@commonpub/layer 0.28.1 → 0.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/components/ContentCard.vue +13 -3
- package/components/CpubMarkdown.vue +46 -0
- package/components/NotificationItem.vue +45 -14
- package/components/contest/ContestEntries.vue +6 -3
- package/components/contest/ContestHero.vue +23 -2
- package/components/contest/ContestPrizes.vue +2 -2
- package/components/contest/ContestRules.vue +9 -9
- package/components/contest/ContestStakeholderManager.vue +126 -0
- package/composables/useFeatures.ts +8 -0
- package/nuxt.config.ts +1 -0
- package/package.json +8 -8
- package/pages/contests/[slug]/edit.vue +119 -15
- package/pages/contests/[slug]/index.vue +61 -1
- package/pages/contests/[slug]/results.vue +20 -5
- package/pages/contests/create.vue +60 -13
- package/pages/events/[slug]/index.vue +1 -1
- package/pages/notifications.vue +9 -0
- package/server/api/admin/api-keys/[id]/usage.get.ts +1 -1
- package/server/api/admin/api-keys/[id].delete.ts +1 -1
- package/server/api/admin/api-keys/index.get.ts +1 -1
- package/server/api/admin/api-keys/index.post.ts +1 -1
- package/server/api/admin/audit.get.ts +1 -1
- package/server/api/admin/categories/[id].delete.ts +1 -1
- package/server/api/admin/categories/[id].patch.ts +1 -1
- package/server/api/admin/categories/index.get.ts +1 -1
- package/server/api/admin/categories/index.post.ts +1 -1
- package/server/api/admin/content/[id].delete.ts +1 -1
- package/server/api/admin/content/[id].patch.ts +1 -1
- package/server/api/admin/content/bulk-editorial.post.ts +1 -1
- package/server/api/admin/features/index.get.ts +1 -1
- package/server/api/admin/features/index.put.ts +1 -1
- package/server/api/admin/federation/activity.get.ts +1 -1
- package/server/api/admin/federation/clients.get.ts +1 -1
- package/server/api/admin/federation/clients.post.ts +1 -1
- package/server/api/admin/federation/hub-mirrors/[id]/backfill.post.ts +1 -1
- package/server/api/admin/federation/hub-mirrors/index.get.ts +1 -1
- package/server/api/admin/federation/hub-mirrors/index.post.ts +1 -1
- package/server/api/admin/federation/mirrors/[id]/backfill.post.ts +1 -1
- package/server/api/admin/federation/mirrors/[id].delete.ts +1 -1
- package/server/api/admin/federation/mirrors/[id].get.ts +1 -1
- package/server/api/admin/federation/mirrors/[id].put.ts +1 -1
- package/server/api/admin/federation/mirrors/index.get.ts +1 -1
- package/server/api/admin/federation/mirrors/index.post.ts +1 -1
- package/server/api/admin/federation/pending.get.ts +1 -1
- package/server/api/admin/federation/refederate.post.ts +1 -1
- package/server/api/admin/federation/repair-types.post.ts +1 -1
- package/server/api/admin/federation/retry.post.ts +1 -1
- package/server/api/admin/federation/stats.get.ts +1 -1
- package/server/api/admin/federation/trusted-instances.delete.ts +1 -1
- package/server/api/admin/federation/trusted-instances.get.ts +1 -1
- package/server/api/admin/federation/trusted-instances.post.ts +1 -1
- package/server/api/admin/homepage/sections.get.ts +1 -1
- package/server/api/admin/homepage/sections.put.ts +1 -1
- package/server/api/admin/layouts/[id]/publish.post.ts +1 -1
- package/server/api/admin/layouts/[id]/versions/[versionId]/revert.post.ts +1 -1
- package/server/api/admin/layouts/[id]/versions/index.get.ts +1 -1
- package/server/api/admin/layouts/[id].delete.ts +1 -1
- package/server/api/admin/layouts/[id].get.ts +1 -1
- package/server/api/admin/layouts/[id].put.ts +1 -1
- package/server/api/admin/layouts/index.get.ts +1 -1
- package/server/api/admin/layouts/index.post.ts +1 -1
- package/server/api/admin/layouts/migrate-homepage.post.ts +1 -1
- package/server/api/admin/layouts/seed-homepage.post.ts +1 -1
