dwindown/tabungin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
89f881e7cfb25d1b18d2726758346d33dce3a5a4
tabungin/docs/features/admin-profile-reuse.md
dwindown 89f881e7cf feat: reorganize admin settings with tabbed interface and documentation 
- Reorganized admin settings into tabbed interface (General, Security, Payment Methods)
- Vertical tabs on desktop, horizontal scrollable on mobile
- Moved Payment Methods from separate menu to Settings tab
- Fixed admin profile reuse and dashboard blocking
- Fixed maintenance mode guard to use AppConfig model
- Added admin auto-redirect after login (admins → /admin, users → /)
- Reorganized documentation into docs/ folder structure
- Created comprehensive README and documentation index
- Added PWA and Web Push notifications to to-do list
2025-10-13 09:28:12 +07:00

7.2 KiB
Raw Blame History

Admin Profile Page & Dashboard Blocking

COMPLETE: Profile Page Reused for Admin + Member Dashboard Blocked

Overview

  • Reused the existing Profile page for admin users
  • Added Profile menu item to admin sidebar
  • Blocked admins from accessing the member dashboard
  • Admins are automatically redirected to /admin if they try to access member routes

📝 Changes Made

1. Added Profile to Admin Sidebar (AdminSidebar.tsx)

Changes:

  • Added UserCircle icon import
  • Added Profile menu item between Users and Settings
  • Profile route: /admin/profile
{
  title: 'Profile',
  url: '/admin/profile',
  icon: UserCircle,
}

2. Added Profile Route to Admin Panel (App.tsx)

Changes:

  • Imported Profile component
  • Added route: /admin/profile
<Route path="/admin" element={<ProtectedRoute><AdminLayout /></ProtectedRoute>}>
  <Route index element={<AdminDashboard />} />
  <Route path="plans" element={<AdminPlans />} />
  <Route path="payment-methods" element={<AdminPaymentMethods />} />
  <Route path="payments" element={<AdminPayments />} />
  <Route path="users" element={<AdminUsers />} />
  <Route path="profile" element={<Profile />} />  NEW
  <Route path="settings" element={<AdminSettings />} />
</Route>

3. Blocked Admins from Member Dashboard (Dashboard.tsx)

Changes:

  • Added auth check at the top of Dashboard component
  • Redirects admins to /admin if they try to access member routes
export function Dashboard() {
  const { user } = useAuth()
  
  // Block admins from accessing member dashboard
  if (user?.role === 'admin') {
    return <Navigate to="/admin" replace />
  }
  
  // ... rest of component
}

4. Translated AdminLayout (AdminLayout.tsx)

Changes:

  • "Akses Ditolak" → "Access Denied"
  • "Anda tidak memiliki izin..." → "You don't have permission..."
  • "Kembali ke Dashboard" → "Back to Dashboard"

🎯 User Flows

Admin Accessing Profile:

Admin logged in
  ↓
Click "Profile" in sidebar
  ↓
Navigate to /admin/profile ✅
  ↓
See Profile page with all settings

Admin Trying to Access Member Dashboard:

Admin logged in
  ↓
Try to navigate to / (member dashboard)
  ↓
Dashboard component checks role
  ↓
Redirected to /admin ✅

Admin Trying Member Routes:

Admin tries:
- / → Redirected to /admin ✅
- /wallets → Redirected to /admin ✅
- /transactions → Redirected to /admin ✅
- /profile → Redirected to /admin ✅

Regular User:

User logged in
  ↓
Access / → Works normally ✅
Access /wallets → Works normally ✅
Access /transactions → Works normally ✅
Access /profile → Works normally ✅

📊 Route Access Matrix

Route Admin Access User Access
/ Redirect to /admin Member Dashboard
/wallets Redirect to /admin Wallets Page
/transactions Redirect to /admin Transactions Page
/profile Redirect to /admin Profile Page
/admin Admin Dashboard Access Denied
/admin/profile Profile Page Access Denied
/admin/* All admin routes Access Denied

