Overview
The GET /api/documents endpoint only returns documents belonging to the authenticated user. Administrators need to see all documents on the platform — across all users and organizations — with filtering and sorting capabilities for oversight, compliance, and dispute resolution.
Background
Files to modify:
backend/src/documents/documents.controller.ts — add admin route
backend/src/documents/documents.service.ts — add findAll(filters, pagination) method
Endpoint:
GET /api/admin/documents — admin-only
Query params:
status — filter by document status
riskMin / riskMax — risk score range
userId — filter by owner
startDate / endDate — upload date range
page, limit
Response: Same DocumentResponseDto as the user list, but including the owner's name and email.
Acceptance Criteria
Overview
The
GET /api/documentsendpoint only returns documents belonging to the authenticated user. Administrators need to see all documents on the platform — across all users and organizations — with filtering and sorting capabilities for oversight, compliance, and dispute resolution.Background
Files to modify:
backend/src/documents/documents.controller.ts— add admin routebackend/src/documents/documents.service.ts— addfindAll(filters, pagination)methodEndpoint:
GET /api/admin/documents— admin-onlyQuery params:
status— filter by document statusriskMin/riskMax— risk score rangeuserId— filter by ownerstartDate/endDate— upload date rangepage,limitResponse: Same
DocumentResponseDtoas the user list, but including the owner's name and email.Acceptance Criteria
403for non-admin userscreatedAtdescending