20d04fc370
* Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
167 lines
7.4 KiB
HTML
167 lines
7.4 KiB
HTML
{{define "title"}}Admin Transparency for: {{.User.Username}}{{end}}
|
|
{{define "content"}}
|
|
<div class="container">
|
|
<section class="hero is-info is-bold">
|
|
<div class="hero-body">
|
|
<div class="container">
|
|
<h1 class="title">
|
|
<i class="fa fa-peace mr-1"></i> Admin Transparency
|
|
</h1>
|
|
<h2 class="subtitle">Scopes & permissions available to: {{.User.Username}}</h2>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
|
|
{{$Root := .}}
|
|
|
|
<div class="block content p-4">
|
|
<p>
|
|
This web page provides transparency for the website administrators and what their specific
|
|
responsibilities and capabilities are.
|
|
</p>
|
|
|
|
<p>
|
|
Administrators on {{PrettyTitle}} do not automatically have access to "god mode" powers to
|
|
use every admin feature across the entire website. Instead, admin accounts are assigned to
|
|
specific limited roles with related, narrowly scoped, permissions related to that role.
|
|
For example: an admin who only moderates the chat room will <strong>not</strong> have access
|
|
to see certification pictures or your private gallery pictures.
|
|
</p>
|
|
|
|
<p>
|
|
This enables {{PrettyTitle}} to recruit help from volunteer moderators to help with very
|
|
specific tasks (such as chat room or forum moderation) while keeping their permissions locked
|
|
down so they can't access other sensitive areas of the admin website.
|
|
</p>
|
|
</div>
|
|
|
|
<div class="block">
|
|
|
|
<div class="columns is-centered">
|
|
<div class="column is-half">
|
|
|
|
<div class="card mb-6" style="width: 100%; max-width: 800px">
|
|
<header class="card-header has-background-link">
|
|
<p class="card-header-title has-text-light">
|
|
<i class="fa fa-user-group mr-2"></i> Admin Permission Groups
|
|
</p>
|
|
</header>
|
|
<div class="card-content">
|
|
|
|
<div class="media block">
|
|
<div class="media-left">
|
|
{{template "avatar-64x64" .User}}
|
|
</div>
|
|
<div class="media-content">
|
|
<p class="title is-4">{{.User.NameOrUsername}}</p>
|
|
<p class="subtitle is-6">
|
|
<span class="icon"><i class="fa fa-user"></i></span>
|
|
<a href="/u/{{.User.Username}}">{{.User.Username}}</a>
|
|
<span class="tag is-danger is-light ml-2">
|
|
<i class="fa fa-peace mr-1"></i> Admin
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="content">
|
|
|
|
<p>
|
|
Admin accounts on {{PrettyTitle}} are assigned permissions based on the "groups"
|
|
they are in: each group relates to a specific role (such as chat moderator) and
|
|
grants the specific website permissions related to that role.
|
|
</p>
|
|
|
|
<p>
|
|
<strong>@{{.User.Username}}</strong> is a member of <strong>{{len .User.AdminGroups}} admin group{{Pluralize (len .User.AdminGroups)}}:</strong>
|
|
</p>
|
|
|
|
{{if eq (len .User.AdminGroups) 0}}
|
|
<div class="notification is-info is-light">
|
|
They are not assigned to any admin groups and so they have no special permissions aside
|
|
from the 'Admin' badge appearing on their profile page.
|
|
</div>
|
|
{{end}}
|
|
|
|
{{range .User.AdminGroups}}
|
|
<hr>
|
|
<h4 class="has-text-success">{{.Name}}</h4>
|
|
|
|
<p>
|
|
Permission scopes:
|
|
</p>
|
|
|
|
<dl>
|
|
{{range .Scopes}}
|
|
<dt>
|
|
<strong>
|
|
{{.Scope}}
|
|
{{if eq .Scope "*"}}
|
|
<small><em>(wildcard scope that grants all permissions)</em></small>
|
|
{{end}}
|
|
</strong>
|
|
</dt>
|
|
<dd>{{AdminScopeDescription .Scope}}</dd>
|
|
{{end}}
|
|
</dl>
|
|
{{end}}
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div class="card" style="width: 100%; max-width: 800px">
|
|
<header class="card-header has-background-link">
|
|
<p class="card-header-title has-text-light">
|
|
<i class="fa fa-clipboard-list mr-2"></i> All Possible Admin Permissions
|
|
</p>
|
|
</header>
|
|
<div class="card-content">
|
|
|
|
<div class="content">
|
|
|
|
<p>
|
|
For context to the above, the following is the complete and exhaustive list of
|
|
{{PrettyTitle}} admin capabilities that could be granted to an admin account.
|
|
</p>
|
|
|
|
<p>
|
|
Permissions that this admin has will be highlighted in
|
|
<strong class="has-text-success"><i class="fa fa-check mr-1"></i> green</strong>,
|
|
and permissions they <em>do not</em> have will be in
|
|
<strong class="has-text-danger"><i class="fa fa-xmark mr-1"></i> red</strong>.
|
|
</p>
|
|
|
|
<hr>
|
|
|
|
<dl>
|
|
{{range .AdminScopes}}
|
|
<dt>
|
|
{{if $Root.User.HasAdminScope .}}
|
|
<strong class="has-text-success">
|
|
<span class="icon"><i class="fa fa-check mr-1"></i></span>
|
|
<span>{{.}}</span>
|
|
</strong>
|
|
{{else}}
|
|
<strong class="has-text-danger">
|
|
<span class="icon"><i class="fa fa-xmark mr-1"></i></span>
|
|
<span>{{.}}</span>
|
|
</strong>
|
|
{{end}}
|
|
</dt>
|
|
<dd>{{AdminScopeDescription .}}</dd>
|
|
{{end}}
|
|
</dl>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
{{end}} |