Skip to content

Instantly share code, notes, and snippets.

@carloswm85

carloswm85/admin-user-complete-lifecycle-flow.md

Created December 16, 2025 15:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save carloswm85/2bcaed74bdd14bec6fbe902fccd47e17 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save carloswm85/2bcaed74bdd14bec6fbe902fccd47e17 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
admin-user-complete-lifecycle-flow.md

Admin User Complete Lifecycle Flow

Sequence diagram showing the complete lifecycle of an admin user from login to logout, including all CRUD operations. This format is perfect for showing the temporal flow and interactions between components.

What the Diagram Shows:

πŸ”΅ Authentication Phase (Steps 1-6)

  • User enters credentials
  • System validates and creates claims (including "Admin" role)
  • Token/cookie is generated and sent to user

🟣 CREATE - POST (Steps 7-15)

  • User sends authenticated request to create a resource
  • Token is validated and claims are extracted
  • Authorization checks the "Admin" role
  • New product is created in database

🟒 READ - GET (Steps 16-23)

  • User retrieves the created resource
  • Same auth flow: token validation β†’ authorization check β†’ database query

🟠 UPDATE - PUT (Steps 24-32)

  • User modifies the resource
  • Shows policy-based authorization (more complex than role check)
  • Database is updated

πŸ”΄ DELETE - DELETE (Steps 33-40)

  • User removes the resource
  • Role-based authorization (Admin only)
  • Database record deleted

⚫ Logout Phase (Steps 41-46)

  • User initiates logout
  • Token/session is invalidated
  • Refresh tokens are revoked
  • User is redirected to login

Each phase is color-coded and clearly numbered, showing the exact sequence of operations, requests, responses, and authorization checks throughout the entire user session.

---
config:
 theme: dark
 look: handDrawn
---
sequenceDiagram
	autonumber
	actor Admin as πŸ‘€ Admin User
	participant Login as πŸ” Login Page
	participant Auth as 🎫 Authentication Service
	participant Token as πŸͺ™ Token/Cookie Handler
	participant API as 🌐 API/Controller
	participant AuthZ as βœ… Authorization Middleware
	participant DB as πŸ’Ύ Database
	participant Logout as πŸšͺ Logout Handler

	rect rgb(30, 64, 175)
	Note over Admin,Token: πŸ”΅ AUTHENTICATION PHASE: Login
	Admin->>Login: 1. Enter credentials<br/>(username + password)
	Login->>Auth: 2. Validate credentials
	Auth->>DB: 3. Query user + claims
	DB-->>Auth: 4. User found<br/>Claims: {role: "Admin", email: "[email protected]"}
	Auth->>Token: 5. Generate JWT/Cookie
	Token-->>Admin: 6. Set authentication token<br/>(HttpOnly cookie or Bearer token)
	Note over Admin: βœ“ User authenticated<br/>Identity established
	end

	rect rgb(192, 38, 211)
	Note over Admin,DB: 🟣 CREATE OPERATION
	Admin->>API: 7. POST /api/products<br/>Authorization: Bearer {token}
	API->>Token: 8. Validate token
	Token-->>API: 9. Token valid<br/>Extract ClaimsPrincipal
	API->>AuthZ: 10. Check authorization<br/>[Authorize(Roles="Admin")]
	AuthZ->>AuthZ: 11. Verify "Admin" claim exists
	AuthZ-->>API: 12. βœ… Authorized
	API->>DB: 13. INSERT INTO products
	DB-->>API: 14. Product created (ID: 42)
	API-->>Admin: 15. 201 Created<br/>{id: 42, name: "Widget"}
	end

	rect rgb(5, 150, 105)
	Note over Admin,DB: 🟒 READ OPERATION
	Admin->>API: 16. GET /api/products/42<br/>Authorization: Bearer {token}
	API->>Token: 17. Validate token
	Token-->>API: 18. Token valid
	API->>AuthZ: 19. Check authorization
	AuthZ-->>API: 20. βœ… Authorized
	API->>DB: 21. SELECT * FROM products WHERE id=42
	DB-->>API: 22. Product data
	API-->>Admin: 23. 200 OK<br/>{id: 42, name: "Widget", price: 99.99}
	end

	rect rgb(234, 88, 12)
	Note over Admin,DB: 🟠 UPDATE OPERATION
	Admin->>API: 24. PUT /api/products/42<br/>Authorization: Bearer {token}
	API->>Token: 25. Validate token
	Token-->>API: 26. Token valid
	API->>AuthZ: 27. Check authorization<br/>[Authorize(Policy="CanEditProducts")]
	AuthZ->>AuthZ: 28. Evaluate policy requirements
	AuthZ-->>API: 29. βœ… Authorized
	API->>DB: 30. UPDATE products SET... WHERE id=42
	DB-->>API: 31. Product updated
	API-->>Admin: 32. 200 OK<br/>{id: 42, name: "Super Widget"}
	end

	rect rgb(220, 38, 38)
	Note over Admin,DB: πŸ”΄ DELETE OPERATION
	Admin->>API: 33. DELETE /api/products/42<br/>Authorization: Bearer {token}
	API->>Token: 34. Validate token
	Token-->>API: 35. Token valid
	API->>AuthZ: 36. Check authorization<br/>[Authorize(Roles="Admin")]
	AuthZ-->>API: 37. βœ… Authorized
	API->>DB: 38. DELETE FROM products WHERE id=42
	DB-->>API: 39. Product deleted
	API-->>Admin: 40. 204 No Content
	end

	rect rgb(71, 85, 105)
	Note over Admin,Logout: ⚫ LOGOUT PHASE
	Admin->>Logout: 41. Click logout button
	Logout->>Token: 42. Invalidate token/session
	Token->>DB: 43. Revoke refresh token (if applicable)
	Token-->>Logout: 44. Token invalidated
	Logout->>Admin: 45. Clear cookies/local storage
	Logout-->>Admin: 46. Redirect to login page
	Note over Admin: βœ“ User logged out<br/>Session terminated
	end
Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment