Page body
What this module is for
Use Staff to manage backoffice administrator accounts. Operators come here to create a new admin user, edit an existing one, inspect the permission set for one person, and understand which role or group the account belongs to.
Main surfaces
Staff / Listis the working inventory for all backoffice admin accounts.Staff / Formcovers both create and edit flows.Staff / Viewis the read-oriented workspace for one admin user.Staff / Detaildocuments the shared backend detail payload used by both the read-only and edit surfaces.Staff / Permissionsexplains the permission matrix shown inside the view flow.
What operators need to know first
- The list page is mainly for navigation and inspection. The visible
Statusbadge is informational; no direct staff status toggle was verified on this screen. - Role hierarchy is enforced by the backend. Operators cannot assume every role can create or edit every other role.
- The edit flow is more restrictive than create. The role is not changed from the UI edit form, and group editing is limited by the current role rules in the form.
- Permission values are not just cosmetic checkboxes. They are stored in the backend permission payload and can inherit from another administrator in specific flows.
Key workflow rules
Create
- The create flow writes through
POST /api/admin/create-admin-user. - Role options and group options come from backend-owned lists.
- A support user can be tied to another admin depending on the creator role and the selected parent relationship.
Edit
- The edit flow loads one admin detail payload first and then writes through
PUT /api/admin/update-admin-user. - Password changes are optional on update. The backend only re-encrypts and replaces the password if it actually changed.
- Email and username remain uniqueness-sensitive on update.
Read-only inspection
- The read-only page uses the same admin detail source as the edit page.
- The
Permissionstab is the safest place to confirm what access the current record actually has.
Backend verification summary
The first verified backend ownership for this module is in gs-admin-backend:
GET /api/admin/get-adminsfor the list inventoryGET /api/admin/admin-detailsfor shared detail dataPOST /api/admin/create-admin-userfor creationPUT /api/admin/update-admin-userfor editsGET /api/admin/get-rolesfor role optionsGET /api/admin/get-all-groupfor group optionsPUT /api/admin/generate-demofor the demo-admin action
No separate gs-casino-backend ownership was verified for the current Staff surfaces.