Clean up admin permission checks around the site
This commit is contained in:
Noah Petherbridge
parent
e71ca1fba3
commit
5db1c03fd9
|
|
@ -50,7 +50,7 @@ func Edit() http.HandlerFunc {
|
|||
|
||||
// Do we have permission for this photo?
|
||||
if photo.UserID != currentUser.ID {
|
||||
if !currentUser.IsAdmin {
|
||||
if !currentUser.HasAdminScope(config.ScopePhotoModerator) {
|
||||
templates.ForbiddenPage(w, r)
|
||||
return
|
||||
}
|
||||
|
|
@ -222,7 +222,7 @@ func Delete() http.HandlerFunc {
|
|||
|
||||
// Do we have permission for this photo?
|
||||
if photo.UserID != currentUser.ID {
|
||||
if !currentUser.IsAdmin {
|
||||
if !currentUser.HasAdminScope(config.ScopePhotoModerator) {
|
||||
templates.ForbiddenPage(w, r)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ func New() http.Handler {
|
|||
mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage()))
|
||||
mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit()))
|
||||
mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle()))
|
||||
mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired(config.ScopePhotoModerator, admin.MarkPhotoExplicit()))
|
||||
mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired("", admin.MarkPhotoExplicit()))
|
||||
mux.Handle("GET /admin/changelog", middleware.AdminRequired(config.ScopeChangeLog, admin.ChangeLog()))
|
||||
|
||||
// JSON API endpoints.
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@
|
|||
(page {{.Pager.Page}} of {{.Pager.Pages}}).
|
||||
|
||||
<!-- Admin links -->
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
{{if .CurrentUser.HasAdminScope "admin.changelog"}}
|
||||
<a href="/admin/changelog?table_name=friends&about_user_id={{.User.ID}}" class="button is-small has-text-warning ml-2">
|
||||
<span class="icon"><i class="fa fa-peace"></i></span>
|
||||
<span>Change Log</span>
|
||||
|
|
|
|||
|
|
@ -378,8 +378,8 @@
|
|||
{{.User.GetDisplayAge}}
|
||||
|
||||
<!-- Admin version always shows it -->
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
<small class="has-text-danger">
|
||||
{{if .CurrentUser.HasAdminScope "admin.user.insights"}}
|
||||
<small class="has-text-danger" title="{{.User.Birthdate.Format "2006-01-02"}}">
|
||||
{{if not .User.Birthdate.IsZero}}
|
||||
({{ComputeAge .User.Birthdate}})
|
||||
{{else}}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@
|
|||
{{InputCSRF}}
|
||||
<input type="hidden" name="to" value="{{.User.Username}}">
|
||||
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
{{if .CurrentUser.HasAdminScope "social.moderator.inner-circle"}}
|
||||
<div class="content">
|
||||
<p>
|
||||
Do you want to <strong class="has-text-danger">remove</strong> {{.User.Username}} from
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
<span>Forums</span>
|
||||
</h1>
|
||||
</div>
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
{{if .CurrentUser.HasAdminScope "admin.forum.manage"}}
|
||||
<div class="level-right">
|
||||
<div>
|
||||
<a href="/forum/admin" class="button is-small has-text-danger">
|
||||
|
|
|
|||
|
|
@ -282,7 +282,7 @@
|
|||
</div>
|
||||
{{end}}
|
||||
|
||||
{{if or $Root.CurrentUser.IsAdmin (eq $Root.CurrentUser.ID .User.ID)}}
|
||||
{{if or ($Root.CurrentUser.HasAdminScope "social.moderator.forum") (eq $Root.CurrentUser.ID .User.ID)}}
|
||||
<div class="column is-narrow">
|
||||
<a href="/forum/post?to={{$Root.Forum.Fragment}}&thread={{$Root.Thread.ID}}&edit={{.ID}}" class="has-text-dark">
|
||||
<span class="icon"><i class="fa fa-edit"></i></span>
|
||||
|
|
@ -308,7 +308,7 @@
|
|||
</div>
|
||||
|
||||
<!-- Admin: history -->
|
||||
{{if $Root.CurrentUser.IsAdmin}}
|
||||
{{if $Root.CurrentUser.HasAdminScope "admin.changelog"}}
|
||||
<div class="column is-narrow">
|
||||
<a href="/admin/changelog?table_name=comments&table_id={{.ID}}" class="has-text-warning">
|
||||
<span class="icon"><i class="fa fa-clipboard-list"></i></span>
|
||||
|
|
|
|||
|
|
@ -627,7 +627,7 @@
|
|||
</div>
|
||||
|
||||
<footer class="card-footer">
|
||||
{{if or $Root.IsOwnPhotos $Root.CurrentUser.IsAdmin}}
|
||||
{{if or $Root.IsOwnPhotos ($Root.CurrentUser.HasAdminScope "social.moderator.photo")}}
|
||||
{{template "card-footer" .}}
|
||||
{{end}}
|
||||
|
||||
|
|
@ -753,7 +753,7 @@
|
|||
</div>
|
||||
|
||||
<footer class="card-footer">
|
||||
{{if or $Root.IsOwnPhotos $Root.CurrentUser.IsAdmin}}
|
||||
{{if or $Root.IsOwnPhotos ($Root.CurrentUser.HasAdminScope "social.moderator.photo")}}
|
||||
{{template "card-footer" .}}
|
||||
{{end}}
|
||||
|
||||
|
|
@ -773,7 +773,7 @@
|
|||
{{SimplePager .Pager}}
|
||||
|
||||
<!-- Admin change log link -->
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
{{if .CurrentUser.HasAdminScope "admin.changelog"}}
|
||||
<div class="block">
|
||||
<a href="/admin/changelog?table_name=photos{{if .User}}&about_user_id={{.User.ID}}{{end}}" class="button is-small has-text-warning">
|
||||
<span class="icon"><i class="fa fa-peace mr-1"></i></span>
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@
|
|||
<!-- Photo controls buttons (edit/delete/report) -->
|
||||
<div class="my-2 columns is-centered is-mobile is-gapless">
|
||||
<!-- Owned photo: have edit/delete buttons too -->
|
||||
{{if or .IsOwnPhoto .CurrentUser.IsAdmin}}
|
||||
{{if or .IsOwnPhoto (.CurrentUser.HasAdminScope "social.moderator.photo")}}
|
||||
<div class="column is-narrow">
|
||||
<a href="/photo/edit?id={{.Photo.ID}}" class="button is-small">
|
||||
<span class="icon"><i class="fa fa-edit"></i></span>
|
||||
|
|
@ -172,7 +172,7 @@
|
|||
</div>
|
||||
|
||||
<!-- Admin links -->
|
||||
{{if .CurrentUser.IsAdmin}}
|
||||
{{if .CurrentUser.HasAdminScope "admin.changelog"}}
|
||||
<div class="columns is-centered is-mobile is-gapless">
|
||||
<div class="column is-narrow">
|
||||
<a href="/admin/changelog?table_name=photos&table_id={{.Photo.ID}}" class="button is-small has-text-warning">
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user