- package/server/api/admin/navigation/items.get.ts +1 -1
- package/server/api/admin/navigation/items.put.ts +1 -1
- package/server/api/admin/reports/[id]/resolve.post.ts +1 -1
- package/server/api/admin/reports.get.ts +1 -1
- package/server/api/admin/search/reindex.post.ts +1 -1
- package/server/api/admin/settings.get.ts +1 -1
- package/server/api/admin/settings.put.ts +1 -1
- package/server/api/admin/stats.get.ts +1 -1
- package/server/api/admin/storage/backfill-cdn-urls.post.ts +1 -1
- package/server/api/admin/themes/[id].delete.ts +1 -1
- package/server/api/admin/themes/[id].get.ts +1 -1
- package/server/api/admin/themes/[id].put.ts +1 -1
- package/server/api/admin/themes/discover.get.ts +1 -1
- package/server/api/admin/themes/index.get.ts +1 -1
- package/server/api/admin/themes/index.post.ts +1 -1
- package/server/api/admin/users/[id]/role.put.ts +1 -1
- package/server/api/admin/users/[id]/status.put.ts +1 -1
- package/server/api/admin/users/[id].delete.ts +1 -1
- package/server/api/admin/users.get.ts +1 -1
- package/server/api/contests/[slug]/entries.get.ts +8 -2
- package/server/api/contests/[slug]/entries.post.ts +5 -1
- package/server/api/contests/[slug]/index.delete.ts +4 -1
- package/server/api/contests/[slug]/index.get.ts +7 -1
- package/server/api/contests/[slug]/judges/[userId].delete.ts +1 -1
- package/server/api/contests/[slug]/judges/index.get.ts +4 -1
- package/server/api/contests/[slug]/judges/index.post.ts +1 -1
- package/server/api/contests/[slug]/stakeholders/[userId].delete.ts +24 -0
- package/server/api/contests/[slug]/stakeholders/index.get.ts +21 -0
- package/server/api/contests/[slug]/stakeholders/index.post.ts +33 -0
- package/server/api/contests/[slug]/votes.get.ts +4 -1
- package/server/api/contests/index.get.ts +4 -1
- package/server/api/docs/migrate-content.post.ts +1 -1
- package/server/api/events/[slug].delete.ts +1 -1
- package/server/api/events/[slug].put.ts +1 -1
- package/server/api/layouts/by-route.get.ts +1 -1
- package/server/api/products/[id].delete.ts +1 -1
- package/server/api/videos/categories/[id].delete.ts +1 -1
- package/server/api/videos/categories/[id].put.ts +1 -1
- package/server/api/videos/categories.post.ts +1 -1
- package/server/middleware/auth.ts +22 -0
- package/server/utils/auth.ts +12 -5
- package/server/utils/permissions.ts +97 -0
- package/server/utils/requirePermission.ts +102 -0
|
@@ -9,7 +9,7 @@ const auditQuerySchema = z.object({
|
|
|
9
9
|
|
|
10
10
|
export default defineEventHandler(async (event): Promise<PaginatedResponse<AuditLogItem>> => {
|
|
11
11
|
requireFeature('admin');
|
|
12
|
-
|
|
12
|
+
requirePermission(event, 'audit.read');
|
|
13
13
|
const db = useDB();
|
|
14
14
|
const filters = parseQueryParams(event, auditQuerySchema);
|
|
15
15
|
|
|
@@ -5,7 +5,7 @@ import { deleteContentCategory } from '@commonpub/server';
|
|
|
5
5
|
* Delete a content category (admin only). System categories cannot be deleted.
|
|
6
6
|
*/
|
|
7
7
|
export default defineEventHandler(async (event) => {
|
|
8
|
-
|
|
8
|
+
requirePermission(event, 'categories.manage');
|
|
9
9
|
const db = useDB();
|
|
10
10
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
11
11
|
|
|
@@ -6,7 +6,7 @@ import { updateContentCategorySchema } from '@commonpub/schema';
|
|
|
6
6
|
* Update a content category (admin only).
|
|
7
7
|
*/
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
|
-
|
|
9
|
+
requirePermission(event, 'categories.manage');
|
|
10
10
|
const db = useDB();
|
|
11
11
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
12
12
|
const body = await parseBody(event, updateContentCategorySchema);
|
|
@@ -5,7 +5,7 @@ import { listContentCategories } from '@commonpub/server';
|
|
|
5
5
|
* List all content categories (admin).
