Added admin endpoints.

Backend/api/routes/admin.py

@@ -0,0 +1,1160 @@
+from typing import Optional, List
+from uuid import UUID
+from datetime import datetime, timedelta
+from fastapi import APIRouter, Depends, HTTPException, status, Query
+from pydantic import BaseModel, EmailStr
+from sqlalchemy import select, func, or_, desc, asc
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.orm import selectinload, aliased
+import bcrypt
+import jwt
+
+from Backend.database.connection import get_db
+from Backend.database.models import Department, Member, Issue, Escalation, Classification, IssueEvent, IssueImage
+from Backend.core.config import settings
+from Backend.core.logging import get_logger
+from Backend.core.schemas import IssueResponse, IssueState
+from Backend.utils.storage import get_upload_url
+
+logger = get_logger(__name__)
+router = APIRouter()
+
+SECRET_KEY = settings.supabase_jwt_secret
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_HOURS = 24
+
+
+def hash_password(password: str) -> str:
+    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+
+
+def verify_password(password: str, password_hash: str) -> bool:
+    return bcrypt.checkpw(password.encode(), password_hash.encode())
+
+
+def create_access_token(member_id: UUID, role: str) -> str:
+    expire = datetime.utcnow() + timedelta(hours=ACCESS_TOKEN_EXPIRE_HOURS)
+    payload = {
+        "sub": str(member_id),
+        "role": role,
+        "exp": expire,
+        "iat": datetime.utcnow(),
+    }
+    return jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
+
+
+class LoginRequest(BaseModel):
+    email: str
+    password: str
+    expected_role: Optional[str] = None
+
+
+class LoginResponse(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+    user: dict
+
+
+
+from fastapi.security import OAuth2PasswordBearer
+from jwt import PyJWTError
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/admin/login")
+
+async def get_current_user(token: str = Depends(oauth2_scheme), db: AsyncSession = Depends(get_db)):
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        member_id: str = payload.get("sub")
+        if member_id is None:
+            raise HTTPException(status_code=401, detail="Invalid authentication credentials")
+    except PyJWTError:
+        raise HTTPException(status_code=401, detail="Invalid authentication credentials")
+        
+    member = await db.get(Member, UUID(member_id))
+    if member is None:
+        raise HTTPException(status_code=401, detail="User not found")
+    return member
+
+async def get_current_active_user(current_user: Member = Depends(get_current_user)):
+    if not current_user.is_active:
+        raise HTTPException(status_code=400, detail="Inactive user")
+    return current_user
+
+async def get_current_admin(current_user: Member = Depends(get_current_active_user)):
+    if current_user.role != "admin":
+        raise HTTPException(status_code=403, detail="Not authorized")
+    return current_user
+
+
+@router.post("/login", response_model=LoginResponse)
+async def staff_login(
+    data: LoginRequest,
+    db: AsyncSession = Depends(get_db),
+):
+    member = await db.execute(
+        select(Member).where(Member.email == data.email, Member.is_active == True)
+    )
+    member = member.scalar_one_or_none()
+    
+    if not member or not member.password_hash:
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+    
+    if not verify_password(data.password, member.password_hash):
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+    
+    if data.expected_role:
+        if data.expected_role == "admin" and member.role != "admin":
+            raise HTTPException(status_code=403, detail="Access denied. You are not an admin.")
+        if data.expected_role == "worker" and member.role == "admin":
+            raise HTTPException(status_code=403, detail="Admins should login as Admin, not Worker.")
+    
+    access_token = create_access_token(member.id, member.role)
+    
+    return LoginResponse(
+        access_token=access_token,
+        user={
+            "id": str(member.id),
+            "name": member.name,
+            "email": member.email,
+            "role": member.role,
+            "department_id": str(member.department_id) if member.department_id else None,
+        },
+    )
+
+
+class DepartmentCreate(BaseModel):
+    name: str
+    code: str
+    description: Optional[str] = None
+    categories: Optional[str] = None
+    default_sla_hours: int = 48
+    escalation_email: Optional[str] = None
+
+
+class DepartmentUpdate(BaseModel):
+    name: Optional[str] = None
+    description: Optional[str] = None
+    categories: Optional[str] = None
+    default_sla_hours: Optional[int] = None
+    escalation_email: Optional[str] = None
+    is_active: Optional[bool] = None
+
+
+class DepartmentResponse(BaseModel):
+    id: UUID
+    name: str
+    code: str
+    description: Optional[str]
+    categories: Optional[str]
+    default_sla_hours: int
+    escalation_email: Optional[str]
+    is_active: bool
+    member_count: int = 0
+
+    class Config:
+        from_attributes = True
+
+
+class MemberInvite(BaseModel):
+    department_id: UUID
+    name: str
+    email: str
+    phone: Optional[str] = None
+    role: str = "officer"
+    city: Optional[str] = None
+    locality: Optional[str] = None
+    max_workload: int = 10
+    send_invite: bool = True
+
+
+class MemberCreate(BaseModel):
+    department_id: UUID
+    name: str
+    email: str
+    phone: Optional[str] = None
+    role: str = "worker"
+    city: Optional[str] = None
+    locality: Optional[str] = None
+    max_workload: int = 10
+    password: str
+
+
+class MemberUpdate(BaseModel):
+    name: Optional[str] = None
+    email: Optional[str] = None
+    phone: Optional[str] = None
+    role: Optional[str] = None
+    city: Optional[str] = None
+    locality: Optional[str] = None
+    max_workload: Optional[int] = None
+    is_active: Optional[bool] = None
+    password: Optional[str] = None
+
+
+class MemberResponse(BaseModel):
+    id: UUID
+    department_id: Optional[UUID]
+    name: str
+    email: str
+    phone: Optional[str]
+    role: str
+    city: Optional[str]
+    locality: Optional[str]
+    is_active: bool
+    current_workload: int
+    max_workload: int
+    invite_status: Optional[str] = None
+
+    class Config:
+        from_attributes = True
+
+
+
+
+
+@router.post("/departments", response_model=DepartmentResponse, status_code=status.HTTP_201_CREATED)
+async def create_department(
+    data: DepartmentCreate,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+
+    existing = await db.execute(select(Department).where(Department.code == data.code))
+    if existing.scalar_one_or_none():
+        raise HTTPException(status_code=400, detail="Department code already exists")
+    
+    department = Department(
+        name=data.name,
+        code=data.code.upper(),
+        description=data.description,
+        categories=data.categories,
+        default_sla_hours=data.default_sla_hours,
+        escalation_email=data.escalation_email,
+    )
+    db.add(department)
+    await db.flush()
+    await db.refresh(department)
+    
+    return DepartmentResponse(
+        id=department.id,
+        name=department.name,
+        code=department.code,
+        description=department.description,
+        categories=department.categories,
+        default_sla_hours=department.default_sla_hours,
+        escalation_email=department.escalation_email,
+        is_active=department.is_active,
+        member_count=0,
+    )
+
+
+@router.get("/departments", response_model=list[DepartmentResponse])
+async def list_departments(
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    query = select(Department).order_by(Department.name)
+    result = await db.execute(query)
+    departments = result.scalars().all()
+    
+    response = []
+    for dept in departments:
+        member_count = await db.execute(
+            select(func.count(Member.id)).where(Member.department_id == dept.id)
+        )
+        count = member_count.scalar() or 0
+        
+        response.append(DepartmentResponse(
+            id=dept.id,
+            name=dept.name,
+            code=dept.code,
+            description=dept.description,
+            categories=dept.categories,
+            default_sla_hours=dept.default_sla_hours,
+            escalation_email=dept.escalation_email,
+            is_active=dept.is_active,
+            member_count=count,
+        ))
+    
+    return response
+
+
+@router.get("/departments/{department_id}", response_model=DepartmentResponse)
