You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.6 KiB
Markdown
40 lines
1.6 KiB
Markdown
+++
|
|
title = "quotesdb/ui: admin page auth-first flow and remove from default nav"
|
|
priority = 5
|
|
status = "todo"
|
|
ticket_type = "feature"
|
|
dependencies = []
|
|
+++
|
|
## Summary
|
|
Two related admin UX improvements:
|
|
1. Remove the admin link from all default navigation/page footers — admins access /admin directly via URL.
|
|
2. Rework the /admin page so it prompts for the auth code first; the rest of the admin controls are locked until auth succeeds.
|
|
|
|
## Details
|
|
|
|
### Remove Admin from Nav
|
|
- Audit all pages and the nav component for any link to /admin
|
|
- Remove them — /admin should not be discoverable from normal browsing
|
|
- The route itself (/admin) remains accessible by direct URL
|
|
|
|
### Auth-First Admin Page
|
|
Currently the /admin page may show controls before authenticating. Change the flow:
|
|
- On load, /admin shows only an auth code input field and a submit button
|
|
- On submit, call the existing admin status/verify endpoint (or any lightweight admin endpoint) with the provided auth code
|
|
- On success: unlock and display all admin tabs (existing controls + new Moderation tab)
|
|
- On failure (403): show an error message, keep page locked
|
|
- The auth code is kept in component state (not localStorage) — refreshing the page requires re-entering it
|
|
|
|
## Acceptance Criteria
|
|
- [ ] No /admin link anywhere in default navigation or footer
|
|
- [ ] /admin loads in locked state showing only auth input
|
|
- [ ] Correct admin endpoints called with entered auth code
|
|
- [ ] On success: all tabs visible and functional
|
|
- [ ] On failure: error shown, page remains locked
|
|
- [ ] Re-visiting /admin requires re-authenticating
|
|
|
|
## Validation
|
|
```sh
|
|
cargo fmt && cargo check && cargo clippy
|
|
trunk build
|
|
``` |