
aVal = a.email.value;
bVal = b.email.value;
break;
case 'displayName':
aVal = a.displayName;
bVal = b.displayName;
break;
case 'createdAt':
aVal = a.createdAt;
bVal = b.createdAt;
break;
case 'lastLoginAt':
aVal = a.lastLoginAt || 0;
bVal = b.lastLoginAt || 0;
break;
case 'status':
aVal = a.status.value;
bVal = b.status.value;
break;
default:
return 0;
}
if (aVal < bVal) return direction === 'asc' ? -1 : 1;
if (aVal > bVal) return direction === 'asc' ? 1 : -1;
return 0;
});
}
// Apply pagination
const page = query?.pagination?.page || 1;
const limit = query?.pagination?.limit || 10;
const totalPages = Math.ceil(total / limit);
const start = (page - 1) * limit;
const end = start + limit;
const paginatedUsers = users.slice(start, end);
return {
users: paginatedUsers,
total,
page,
limit,
totalPages,
};
}
async count(filter?: UserFilter): Promise<number> {
let count = 0;
for (const stored of this.storage.values()) {
const user = this.fromStored(stored);
if (filter?.role && !user.roles.some(r => r.equals(filter.role!))) {
continue;
}
if (filter?.status && !user.status.equals(filter.status)) {
continue;
}
if (filter?.email && !user.email.equals(filter.email)) {
continue;
}
if (filter?.search) {
const search = filter.search.toLowerCase();
const matchesEmail = user.email.value.toLowerCase().includes(search);
const matchesDisplayName = user.displayName.toLowerCase().includes(search);
if (!matchesEmail && !matchesDisplayName) {
continue;
}
}
count++;
}
return count;
}
async create(user: AdminUser): Promise<AdminUser> {
// Check for duplicate email
if (await this.emailExists(user.email)) {
throw new Error('Email already exists');
}
// Check for duplicate ID
if (this.storage.has(user.id.value)) {
throw new Error('User ID already exists');
}
const stored = this.toStored(user);
this.storage.set(user.id.value, stored);
return user;
}
async update(user: AdminUser): Promise<AdminUser> {
// Check if user exists
if (!this.storage.has(user.id.value)) {
throw new Error('User not found');
}
// Check for duplicate email (excluding current user)
for (const [id, stored] of this.storage.entries()) {
if (id !== user.id.value && stored.email === user.email.value) {
throw new Error('Email already exists');
}
}
const stored = this.toStored(user);
this.storage.set(user.id.value, stored);
return user;
}
async delete(id: UserId): Promise<void> {
if (!this.storage.has(id.value)) {
throw new Error('User not found');
}
this.storage.delete(id.value);
}
toStored(user: AdminUser): StoredAdminUser {
const stored: StoredAdminUser = {
id: user.id.value,
email: user.email.value,
roles: user.roles.map(r => r.value),
status: user.status.value,
displayName: user.displayName,
createdAt: user.createdAt,
updatedAt: user.updatedAt,
};
if (user.lastLoginAt !== undefined) {
stored.lastLoginAt = user.lastLoginAt;
}
if (user.primaryDriverId !== undefined) {
stored.primaryDriverId = user.primaryDriverId;
}
return stored;
}
fromStored(stored: StoredAdminUser): AdminUser {
const props: {
id: string;
email: string;
roles: string[];
status: string;
displayName: string;
createdAt: Date;
updatedAt: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
} = {
id: stored.id,
email: stored.email,
roles: stored.roles,
status: stored.status,
displayName: stored.displayName,
createdAt: stored.createdAt,
updatedAt: stored.updatedAt,
};
if (stored.lastLoginAt !== undefined) {
props.lastLoginAt = stored.lastLoginAt;
}
if (stored.primaryDriverId !== undefined) {
props.primaryDriverId = stored.primaryDriverId;
}
return AdminUser.rehydrate(props);
}
}

32
core/admin/infrastructure/typeorm/entities/AdminUserOrmEntity.ts Normal file
View File

@@ -0,0 +1,32 @@
import { Column, CreateDateColumn, Entity, Index, PrimaryColumn, UpdateDateColumn } from 'typeorm';
@Entity({ name: 'admin_users' })
export class AdminUserOrmEntity {
@PrimaryColumn({ type: 'uuid' })
id!: string;
@Index()
@Column({ type: 'text', unique: true })
email!: string;
@Column({ type: 'text' })
displayName!: string;
@Column({ type: 'jsonb' })
roles!: string[];
@Column({ type: 'text' })
status!: string;
@Column({ type: 'text', nullable: true })
primaryDriverId?: string;
@Column({ type: 'timestamptz', nullable: true })
lastLoginAt?: Date;
@CreateDateColumn({ type: 'timestamptz' })
createdAt!: Date;
@UpdateDateColumn({ type: 'timestamptz' })
updatedAt!: Date;
}