+async def get_department(
+    department_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    department = await db.get(Department, department_id)
+    if not department:
+        raise HTTPException(status_code=404, detail="Department not found")
+    
+    member_count = await db.execute(
+        select(func.count(Member.id)).where(Member.department_id == department.id)
+    )
+    count = member_count.scalar() or 0
+    
+    return DepartmentResponse(
+        id=department.id,
+        name=department.name,
+        code=department.code,
+        description=department.description,
+        categories=department.categories,
+        default_sla_hours=department.default_sla_hours,
+        escalation_email=department.escalation_email,
+        is_active=department.is_active,
+        member_count=count,
+    )
+
+
+@router.patch("/departments/{department_id}", response_model=DepartmentResponse)
+async def update_department(
+    department_id: UUID,
+    data: DepartmentUpdate,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    department = await db.get(Department, department_id)
+    if not department:
+        raise HTTPException(status_code=404, detail="Department not found")
+    
+    update_data = data.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(department, key, value)
+    
+    await db.flush()
+    
+    member_count = await db.execute(
+        select(func.count(Member.id)).where(Member.department_id == department.id)
+    )
+    count = member_count.scalar() or 0
+    
+    return DepartmentResponse(
+        id=department.id,
+        name=department.name,
+        code=department.code,
+        description=department.description,
+        categories=department.categories,
+        default_sla_hours=department.default_sla_hours,
+        escalation_email=department.escalation_email,
+        is_active=department.is_active,
+        member_count=count,
+    )
+
+
+@router.delete("/departments/{department_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_department(
+    department_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    department = await db.get(Department, department_id)
+    if not department:
+        raise HTTPException(status_code=404, detail="Department not found")
+    
+    await db.delete(department)
+    await db.flush()
+
+
+@router.post("/members/invite", status_code=status.HTTP_201_CREATED)
+async def invite_member(
+    data: MemberInvite,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    department = await db.get(Department, data.department_id)
+    if not department:
+        raise HTTPException(status_code=404, detail="Department not found")
+    
+    existing = await db.execute(select(Member).where(Member.email == data.email))
+    if existing.scalar_one_or_none():
+        raise HTTPException(status_code=400, detail="Email already exists")
+    
+    invite_result = None
+    if data.send_invite:
+        invite_result = await supabase_auth.invite_user(
+            email=data.email,
+            redirect_to=f"{settings.frontend_url}/auth/callback"
+        )
+    
+    member = Member(
+        department_id=data.department_id,
+        name=data.name,
+        email=data.email,
+        phone=data.phone,
+        role=data.role,
+        city=data.city,
+        locality=data.locality,
+        max_workload=data.max_workload,
+    )
+    db.add(member)
+    await db.flush()
+    await db.refresh(member)
+    
+    return {
+        "member": MemberResponse(
+            id=member.id,
+            department_id=member.department_id,
+            name=member.name,
+            email=member.email,
+            phone=member.phone,
+            role=member.role,
+            city=member.city,
+            locality=member.locality,
+            is_active=member.is_active,
+            current_workload=member.current_workload,
+            max_workload=member.max_workload,
+            invite_status="sent" if invite_result and invite_result.get("success") else "not_sent",
+        ),
+        "invite": invite_result,
+        "message": f"Member created. {'Invite email sent!' if invite_result and invite_result.get('success') else 'No invite sent.'}",
+    }
+
+
+
+
+
+@router.post("/members", response_model=MemberResponse, status_code=status.HTTP_201_CREATED)
+async def create_member(
+    data: MemberCreate,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+
+    department = await db.get(Department, data.department_id)
+    if not department:
+        raise HTTPException(status_code=404, detail="Department not found")
+    
+    existing = await db.execute(select(Member).where(Member.email == data.email))
+    if existing.scalar_one_or_none():
+        raise HTTPException(status_code=400, detail="Email already exists")
+    
+    member = Member(
+        department_id=data.department_id,
+        name=data.name,
+        email=data.email,
+        phone=data.phone,
+        role=data.role,
+        city=data.city,
+        locality=data.locality,
+        max_workload=data.max_workload,
+        password_hash=hash_password(data.password),
+    )
+    db.add(member)
+    await db.flush()
+    await db.refresh(member)
+
+    
+    return MemberResponse(
+        id=member.id,
+        department_id=member.department_id,
+        name=member.name,
+        email=member.email,
+        phone=member.phone,
+        role=member.role,
+        city=member.city,
+        locality=member.locality,
+        is_active=member.is_active,
+        current_workload=member.current_workload,
+        max_workload=member.max_workload,
+    )
+
+
+@router.post("/members/{member_id}/send-invite")
+async def send_member_invite(
+    member_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    member = await db.get(Member, member_id)
+    if not member:
+        raise HTTPException(status_code=404, detail="Member not found")
+    
+    if not settings.frontend_url:
+        raise HTTPException(status_code=500, detail="FRONTEND_URL not configured")
+
+    result = await supabase_auth.invite_user(
+        email=member.email,
+        redirect_to=f"{settings.frontend_url}/auth/callback"
+    )
+    
+    if result.get("success"):
+        return {
+            "success": True,
+            "message": f"Invite sent to {member.email}",
+            "member_id": str(member.id),
+        }
+    else:
+        raise HTTPException(
+            status_code=400,
+            detail=result.get("message", "Failed to send invite")
+        )
+
+
+@router.post("/members/{member_id}/magic-link")
+async def send_magic_link(
+    member_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    member = await db.get(Member, member_id)
+    if not member:
+        raise HTTPException(status_code=404, detail="Member not found")
+    
+    if not settings.frontend_url:
+        raise HTTPException(status_code=500, detail="FRONTEND_URL not configured")
+
+    result = await supabase_auth.send_magic_link(
+        email=member.email,
+        redirect_to=f"{settings.frontend_url}/auth/callback"
+    )
+    
+    if result.get("success"):
+        return {
+            "success": True,
+            "message": f"Magic link sent to {member.email}",
+        }
+    else:
+        raise HTTPException(
+            status_code=400,
+            detail=result.get("message", "Failed to send magic link")
+        )
+
+
+@router.get("/members", response_model=list[MemberResponse])
+async def list_members(
+    department_id: Optional[UUID] = None,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    query = select(Member).order_by(Member.name)
+    if department_id:
+        query = query.where(Member.department_id == department_id)
+    
+    result = await db.execute(query)
+    members = result.scalars().all()
+    
+    return [
+        MemberResponse(
+            id=m.id,
+            department_id=m.department_id,
+            name=m.name,
+            email=m.email,
+            phone=m.phone,
+            role=m.role,
+            city=m.city,
+            locality=m.locality,
+            is_active=m.is_active,
+            current_workload=m.current_workload,
+            max_workload=m.max_workload,
+        )
+        for m in members
+    ]
+
+
+@router.get("/members/{member_id}", response_model=MemberResponse)
+async def get_member(
+    member_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    member = await db.get(Member, member_id)
+    if not member:
+        raise HTTPException(status_code=404, detail="Member not found")
+    
+    return MemberResponse(
+        id=member.id,
+        department_id=member.department_id,
+        name=member.name,
+        email=member.email,
+        phone=member.phone,
+        role=member.role,
+        city=member.city,
+        locality=member.locality,
+        is_active=member.is_active,
+        current_workload=member.current_workload,
+        max_workload=member.max_workload,
+    )
+
+
+@router.patch("/members/{member_id}", response_model=MemberResponse)
+async def update_member(
+    member_id: UUID,
+    data: MemberUpdate,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    member = await db.get(Member, member_id)
+    if not member:
+        raise HTTPException(status_code=404, detail="Member not found")
+    
+    update_data = data.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(member, key, value)
+    
