nonshy/website
nonshy/website
1
0
Fork 0
Code Issues 20 Pull Requests 1 Packages Projects Releases Wiki Activity

Clean up admin permission checks around the site

Browse Source
This commit is contained in:
Noah Petherbridge 2024-05-27 13:02:05 -07:00
parent e71ca1fba3
commit 5db1c03fd9
9 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/controller/photo/edit_delete.go
View File

@ -50,7 +50,7 @@ func Edit() http.HandlerFunc {
// Do we have permission for this photo? // Do we have permission for this photo?
if photo.UserID != currentUser.ID { if photo.UserID != currentUser.ID {
if !currentUser.IsAdmin { if !currentUser.HasAdminScope(config.ScopePhotoModerator) {
templates.ForbiddenPage(w, r) templates.ForbiddenPage(w, r)
return return
} }
@ -222,7 +222,7 @@ func Delete() http.HandlerFunc {
// Do we have permission for this photo? // Do we have permission for this photo?
if photo.UserID != currentUser.ID { if photo.UserID != currentUser.ID {
if !currentUser.IsAdmin { if !currentUser.HasAdminScope(config.ScopePhotoModerator) {
templates.ForbiddenPage(w, r) templates.ForbiddenPage(w, r)
return return
} }

2
pkg/router/router.go
View File

@ -102,7 +102,7 @@ func New() http.Handler {
mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage())) mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage()))
mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit())) mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit()))
mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle())) mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle()))
mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired(config.ScopePhotoModerator, admin.MarkPhotoExplicit())) mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired("", admin.MarkPhotoExplicit()))
mux.Handle("GET /admin/changelog", middleware.AdminRequired(config.ScopeChangeLog, admin.ChangeLog())) mux.Handle("GET /admin/changelog", middleware.AdminRequired(config.ScopeChangeLog, admin.ChangeLog()))
// JSON API endpoints. // JSON API endpoints.

2
web/templates/account/friends.html
View File

@ -71,7 +71,7 @@
(page {{.Pager.Page}} of {{.Pager.Pages}}). (page {{.Pager.Page}} of {{.Pager.Pages}}).
<!-- Admin links --> <!-- Admin links -->
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "admin.changelog"}}
<a href="/admin/changelog?table_name=friends&about_user_id={{.User.ID}}" class="button is-small has-text-warning ml-2"> <a href="/admin/changelog?table_name=friends&about_user_id={{.User.ID}}" class="button is-small has-text-warning ml-2">
<span class="icon"><i class="fa fa-peace"></i></span> <span class="icon"><i class="fa fa-peace"></i></span>
<span>Change Log</span> <span>Change Log</span>

4
web/templates/account/profile.html
View File

@ -378,8 +378,8 @@
{{.User.GetDisplayAge}} {{.User.GetDisplayAge}}
<!-- Admin version always shows it --> <!-- Admin version always shows it -->
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "admin.user.insights"}}
<small class="has-text-danger"> <small class="has-text-danger" title="{{.User.Birthdate.Format "2006-01-02"}}">
{{if not .User.Birthdate.IsZero}} {{if not .User.Birthdate.IsZero}}
({{ComputeAge .User.Birthdate}}) ({{ComputeAge .User.Birthdate}})
{{else}} {{else}}

2
web/templates/account/remove_circle.html
View File

@ -42,7 +42,7 @@
{{InputCSRF}} {{InputCSRF}}
<input type="hidden" name="to" value="{{.User.Username}}"> <input type="hidden" name="to" value="{{.User.Username}}">
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "social.moderator.inner-circle"}}
<div class="content"> <div class="content">
<p> <p>
Do you want to <strong class="has-text-danger">remove</strong> {{.User.Username}} from Do you want to <strong class="has-text-danger">remove</strong> {{.User.Username}} from

2
web/templates/forum/index.html
View File

@ -11,7 +11,7 @@
<span>Forums</span> <span>Forums</span>
</h1> </h1>
</div> </div>
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "admin.forum.manage"}}
<div class="level-right"> <div class="level-right">
<div> <div>
<a href="/forum/admin" class="button is-small has-text-danger"> <a href="/forum/admin" class="button is-small has-text-danger">

