arifal/setrip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ea63f56e975c3c007213593204ad701e94e8df78
setrip/ADMIN_ROADMAP.md
T

5.6 KiB
Raw Blame History

Setrip — Admin Roadmap (Index)

Status implementasi kemampuan admin agar admin dapat mengontrol seluruh aplikasi saat ada insiden, bukan hanya read-only dashboard.

Prinsip: admin adalah safety net terakhir saat sistem otomatis gagal atau ada bad actor. Setiap action admin harus auditable (siapa, kapan, alasan), idempotent, dan terbatas hanya untuk admin yang terdaftar di ADMIN_EMAILS.

Baseline — yang BISA admin lakukan sekarang

Area Fungsi File
Dashboard View count: verifikasi PENDING, refund per status, payout per status app/admin/page.tsx
Global search Search bar di sidebar — by email, order_id, cuid, fuzzy trip/user features/admin/components/admin-search-bar.tsx
Trips List + search + detail; force-cancel dengan auto-refund (admin intervention) app/admin/trips/
Users List + search + filter (active/suspended); detail dengan trip + booking history; suspend/unsuspend app/admin/users/
Bookings detail Timeline lintas Payment + Refund + Payout, raw callback viewer, Midtrans reconcile app/admin/bookings/[id]/page.tsx
Verifikasi KYC Approve / Reject / Reopen REJECTED; filter date range + reviewer; CSV export app/admin/verifications/page.tsx
Refund Create manual, approve, reject, mark SUCCEEDED/FAILED; filter date/reviewer/reason; link ke booking timeline; CSV export app/admin/refunds/page.tsx
Payout View per status, mark PAID; filter date/processor; link ke booking timeline; CSV export app/admin/payouts/page.tsx
Audit Log View semua action admin lintas entity (refund, payout, trip cancel, suspend, dst); filter by admin/entity/action/date app/admin/audit-log/page.tsx
System Health Status cron jobs (last run, last success, 7d stats), 20 recent runs, health badge app/admin/system/page.tsx

Aksi mutating yang diblokir untuk suspended user: sign-in (NextAuth), createTripAction, joinTripAction. Trip public list otomatis sembunyikan organizer suspended.

Audit trail otomatis: semua aksi admin (suspend, force-cancel, reconcile, approve/reject verification/refund, mark payout PAID, reopen verification) tercatat di AdminActionLog via auditLog.record().

Auth admin: env ADMIN_EMAILS → cek di lib/admin.ts, dipassing ke session via lib/auth.ts.

Roadmap per area

Roadmap Prioritas Status File
Trip Operations 🔴 HIGH Delivered docs/archive/ADMIN_TRIP_OPS_ROADMAP.md
Payment Operations 🔴 HIGH Delivered docs/archive/ADMIN_PAYMENT_OPS_ROADMAP.md
Audit & Investigation 🔴 HIGH Delivered docs/archive/ADMIN_AUDIT_ROADMAP.md
User Management 🟡 MEDIUM Delivered docs/archive/ADMIN_USER_MGMT_ROADMAP.md
Verification 🟡 MEDIUM 🚧 Phase 1 done · 2-4 deferred docs/archive/ADMIN_VERIFICATION_ROADMAP.md
System Health 🟡 MEDIUM 🚧 Phase 1-2 done · 3-4 deferred docs/archive/ADMIN_SYSTEM_HEALTH_ROADMAP.md

Legend status: belum mulai · 🚧 partial · selesai

Sisa pekerjaan (semua deferred — low priority)

  • Verification Phase 2 Re-upload request flow (butuh schema + organizer-side UI)
  • Verification Phase 3 Verification history (audit trail multi-submission)
  • Verification Phase 4 Manual override (admin verify tanpa upload, untuk referral)
  • System Health Phase 3 Stale state alerts (Payment AWAITING > 25h, Payout HELD overdue)
  • System Health Phase 4 External alerting (Discord webhook)
  • User Mgmt Phase 3 Bulk analytics dashboard

Tidak ada yang blocking. Diangkat saat ada incident konkret atau permintaan stakeholder.

Tindakan manual setelah deploy

Untuk versi yang berisi delivery 6 roadmap admin:

# Apply 4 migration baru
npx prisma migrate deploy
#   - 20260518150000_add_trip_admin_cancel
#   - 20260518160000_add_user_suspension
#   - 20260518170000_add_cron_run
#   - 20260518180000_add_admin_action_log

# Restart Next.js / PM2 supaya Prisma client baru ter-load
pm2 restart setrip --update-env

Brief admin tentang kapabilitas baru:

  • Global search di sidebar — ketik email, order_id, atau cuid; auto-detect ke detail page yang tepat.
  • Force-cancel trip di /admin/trips/[id] — pakai saat organizer unreachable / dispute, reason wajib min 10 char.
  • Reconcile Midtrans di /admin/bookings/[id] — pakai saat peserta lapor "sudah bayar tapi status belum update". Idempotent.
  • Suspend user di /admin/users/[id] — pakai untuk scam/harassment. Suspended user diblokir sign-in dan aksi mutatif.
  • Reopen verification di /admin/verifications (tab REJECTED) — saat organizer kirim ulang foto via email/WA.
  • System status di /admin/system — cek setiap pagi, pastikan cron jalan (🟢 OK).
  • Audit log di /admin/audit-log — bukti compliance saat audit eksternal; semua aksi admin tercatat dengan email + payload.
  • CSV export di refunds/payouts/verifications — download untuk laporan keuangan/compliance.
  • Filter date range + reviewer di refunds/payouts/verifications — untuk investigasi.
Reference in New Issue View Git Blame Copy Permalink