Implement Backend APIs to Manage Admin Roles (Get All Admins & Delete Admin Role)

[abhishek-nexgen-dev]

Extend the backend to support Admin role management by adding secure APIs that allow:

• ✅ Fetching all users with the Admin role
• ❌ Revoking the Admin role from a user by email

These APIs are essential for supporting the Admin Role Management Page on the frontend, allowing Admins to view and manage other Admin users in the system.

📝 Description

Add two new endpoints to manage Admin roles:

1. GET /api/v1/role/admins

   • Returns a list of all users who currently have the Admin role.
   • Response should include each user’s name and email.

2. DELETE /api/v1/role/admin/:email

   • Removes the Admin role from a user based on their email address.
   • Should respond with a success message or an appropriate error if the user is not found or not an Admin.

📌 Objectives

• ✅ Create the following endpoints:

GET    /api/v1/role/admins         → Fetch all Admin users
DELETE /api/v1/role/admin/:email   → Remove Admin role by email

• ✅ Ensure responses include relevant messages and handle common errors (e.g. user not found, already not an Admin, etc.).

1️⃣ Get All Admins

GET /api/v1/role/admins

Expected Response

{
  "status": 200,
  "message": "Admins fetched successfully",
  "data": [
    {
      "name": "Jane Doe",
      "email": "jane@example.com",
      "role": "admin"
    },
    ...
  ]
}

2️⃣ Delete Admin Role by Email

DELETE /api/v1/role/admin/:email

Expected Response

{
  "status": 200,
  "message": "Admin role revoked successfully",
  "data": {
    "email": "target@example.com"
  }
}

✅ Acceptance Criteria

To ensure the Admin Role Management backend APIs are implemented correctly, the following criteria must be met:

• 📄 GET /api/v1/role/admins

  • Returns all users with the Admin role.
  • Each user object includes required fields: name, email, and optionally user ID.

• ❌ DELETE /api/v1/role/admin/:email

  • Successfully removes the Admin role for the user with the given email (if valid).
  • Returns a clear success or error message.

• 🔐 Access Control & Validation

  • Both routes are protected using AuthMiddleware.Admin.
  • Only authenticated Admin users can access these routes.
  • Email is validated before attempting to revoke a role.
  • Prevent errors when email does not exist or user is not an Admin.

• ⚠️ Error Handling

  • Handles invalid inputs, unauthorized access, and unexpected server errors gracefully.
  • Proper HTTP status codes are returned (e.g. 200, 400, 403, 404, 500).

• 🧪 Testing

  • Unit tests written (if a testing framework like Jest, Mocha, etc., is set up).
  • Tests cover both success and failure cases.

• 📦 Response Format

  • All responses use the standard response utility:
    • SendResponse.success() for successful responses.
    • SendResponse.error() for error handling.

[plk449]

I want to work on this issue, can you explain Whether an Admin can revoke the Admin role from another Admin?
Like any Admin?

[abhishek-nexgen-dev]

@plk449 If admin can remove other admin then Remove the all Data related to that Admin

[plk449]

Either i have to join Admin_Role with main User model (if we have a User collection).

Lookup User by email.

Return user’s name + email + role.

Or hove to update schema to store { name, email, role } directly when creating an Admin. from this two which one will be more benifitial

[plk449]

let Admin_Role_Schema = new Schema({
email: {
type: String,
required: true,
},
});

the schema only store email not name and user_id

[abhishek-nexgen-dev]

@plk449 Okay update it