You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.6 KiB
1.6 KiB
+++ title = "quotesdb/ui: admin page auth-first flow and remove from default nav" priority = 5 status = "todo" ticket_type = "feature" dependencies = [] +++
Summary
Two related admin UX improvements:
- Remove the admin link from all default navigation/page footers — admins access /admin directly via URL.
- Rework the /admin page so it prompts for the auth code first; the rest of the admin controls are locked until auth succeeds.
Details
Remove Admin from Nav
- Audit all pages and the nav component for any link to /admin
- Remove them — /admin should not be discoverable from normal browsing
- The route itself (/admin) remains accessible by direct URL
Auth-First Admin Page
Currently the /admin page may show controls before authenticating. Change the flow:
- On load, /admin shows only an auth code input field and a submit button
- On submit, call the existing admin status/verify endpoint (or any lightweight admin endpoint) with the provided auth code
- On success: unlock and display all admin tabs (existing controls + new Moderation tab)
- On failure (403): show an error message, keep page locked
- The auth code is kept in component state (not localStorage) — refreshing the page requires re-entering it
Acceptance Criteria
- No /admin link anywhere in default navigation or footer
- /admin loads in locked state showing only auth input
- Correct admin endpoints called with entered auth code
- On success: all tabs visible and functional
- On failure: error shown, page remains locked
- Re-visiting /admin requires re-authenticating
Validation
cargo fmt && cargo check && cargo clippy
trunk build