System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-19 19:55:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

admin perms check (#760)

Browse source
This commit is contained in:
Echo 2026-01-03 08:34:57 -05:00 committed by GitHub
parent a109cb9bef
commit ae7d9c73fb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 297 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
app/controllers/admin/admin_users_controller.rb Normal file
View file

@ -0,0 +1,45 @@
class Admin::AdminUsersController < Admin::BaseController
before_action :require_superadmin!
def index
@superadmins = User.where(admin_level: :superadmin).order(:slack_username)
@admins = User.where(admin_level: :admin).order(:slack_username)
@viewers = User.where(admin_level: :viewer).order(:slack_username)
end
def update
@user = User.find(params[:id])
new_level = params[:admin_level]
if @user == current_user
redirect_to admin_admin_users_path, alert: "you cannot change your own admin level"
return
end
if @user.set_admin_level(new_level)
redirect_to admin_admin_users_path, notice: "#{@user.display_name}'s admin level updated to #{new_level}."
else
redirect_to admin_admin_users_path, alert: "failed to update admin level."
end
end
def search
query = params[:q].to_s.strip
@users = if query.present?
User.where("slack_username ILIKE :q OR username ILIKE :q OR slack_uid ILIKE :q", q: "%#{query}%")
.limit(20)
else
User.none
end
render partial: "search_results", locals: { users: @users }
end
private
def require_superadmin!
unless current_user&.admin_level_superadmin?
redirect_to root_path, alert: "no perms lmaoo"
end
end
end

39
app/views/admin/admin_users/_search_results.html.erb Normal file
View file

@ -0,0 +1,39 @@
<% if users.any? %>
<div class="bg-darker rounded-lg border border-gray-700 divide-y divide-gray-700">
<% users.each do |user| %>
<div class="flex items-center justify-between p-3 hover:bg-gray-800/50">
<div class="flex items-center gap-3">
<img src="<%= user.avatar_url %>" alt="Avatar" class="w-8 h-8 rounded-full">
<div>
<span class="text-white font-medium"><%= user.display_name %></span>
<% if user.admin_level != "default" %>
<span class="ml-2 px-2 py-0.5 text-xs rounded-full
<%= case user.admin_level
when 'superadmin' then 'bg-red-600/20 text-red-400'
when 'admin' then 'bg-yellow-600/20 text-yellow-400'
when 'viewer' then 'bg-blue-600/20 text-blue-400'
else 'bg-gray-600/20 text-gray-400'
end %>">
<%= user.admin_level %>
</span>
<% end %>
<div class="text-gray-500 text-sm"><%= user.slack_uid || "No Slack ID" %></div>
</div>
</div>
<div class="flex gap-2">
<%= button_to "→ Superadmin", admin_admin_user_path(user, admin_level: "superadmin"),
method: :patch,
class: "px-3 py-1 bg-red-600 hover:bg-red-500 text-white text-sm font-medium rounded transition-colors cursor-pointer" %>
<%= button_to "→ Admin", admin_admin_user_path(user, admin_level: "admin"),
method: :patch,
class: "px-3 py-1 bg-yellow-600 hover:bg-yellow-500 text-white text-sm font-medium rounded transition-colors cursor-pointer" %>
<%= button_to "→ Viewer", admin_admin_user_path(user, admin_level: "viewer"),
method: :patch,
class: "px-3 py-1 bg-blue-600 hover:bg-blue-500 text-white text-sm font-medium rounded transition-colors cursor-pointer" %>
</div>
</div>
<% end %>
</div>
<% else %>
<p class="text-gray-500 text-center py-4">nuthin found</p>
<% end %>

