package config // All available admin scopes const ( // Social moderation over the chat and forums. // - Chat: have operator controls in the chat room // - Forum: ability to edit and delete user posts // - Photo: omniscient view of all gallery photos, can edit/delete photos // - Inner circle: ability to remove users from it ScopeChatModerator = "social.moderator.chat" ScopeForumModerator = "social.moderator.forum" ScopePhotoModerator = "social.moderator.photo" ScopeCircleModerator = "social.moderator.inner-circle" // Certification photo management // - Approve: ability to respond to pending certification pics // - List: paginate thru all approved or rejected photos // - View: inspect specific user photos ScopeCertificationApprove = "certification.approve" ScopeCertificationList = "certification.list" ScopeCertificationView = "certification.view" // Website administration // - Forum: ability to manage available forums // - Scopes: ability to manage admin groups & scopes // - Maintenance mode ScopeForumAdmin = "admin.forum.manage" ScopeAdminScopeAdmin = "admin.scope.manage" ScopeMaintenance = "admin.maintenance" // User account admin // - Impersonate: ability to log in as a user account // - Ban: ability to ban/unban users // - Delete: ability to delete user accounts ScopeUserCreate = "admin.user.create" ScopeUserInsight = "admin.user.insights" ScopeUserImpersonate = "admin.user.impersonate" ScopeUserBan = "admin.user.ban" ScopeUserPassword = "admin.user.password" ScopeUserDelete = "admin.user.delete" ScopeUserPromote = "admin.user.promote" // Other admin views ScopeFeedbackAndReports = "admin.feedback" ScopeChangeLog = "admin.changelog" ScopeUserNotes = "admin.user.notes" // Admins with this scope can not be blocked by users. ScopeUnblockable = "admin.unblockable" // Special scope to mark an admin automagically in the Inner Circle ScopeIsInnerCircle = "admin.override.inner-circle" // The global wildcard scope gets all available permissions. ScopeSuperuser = "*" ) // Friendly description for each scope. var AdminScopeDescriptions = map[string]string{ ScopeChatModerator: "Have operator controls in the chat room (can mark cameras as explicit, or kick/ban people from chat).", ScopeForumModerator: "Ability to moderate the forum (edit or delete posts).", ScopePhotoModerator: "Ability to moderate photo galleries (can see all private or friends-only photos, and edit or delete them).", ScopeCircleModerator: "Ability to remove members from the inner circle.", ScopeCertificationApprove: "Ability to see pending certification pictures and approve or reject them.", ScopeCertificationList: "Ability to see existing certification pictures that have already been approved or rejected.", ScopeCertificationView: "Ability to see and double check a specific user's certification picture on demand.", ScopeForumAdmin: "Ability to manage forums themselves (add or remove forums, edit their properties).", ScopeAdminScopeAdmin: "Ability to manage admin permissions for other admin accounts.", ScopeMaintenance: "Ability to activate maintenance mode functions of the website (turn features on or off, disable signups or logins, etc.)", ScopeUserCreate: "Ability to manually create a new user account, bypassing the signup page.", ScopeUserInsight: "Ability to see admin insights about a user profile (e.g. their block lists and who blocks them).", ScopeUserImpersonate: "Ability to log in as any user account (note: this action is logged and notifies all admins when it happens. Admins must write a reason and it is used to diagnose customer support issues, help with their certification picture, or investigate a reported Direct Message conversation they had).", ScopeUserBan: "Ability to ban or unban user accounts.", ScopeUserPassword: "Ability to reset a user's password on their behalf.", ScopeUserDelete: "Ability to fully delete user accounts on their behalf.", ScopeUserPromote: "Ability to add or remove the admin status flag on a user profile.", ScopeFeedbackAndReports: "Ability to see admin reports and user feedback.", ScopeChangeLog: "Ability to see website change logs (e.g. history of a certification photo, gallery photo settings, etc.)", ScopeUserNotes: "Ability to see all notes written about a user, or to see all notes written by admins.", ScopeUnblockable: "This admin can not be added to user block lists.", ScopeIsInnerCircle: "This admin is automatically part of the inner circle.", ScopeSuperuser: "This admin has access to ALL admin features on the website.", } // Number of expected scopes for unit test and validation. const QuantityAdminScopes = 20 // The specially named Superusers group. const AdminGroupSuperusers = "Superusers" // ListAdminScopes returns the listing of all available admin scopes. func ListAdminScopes() []string { return []string{ ScopeChatModerator, ScopeForumModerator, ScopePhotoModerator, ScopeCircleModerator, ScopeCertificationApprove, ScopeCertificationList, ScopeCertificationView, ScopeForumAdmin, ScopeAdminScopeAdmin, ScopeMaintenance, ScopeUserCreate, ScopeUserInsight, ScopeUserImpersonate, ScopeUserBan, ScopeUserPassword, ScopeUserDelete, ScopeUserPromote, ScopeFeedbackAndReports, ScopeChangeLog, ScopeUserNotes, ScopeUnblockable, ScopeIsInnerCircle, } } func AdminScopeDescription(scope string) string { return AdminScopeDescriptions[scope] }