fix: inability to access /admin if not superadmin

There was an odd issue where non-superadmins could not use
the /admin route to access the ACP, even though they had
appropriate access. For whatever reason, it could not
be reliably reproduced on my dev. As it turns out, the
reason was because I was checking the wrong privilege,
and my dev database had this wrong privilege leftover
from the initial development of the ACP admin privileges
feature. Dumb.

Anyhow, that fixes this issue.

src/middleware/admin.js

@@ -117,9 +117,17 @@ module.exports = function (middleware) {
 
 		// Otherwise, check for privilege based on page (if not in mapping, deny access)
 		const path = req.path.replace(/^(\/api)?\/admin\/?/g, '');
-		const privilege = privileges.admin.resolve(path);
+		if (path) {
-		if (!privilege || !await privileges.admin.can(privilege, req.uid)) {
+			const privilege = privileges.admin.resolve(path);
-			return controllers.helpers.notAllowed(req, res);
+			if (!privilege || !await privileges.admin.can(privilege, req.uid)) {
+				return controllers.helpers.notAllowed(req, res);
+			}
+		} else {
+			// If accessing /admin, check for any valid admin privs
+			const privilegeSet = await privileges.admin.get(req.uid);
+			if (!Object.values(privilegeSet).some(Boolean)) {
+				return controllers.helpers.notAllowed(req, res);
+			}
 		}
 
 		return next();

src/privileges/admin.js

@@ -94,8 +94,6 @@ module.exports = function (privileges) {
 	privileges.admin.resolve = (path) => {
 		if (privileges.admin.routeMap[path]) {
 			return privileges.admin.routeMap[path];
-		} else if (path === '') {
-			return 'manage:dashboard';
 		}
 
 		let privilege;