Separate recovery admin email from site users #175

Merged

erik merged 2 commits from fix/task-44e37898-admin-email-section into main 2026-06-21 11:39:40 -05:00

Conversation 2 Commits 2 Files changed 3 +181 -31

erik commented 2026-06-21 11:21:02 -05:00

Owner

Copy link

Summary

• Add a dedicated Recovery admin email section to Settings → Site users for the configured ADMIN_EMAIL.
• Explain that ADMIN_EMAIL is deployment-configured and must be changed in deployment config.
• Show matching stored user status/roles in the recovery section when present.
• Filter the configured recovery admin email out of the normal editable users table.
• Block direct add, role-update, and deactivate POSTs for the configured recovery admin email.
• Add regression tests for matching/non-matching stored recovery users and direct mutation attempts.

Verification

• npm test --workspace @slugkit/template-site -- src/routes/__tests__/admin-users.test.ts
• npm run build --workspace @slugkit/template-site
• ./scripts/pre-pr.sh

## Summary - Add a dedicated Recovery admin email section to Settings → Site users for the configured `ADMIN_EMAIL`. - Explain that `ADMIN_EMAIL` is deployment-configured and must be changed in deployment config. - Show matching stored user status/roles in the recovery section when present. - Filter the configured recovery admin email out of the normal editable users table. - Block direct add, role-update, and deactivate POSTs for the configured recovery admin email. - Add regression tests for matching/non-matching stored recovery users and direct mutation attempts. ## Verification - `npm test --workspace @slugkit/template-site -- src/routes/__tests__/admin-users.test.ts` - `npm run build --workspace @slugkit/template-site` - `./scripts/pre-pr.sh`

erik added 1 commit 2026-06-21 11:21:02 -05:00

fix: separate recovery admin email ... 39f6e05b76

Task: #task-44e37898

erik commented 2026-06-21 11:22:14 -05:00

Author

Owner

Copy link

PR Review: Approved

Summary

This PR separates the configured ADMIN_EMAIL from ordinary Site users UI by adding a dedicated Recovery admin email section, filtering it out of the editable users table, and blocking direct add/role/deactivate mutations for that configured identity.

Acceptance criteria

• Settings → Site users has a dedicated recovery/bootstrap admin email section showing the configured ADMIN_EMAIL — met via the new Recovery admin email section.
• The recovery/bootstrap section states that ADMIN_EMAIL is configured from deployment environment and must be changed in deployment config — met by section copy.
• When the configured ADMIN_EMAIL has a stored site-user record, the section shows its stored status and roles for context — met via stored status/roles definition list.
• The normal Site users table does not show the configured ADMIN_EMAIL as a normal editable row, or otherwise disables role/deactivate controls with clear explanatory copy — met by filtering the recovery email out of the editable users table.
• Admins cannot deactivate or demote the configured bootstrap/recovery identity through the normal Site users table controls — met by server-side guards for add, role update, and deactivate POSTs.
• Tests cover the Site users page when ADMIN_EMAIL has a matching stored user — met.
• Tests cover the Site users page when ADMIN_EMAIL does not yet have a stored user — met.

Blocking issues

None.

Warnings

None.

Verification

• npm test --workspace @slugkit/template-site -- src/routes/__tests__/admin-users.test.ts
• npm run build --workspace @slugkit/template-site
• ./scripts/pre-pr.sh
• Forgejo Actions run #241 passed.

Verdict

Approved. Stop at the human merge gate.

PR Review Worker Result

• pr: open
• review: approved
• pr_comment: posted
• task_comment: posted
• blocking_issues: 0
• warnings: 0
• criteria_total: 7
• criteria_met: 7
• criteria_missing: 0

## PR Review: Approved ### Summary This PR separates the configured `ADMIN_EMAIL` from ordinary Site users UI by adding a dedicated Recovery admin email section, filtering it out of the editable users table, and blocking direct add/role/deactivate mutations for that configured identity. ### Acceptance criteria - [x] Settings → Site users has a dedicated recovery/bootstrap admin email section showing the configured `ADMIN_EMAIL` — met via the new Recovery admin email section. - [x] The recovery/bootstrap section states that `ADMIN_EMAIL` is configured from deployment environment and must be changed in deployment config — met by section copy. - [x] When the configured `ADMIN_EMAIL` has a stored site-user record, the section shows its stored status and roles for context — met via stored status/roles definition list. - [x] The normal Site users table does not show the configured `ADMIN_EMAIL` as a normal editable row, or otherwise disables role/deactivate controls with clear explanatory copy — met by filtering the recovery email out of the editable users table. - [x] Admins cannot deactivate or demote the configured bootstrap/recovery identity through the normal Site users table controls — met by server-side guards for add, role update, and deactivate POSTs. - [x] Tests cover the Site users page when `ADMIN_EMAIL` has a matching stored user — met. - [x] Tests cover the Site users page when `ADMIN_EMAIL` does not yet have a stored user — met. ### Blocking issues None. ### Warnings None. ### Verification - `npm test --workspace @slugkit/template-site -- src/routes/__tests__/admin-users.test.ts` - `npm run build --workspace @slugkit/template-site` - `./scripts/pre-pr.sh` - Forgejo Actions run #241 passed. ### Verdict Approved. Stop at the human merge gate. PR Review Worker Result - pr: open - review: approved - pr_comment: posted - task_comment: posted - blocking_issues: 0 - warnings: 0 - criteria_total: 7 - criteria_met: 7 - criteria_missing: 0

