Require admin password for destructive admin actions
This commit is contained in:
1
SPEC.md
1
SPEC.md
@@ -11,6 +11,7 @@ Help a small Discord group (4–8 players) pick a co-op game via phased flow:
|
||||
- Username/password login (cookie auth)
|
||||
- Admins flagged via admin key at registration
|
||||
- Logout returns to the login form and clears all auth form fields
|
||||
- Destructive admin actions (player delete, reset, factory reset) require admin password confirmation
|
||||
- Per-user phase tracking; admins can move themselves backward, everyone can move forward (subject to admin “results open” toggle and Suggest→Vote requiring at least one own suggestion)
|
||||
|
||||
## Suggest Phase
|
||||
|
||||
Reference in New Issue
Block a user