+    await db.flush()
+    
+    return MemberResponse(
+        id=member.id,
+        department_id=member.department_id,
+        name=member.name,
+        email=member.email,
+        phone=member.phone,
+        role=member.role,
+        city=member.city,
+        locality=member.locality,
+        is_active=member.is_active,
+        current_workload=member.current_workload,
+        max_workload=member.max_workload,
+    )
+
+
+@router.delete("/members/{member_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_member(
+    member_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    member = await db.get(Member, member_id)
+    if not member:
+        raise HTTPException(status_code=404, detail="Member not found")
+    
+    await db.delete(member)
+    await db.flush()
+
+
+@router.get("/stats")
+async def get_admin_stats(
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    from Backend.database.models import Issue, Classification
+    from datetime import datetime, timedelta
+    
+    dept_count = await db.execute(select(func.count(Department.id)))
+    member_count = await db.execute(select(func.count(Member.id)))
+    issue_count = await db.execute(select(func.count(Issue.id)))
+    pending_count = await db.execute(
+        select(func.count(Issue.id)).where(Issue.state.in_(["reported", "validated", "assigned"]))
+    )
+    resolved_count = await db.execute(
+        select(func.count(Issue.id)).where(Issue.state.in_(["resolved", "closed", "verified"]))
+    )
+    verification_count = await db.execute(
+        select(func.count(Issue.id)).where(Issue.state == "pending_verification")
+    )
+    
+    category_query = (
+        select(
+            Classification.primary_category,
+            func.count(Classification.id).label("count")
+        )
+        .group_by(Classification.primary_category)
+        .order_by(func.count(Classification.id).desc())
+        .limit(6)
+    )
+    category_result = await db.execute(category_query)
+    categories = category_result.all()
+    issues_by_category = [{"name": cat or "Unknown", "value": cnt} for cat, cnt in categories]
+    
+    today = datetime.utcnow().date()
+    day_names = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
+    issues_activity = []
+    
+    for i in range(6, -1, -1):
+        day = today - timedelta(days=i)
+        day_start = datetime.combine(day, datetime.min.time())
+        day_end = datetime.combine(day, datetime.max.time())
+        
+        reported_q = await db.execute(
+            select(func.count(Issue.id)).where(
+                Issue.created_at >= day_start,
+                Issue.created_at <= day_end
+            )
+        )
+        resolved_q = await db.execute(
+            select(func.count(Issue.id)).where(
+                Issue.resolved_at >= day_start,
+                Issue.resolved_at <= day_end
+            )
+        )
+        
+        issues_activity.append({
+            "name": day_names[day.weekday()],
+            "reported": reported_q.scalar() or 0,
+            "resolved": resolved_q.scalar() or 0
+        })
+    
+    return {
+        "departments": dept_count.scalar() or 0,
+        "members": member_count.scalar() or 0,
+        "total_issues": issue_count.scalar() or 0,
+        "pending_issues": pending_count.scalar() or 0,
+        "resolved_issues": resolved_count.scalar() or 0,
+        "verification_needed": verification_count.scalar() or 0,
+        "issues_by_category": issues_by_category,
+        "issues_activity": issues_activity,
+    }
+
+
+@router.get("/stats/heatmap")
+async def get_issue_heatmap(
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    """
+    Returns city-aggregated issue counts for heatmap visualization.
+    """
+    query = (
+        select(
+            Issue.city,
+            func.count(Issue.id).label("count"),
+            func.avg(Issue.priority).label("priority_avg")
+        )
+        .where(Issue.state.notin_(["closed", "resolved", "verified"]))
+        .where(Issue.city.isnot(None))
+        .group_by(Issue.city)
+        .order_by(func.count(Issue.id).desc())
+    )
+    result = await db.execute(query)
+    rows = result.all()
+    
+    heatmap_data = []
+    for city, count, priority_avg in rows:
+        heatmap_data.append({
+            "city": city or "Unknown",
+            "count": count,
+            "priority_avg": round(float(priority_avg or 3), 1)
+        })
+        
+    return heatmap_data
+
+
+@router.get("/stats/escalations", response_model=list[dict])
+async def get_escalation_alerts(
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    """
+    Returns a list of currently escalated issues with details.