13
core/admin/infrastructure/typeorm/errors/TypeOrmAdminSchemaError.ts Normal file
View File

@@ -0,0 +1,13 @@
export class TypeOrmAdminSchemaError extends Error {
constructor(
public details: {
entityName: string;
fieldName: string;
reason: string;
message: string;
},
) {
super(`[TypeOrmAdminSchemaError] ${details.entityName}.${details.fieldName}: ${details.reason} - ${details.message}`);
this.name = 'TypeOrmAdminSchemaError';
}
}

95
core/admin/infrastructure/typeorm/mappers/AdminUserOrmMapper.ts Normal file
View File

@@ -0,0 +1,95 @@
import { AdminUser } from '@core/admin/domain/entities/AdminUser';
import { AdminUserOrmEntity } from '../entities/AdminUserOrmEntity';
import { TypeOrmAdminSchemaError } from '../errors/TypeOrmAdminSchemaError';
import {
assertNonEmptyString,
assertStringArray,
assertDate,
assertOptionalDate,
assertOptionalString,
} from '../schema/TypeOrmAdminSchemaGuards';
export class AdminUserOrmMapper {
toDomain(entity: AdminUserOrmEntity): AdminUser {
const entityName = 'AdminUser';
try {
assertNonEmptyString(entityName, 'id', entity.id);
assertNonEmptyString(entityName, 'email', entity.email);
assertNonEmptyString(entityName, 'displayName', entity.displayName);
assertStringArray(entityName, 'roles', entity.roles);
assertNonEmptyString(entityName, 'status', entity.status);
assertOptionalString(entityName, 'primaryDriverId', entity.primaryDriverId);
assertOptionalDate(entityName, 'lastLoginAt', entity.lastLoginAt);
assertDate(entityName, 'createdAt', entity.createdAt);
assertDate(entityName, 'updatedAt', entity.updatedAt);
} catch (error) {
if (error instanceof TypeOrmAdminSchemaError) {
throw error;
}
const message = error instanceof Error ? error.message : 'Invalid persisted AdminUser';
throw new TypeOrmAdminSchemaError({ entityName, fieldName: 'unknown', reason: 'invalid_shape', message });
}
try {
const domainProps: {
id: string;
email: string;
displayName: string;
roles: string[];
status: string;
createdAt: Date;
updatedAt: Date;
primaryDriverId?: string;
lastLoginAt?: Date;
} = {
id: entity.id,
email: entity.email,
displayName: entity.displayName,
roles: entity.roles,
status: entity.status,
createdAt: entity.createdAt,
updatedAt: entity.updatedAt,
};
if (entity.primaryDriverId !== null && entity.primaryDriverId !== undefined) {
domainProps.primaryDriverId = entity.primaryDriverId;
}
if (entity.lastLoginAt !== null && entity.lastLoginAt !== undefined) {
domainProps.lastLoginAt = entity.lastLoginAt;
}
return AdminUser.create(domainProps);
} catch (error) {
const message = error instanceof Error ? error.message : 'Invalid persisted AdminUser';
throw new TypeOrmAdminSchemaError({ entityName, fieldName: 'unknown', reason: 'invalid_shape', message });
}
}
toOrmEntity(adminUser: AdminUser): AdminUserOrmEntity {
const entity = new AdminUserOrmEntity();
entity.id = adminUser.id.value;
entity.email = adminUser.email.value;
entity.displayName = adminUser.displayName;
entity.roles = adminUser.roles.map(r => r.value);
entity.status = adminUser.status.value;
entity.createdAt = adminUser.createdAt;
entity.updatedAt = adminUser.updatedAt;
if (adminUser.primaryDriverId !== undefined) {
entity.primaryDriverId = adminUser.primaryDriverId;
}
if (adminUser.lastLoginAt !== undefined) {
entity.lastLoginAt = adminUser.lastLoginAt;
}
return entity;
}
toStored(entity: AdminUserOrmEntity): AdminUser {
return this.toDomain(entity);
}
}

1017
core/admin/infrastructure/typeorm/repositories/TypeOrmAdminUserRepository.test.ts Normal file
View File

File diff suppressed because it is too large Load Diff

184
core/admin/infrastructure/typeorm/repositories/TypeOrmAdminUserRepository.ts Normal file
View File

