Home › Super Admin › Dashboard Overview
Dashboard Overview
Entry screens for the super-admin back office — the authentication gate and the post-login landing/overview page — both dispatched from main/adm.php (default action) via class/adm.class.php (JournalAdmin).
| Page | Status | E2E | Enhanced | Legacy Ref | Route | Roles |
|---|---|---|---|---|---|---|
| Admin Login | Full | Yes | validation | main/adm.php?_action=login | /adm?adm_login=1 | Public |
| Admin Dashboard — Re-entry via Login URL (Active Session) | Pending | — | — | main/adm.php?_action=login | /adm?adm_login=1 | Super Admin (already authenticated — unreachable while logged out) |
| Admin Dashboard | Full | Yes | — | main/adm.php | /adm | Super Admin |
Features
| Feature | Status | E2E | Description |
|---|---|---|---|
| Super admin can sign in with username and password on a dedicated login screen | Full | Yes | Successful login lands the admin on the super-admin dashboard; the credential check is role-gated to super admins only (legacy _role = 10). |
| Login is protected by an anti-bot verification step | Full | Yes | Legacy required typing a 6-char security code; the port verifies humans invisibly with no user interaction. |
| Failed login shows an inline error and keeps the admin on the form | Full | Yes | Distinct error causes (bad credentials, captcha failure, blocked account, concurrent session) surface as distinct localized messages, richer than legacy's single CN_WRONG_LOGIN. |
| Admin may be challenged with a TOTP 2FA step after entering correct credentials | New | — | Optional second factor via temp session id + user id handoff; product need: harden the highest-privilege account in the system. |
| Super admin can log out and end the session | Full | Yes | Logout is reachable from the persistent sidebar instead of a query-string flag on the dispatch script. |
| Unauthenticated access to protected super-admin pages redirects to the login screen | New | — | Replaces the legacy blank-page quirk with a proper redirect-to-login guard on every protected route. |
| Admin lands on a post-login dashboard page | Full | Yes | The landing exists but its content differs deliberately from legacy — see the identity-overview and relocated-panels features. |
| Dashboard shows the signed-in admin's identity: basic info, personal info, and role badges | New | Yes | Designed from scratch as a session/identity overview so the admin can confirm who they are logged in as and with which roles. |
| Admin can navigate to every back-office module via quick links | Full | Yes | Navigation moved from a one-off landing menu (with setting-gated links like newj_add, has_intgr_pub, pm_payment, adm_rev_track) to an always-visible sidebar. |
| Admin can see the hosted-journals list with a green/amber/red publication delay-status indicator per journal | Full | — | Shows latest volume/issue/year/month plus timeliness classification; capability now lives under super-admin/journals rather than the landing page. No e2e spec asserts the ON_TIME/SLIGHTLY_DELAYED/SIGNIFICANTLY_DELAYED status or its colors — main-content.spec.ts only checks the page heading and URL, and quick-view.spec.ts (TC-SA-JR-031) covers an unrelated aggregate delay stat, leaving this per-row indicator uncovered. |
| Admin can search and filter the hosted-journals list by keyword (title/publisher/ISSN), subject, primary locale, and enabled/disabled status | Full | Yes | Legacy showed a red no-records message on empty keyword search; the ported list handles empty results in the Journals module. |
| Admin can export the hosted-journals list to Excel | Pending | — | Legacy ju_excel export (adm.class.php:307-312 exportJuExcel) has no identified apps/web counterpart: journals/page.tsx, JournalsTable.tsx, and JournalTableRow.tsx contain no export/Excel/download implementation, and the ExportProgressProvider/ExportProgressToastRenderer plumbing in the super-admin layout is only wired up for audit-log export, not journals. |
| Admin can open a journal for editing or visit its public site directly from the journals list | Full | Yes | Row-level actions from the legacy dashboard list are now the Journals module's row actions. |
| Admin can impersonate a journal's admin (login-as) via a confirmed one-click link | Basic | — | Capability exists but the entry point moved; whether the journals list itself retains a quick impersonate action needs confirmation in the super-admin/journals scope. |