|
|
6
6
|
*/
|
|
7
7
|
export default defineEventHandler(async (event) => {
|
|
8
|
-
|
|
8
|
+
requirePermission(event, 'categories.manage');
|
|
9
9
|
const db = useDB();
|
|
10
10
|
return listContentCategories(db);
|
|
11
11
|
});
|
|
@@ -6,7 +6,7 @@ import { createContentCategorySchema } from '@commonpub/schema';
|
|
|
6
6
|
* Create a new content category (admin only).
|
|
7
7
|
*/
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
|
-
|
|
9
|
+
requirePermission(event, 'categories.manage');
|
|
10
10
|
const db = useDB();
|
|
11
11
|
const body = await parseBody(event, createContentCategorySchema);
|
|
12
12
|
return createContentCategory(db, body);
|
|
@@ -2,7 +2,7 @@ import { removeContent, removeFederatedContent } from '@commonpub/server';
|
|
|
2
2
|
|
|
3
3
|
export default defineEventHandler(async (event): Promise<void> => {
|
|
4
4
|
requireFeature('admin');
|
|
5
|
-
const admin =
|
|
5
|
+
const admin = requirePermission(event, 'content.moderate');
|
|
6
6
|
const db = useDB();
|
|
7
7
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
8
8
|
|
|
@@ -7,7 +7,7 @@ import { z } from 'zod';
|
|
|
7
7
|
* Update admin-managed content fields (featured, editorial, category).
|
|
8
8
|
*/
|
|
9
9
|
export default defineEventHandler(async (event) => {
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'content.editorial');
|
|
11
11
|
|
|
12
12
|
const { id: contentId } = parseParams(event, { id: 'uuid' });
|
|
13
13
|
const body = await parseBody(event, z.object({
|
|
@@ -7,7 +7,7 @@ import { z } from 'zod';
|
|
|
7
7
|
* Bulk update editorial status on multiple content items (admin only).
|
|
8
8
|
*/
|
|
9
9
|
export default defineEventHandler(async (event) => {
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'content.editorial');
|
|
11
11
|
|
|
12
12
|
const body = await parseBody(event, z.object({
|
|
13
13
|
ids: z.array(z.string().uuid()).min(1).max(100),
|
|
@@ -6,7 +6,7 @@ import type { FeatureFlags } from '@commonpub/config';
|
|
|
6
6
|
* Returns current feature flags with metadata about defaults vs overrides.
|
|
7
7
|
*/
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
|
-
|
|
9
|
+
requirePermission(event, 'settings.manage');
|
|
10
10
|
|
|
11
11
|
const db = useDB();
|
|
12
12
|
const config = useConfig();
|
|
@@ -15,7 +15,7 @@ const updateFeaturesSchema = z.object({
|
|
|
15
15
|
* To remove an override, omit the key from overrides.
|
|
16
16
|
*/
|
|
17
17
|
export default defineEventHandler(async (event) => {
|
|
18
|
-
const user =
|
|
18
|
+
const user = requirePermission(event, 'settings.manage');
|
|
19
19
|
|
|
20
20
|
const body = await parseBody(event, updateFeaturesSchema);
|
|
21
21
|
const db = useDB();
|
|
@@ -5,7 +5,7 @@ const VALID_STATUSES = ['pending', 'delivered', 'failed', 'processed'] as const;
|
|
|
5
5
|
|
|
6
6
|
export default defineEventHandler(async (event) => {
|
|
7
7
|
requireFeature('admin');
|
|
8
|
-
|
|
8
|
+
requirePermission(event, 'federation.manage');
|
|
9
9
|
const db = useDB();
|
|
10
10
|
|
|
11
11
|
const query = getQuery(event);
|
|
@@ -2,7 +2,7 @@ import { listOAuthClients } from '@commonpub/server';
|
|
|
2
2
|
|
|
3
3
|
export default defineEventHandler(async (event) => {
|
|
4
4
|
requireFeature('federation');
|
|
5
|
-
|
|
5
|
+
requirePermission(event, 'federation.manage');
|
|
6
6
|
const db = useDB();
|
|
7
7
|
|
|
8
8
|
return listOAuthClients(db);
|
|
@@ -8,7 +8,7 @@ const registerSchema = z.object({
|
|
|
8
8
|
|
|
9
9
|
export default defineEventHandler(async (event) => {
|
|
10
10
|
requireFeature('federation');
|
|
11
|
-
|
|
11
|
+
requirePermission(event, 'federation.manage');
|
|
12
12
|
const db = useDB();
|
|
13
13
|
const { instanceDomain, redirectUris } = await parseBody(event, registerSchema);