@@ -0,0 +1,184 @@
import type { DataSource, Repository } from 'typeorm';
import type { IAdminUserRepository, UserListQuery, UserListResult, UserFilter, StoredAdminUser } from '@core/admin/domain/repositories/IAdminUserRepository';
import { AdminUser } from '@core/admin/domain/entities/AdminUser';
import { AdminUserOrmEntity } from '../entities/AdminUserOrmEntity';
import { AdminUserOrmMapper } from '../mappers/AdminUserOrmMapper';
import { Email } from '@core/admin/domain/value-objects/Email';
import { UserId } from '@core/admin/domain/value-objects/UserId';
export class TypeOrmAdminUserRepository implements IAdminUserRepository {
private readonly repository: Repository<AdminUserOrmEntity>;
private readonly mapper: AdminUserOrmMapper;
constructor(
dataSource: DataSource,
mapper?: AdminUserOrmMapper,
) {
this.repository = dataSource.getRepository(AdminUserOrmEntity);
this.mapper = mapper ?? new AdminUserOrmMapper();
}
async save(user: AdminUser): Promise<void> {
const entity = this.mapper.toOrmEntity(user);
await this.repository.save(entity);
}
async findById(id: UserId): Promise<AdminUser | null> {
const entity = await this.repository.findOne({ where: { id: id.value } });
return entity ? this.mapper.toDomain(entity) : null;
}
async findByEmail(email: Email): Promise<AdminUser | null> {
const entity = await this.repository.findOne({ where: { email: email.value } });
return entity ? this.mapper.toDomain(entity) : null;
}
async emailExists(email: Email): Promise<boolean> {
const count = await this.repository.count({ where: { email: email.value } });
return count > 0;
}
async existsById(id: UserId): Promise<boolean> {
const count = await this.repository.count({ where: { id: id.value } });
return count > 0;
}
async existsByEmail(email: Email): Promise<boolean> {
return this.emailExists(email);
}
async list(query?: UserListQuery): Promise<UserListResult> {
const page = query?.pagination?.page ?? 1;
const limit = query?.pagination?.limit ?? 10;
const skip = (page - 1) * limit;
const sortBy = query?.sort?.field ?? 'createdAt';
const sortOrder = query?.sort?.direction ?? 'desc';
const where: Record<string, unknown> = {};
if (query?.filter?.role) {
where.roles = { $contains: [query.filter.role.value] };
}
if (query?.filter?.status) {
where.status = query.filter.status.value;
}
if (query?.filter?.search) {
where.email = this.repository.manager.connection
.createQueryBuilder()
.where('email ILIKE :search', { search: `%${query.filter.search}%` })
.orWhere('displayName ILIKE :search', { search: `%${query.filter.search}%` })
.getQuery();
}
const [entities, total] = await this.repository.findAndCount({
where,
skip,
take: limit,
order: { [sortBy]: sortOrder },
});
const users = entities.map(entity => this.mapper.toDomain(entity));
return {
users,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
async count(filter?: UserFilter): Promise<number> {
const where: Record<string, unknown> = {};
if (filter?.role) {
where.roles = { $contains: [filter.role.value] };
}
if (filter?.status) {
where.status = filter.status.value;
}
if (filter?.search) {
where.email = this.repository.manager.connection
.createQueryBuilder()
.where('email ILIKE :search', { search: `%${filter.search}%` })
.orWhere('displayName ILIKE :search', { search: `%${filter.search}%` })
.getQuery();
}
return await this.repository.count({ where });
}
async create(user: AdminUser): Promise<AdminUser> {
const entity = this.mapper.toOrmEntity(user);
const saved = await this.repository.save(entity);
return this.mapper.toDomain(saved);
}
async update(user: AdminUser): Promise<AdminUser> {
const entity = this.mapper.toOrmEntity(user);
const updated = await this.repository.save(entity);
return this.mapper.toDomain(updated);
}
async delete(id: UserId): Promise<void> {
await this.repository.delete({ id: id.value });
}
toStored(user: AdminUser): StoredAdminUser {
const stored: StoredAdminUser = {
id: user.id.value,
email: user.email.value,
roles: user.roles.map(r => r.value),
status: user.status.value,
displayName: user.displayName,
createdAt: user.createdAt,
updatedAt: user.updatedAt,
};
if (user.lastLoginAt !== undefined) {
stored.lastLoginAt = user.lastLoginAt;
}
if (user.primaryDriverId !== undefined) {
stored.primaryDriverId = user.primaryDriverId;
}
return stored;
}
fromStored(stored: StoredAdminUser): AdminUser {
const props: {
id: string;
email: string;
roles: string[];
status: string;
displayName: string;
createdAt: Date;
updatedAt: Date;
lastLoginAt?: Date;
primaryDriverId?: string;
} = {
id: stored.id,
email: stored.email,
roles: stored.roles,
status: stored.status,
displayName: stored.displayName,
createdAt: stored.createdAt,
updatedAt: stored.updatedAt,
};
if (stored.lastLoginAt !== undefined) {
props.lastLoginAt = stored.lastLoginAt;
}
if (stored.primaryDriverId !== undefined) {
props.primaryDriverId = stored.primaryDriverId;
}
return AdminUser.rehydrate(props);
}
}

