Add user management for activation, deactivation, and deletion

Introduce API endpoints and storage methods for setting user passwords, soft deactivation (hiding availability), and hard deletion (removing all associated future data). Replit-Commit-Author: Agent Replit-Commit-Session-Id: 3a22ac80-cd1d-4441-9e36-f24fc2f4c3de Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/3478f7c3-db8c-4fca-9165-3adbdf1b5829/3a22ac80-cd1d-4441-9e36-f24fc2f4c3de/gBqmpbl
2025-09-12 20:36:14 +00:00
parent 91706d07c7
commit 60b5735588
3 changed files with 118 additions and 5 deletions
@@ -605,13 +605,11 @@ export async function registerRoutes(app: Express): Promise<Server> {
        firstName: firstName || '',
        lastName: lastName || '',
        displayName: displayName || `${firstName || ''} ${lastName || ''}`.trim(),
-        role: 'dj' as const,
+        password: tempPassword,
-        isActive: true,
+        isTemporary: true
        tempPassword, // Store temporarily - will be removed after first login
        needsPasswordChange: true
      };
-      const user = await storage.createUser(userData);
+      const user = await storage.createUserWithPassword(userData);
      res.json({ 
        message: "User created successfully", 
@@ -623,6 +621,54 @@ export async function registerRoutes(app: Express): Promise<Server> {
    }
  });
  // Set/change user password
  app.post('/api/users/:id/set-password', isAuthenticated, isAdmin, async (req, res) => {
    try {
      const { password, isTemporary } = req.body;
      if (!password) {
        return res.status(400).json({ message: "Password is required" });
      }
      await storage.setUserPassword(req.params.id, password, isTemporary || false);
      res.json({ message: "Password updated successfully" });
    } catch (error) {
      console.error("Error setting user password:", error);
      res.status(500).json({ message: "Failed to set user password" });
    }
  });
  // Soft deactivate user (hide from scheduling but keep data)
  app.post('/api/users/:id/deactivate-soft', isAuthenticated, isAdmin, async (req, res) => {
    try {
      await storage.deactivateUserSoft(req.params.id);
      res.json({ message: "User deactivated successfully (data preserved)" });
    } catch (error) {
      console.error("Error deactivating user:", error);
      res.status(500).json({ message: "Failed to deactivate user" });
    }
  });
  // Hard delete user (remove user and future data)
  app.delete('/api/users/:id/delete-hard', isAuthenticated, isAdmin, async (req, res) => {
    try {
      await storage.deleteUserHard(req.params.id);
      res.json({ message: "User and associated future data deleted successfully" });
    } catch (error) {
      console.error("Error deleting user:", error);
      res.status(500).json({ message: "Failed to delete user" });
    }
  });
  // Get user active status
  app.get('/api/users/:id/active-status', isAuthenticated, isAdmin, async (req, res) => {
    try {
      const isActive = await storage.getUserActiveStatus(req.params.id);
      res.json({ isActive });
    } catch (error) {
      console.error("Error checking user active status:", error);
      res.status(500).json({ message: "Failed to check user status" });
    }
  });
  // Statistics routes
  app.get('/api/stats/dashboard', isAuthenticated, async (req: any, res) => {
    try {
@@ -51,6 +51,11 @@ export interface IStorage {
  reactivateUser(id: string): Promise<void>;
  makeAdmin(id: string): Promise<void>;
  removeAdmin(id: string): Promise<void>;
  setUserPassword(id: string, password: string, isTemporary?: boolean): Promise<void>;
  deactivateUserSoft(id: string): Promise<void>;
  deleteUserHard(id: string): Promise<void>;
  getUserActiveStatus(id: string): Promise<boolean>;
  createUserWithPassword(userData: InsertUser & { password: string, isTemporary?: boolean }): Promise<User>;
  // Event operations
  createEvent(event: InsertEvent): Promise<Event>;
@@ -149,6 +154,18 @@ export class DatabaseStorage implements IStorage {
    return user;
  }
  async createUserWithPassword(userData: InsertUser & { password: string, isTemporary?: boolean }): Promise<User> {
    const { password, isTemporary, ...userFields } = userData;
    const [user] = await db.insert(users).values({
      ...userFields,
      password,
      tempPassword: isTemporary ? password : null,
      needsPasswordChange: isTemporary || false,
      isActive: true // Activate immediately when password is provided
    }).returning();
    return user;
  }
  async upsertUser(userData: UpsertUser): Promise<User> {
    const [user] = await db
      .insert(users)
@@ -193,6 +210,55 @@ export class DatabaseStorage implements IStorage {
    await db.update(users).set({ role: "dj", updatedAt: new Date() }).where(eq(users.id, id));
  }
  async setUserPassword(id: string, password: string, isTemporary: boolean = false): Promise<void> {
    await db.update(users).set({ 
      password, 
      tempPassword: isTemporary ? password : null,
      needsPasswordChange: isTemporary,
      isActive: true, // Activate user when password is set
      updatedAt: new Date() 
    }).where(eq(users.id, id));
  }
  async deactivateUserSoft(id: string): Promise<void> {
    // Soft deactivation - hide from availability/scheduling but keep all data
    await db.update(users).set({ isActive: false, updatedAt: new Date() }).where(eq(users.id, id));
  }
  async deleteUserHard(id: string): Promise<void> {
    // Hard deletion - remove user and all future schedules/availability
    const currentDate = new Date().toISOString().split('T')[0];
    // Delete future availability
    await db.delete(availability)
      .where(and(eq(availability.djId, id), gte(availability.startDate, currentDate)));
    // Delete future events (keep past events for historical purposes)
    await db.delete(events)
      .where(and(eq(events.djId, id), gte(events.date, currentDate)));
    // Delete slot eligibility
    await db.delete(slotEligibility).where(eq(slotEligibility.djId, id));
    // Delete social links
    await db.delete(socialLinks).where(eq(socialLinks.djId, id));
    // Delete removal requests
    await db.delete(removalRequests).where(eq(removalRequests.djId, id));
    // Finally delete the user
    await db.delete(users).where(eq(users.id, id));
  }
  async getUserActiveStatus(id: string): Promise<boolean> {
    const [user] = await db.select({ isActive: users.isActive, password: users.password })
      .from(users)
      .where(eq(users.id, id));
    // User is considered active if they have isActive=true AND have a password set
    return user ? user.isActive && !!user.password : false;
  }
  // Event operations
  async createEvent(event: InsertEvent): Promise<Event> {
    const [newEvent] = await db.insert(events).values(event).returning();
@@ -43,6 +43,7 @@ export const users = pgTable("users", {
  role: userRoleEnum("role").default("dj").notNull(),
  isActive: boolean("is_active").default(true).notNull(),
  maxEventsPerMonth: integer("max_events_per_month").default(2).notNull(),
  password: varchar("password"),
  tempPassword: varchar("temp_password"),
  needsPasswordChange: boolean("needs_password_change").default(false),
  createdAt: timestamp("created_at").defaultNow(),