Admin Roles: Restrict access to Settings

Description

Only admins with superadmin, support, policy_and_abuse, or tag_wrangling roles should

  • have the “Settings” option in the admin navigation

  • be able to access the Archive Settings page by following said link

  • see all the settings on the form

Admins with the superadmin role should

  • be able to update any setting

Admins with the tag_wrangling role should

  • be able to update the “Turn off tag wrangling for non-admins” setting

  • receive an error message if they attempt to update another setting find other settings disabled

Admins with the support role should

  • be able to update the “Turn off support form” setting and modify the text that appears in its place

  • receive an error message if they attempt to update another setting find other settings disabled

Admins with the policy_and_abuse role should

  • be able to update the “Automatically hide spam works” setting

  • be able to update “Invite from queue enabled (People can add themselves to the queue and invitations are sent out automatically)” setting (added 20 July)

  • be able to update “Number of people to invite from the queue at once” setting (added 20 July)

  • receive an error message if they attempt to update another setting find other settings disabled

Admins without those roles should

  • not have the “Settings” link in the admin navigation

  • be redirected and given an error message if they enter the URL to the Archive Settings page (https://test.archiveofourown.org/admin/settings)

Activity

Show:
AO3 Paula
July 18, 2020, 5:49 AM

WITH SUPPORT ROLE

Only admins with superadmin, support, policy_and_abuse, or tag_wrangling roles should

  • have the “Settings” option in the admin navigation - YES

  • be able to access the Archive Settings page by following said link - YES

  • see all the settings on the form - YES

Admins with the support role should

  • be able to update the “Turn off support form” setting and modify the text that appears in its place - YES

  • receive an error message if they attempt to update another setting - couldn’t even click it so moot

     

redsummernight
July 19, 2020, 2:06 AM

The bottom of the page accurately changes to indicate the last update was made by me. It doesn’t say what change was made; would it be valuable to add that?

Sammie: We should track that eventually, though not as part of this release ().

Everyone: I've updated the testing instructions, no need to check for "error message if they attempt to update another setting". If you can see the settings disabled, we're good.


This needs testing from a PAC admin before ready.

Matty Lynne
July 20, 2020, 6:43 AM

PAC Role

I can access the Settings tab. The only option available is the “Automatically hide spam works” setting. I can turn it on and off again.

Sarken
July 21, 2020, 1:34 AM

Spoke with Matty and PAC needs to be able to access “Number of people to invite from the queue at once.” It would also be good to give them access to “Invite from queue enabled (People can add themselves to the queue and invitations are sent out automatically)”

Matty Lynne
July 22, 2020, 5:57 AM

PAC:

I can:

  • be able to update “Invite from queue enabled (People can add themselves to the queue and invitations are sent out automatically)” setting (added 20 July, not in QA)

  • be able to update “Number of people to invite from the queue at once” setting (added 20 July, not in QA)

  • receive an error message if they attempt to update another setting find other settings disabled

DeployedToBeta

Assignee

Elz J

Reporter

Elz J

Roadmap

Admin

Priority

Medium

Affects versions

Fix versions

Components

BackEnd

Difficulty

Medium

Required Access Level

Admin

Epic Link

Milestone

Internal 0.9
Configure