4
web/templates/forum/thread.html
View File

@ -282,7 +282,7 @@
</div> </div>
{{end}} {{end}}
{{if or $Root.CurrentUser.IsAdmin (eq $Root.CurrentUser.ID .User.ID)}} {{if or ($Root.CurrentUser.HasAdminScope "social.moderator.forum") (eq $Root.CurrentUser.ID .User.ID)}}
<div class="column is-narrow"> <div class="column is-narrow">
<a href="/forum/post?to={{$Root.Forum.Fragment}}&thread={{$Root.Thread.ID}}&edit={{.ID}}" class="has-text-dark"> <a href="/forum/post?to={{$Root.Forum.Fragment}}&thread={{$Root.Thread.ID}}&edit={{.ID}}" class="has-text-dark">
<span class="icon"><i class="fa fa-edit"></i></span> <span class="icon"><i class="fa fa-edit"></i></span>
@ -308,7 +308,7 @@
</div> </div>
<!-- Admin: history --> <!-- Admin: history -->
{{if $Root.CurrentUser.IsAdmin}} {{if $Root.CurrentUser.HasAdminScope "admin.changelog"}}
<div class="column is-narrow"> <div class="column is-narrow">
<a href="/admin/changelog?table_name=comments&table_id={{.ID}}" class="has-text-warning"> <a href="/admin/changelog?table_name=comments&table_id={{.ID}}" class="has-text-warning">
<span class="icon"><i class="fa fa-clipboard-list"></i></span> <span class="icon"><i class="fa fa-clipboard-list"></i></span>

6
web/templates/photo/gallery.html
View File

@ -627,7 +627,7 @@
</div> </div>
<footer class="card-footer"> <footer class="card-footer">
{{if or $Root.IsOwnPhotos $Root.CurrentUser.IsAdmin}} {{if or $Root.IsOwnPhotos ($Root.CurrentUser.HasAdminScope "social.moderator.photo")}}
{{template "card-footer" .}} {{template "card-footer" .}}
{{end}} {{end}}
@ -753,7 +753,7 @@
</div> </div>
<footer class="card-footer"> <footer class="card-footer">
{{if or $Root.IsOwnPhotos $Root.CurrentUser.IsAdmin}} {{if or $Root.IsOwnPhotos ($Root.CurrentUser.HasAdminScope "social.moderator.photo")}}
{{template "card-footer" .}} {{template "card-footer" .}}
{{end}} {{end}}
@ -773,7 +773,7 @@
{{SimplePager .Pager}} {{SimplePager .Pager}}
<!-- Admin change log link --> <!-- Admin change log link -->
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "admin.changelog"}}
<div class="block"> <div class="block">
<a href="/admin/changelog?table_name=photos{{if .User}}&about_user_id={{.User.ID}}{{end}}" class="button is-small has-text-warning"> <a href="/admin/changelog?table_name=photos{{if .User}}&about_user_id={{.User.ID}}{{end}}" class="button is-small has-text-warning">
<span class="icon"><i class="fa fa-peace mr-1"></i></span> <span class="icon"><i class="fa fa-peace mr-1"></i></span>

4
web/templates/photo/permalink.html
View File

@ -145,7 +145,7 @@
<!-- Photo controls buttons (edit/delete/report) --> <!-- Photo controls buttons (edit/delete/report) -->
<div class="my-2 columns is-centered is-mobile is-gapless"> <div class="my-2 columns is-centered is-mobile is-gapless">
<!-- Owned photo: have edit/delete buttons too --> <!-- Owned photo: have edit/delete buttons too -->
{{if or .IsOwnPhoto .CurrentUser.IsAdmin}} {{if or .IsOwnPhoto (.CurrentUser.HasAdminScope "social.moderator.photo")}}
<div class="column is-narrow"> <div class="column is-narrow">
<a href="/photo/edit?id={{.Photo.ID}}" class="button is-small"> <a href="/photo/edit?id={{.Photo.ID}}" class="button is-small">
<span class="icon"><i class="fa fa-edit"></i></span> <span class="icon"><i class="fa fa-edit"></i></span>
@ -172,7 +172,7 @@
</div> </div>
<!-- Admin links --> <!-- Admin links -->
{{if .CurrentUser.IsAdmin}} {{if .CurrentUser.HasAdminScope "admin.changelog"}}
<div class="columns is-centered is-mobile is-gapless"> <div class="columns is-centered is-mobile is-gapless">
<div class="column is-narrow"> <div class="column is-narrow">
<a href="/admin/changelog?table_name=photos&table_id={{.Photo.ID}}" class="button is-small has-text-warning"> <a href="/admin/changelog?table_name=photos&table_id={{.Photo.ID}}" class="button is-small has-text-warning">