Closed josh1248 closed 6 days ago
coveralls
commented
2 months ago coverage: 93.661% (-0.1%) from 93.78% when pulling fe8c762a46801c6a3beda6b205a53feb32c6bb10 on GabrielCWT:No-GC-For-Staff into 71192c3079111ad0708ff145d17014100f4df2ab on source-academy:master.
josh1248
commented
2 months ago The new scope has caused the test error codes to change from 400 to 403 - will update the tests for staffs and admins.
josh1248
commented
1 month ago Error messages are no longer being generated at the controller level but rather at the router level due to the changes, which causes the tailored error messages to be hidden. I was wondering if this was something I should revert? Alternatively, it could be possible to make the admin check a per-route check, allowing for different error messages rather than a generic "403 Forbidden". Would take some time, though (should still be manageable to bulk-change).
josh1248
commented
1 month ago Ready for review!
josh1248
commented
1 week ago Apologies for missing this out - I have reverted the accidental formatting changes!
Accompanies the frontend pull request at https://github.com/source-academy/frontend/pull/3043
Previously, "admin" routes were available to both staff and admins to access.
Now, a new "staff" route has been created that accepts most of the previous functions. The remaining functions in "admin" scope have the ability to cause massive damage, such as the deletion of entire assessments. Hence, they are now inaccessible to avengers even if they bypass the frontend route checking.
Aside: I have also shifted admin panel actions into this admin scope.