erik/slugkit

Fork 0

Rename admin pages to settings #166

New issue

Closed

opened 2026-06-20 08:26:17 -05:00 by erik · 5 comments

erik commented

2026-06-20 08:26:17 -05:00

Owner

Goal

Replace the existing admin route and pages with settings pages.

Requirements

Rename the current admin route/pages to settings.
Add an SVG header menu item that looks like a person/profile icon.
Link the new header menu item to the settings pages.
When an unauthenticated user opens the settings page, redirect them to the login page.

Acceptance criteria

Admin pages are accessible through settings routes/pages instead.
A profile/person SVG menu item appears in the header.
Clicking the header profile/person icon opens the settings pages.
Unauthenticated users who visit settings are taken to the login page.

Dependencies

None

## Goal Replace the existing admin route and pages with settings pages. ## Requirements - Rename the current admin route/pages to settings. - Add an SVG header menu item that looks like a person/profile icon. - Link the new header menu item to the settings pages. - When an unauthenticated user opens the settings page, redirect them to the login page. ## Acceptance criteria - [ ] Admin pages are accessible through settings routes/pages instead. - [ ] A profile/person SVG menu item appears in the header. - [ ] Clicking the header profile/person icon opens the settings pages. - [ ] Unauthenticated users who visit settings are taken to the login page. ## Dependencies - None

erik added the

priority:medium

status:inprogress

labels

2026-06-20 08:26:17 -05:00

erik commented

2026-06-20 08:31:47 -05:00

Author

Owner

Synced from todu comment by @todu on 2026-06-20T13:28:00.339Z

Update

Started implementation after approved plan. Scope: replace admin routes/pages with settings routes/pages only, update user-facing links/copy/forms/tests, add a profile/person SVG header link to /settings, and ensure unauthenticated settings requests redirect to login.

_Synced from todu comment by @todu on 2026-06-20T13:28:00.339Z_ ### Update Started implementation after approved plan. Scope: replace admin routes/pages with settings routes/pages only, update user-facing links/copy/forms/tests, add a profile/person SVG header link to `/settings`, and ensure unauthenticated settings requests redirect to login.

erik commented

2026-06-20 08:37:15 -05:00

Author

Owner

Synced from todu comment by @todu on 2026-06-20T13:33:34.698Z

Review update

PR: #167 is open and reviewed.
Result: approved; no blocking issues or warnings.
Verified: npm run build --workspace @slugkit/template-site, targeted template-site auth/public/settings route tests, ./scripts/pre-pr.sh, and Forgejo Actions run #232.
Acceptance: 4/4 criteria met.
Follow-up: waiting for explicit human merge approval.

_Synced from todu comment by @todu on 2026-06-20T13:33:34.698Z_ ### Review update - PR: https://forge.caradoc.com/erik/slugkit/pulls/167 is open and reviewed. - Result: approved; no blocking issues or warnings. - Verified: `npm run build --workspace @slugkit/template-site`, targeted template-site auth/public/settings route tests, `./scripts/pre-pr.sh`, and Forgejo Actions run #232. - Acceptance: 4/4 criteria met. - Follow-up: waiting for explicit human merge approval.

erik

2026-06-20 08:42:41 -05:00

closed this issue
added
status:done
and removed
status:inprogress
labels

erik commented

2026-06-20 08:42:42 -05:00

Author

Owner

Synced from todu comment by @todu on 2026-06-20T13:40:20.243Z

Closing summary

Task close gate: READY

Acceptance criteria verified:

Admin pages are accessible through settings routes/pages instead — met: protected page routes now use /settings, /settings/passkeys, /settings/api-keys, /settings/users, and /settings/activitypub; old /admin page route removal is covered by tests.
A profile/person SVG menu item appears in the header — met: public and settings headers include a settings-link anchor with inline profile/person SVG.
Clicking the header profile/person icon opens the settings pages — met: the icon links to /settings and tests assert the link appears.
Unauthenticated users who visit settings are taken to the login page — met: /settings requires a signed-in active site user and anonymous access redirects to /login.

Additional follow-up completed:

Viewer users can open /settings and manage passkeys, while admin-only areas remain hidden and protected.

Verification evidence:

./scripts/pre-pr.sh passed.
Forgejo Actions runs #232 and #233 passed.
PR #167 merged into main: #167

_Synced from todu comment by @todu on 2026-06-20T13:40:20.243Z_ ### Closing summary Task close gate: READY Acceptance criteria verified: - Admin pages are accessible through settings routes/pages instead — met: protected page routes now use `/settings`, `/settings/passkeys`, `/settings/api-keys`, `/settings/users`, and `/settings/activitypub`; old `/admin` page route removal is covered by tests. - A profile/person SVG menu item appears in the header — met: public and settings headers include a `settings-link` anchor with inline profile/person SVG. - Clicking the header profile/person icon opens the settings pages — met: the icon links to `/settings` and tests assert the link appears. - Unauthenticated users who visit settings are taken to the login page — met: `/settings` requires a signed-in active site user and anonymous access redirects to `/login`. Additional follow-up completed: - Viewer users can open `/settings` and manage passkeys, while admin-only areas remain hidden and protected. Verification evidence: - `./scripts/pre-pr.sh` passed. - Forgejo Actions runs #232 and #233 passed. - PR #167 merged into `main`: https://forge.caradoc.com/erik/slugkit/pulls/167

erik commented

2026-06-20 08:42:42 -05:00

Author

Owner

Synced from todu comment by @todu on 2026-06-20T13:39:54.431Z

Merge update

PR #167 was merged into main after the viewer settings access follow-up and passing CI run #233. Local main was fast-forwarded and the local feature branch was deleted.

_Synced from todu comment by @todu on 2026-06-20T13:39:54.431Z_ ### Merge update PR #167 was merged into `main` after the viewer settings access follow-up and passing CI run #233. Local `main` was fast-forwarded and the local feature branch was deleted.

erik commented

2026-06-20 08:42:42 -05:00

Author

Owner

Synced from todu comment by @todu on 2026-06-20T13:38:04.766Z

Review update

Fixed viewer settings access after manual report: /settings now requires an active site-user session rather than the admin role, so signed-in viewers can open settings and manage their own passkeys.
Admin-only areas remain admin-only and hidden from viewer settings navigation/dashboard: Site users, ActivityPub, and API keys until viewer API-key scoping is implemented separately.
Verified: npm run build --workspace @slugkit/template-site, targeted auth/passkeys/users/activitypub tests, ./scripts/pre-pr.sh, and Forgejo Actions run #233.
Review remains approved with 4/4 acceptance criteria met.

_Synced from todu comment by @todu on 2026-06-20T13:38:04.766Z_ ### Review update - Fixed viewer settings access after manual report: `/settings` now requires an active site-user session rather than the admin role, so signed-in viewers can open settings and manage their own passkeys. - Admin-only areas remain admin-only and hidden from viewer settings navigation/dashboard: Site users, ActivityPub, and API keys until viewer API-key scoping is implemented separately. - Verified: `npm run build --workspace @slugkit/template-site`, targeted auth/passkeys/users/activitypub tests, `./scripts/pre-pr.sh`, and Forgejo Actions run #233. - Review remains approved with 4/4 acceptance criteria met.