|
|
14
14
|
|
|
@@ -3,7 +3,7 @@ import { backfillHubFromOutbox, fetchRemoteHubFollowers, repairFederatedHubPostA
|
|
|
3
3
|
export default defineEventHandler(async (event) => {
|
|
4
4
|
requireFeature('federation');
|
|
5
5
|
requireFeature('federateHubs');
|
|
6
|
-
|
|
6
|
+
requirePermission(event, 'federation.manage');
|
|
7
7
|
|
|
8
8
|
const db = useDB();
|
|
9
9
|
const config = useConfig();
|
|
@@ -3,7 +3,7 @@ import { listFederatedHubs } from '@commonpub/server';
|
|
|
3
3
|
export default defineEventHandler(async (event) => {
|
|
4
4
|
requireFeature('federation');
|
|
5
5
|
requireFeature('federateHubs');
|
|
6
|
-
|
|
6
|
+
requirePermission(event, 'federation.manage');
|
|
7
7
|
|
|
8
8
|
const db = useDB();
|
|
9
9
|
return listFederatedHubs(db);
|
|
@@ -8,7 +8,7 @@ const bodySchema = z.object({
|
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
9
|
requireFeature('federation');
|
|
10
10
|
requireFeature('federateHubs');
|
|
11
|
-
|
|
11
|
+
requirePermission(event, 'federation.manage');
|
|
12
12
|
|
|
13
13
|
const db = useDB();
|
|
14
14
|
const config = useConfig();
|
|
@@ -11,7 +11,7 @@ function extractDomain(url: string): string {
|
|
|
11
11
|
* Admin only.
|
|
12
12
|
*/
|
|
13
13
|
export default defineEventHandler(async (event) => {
|
|
14
|
-
|
|
14
|
+
requirePermission(event, 'federation.manage');
|
|
15
15
|
|
|
16
16
|
const config = useConfig();
|
|
17
17
|
if (!config.features.federation) {
|
|
@@ -2,7 +2,7 @@ import { cancelMirror } from '@commonpub/server';
|
|
|
2
2
|
|
|
3
3
|
export default defineEventHandler(async (event) => {
|
|
4
4
|
requireFeature('federation');
|
|
5
|
-
|
|
5
|
+
requirePermission(event, 'federation.manage');
|
|
6
6
|
const db = useDB();
|
|
7
7
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
8
8
|
|
|
@@ -2,7 +2,7 @@ import { getMirror } from '@commonpub/server';
|
|
|
2
2
|
|
|
3
3
|
export default defineEventHandler(async (event) => {
|
|
4
4
|
requireFeature('federation');
|
|
5
|
-
|
|
5
|
+
requirePermission(event, 'federation.manage');
|
|
6
6
|
const db = useDB();
|
|
7
7
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
8
8
|
|
|
@@ -7,7 +7,7 @@ const updateMirrorSchema = z.object({
|
|
|
7
7
|
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
9
|
requireFeature('federation');
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'federation.manage');
|
|
11
11
|
const db = useDB();
|
|
12
12
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
13
13
|
const { action } = await parseBody(event, updateMirrorSchema);
|
|
@@ -11,7 +11,7 @@ const createMirrorSchema = z.object({
|
|
|
11
11
|
|
|
12
12
|
export default defineEventHandler(async (event) => {
|
|
13
13
|
requireFeature('federation');
|
|
14
|
-
|
|
14
|
+
requirePermission(event, 'federation.manage');
|
|
15
15
|
const db = useDB();
|
|
16
16
|
const input = await parseBody(event, createMirrorSchema);
|
|
17
17
|
|
|
@@ -18,7 +18,7 @@ export default defineEventHandler(async (event) => {
|
|
|
18
18
|
if (cliSecret && cliSecret === runtimeConfig.authSecret) {
|
|
19
19
|
// Authorized via shared secret
|
|
20
20
|
} else {
|
|
21
|
-
|
|
21
|
+
requirePermission(event, 'federation.manage');
|
|
22
22
|
}
|
|
23
23
|
|
|
24
24
|
const config = useConfig();
|
|
@@ -7,7 +7,7 @@ import { repairFederatedContentTypes } from '@commonpub/server';
|
|
|
7
7
|
*/
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
9
|
requireFeature('admin');
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'federation.manage');
|
|
11
11
|
const db = useDB();
|
|
12
12
|
|
|
13
13
|
return repairFederatedContentTypes(db);
|
|
@@ -12,7 +12,7 @@ const retrySchema = z.object({
|
|
|
12
12
|
* Optionally filter by activity ID.