+    """
+    query = (
+        select(Issue, Escalation)
+        .join(Escalation, Issue.id == Escalation.issue_id)
+        .where(Issue.state == "escalated")
+        .order_by(Escalation.created_at.desc())
+    )
+    result = await db.execute(query)
+    rows = result.all()
+    
+    alerts = []
+    for issue, esc in rows:
+        alerts.append({
+            "issue_id": issue.id,
+            "category": issue.classification.primary_category if issue.classification else "Unknown",
+            "priority": issue.priority,
+            "escalated_at": esc.created_at,
+            "level": esc.to_level,
+            "reason": esc.reason,
+            "city": issue.city,
+            "locality": issue.locality
+        })
+        
+
+class ManualReviewRequest(BaseModel):
+    status: str  
+    reason: Optional[str] = None
+
+
+
+class AdminIssueListItem(BaseModel):
+    id: UUID
+    description: Optional[str]
+    state: str
+    priority: Optional[int]
+    city: Optional[str]
+    created_at: datetime
+    updated_at: datetime
+    department: Optional[str]
+    assigned_to: Optional[str]
+    category: Optional[str]
+    sla_deadline: Optional[datetime]
+    thumbnail: Optional[str]
+
+    class Config:
+        from_attributes = True
+
+def issue_to_response(issue: Issue) -> IssueResponse:
+    image_urls = []
+    annotated_urls = []
+    for img in issue.images:
+        image_urls.append(get_upload_url(img.file_path))
+        if img.annotated_path:
+            annotated_urls.append(get_upload_url(img.annotated_path))
+    
+    proof_image_url = None
+    if issue.proof_image_path:
+        proof_image_url = get_upload_url(issue.proof_image_path)
+
+    return IssueResponse(
+        id=issue.id,
+        description=issue.description,
+        latitude=issue.latitude,
+        longitude=issue.longitude,
+        state=IssueState(issue.state),
+        priority=issue.priority,
+        category=issue.classification.primary_category if issue.classification else None,
+        confidence=issue.classification.primary_confidence if issue.classification else None,
+        image_urls=image_urls,
+        annotated_urls=annotated_urls,
+        proof_image_url=proof_image_url,
+        validation_source=issue.validation_source,
+        is_duplicate=issue.is_duplicate,
+        parent_issue_id=issue.parent_issue_id,
+        city=issue.city,
+        locality=issue.locality,
+        full_address=issue.full_address,
+        sla_hours=issue.sla_hours,
+        sla_deadline=issue.sla_deadline,
+        created_at=issue.created_at,
+        updated_at=issue.updated_at,
+    )
+
+@router.get("/issues", response_model=dict)
+async def list_admin_issues(
+    page: int = Query(1, ge=1),
+    limit: int = Query(20, ge=1, le=100),
+    status: Optional[str] = None,
+    priority: Optional[int] = None,
+    department_id: Optional[UUID] = None,
+    worker_id: Optional[UUID] = None,
+    search: Optional[str] = None,
+    sort_by: str = "created_at",
+    sort_order: str = "desc",
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    query = (
+        select(Issue)
+        .options(
+            selectinload(Issue.department),
+            selectinload(Issue.assigned_member),
+            selectinload(Issue.classification),
+            selectinload(Issue.images)
+        )
+    )
+    
+    
+    if status:
+        statuses = status.split(",")
+        query = query.where(Issue.state.in_(statuses))
+    
+    if priority is not None:
+        query = query.where(Issue.priority == priority)
+        
+    if department_id:
+        query = query.where(Issue.department_id == department_id)
+        
+    if worker_id:
+        query = query.where(Issue.assigned_member_id == worker_id)
+        
+    if search:
+        search_filter = or_(
+            Issue.description.ilike(f"%{search}%"),
+            Issue.city.ilike(f"%{search}%"),
+            Issue.locality.ilike(f"%{search}%"),
+            Issue.id.cast(String).ilike(f"%{search}%")
+        )
+        query = query.where(search_filter)
+
+    
+    sort_column = getattr(Issue, sort_by, Issue.created_at)
+    if sort_order == "asc":
+        query = query.order_by(asc(sort_column))
+    else:
+        query = query.order_by(desc(sort_column))
+        
+    
+    total_query = select(func.count()).select_from(query.subquery())
+    total_result = await db.execute(total_query)
+    total = total_result.scalar_one()
+    
+    query = query.offset((page - 1) * limit).limit(limit)
+    result = await db.execute(query)
+    issues = result.scalars().all()
+    
+    
+    
+    
+    items = []
+    for issue in issues:
+        thumb = None
+        if issue.images and len(issue.images) > 0:
+             thumb = get_upload_url(issue.images[0].file_path)
+
+        items.append(AdminIssueListItem(
+            id=issue.id,
+            description=issue.description,
+            state=issue.state,
+            priority=issue.priority,
+            city=issue.city,
+            created_at=issue.created_at,
+            updated_at=issue.updated_at,
