From ed008a99e679c756a243efa0fb7785a2faa84ccd Mon Sep 17 00:00:00 2001
From: Noah Petherbridge <root@kirsle.net>
Date: Sat, 11 May 2024 14:10:59 -0700
Subject: [PATCH] Admin: don't search for banned users without the scope

An admin must have the admin.user.ban scope in order to search for
banned or disabled users in the member directory.
---
 pkg/models/user.go                | 2 +-
 web/templates/account/search.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/models/user.go b/pkg/models/user.go
index 4491eae..fc0d2bf 100644
--- a/pkg/models/user.go
+++ b/pkg/models/user.go
@@ -366,7 +366,7 @@ func SearchUsers(user *User, search *UserSearch, pager *Pagination) ([]*User, er
 
 	// Only admin user can show disabled/banned users.
 	var statuses = []string{}
-	if user.IsAdmin {
+	if user.HasAdminScope(config.ScopeUserBan) {
 		if search.IsBanned {
 			statuses = append(statuses, UserStatusBanned)
 		}
diff --git a/web/templates/account/search.html b/web/templates/account/search.html
index 245409f..661bf26 100644
--- a/web/templates/account/search.html
+++ b/web/templates/account/search.html
@@ -101,7 +101,7 @@
                                             {{end}}
                                             <option value="admin"{{if eq $Root.Certified "admin"}} selected{{end}}>Website administrators</option>
                                         </optgroup>
-                                        {{if .CurrentUser.IsAdmin}}
+                                        {{if .CurrentUser.HasAdminScope "admin.user.ban"}}
                                         <optgroup label="Admin Options">
                                             <option value="banned"{{if eq $Root.Certified "banned"}} selected{{end}}>☮ Banned</option>
                                             <option value="disabled"{{if eq $Root.Certified "disabled"}} selected{{end}}>☮ Disabled</option>