200
app/views/admin/admin_users/index.html.erb Normal file
View file

@ -0,0 +1,200 @@
<div class="max-w-6xl mx-auto p-6 space-y-6">
<header class="text-center mb-8">
<h1 class="text-4xl font-bold text-white mb-2">Admin Management</h1>
<p class="text-gray-400">Who can access the admin panel?</p>
</header>
<div class="border border-primary rounded-xl p-6 bg-dark">
<h2 class="text-2xl font-semibold text-green-400 mb-4">Promote</h2>
<div class="mb-4">
<input type="text"
id="user-search"
placeholder="Search by name or Slack ID..."
class="w-full px-4 py-2 bg-darker border border-gray-700 rounded-lg text-white placeholder-gray-500 focus:outline-none focus:border-primary"
data-controller="admin-user-search"
data-action="input->admin-user-search#search">
</div>
<div id="search-results" class="space-y-2"></div>
</div>
<div class="border border-primary rounded-xl p-6 bg-dark">
<h2 class="text-2xl font-semibold text-red-400 mb-4">Superadmins (<%= @superadmins.count %>)</h2>
<% if @superadmins.any? %>
<div class="overflow-x-auto">
<table class="w-full text-left">
<thead>
<tr class="border-b border-gray-700">
<th class="py-3 px-4">User</th>
<th class="py-3 px-4">Slack ID</th>
<th class="py-3 px-4">Actions</th>
</tr>
</thead>
<tbody>
<% @superadmins.each do |user| %>
<tr class="border-b border-gray-800 hover:bg-gray-800/50">
<td class="py-3 px-4">
<div class="flex items-center gap-2">
<img src="<%= user.avatar_url %>" alt="Avatar" class="w-8 h-8 rounded-full">
<span class="text-white"><%= user.display_name %></span>
<% if user == current_user %>
<span class="px-2 py-0.5 text-xs rounded-full bg-blue-600/20 text-blue-400">(you)</span>
<% end %>
</div>
</td>
<td class="py-3 px-4 text-gray-300"><%= user.slack_uid || "N/A" %></td>
<td class="py-3 px-4">
<% if user != current_user %>
<div class="flex gap-2">
<%= button_to "→ Admin", admin_admin_user_path(user, admin_level: "admin"),
method: :patch,
class: "px-3 py-1 bg-yellow-600 hover:bg-yellow-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Demote #{user.display_name} to Admin?" } %>
<%= button_to "→ Viewer", admin_admin_user_path(user, admin_level: "viewer"),
method: :patch,
class: "px-3 py-1 bg-blue-600 hover:bg-blue-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Demote #{user.display_name} to Viewer?" } %>
<%= button_to "→ Default", admin_admin_user_path(user, admin_level: "default"),
method: :patch,
class: "px-3 py-1 bg-gray-600 hover:bg-gray-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Remove #{user.display_name}'s admin privileges?" } %>
</div>
<% else %>
<span class="text-gray-500 text-sm">Cannot modify yourself</span>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
</div>
<% else %>
<p class="text-gray-400">No superadmins found!</p>
<% end %>
</div>
<div class="border border-primary rounded-xl p-6 bg-dark">
<h2 class="text-2xl font-semibold text-yellow-400 mb-4">Admins (<%= @admins.count %>)</h2>
<% if @admins.any? %>
<div class="overflow-x-auto">
<table class="w-full text-left">
<thead>
<tr class="border-b border-gray-700">
<th class="py-3 px-4">User</th>
<th class="py-3 px-4">Slack ID</th>
<th class="py-3 px-4">Actions</th>
</tr>
</thead>
<tbody>
<% @admins.each do |user| %>
<tr class="border-b border-gray-800 hover:bg-gray-800/50">
<td class="py-3 px-4">
<div class="flex items-center gap-2">
<img src="<%= user.avatar_url %>" alt="Avatar" class="w-8 h-8 rounded-full">
<span class="text-white"><%= user.display_name %></span>
</div>
</td>
<td class="py-3 px-4 text-gray-300"><%= user.slack_uid || "N/A" %></td>
<td class="py-3 px-4">
<div class="flex gap-2">
<%= button_to "→ Superadmin", admin_admin_user_path(user, admin_level: "superadmin"),
method: :patch,
class: "px-3 py-1 bg-red-600 hover:bg-red-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Promote #{user.display_name} to Superadmin?" } %>
<%= button_to "→ Viewer", admin_admin_user_path(user, admin_level: "viewer"),
method: :patch,
class: "px-3 py-1 bg-blue-600 hover:bg-blue-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Demote #{user.display_name} to Viewer?" } %>
<%= button_to "→ Default", admin_admin_user_path(user, admin_level: "default"),
method: :patch,
class: "px-3 py-1 bg-gray-600 hover:bg-gray-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Remove #{user.display_name}'s admin privileges?" } %>
</div>
</td>
</tr>
<% end %>
</tbody>
</table>
</div>
<% else %>
<p class="text-gray-400">No admins found</p>
<% end %>
</div>
<div class="border border-primary rounded-xl p-6 bg-dark">
<h2 class="text-2xl font-semibold text-blue-400 mb-4">Viewers (<%= @viewers.count %>)</h2>
<% if @viewers.any? %>
<div class="overflow-x-auto">
<table class="w-full text-left">
<thead>
<tr class="border-b border-gray-700">
<th class="py-3 px-4">User</th>
<th class="py-3 px-4">Slack ID</th>
<th class="py-3 px-4">Actions</th>
</tr>
</thead>
<tbody>
<% @viewers.each do |user| %>
<tr class="border-b border-gray-800 hover:bg-gray-800/50">
<td class="py-3 px-4">
<div class="flex items-center gap-2">
<img src="<%= user.avatar_url %>" alt="Avatar" class="w-8 h-8 rounded-full">
<span class="text-white"><%= user.display_name %></span>
</div>
</td>
<td class="py-3 px-4 text-gray-300"><%= user.slack_uid || "N/A" %></td>
<td class="py-3 px-4">
<div class="flex gap-2">
<%= button_to "→ Superadmin", admin_admin_user_path(user, admin_level: "superadmin"),
method: :patch,
class: "px-3 py-1 bg-red-600 hover:bg-red-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Promote #{user.display_name} to Superadmin?" } %>
<%= button_to "→ Admin", admin_admin_user_path(user, admin_level: "admin"),
method: :patch,
class: "px-3 py-1 bg-yellow-600 hover:bg-yellow-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Promote #{user.display_name} to Admin?" } %>
<%= button_to "→ Default", admin_admin_user_path(user, admin_level: "default"),
method: :patch,
class: "px-3 py-1 bg-gray-600 hover:bg-gray-500 text-white text-sm font-medium rounded transition-colors cursor-pointer",
data: { confirm: "Remove #{user.display_name}'s viewer privileges?" } %>
</div>
</td>
</tr>
<% end %>
</tbody>
</table>
</div>
<% else %>
<p class="text-gray-400">No viewers found</p>
<% end %>
</div>
</div>
<script>
document.addEventListener('DOMContentLoaded', function() {
const input = document.getElementById('user-search');
const res = document.getElementById('search-results');
let d;
if (input) {
input.addEventListener('input', function() {
clearTimeout(d);
const query = this.value.trim();
if (query.length < 2) {
res.innerHTML = '';
return;
}
d = setTimeout(function() {
fetch('/admin/admin_users/search?q=' + encodeURIComponent(query), {
headers: { 'Accept': 'text/html' }
})
.then(r => r.text())
.then(html => {
res.innerHTML = html;
});
}, 100);
});
}
});
</script>