+            department=issue.department.name if issue.department else None,
+            assigned_to=issue.assigned_member.name if issue.assigned_member else None,
+            category=issue.classification.primary_category if issue.classification else None,
+            sla_deadline=issue.sla_deadline,
+            thumbnail=thumb
+        ))
+        
+    return {
+        "items": items,
+        "total": total,
+        "page": page,
+        "limit": limit,
+        "pages": (total + limit - 1) // limit
+    }
+
+@router.get("/issues/{issue_id}/details")
+async def get_admin_issue_details(
+    issue_id: UUID,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    query = (
+        select(Issue)
+        .options(
+            selectinload(Issue.department),
+            selectinload(Issue.classification),
+            selectinload(Issue.images),
+            selectinload(Issue.events),
+            selectinload(Issue.duplicates)
+        )
+        .where(Issue.id == issue_id)
+    )
+    result = await db.execute(query)
+    issue = result.scalar_one_or_none()
+    
+    if not issue:
+        raise HTTPException(status_code=404, detail="Issue not found")
+        
+    
+    worker = None
+    if issue.assigned_member_id:
+        worker = await db.get(Member, issue.assigned_member_id)
+        
+    return {
+        "issue": issue_to_response(issue), 
+        "department": {
+            "id": issue.department.id, 
+            "name": issue.department.name
+        } if issue.department else None,
+        "worker": {
+            "id": worker.id,
+            "name": worker.name,
+            "email": worker.email,
+            "workload": worker.current_workload
+        } if worker else None,
+        "events": [
+            {
+                "id": e.id,
+                "type": e.event_type,
+                "agent": e.agent_name,
+                "data": e.event_data,
+                "created_at": e.created_at
+            } for e in sorted(issue.events, key=lambda x: x.created_at, reverse=True)
+        ],
+        "duplicates": [
+            {
+                "id": d.id,
+                "created_at": d.created_at,
+                "status": d.state
+            } for d in issue.duplicates
+        ]
+    }
+
+@router.get("/workers/performance")
+async def get_worker_performance(
+    department_id: Optional[UUID] = None,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_active_user),
+):
+    
+    q = select(Member).where(Member.role == "worker")
+    if department_id:
+        q = q.where(Member.department_id == department_id)
+        
+    res = await db.execute(q)
+    workers = res.scalars().all()
+    
+    performance_data = []
+    
+    for w in workers:
+        
+        
+        resolved_count = await db.execute(
+            select(func.count(Issue.id)).where(
+                Issue.assigned_member_id == w.id,
+                Issue.state.in_(["resolved", "closed"])
+            )
+        )
+        resolved = resolved_count.scalar() or 0
+        
+        
+        
+        
+        
+        performance_data.append({
+            "id": w.id,
+            "name": w.name,
+            "active": w.is_active,
+            "current_load": w.current_workload,
+            "max_load": w.max_workload,
+            "resolved_total": resolved,
+            "efficiency": round(resolved / (max(1, (datetime.utcnow() - w.created_at).days / 7)), 1) 
+        })
+        
+    return performance_data
+
+@router.patch("/issues/{issue_id}", response_model=IssueResponse)
+async def update_issue_details(
+    issue_id: UUID,
+    data: dict, 
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    issue = await db.get(Issue, issue_id)
+    if not issue:
+        raise HTTPException(status_code=404, detail="Issue not found")
+
+    if "priority" in data:
+        issue.priority = data["priority"]
+        
+    
+    if "assigned_member_id" in data:
+        new_worker_id = data["assigned_member_id"]
+        if new_worker_id:
+            worker = await db.get(Member, UUID(new_worker_id))
+            if not worker:
+                raise HTTPException(status_code=400, detail="Worker not found")
+            issue.assigned_member_id = worker.id
+            issue.state = "assigned" 
+            worker.current_workload += 1
+            
+            
+        else:
+             issue.assigned_member_id = None
+             
+    await db.commit()
+    await db.refresh(issue) 
+    
+    
+    
+    
+    return issue_to_response(issue)
+
+class ResolutionReviewRequest(BaseModel):
+    action: str  
+    comment: Optional[str] = None
+
+@router.post("/issues/{issue_id}/approve_resolution")
+async def approve_resolution(
+    issue_id: UUID,
+    data: ResolutionReviewRequest,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    issue = await db.get(Issue, issue_id)
+    if not issue:
+        raise HTTPException(status_code=404, detail="Issue not found")
+        
+    if issue.state != "pending_verification":
+        raise HTTPException(status_code=400, detail="Issue is not pending verification.")
