Admin Roles: Restrict ability to search for and update users

Description

Only admins with superadmin, policy_and_abuse, open_doors, support, or tag_wrangling roles should

  • have the “Manage Users” menu in the admin navigation, with “Find Users” and “Bulk Email Search” links in the menu

  • be able to access the Find Users and Bulk Email Search pages by following said links

  • be able to perform searches from those pages

  • be able to download a CSV of the results on the Bulk Email Search page

  • be able to see and update a user’s roles after performing a search on the Find Users or Bulk Email Search page

  • be able to see a user’s Fannish Next of Kin after performing a search on the Find Users or Bulk Email Search page

  • access a user admin page by following the “Details” link after performing a search on the Find Users or Bulk Email Search page

  • be able to see all of the user admin page’s content, e.g. buttons, forms, history table

  • be able to use the Manage User Invitations, Add User Invitations, Troubleshoot Account, Send Activation Email, Activate User Account, and Manage User Roles options on the user admin page

Admins with the superadmin or policy_and_abuse role should

  • be able to modify the Fannish Next of Kin on the user admin page

  • be able to record notes or warnings on the user admin page

  • be able to suspend/ban or lift suspension/ban on the user admin page

  • be able to ban and delete all of a spammer’s creations on the user admin page

Admins with the open_doors, support, or tag_wrangling roles should

  • receive an error when attempting to do anything on the previous list

    • TODO: In current branch, admins with these roles can modify FNOK information. Modifying Warnings and Suspensions/Notes results in an empty success message but no changes being saved.

Admins without none of the listed roles should

  • not have the “Manage Users” menu in the admin navigation

    • TODO: In current branch, the menu is present for everyone.

  • be redirected and given an error message if they enter the URL to Find Users (https://test.archiveofourown.org/admin/users) or Bulk Email Search (https://test.archiveofourown.org/admin/users/bulk_search) pages, or to a user’s admin page (https://test.archiveofourown.org/admin/users/testy) in their browser bar

 

Environment

None

Assignee

elzj78 (Elz)

Reporter

elzj78 (Elz)

Roadmap

Admin

Priority

Medium

Affects versions

Fix versions

None

Components

BackEnd

Difficulty

Medium

Required Access Level

Admin

Epic Link

Milestone

Internal 0.9
Configure