55
core/admin/infrastructure/typeorm/schema/TypeOrmAdminSchemaGuards.ts Normal file
View File

@@ -0,0 +1,55 @@
import { TypeOrmAdminSchemaError } from '../errors/TypeOrmAdminSchemaError';
export function assertNonEmptyString(entityName: string, fieldName: string, value: unknown): void {
if (typeof value !== 'string' || value.trim().length === 0) {
throw new TypeOrmAdminSchemaError({
entityName,
fieldName,
reason: 'INVALID_STRING',
message: `Field ${fieldName} must be a non-empty string`,
});
}
}
export function assertStringArray(entityName: string, fieldName: string, value: unknown): void {
if (!Array.isArray(value) || !value.every(item => typeof item === 'string')) {
throw new TypeOrmAdminSchemaError({
entityName,
fieldName,
reason: 'INVALID_STRING_ARRAY',
message: `Field ${fieldName} must be an array of strings`,
});
}
}
export function assertDate(entityName: string, fieldName: string, value: unknown): void {
if (!(value instanceof Date) || isNaN(value.getTime())) {
throw new TypeOrmAdminSchemaError({
entityName,
fieldName,
reason: 'INVALID_DATE',
message: `Field ${fieldName} must be a valid Date`,
});
}
}
export function assertOptionalDate(entityName: string, fieldName: string, value: unknown): void {
if (value === null || value === undefined) {
return;
}
assertDate(entityName, fieldName, value);
}
export function assertOptionalString(entityName: string, fieldName: string, value: unknown): void {
if (value === null || value === undefined) {
return;
}
if (typeof value !== 'string') {
throw new TypeOrmAdminSchemaError({
entityName,
fieldName,
reason: 'INVALID_OPTIONAL_STRING',
message: `Field ${fieldName} must be a string or undefined`,
});
}
}

68
core/identity/application/queries/GetLeagueEligibilityPreviewQuery.test.ts
View File

