User Management Guide
This guide explains the user management features available in ChimerAI and how to install them via the CLI.
Installation
Users Table (Admin)
chimerai add users-table
Installs a full admin data table for managing users with CRUD operations.
| File | Purpose |
|---|---|
app/admin/users/page.tsx | Admin page with sortable, filterable user table |
app/api/admin/users/route.ts | GET list all users, POST create user |
app/api/admin/users/[id]/route.ts | GET single user, PATCH update, DELETE delete |
Full Admin Dashboard (includes users + roles + settings + audit logs)
chimerai add admin-dashboard
See the Admin Dashboard section below for the complete file list.
API Routes
GET /api/admin/users
Returns a paginated list of all users. Requires admin role.
Query parameters:
page- page number (default: 1)limit- results per page (default: 20)search- filter by name or email
Response:
{
"users": [{ "id": "...", "name": "Alice", "email": "alice@example.com", "createdAt": "..." }],
"total": 42,
"page": 1,
"limit": 20
}
POST /api/admin/users
Creates a new user. Requires admin role.
Request body:
{ "name": "Bob", "email": "bob@example.com", "password": "..." }
PATCH /api/admin/users/[id]
Updates a user's name, email or role. Requires admin role.
DELETE /api/admin/users/[id]
Deletes a user. Requires admin role.
Roles Table
chimerai add roles-table
| File | Purpose |
|---|---|
app/admin/roles/page.tsx | Role management table |
app/api/admin/roles/route.ts | GET list roles, POST create role |
Roles are used by the RBAC system. Each user can have multiple roles assigned via the UserRole join model. Permissions are stored as a JSON array string on the Role model.
Admin Dashboard
chimerai add admin-dashboard
Installs the complete admin panel in one command:
| File | Purpose |
|---|---|
app/admin/layout.tsx | Admin layout with session guard (admin role required) |
app/admin/page.tsx | Dashboard overview with stats |
app/admin/users/page.tsx | User management table |
app/admin/roles/page.tsx | Role management table |
app/admin/settings/page.tsx | App-wide settings |
app/admin/audit-logs/page.tsx | Audit log viewer |
lib/audit-log.ts | logAction() helper |
app/api/admin/users/route.ts | Users CRUD |
app/api/admin/users/[id]/route.ts | Single user operations |
app/api/admin/roles/route.ts | Roles CRUD |
app/api/admin/audit-logs/route.ts | Audit log query |
app/api/admin/settings/route.ts | Settings read/write |
The admin layout guards access using NextAuth session + role check. Any user without the admin role receives a 403.
RBAC (Role-Based Access Control)
Roles and permissions are stored in two Prisma models:
model Role {
id String @id @default(cuid())
name String @unique // e.g. "admin", "editor", "viewer"
permissions String @default("[]") // JSON array: ["users:read", "users:write"]
}
model UserRole {
userId String
roleId String
@@id([userId, roleId])
}
To check permissions in server code:
import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth';
import { prisma } from '@/lib/prisma';
const session = await getServerSession(authOptions);
const roles = await prisma.userRole.findMany({
where: { userId: session.user.id },
include: { role: true },
});
const permissions = roles.flatMap((r) => JSON.parse(r.role.permissions));
const canWrite = permissions.includes('users:write');
Audit Logging
chimerai add audit-log
Installs lib/audit-log.ts with a logAction() helper that writes to the AuditLog table.
import { logAction } from '@/lib/audit-log';
await logAction({
userId: session.user.id,
action: 'user.delete',
resource: 'user',
resourceId: targetUserId,
metadata: { reason: 'GDPR request' },
});
The audit log page at /admin/audit-logs shows all recorded actions with timestamps, user info and metadata. Useful for compliance and security reviews.
Notes
- All admin routes check for an authenticated session and admin role. Unauthenticated requests return
401, non-admin requests return403. - The users table supports inline editing - click a row to open a detail panel.
- Passwords are stored as bcrypt hashes. The admin cannot read plain-text passwords.
- Use
chimerai add admin-dashboardto get everything in one step instead of installing components individually.