Feature/admin dashboard user management analytics

[Madhavi1108]

Description

This PR introduces a comprehensive Admin Dashboard featuring real-time analytics, user management, and administrative audit logging. The implementation provides administrators with centralized visibility into platform activity while enabling secure user administration through protected backend APIs and an interactive frontend interface.

The solution combines dashboard analytics, server-side pagination, search and filtering, bulk user operations, Chart.js visualizations, and audit logging to deliver a scalable and production-ready administration system.

Closes #189

Type of Change

• New feature
• Bug fix
• Refactoring
• Documentation update

Checklist

• Code follows project conventions
• Existing functionality preserved
• Admin endpoints secured with authorization
• Dashboard analytics implemented
• User management functionality completed
• Audit logging added
• Ready for testing

---

What Was Implemented

Administrative Audit Logging

Introduced a dedicated audit logging mechanism for tracking administrator actions performed through the dashboard.

New Database Script

• backend/scripts/admin_dashboard_schema.sql

The schema creates a new table:

• user_audit_logs

Each audit record stores:

• Administrator identifier
• Target user identifier
• Action type
• IP address
• User agent
• Timestamp information

This provides complete traceability for administrative user management actions such as blocking and unblocking accounts.

---

Backend Administration Service

Implemented a dedicated service layer responsible for dashboard analytics and user management operations.

New Service

• backend/services/admin.service.js

The service handles:

• Dashboard statistics aggregation
• User retrieval
• Search processing
• Pagination logic
• Status filtering
• User status updates
• Bulk administrative operations

Business logic remains centralized and reusable across controller endpoints.

---

Administrative API Endpoints

Added secure backend APIs to power the administration interface.

Dashboard Analytics

GET /api/admin/dashboard

The endpoint provides aggregated platform metrics including:

• User statistics
• Product statistics
• Order statistics
• Revenue analytics
• Order status distribution
• Time-series reporting data

---

User Management

GET /api/admin/users

Supports:

• Server-side pagination
• Keyword searching
• User status filtering
• Efficient large dataset handling

---

User Status Updates

PATCH /api/admin/users/:id/status

Allows administrators to:

• Block users
• Unblock users
• Update account status securely

---

Bulk User Operations

POST /api/admin/users/bulk-status

Enables batch processing for:

• Bulk blocking
• Bulk unblocking
• Multi-user administrative actions

---

Authorization and Access Control

Protected all administration endpoints using the existing authentication and role-based authorization middleware.

Access is restricted through:

• Authentication verification
• authMiddleware
• authorizeRoles("admin")

Regular users cannot access administrative resources or management operations.

---

Frontend Dashboard Integration

Extended the administration interface with a modular dashboard experience.

Updated View

• admin.html

Enhancements include:

• Dashboard section
• Products section
• Orders section
• Users section
• Sidebar tab navigation
• Structured data-tab organization

Sections switch dynamically without requiring full page reloads.

---

Analytics Visualization

Integrated Chart.js to provide graphical representations of platform metrics.

Dashboard visualizations include:

• Revenue trend line chart
• Order status doughnut chart

The charts present aggregated backend data in an interactive and easily understandable format.

---

User Management Interface

Added a comprehensive user administration panel within the dashboard.

Features include:

• Search functionality
• Status filtering
• Bulk selection support
• Block selected users
• Unblock selected users
• Administrative action controls

The interface is designed to efficiently manage large user bases.

---

Client-Side Dashboard Logic

Implemented frontend controller logic responsible for rendering dashboard analytics.

Updated Script

• scripts/admin.js

The implementation:

• Fetches analytics data
• Renders Chart.js components
• Updates dashboard statistics
• Refreshes visualizations dynamically
• Synchronizes backend responses with the user interface

---

User Management Client Logic

Implemented dynamic client-side functionality for administrative user operations.