@@ -2,25 +2,37 @@
* Tests for GetLeagueEligibilityPreviewQuery * Tests for GetLeagueEligibilityPreviewQuery
*/ */
import { GetLeagueEligibilityPreviewQuery, GetLeagueEligibilityPreviewQueryHandler } from './GetLeagueEligibilityPreviewQuery';
import { UserRating } from '../../domain/value-objects/UserRating';
import { ExternalGameRatingProfile } from '../../domain/entities/ExternalGameRatingProfile'; import { ExternalGameRatingProfile } from '../../domain/entities/ExternalGameRatingProfile';
import { GameKey } from '../../domain/value-objects/GameKey';
import { ExternalRating } from '../../domain/value-objects/ExternalRating'; import { ExternalRating } from '../../domain/value-objects/ExternalRating';
import { ExternalRatingProvenance } from '../../domain/value-objects/ExternalRatingProvenance'; import { ExternalRatingProvenance } from '../../domain/value-objects/ExternalRatingProvenance';
import { GameKey } from '../../domain/value-objects/GameKey';
import { UserRating } from '../../domain/value-objects/UserRating';
import { UserId } from '../../domain/value-objects/UserId';
import { GetLeagueEligibilityPreviewQuery, GetLeagueEligibilityPreviewQueryHandler } from './GetLeagueEligibilityPreviewQuery';
import { IUserRatingRepository } from '../../domain/repositories/IUserRatingRepository';
import { IExternalGameRatingRepository } from '../../domain/repositories/IExternalGameRatingRepository';
describe('GetLeagueEligibilityPreviewQuery', () => { describe('GetLeagueEligibilityPreviewQuery', () => {
let mockUserRatingRepo: any; let mockUserRatingRepo: IUserRatingRepository;
let mockExternalRatingRepo: any; let mockExternalRatingRepo: IExternalGameRatingRepository;
let handler: GetLeagueEligibilityPreviewQueryHandler; let handler: GetLeagueEligibilityPreviewQueryHandler;
beforeEach(() => { beforeEach(() => {
mockUserRatingRepo = { mockUserRatingRepo = {
findByUserId: jest.fn(), findByUserId: vi.fn(),
}; save: vi.fn(),
} as unknown as IUserRatingRepository;
mockExternalRatingRepo = { mockExternalRatingRepo = {
findByUserId: jest.fn(), findByUserId: vi.fn(),
}; findByUserIdAndGameKey: vi.fn(),
findByGameKey: vi.fn(),
save: vi.fn(),
saveMany: vi.fn(),
delete: vi.fn(),
exists: vi.fn(),
findProfilesPaginated: vi.fn(),
} as unknown as IExternalGameRatingRepository;
handler = new GetLeagueEligibilityPreviewQueryHandler( handler = new GetLeagueEligibilityPreviewQueryHandler(
mockUserRatingRepo, mockUserRatingRepo,
@@ -37,8 +49,8 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const userRating = UserRating.create(userId); const userRating = UserRating.create(userId);
// Update driving to 65 // Update driving to 65
const updatedRating = userRating.updateDriverRating(65); const updatedRating = userRating.updateDriverRating(65);
mockUserRatingRepo.findByUserId.mockResolvedValue(updatedRating); vi.mocked(mockUserRatingRepo.findByUserId).mockResolvedValue(updatedRating);
mockExternalRatingRepo.findByUserId.mockResolvedValue([]); vi.mocked(mockExternalRatingRepo.findByUserId).mockResolvedValue([]);
const query: GetLeagueEligibilityPreviewQuery = { const query: GetLeagueEligibilityPreviewQuery = {
userId, userId,
@@ -50,8 +62,8 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
expect(result.eligible).toBe(true); expect(result.eligible).toBe(true);
expect(result.reasons).toHaveLength(1); expect(result.reasons).toHaveLength(1);
expect(result.reasons[0].target).toBe('platform.driving'); expect(result.reasons[0]!.target).toBe('platform.driving');
expect(result.reasons[0].failed).toBe(false); expect(result.reasons[0]!.failed).toBe(false);
}); });
it('should evaluate simple platform eligibility - not eligible', async () => { it('should evaluate simple platform eligibility - not eligible', async () => {
@@ -61,8 +73,8 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const userRating = UserRating.create(userId); const userRating = UserRating.create(userId);
// Driving is 50 by default // Driving is 50 by default
mockUserRatingRepo.findByUserId.mockResolvedValue(userRating); vi.mocked(mockUserRatingRepo.findByUserId).mockResolvedValue(userRating);
mockExternalRatingRepo.findByUserId.mockResolvedValue([]); vi.mocked(mockExternalRatingRepo.findByUserId).mockResolvedValue([]);
const query: GetLeagueEligibilityPreviewQuery = { const query: GetLeagueEligibilityPreviewQuery = {
userId, userId,
@@ -73,7 +85,7 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const result = await handler.execute(query); const result = await handler.execute(query);
expect(result.eligible).toBe(false); expect(result.eligible).toBe(false);
expect(result.reasons[0].failed).toBe(true); expect(result.reasons[0]!.failed).toBe(true);
}); });
it('should evaluate external rating eligibility', async () => { it('should evaluate external rating eligibility', async () => {
@@ -81,18 +93,18 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const leagueId = 'league-456'; const leagueId = 'league-456';
