Skip to content

[BE-71] Implement GET /api/admin/documents — platform-wide document list for admin oversight #795

Description

@mftee

Overview

The GET /api/documents endpoint only returns documents belonging to the authenticated user. Administrators need to see all documents on the platform — across all users and organizations — with filtering and sorting capabilities for oversight, compliance, and dispute resolution.

Background

Files to modify:

  • backend/src/documents/documents.controller.ts — add admin route
  • backend/src/documents/documents.service.ts — add findAll(filters, pagination) method

Endpoint:
GET /api/admin/documents — admin-only

Query params:

  • status — filter by document status
  • riskMin / riskMax — risk score range
  • userId — filter by owner
  • startDate / endDate — upload date range
  • page, limit

Response: Same DocumentResponseDto as the user list, but including the owner's name and email.

Acceptance Criteria

  • Endpoint returns 403 for non-admin users
  • All query filters work independently and in combination
  • Response includes owner name and email alongside each document
  • Results ordered by createdAt descending
  • No N+1 queries — use TypeORM query builder with a JOIN

Metadata

Metadata

Assignees

Labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions