codedaily-v3 icon indicating copy to clipboard operation
codedaily-v3 copied to clipboard
verified publisher icon huytd

Admin Dashboard - Post management

Open huytd opened this issue 8 years ago • 6 comments

This will be the first feature for the Admin Dashboard.

There are a lot of incoming request for the Admin Dashboard but let's keep it as simple as possible for now.

  1. Only administrator and moderators will have access to the dashboard, other users will get a 404 error.
  2. The logged in administrator/moderator will be able to delete a post from newsfeed.

Both backend and frontend will need to be done for this.

huytd avatar Sep 27 '17 22:09 huytd

Giving a 404 wouldn't be the best answer. Admins who aren't logged in, might think they have the wrong page. I suggest giving a 401 and a page that asks you to log in as an admin.

Cxarli avatar Oct 07 '17 14:10 Cxarli

Regarding the status code, I suppose 403 Forbidden would be the best fit for the idea of "Only administrator and moderators will have access to the dashboard, other users will get a XXX". 401 Unauthorized is unfortunately a lie, it's mostly about authentication.

qcam avatar Oct 07 '17 15:10 qcam

401 is still good. The reason I'm chosing 404 is because I don't want to give "hackers" any sign of the existent of the admin dashboard. Which will be better?

huytd avatar Oct 07 '17 17:10 huytd

@huytd well ... the repo is open source.

qcam avatar Oct 08 '17 06:10 qcam

Then the admin route should be stored in a configurable file, so you can change it whenever you want during deployment. Sound good right? :D

huytd avatar Oct 08 '17 06:10 huytd

Security by obscurity is never a good idea :wink:

Cxarli avatar Oct 10 '17 15:10 Cxarli