|
|
13
13
|
*/
|
|
14
14
|
export default defineEventHandler(async (event) => {
|
|
15
|
-
|
|
15
|
+
requirePermission(event, 'federation.manage');
|
|
16
16
|
|
|
17
17
|
const config = useConfig();
|
|
18
18
|
if (!config.features.federation) {
|
|
@@ -3,7 +3,7 @@ import { activities, followRelationships } from '@commonpub/schema';
|
|
|
3
3
|
|
|
4
4
|
export default defineEventHandler(async (event) => {
|
|
5
5
|
requireFeature('admin');
|
|
6
|
-
|
|
6
|
+
requirePermission(event, 'federation.manage');
|
|
7
7
|
const db = useDB();
|
|
8
8
|
|
|
9
9
|
const [inbound, outbound, pending, failed, followers, following] = await Promise.all([
|
|
@@ -7,7 +7,7 @@ const removeSchema = z.object({
|
|
|
7
7
|
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
9
|
requireFeature('admin');
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'federation.manage');
|
|
11
11
|
const db = useDB();
|
|
12
12
|
const { domain } = await parseBody(event, removeSchema);
|
|
13
13
|
|
|
@@ -2,7 +2,7 @@ import { getStoredTrustedInstances } from '@commonpub/server';
|
|
|
2
2
|
|
|
3
3
|
export default defineEventHandler(async (event) => {
|
|
4
4
|
requireFeature('admin');
|
|
5
|
-
|
|
5
|
+
requirePermission(event, 'federation.manage');
|
|
6
6
|
const db = useDB();
|
|
7
7
|
const config = useConfig();
|
|
8
8
|
|
|
@@ -7,7 +7,7 @@ const addSchema = z.object({
|
|
|
7
7
|
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
9
|
requireFeature('admin');
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'federation.manage');
|
|
11
11
|
const db = useDB();
|
|
12
12
|
const { domain } = await parseBody(event, addSchema);
|
|
13
13
|
|
|
@@ -5,7 +5,7 @@ import { getHomepageSections } from '@commonpub/server';
|
|
|
5
5
|
* Returns homepage sections for admin editing.
|
|
6
6
|
*/
|
|
7
7
|
export default defineEventHandler(async (event) => {
|
|
8
|
-
|
|
8
|
+
requirePermission(event, 'layout.manage');
|
|
9
9
|
const db = useDB();
|
|
10
10
|
return getHomepageSections(db);
|
|
11
11
|
});
|
|
@@ -34,7 +34,7 @@ const updateSectionsSchema = z.object({
|
|
|
34
34
|
* Save homepage section configuration.
|
|
35
35
|
*/
|
|
36
36
|
export default defineEventHandler(async (event) => {
|
|
37
|
-
const user =
|
|
37
|
+
const user = requirePermission(event, 'layout.manage');
|
|
38
38
|
const db = useDB();
|
|
39
39
|
const body = await parseBody(event, updateSectionsSchema);
|
|
40
40
|
|
|
@@ -14,7 +14,7 @@ import { invalidateLayoutsByRouteCache } from '../../../../utils/layoutCache';
|
|
|
14
14
|
export default defineEventHandler(async (event) => {
|
|
15
15
|
requireFeature('admin');
|
|
16
16
|
requireFeature('layoutEngine');
|
|
17
|
-
const admin =
|
|
17
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
18
18
|
const db = useDB();
|
|
19
19
|
|
|
20
20
|
const id = getRouterParam(event, 'id');
|
|
@@ -15,7 +15,7 @@ import { invalidateLayoutsByRouteCache } from '../../../../../../utils/layoutCac
|
|
|
15
15
|
export default defineEventHandler(async (event) => {
|
|
16
16
|
requireFeature('admin');
|
|
17
17
|
requireFeature('layoutEngine');
|
|
18
|
-
const admin =
|
|
18
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
19
19
|
const db = useDB();
|
|
20
20
|
|
|
21
21
|
const id = getRouterParam(event, 'id');
|
|
@@ -12,7 +12,7 @@ import { getLayoutById, listLayoutVersions } from '@commonpub/server';
|
|
|
12
12
|
export default defineEventHandler(async (event) => {
|
|
13
13
|
requireFeature('admin');
|
|
14
14
|
requireFeature('layoutEngine');
|
|
15
|
-
|
|
15
|
+
