brooktrails/pr-reviewer
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: admin-only "All reviews" page #50

Merged
rcsheets merged 1 commit from feat/admin-all-reviews into main 2026-05-01 10:19:49 +00:00
Conversation 1 Commits 1 Files changed 7 +112 -7
rcsheets commented 2026-05-01 10:16:52 +00:00
Owner
Copy link

Adds /admin/reviews — every recent primary review across the system,
not filtered to the viewing user's authored/reviewer involvement —
plus a header nav link visible only to dashboard admins.

The store gets an AllReviews(ctx, limit) method paralleling
ReviewsVisibleToUser but without the email filter. The handler
projects the same reviewRow shape, populating the new Author column.
A sibling template (admin_reviews_list.html) renders the table with
that extra column; the personal view stays the same.

Route is registered under the existing RequireAdmin group, so
non-admins hit "forbidden: admins only" if they manually navigate.

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

Adds /admin/reviews — every recent primary review across the system, not filtered to the viewing user's authored/reviewer involvement — plus a header nav link visible only to dashboard admins. The store gets an AllReviews(ctx, limit) method paralleling ReviewsVisibleToUser but without the email filter. The handler projects the same reviewRow shape, populating the new Author column. A sibling template (admin_reviews_list.html) renders the table with that extra column; the personal view stays the same. Route is registered under the existing RequireAdmin group, so non-admins hit "forbidden: admins only" if they manually navigate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
feat: admin-only "All reviews" page
All checks were successful
ci / check (pull_request) Successful in 43s
Details
c0ae893d62 
Adds /admin/reviews — every recent primary review across the system,
not filtered to the viewing user's authored/reviewer involvement —
plus a header nav link visible only to dashboard admins.

The store gets an AllReviews(ctx, limit) method paralleling
ReviewsVisibleToUser but without the email filter. The handler
projects the same reviewRow shape, populating the new Author column.
A sibling template (admin_reviews_list.html) renders the table with
that extra column; the personal view stays the same.

Route is registered under the existing RequireAdmin group, so
non-admins hit "forbidden: admins only" if they manually navigate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
pr-reviewer-bot commented 2026-05-01 10:16:54 +00:00
Collaborator
Copy link

Automated review by pr-reviewer v0.20.1 | Full Review | Claude Sonnet 4 | tracking id r-f47d96-47d3bc
This is an AI-generated review and may contain mistakes.

Status: Completed

Verdict: Approve — Well-structured admin feature that follows established patterns with proper access control.
Complexity: moderate

Code Review: feat: admin-only "All reviews" page

Summary

This PR adds a new admin-only /admin/reviews page that displays all recent reviews across the system, extending the existing dashboard with admin visibility into cross-team activity. The implementation follows the established patterns in the codebase well.

Strengths

Consistent Architecture

  • New AllReviews() method in tracker/dashboard.go mirrors the existing ReviewsVisibleToUser() pattern
  • Reuses the reviewRow struct with a new Author field for the admin view
  • Follows the same request flow: handler → store → template

Proper Security

  • Route is correctly placed under the RequireAdmin middleware group
  • Non-admin access returns "forbidden: admins only" as expected
  • Access control is consistent with existing admin routes like /admin/configs

Clean UI Integration

  • New navigation link only shows for admins ({{if .IsAdmin}})
  • Template structure mirrors reviews_list.html with the addition of the Author column
  • Maintains consistent styling and user experience

Good Code Organization

  • Handler placement in admin_handlers.go is logical
  • Template loading follows the established pattern in loadTemplates()
  • Error handling matches the rest of the codebase

📝 Minor Observations

Template Redundancy
The new admin_reviews_list.html template is nearly identical to reviews_list.html except for the Author column. While this follows the current pattern, future refactoring could consider a shared template with conditional columns.

Documentation
The code includes good inline documentation explaining the purpose and access restrictions of the new functionality.

