20d04fc370
* Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
44 lines
990 B
Go
44 lines
990 B
Go
package admin
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/config"
|
|
"code.nonshy.com/nonshy/website/pkg/models"
|
|
"code.nonshy.com/nonshy/website/pkg/templates"
|
|
)
|
|
|
|
// Admin transparency page that lists the scopes and permissions an admin account has for all to see.
|
|
func Transparency() http.HandlerFunc {
|
|
tmpl := templates.Must("admin/transparency.html")
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
var (
|
|
username = r.PathValue("username")
|
|
)
|
|
|
|
// Get this user.
|
|
user, err := models.FindUser(username)
|
|
if err != nil {
|
|
templates.NotFoundPage(w, r)
|
|
return
|
|
}
|
|
|
|
// Only for admin user accounts.
|
|
if !user.IsAdmin {
|
|
templates.NotFoundPage(w, r)
|
|
return
|
|
}
|
|
|
|
// Template variables.
|
|
var vars = map[string]interface{}{
|
|
"User": user,
|
|
"AdminScopes": config.ListAdminScopes(),
|
|
}
|
|
|
|
if err := tmpl.Execute(w, r, vars); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
})
|
|
}
|