srizan/archived-hc-harbor
1
0
Fork 0
mirror of https://github.com/SrIzan10/hc-harbor.git synced 2026-05-01 10:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

first pass

Browse Source
This commit is contained in:
Echo
2025-07-05 22:14:47 -04:00
parent a0cc474d1a
commit 619fc1eb74
13 changed files with 77 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/admin/base_controller.rb
View File

@@ -4,7 +4,7 @@ class Admin::BaseController < ApplicationController
private
def authenticate_admin!
unless current_user&.admin?
unless current_user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin")
redirect_to root_path, alert: "You are not authorized to access this page."
end
end

2
app/controllers/admin/trust_level_audit_logs_controller.rb
View File

@@ -66,7 +66,7 @@ class Admin::TrustLevelAuditLogsController < Admin::BaseController
private
def require_admin
unless current_user&.admin?
unless current_user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin")
redirect_to root_path, alert: "no perms lmaooo"
end
end

6
app/controllers/api/admin/v1/admin_controller.rb
View File

@@ -17,8 +17,7 @@ module Api
id: creator.id,
username: creator.username,
display_name: creator.display_name,
admin: creator.admin?,
superadmin: creator.superadmin?
admin_level: creator.admin_level
}
}
end
@@ -37,8 +36,7 @@ module Api
github_username: user.github_username,
timezone: user.timezone,
country_code: user.country_code,
admin: user.admin?,
superadmin: user.superadmin?,
admin_level: user.admin_level,
trust_level: user.trust_level,
suspected: user.trust_level == "yellow",
banned: user.trust_level == "red",

2
app/controllers/application_controller.rb
View File

@@ -36,7 +36,7 @@ class ApplicationController < ActionController::Base
end
def try_rack_mini_profiler_enable
if current_user && current_user.is_admin?
if current_user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin")
Rack::MiniProfiler.authorize_request
end
end

5
app/controllers/sessions_controller.rb
View File

@@ -176,12 +176,11 @@ class SessionsController < ApplicationController
user = User.find(params[:id])
if user.superadmin?
if user.admin_level == "superadmin"
redirect_to root_path, alert: "nice try, you cant do that"
return
end
if user.admin? && !current_user.superadmin?
if user.admin_level == "admin" && current_user.admin_level != "superadmin"
redirect_to root_path, alert: "nice try, you cant do that"
return
end

6
app/controllers/users_controller.rb
View File

@@ -82,12 +82,12 @@ class UsersController < ApplicationController
reason = params[:reason]
notes = params[:notes]
if @user && current_user.admin? && trust_level.present?
if @user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin") && trust_level.present?
unless User.trust_levels.key?(trust_level)
return render json: { error: "you fucked it up lmaooo" }, status: :unprocessable_entity
end
if trust_level == "red" && !current_user.can_convict_users?
if trust_level == "red" && current_user.admin_level != "superadmin"
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
@@ -115,7 +115,7 @@ class UsersController < ApplicationController
private
def require_admin
unless current_user.admin?
unless current_user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin")
redirect_to root_path, alert: "You are not authorized to access this page"
end
end

2
app/helpers/application_helper.rb
View File

@@ -16,7 +16,7 @@ module ApplicationHelper
end
def admin_tool(class_name = "", element = "div", **options, &block)
return unless current_user&.is_admin?
return unless current_user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin")
concat content_tag(element, class: "admin-tool #{class_name}", **options, &block)
end