requirePermission(event, 'layout.manage');
|
|
16
16
|
const db = useDB();
|
|
17
17
|
|
|
18
18
|
const id = getRouterParam(event, 'id');
|
|
@@ -15,7 +15,7 @@ import { invalidateLayoutsByRouteCache } from '../../../utils/layoutCache';
|
|
|
15
15
|
export default defineEventHandler(async (event): Promise<{ ok: true; id: string }> => {
|
|
16
16
|
requireFeature('admin');
|
|
17
17
|
requireFeature('layoutEngine');
|
|
18
|
-
const admin =
|
|
18
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
19
19
|
const db = useDB();
|
|
20
20
|
|
|
21
21
|
const id = getRouterParam(event, 'id');
|
|
@@ -11,7 +11,7 @@ import { getLayoutById } from '@commonpub/server';
|
|
|
11
11
|
export default defineEventHandler(async (event) => {
|
|
12
12
|
requireFeature('admin');
|
|
13
13
|
requireFeature('layoutEngine');
|
|
14
|
-
|
|
14
|
+
requirePermission(event, 'layout.manage');
|
|
15
15
|
|
|
16
16
|
const id = getRouterParam(event, 'id');
|
|
17
17
|
if (!id) {
|
|
@@ -27,7 +27,7 @@ import { validateSectionConfigs } from '../../../utils/validateSectionConfigs';
|
|
|
27
27
|
export default defineEventHandler(async (event) => {
|
|
28
28
|
requireFeature('admin');
|
|
29
29
|
requireFeature('layoutEngine');
|
|
30
|
-
const admin =
|
|
30
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
31
31
|
const db = useDB();
|
|
32
32
|
|
|
33
33
|
const id = getRouterParam(event, 'id');
|
|
@@ -12,7 +12,7 @@ import { listLayouts } from '@commonpub/server';
|
|
|
12
12
|
export default defineEventHandler(async (event) => {
|
|
13
13
|
requireFeature('admin');
|
|
14
14
|
requireFeature('layoutEngine');
|
|
15
|
-
|
|
15
|
+
requirePermission(event, 'layout.manage');
|
|
16
16
|
|
|
17
17
|
const db = useDB();
|
|
18
18
|
const query = getQuery(event) as { scope?: string };
|
|
@@ -19,7 +19,7 @@ import { validateSectionConfigs } from '../../../utils/validateSectionConfigs';
|
|
|
19
19
|
export default defineEventHandler(async (event) => {
|
|
20
20
|
requireFeature('admin');
|
|
21
21
|
requireFeature('layoutEngine');
|
|
22
|
-
const admin =
|
|
22
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
23
23
|
const db = useDB();
|
|
24
24
|
|
|
25
25
|
const body = await parseBody(event, layoutCreateSchema);
|
|
@@ -38,7 +38,7 @@ const bodySchema = z.object({
|
|
|
38
38
|
export default defineEventHandler(async (event) => {
|
|
39
39
|
requireFeature('admin');
|
|
40
40
|
requireFeature('layoutEngine');
|
|
41
|
-
const admin =
|
|
41
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
42
42
|
|
|
43
43
|
const body = await readBody(event).catch(() => ({}));
|
|
44
44
|
const { force } = bodySchema.parse(body ?? {});
|
|
@@ -24,7 +24,7 @@ import { invalidateLayoutsByRouteCache } from '../../../utils/layoutCache';
|
|
|
24
24
|
export default defineEventHandler(async (event) => {
|
|
25
25
|
requireFeature('admin');
|
|
26
26
|
requireFeature('layoutEngine');
|
|
27
|
-
const admin =
|
|
27
|
+
const admin = requirePermission(event, 'layout.manage');
|
|
28
28
|
const db = useDB();
|
|
29
29
|
|
|
30
30
|
const result = await seedHomepageLayout(db, { adminId: admin.id });
|
|
@@ -5,7 +5,7 @@ import { getNavItems } from '@commonpub/server';
|
|
|
5
5
|
* Returns navigation items for admin editing.
|
|
6
6
|
*/
|
|
7
7
|
export default defineEventHandler(async (event) => {
|
|
8
|
-
|
|
8
|
+
requirePermission(event, 'navigation.manage');
|
|
9
9
|
const db = useDB();
|
|
10
10
|
return getNavItems(db);
|
|
11
11
|
});
|
|
@@ -26,7 +26,7 @@ const updateNavSchema = z.object({
|
|
|
26
26
|
* Save navigation item configuration.
