diff --git a/backend/src/routes/admin.js b/backend/src/routes/admin.js index 596c6bc..1acd5d5 100644 --- a/backend/src/routes/admin.js +++ b/backend/src/routes/admin.js @@ -226,6 +226,84 @@ router.put('/users/:id/role', validateParams(idParamSchema), async (req, res, ne } }); +// @route PUT /api/admin/users/:id +// @desc Update user details +// @access Private (Admin) +router.put('/users/:id', validateParams(idParamSchema), async (req, res, next) => { + try { + const userId = req.params.id; + const { firstName, lastName, email, role, password } = req.body; + + // Validate required fields + if (!firstName || !lastName || !email || !role) { + throw new AppError('First name, last name, email, and role are required', 400); + } + + if (!['admin', 'user'].includes(role)) { + throw new AppError('Invalid role', 400); + } + + // Prevent removing admin role from yourself + if (parseInt(userId) === req.user.id && role !== 'admin') { + throw new AppError('Cannot remove admin role from yourself', 400); + } + + // Check if user exists + const userCheck = await pool.query( + 'SELECT id, role FROM users WHERE id = $1', + [userId] + ); + + if (userCheck.rows.length === 0) { + throw new AppError('User not found', 404); + } + + // Check if email is already taken by another user + const emailCheck = await pool.query( + 'SELECT id FROM users WHERE email = $1 AND id != $2', + [email, userId] + ); + + if (emailCheck.rows.length > 0) { + throw new AppError('Email already exists', 400); + } + + let updateQuery = 'UPDATE users SET first_name = $1, last_name = $2, email = $3, role = $4, updated_at = CURRENT_TIMESTAMP'; + let queryParams = [firstName, lastName, email, role]; + + // If password is provided, hash it and include in update + if (password) { + const bcrypt = require('bcrypt'); + const saltRounds = 10; + const hashedPassword = await bcrypt.hash(password, saltRounds); + updateQuery += ', password_hash = $5'; + queryParams.push(hashedPassword); + } + + updateQuery += ' WHERE id = $' + (queryParams.length + 1) + ' RETURNING id, email, first_name, last_name, role'; + queryParams.push(userId); + + const result = await pool.query(updateQuery, queryParams); + const user = result.rows[0]; + + res.json({ + success: true, + message: 'User updated successfully', + data: { + user: { + id: user.id, + email: user.email, + firstName: user.first_name, + lastName: user.last_name, + role: user.role + } + } + }); + } catch (error) { + next(error); + } +}); + // @route DELETE /api/admin/users/:id // @desc Delete user account // @access Private (Admin) @@ -967,4 +1045,79 @@ router.delete('/products/user/spreader-settings/:id', validateParams(idParamSche } }); +// @route GET /api/admin/settings +// @desc Get admin settings +// @access Private (Admin) +router.get('/settings', async (req, res, next) => { + try { + // For now, we'll store settings in the database. Let's create a simple settings table approach + // First check if settings table exists, if not create it + await pool.query(` + CREATE TABLE IF NOT EXISTS admin_settings ( + id SERIAL PRIMARY KEY, + setting_key VARCHAR(255) UNIQUE NOT NULL, + setting_value TEXT NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + ) + `); + + // Insert default registration setting if it doesn't exist + await pool.query(` + INSERT INTO admin_settings (setting_key, setting_value) + VALUES ('registrationEnabled', 'true') + ON CONFLICT (setting_key) DO NOTHING + `); + + // Get all settings + const settingsResult = await pool.query('SELECT setting_key, setting_value FROM admin_settings'); + + const settings = {}; + settingsResult.rows.forEach(row => { + // Convert string values to appropriate types + if (row.setting_value === 'true' || row.setting_value === 'false') { + settings[row.setting_key] = row.setting_value === 'true'; + } else { + settings[row.setting_key] = row.setting_value; + } + }); + + res.json({ + success: true, + data: settings + }); + } catch (error) { + next(error); + } +}); + +// @route PUT /api/admin/settings +// @desc Update admin settings +// @access Private (Admin) +router.put('/settings', async (req, res, next) => { + try { + const updates = req.body; + + // Update each setting + for (const [key, value] of Object.entries(updates)) { + const stringValue = typeof value === 'boolean' ? value.toString() : value; + + await pool.query(` + INSERT INTO admin_settings (setting_key, setting_value, updated_at) + VALUES ($1, $2, CURRENT_TIMESTAMP) + ON CONFLICT (setting_key) + DO UPDATE SET setting_value = $2, updated_at = CURRENT_TIMESTAMP + `, [key, stringValue]); + } + + res.json({ + success: true, + message: 'Settings updated successfully', + data: updates + }); + } catch (error) { + next(error); + } +}); + module.exports = router; \ No newline at end of file diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js index 82f6795..d49c4d0 100644 --- a/backend/src/routes/auth.js +++ b/backend/src/routes/auth.js @@ -333,4 +333,46 @@ router.get('/me', authenticateToken, async (req, res, next) => { } }); +// @route GET /api/auth/registration-status +// @desc Get registration status (public endpoint) +// @access Public +router.get('/registration-status', async (req, res, next) => { + try { + // Create admin_settings table if it doesn't exist + await pool.query(` + CREATE TABLE IF NOT EXISTS admin_settings ( + id SERIAL PRIMARY KEY, + setting_key VARCHAR(255) UNIQUE NOT NULL, + setting_value TEXT NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + ) + `); + + // Insert default registration setting if it doesn't exist + await pool.query(` + INSERT INTO admin_settings (setting_key, setting_value) + VALUES ('registrationEnabled', 'true') + ON CONFLICT (setting_key) DO NOTHING + `); + + // Get registration setting + const settingResult = await pool.query( + 'SELECT setting_value FROM admin_settings WHERE setting_key = $1', + ['registrationEnabled'] + ); + + const enabled = settingResult.rows.length > 0 ? settingResult.rows[0].setting_value === 'true' : true; + + res.json({ + success: true, + data: { + enabled + } + }); + } catch (error) { + next(error); + } +}); + module.exports = router; \ No newline at end of file diff --git a/frontend/src/pages/Admin/AdminDashboard.js b/frontend/src/pages/Admin/AdminDashboard.js index 5ccce94..32c51a2 100644 --- a/frontend/src/pages/Admin/AdminDashboard.js +++ b/frontend/src/pages/Admin/AdminDashboard.js @@ -3,18 +3,25 @@ import { Link } from 'react-router-dom'; import { UsersIcon, CogIcon, BuildingOfficeIcon, ChartBarIcon } from '@heroicons/react/24/outline'; import { adminAPI } from '../../services/api'; import LoadingSpinner from '../../components/UI/LoadingSpinner'; +import toast from 'react-hot-toast'; const AdminDashboard = () => { const [stats, setStats] = useState(null); const [loading, setLoading] = useState(true); const [error, setError] = useState(null); + const [registrationEnabled, setRegistrationEnabled] = useState(true); + const [updatingRegistration, setUpdatingRegistration] = useState(false); useEffect(() => { const fetchDashboardData = async () => { try { setLoading(true); - const response = await adminAPI.getDashboard(); - setStats(response.data.data); + const [dashboardResponse, settingsResponse] = await Promise.all([ + adminAPI.getDashboard(), + adminAPI.getSettings() + ]); + setStats(dashboardResponse.data.data); + setRegistrationEnabled(settingsResponse.data.data.registrationEnabled); setError(null); } catch (err) { console.error('Failed to fetch admin dashboard:', err); @@ -27,6 +34,20 @@ const AdminDashboard = () => { fetchDashboardData(); }, []); + const handleRegistrationToggle = async () => { + try { + setUpdatingRegistration(true); + await adminAPI.updateSettings({ registrationEnabled: !registrationEnabled }); + setRegistrationEnabled(!registrationEnabled); + toast.success(`Registration ${!registrationEnabled ? 'enabled' : 'disabled'} successfully`); + } catch (err) { + console.error('Failed to update registration setting:', err); + toast.error('Failed to update registration setting'); + } finally { + setUpdatingRegistration(false); + } + }; + if (loading) { return (
@@ -113,8 +134,8 @@ const AdminDashboard = () => { ))}
- {/* Quick Actions */} -
+ {/* Quick Actions and Settings */} +

