website/web/templates/admin/dashboard.html

{{define "title"}}Admin Dashboard{{end}}
{{define "content"}}
<div class="container">
    <section class="hero is-danger is-bold">
        <div class="hero-body">
            <div class="container">
                <h1 class="title">Admin Dashboard</h1>
            </div>
        </div>
    </section>

    <div class="block p-4">
        <div class="columns">

            <div class="column">
                <div class="card">
                    <header class="card-header has-background-warning">
                        <p class="card-header-title has-text-dark-dark">
                            <i class="fa fa-book mr-2"></i>
                            Admin Guidelines <span class="tag is-success ml-3">NEW!</span>
                        </p>
                    </header>

                    <div class="card-content content">
                        <h2>Respect the privacy of our users</h2>

                        <ul>
                            <li>
                                We do not snoop on our users' Direct Messages unless they <strong>report</strong> a conversation
                                for us to check out. The only way to access DMs is to <a href="#impersonate">impersonate</a> a
                                user, which can't be done in secret.
                            </li>
                            <li>
                                We treat the Certification Photos as sensitive information. Go there only when a certification
                                photo is pending approval (red notification badges will guide the way). Do not download or leak
                                these images; be respectful.
                            </li>
                        </ul>

                        <h2>What we moderate</h2>

                        Admin users are only expected to help moderate the following areas of the site:

                        <h3>1. User profile photos</h3>

                        <p>
                        Every picture uploaded to a user's profile page can be seen by admin users. The
                        <a href="/photo/gallery?admin_view=true">admin gallery view</a> can find <strong>all</strong>
                        user photos, whether private or friends-only, whether opted-in for the Site Gallery or not.
                        </p>

                        <p>
                        <strong>Be careful</strong> not to "Like" or comment on a picture if the user marked it
                        "Friends only" or "Private" and they wouldn't expect you to have been able to see it. "Like"
                        and "Comment" buttons are hidden in the admin gallery view to reduce accidents but they are
                        functional on the user's own gallery page.
                        </p>

                        <h3>2. The Forums</h3>

                        <p>
                        Keep up with the <a href="/forum/newest">newest</a> forum posts and generally make sure
                        people aren't fighting or uploading inappropriate photos to one of the few photo boards.
                        </p>

                        <h3>3. Reported DMs only</h3>

                        <p>
                        If a user reports a Direct Message conversation
                        they're having, a link to view that chat thread will be available from the report.
                        This will <a href="#impersonate">impersonate</a> the reporter and will be logged
                        - see "Impersonating users," below.
                        </p>

                        <p>
                        DMs are text-based only, so users won't be sending any image attachments that need
                        moderating and their privacy is to be respected. A user may report a problematic
                        conversation for us to take a look at.
                        </p>

                        <hr>

                        <h2 id="impersonate">Impersonating users</h2>

                        <p>
                        From a user's profile page you can "impersonate," or log in as them. You should almost
                        never need to do this, and only to diagnose a reported issue from their account or
                        something like that.
                        </p>

                        <p>
                        You will need to write a <strong>reason</strong> for impersonating a user. The event is
                        logged and will be e-mailed to the admin team along with your reason. The admin team is
                        alerted any time an Impersonate action is performed.
                        </p>

                        <p>
                        Note: when you impersonate, their "Last logged in at" time is not updated by your actions.
                        So if a user were last seen a month ago, they will still appear last seen a month ago.
                        But other interactions you make as their account (e.g. marking notifications read, reading
                        their unread DMs) will work and may be noticed.
                        </p>

                        <hr>

                        <p>

                        </p>

                    </div>
                </div>
            </div>

            <div class="column">
                <div class="card block">
                    <header class="card-header has-background-link">
                        <p class="card-header-title has-text-light">
                            <i class="fa fa-gavel mr-2"></i>
                            Admin Menu
                        </p>
                    </header>

