# Admin Portal Backend — Outcomes

## Files Created

| File | Purpose |
|------|---------|
| `src/apps/admin/__init__.py` | Package marker |
| `src/apps/admin/models/__init__.py` | Package marker |
| `src/apps/admin/models/admin_audit_log.py` | AdminAuditLog ORM model |
| `src/apps/admin/schemas/__init__.py` | Package marker |
| `src/apps/admin/schemas/admin_common.py` | Pydantic schemas |
| `src/apps/admin/crud.py` | DB query functions |
| `src/apps/admin/services.py` | Business logic (dashboard stats, impersonation) |
| `src/apps/admin/router.py` | FastAPI router with all endpoints |
| `migrations/versions/d4e5f6a7b8c9_admin_audit_log_and_impersonation.py` | Alembic migration |
| `tests/test_admin/__init__.py` | Test package marker |
| `tests/test_admin/test_admin_router.py` | Unit tests |
| `feature-workspace/admin-portal/progress.md` | This document set |

## Files Modified

| File | Change |
|------|--------|
| `src/apps/auth/models/auth_session.py` | Added `impersonated_merchant_id` FK column |
| `src/apps/auth/utils/auth.py` | Updated `get_current_merchant()` to honor impersonation sessions |
| `src/core/routers/v1.py` | Registered admin router at `/admin` |
| `src/core/database.py` | Added `AdminAuditLog` to `register_models()` |

## API Endpoints (all under `/api/v1/admin`, require superuser token)

| Method | Path | Description |
|--------|------|-------------|
| GET | `/dashboard/stats` | Aggregated merchant and transaction stats |
| GET | `/merchants` | Paginated merchant list with search/filter |
| GET | `/merchants/{id}` | Merchant detail |
| PATCH | `/merchants/{id}` | Update merchant fields |
| DELETE | `/merchants/{id}` | Soft-delete merchant |
| POST | `/merchants/{id}/activate` | Set is_active=True, record approved_by/at |
| POST | `/merchants/{id}/deactivate` | Set is_active=False |
| GET | `/merchants/{id}/transactions` | Merchant transactions (paginated) |
| GET | `/merchants/{id}/payment-requests` | Merchant payment requests (paginated) |
| GET | `/merchants/{id}/invoices` | Merchant invoices (paginated) |
| GET | `/merchants/{id}/subscriptions` | Stub — returns empty list |
| GET | `/merchants/{id}/customers` | Merchant customers (paginated) |
| POST | `/merchants/{id}/impersonate` | Create 4-hour impersonation token |
| DELETE | `/merchants/{id}/impersonate` | Revoke impersonation session |
| GET | `/users` | List admin (superuser) accounts |
| POST | `/users` | Create admin user |
| PATCH | `/users/{id}` | Update admin user |
| DELETE | `/users/{id}` | Soft-delete admin user |
| GET | `/audit-log` | Paginated audit log with filters |