🎨 Admin Sidebar Menu Order

  1. 📊 Dashboard (/admin)
  2. 💳 Plans (/admin/plans)
  3. 💰 Payment Methods (/admin/payment-methods)
  4. 💵 Payments (/admin/payments)
  5. 👥 Users (/admin/users)
  6. 👤 Profile (/admin/profile) NEW
  7. ⚙️ Settings (/admin/settings)

Benefits

1. Code Reuse

  • No need to duplicate Profile component
  • Same profile settings for both admin and users
  • Consistent UI/UX across roles

2. Clear Separation

  • Admins can't access member dashboard
  • Users can't access admin panel
  • Automatic redirects prevent confusion

3. Better UX

  • Admins have dedicated profile page in admin panel
  • No need to switch between interfaces
  • All admin features in one place

🧪 Testing Instructions

Test 1: Admin Profile Access

1. Login as admin
2. Navigate to /admin
3. Click "Profile" in sidebar
4. Verify you see the profile page ✅
5. Test all profile features (edit, OTP, etc.)
6. Verify everything works ✅

Test 2: Admin Dashboard Blocking

1. Login as admin
2. Manually navigate to / (member dashboard)
3. Verify redirected to /admin ✅
4. Try /wallets
5. Verify redirected to /admin ✅
6. Try /transactions
7. Verify redirected to /admin ✅

Test 3: Regular User Access

1. Login as regular user
2. Navigate to / (member dashboard)
3. Verify dashboard loads ✅
4. Navigate to /wallets
5. Verify wallets page loads ✅
6. Navigate to /profile
7. Verify profile page loads ✅
8. Try to access /admin
9. Verify "Access Denied" message ✅

Test 4: Profile Functionality

As Admin (/admin/profile):
- ✅ Edit profile information
- ✅ Change password
- ✅ Enable/disable OTP methods
- ✅ Setup TOTP
- ✅ All features work

As User (/profile):
- ✅ Same features work
- ✅ No differences in functionality

📁 Files Modified

  1. /apps/web/src/components/admin/AdminSidebar.tsx

    • Added UserCircle icon import
    • Added Profile menu item

  2. /apps/web/src/App.tsx

    • Imported Profile component
    • Added /admin/profile route

  3. /apps/web/src/components/Dashboard.tsx

    • Added auth check
    • Blocks admins from accessing member dashboard

  4. /apps/web/src/components/admin/AdminLayout.tsx

    • Translated access denied message to English

🔒 Security Notes

Frontend Guards:

  • Dashboard component blocks admins
  • AdminLayout blocks non-admins
  • Automatic redirects prevent access

Backend Protection:

  • API endpoints already have role-based guards
  • Admin routes require admin role
  • User routes work for all authenticated users

Important:

Frontend guards are for UX only. Backend API guards provide actual security. The frontend redirects just prevent confusion and provide better user experience.

Verification Checklist

  • Profile menu item added to admin sidebar
  • Profile route added to admin panel
  • Profile page accessible at /admin/profile
  • Admins blocked from / (member dashboard)
  • Admins blocked from /wallets
  • Admins blocked from /transactions
  • Admins blocked from /profile (member route)
  • Regular users can still access all member routes
  • Regular users blocked from /admin routes
  • AdminLayout access denied message translated

🎉 Summary

Profile page successfully reused for admins!

Admins can:

  • Access profile at /admin/profile
  • Edit their profile information
  • Manage OTP settings
  • Change password
  • All from within the admin panel

Admins cannot:

  • Access member dashboard (/)
  • Access member routes (/wallets, /transactions, etc.)
  • They are automatically redirected to /admin

Regular users:

  • Continue to use profile at /profile
  • Full access to member dashboard
  • Cannot access admin panel

Clean separation of concerns with maximum code reuse! 🎊