@commonpub/layer 0.15.7 → 0.15.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@commonpub/layer",
|
|
3
|
-
"version": "0.15.
|
|
3
|
+
"version": "0.15.8",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./nuxt.config.ts",
|
|
6
6
|
"files": [
|
|
@@ -53,12 +53,12 @@
|
|
|
53
53
|
"vue": "^3.4.0",
|
|
54
54
|
"vue-router": "^4.3.0",
|
|
55
55
|
"zod": "^4.3.6",
|
|
56
|
-
"@commonpub/auth": "0.5.1",
|
|
57
56
|
"@commonpub/config": "0.10.0",
|
|
58
|
-
"@commonpub/
|
|
57
|
+
"@commonpub/auth": "0.5.1",
|
|
59
58
|
"@commonpub/editor": "0.7.9",
|
|
60
59
|
"@commonpub/learning": "0.5.0",
|
|
61
60
|
"@commonpub/protocol": "0.9.9",
|
|
61
|
+
"@commonpub/docs": "0.6.2",
|
|
62
62
|
"@commonpub/ui": "0.8.5"
|
|
63
63
|
},
|
|
64
64
|
"devDependencies": {
|
|
@@ -2,6 +2,11 @@ import { listContent } from '@commonpub/server';
|
|
|
2
2
|
import type { PaginatedResponse, ContentListItem } from '@commonpub/server';
|
|
3
3
|
import { contentFiltersSchema } from '@commonpub/schema';
|
|
4
4
|
|
|
5
|
+
// Statuses a non-owner may request. Any other value (draft, scheduled, deleted,
|
|
6
|
+
// etc.) is coerced to 'published' — the old behavior passed the filter through
|
|
7
|
+
// verbatim, so /api/content?status=draft leaked every user's drafts.
|
|
8
|
+
const PUBLIC_STATUSES = new Set(['published', 'archived']);
|
|
9
|
+
|
|
5
10
|
export default defineEventHandler(async (event): Promise<PaginatedResponse<ContentListItem>> => {
|
|
6
11
|
const db = useDB();
|
|
7
12
|
const user = getOptionalUser(event);
|
|
@@ -11,9 +16,13 @@ export default defineEventHandler(async (event): Promise<PaginatedResponse<Conte
|
|
|
11
16
|
|
|
12
17
|
const config = useConfig();
|
|
13
18
|
|
|
19
|
+
const resolvedStatus = isOwnContent
|
|
20
|
+
? filters.status
|
|
21
|
+
: (filters.status && PUBLIC_STATUSES.has(filters.status) ? filters.status : 'published');
|
|
22
|
+
|
|
14
23
|
return listContent(db, {
|
|
15
24
|
...filters,
|
|
16
|
-
status:
|
|
25
|
+
status: resolvedStatus,
|
|
17
26
|
// Only show public content unless viewing own content
|
|
18
27
|
visibility: isOwnContent ? filters.visibility : 'public',
|
|
19
28
|
}, {
|
|
@@ -2,6 +2,10 @@ import { listPaths } from '@commonpub/server';
|
|
|
2
2
|
import type { PaginatedResponse, LearningPathListItem } from '@commonpub/server';
|
|
3
3
|
import { learningPathFiltersSchema } from '@commonpub/schema';
|
|
4
4
|
|
|
5
|
+
// Statuses a non-owner may request. The old behavior passed filters.status
|
|
6
|
+
// through verbatim, so /api/learn?status=draft leaked every author's drafts.
|
|
7
|
+
const PUBLIC_STATUSES = new Set(['published', 'archived']);
|
|
8
|
+
|
|
5
9
|
export default defineEventHandler(async (event): Promise<PaginatedResponse<LearningPathListItem>> => {
|
|
6
10
|
const db = useDB();
|
|
7
11
|
const user = getOptionalUser(event);
|
|
@@ -10,8 +14,12 @@ export default defineEventHandler(async (event): Promise<PaginatedResponse<Learn
|
|
|
10
14
|
// Allow author to see their own drafts (same pattern as content API)
|
|
11
15
|
const isOwnContent = filters.authorId && user?.id === filters.authorId;
|
|
12
16
|
|
|
17
|
+
const resolvedStatus = isOwnContent
|
|
18
|
+
? filters.status
|
|
19
|
+
: (filters.status && PUBLIC_STATUSES.has(filters.status) ? filters.status : 'published');
|
|
20
|
+
|
|
13
21
|
return listPaths(db, {
|
|
14
22
|
...filters,
|
|
15
|
-
status:
|
|
23
|
+
status: resolvedStatus,
|
|
16
24
|
});
|
|
17
25
|
});
|