-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Admin feature fixes, new admin privilege manager #448
Conversation
β¦ending/reported - length feature implemented too
β¦apping to class names
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job with the admin page, Andrew! This interface will better support our internal processes as we manage admins and parse through reviews. I've left a couple comments related to the testing I did, but you are progressing really well with this task!
if (response.status === 200) { | ||
setAdmins(result) | ||
} else { | ||
console.log('Error at getAdmins') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally shouldn't be printing to console in the frontend
* @param _netId the user's net id | ||
*/ | ||
|
||
function addAdminByNetId(_netId: string) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work with this new feature! It'll help us better manage admin access semester-to-semester. I've left a couple comments with things I noticed while testing.
Currently, adding the admin by netid doesn't automatically update the frontend - perhaps use useEffect()
? I think the remove function also doesn't automatically update.
Also, it'd be nice to attach the admin's full name before the netid (should just be a quick query to the name in the database)
I'm not sure if this is feasible, but restricting who can manage the admins would be great (maybe just permissions for TPM). Along with this, making sure that the admin manager shouldn't be able to remove themselves or add duplicates of other members on the team will help prevent "lockouts" and access issues.
<AdminUser | ||
user={admin} | ||
token={token} | ||
removeHandler={removeAdmin} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the admin manager, perhaps don't show the remove handle so that they don't accidentally remove themselves
<h2>Diagnostic information</h2> | ||
<div className = {styles.stats}> | ||
<button className={styles.downloadButton} onClick={downloadCSVFile}> | ||
Download ApprovedReviewCount by Class |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would make this a link (like this) to make it clearer that a file can be downloaded from this text.
/** | ||
* Gets CSV text string of all reviews that are approved, sorted by class. | ||
* | ||
* @param {Auth} auth: Object that represents the authentication of a request being passed in. | ||
* @returns CSV text if operation was successful, null otherwise | ||
*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love all the detailed documentation you added in this file!
/* | ||
* If there is an attempt to grant admin privilege to someone not in the database, | ||
* a new user will be created with the given netid and added to the database. | ||
*/ | ||
|
||
export const createNewAdminUser = async (id: string) => { | ||
|
||
const admin: InsertStudentType = { | ||
_id: shortid.generate(), | ||
firstName: '', | ||
lastName: '', | ||
netId: id, | ||
affiliation: '', | ||
token: '', | ||
privilege: 'admin', | ||
}; | ||
|
||
const newAdmin = new Students(admin); | ||
const res = await newAdmin.save(); | ||
|
||
return res | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should probably be some "security measure" here so that we don't accidentally add a random member as admin. I'm wondering if there's a way to cross-check with like a CUReviews roster automatically.
removePendingReview, | ||
updateAllProfessorsDb, | ||
resetAllProfessorsDb, | ||
initAllDb, | ||
addNewSemDb, | ||
verifyTokenAdmin, | ||
reportReview, | ||
getAdminUsers, | ||
removeAdmin, | ||
addOrUpdateAdmin, | ||
} from './admin.controller'; | ||
|
||
export const adminRouter = express.Router(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would make it easier on the backend if all these routers were prepended by /admin
. Like for getting reviews, that seems like it could belong to the display reviews page, but adding the admin route would help clarify that (and differentiate it from the user-facing reviews).
β¦ourse-reviews-react-2.0 into andrew/admin-fixes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work Andrew!!! Glad we managed to get a lot of the major functionality of the Admin page working so far.
For other issues, we will move other issues to another PR through in the future though!
Note: discussed most issues in person and worked through updating code
[diff-counting] Significant lines: 1150. This diff might be too big! Developer leads are invited to review the code. |
Summary
This PR works on the Admin page feature, fixing old bugs and adding the ability to manage admin users by net-id.
PR Type
Mobile + Desktop Screenshots & Recordings
QA - Test Plan
Breaking Changes & Notes
Added to documentation?