|
|
27
27
|
*/
|
|
28
28
|
export default defineEventHandler(async (event) => {
|
|
29
|
-
const user =
|
|
29
|
+
const user = requirePermission(event, 'navigation.manage');
|
|
30
30
|
const db = useDB();
|
|
31
31
|
const body = await parseBody(event, updateNavSchema);
|
|
32
32
|
|
|
@@ -3,7 +3,7 @@ import { resolveReportSchema } from '@commonpub/schema';
|
|
|
3
3
|
|
|
4
4
|
export default defineEventHandler(async (event): Promise<void> => {
|
|
5
5
|
requireFeature('admin');
|
|
6
|
-
const admin =
|
|
6
|
+
const admin = requirePermission(event, 'reports.review');
|
|
7
7
|
const db = useDB();
|
|
8
8
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
9
9
|
const input = await parseBody(event, resolveReportSchema);
|
|
@@ -10,7 +10,7 @@ const reportsQuerySchema = z.object({
|
|
|
10
10
|
|
|
11
11
|
export default defineEventHandler(async (event): Promise<PaginatedResponse<ReportListItem>> => {
|
|
12
12
|
requireFeature('admin');
|
|
13
|
-
|
|
13
|
+
requirePermission(event, 'reports.review');
|
|
14
14
|
const db = useDB();
|
|
15
15
|
const filters = parseQueryParams(event, reportsQuerySchema);
|
|
16
16
|
|
|
@@ -10,7 +10,7 @@ import type { MeiliClient } from '@commonpub/server';
|
|
|
10
10
|
*/
|
|
11
11
|
export default defineEventHandler(async (event) => {
|
|
12
12
|
const user = requireAuth(event);
|
|
13
|
-
|
|
13
|
+
requirePermission(event, 'search.manage');
|
|
14
14
|
|
|
15
15
|
const meiliUrl = process.env.MEILI_URL;
|
|
16
16
|
const meiliKey = process.env.MEILI_MASTER_KEY;
|
|
@@ -3,7 +3,7 @@ import { adminSettingSchema } from '@commonpub/schema';
|
|
|
3
3
|
|
|
4
4
|
export default defineEventHandler(async (event): Promise<void> => {
|
|
5
5
|
requireFeature('admin');
|
|
6
|
-
const admin =
|
|
6
|
+
const admin = requirePermission(event, 'settings.manage');
|
|
7
7
|
const db = useDB();
|
|
8
8
|
const input = await parseBody(event, adminSettingSchema);
|
|
9
9
|
|
|
@@ -3,7 +3,7 @@ import type { PlatformStats } from '@commonpub/server';
|
|
|
3
3
|
|
|
4
4
|
export default defineEventHandler(async (event): Promise<PlatformStats> => {
|
|
5
5
|
requireFeature('admin');
|
|
6
|
-
|
|
6
|
+
requirePermission(event, 'audit.read');
|
|
7
7
|
const db = useDB();
|
|
8
8
|
return getPlatformStats(db);
|
|
9
9
|
});
|
|
@@ -34,7 +34,7 @@ function spacesHosts(): { origin: string; cdn: string } | null {
|
|
|
34
34
|
|
|
35
35
|
export default defineEventHandler(async (event) => {
|
|
36
36
|
requireAuth(event);
|
|
37
|
-
|
|
37
|
+
requirePermission(event, 'storage.manage');
|
|
38
38
|
|
|
39
39
|
const hosts = spacesHosts();
|
|
40
40
|
if (!hosts) {
|
|
@@ -13,7 +13,7 @@ import {
|
|
|
13
13
|
|
|
14
14
|
export default defineEventHandler(async (event): Promise<{ ok: true; resetDefault: boolean }> => {
|
|
15
15
|
requireFeature('admin');
|
|
16
|
-
const admin =
|
|
16
|
+
const admin = requirePermission(event, 'theme.manage');
|
|
17
17
|
const db = useDB();
|
|
18
18
|
|
|
19
19
|
const { id } = parseParams(event, { id: 'string' });
|
|
@@ -7,7 +7,7 @@ import { getCustomTheme } from '@commonpub/server';
|
|
|
7
7
|
|
|
8
8
|
export default defineEventHandler(async (event) => {
|
|
9
9
|
requireFeature('admin');
|
|
10
|
-
|
|
10
|
+
requirePermission(event, 'theme.manage');
|
|
11
11
|
const db = useDB();
