Add owner role and admin management controls

2026-02-08 19:01:58 +01:00
parent 97f1b30b75
commit 1c59d68a50
25 changed files with 540 additions and 9 deletions
--- a/Endpoints/AdminWorkflowService.cs
+++ b/Endpoints/AdminWorkflowService.cs
@@ -42,7 +42,17 @@ internal sealed class AdminWorkflowService(AppDbContext db)
            .AsNoTracking()
            .Include(p => p.Suggestions)
            .OrderBy(p => p.DisplayName ?? p.Username)
-            .Select(p => new VoteStatusDto(p.Id, p.DisplayName ?? p.Username, p.Username, p.CurrentPhase, p.VotesFinal, p.HasJoker, p.Suggestions.Count, p.Suggestions.Select(s => s.Name).ToList()))
+            .Select(p => new VoteStatusDto(
+                p.Id,
+                p.DisplayName ?? p.Username,
+                p.Username,
+                p.CurrentPhase,
+                p.VotesFinal,
+                p.HasJoker,
+                p.IsAdmin,
+                p.IsOwner,
+                p.Suggestions.Count,
+                p.Suggestions.Select(s => s.Name).ToList()))
            .ToListAsync();

        var waiting = voters.Where(v => !v.Finalized).Select(v => v.Name).ToList();
@@ -87,6 +97,21 @@ internal sealed class AdminWorkflowService(AppDbContext db)
        return Results.Ok(new AdminSetPlayerPhaseResponse(player.Id, player.CurrentPhase, player.VotesFinal));
    }

+    public async Task<IResult> SetPlayerAdminAsync(Guid playerId, bool isAdmin)
+    {
+        var player = await db.Players.FirstOrDefaultAsync(p => p.Id == playerId);
+        if (player is null)
+            return EndpointHelpers.NotFoundError("Player not found.");
+
+        if (player.IsOwner)
+            return EndpointHelpers.BadRequestError("Owner permissions cannot be changed.");
+
+        player.IsAdmin = isAdmin;
+        await db.SaveChangesAsync();
+
+        return Results.Ok(new AdminSetPlayerAdminResponse(player.Id, player.IsAdmin));
+    }
+
    public async Task<IResult> DeletePlayerAsync(Guid playerId, Guid adminPlayerId, string password, HttpContext ctx)
    {
        var passwordError = await ValidateAdminPasswordAsync(adminPlayerId, password, ctx);
@@ -96,6 +121,8 @@ internal sealed class AdminWorkflowService(AppDbContext db)
        var player = await db.Players.Include(p => p.Suggestions).FirstOrDefaultAsync(p => p.Id == playerId);
        if (player is null)
            return EndpointHelpers.NotFoundError("Player not found.");
+        if (player.IsOwner)
+            return EndpointHelpers.BadRequestError("Owner account cannot be deleted.");

        await using var tx = await db.Database.BeginTransactionAsync();