GSOC 2022: Administration System- Bookbrainz

Personal information

Nickname: Shivam
IRC nick: ShivamAwasthi
GitHub: the-good-boy

Proposal

Project Overview
BookBrainz currently has no administration system, or any good way of giving users special privileges. This certainly needs to change!
This project involves devising and implementing a basic admin system allowing for a flexible privilege hierarchy.

Features

• Admins can give special privileges to certain editors, from an Admin Panel which allows to search for other editors.
• Admins can block/unblock certain abusive users from the aforementioned Admin panel.
• These privileged editors (or Super Editors) can edit or add relationship types and identifier types.
• There will be public log of all these administrative actions.
• Super Editors will be able to view all the available identifier types and relationship types, and edit them if necessary.
• Super Editors can also trigger a reindex of the search server

Schema Changes
The table bookbrainz.editor_type will have the following types:

  • Admin
  • Super Editor
  • Editor
  • Blocked
  • Deleted

The following tables will be created:
bookbrainz.admin_action_types:

CREATE TYPE bookbrainz.admin_action_type as ENUM (
    'block_user',
    'unblock_user',
    'make_super_editor',
    'remove_super_editor'
); 

bookbrainz.admin_log

CREATE TABLE bookbrainz.admin_log (
    id SERIAL PRIMARY KEY,
    admin_id INT FOREIGN KEY REFERENCES bookbrainz.editor (id),
    user_id INT FOREIGN KEY REFERENCES bookbrainz.editor (id),
    action admin_action_type NOT NULL,
    time TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT timezone('UTC'::TEXT, now()),
    note VARCHAR NOT NULL
);

Middleware

We will create a middleware for securing specific routes according to a user’s roles. An example of how it will be used can be seen here:

const ROLE = {
  ADMIN: 'Admin',
  EDITOR: 'Editor',
  SUPER_EDITOR: 'SUPER_EDITOR'
};
router.get('/identifier-type/create', auth.isAuthenticated, auth.isAuthorized(ROLE.SUPER_EDITOR), (req, res) => {
  // Relevant code here
})

Here isAuthorized will be the middleware which authorizes routes for different roles.

Mockups
There will be an admin page which allows us to search for different types of editors and modify their type(i.e, give or take special privileges).

Next to each user, there will be a button which will open a modal which will then allow the admins to perform a valid action and optionally write reason/note associated with that action.

Admins can also perform these actions from the profile page of a user.

All of these admin actions will go into a public log :

Super_Editors will be able to edit and add relationship_types and identifier types. The option for adding them will be something like this:

They can also edit them from the types page, where all current types will be listed.

TIMELINE

Community Bonding Period:
I will spend this time working on some of the tickets which I am already assigned and some other bug-fixes here and there.

Week 1
The database schema changes and their corresponding models will be written in the first week.

Week 2 and 3:
I would like to finish the routes and frontend logic for administrative actions and admin panel. The corresponding tests will be written alongside.

Week 3 and 4:
I would like to write the middleware which will then give role-specific access to certain pages. The admin-logs page will also be created.

Week 5:
Backend for type-editors .

Week 6:
Frontend for type-editors .

Week 7 and 8:
Tests for type-editors .

Week 9 and 10:
The types page which will list all the types, and the edit functionality will also be done in this period.

STRETCH GOAL
I think I will be able to complete the project comfortably within the time-period. I would like to work on adding more flexible attributes to relationships such as Date/Time.

Other Information

  • Tell us about the computer(s) you have available for working on your SoC project!
    I have a Legion Y530 with an i5 processor and 8 gigs of RAM.

  • When did you first start programming?
    I started programming when I was in class 6th.

  • What type of music do you listen to?
    I mostly listen to alt-rock and rock music. (twenty one pilots - MusicBrainz)

  • What aspects of the project you’re applying for (e.g., MusicBrainz, AcousticBrainz, etc.) interest you the most?
    I’ve been doing some contributions to Bookbrainz since December 2020. I like the community and the discussions focussed on improving the project as a whole.

  • Have you ever used MusicBrainz to tag your files?
    No. I still have to give it a try.

  • Have you contributed to other Open Source projects?
    Yes, I have been contributing to Bookbrainz since December 2020. I have made contributions on all fronts, be it frontend, backend, documentation, some design changes(diagrams), tests, etc.

  • How much time do you have available, and how would you plan to use it?
    I think I will be able to give 20 hours a week. I will be completely free for most part of this project duration. Even when I’m not completely free, I will have enough time to finish everything in a timely manner.

6 Likes

Thank you for your proposal, it looks great :slight_smile: !
Everything is quite clear and the implementation seems straightforward.

I would be interested in seeing a small breakdown or pseudo-code of what the isAuthorized middleware will do.

A small detail of no consequence:
I think triggering a reindex of the search server is probably a task for the admin role

1 Like

Thanks! I will make sure to add some details about the isAuthorized middleware also.

1 Like

Hi @ShivamAwasthi !

I wasn’t sure if you read the logs of the IRC channel so I thought I’d write here instead.

I feel that I really want to go ahead with the project if allowed

Not only allowed, but encouraged ! :slight_smile:

I wanted to say that I love your spirit, that it’s admirable to be committed to the project as you are, and that it would be a pleasure to work with you to achieve this feature, GSoC be damned :slight_smile:
So, big high-five to you !

I hope there will be plenty of learning opportunities throughout the project, those being the best rewards.

I also think that it might not be a good idea to get started on it right away, as you will be busy with the other two projects

First of all, I really appreciate your thoughtfulness :heart:
For the moment it’s fairly quiet, and I envision having a bit more work down the line as the deadlines approach and summertime takes me away from my computer :slight_smile:

So no time constraints as far as I’m concerned; we can work together to add functionality piece by piece (making it easier to test and review) which also helps pace everything evenly.
Of course this is not an imperative, and you should work on your own time and pace, and prioritize school and life :slight_smile:

On my side, I’ll be prioritizing the GSoC projects I’m mentoring, but with yours closely following.
I believe helping you bring about the admin system would be more useful to BookBrainz than pretty much any other project I could be working on in the next few months.

Thank you again for your interest and passion !

4 Likes