From 5db1c03fd957a522751648da631d4648645c2132 Mon Sep 17 00:00:00 2001 From: Noah Petherbridge Date: Mon, 27 May 2024 13:02:05 -0700 Subject: [PATCH] Clean up admin permission checks around the site --- pkg/controller/photo/edit_delete.go | 4 ++-- pkg/router/router.go | 2 +- web/templates/account/friends.html | 2 +- web/templates/account/profile.html | 4 ++-- web/templates/account/remove_circle.html | 2 +- web/templates/forum/index.html | 2 +- web/templates/forum/thread.html | 4 ++-- web/templates/photo/gallery.html | 6 +++--- web/templates/photo/permalink.html | 4 ++-- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/pkg/controller/photo/edit_delete.go b/pkg/controller/photo/edit_delete.go index f44a56a..1f1affe 100644 --- a/pkg/controller/photo/edit_delete.go +++ b/pkg/controller/photo/edit_delete.go @@ -50,7 +50,7 @@ func Edit() http.HandlerFunc { // Do we have permission for this photo? if photo.UserID != currentUser.ID { - if !currentUser.IsAdmin { + if !currentUser.HasAdminScope(config.ScopePhotoModerator) { templates.ForbiddenPage(w, r) return } @@ -222,7 +222,7 @@ func Delete() http.HandlerFunc { // Do we have permission for this photo? if photo.UserID != currentUser.ID { - if !currentUser.IsAdmin { + if !currentUser.HasAdminScope(config.ScopePhotoModerator) { templates.ForbiddenPage(w, r) return } diff --git a/pkg/router/router.go b/pkg/router/router.go index ab91332..e15ed65 100644 --- a/pkg/router/router.go +++ b/pkg/router/router.go @@ -102,7 +102,7 @@ func New() http.Handler { mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage())) mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit())) mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle())) - mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired(config.ScopePhotoModerator, admin.MarkPhotoExplicit())) + mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired("", admin.MarkPhotoExplicit())) mux.Handle("GET /admin/changelog", middleware.AdminRequired(config.ScopeChangeLog, admin.ChangeLog())) // JSON API endpoints. diff --git a/web/templates/account/friends.html b/web/templates/account/friends.html index b098acb..629020d 100644 --- a/web/templates/account/friends.html +++ b/web/templates/account/friends.html @@ -71,7 +71,7 @@ (page {{.Pager.Page}} of {{.Pager.Pages}}). - {{if .CurrentUser.IsAdmin}} + {{if .CurrentUser.HasAdminScope "admin.changelog"}} Change Log diff --git a/web/templates/account/profile.html b/web/templates/account/profile.html index 25895fa..9ca6fa9 100644 --- a/web/templates/account/profile.html +++ b/web/templates/account/profile.html @@ -378,8 +378,8 @@ {{.User.GetDisplayAge}} - {{if .CurrentUser.IsAdmin}} - + {{if .CurrentUser.HasAdminScope "admin.user.insights"}} + {{if not .User.Birthdate.IsZero}} ({{ComputeAge .User.Birthdate}}) {{else}} diff --git a/web/templates/account/remove_circle.html b/web/templates/account/remove_circle.html index 06cd548..5f1aeda 100644 --- a/web/templates/account/remove_circle.html +++ b/web/templates/account/remove_circle.html @@ -42,7 +42,7 @@ {{InputCSRF}} - {{if .CurrentUser.IsAdmin}} + {{if .CurrentUser.HasAdminScope "social.moderator.inner-circle"}}

Do you want to remove {{.User.Username}} from diff --git a/web/templates/forum/index.html b/web/templates/forum/index.html index fc747bc..7b0d4e3 100644 --- a/web/templates/forum/index.html +++ b/web/templates/forum/index.html @@ -11,7 +11,7 @@ Forums

- {{if .CurrentUser.IsAdmin}} + {{if .CurrentUser.HasAdminScope "admin.forum.manage"}}