As an admin I want to create and edit full user profiles so that users start with their information pre-filled #37

New Issue

Closed

opened 2026-03-20 19:07:54 +01:00 by marcel · 0 comments

marcel commented 2026-03-20 19:07:54 +01:00

Owner

Copy Link

Background

The admin page currently manages users in a compact table row (login, password field, group selector, delete). With the profile fields added in #35 (first name, last name, birth date, email, contact), there is no room to add those inline. The admin should be able to pre-fill this data at account creation time so the user does not have to enter it themselves.

This requires a light overhaul of the admin user management section — moving from inline table editing to a proper per-user edit view.

Desired behaviour

User list (overview, replaces the current table):

• Shows each user as a row: display name (or username if no name set), login, group badges, edit and delete buttons
• "New user" button at the top opens the new user form

User create / edit form (new dedicated view or side panel):

• All existing fields: login (username), initial password, group assignment
• All profile fields from #35: first name, last name, birth date, email, contact notes
• Password field on the edit form is optional — leave blank to keep the current password, fill in to override it (same behaviour as today)
• Admin does not need to supply the current password when changing someone else's password (admin override)

UI options to consider

Two patterns are reasonable — pick one during implementation:

1. Dedicated route /admin/users/[id]/edit and /admin/users/new — full page, easy to link to, clean URL
2. Slide-out panel / modal — stays on the admin page, no navigation; works well for small forms

Given the number of fields (10+), a dedicated route is likely cleaner.

Implementation notes

Backend — the profile fields are already added by #35. Only the admin-override password change needs a separate code path:

• PUT /api/users/{id} (already exists or extend it) should allow an admin (ADMIN_USER permission) to update profile fields and optionally set a new password without supplying a current password
• The existing POST /api/users/me/password (from #35) still requires the current password — this is the self-service path

Frontend

• Refactor src/routes/admin/+page.svelte — replace the inline user table with the new list + edit-view pattern
• New routes src/routes/admin/users/new/ and src/routes/admin/users/[id]/ (or modal equivalent)
• The tags and groups tabs on the admin page are unaffected

Testing

• @WebMvcTest — admin can update another user's profile fields; admin can set a new password without current password; non-admin gets 403
• E2E Playwright spec — create user with full profile, verify fields appear on the edit form; edit an existing user's name, verify it is reflected in the user list

Dependencies

• #35 (profile page) — must be merged first so the DB columns and /api/users/me endpoints exist; this issue extends the admin path to the same data

## Background The admin page currently manages users in a compact table row (login, password field, group selector, delete). With the profile fields added in #35 (first name, last name, birth date, email, contact), there is no room to add those inline. The admin should be able to pre-fill this data at account creation time so the user does not have to enter it themselves. This requires a light overhaul of the admin user management section — moving from inline table editing to a proper per-user edit view. ## Desired behaviour **User list** (overview, replaces the current table): - Shows each user as a row: display name (or username if no name set), login, group badges, edit and delete buttons - "New user" button at the top opens the new user form **User create / edit form** (new dedicated view or side panel): - All existing fields: login (username), initial password, group assignment - All profile fields from #35: first name, last name, birth date, email, contact notes - Password field on the edit form is optional — leave blank to keep the current password, fill in to override it (same behaviour as today) - Admin does not need to supply the current password when changing someone else's password (admin override) ## UI options to consider Two patterns are reasonable — pick one during implementation: 1. **Dedicated route** `/admin/users/[id]/edit` and `/admin/users/new` — full page, easy to link to, clean URL 2. **Slide-out panel / modal** — stays on the admin page, no navigation; works well for small forms Given the number of fields (10+), a dedicated route is likely cleaner. ## Implementation notes **Backend** — the profile fields are already added by #35. Only the admin-override password change needs a separate code path: - `PUT /api/users/{id}` (already exists or extend it) should allow an admin (`ADMIN_USER` permission) to update profile fields and optionally set a new password without supplying a current password - The existing `POST /api/users/me/password` (from #35) still requires the current password — this is the self-service path **Frontend** - Refactor `src/routes/admin/+page.svelte` — replace the inline user table with the new list + edit-view pattern - New routes `src/routes/admin/users/new/` and `src/routes/admin/users/[id]/` (or modal equivalent) - The tags and groups tabs on the admin page are unaffected ## Testing - `@WebMvcTest` — admin can update another user's profile fields; admin can set a new password without current password; non-admin gets 403 - E2E Playwright spec — create user with full profile, verify fields appear on the edit form; edit an existing user's name, verify it is reflected in the user list ## Dependencies - **#35** (profile page) — must be merged first so the DB columns and `/api/users/me` endpoints exist; this issue extends the admin path to the same data

marcel added the feature label 2026-03-20 19:11:19 +01:00

marcel added the user label 2026-03-20 19:12:39 +01:00

marcel referenced this issue from a commit 2026-03-22 16:34:10 +01:00

feat(admin): add dedicated routes for admin user management (#37)

marcel referenced this issue 2026-03-22 16:35:00 +01:00

feat(admin): dedicated routes for user management (#37) #47

marcel closed this issue 2026-03-22 19:36:40 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/issue-533-mass-import-ux

worktree-feat+issue-557-upload-artifact-v3-pin

worktree-chore+issue-556-drop-client-branches-coverage-gate

fix/issue-514-prerender-crawl-bakes-redirects

fix/issue-472-prerender-entries

feat/issue-395-readme

feat/issue-345-bulk-mark-reviewed

feat/issue-344-bell-tooltip

feat/issue-341-annotieren-contrast

feat/issue-225-bulk-metadata-edit

feat/issue-317-bulk-upload

feat/issue-271-dashboard-redesign

docs/issue-240-mission-control-spec

refactor/issues-193-200

feat/issue-162-korrespondenz-redesign

feature/68-new-document-file-first

feat/81-discussion-discoverability

feat/62-document-bottom-panel

feature/56-backfill-file-hashes

feat/38-document-edit-history

fix/svelte5-test-delegation-and-login-auth

No results found.

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label feature user

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#37