10. Managing administrators¶

The Admins page at /admin/admins is only visible to administrators with the superadmin role. Regular admins are silently redirected back to the dashboard if they try the URL directly.

Why is admin management restricted?¶

Administrators have full read/write access to the entire LexiScor catalog: they can publish, archive and edit quizzes, see every attempt, and pull data from the bookstore. Adding a new administrator therefore needs to be a deliberate decision; it is restricted to people who own the platform end-to-end.

In practice you will have a small number of superadmins (one or two trusted owners) and a slightly larger number of regular admins (the people who prepare and publish quizzes day to day).

What you see on the page¶

The page is laid out in two columns side-by-side.

Left column — Add Admin¶

A small card with one input and one button:

Email — the email address of the new administrator.
Add Admin — clicking this immediately registers the email as an administrator account.

Important: no welcome email is sent. As soon as you add someone, they can go to /login, type their email, request a one-time code, and sign in. It is up to you to let them know they have access.

By default, every account added through this page has the admin role — not superadmin. Promoting someone to superadmin is a developer operation today (set the role directly in the database) and is intentionally not exposed in the UI to keep the door narrow.

Right column — Admins list¶

A card listing every administrator currently in the system. For each account you see:

Name (filled in once they sign in for the first time).
Email.
A small role badge — admin or superadmin.
A delete button (trash icon), enabled for everyone except yourself (you cannot remove your own account).

Clicking Delete removes the administrator immediately. There is no confirmation step in the current build, so be deliberate.

Routine tasks¶

Onboarding a new administrator¶

On the Admins page, type their email address into the Email field.
Click Add Admin. The new entry appears on the right within a second.
Send them an out-of-band message (e.g. a Slack/Teams DM or a personal email) telling them:
The application URL (e.g. https://lexiscor.ro/login).
That they sign in with their email and a one-time code — no password is needed.

Off-boarding an administrator¶

When someone leaves the team, simply click the trash icon next to their row. Their existing edits, publishes and imports stay in place — the audit trail still attributes those actions to them — but they can no longer sign in.

Auditing access¶

The Admins page is currently the canonical list of who has access. There is no automatic export, but the list is small enough to screenshot or copy by hand for periodic security reviews.

Frequently asked questions¶

Can I prevent a deleted admin from getting back in by creating a new account with the same email? Yes — they would only get back in if a superadmin actively re-added the same email. Removed accounts cannot self-restore.

What happens to a quiz that an off-boarded admin created? Nothing changes. The quiz keeps its author attribution, stays published or draft as before, and continues to work for pupils.

Is there activity logging for what each admin does? Inline text edits are recorded in an internal change log (who, what, from, to, when). Other actions (publishing, importing, syncing) are tracked as well — for example the Magento Sync history shows who triggered each sync. There is no consolidated activity dashboard yet, but the data is in the database if you ever need it.