Capabilities include:

• Loading paginated user data
• Debounced search requests
• Status-based filtering
• User block and unblock actions
• Confirmation dialogs for destructive operations
• Success notifications
• Error handling
• Bulk status updates

The interface remains responsive while minimizing unnecessary server requests.

---

Modular Dashboard Navigation

Organized the administration interface into independently accessible sections.

Available modules include:

• Dashboard
• Products
• Orders
• Users

Navigation occurs seamlessly without full-page refreshes, creating a smoother administrative experience.

---

Benefits

• Centralized administration dashboard
• Real-time platform analytics
• Interactive Chart.js visualizations
• Secure role-based access control
• Server-side user pagination
• Efficient search and filtering
• Bulk user management operations
• Administrative audit logging
• Block and unblock user functionality
• Modular tab-based interface
• Scalable backend architecture
• Production-ready management workflow

---

Acceptance Criteria

• Administrative dashboard implemented
• Analytics endpoint created
• User management endpoint implemented
• User status update endpoint added
• Bulk status update endpoint implemented
• Dashboard statistics aggregated
• Revenue analytics provided
• Order distribution analytics generated
• Chart.js integrated
• User search implemented
• Server-side pagination supported
• Status filtering implemented
• Block and unblock functionality added
• Bulk user actions supported
• Audit logging implemented
• Admin authorization enforced
• Existing functionality preserved

---

Technical Notes

• Dashboard analytics are aggregated on the backend before being delivered to the frontend, reducing client-side computation.
• User management utilizes server-side pagination and filtering to maintain performance with large datasets.
• Administrative endpoints are protected through existing authentication and role-based authorization middleware.
• Audit logs record administrative actions for accountability and future compliance requirements.
• The modular architecture allows future expansion with additional analytics, management tools, and reporting capabilities with minimal structural changes.

[vercel]

@Madhavi1108 is attempting to deploy a commit to the Bhuvansh's projects Team on Vercel.

A member of the Team first needs to authorize it.

[BHUVANSH855]

1. adminRoutes.js imports and uses authorizeRoles("admin"), but the provided auth middleware only exports authMiddleware. This will cause route registration/runtime errors unless authorizeRoles is implemented and exported.

2. admin.service.js does not verify affectedRows after user status updates. Updating a non-existent user can still return success.

3. frontend/scripts/admin.js depends on AppUtils.debounce(...). Please verify that debounce exists in AppUtils; otherwise this will throw TypeError: AppUtils.debounce is not a function and break the user management page.

4. Please move SQL files into a dedicated backend SQL/database folder (e.g. backend/sql/ or backend/database/) instead of placing schema files inside backend/scripts/. Database schemas and migration files should be separated from application scripts for better project organization and maintainability.

[Madhavi1108]

Hi @BHUVANSH855 ,
Thank you for your review.
I have implemented the changes.
Kindly let me know if any chanhes are needed from my side

[BHUVANSH855]

1. In backend/routes/adminRoutes.js, authorizeRoles is imported from authMiddleware, but authMiddleware.js only exports the authentication middleware. Please import authorizeRoles from rbacMiddleware.js instead, otherwise the admin routes will fail at runtime.

2. In frontend/scripts/admin.js, AppUtils.getToken() is used, but no getToken() helper is defined/exported in utils.js and this PR does not add one. This may cause the admin page to fail during initialization.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
e-commerce	Ready	Preview, Comment	Jun 22, 2026 5:34am

[Madhavi1108]

Hi @BHUVANSH855 ,
Thank you for your review.
I have made the changes. Kindly let me know if any changes are needed from my side

[BHUVANSH855]

Hi @BHUVANSH855 , Thank you for your review. I have made the changes. Kindly let me know if any changes are needed from my side

Kindly solve merge time conflicts

[Madhavi1108]

Hi @BHUVANSH855 ,
Thank you for your review.
I have resolved the merge conflicts.
Kindly let me know if any changes are needed from my side

[BHUVANSH855]

LGTM