50
app/models/user.rb
View File

@@ -27,6 +27,25 @@ class User < ApplicationRecord
yellow: 3 # suspected (invisible to user)
}
enum :admin_level, {
default: 0, # pleebs
superadmin: 1,
admin: 2,
viewer: 3
}, prefix: :admin_level
def set_admin_level(level)
return false unless level.present? && self.class.admin_levels.key?(level)
previous_level = admin_level
if previous_level != level.to_s
update!(admin_level: level.to_s)
end
true
end
def set_trust(level, changed_by_user: nil, reason: nil, notes: nil)
return false unless level.present?
@@ -173,37 +192,6 @@ class User < ApplicationRecord
end
end
def admin?
is_admin || is_superadmin
end
def superadmin?
is_superadmin
end
def make_admin!
update!(is_admin: true)
end
def make_superadmin!
update!(is_superadmin: true, is_admin: true)
end
def remove_admin!
update!(is_admin: false)
end
def remove_superadmin!
update!(is_superadmin: false)
end
def can_convict_users?
superadmin?
end
def can_moderate_trust_levels?
admin?
end
def raw_github_user_info
return nil unless github_uid.present?

4
config/initializers/doorkeeper.rb
View File

@@ -9,7 +9,9 @@ Doorkeeper.configure do
admin_authenticator do
if current_user
head :forbidden unless current_user.admin?
unless current_user && (current_user.admin_level == "admin" || current_user.admin_level == "superadmin")
head :forbidden
end
else
redirect_to sign_in_url
end

2
config/initializers/flipper.rb
View File

@@ -36,5 +36,5 @@ end
## See https://www.flippercloud.io/docs/features#enablement-group
Flipper.register(:admins) do |actor|
actor.respond_to?(:admin?) && actor.admin?
actor.respond_to?(:admin_level) && (actor.admin_level == "superadmin")
end

2
config/routes.rb
View File

@@ -3,7 +3,7 @@ class AdminConstraint
return false unless request.session[:user_id]
user = User.find_by(id: request.session[:user_id])
user&.admin?
user&.admin_level == "admin" || user&.admin_level == "superadmin"
end
end

41
db/migrate/20250705_migrate_admin_levels_on_users.rb Normal file
View File

@@ -0,0 +1,41 @@
class MigrateAdminLevelsOnUsers < ActiveRecord::Migration[7.0]
def up
add_column :users, :admin_level, :integer, default: 0, null: false
User.reset_column_information
User.find_each do |user|
if user.is_superadmin
user.update_column(:admin_level, 1)
elsif user.is_admin
user.update_column(:admin_level, 2)
else
user.update_column(:admin_level, 0)
end
end
remove_column :users, :is_admin, :boolean
remove_column :users, :is_superadmin, :boolean
end
def down
add_column :users, :is_admin, :boolean, default: false, null: false
add_column :users, :is_superadmin, :boolean, default: false, null: false
User.reset_column_information
User.find_each do |user|
case user.admin_level
when 1
user.update_column(:is_superadmin, true)
user.update_column(:is_admin, true)
when 2
user.update_column(:is_admin, true)
user.update_column(:is_superadmin, false)
else
user.update_column(:is_admin, false)
user.update_column(:is_superadmin, false)
end
end
remove_column :users, :admin_level, :integer
end
end

3
db/schema.rb generated
View File

@@ -519,7 +519,6 @@ ActiveRecord::Schema[8.0].define(version: 2025_07_01_142553) do
t.datetime "updated_at", null: false
t.string "username"
t.string "slack_avatar_url"
t.boolean "is_admin", default: false, null: false
t.boolean "uses_slack_status", default: false, null: false
t.string "slack_scopes", default: [], array: true
t.text "slack_access_token"
@@ -536,7 +535,7 @@ ActiveRecord::Schema[8.0].define(version: 2025_07_01_142553) do
t.string "mailing_address_otc"
t.boolean "allow_public_stats_lookup", default: true, null: false
t.boolean "default_timezone_leaderboard", default: true, null: false
t.boolean "is_superadmin", default: false, null: false
t.integer "admin_level", default: 0, null: false
t.index ["github_uid", "github_access_token"], name: "index_users_on_github_uid_and_access_token"
t.index ["github_uid"], name: "index_users_on_github_uid"
t.index ["slack_uid"], name: "index_users_on_slack_uid", unique: true