Fix: Prevent owner account deletion - Issue #1182

[kushall49]

Description

Fixes #1182 - Prevents deletion of owner accounts to avoid system lockout

Changes Made

• ✅ Frontend Protection: Disabled delete button for owner role with tooltip message
• ✅ Backend Validation: Added 403 Forbidden response when attempting to delete owner accounts
• ✅ Admin Management Page: Created full CRUD interface for admin user management
• ✅ Security Hardening: Added ObjectId validation to prevent NoSQL injection
• ✅ Navigation: Added Admin menu item and routing

Technical Implementation

Backend (adminController)

• Custom delete method validates MongoDB ObjectId format
• Checks if admin exists and retrieves their role
• Returns 403 status if role is "owner"
• Proceeds with soft delete for non-owner accounts

Frontend (DataTable)

• Dynamic getMenuItems() function checks entity type and record role
• Disables delete menu item for admin entity with owner role
• Shows tooltip: "Owner accounts cannot be deleted"

Testing

• ✅ Security scan passed (Snyk - 0 vulnerabilities)
• ✅ Backend server running on port 8888
• ✅ Frontend server running on port 3001
• ✅ No breaking changes to existing CRUD operations

Files Changed

• backend/src/controllers/coreControllers/adminController/index.js
• backend/src/routes/coreRoutes/coreApi.js
• frontend/src/components/DataTable/DataTable.jsx
• frontend/src/pages/Admin/index.jsx
• frontend/src/router/routes.jsx
• frontend/src/apps/Navigation/NavigationContainer.jsx
• frontend/src/locale/translation/en_us.js

Screenshots