🔍 Technical Details

Database Query

  • The AllReviews() query is simple and efficient, filtering only is_primary = true
  • Proper limit handling with default fallback to 100
  • Follows the same ordering pattern (timestamp DESC)

Data Flow

  • Proper error handling throughout the request pipeline
  • Consistent data projection from ReviewEvent to reviewRow
  • Author email is populated from e.AuthorEmail for admin visibility

Conclusion

This is a well-implemented feature that adds valuable admin functionality while maintaining code quality and consistency. The implementation is straightforward, follows established patterns, and includes proper access controls. No blocking issues identified.

📚 Context used in this review

Project guidance files:

  • CLAUDE.md

Repository fragments:

  • internal/dashboard/templates/reviews_list.html (entire file)
  • internal/dashboard/middleware.go (internal/dashboard/middleware.go:83-96) — extracted in answer to: "the RequireAdmin middleware implementation that gates the new admin route"
*Automated review by [pr-reviewer](https://git.brooktrails.org/brooktrails/pr-reviewer) v0.20.1 | Full Review | Claude Sonnet 4 | tracking id `r-f47d96-47d3bc`* *This is an AI-generated review and may contain mistakes.* **Status:** ✅ Completed --- **✅ Verdict: Approve** — Well-structured admin feature that follows established patterns with proper access control. **Complexity:** moderate # Code Review: feat: admin-only "All reviews" page ## Summary This PR adds a new admin-only `/admin/reviews` page that displays all recent reviews across the system, extending the existing dashboard with admin visibility into cross-team activity. The implementation follows the established patterns in the codebase well. ## ✅ Strengths **Consistent Architecture** - New `AllReviews()` method in `tracker/dashboard.go` mirrors the existing `ReviewsVisibleToUser()` pattern - Reuses the `reviewRow` struct with a new `Author` field for the admin view - Follows the same request flow: handler → store → template **Proper Security** - Route is correctly placed under the `RequireAdmin` middleware group - Non-admin access returns "forbidden: admins only" as expected - Access control is consistent with existing admin routes like `/admin/configs` **Clean UI Integration** - New navigation link only shows for admins (`{{if .IsAdmin}}`) - Template structure mirrors `reviews_list.html` with the addition of the Author column - Maintains consistent styling and user experience **Good Code Organization** - Handler placement in `admin_handlers.go` is logical - Template loading follows the established pattern in `loadTemplates()` - Error handling matches the rest of the codebase ## 📝 Minor Observations **Template Redundancy** The new `admin_reviews_list.html` template is nearly identical to `reviews_list.html` except for the Author column. While this follows the current pattern, future refactoring could consider a shared template with conditional columns. **Documentation** The code includes good inline documentation explaining the purpose and access restrictions of the new functionality. ## 🔍 Technical Details **Database Query** - The `AllReviews()` query is simple and efficient, filtering only `is_primary = true` - Proper limit handling with default fallback to 100 - Follows the same ordering pattern (`timestamp DESC`) **Data Flow** - Proper error handling throughout the request pipeline - Consistent data projection from `ReviewEvent` to `reviewRow` - Author email is populated from `e.AuthorEmail` for admin visibility ## Conclusion This is a well-implemented feature that adds valuable admin functionality while maintaining code quality and consistency. The implementation is straightforward, follows established patterns, and includes proper access controls. No blocking issues identified. <details> <summary>📚 Context used in this review</summary> **Project guidance files:** - `CLAUDE.md` **Repository fragments:** - `internal/dashboard/templates/reviews_list.html` (entire file) - `internal/dashboard/middleware.go` (internal/dashboard/middleware.go:83-96) — extracted in answer to: "the RequireAdmin middleware implementation that gates the new admin route" </details>
rcsheets deleted branch feat/admin-all-reviews 2026-05-01 10:19:50 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
pr-reviewer-bot
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
brooktrails/pr-reviewer!50
No description provided.