Quick Actions

@@ -139,6 +160,33 @@ const AdminDashboard = () => {
Manage Equipment
Add and manage lawn care equipment
+
+
+ +
+

System Settings

+
+
+
+
User Registration
+
+ {registrationEnabled ? 'New users can register' : 'Registration is disabled'} +
+
+ +
)} + {/* Edit User Modal */} + {showEditModal && selectedUser && ( +
+
+
+

+ Edit User: {selectedUser.firstName} {selectedUser.lastName} +

+
+
+
+ + setEditFormData({ ...editFormData, firstName: e.target.value })} + className="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500" + required + /> +
+ +
+ + setEditFormData({ ...editFormData, lastName: e.target.value })} + className="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500" + required + /> +
+ +
+ + setEditFormData({ ...editFormData, email: e.target.value })} + className="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500" + required + /> +
+ +
+ + +
+ +
+

+ Password Reset (Optional) +

+
+
+ + setEditFormData({ ...editFormData, newPassword: e.target.value })} + className="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500" + placeholder="Leave blank to keep current password" + /> +
+ +
+ + setEditFormData({ ...editFormData, confirmPassword: e.target.value })} + className="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500" + placeholder="Confirm new password" + /> +
+
+
+
+ +
+ + +
+
+
+
+
+ )} + {/* Invite User Modal */} {showInviteModal && (
diff --git a/frontend/src/pages/Auth/Login.js b/frontend/src/pages/Auth/Login.js index 3f7260d..20e91d2 100644 --- a/frontend/src/pages/Auth/Login.js +++ b/frontend/src/pages/Auth/Login.js @@ -1,12 +1,15 @@ -import React, { useState } from 'react'; +import React, { useState, useEffect } from 'react'; import { Link, useNavigate, useLocation } from 'react-router-dom'; import { useForm } from 'react-hook-form'; import { EyeIcon, EyeSlashIcon } from '@heroicons/react/24/outline'; import { useAuth } from '../../hooks/useAuth'; import LoadingSpinner from '../../components/UI/LoadingSpinner'; +import apiClient from '../../services/api'; const Login = () => { const [showPassword, setShowPassword] = useState(false); + const [registrationEnabled, setRegistrationEnabled] = useState(true); + const [settingsLoading, setSettingsLoading] = useState(true); const { login, loading } = useAuth(); const navigate = useNavigate(); const location = useLocation(); @@ -20,6 +23,24 @@ const Login = () => { setError, } = useForm(); + // Fetch registration settings + useEffect(() => { + const fetchRegistrationSetting = async () => { + try { + const response = await apiClient.get('/auth/registration-status'); + setRegistrationEnabled(response.data.data.enabled); + } catch (error) { + // If there's an error, default to allowing registration + console.error('Failed to fetch registration setting:', error); + setRegistrationEnabled(true); + } finally { + setSettingsLoading(false); + } + }; + + fetchRegistrationSetting(); + }, []); + const onSubmit = async (data) => { console.log('Login form submitted:', data.email); const result = await login(data); @@ -46,15 +67,17 @@ const Login = () => {

Sign in to your account

-

- Or{' '} - - create a new account - -

+ {!settingsLoading && registrationEnabled && ( +

+ Or{' '} + + create a new account + +

+ )}
diff --git a/frontend/src/services/api.js b/frontend/src/services/api.js index a9ff3fc..890cc62 100644 --- a/frontend/src/services/api.js +++ b/frontend/src/services/api.js @@ -204,6 +204,7 @@ export const adminAPI = { // Users management getUsers: (params) => apiClient.get('/admin/users', { params }), + updateUser: (id, userData) => apiClient.put(`/admin/users/${id}`, userData), updateUserRole: (id, role) => apiClient.put(`/admin/users/${id}/role`, { role }), deleteUser: (id) => apiClient.delete(`/admin/users/${id}`), @@ -225,6 +226,10 @@ export const adminAPI = { // System health getSystemHealth: () => apiClient.get('/admin/system/health'), + + // Settings management + getSettings: () => apiClient.get('/admin/settings'), + updateSettings: (settings) => apiClient.put('/admin/settings', settings), }; // Utility functions