Skip to content

feat(admin): include admins in complete system data export#623

Open
Kayphoon wants to merge 1 commit into
fawney19:mainfrom
Kayphoon:codex/complete-backup-admin-users-clean
Open

feat(admin): include admins in complete system data export#623
Kayphoon wants to merge 1 commit into
fawney19:mainfrom
Kayphoon:codex/complete-backup-admin-users-clean

Conversation

@Kayphoon
Copy link
Copy Markdown
Contributor

@Kayphoon Kayphoon commented Jun 3, 2026

Summary

  • Include admin users in the complete system data export payload.
  • Keep the standalone users export endpoint limited to non-admin users.
  • Add gateway test coverage for both export paths.

Why

The complete system data export is intended to be a full backup of all system state, but it was previously omitting admin users. This meant that a restored system would lose admin accounts. The standalone users export should continue to exclude admins to avoid leaking privileged credentials through that path.

Changes

  • apps/aether-gateway/src/handlers/admin/request/system/export.rs
    • Add build_admin_system_users_export_payload_with_admin_scope helper with an include_admin_users flag.
    • Use include_admin_users = false for the standalone users export.
    • Use include_admin_users = true for the complete system data export.
  • apps/aether-gateway/src/tests/control/admin/system.rs
    • Extend existing users export test to assert only non-admin users are returned.
    • Add new test gateway_handles_admin_system_data_export_includes_admin_users_in_complete_backup verifying both admin and regular users appear in the complete backup.

Review Guide

Start here:

  • apps/aether-gateway/src/handlers/admin/request/system/export.rs — the scope toggle logic.

Then check:

  • apps/aether-gateway/src/tests/control/admin/system.rs — new and updated assertions.

Focus areas:

  • Ensure the standalone /api/admin/system/users/export path still excludes admins.
  • Ensure the complete /api/admin/system/data/export path now includes admins.

Can skim:

  • Test fixture data (seed auth records) — mechanical additions.

Verification

  • cargo fmt --check
  • git diff --check
  • cargo test -p aether-gateway gateway_handles_admin_system_users_export_locally_with_trusted_admin_principal
  • cargo test -p aether-gateway gateway_handles_admin_system_data_export_includes_admin_users_in_complete_backup
  • cargo test -p aether-gateway admin_system_shared_configs_split_export_owners
  • cargo test -p aether-gateway admin_system_owns_system_route_helpers

Risk

Risk level: Low

Potential impact:

  • If the scope flag is inverted, the standalone users export could leak admin data, or the complete backup could omit admins.

Rollback plan:

  • Revert the single commit; the previous build_admin_system_users_export_payload behavior will be restored.

@Kayphoon Kayphoon marked this pull request as ready for review June 3, 2026 08:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kayphoon