5
app/views/shared/_nav.html.erb
View file

@ -142,6 +142,11 @@
<% end %>
<% end %>
<% end %>
<% superadmin_tool(nil, "div") do %>
<%= link_to admin_admin_users_path, class: "block px-2 py-1 rounded-lg transition #{current_page?(admin_admin_users_path) ? 'bg-primary/50 text-primary' : 'hover:bg-[#23272a]'}", data: { action: "click->nav#clickLink" } do %>
Admin Management
<% end %>
<% end %>
<% superadmin_tool(nil, "div") do %>
<%= link_to admin_deletion_requests_path, class: "block px-2 py-1 rounded-lg transition #{current_page?(admin_deletion_requests_path) ? 'bg-primary/50 text-primary' : 'hover:bg-[#23272a]'}", data: { action: "click->nav#clickLink" } do %>
Account Deletions

8
config/routes.rb
View file

@ -22,6 +22,14 @@ Rails.application.routes.draw do
mount AhoyCaptain::Engine => "/ahoy_captain"
mount Flipper::UI.app(Flipper) => "flipper", as: :flipper
namespace :admin do
resources :admin_users, only: [ :index, :update ] do
collection do
get :search
end
end
end
# get "/my/mailing_address", to: "my/mailing_address#show", as: :my_mailing_address
end