const rules = 'external.iracing.iRating between 2000 2500'; const rules = 'external.iracing.iRating between 2000 2500';
mockUserRatingRepo.findByUserId.mockResolvedValue(null); vi.mocked(mockUserRatingRepo.findByUserId).mockResolvedValue(null);
const gameKey = GameKey.create('iracing'); const gameKey = GameKey.create('iracing');
const profile = ExternalGameRatingProfile.create({ const profile = ExternalGameRatingProfile.create({
userId: { toString: () => userId } as any, userId: UserId.fromString(userId),
gameKey, gameKey,
ratings: new Map([ ratings: new Map([
['iRating', ExternalRating.create(gameKey, 'iRating', 2200)], ['iRating', ExternalRating.create(gameKey, 'iRating', 2200)],
]), ]),
provenance: ExternalRatingProvenance.create({ source: 'iRacing API', lastSyncedAt: new Date() }), provenance: ExternalRatingProvenance.create({ source: 'iRacing API', lastSyncedAt: new Date() }),
}); });
mockExternalRatingRepo.findByUserId.mockResolvedValue([profile]); vi.mocked(mockExternalRatingRepo.findByUserId).mockResolvedValue([profile]);
const query: GetLeagueEligibilityPreviewQuery = { const query: GetLeagueEligibilityPreviewQuery = {
userId, userId,
@@ -103,7 +115,7 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const result = await handler.execute(query); const result = await handler.execute(query);
expect(result.eligible).toBe(true); expect(result.eligible).toBe(true);
expect(result.reasons[0].target).toBe('external.iracing.iRating'); expect(result.reasons[0]!.target).toBe('external.iracing.iRating');
}); });
it('should evaluate complex AND conditions', async () => { it('should evaluate complex AND conditions', async () => {
@@ -113,18 +125,18 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const userRating = UserRating.create(userId); const userRating = UserRating.create(userId);
const updatedRating = userRating.updateDriverRating(65); const updatedRating = userRating.updateDriverRating(65);
mockUserRatingRepo.findByUserId.mockResolvedValue(updatedRating); vi.mocked(mockUserRatingRepo.findByUserId).mockResolvedValue(updatedRating);
const gameKey = GameKey.create('iracing'); const gameKey = GameKey.create('iracing');
const profile = ExternalGameRatingProfile.create({ const profile = ExternalGameRatingProfile.create({
userId: { toString: () => userId } as any, userId: UserId.fromString(userId),
gameKey, gameKey,
ratings: new Map([ ratings: new Map([
['iRating', ExternalRating.create(gameKey, 'iRating', 2200)], ['iRating', ExternalRating.create(gameKey, 'iRating', 2200)],
]), ]),
provenance: ExternalRatingProvenance.create({ source: 'iRacing API', lastSyncedAt: new Date() }), provenance: ExternalRatingProvenance.create({ source: 'iRacing API', lastSyncedAt: new Date() }),
}); });
mockExternalRatingRepo.findByUserId.mockResolvedValue([profile]); vi.mocked(mockExternalRatingRepo.findByUserId).mockResolvedValue([profile]);
const query: GetLeagueEligibilityPreviewQuery = { const query: GetLeagueEligibilityPreviewQuery = {
userId, userId,
@@ -145,18 +157,18 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const rules = 'platform.driving >= 75 OR external.iracing.iRating >= 2000'; const rules = 'platform.driving >= 75 OR external.iracing.iRating >= 2000';
const userRating = UserRating.create(userId); const userRating = UserRating.create(userId);
mockUserRatingRepo.findByUserId.mockResolvedValue(userRating); vi.mocked(mockUserRatingRepo.findByUserId).mockResolvedValue(userRating);
const gameKey = GameKey.create('iracing'); const gameKey = GameKey.create('iracing');
const profile = ExternalGameRatingProfile.create({ const profile = ExternalGameRatingProfile.create({
userId: { toString: () => userId } as any, userId: UserId.fromString(userId),
gameKey, gameKey,
ratings: new Map([ ratings: new Map([
['iRating', ExternalRating.create(gameKey, 'iRating', 2200)], ['iRating', ExternalRating.create(gameKey, 'iRating', 2200)],
]), ]),
provenance: ExternalRatingProvenance.create({ source: 'iRacing API', lastSyncedAt: new Date() }), provenance: ExternalRatingProvenance.create({ source: 'iRacing API', lastSyncedAt: new Date() }),
}); });
mockExternalRatingRepo.findByUserId.mockResolvedValue([profile]); vi.mocked(mockExternalRatingRepo.findByUserId).mockResolvedValue([profile]);
const query: GetLeagueEligibilityPreviewQuery = { const query: GetLeagueEligibilityPreviewQuery = {
userId, userId,
@@ -175,8 +187,8 @@ describe('GetLeagueEligibilityPreviewQuery', () => {
const leagueId = 'league-456'; const leagueId = 'league-456';
const rules = 'platform.driving >= 55'; const rules = 'platform.driving >= 55';
mockUserRatingRepo.findByUserId.mockResolvedValue(null); vi.mocked(mockUserRatingRepo.findByUserId).mockResolvedValue(null);
mockExternalRatingRepo.findByUserId.mockResolvedValue([]); vi.mocked(mockExternalRatingRepo.findByUserId).mockResolvedValue([]);
const query: GetLeagueEligibilityPreviewQuery = { const query: GetLeagueEligibilityPreviewQuery = {
userId, userId,