| Admin can manage per-journal similarity-check quotas (set limit, see used counts, save, and export a quota Excel) | Pending | — | Legacy sc_quota variant of the same dashboard list (adm.class.php:211,301-305,389-398,422-426,468-473: inline quota inputs, MNG_SIMILARITY_USED column, saveScQuota, qu_excel export) has no identified apps/web counterpart. |
| Already-authenticated admin hitting the login URL gets a sensible authenticated experience | Pending | — | Legacy quirk: adm_login=1 with an active session renders a degraded journals-list-only screen (adm.class.php:18-31); apps/web has no middleware or authenticated redirect on (auth)/login, so a logged-in admin just re-sees the login form — neither the quirk nor a redirect-to-dashboard is implemented. |
| Alternate login-form variants for PM and system-contacts entry points (pm/sadmin query flags) | Dropped | — | Not enumerated as pages anywhere in the inventory; treated as abandoned entry-point plumbing rather than a ported capability. |
| Payment management and Email management quick-links from the landing menu | Dropped | — | No functional legacy capability existed at the super-admin level to port; the tenant-admin equivalents are Journal Admin's remit. |
| Admin can change their own password from the back office | Pending | — | Legacy quick-link adm?_action=pass (main/adm.php:207-232, Contact_Manager changePasswordForm/Action); a super-admin profile area exists in apps/web but a change-password counterpart was not confirmed there — verify under the super-admin/profile module. |
Login is included here despite the "after login" scope wording.
No other Super Admin sibling module claims the authentication gate itself, so it is captured as this segment's entry row. It only renders when
main/adm.php is requested with adm_login=1 set (or via an authenticated session/POST login) — a bare unauthenticated request with no query string hits an early exit() and returns a blank page, a legacy quirk worth flagging for parity work. adminLoginForm() also has pm/sadmin query-flag branches that swap the form's POST target file (adm.class.php:36-44) — pm changes only the target (to login); sadmin additionally changes the hidden _action value (adm_login instead of login) and the captcha asset directory (lib instead of inc, lines 73/77) — so the variants are not byte-identical, though they share the same overall template; neither is reachable through normal Super Admin navigation from main/adm.php, so they are not enumerated as separate rows. Note that adm_login=1 only reaches this login-form screen when no admin session exists yet (JournalAdmin::manageActions()'s elseif branch, adm.class.php:23-26); if a Super Admin session is already active, that same request instead falls into the else branch and renders the journals-list-only screen captured separately as the "Admin Dashboard — Re-entry via Login URL" row below.The dashboard row is a composite screen.
The default (empty
_action) response from main/adm.php renders two stacked panels in one page load: a quick-links menu (to System Settings, Reports, and Preprint Assignment — each captured under its own sibling module; the News, Ads, and User/Role management links point to screens with no row anywhere in the current inventory — open gaps for whichever sibling module ends up claiming them; see super-admin/content-management.html's and journal-admin/users.html's notes) and an inline searchable/exportable hosted-journals list with a green/amber/red delay-status indicator (see apps/legacy/spec/superadmin/journal-delay-status.md). Both panels share the exact same route — there is no separate _action for "list journals" alone — so this single row covers the whole landing response; the delay-status/list behavior conceptually belongs to the sibling Journals module's scope but has no distinct legacy route of its own to file separately. Two more menu links are dead ends, not delegated screens: "Payment management" (adm?_action=payment) and "Email management" (adm?_action=emails) both fall through to default: in main/adm.php's dispatch switch (lines 122–407) — there is no case "payment" at all, and no case "emails" (plural; only the singular email exists, and only in the tenant-admin dispatch). Clicking either link simply re-renders this same dashboard. The working implementations (AdmRoleManager::getPMPayments, EmailSetting::manageEmailSettingActions) live only in the tenant-admin dispatch files (mainm/adm.php, mainn/adm.php), which are Journal Admin's remit, not Super Admin's — so no sibling Super Admin module claims these two.