You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.7 KiB
1.7 KiB
| title | status | type | priority | created_at | updated_at |
|---|---|---|---|---|---|
| quotesdb/ui: admin page auth-first flow and remove from default nav | completed | feature | normal | 2026-03-10T23:32:10Z | 2026-03-10T23:32:10Z |
Summary
Two related admin UX improvements:
- Remove the admin link from all default navigation/page footers — admins access /admin directly via URL.
- Rework the /admin page so it prompts for the auth code first; the rest of the admin controls are locked until auth succeeds.
Details
Remove Admin from Nav
- Audit all pages and the nav component for any link to /admin
- Remove them — /admin should not be discoverable from normal browsing
- The route itself (/admin) remains accessible by direct URL
Auth-First Admin Page
Currently the /admin page may show controls before authenticating. Change the flow:
- On load, /admin shows only an auth code input field and a submit button
- On submit, call the existing admin status/verify endpoint (or any lightweight admin endpoint) with the provided auth code
- On success: unlock and display all admin tabs (existing controls + new Moderation tab)
- On failure (403): show an error message, keep page locked
- The auth code is kept in component state (not localStorage) — refreshing the page requires re-entering it
Acceptance Criteria
- No /admin link anywhere in default navigation or footer
- /admin loads in locked state showing only auth input
- Correct admin endpoints called with entered auth code
- On success: all tabs visible and functional
- On failure: error shown, page remains locked
- Re-visiting /admin requires re-authenticating
Validation
cargo fmt && cargo check && cargo clippy
trunk build