+
+    if data.action == "approve":
+        issue.state = "resolved"
+        issue.completed_at = datetime.utcnow()
+        if data.comment:
+            issue.resolution_notes = (issue.resolution_notes or "") + f"\nAdmin Note: {data.comment}"
+        
+        
+        if issue.assigned_member_id:
+            worker = await db.get(Member, issue.assigned_member_id)
+            if worker and worker.current_workload > 0:
+                worker.current_workload -= 1
+        
+        await db.commit()
+        return {"message": "Issue resolution approved and marked as resolved."}
+
+    elif data.action == "reject":
+        issue.state = "in_progress"
+        
+        if data.comment:
+             issue.resolution_notes = (issue.resolution_notes or "") + f"\n[REJECTED]: {data.comment}"
+        
+        
+        
+        await db.commit()
+        return {"message": "Issue resolution rejected. Sent back to worker."}
+    
+    else:
+         raise HTTPException(status_code=400, detail="Invalid action.")
+
+@router.post("/issues/{issue_id}/review")
+async def review_issue(
+    issue_id: UUID,
+    data: ManualReviewRequest,
+    db: AsyncSession = Depends(get_db),
+    current_user: Member = Depends(get_current_admin),
+):
+    """
+    Manually review an issue.
+    - If REJECTED: Mark as rejected.
+    - If APPROVED: Mark as assigned and auto-assign to a worker.
+    """
+    issue = await db.get(Issue, issue_id)
+    if not issue:
+        raise HTTPException(status_code=404, detail="Issue not found")
+
+    if data.status == "rejected":
+        issue.state = "rejected"
+        issue.resolution_notes = data.reason or "Rejected during manual review."
+        await db.commit()
+        return {"message": "Issue rejected successfully"}
+
+    elif data.status == "approved":
+        
+        
+        
+        query = select(Member).where(Member.role == "worker", Member.is_active == True).order_by(Member.current_workload.asc())
+        
+        
+        if issue.department_id:
+            query = query.where(Member.department_id == issue.department_id)
+            
+        result = await db.execute(query)
+        Workers = result.scalars().all()
+        
+        selected_worker = None
+        
+        if not Workers:
+            
+            
+             issue.state = "verified" 
+             issue.resolution_notes = "Verified but no workers available for auto-assignment."
+        else:
+            selected_worker = Workers[0]
+            issue.assigned_member_id = selected_worker.id
+            issue.state = "assigned"
+            selected_worker.current_workload += 1
+            db.add(selected_worker)
+            
+        await db.commit()
+        
+        return {
+            "message": f"Issue approved. {'Assigned to ' + selected_worker.name if selected_worker else 'No worker available, queued as verified.'}",
+            "assigned_to": str(selected_worker.id) if selected_worker else None
+        }
+
+    else:
+        raise HTTPException(status_code=400, detail="Invalid status. Use 'approved' or 'rejected'.")