317
plans/admin-area-architecture.md Normal file
View File

@@ -0,0 +1,317 @@
# Admin Area Architecture Plan
## Overview
Design and implement a clean architecture admin area for Owner and Super Admin roles to manage all users, following TDD principles.
## 1. Architecture Layers
### 1.1 Domain Layer (`core/admin/domain/`)
**Purpose**: Business logic, entities, value objects, domain services - framework independent
#### Value Objects:
- `UserId` - Unique identifier for users
- `Email` - Validated email address
- `UserRole` - Role type (owner, admin, user, etc.)
- `UserStatus` - Account status (active, suspended, deleted)
- `PermissionKey` - Capability identifier
- `PermissionAction` - view | mutate
#### Entities:
- `User` - Main entity with roles, status, email
- `Permission` - Permission definition
- `RolePermission` - Role to permission mapping
#### Domain Services:
- `AuthorizationService` - Checks permissions and roles
- `UserManagementService` - User lifecycle management rules
#### Domain Errors:
- `UserDomainError` - Domain-specific errors
- `AuthorizationError` - Permission violations
### 1.2 Application Layer (`core/admin/application/`)
**Purpose**: Use cases, ports, orchestration - no framework dependencies
#### Ports (Interfaces):
- **Input Ports**:
- `IManageUsersUseCase` - User CRUD operations
- `IManageRolesUseCase` - Role management
- `IQueryUsersUseCase` - User queries
- **Output Ports**:
- `IUserRepository` - Persistence interface
- `IPermissionRepository` - Permission storage
- `IUserPresenter` - Output formatting
#### Use Cases:
- `ListUsersUseCase` - Get all users with filtering
- `GetUserDetailsUseCase` - Get single user details
- `UpdateUserRolesUseCase` - Modify user roles
- `UpdateUserStatusUseCase` - Suspend/activate users
- `DeleteUserUseCase` - Remove user accounts
- `GetUserPermissionsUseCase` - View user permissions
#### Services:
- `UserManagementService` - Orchestrates user operations
- `PermissionEvaluationService` - Evaluates access rights
### 1.3 Infrastructure Layer (`adapters/admin/`)
**Purpose**: Concrete implementations of ports
#### Persistence:
- `TypeOrmUserRepository` - Database implementation
- `TypeOrmPermissionRepository` - Permission storage
- `InMemoryUserRepository` - Test implementation
#### Presenters:
- `UserPresenter` - Maps domain to DTO
- `UserListPresenter` - Formats user list
- `PermissionPresenter` - Formats permissions
#### Security:
- `RolePermissionMapper` - Maps roles to permissions
- `AuthorizationGuard` - Enforces access control
### 1.4 API Layer (`apps/api/src/domain/admin/`)
**Purpose**: HTTP delivery mechanism
#### Controllers:
- `UsersController` - User management endpoints
- `RolesController` - Role management endpoints
- `PermissionsController` - Permission endpoints
#### DTOs:
- **Request**:
- `UpdateUserRolesRequestDto`
- `UpdateUserStatusRequestDto`
- `CreateUserRequestDto`
- **Response**:
- `UserResponseDto`
- `UserListResponseDto`
- `PermissionResponseDto`
#### Middleware/Guards:
- `RequireSystemAdminGuard` - Validates Owner/Super Admin access
- `PermissionGuard` - Checks specific permissions
### 1.5 Frontend Layer (`apps/website/`)
**Purpose**: User interface for admin operations
#### Pages:
- `/admin/users` - User management dashboard
- `/admin/users/[id]` - User detail page
- `/admin/roles` - Role management
- `/admin/permissions` - Permission matrix
#### Components:
- `UserTable` - Display users with filters
- `UserDetailCard` - User information display
- `RoleSelector` - Role assignment UI
- `StatusBadge` - User status display
- `PermissionMatrix` - Permission management
#### API Clients:
- `AdminUsersApiClient` - User management API calls
- `AdminRolesApiClient` - Role management API calls
#### Hooks:
- `useAdminUsers` - User data management
- `useAdminPermissions` - Permission data
## 2. Authorization Model
### 2.1 System Roles (from AUTHORIZATION.md)
- `owner` - Full system access
- `admin` - System admin access
### 2.2 Permission Structure
```
capabilityKey.actionType
```
Examples:
- `users.list` + `view`
- `users.roles` + `mutate`
- `users.status` + `mutate`
### 2.3 Role → Permission Mapping
```
owner: all permissions
admin:
- users.view
- users.list
- users.roles.mutate