|
|
12
12
|
|
|
13
13
|
const { id } = parseParams(event, { id: 'string' });
|
|
@@ -9,7 +9,7 @@ import { getCustomTheme, saveCustomTheme } from '@commonpub/server';
|
|
|
9
9
|
|
|
10
10
|
export default defineEventHandler(async (event) => {
|
|
11
11
|
requireFeature('admin');
|
|
12
|
-
const admin =
|
|
12
|
+
const admin = requirePermission(event, 'theme.manage');
|
|
13
13
|
const db = useDB();
|
|
14
14
|
|
|
15
15
|
const { id } = parseParams(event, { id: 'string' });
|
|
@@ -21,7 +21,7 @@ import { TOKEN_SPECS } from '@commonpub/ui';
|
|
|
21
21
|
|
|
22
22
|
export default defineEventHandler((event) => {
|
|
23
23
|
requireFeature('admin');
|
|
24
|
-
|
|
24
|
+
requirePermission(event, 'theme.manage');
|
|
25
25
|
|
|
26
26
|
const defaults: Record<string, string> = {};
|
|
27
27
|
for (const spec of TOKEN_SPECS) {
|
|
@@ -17,7 +17,7 @@ import { listCustomThemes } from '@commonpub/server';
|
|
|
17
17
|
|
|
18
18
|
export default defineEventHandler(async (event) => {
|
|
19
19
|
requireFeature('admin');
|
|
20
|
-
|
|
20
|
+
requirePermission(event, 'theme.manage');
|
|
21
21
|
const db = useDB();
|
|
22
22
|
const config = useConfig();
|
|
23
23
|
|
|
@@ -12,7 +12,7 @@ const BUILT_IN_IDS = new Set(BUILT_IN_THEMES.map((t) => t.id));
|
|
|
12
12
|
|
|
13
13
|
export default defineEventHandler(async (event) => {
|
|
14
14
|
requireFeature('admin');
|
|
15
|
-
const admin =
|
|
15
|
+
const admin = requirePermission(event, 'theme.manage');
|
|
16
16
|
const db = useDB();
|
|
17
17
|
|
|
18
18
|
const input = await parseBody(event, customThemeSchema);
|
|
@@ -3,7 +3,7 @@ import { adminUpdateRoleSchema } from '@commonpub/schema';
|
|
|
3
3
|
|
|
4
4
|
export default defineEventHandler(async (event): Promise<void> => {
|
|
5
5
|
requireFeature('admin');
|
|
6
|
-
const admin =
|
|
6
|
+
const admin = requirePermission(event, 'users.manage');
|
|
7
7
|
const db = useDB();
|
|
8
8
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
9
9
|
const input = await parseBody(event, adminUpdateRoleSchema);
|
|
@@ -3,7 +3,7 @@ import { adminUpdateStatusSchema } from '@commonpub/schema';
|
|
|
3
3
|
|
|
4
4
|
export default defineEventHandler(async (event): Promise<void> => {
|
|
5
5
|
requireFeature('admin');
|
|
6
|
-
const admin =
|
|
6
|
+
const admin = requirePermission(event, 'users.manage');
|
|
7
7
|
const db = useDB();
|
|
8
8
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
9
9
|
const input = await parseBody(event, adminUpdateStatusSchema);
|
|
@@ -2,7 +2,7 @@ import { deleteUser } from '@commonpub/server';
|
|
|
2
2
|
|
|
3
3
|
export default defineEventHandler(async (event): Promise<void> => {
|
|
4
4
|
requireFeature('admin');
|
|
5
|
-
const admin =
|
|
5
|
+
const admin = requirePermission(event, 'users.delete');
|
|
6
6
|
const db = useDB();
|
|
7
7
|
const { id } = parseParams(event, { id: 'uuid' });
|
|
8
8
|
|
|
@@ -10,7 +10,7 @@ const adminUsersQuerySchema = z.object({
|
|
|
10
10
|
|
|
11
11
|
export default defineEventHandler(async (event): Promise<PaginatedResponse<UserListItem>> => {
|
|
12
12
|
requireFeature('admin');
|
|
13
|
-
|
|
13
|
+
requirePermission(event, 'users.read');
|
|
14
14
|
const db = useDB();
|
|
15
15
|
const filters = parseQueryParams(event, adminUsersQuerySchema);
|
|
16
16
|
|