web-app-launcher/plans/mvp-web-app-launcher/phase-6-admin-panel.md

# Phase 6: Admin Panel

**Status:** ⬜ Not Started
**Parent plan:** [PLAN.md](./PLAN.md)
**Domain:** fullstack

## Objective
Build the admin panel with user management, group management, app management, board management, and system settings configuration.

## Tasks

- [ ] Task 1: Create `src/routes/admin/+layout.server.ts` — admin auth guard (role check)
- [ ] Task 2: Create `src/routes/admin/+layout.svelte` — admin layout with nav
- [ ] Task 3: Create `src/routes/api/users/+server.ts` — GET (list), POST (create user)
- [ ] Task 4: Create `src/routes/api/users/[id]/+server.ts` — GET, PATCH, DELETE
- [ ] Task 5: Create `src/routes/api/groups/+server.ts` — GET (list), POST (create group)
- [ ] Task 6: Create `src/routes/api/groups/[id]/+server.ts` — GET, PATCH, DELETE
- [ ] Task 7: Create `src/routes/api/admin/settings/+server.ts` — GET, PATCH system settings
- [ ] Task 8: Create `src/routes/admin/users/+page.server.ts` — load users
- [ ] Task 9: Create `src/routes/admin/users/+page.svelte` — user management page
- [ ] Task 10: Create `src/routes/admin/groups/+page.server.ts` — load groups
- [ ] Task 11: Create `src/routes/admin/groups/+page.svelte` — group management page
- [ ] Task 12: Create `src/routes/admin/settings/+page.server.ts` — load/update settings
- [ ] Task 13: Create `src/routes/admin/settings/+page.svelte` — system settings page
- [ ] Task 14: Create `src/lib/components/admin/UserTable.svelte` — user list with actions
- [ ] Task 15: Create `src/lib/components/admin/GroupTable.svelte` — group list with actions
- [ ] Task 16: Create `src/lib/components/admin/SettingsForm.svelte` — settings form
- [ ] Task 17: Create `src/lib/components/admin/PermissionEditor.svelte` — permission assignment UI
- [ ] Task 18: Create `src/routes/api/search/+server.ts` — global search endpoint (searches apps + boards)

## Files to Modify/Create
- `src/routes/admin/+layout.server.ts`
- `src/routes/admin/+layout.svelte`
- `src/routes/admin/users/+page.server.ts`
- `src/routes/admin/users/+page.svelte`
- `src/routes/admin/groups/+page.server.ts`
- `src/routes/admin/groups/+page.svelte`
- `src/routes/admin/settings/+page.server.ts`
- `src/routes/admin/settings/+page.svelte`
- `src/routes/api/users/+server.ts`
- `src/routes/api/users/[id]/+server.ts`
- `src/routes/api/groups/+server.ts`
- `src/routes/api/groups/[id]/+server.ts`
- `src/routes/api/admin/settings/+server.ts`
- `src/routes/api/search/+server.ts`
- `src/lib/components/admin/*.svelte`

## Acceptance Criteria
- Admin-only routes are protected (non-admin users get 403/redirect)
- Users can be created, edited, deleted, assigned to groups
- Groups can be created, edited, deleted
- System settings can be viewed and updated (auth mode, registration, theme defaults, healthcheck defaults)
- Search API returns matching apps and boards filtered by user permissions
- All forms use Superforms + Zod validation

## Notes
- Admin role is checked in `+layout.server.ts` — redirect non-admins
- User creation by admin sets password directly (no email verification in MVP)
- OAuth config fields in settings are stored but non-functional until post-MVP Phase 2
- Permission editor UI: simple select dropdowns for entity + target + level
- ⚠️ Big Bang: functional but minimally styled until Phase 7

## Review Checklist
- [ ] All tasks completed
- [ ] Code follows project conventions
- [ ] No unintended side effects
- [ ] Build passes
- [ ] Tests pass (new + existing)

## Handoff to Next Phase
<!-- Filled in by the implementation agent after completing this phase. -->