                    <div class="card-content">
                        <ul class="menu-list">
                            <li>
                                <a href="/admin/photo/certification">
                                    <i class="fa fa-certificate mr-2"></i>
                                    Certification Photos
                                    {{if .NavCertificationPhotos}}<span class="tag is-danger ml-1">{{.NavCertificationPhotos}}</span>{{end}}
                                </a>
                            </li>
                            <li>
                                <a href="/admin/feedback">
                                    <i class="fa fa-message mr-2"></i>
                                    Feedback &amp; User Reports
                                    {{if .NavAdminFeedback}}<span class="tag is-danger ml-1">{{.NavAdminFeedback}}</span>{{end}}
                                </a>
                            </li>
                            <li>
                                <a href="/photo/gallery?admin_view=true">
                                    <i class="fa fa-image mr-2"></i>
                                    Gallery: Admin View
                                </a>
                            </li>
                            <li>
                                <a href="/admin/scopes">
                                    <i class="fa fa-gavel mr-2"></i>
                                    Admin Permissions Management
                                </a>
                            </li>
                        </ul>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
{{end}}
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name) 2022-08-14 21:40:57 +00:00			`{{define "title"}}Admin Dashboard{{end}}`
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos. 2022-08-13 22:39:31 +00:00			`{{define "content"}}`
			`<div class="container">`
			`<section class="hero is-danger is-bold">`
			`<div class="hero-body">`
			`<div class="container">`
			`<h1 class="title">Admin Dashboard</h1>`
			`</div>`
			`</div>`
			`</section>`

			`<div class="block p-4">`
			`<div class="columns">`
Add Admin Guidelines to dashboard * A reason must be entered to impersonate a user, and it triggers a Report and email notification to the admin. * User gallery pages will show at the top whether the user had granted you access to their private photos. 2022-12-25 07:00:59 +00:00
			`<div class="column">`
			`<div class="card">`
			`<header class="card-header has-background-warning">`
			`<p class="card-header-title has-text-dark-dark">`
			`<i class="fa fa-book mr-2"></i>`
			`Admin Guidelines <span class="tag is-success ml-3">NEW!</span>`
			`</p>`
			`</header>`

			`<div class="card-content content">`
			`<h2>Respect the privacy of our users</h2>`

			`<ul>`
			`<li>`
			`We do not snoop on our users' Direct Messages unless they <strong>report</strong> a conversation`
			`for us to check out. The only way to access DMs is to <a href="#impersonate">impersonate</a> a`
			`user, which can't be done in secret.`
			`</li>`
			`<li>`
			`We treat the Certification Photos as sensitive information. Go there only when a certification`
			`photo is pending approval (red notification badges will guide the way). Do not download or leak`
			`these images; be respectful.`
			`</li>`
			`</ul>`

			`<h2>What we moderate</h2>`

			`Admin users are only expected to help moderate the following areas of the site:`

			`<h3>1. User profile photos</h3>`

			`<p>`
			`Every picture uploaded to a user's profile page can be seen by admin users. The`
			`<a href="/photo/gallery?admin_view=true">admin gallery view</a> can find <strong>all</strong>`
			`user photos, whether private or friends-only, whether opted-in for the Site Gallery or not.`
			`</p>`

			`<p>`
			`<strong>Be careful</strong> not to "Like" or comment on a picture if the user marked it`
			`"Friends only" or "Private" and they wouldn't expect you to have been able to see it. "Like"`
			`and "Comment" buttons are hidden in the admin gallery view to reduce accidents but they are`
			`functional on the user's own gallery page.`
			`</p>`

			`<h3>2. The Forums</h3>`

			`<p>`
			`Keep up with the <a href="/forum/newest">newest</a> forum posts and generally make sure`
			`people aren't fighting or uploading inappropriate photos to one of the few photo boards.`
			`</p>`

			`<h3>3. Reported DMs only</h3>`

			`<p>`
			`If a user reports a Direct Message conversation`
			`they're having, a link to view that chat thread will be available from the report.`
			`This will <a href="#impersonate">impersonate</a> the reporter and will be logged`
			`- see "Impersonating users," below.`
			`</p>`

			`<p>`
			`DMs are text-based only, so users won't be sending any image attachments that need`
			`moderating and their privacy is to be respected. A user may report a problematic`
			`conversation for us to take a look at.`
			`</p>`

			`<hr>`

Minor fix 2022-12-25 07:07:00 +00:00			`<h2 id="impersonate">Impersonating users</h2>`
Add Admin Guidelines to dashboard * A reason must be entered to impersonate a user, and it triggers a Report and email notification to the admin. * User gallery pages will show at the top whether the user had granted you access to their private photos. 2022-12-25 07:00:59 +00:00
			`<p>`
			`From a user's profile page you can "impersonate," or log in as them. You should almost`
			`never need to do this, and only to diagnose a reported issue from their account or`
			`something like that.`
			`</p>`

