20d04fc370
* Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
116 lines
5.3 KiB
Go
116 lines
5.3 KiB
Go
package config
|
|
|
|
// All available admin scopes
|
|
const (
|
|
// Social moderation over the chat and forums.
|
|
// - Chat: have operator controls in the chat room
|
|
// - Forum: ability to edit and delete user posts
|
|
// - Photo: omniscient view of all gallery photos, can edit/delete photos
|
|
// - Inner circle: ability to remove users from it
|
|
ScopeChatModerator = "social.moderator.chat"
|
|
ScopeForumModerator = "social.moderator.forum"
|
|
ScopePhotoModerator = "social.moderator.photo"
|
|
ScopeCircleModerator = "social.moderator.inner-circle"
|
|
|
|
// Certification photo management
|
|
// - Approve: ability to respond to pending certification pics
|
|
// - List: paginate thru all approved or rejected photos
|
|
// - View: inspect specific user photos
|
|
ScopeCertificationApprove = "certification.approve"
|
|
ScopeCertificationList = "certification.list"
|
|
ScopeCertificationView = "certification.view"
|
|
|
|
// Website administration
|
|
// - Forum: ability to manage available forums
|
|
// - Scopes: ability to manage admin groups & scopes
|
|
// - Maintenance mode
|
|
ScopeForumAdmin = "admin.forum.manage"
|
|
ScopeAdminScopeAdmin = "admin.scope.manage"
|
|
ScopeMaintenance = "admin.maintenance"
|
|
|
|
// User account admin
|
|
// - Impersonate: ability to log in as a user account
|
|
// - Ban: ability to ban/unban users
|
|
// - Delete: ability to delete user accounts
|
|
ScopeUserInsight = "admin.user.insights"
|
|
ScopeUserImpersonate = "admin.user.impersonate"
|
|
ScopeUserBan = "admin.user.ban"
|
|
ScopeUserDelete = "admin.user.delete"
|
|
ScopeUserPromote = "admin.user.promote"
|
|
|
|
// Other admin views
|
|
ScopeFeedbackAndReports = "admin.feedback"
|
|
ScopeChangeLog = "admin.changelog"
|
|
ScopeUserNotes = "admin.user.notes"
|
|
|
|
// Admins with this scope can not be blocked by users.
|
|
ScopeUnblockable = "admin.unblockable"
|
|
|
|
// Special scope to mark an admin automagically in the Inner Circle
|
|
ScopeIsInnerCircle = "admin.override.inner-circle"
|
|
|
|
// The global wildcard scope gets all available permissions.
|
|
ScopeSuperuser = "*"
|
|
)
|
|
|
|
// Friendly description for each scope.
|
|
var AdminScopeDescriptions = map[string]string{
|
|
ScopeChatModerator: "Have operator controls in the chat room (can mark cameras as explicit, or kick/ban people from chat).",
|
|
ScopeForumModerator: "Ability to moderate the forum (edit or delete posts).",
|
|
ScopePhotoModerator: "Ability to moderate photo galleries (can see all private or friends-only photos, and edit or delete them).",
|
|
ScopeCircleModerator: "Ability to remove members from the inner circle.",
|
|
ScopeCertificationApprove: "Ability to see pending certification pictures and approve or reject them.",
|
|
ScopeCertificationList: "Ability to see existing certification pictures that have already been approved or rejected.",
|
|
ScopeCertificationView: "Ability to see and double check a specific user's certification picture on demand.",
|
|
ScopeForumAdmin: "Ability to manage forums themselves (add or remove forums, edit their properties).",
|
|
ScopeAdminScopeAdmin: "Ability to manage admin permissions for other admin accounts.",
|
|
ScopeMaintenance: "Ability to activate maintenance mode functions of the website (turn features on or off, disable signups or logins, etc.)",
|
|
ScopeUserInsight: "Ability to see admin insights about a user profile (e.g. their block lists and who blocks them).",
|
|
ScopeUserImpersonate: "Ability to log in as any user account (note: this action is logged and notifies all admins when it happens. Admins must write a reason and it is used to diagnose customer support issues, help with their certification picture, or investigate a reported Direct Message conversation they had).",
|
|
ScopeUserBan: "Ability to ban or unban user accounts.",
|
|
ScopeUserDelete: "Ability to fully delete user accounts on their behalf.",
|
|
ScopeUserPromote: "Ability to add or remove the admin status flag on a user profile.",
|
|
ScopeFeedbackAndReports: "Ability to see admin reports and user feedback.",
|
|
ScopeChangeLog: "Ability to see website change logs (e.g. history of a certification photo, gallery photo settings, etc.)",
|
|
ScopeUserNotes: "Ability to see all notes written about a user, or to see all notes written by admins.",
|
|
ScopeUnblockable: "This admin can not be added to user block lists.",
|
|
ScopeIsInnerCircle: "This admin is automatically part of the inner circle.",
|
|
ScopeSuperuser: "This admin has access to ALL admin features on the website.",
|
|
}
|
|
|
|
// Number of expected scopes for unit test and validation.
|
|
const QuantityAdminScopes = 20
|
|
|
|
// The specially named Superusers group.
|
|
const AdminGroupSuperusers = "Superusers"
|
|
|
|
// ListAdminScopes returns the listing of all available admin scopes.
|
|
func ListAdminScopes() []string {
|
|
return []string{
|
|
ScopeChatModerator,
|
|
ScopeForumModerator,
|
|
ScopePhotoModerator,
|
|
ScopeCircleModerator,
|
|
ScopeCertificationApprove,
|
|
ScopeCertificationList,
|
|
ScopeCertificationView,
|
|
ScopeForumAdmin,
|
|
ScopeAdminScopeAdmin,
|
|
ScopeMaintenance,
|
|
ScopeUserInsight,
|
|
ScopeUserImpersonate,
|
|
ScopeUserBan,
|
|
ScopeUserDelete,
|
|
ScopeUserPromote,
|
|
ScopeFeedbackAndReports,
|
|
ScopeChangeLog,
|
|
ScopeUserNotes,
|
|
ScopeUnblockable,
|
|
ScopeIsInnerCircle,
|
|
}
|
|
}
|
|
|
|
func AdminScopeDescription(scope string) string {
|
|
return AdminScopeDescriptions[scope]
|
|
}
|