- users.status.mutate
```
## 3. TDD Implementation Strategy
### 3.1 Test-First Approach
1. **Write failing test** for domain entity/value object
2. **Implement minimal code** to pass test
3. **Refactor** while keeping tests green
4. **Repeat** for each layer
### 3.2 Test Structure
```
core/admin/
├── domain/
│ ├── entities/
│ │ ├── User.test.ts
│ │ └── Permission.test.ts
│ ├── value-objects/
│ │ ├── UserId.test.ts
│ │ ├── Email.test.ts
│ │ ├── UserRole.test.ts
│ │ └── UserStatus.test.ts
│ └── services/
│ ├── AuthorizationService.test.ts
│ └── UserManagementService.test.ts
├── application/
│ ├── use-cases/
│ │ ├── ListUsersUseCase.test.ts
│ │ ├── UpdateUserRolesUseCase.test.ts
│ │ └── UpdateUserStatusUseCase.test.ts
│ └── services/
│ └── UserManagementService.test.ts
```
### 3.3 Integration Tests
- API endpoint tests
- End-to-end user management flows
- Authorization guard tests
## 4. Implementation Phases
### Phase 1: Domain Layer (TDD)
- [ ] Value objects with tests
- [ ] Entities with tests
- [ ] Domain services with tests
### Phase 2: Application Layer (TDD)
- [ ] Ports/interfaces
- [ ] Use cases with tests
- [ ] Application services
### Phase 3: Infrastructure Layer (TDD)
- [ ] Repository implementations
- [ ] Presenters
- [ ] Authorization guards
### Phase 4: API Layer (TDD)
- [ ] Controllers
- [ ] DTOs
- [ ] Route definitions
### Phase 5: Frontend Layer
- [ ] Pages
- [ ] Components
- [ ] API clients
- [ ] Integration tests
### Phase 6: Integration & Verification
- [ ] End-to-end tests
- [ ] Authorization verification
- [ ] TDD compliance check
## 5. Key Clean Architecture Rules
1. **Dependency Direction**: API → Application → Domain
2. **No Framework Dependencies**: Domain/Application layers pure TypeScript
3. **Ports & Adapters**: Clear interfaces between layers
4. **Test Coverage**: All layers tested before implementation
5. **Single Responsibility**: Each use case does one thing
## 6. User Management Features
### 6.1 List Users
- Filter by role, status, email
- Pagination support
- Sort by various fields
### 6.2 User Details
- View user information
- See assigned roles
- View account status
- Audit trail
### 6.3 Role Management
- Add/remove roles
- Validate role assignments
- Prevent privilege escalation
### 6.4 Status Management
- Activate/suspend users
- Soft delete support
- Status history
### 6.5 Permission Management
- View user permissions
- Role-based permission matrix
- Permission validation
## 7. Security Considerations
### 7.1 Access Control
- Only Owner/Admin can access admin area
- Validate permissions on every operation
- Audit all changes
### 7.2 Data Protection
- Never expose sensitive data
- Validate all inputs
- Prevent self-modification of critical roles
### 7.3 Audit Trail
- Log all user management actions
- Track who changed what
- Maintain history of changes
## 8. API Endpoints
### 8.1 User Management
```
GET /api/admin/users
GET /api/admin/users/:id
PUT /api/admin/users/:id/roles
PUT /api/admin/users/:id/status
DELETE /api/admin/users/:id
```
### 8.2 Role Management
```
GET /api/admin/roles
GET /api/admin/roles/:id
POST /api/admin/roles
PUT /api/admin/roles/:id
DELETE /api/admin/roles/:id
```
### 8.3 Permission Management
```
GET /api/admin/permissions
GET /api/admin/permissions/:roleId
PUT /api/admin/permissions/:roleId
```
## 9. Frontend Routes
```
/admin/users - User list
/admin/users/:id - User detail
/admin/roles - Role management
/admin/permissions - Permission matrix
```
## 10. Success Criteria
- [ ] All domain logic tested with TDD
- [ ] All application use cases tested
- [ ] API endpoints tested with integration tests
- [ ] Frontend components work correctly
- [ ] Authorization works for Owner and Super Admin only
- [ ] Clean architecture boundaries maintained
- [ ] No circular dependencies
- [ ] All tests pass
- [ ] Code follows project conventions

1
tsconfig.base.json
View File

@@ -26,6 +26,7 @@
"sourceMap": true, "sourceMap": true,
"noUnusedLocals": true, "noUnusedLocals": true,
"noUnusedParameters": true, "noUnusedParameters": true,
"types": ["vitest/globals"],
"paths": { "paths": {
"@core/*": ["./core/*"], "@core/*": ["./core/*"],
"@adapters/*": ["./adapters/*"], "@adapters/*": ["./adapters/*"],