"Carpool Details Link" from admin tool #613
Comments
|
It should be based entirely on checking for the logged in user's role, not a request param. Can we imagine showing more information for a carpool that we want to add to an admin-specific view onto a carpool? If it was admin specific then we could make the generic carpool view less complicated and error-prone. |
|
In an ideal world, the admin's view of a carpool would include driver's name/email, approved passengers' names/emails, and pending passengers' names/emails, plus would allow the admin to do anything the driver can do (approve or deny passengers, change the number of seats, edit the carpool, cancel the carpool). Use case: the driver has made mistakes and can't figure out how to fix them. |
|
I might prefer a separate "administer carpool" view that doesn't piggyback on the "carpool details" page that ordinary users see. |
|
How about I think this through rather than pitching ideas into a bug? |
|
😄 thinking through ideas is totally ok. Then others can offer their thoughts too. |
|
@dryan had a different idea that would also solve the problem: allowing admins to impersonate users (Jane Admin can "become" Joe User, and then can edit Joe's carpools/rides in case Joe has troubles). If Flask supports this, it would do the trick. |
|
Sending to Dan for a verdict on impersonation. If it's not possible, send the issue back to me! |
|
Bummer, no good Flask solution for this. Spec forthcoming. |
|
Here's a mock for the info that should be on the "carpool details" page that links from the Carpools dashboard at https://nomad.ragtag.org/admin/carpools. Obviously not an example of how the page should be styled! Button actions should be obvious; the "Edit Carpool" button should go to a page with all the same info on it as the "Edit Carpool" button that's shown to drivers. |
|
why not just make that available on that page to any admin? the URL param seems unneeded to me. |
|
I suggested a separate page so that the carpool details template doesn't need to have a bunch of complex if-blocks in the template to check for roles. I guess it could be the same URL and we just load a different template if the logged-in user is an admin, but at that point why not just use a different URL? |
|
Letting an admin always see the driver's view of a carpool page would mean there's no way for an admin ever to request a ride. |
|
Too late in the game to take this one unless a partner demands it. Branch "admin_carpool_details" has a proposed fix if needed. |
When an admin goes from the Carpools dashboard at https://nomad.ragtag.org/admin/carpools to details for a specific carpool, the emails and names of driver and passengers should be displayed.
It's OK if we need to add a URL param to the carpool details page to indicate that the referrer is the admin dashboard, so long as the carpools detail page itself checks that the viewer has admin permissions before displaying info about the driver and passengers. (yeah, someone could guess the URL param, but if they don't have admin rights, they wouldn't see sensitive info anyway).
The text was updated successfully, but these errors were encountered: