# Admin System Gap Analysis Report *Generated: 2026-03-21 12:14:33* ## 📊 Executive Summary - **Total hardcoded business values found:** 149 - **API modules analyzed:** 22 - **Modules missing admin endpoints:** 20 ## 🔍 Hardcoded Business Values These values should be moved to `system_parameters` table for dynamic configuration. | File | Line | Variable | Value | Context | |------|------|----------|-------|---------| | `seed_discovery.py` | 8 | `url` | `"https://opendata.rdw.nl/resource/m9d7-ebf2.json?$s..."` | `url = "https://opendata.rdw.nl/resource/m9d7-ebf2.json?$select=distinct%20merk&$limit=50000"` | | `create_sandbox_user.py` | 28 | `API_BASE` | `"http://localhost:8000..."` | `API_BASE = "http://localhost:8000"` | | `create_sandbox_user.py` | 29 | `MAILPIT_API` | `"http://sf_mailpit:8025/api/v1/messages..."` | `MAILPIT_API = "http://sf_mailpit:8025/api/v1/messages"` | | `create_sandbox_user.py` | 30 | `MAILPIT_DELETE_ALL` | `"http://sf_mailpit:8025/api/v1/messages..."` | `MAILPIT_DELETE_ALL = "http://sf_mailpit:8025/api/v1/messages"` | | `create_sandbox_user.py` | 35 | `SANDBOX_PASSWORD` | `"Sandbox123!..."` | `SANDBOX_PASSWORD = "Sandbox123!"` | | `create_sandbox_user.py` | 138 | `max_attempts` | `5` | `max_attempts = 5` | | `create_sandbox_user.py` | 139 | `wait_seconds` | `3` | `wait_seconds = 3` | | `app/test_billing_engine.py` | 32 | `base_amount` | `100.0` | `base_amount = 100.0` | | `app/test_billing_engine.py` | 133 | `file_path` | `"backend/app/services/billing_engine.py..."` | `file_path = "backend/app/services/billing_engine.py"` | | `app/api/v1/endpoints/providers.py` | 11 | `user_id` | `2` | `user_id = 2` | | `app/api/v1/endpoints/services.py` | 68 | `new_level` | `80` | `new_level = 80` | | `app/api/v1/endpoints/social.py` | 15 | `user_id` | `2` | `user_id = 2` | | `app/models/core_logic.py` | 17 | `__tablename__` | `"subscription_tiers..."` | `__tablename__ = "subscription_tiers"` | | `app/models/core_logic.py` | 29 | `__tablename__` | `"org_subscriptions..."` | `__tablename__ = "org_subscriptions"` | | `app/models/core_logic.py` | 48 | `__tablename__` | `"credit_logs..."` | `__tablename__ = "credit_logs"` | | `app/models/core_logic.py` | 64 | `__tablename__` | `"service_specialties..."` | `__tablename__ = "service_specialties"` | | `app/models/reference_data.py` | 7 | `__tablename__` | `"reference_lookup..."` | `__tablename__ = "reference_lookup"` | | `app/models/identity/identity.py` | 25 | `region_admin` | `"region_admin..."` | `region_admin = "region_admin"` | | `app/models/identity/identity.py` | 26 | `country_admin` | `"country_admin..."` | `country_admin = "country_admin"` | | `app/models/identity/identity.py` | 28 | `sales_agent` | `"sales_agent..."` | `sales_agent = "sales_agent"` | | `app/models/identity/identity.py` | 30 | `service_owner` | `"service_owner..."` | `service_owner = "service_owner"` | | `app/models/identity/identity.py` | 31 | `fleet_manager` | `"fleet_manager..."` | `fleet_manager = "fleet_manager"` | | `app/models/identity/identity.py` | 204 | `__tablename__` | `"verification_tokens..."` | `__tablename__ = "verification_tokens"` | | `app/models/identity/identity.py` | 217 | `__tablename__` | `"social_accounts..."` | `__tablename__ = "social_accounts"` | | `app/models/identity/identity.py` | 235 | `__tablename__` | `"active_vouchers..."` | `__tablename__ = "active_vouchers"` | | `app/models/identity/identity.py` | 249 | `__tablename__` | `"user_trust_profiles..."` | `__tablename__ = "user_trust_profiles"` | | `app/models/identity/address.py` | 14 | `__tablename__` | `"geo_postal_codes..."` | `__tablename__ = "geo_postal_codes"` | | `app/models/identity/address.py` | 24 | `__tablename__` | `"geo_streets..."` | `__tablename__ = "geo_streets"` | | `app/models/identity/address.py` | 33 | `__tablename__` | `"geo_street_types..."` | `__tablename__ = "geo_street_types"` | | `app/models/identity/social.py` | 24 | `__tablename__` | `"service_providers..."` | `__tablename__ = "service_providers"` | | `app/models/identity/social.py` | 61 | `__tablename__` | `"competitions..."` | `__tablename__ = "competitions"` | | `app/models/identity/social.py` | 73 | `__tablename__` | `"user_scores..."` | `__tablename__ = "user_scores"` | | `app/models/identity/social.py` | 91 | `__tablename__` | `"service_reviews..."` | `__tablename__ = "service_reviews"` | | `app/models/identity/security.py` | 24 | `__tablename__` | `"pending_actions..."` | `__tablename__ = "pending_actions"` | | `app/models/vehicle/vehicle.py` | 24 | `__tablename__` | `"cost_categories..."` | `__tablename__ = "cost_categories"` | | `app/models/vehicle/vehicle.py` | 114 | `__tablename__` | `"vehicle_odometer_states..."` | `__tablename__ = "vehicle_odometer_states"` | | `app/models/vehicle/vehicle.py` | 145 | `__tablename__` | `"vehicle_user_ratings..."` | `__tablename__ = "vehicle_user_ratings"` | | `app/models/vehicle/vehicle.py` | 196 | `__tablename__` | `"gb_catalog_discovery..."` | `__tablename__ = "gb_catalog_discovery"` | | `app/models/vehicle/vehicle_definitions.py` | 19 | `__tablename__` | `"vehicle_types..."` | `__tablename__ = "vehicle_types"` | | `app/models/vehicle/vehicle_definitions.py` | 35 | `__tablename__` | `"feature_definitions..."` | `__tablename__ = "feature_definitions"` | | `app/models/vehicle/vehicle_definitions.py` | 53 | `__tablename__` | `"vehicle_model_definitions..."` | `__tablename__ = "vehicle_model_definitions"` | | `app/models/vehicle/vehicle_definitions.py` | 147 | `__tablename__` | `"model_feature_maps..."` | `__tablename__ = "model_feature_maps"` | | `app/models/vehicle/external_reference.py` | 7 | `__tablename__` | `"external_reference_library..."` | `__tablename__ = "external_reference_library"` | | `app/models/vehicle/external_reference_queue.py` | 7 | `__tablename__` | `"auto_data_crawler_queue..."` | `__tablename__ = "auto_data_crawler_queue"` | | `app/models/vehicle/asset.py` | 14 | `__tablename__` | `"vehicle_catalog..."` | `__tablename__ = "vehicle_catalog"` | | `app/models/vehicle/asset.py` | 91 | `__tablename__` | `"asset_financials..."` | `__tablename__ = "asset_financials"` | | `app/models/vehicle/asset.py` | 107 | `__tablename__` | `"asset_costs..."` | `__tablename__ = "asset_costs"` | | `app/models/vehicle/asset.py` | 125 | `__tablename__` | `"vehicle_logbook..."` | `__tablename__ = "vehicle_logbook"` | | `app/models/vehicle/asset.py` | 154 | `__tablename__` | `"asset_inspections..."` | `__tablename__ = "asset_inspections"` | | `app/models/vehicle/asset.py` | 169 | `__tablename__` | `"asset_reviews..."` | `__tablename__ = "asset_reviews"` | *... and 99 more findings* ## 🏗️ Admin Endpoints Analysis ### Modules with Admin Prefix *No modules have `/admin` prefix* ### Modules with Admin Routes (but no prefix) *No mixed admin routes found* ## ⚠️ Critical Gaps: Missing Admin Endpoints These core business modules lack dedicated admin endpoints: - **users** - No `/admin` prefix and no admin routes - **vehicles** - No `/admin` prefix and no admin routes - **services** - No `/admin` prefix and no admin routes - **assets** - No `/admin` prefix and no admin routes - **organizations** - No `/admin` prefix and no admin routes - **billing** - No `/admin` prefix and no admin routes - **gamification** - No `/admin` prefix and no admin routes - **analytics** - No `/admin` prefix and no admin routes - **security** - No `/admin` prefix and no admin routes - **documents** - No `/admin` prefix and no admin routes - **evidence** - No `/admin` prefix and no admin routes - **expenses** - No `/admin` prefix and no admin routes - **finance_admin** - No `/admin` prefix and no admin routes - **notifications** - No `/admin` prefix and no admin routes - **reports** - No `/admin` prefix and no admin routes - **catalog** - No `/admin` prefix and no admin routes - **providers** - No `/admin` prefix and no admin routes - **search** - No `/admin` prefix and no admin routes - **social** - No `/admin` prefix and no admin routes - **system_parameters** - No `/admin` prefix and no admin routes ### Recommended Actions: 1. Create `/admin` prefixed routers for each missing module 2. Implement CRUD endpoints for administrative operations 3. Add audit logging and permission checks ## 🚀 Recommendations ### Phase 1: Hardcode Elimination 1. Create `system_parameters` migration if not exists 2. Move identified hardcoded values to database 3. Implement `ConfigService` for dynamic value retrieval ### Phase 2: Admin Endpoint Expansion 1. Prioritize modules with highest business impact: - `users` (user management) - `billing` (financial oversight) - `security` (access control) 2. Follow consistent pattern: `/admin/{module}/...` 3. Implement RBAC with `admin` and `superadmin` roles ### Phase 3: Monitoring & Audit 1. Add admin action logging to `SecurityAuditLog` 2. Implement admin dashboard with real-time metrics 3. Create automated health checks for admin endpoints ## 🔧 Technical Details ### Scan Parameters - Project root: `/app` - Files scanned: Python files in `/app` - Business patterns: 25 - Trivial values excluded: None, False, 0, '', "", True, 1, [], {}