Admin Controls¶
Accessing the Admin Panel¶
- Navigate to
/admin/login - Enter admin email address
- Enter OTP received by email
- Admin session established (23-hour lifetime)
Admin access is controlled by user.is_admin = True in the database. Set via SQL or via another admin user.
AdminControlFlags (Global Toggles)¶
These flags affect all users platform-wide. Modified via admin dashboard → Feature Flags section:
| Flag | Effect when True |
|---|---|
auto_approve_collaboration_requests |
Collaboration requests auto-matched without manual admin review |
enable_razorpay_payment |
Razorpay payment UI visible to users |
enable_choosing_plan_options |
Users can self-select subscription plans |
enable_wasabi_cloudflare_setup |
Wasabi URLs served via Cloudflare CDN |
enable_dark_theme |
Dark theme applied across all platform pages |
Only one row exists in the admin_control_flags table. All flags are columns on that single row.
User Management Operations¶
| Operation | How |
|---|---|
| View all users | Admin dashboard → Users list |
| Delete a user | User list → Delete (cascades to related records) |
| Toggle admin status | User detail → Toggle Admin |
| Update plan | User detail → Change Plan |
| Set storage limit | User detail → Storage Limit (GB) |
| Enable guest upload | User detail → Enable Guest Upload |
| Enable encryption | User detail → Enable Encryption (generates key if none) |
| Rotate encryption key | User detail → Rotate Key |
Encryption Dashboard¶
Admin Panel → Encryption Management:
- Check master key status — confirms
MASTER_KEYenv var is set - View all users with encryption — lists users with
encrypt_data_b=True - View key versions — shows current active key version per user
- Rotate a user's key — generates new key, retains old for decryption
- Generate new master key — emergency use only (requires re-wrapping all user keys)
Do not rotate master key unless absolutely necessary
Master key rotation requires re-encrypting every user's key. Old encrypted files remain readable only if the old per-user key is retained. Coordinate this operation carefully.
Lab Portal Management¶
Admin Panel → Lab Portal:
- Grant access — enter user email → generates
lab_idandlab_pin→ async email sent to lab - Revoke access — sets
enable_lab_portal=False— lab can no longer log in - View all labs — lists all active lab portal accounts
Safe Admin Panel Usage¶
- Always verify the user email before making changes
- Encryption operations are irreversible (key rotation, master key generation)
- User deletion cascades — S3 files are NOT auto-deleted (manual S3 cleanup needed)
- Use the local DB mirror for read-only queries (user list, search) — it’s faster
- Write operations always go to PostgreSQL — don’t query local SQLite for authoritative data
TL;DR¶
Access: OTP-based admin login at /admin/login. Controls: Feature flags, user management, encryption keys, lab access, subscription plans. Safety: Encryption ops are irreversible. User deletion does not delete S3 files. Feature flags affect all users instantly.