TigerAppsOrg · rohanmatta11 · Feb 24, 2026 · Feb 17, 2026 · Feb 23, 2026
diff --git a/tigerpath/templates/tigerpath/admin/admin_dashboard.html b/tigerpath/templates/tigerpath/admin/admin_dashboard.html
@@ -0,0 +1,41 @@
+<h1>TigerPath Admin Dashboard</h1>
+
+{% if messages %}
+  <ul style="color: red; font-weight: bold;">
+    {% for message in messages %}
+      <li>{{ message }}</li>
+    {% endfor %}
+  </ul>
+{% endif %}
+
+<hr>
+
+<h3>Add New Admin</h3>
+<form method="POST">
+    {% csrf_token %}
+    <input type="hidden" name="action" value="add">
+    <label for="add_netid">Student NetID:</label>
+    <input type="text" id="add_netid" name="netid" required>
+    <button type="submit">Make Admin</button>
+</form>
+
+{% if request.user.is_superuser %}
+<hr>
+<h3>Remove Admin (Owner Only)</h3>
+<form method="POST">
+    {% csrf_token %}
+    <input type="hidden" name="action" value="remove">
+    <label for="remove_netid">Student NetID:</label>
+    <input type="text" id="remove_netid" name="netid" required>
+    <button type="submit" style="color: red;">Remove Admin</button>
+</form>
+<hr>
+<h3>Add Owner (Owner Only)</h3>
+<form method="POST">
+    {% csrf_token %}
+    <input type="hidden" name="action" value="add_owner">
+    <label for="add_netid_superuser">Student NetID:</label>
+    <input type="text" id="add_netid_superuser" name="netid" required>
+    <button type="submit" style="color: black;">Add Owner</button>
+</form>
+{% endif %}
diff --git a/tigerpath/urls.py b/tigerpath/urls.py
@@ -30,4 +30,5 @@
         views.update_schedule_and_get_requirements,
         name="update_schedule_and_get_requirements",
     ),
+    path('admin/admin-dashboard/', views.admin_dashboard, name='admin_dashboard'),
 ]
diff --git a/tigerpath/views.py b/tigerpath/views.py
@@ -12,6 +12,9 @@
 from django.http import Http404, JsonResponse
 from django.shortcuts import redirect, render
 from django.views.decorators.csrf import csrf_exempt
+from django.contrib.admin.views.decorators import staff_member_required
+from django.contrib.auth.models import User
+from functools import wraps
 
 from . import forms, models, utils
 from .majors_and_certificates.scripts.university_info import LANG_DEPTS
@@ -429,3 +432,66 @@ def get_profile(request):
     profile = {}
     profile["classYear"] = curr_user.year
     return JsonResponse(profile)
+
+def admin_required(view_func):
+    """Custom decorator to bounce non-admins to the home page with an error."""
+    @wraps(view_func)
+    def _wrapped_view(request, *args, **kwargs):
+        # Not logged in, so send to login page
+        if not request.user.is_authenticated:
+            return redirect('login')
+
+        # Not an admin, so send to home page
+        if not request.user.is_staff:
+            messages.error(request, "Access Denied: You must be an Admin to view the admin dashboard.")
+            return redirect('index')
+
+        # Admin, so go to admin page
+        return view_func(request, *args, **kwargs)
+    return _wrapped_view
+
+@admin_required
+def admin_dashboard(request):
+    if request.method == 'POST':
+        action = request.POST.get('action')
+        netid = request.POST.get('netid')
+
+        try:
+            target_user = User.objects.get(username=netid)
+
+            if action == 'add':
+                if target_user.is_staff:
+                    messages.error(request, f"{netid} is already an admin.")
+                else:
+                    target_user.is_staff = True
+                    target_user.save()
+                    messages.success(request, f"Successfully made {netid} an admin.")
+
+            elif action == 'remove':
+                # Only superusers (Owners) can remove admins
+                if not request.user.is_superuser:
+                    messages.error(request, "Action Denied: You must be an Owner to remove admins.")
+                elif target_user.is_superuser:
+                    messages.error(request, "You cannot remove an owner's admin status!")
+                else:
+                    target_user.is_staff = False
+                    target_user.save()
+                    messages.success(request, f"Successfully removed admin rights from {netid}.")
+
+            elif action == 'add_owner':
+                if not request.user.is_superuser:
+                    messages.error(request, "Action Denied: You must be an Owner to add owners.")
+                elif target_user.is_superuser:
+                   messages.error(request, f"{netid} is already an owner.")
+                else: 
+                    target_user.is_staff = True
+                    target_user.is_superuser = True
+                    target_user.save()
+                    messages.success(request, f"Successfully made {netid} an owner.")
+
+        except User.DoesNotExist:
+            messages.error(request, f"User with NetID {netid} not found.")
+
+        return redirect('admin_dashboard')
+
+    return render(request, 'tigerpath/admin/admin_dashboard.html')