Add super admin panel and update README
- Admin account bootstrapped from ADMIN_EMAIL/ADMIN_PASSWORD env vars on startup - Admin panel: list users, view content, reset passwords, disable/delete accounts - is_admin and is_disabled columns on users table - Disabled accounts blocked at login - README updated with admin setup instructions and panel docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
24
README.md
24
README.md
@@ -9,6 +9,7 @@ Sproutly takes the guesswork out of seed starting. Enter your plant varieties on
|
||||
## Features
|
||||
|
||||
- **Multi-user** — each user has their own account with fully isolated data
|
||||
- **Admin panel** — manage all user accounts: view content, reset passwords, disable, or delete
|
||||
- **Dashboard** — at-a-glance view of overdue, today's, and upcoming tasks with a full year planting timeline
|
||||
- **Seed Library** — manage plant varieties with frost-relative timing, germination days, sun/water requirements
|
||||
- **Garden Tracker** — log growing batches and track status from `planned` → `germinating` → `seedling` → `potted up` → `hardening off` → `garden` → `harvested`
|
||||
@@ -60,6 +61,8 @@ MYSQL_ROOT_PASSWORD=sproutly_root_secret
|
||||
MYSQL_USER=sproutly
|
||||
MYSQL_PASSWORD=sproutly_secret
|
||||
SECRET_KEY=your-secret-key-change-this
|
||||
ADMIN_EMAIL=admin@example.com
|
||||
ADMIN_PASSWORD=change-this-password
|
||||
```
|
||||
|
||||
`SECRET_KEY` is used to sign JWT tokens. Generate a secure value with:
|
||||
@@ -68,6 +71,8 @@ SECRET_KEY=your-secret-key-change-this
|
||||
python3 -c "import secrets; print(secrets.token_hex(32))"
|
||||
```
|
||||
|
||||
`ADMIN_EMAIL` and `ADMIN_PASSWORD` define the super admin account. This account is created (or updated) automatically every time the backend starts — changing these values in `.env` and restarting is all that's needed to update the credentials.
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
@@ -84,6 +89,7 @@ sproutly/
|
||||
│ ├── database.py
|
||||
│ └── routers/
|
||||
│ ├── auth.py # /auth/register, /auth/login, /auth/me
|
||||
│ ├── admin.py # /admin/users — admin-only user management
|
||||
│ ├── varieties.py
|
||||
│ ├── batches.py
|
||||
│ ├── dashboard.py
|
||||
@@ -114,6 +120,24 @@ Key endpoints:
|
||||
- `POST /api/notifications/test` — send test ntfy notification
|
||||
- `POST /api/notifications/daily` — trigger daily summary
|
||||
- `GET /api/notifications/log` — recent notification history
|
||||
- `GET /api/admin/users` — list all users with stats (admin only)
|
||||
- `GET /api/admin/users/{id}/varieties` — view a user's seed library (admin only)
|
||||
- `GET /api/admin/users/{id}/batches` — view a user's batches (admin only)
|
||||
- `POST /api/admin/users/{id}/reset-password` — reset a user's password (admin only)
|
||||
- `POST /api/admin/users/{id}/disable` — toggle account disabled state (admin only)
|
||||
- `DELETE /api/admin/users/{id}` — delete a user and all their data (admin only)
|
||||
|
||||
## Admin Panel
|
||||
|
||||
Log in with the `ADMIN_EMAIL` / `ADMIN_PASSWORD` credentials from your `.env`. Once logged in, an **Admin** link appears in the sidebar. From there you can:
|
||||
|
||||
- View all registered users with their variety and batch counts
|
||||
- Browse any user's seed library and growing batches
|
||||
- Reset a user's password
|
||||
- Disable or re-enable an account
|
||||
- Permanently delete an account and all associated data
|
||||
|
||||
The admin account itself cannot be disabled or deleted through the panel.
|
||||
|
||||
## Ntfy Authentication
|
||||
|
||||
|
||||
Reference in New Issue
Block a user