# Admin User Seeder

This document explains how to use the admin user seeder to create administrative accounts for the Schematics Backend application.

## Overview

The admin seeder creates multiple admin users with different roles and permissions, providing a comprehensive administrative structure for the application.

## Files

- `prisma/admin-seeders.ts` - Main admin seeder script
- `scripts/seed-admins.js` - Node.js script to run the admin seeder
- `prisma/ADMIN_SEED_README.md` - This documentation file

## Admin Users Created

The seeder creates the following admin accounts:

### 1. Super Administrator

- **Email**: `superadmin@schematics.com`
- **Password**: `SuperAdmin@2024!`
- **Role**: `SUPER_ADMIN`
- **Permissions**: `ALL`
- **Description**: Full system access with all permissions

### 2. System Administrator

- **Email**: `admin@schematics.com`
- **Password**: `Admin@2024!`
- **Role**: `ADMIN`
- **Permissions**: `USER_MANAGEMENT`, `CONTENT_MANAGEMENT`, `ANALYTICS`
- **Description**: Standard administrative access with user and content management

### 3. Content Moderator

- **Email**: `moderator@schematics.com`
- **Password**: `Moderator@2024!`
- **Role**: `MODERATOR`
- **Permissions**: `CONTENT_MODERATION`, `USER_SUPPORT`
- **Description**: Content moderation and user support capabilities

### 4. Support Administrator

- **Email**: `support@schematics.com`
- **Password**: `Support@2024!`
- **Role**: `SUPPORT`
- **Permissions**: `USER_SUPPORT`, `TICKET_MANAGEMENT`
- **Description**: Customer support and ticket management

### 5. Data Analyst

- **Email**: `analyst@schematics.com`
- **Password**: `Analyst@2024!`
- **Role**: `ANALYST`
- **Permissions**: `ANALYTICS`, `REPORTING`
- **Description**: Data analysis and reporting access

### 6. Developer Admin

- **Email**: `developer@schematics.com`
- **Password**: `Developer@2024!`
- **Role**: `DEVELOPER`
- **Permissions**: `SYSTEM_CONFIG`, `API_MANAGEMENT`, `LOGS`
- **Description**: System configuration and technical management

## Usage

### Method 1: Using npm script (Recommended)

```bash
npm run seed:admins
```

### Method 2: Using the Node.js script directly

```bash
node scripts/seed-admins.js
```

### Method 3: Using tsx directly

```bash
npx tsx prisma/admin-seeders.ts
```

## Features

- **Secure Passwords**: All admin accounts use strong, unique passwords
- **Role-Based Access**: Different admin roles with specific permissions
- **Password Hashing**: Passwords are hashed using bcrypt with salt rounds of 14
- **Duplicate Prevention**: Checks for existing admins before creating new ones
- **Comprehensive Logging**: Detailed console output showing creation progress
- **Security Recommendations**: Built-in security advice and best practices

## Security Considerations

⚠️ **IMPORTANT SECURITY NOTES:**

1. **Change Default Passwords**: Immediately change all default passwords in production
2. **Enable 2FA**: Implement two-factor authentication for admin accounts
3. **Regular Audits**: Periodically review admin access and permissions
4. **Strong Passwords**: Use unique, strong passwords for each admin account
5. **Monitor Activity**: Regularly check admin activity logs
6. **Limit Access**: Only create admin accounts for users who need them

## Database Schema Requirements

The admin seeder requires the following database tables:

- `users` - Main user table with admin user type support
- Proper enum values for `user_type` (including 'ADMIN')
- Proper enum values for `subscriptionTier`

## Troubleshooting

### Common Issues

1. **Database Connection Error**
   - Ensure your database is running
   - Check your `.env` file for correct database connection string

2. **Permission Denied**
   - Make sure you have write permissions to the database
   - Check if the user has proper database privileges

3. **Duplicate Admin Error**
   - The seeder will skip existing admins automatically
   - To force recreation, delete existing admin users first

### Logs

The seeder provides detailed console output including:

- Creation progress for each admin
- Summary of created admins
- Login credentials
- Security recommendations

## Customization

To modify the admin seeder:

1. **Add New Admins**: Edit the `ADMIN_DATA` array in `admin-seeders.ts`
2. **Change Roles**: Modify the role definitions and permissions
3. **Update Passwords**: Change the default passwords (remember to update documentation)
4. **Add Permissions**: Extend the permissions system as needed

## Integration

The admin seeder integrates with:

- Prisma ORM for database operations
- bcryptjs for password hashing
- TypeScript for type safety
- The existing user management system

## Support

For issues or questions regarding the admin seeder:

1. Check the console output for error messages
2. Verify database connectivity
3. Ensure all dependencies are installed
4. Review the security recommendations

---

**Remember**: Always change default passwords and implement proper security measures before deploying to production!