erik referenced this pull request 2026-06-21 11:26:14 -05:00

Separate ADMIN_EMAIL from site users #174

erik added 1 commit 2026-06-21 11:38:27 -05:00

fix: refine site users layout ... 3674f3e5d3

Task: #task-44e37898

erik commented 2026-06-21 11:39:34 -05:00

Author

Owner

Copy link

PR Review Update: Approved

Summary

Reviewed the follow-up UI refinements on PR #175. The Recovery admin email section now stays at the bottom, no longer shows stored status/roles, and the Users table is narrower with Email, Name, Role, and Status columns. Role selects render the effective current role and disable browser autocomplete to avoid stale restored select state.

Blocking issues

None.

Warnings

None.

Verification

• npm test --workspace @slugkit/template-site -- src/routes/__tests__/admin-users.test.ts
• ./scripts/pre-pr.sh
• Forgejo Actions run #242 passed.

Verdict

Approved. Proceeding with explicit merge approval.

PR Review Worker Result

• pr: open
• review: approved
• pr_comment: posted
• task_comment: posted
• blocking_issues: 0
• warnings: 0
• criteria_total: 7
• criteria_met: 7
• criteria_missing: 0

## PR Review Update: Approved ### Summary Reviewed the follow-up UI refinements on PR #175. The Recovery admin email section now stays at the bottom, no longer shows stored status/roles, and the Users table is narrower with Email, Name, Role, and Status columns. Role selects render the effective current role and disable browser autocomplete to avoid stale restored select state. ### Blocking issues None. ### Warnings None. ### Verification - `npm test --workspace @slugkit/template-site -- src/routes/__tests__/admin-users.test.ts` - `./scripts/pre-pr.sh` - Forgejo Actions run #242 passed. ### Verdict Approved. Proceeding with explicit merge approval. PR Review Worker Result - pr: open - review: approved - pr_comment: posted - task_comment: posted - blocking_issues: 0 - warnings: 0 - criteria_total: 7 - criteria_met: 7 - criteria_missing: 0

erik merged commit f37a2a4dd2 into main 2026-06-21 11:39:40 -05:00

erik deleted branch fix/task-44e37898-admin-email-section 2026-06-21 11:39:40 -05:00

erik referenced this pull request from a commit 2026-06-21 11:39:42 -05:00

Separate recovery admin email from site users (#175)

erik referenced this pull request 2026-06-21 11:42:46 -05:00

Separate ADMIN_EMAIL from site users #174

erik referenced this pull request 2026-06-21 11:42:46 -05:00

Separate ADMIN_EMAIL from site users #174

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

activitypub

  

admin

  

api

  

articles

  

auth

  

bug

  

cleanup

  

cli

  

comments

  

compatibility

  

config

  

contacts

  

database

  

deployment

  

design

  

dev-env

  

docs

  

documentation

  

email

  

enhancement

  

feature

  

federation

  

feed

  

homepage

  

implementation

  

integration

  

media

  

openapi

  

priority:high

  

priority:low

  

priority:medium

  

proof

  

public-routes

  

public-ui

  

release

  

safety

  

social

  

sources

  

status:active

  

status:canceled

  

status:done

  

status:inprogress

  

status:waiting

  

syndication

  

tailwind

  

template

  

test

  

web

No labels

activitypub

admin

api

articles

auth

bug

cleanup

cli

comments

compatibility

config

contacts

database

deployment

design

dev-env

docs

documentation

email

enhancement

feature

federation

feed

homepage

implementation

integration

media

openapi

priority:high

priority:low

priority:medium

proof

public-routes

public-ui

release

safety

social

sources

status:active

status:canceled

status:done

status:inprogress

status:waiting

syndication

tailwind

template

test

web

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

erik/slugkit!175

No description provided.