feat: Implement admin role validation and enhance user management scripts

backend/api/admin_api.py

@@ -18,8 +18,7 @@ admin_api = Blueprint('admin_api', __name__)
 
 def admin_required(f):
     """
-    Decorator to require admin authentication for endpoints.
-    For now, this is a placeholder - you should implement proper admin role checking.
+    Decorator to require admin role for endpoints.
     """
     @wraps(f)
     def decorated_function(*args, **kwargs):
@@ -43,12 +42,14 @@ def admin_required(f):
             if not user_dict:
                 return jsonify({'error': 'User not found', 'code': 'USER_NOT_FOUND'}), 404
             
-            # TODO: Check if user has admin role
-            # For now, all authenticated users can access admin endpoints
-            # In production, you should check user.role == 'admin' or similar
+            user = User.from_dict(user_dict)
+            
+            # Check if user has admin role
+            if user.role != 'admin':
+                return jsonify({'error': 'Admin access required', 'code': 'ADMIN_REQUIRED'}), 403
             
             # Pass user to the endpoint
-            request.current_user = User.from_dict(user_dict)
+            request.current_user = user
             
         except jwt.ExpiredSignatureError:
             return jsonify({'error': 'Token expired', 'code': 'TOKEN_EXPIRED'}), 401