Check the privileges for editing bot data

SOBotics / Higgs

A generic dashboard for viewing and providing feedback to SOBotics bots.

GNU General Public License v3.0

4 stars 0 forks source link

Check the privileges for editing bot data #25

Closed Filnor closed 6 years ago

Filnor commented 6 years ago

If I login and then go to the admin page for a bot, for example to Natty tester, I can freely edit the data in there. For example, I edited the bot name and set it to "Natty tester - 0wn3d by ch4d3_".

Not every user who creates an account should be able to do that IMO, so a check for privileges would be nice.

This check should validate if a user is at least one of those:

A RO on SOBotics
A SO/SE moderator
(Other users we trust in some way (e.g. developers))

rjrudman commented 6 years ago

Absolutely! Most of the pages are locked behind permissions, however, currently, every user is granted every permission upon signup to help with testing.

When we've ironed out the majority of issues with Higgs and have HD reliably sending reports/feedback - we'll revoke permissions from users who shouldn't have/need them

Filnor commented 6 years ago

Alright, I think that's fine then. I was just confused why I could edit it. 😄

rjrudman commented 6 years ago

No worries. I think I'll keep this open so we don't forget to remove privileges :)