Documentation

Admin Dashboard

Complete admin panel with CRUD operations for users, subscriptions, payments, and blog management.

Access

The admin dashboard is available at /admin and requires ADMIN or SUPER_ADMIN role.

Features

  • User Management - Create, edit, delete users and manage roles
  • Subscription Management - View and manage user subscriptions
  • Payment Management - View payments and process refunds
  • Blog Management - Create, edit, publish blog posts
  • Role Management - View roles and permissions
  • Analytics Dashboard - View key metrics and statistics

User Management

List Users

At /admin/users:

  • Paginated user list with search
  • Filter by role
  • View user details, roles, subscriptions
  • Edit or delete users

Edit User

At /admin/users/[id]:

  • Update user name, email, credits
  • Assign/remove roles (SUPER_ADMIN only)
  • View subscription and payment history
  • Change subscription plan

Subscription Management

View Subscriptions

At /admin/subscriptions:

  • List all subscriptions
  • Filter by status (active, canceled, past_due)
  • View plan details and billing cycle
  • Cancel subscriptions

Payment Management

View Payments

At /admin/payments:

  • List all payments
  • Filter by user or status
  • View payment details and invoices
  • Process refunds (SUPER_ADMIN only)

Blog Management

List Posts

At /admin/blog:

  • View all blog posts (published and drafts)
  • Quick publish/unpublish toggle
  • Edit or delete posts
  • Create new posts

Create/Edit Post

At /admin/blog/new or /admin/blog/[id]:

  • Rich text editor for content
  • Title, slug, excerpt fields
  • Cover image upload
  • Category selection
  • Publish/draft toggle

Server Actions

Admin operations use Server Actions from src/actions/admin.ts:

  • updateUser() - Update user details
  • deleteUser() - Delete user
  • assignRole() - Assign role to user
  • removeRole() - Remove role from user
  • cancelSubscription() - Cancel user subscription
  • changeUserPlan() - Change subscription plan
  • createBlogPost() - Create new blog post
  • updateBlogPost() - Update blog post
  • deleteBlogPost() - Delete blog post
  • refundPayment() - Process payment refund

Authorization

All admin routes check for ADMIN or SUPER_ADMIN role:

const userRoles = await prisma.userRole.findMany({
  where: { userId: session.user.id },
  include: { role: true },
});

const isAdmin = userRoles.some(
  (ur: { role: { name: string } }) => ur.role.name === "ADMIN" || ur.role.name === "SUPER_ADMIN"
);

if (!isAdmin) {
  redirect("/dashboard");
}

Security

  • All operations require authentication
  • SUPER_ADMIN required for sensitive operations
  • Cannot delete yourself
  • Confirmation dialogs for destructive actions
  • Audit logging for admin actions