			`<p>`
			`You will need to write a <strong>reason</strong> for impersonating a user. The event is`
			`logged and will be e-mailed to the admin team along with your reason. The admin team is`
			`alerted any time an Impersonate action is performed.`
			`</p>`

			`<p>`
			`Note: when you impersonate, their "Last logged in at" time is not updated by your actions.`
			`So if a user were last seen a month ago, they will still appear last seen a month ago.`
			`But other interactions you make as their account (e.g. marking notifications read, reading`
			`their unread DMs) will work and may be noticed.`
			`</p>`

			`<hr>`

			`<p>`

			`</p>`

			`</div>`
			`</div>`
			`</div>`

Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos. 2022-08-13 22:39:31 +00:00			`<div class="column">`
			`<div class="card block">`
			`<header class="card-header has-background-link">`
			`<p class="card-header-title has-text-light">`
Add Admin Guidelines to dashboard * A reason must be entered to impersonate a user, and it triggers a Report and email notification to the admin. * User gallery pages will show at the top whether the user had granted you access to their private photos. 2022-12-25 07:00:59 +00:00			`<i class="fa fa-gavel mr-2"></i>`
			`Admin Menu`
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos. 2022-08-13 22:39:31 +00:00			`</p>`
			`</header>`

			`<div class="card-content">`
			`<ul class="menu-list">`
			`<li>`
			`<a href="/admin/photo/certification">`
Add Admin Guidelines to dashboard * A reason must be entered to impersonate a user, and it triggers a Report and email notification to the admin. * User gallery pages will show at the top whether the user had granted you access to their private photos. 2022-12-25 07:00:59 +00:00			`<i class="fa fa-certificate mr-2"></i>`
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos. 2022-08-13 22:39:31 +00:00			`Certification Photos`
Admin Actions * Add impersonate feature * Add ban/unban user feature * Add promote/demote admin status feature * Add admin user deletion feature * Admin ability to see other status certification pics * Nav bar indicator of pending admin actions such as cert pics needing approval * Admin ability to search cert pics for specific user 2022-08-14 23:27:57 +00:00			`{{if .NavCertificationPhotos}}<span class="tag is-danger ml-1">{{.NavCertificationPhotos}}</span>{{end}}`
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos. 2022-08-13 22:39:31 +00:00			`</a>`
			`</li>`
Contact Us, Feedback, and Reporting * Add the Contact page where users can contact the site admins for feedback or to report a problematic user, photo or message. * Reports go into the admin Feedback table. * Admin nav bar indicates number of unread feedbacks. * Add "Report" button to profile pages, photo cards, and the top of Direct Message threads. Misc changes: * Send emails out asynchronously for more responsive page loads. 2022-08-21 21:05:08 +00:00			`<li>`
			`<a href="/admin/feedback">`
Add Admin Guidelines to dashboard * A reason must be entered to impersonate a user, and it triggers a Report and email notification to the admin. * User gallery pages will show at the top whether the user had granted you access to their private photos. 2022-12-25 07:00:59 +00:00			`<i class="fa fa-message mr-2"></i>`
Contact Us, Feedback, and Reporting * Add the Contact page where users can contact the site admins for feedback or to report a problematic user, photo or message. * Reports go into the admin Feedback table. * Admin nav bar indicates number of unread feedbacks. * Add "Report" button to profile pages, photo cards, and the top of Direct Message threads. Misc changes: * Send emails out asynchronously for more responsive page loads. 2022-08-21 21:05:08 +00:00			`Feedback & User Reports`
			`{{if .NavAdminFeedback}}<span class="tag is-danger ml-1">{{.NavAdminFeedback}}</span>{{end}}`
			`</a>`
			`</li>`
Add Admin Guidelines to dashboard * A reason must be entered to impersonate a user, and it triggers a Report and email notification to the admin. * User gallery pages will show at the top whether the user had granted you access to their private photos. 2022-12-25 07:00:59 +00:00			`<li>`
			`<a href="/photo/gallery?admin_view=true">`
			`<i class="fa fa-image mr-2"></i>`
			`Gallery: Admin View`
			`</a>`
			`</li>`
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle 2023-08-02 03:39:48 +00:00			`<li>`
			`<a href="/admin/scopes">`
			`<i class="fa fa-gavel mr-2"></i>`
			`Admin Permissions Management`
			`</a>`
			`</li>`
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos. 2022-08-13 22:39:31 +00:00			`</ul>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle 2023-08-02 03:39:48 +00:00			`{{end}}`