nonshy/website
nonshy/website
1
0
Fork 0
Code Issues 18 Pull Requests 1 Packages Projects Releases Wiki Activity
276eddfd8e
website/pkg/config/admin_scopes.go

113 lines
5.1 KiB
Go
Raw Normal View History

Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
package config
// All available admin scopes
const (
// Social moderation over the chat and forums.
// - Chat: have operator controls in the chat room
// - Forum: ability to edit and delete user posts
// - Photo: omniscient view of all gallery photos, can edit/delete photos
Delete the inner circle
2024-08-10 18:54:37 +00:00
ScopeChatModerator = "social.moderator.chat"
ScopeForumModerator = "social.moderator.forum"
ScopePhotoModerator = "social.moderator.photo"
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
// Certification photo management
// - Approve: ability to respond to pending certification pics
// - List: paginate thru all approved or rejected photos
// - View: inspect specific user photos
ScopeCertificationApprove = "certification.approve"
ScopeCertificationList = "certification.list"
ScopeCertificationView = "certification.view"
// Website administration
// - Forum: ability to manage available forums
// - Scopes: ability to manage admin groups & scopes
Maintenance Mode + Blockable Admin Scope
2023-08-17 05:09:04 +00:00
// - Maintenance mode
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
ScopeForumAdmin = "admin.forum.manage"
ScopeAdminScopeAdmin = "admin.scope.manage"
Maintenance Mode + Blockable Admin Scope
2023-08-17 05:09:04 +00:00
ScopeMaintenance = "admin.maintenance"
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
// User account admin
// - Impersonate: ability to log in as a user account
// - Ban: ability to ban/unban users
// - Delete: ability to delete user accounts
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
2024-06-15 22:05:50 +00:00
ScopeUserCreate = "admin.user.create"
Admin insights block lists page
2023-12-05 03:57:14 +00:00
ScopeUserInsight = "admin.user.insights"
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
ScopeUserImpersonate = "admin.user.impersonate"
ScopeUserBan = "admin.user.ban"
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
2024-06-15 22:05:50 +00:00
ScopeUserPassword = "admin.user.password"
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
ScopeUserDelete = "admin.user.delete"
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
ScopeUserPromote = "admin.user.promote"
// Other admin views
ScopeFeedbackAndReports = "admin.feedback"
ScopeChangeLog = "admin.changelog"
ScopeUserNotes = "admin.user.notes"
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
Maintenance Mode + Blockable Admin Scope
2023-08-17 05:09:04 +00:00
// Admins with this scope can not be blocked by users.
ScopeUnblockable = "admin.unblockable"
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
// The global wildcard scope gets all available permissions.
ScopeSuperuser = "*"
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
)
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
// Friendly description for each scope.
var AdminScopeDescriptions = map[string]string{
ScopeChatModerator: "Have operator controls in the chat room (can mark cameras as explicit, or kick/ban people from chat).",
ScopeForumModerator: "Ability to moderate the forum (edit or delete posts).",
ScopePhotoModerator: "Ability to moderate photo galleries (can see all private or friends-only photos, and edit or delete them).",
ScopeCertificationApprove: "Ability to see pending certification pictures and approve or reject them.",
ScopeCertificationList: "Ability to see existing certification pictures that have already been approved or rejected.",
ScopeCertificationView: "Ability to see and double check a specific user's certification picture on demand.",
ScopeForumAdmin: "Ability to manage forums themselves (add or remove forums, edit their properties).",
ScopeAdminScopeAdmin: "Ability to manage admin permissions for other admin accounts.",
ScopeMaintenance: "Ability to activate maintenance mode functions of the website (turn features on or off, disable signups or logins, etc.)",
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
2024-06-15 22:05:50 +00:00
ScopeUserCreate: "Ability to manually create a new user account, bypassing the signup page.",
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
ScopeUserInsight: "Ability to see admin insights about a user profile (e.g. their block lists and who blocks them).",
ScopeUserImpersonate: "Ability to log in as any user account (note: this action is logged and notifies all admins when it happens. Admins must write a reason and it is used to diagnose customer support issues, help with their certification picture, or investigate a reported Direct Message conversation they had).",
ScopeUserBan: "Ability to ban or unban user accounts.",
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
2024-06-15 22:05:50 +00:00
ScopeUserPassword: "Ability to reset a user's password on their behalf.",
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
ScopeUserDelete: "Ability to fully delete user accounts on their behalf.",
ScopeUserPromote: "Ability to add or remove the admin status flag on a user profile.",
ScopeFeedbackAndReports: "Ability to see admin reports and user feedback.",
ScopeChangeLog: "Ability to see website change logs (e.g. history of a certification photo, gallery photo settings, etc.)",
ScopeUserNotes: "Ability to see all notes written about a user, or to see all notes written by admins.",
ScopeUnblockable: "This admin can not be added to user block lists.",
ScopeSuperuser: "This admin has access to ALL admin features on the website.",
}
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
// Number of expected scopes for unit test and validation.
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
const QuantityAdminScopes = 20
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
// The specially named Superusers group.
const AdminGroupSuperusers = "Superusers"
// ListAdminScopes returns the listing of all available admin scopes.
func ListAdminScopes() []string {
return []string{
ScopeChatModerator,
ScopeForumModerator,
ScopePhotoModerator,
ScopeCertificationApprove,
ScopeCertificationList,
ScopeCertificationView,
ScopeForumAdmin,
ScopeAdminScopeAdmin,
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
ScopeMaintenance,
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
2024-06-15 22:05:50 +00:00
ScopeUserCreate,
Admin insights block lists page
2023-12-05 03:57:14 +00:00
ScopeUserInsight,
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
ScopeUserImpersonate,
ScopeUserBan,
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
2024-06-15 22:05:50 +00:00
ScopeUserPassword,
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
ScopeUserDelete,
ScopeUserPromote,
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
ScopeFeedbackAndReports,
ScopeChangeLog,
ScopeUserNotes,
Maintenance Mode + Blockable Admin Scope
2023-08-17 05:09:04 +00:00
ScopeUnblockable,
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
}
}
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
func AdminScopeDescription(scope string) string {
return AdminScopeDescriptions[scope]
}
Reference in New Issue Copy Permalink