Create admin.py

routes/admin.py

@@ -0,0 +1,56 @@
+# routes/admin.py
+from flask import Blueprint, request, jsonify
+from db import db
+from bson.objectid import ObjectId
+from utils.auth import token_required, admin_required
+
+admin_bp = Blueprint("admin", __name__)
+
+@admin_bp.route("/stats", methods=["GET"])
+@token_required
+@admin_required
+def stats():
+    total_feedback = db.feedback.count_documents({})
+    total_students = db.users.count_documents({"role":"student"})
+    # average rating per course
+    pipeline = [
+        {"$group": {"_id": "$course_id", "avgRating": {"$avg": "$rating"}, "count": {"$sum":1}}}
+    ]
+    agg = list(db.feedback.aggregate(pipeline))
+    return jsonify({
+        "total_feedback": total_feedback,
+        "total_students": total_students,
+        "ratings_by_course": agg
+    })
+
+@admin_bp.route("/students", methods=["GET"])
+@token_required
+@admin_required
+def list_students():
+    docs = list(db.users.find({"role":"student"}))
+    out = []
+    for d in docs:
+        d["_id"] = str(d["_id"])
+        d.pop("password", None)
+        out.append(d)
+    return jsonify(out)
+
+@admin_bp.route("/students/<uid>/block", methods=["PUT"])
+@token_required
+@admin_required
+def block_user(uid):
+    action = request.args.get("action","block")
+    if action=="unblock":
+        db.users.update_one({"_id": ObjectId(uid)}, {"$set":{"blocked": False}})
+        return jsonify({"message":"Unblocked"})
+    else:
+        db.users.update_one({"_id": ObjectId(uid)}, {"$set":{"blocked": True}})
+        return jsonify({"message":"Blocked"})
+
+@admin_bp.route("/students/<uid>", methods=["DELETE"])
+@token_required
+@admin_required
+def delete_user(uid):
+    db.users.delete_one({"_id": ObjectId(uid)})
+    db.feedback.delete_many({"student_id": uid})
+    return jsonify({"message":"User + feedbacks deleted"})