feat(db/m7-user-mgmt): migration 0023 + admin-user CRUD queries

Adds users.auto_approve_requests boolean default false (the #355
sub-feature surface; the request-flow handler that honors this
flag is U2.5 follow-up work).

Four new sqlc queries for the U2 admin endpoints:
- CreateUserAdmin: admin-driven user creation, accepts all five
  fields explicitly.
- DeleteUser: hard delete; schema's ON DELETE CASCADE foreign
  keys handle plays/likes/sessions cleanup. Last-admin guard
  lives in the HTTP layer (next task).
- ResetUserPassword: admin sets a new hashed password without
  knowing the old one.
- UpdateUserAutoApprove: toggles the new boolean.

Self-service equivalents (knows-current-password change, etc.)
are U3 work and use distinct queries.
This commit is contained in:
2026-05-07 12:12:18 -04:00
parent 97d4dce7ee
commit 6b07eaa44d
5 changed files with 166 additions and 6 deletions
@@ -0,0 +1 @@
ALTER TABLE users DROP COLUMN IF EXISTS auto_approve_requests;
@@ -0,0 +1,10 @@
-- Adds users.auto_approve_requests for the per-user auto-approve toggle
-- (#355 sub-feature surface). The handler that honors this flag in
-- the request submission flow is sibling work (U2.5 follow-up); this
-- migration just lands the schema + the column default.
--
-- Default false: existing users keep manual approval, opt-in via the
-- admin user-management UI.
ALTER TABLE users
ADD COLUMN IF NOT EXISTS auto_approve_requests boolean NOT NULL DEFAULT false;