npm - @playcademy/sandbox - Versions diffs - 0.3.17-beta.36 → 0.3.17-beta.37 - Mend

@playcademy/sandbox 0.3.17-beta.36 → 0.3.17-beta.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -1330,7 +1330,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@playcademy/sandbox",
-    version: "0.3.17-beta.36",
+    version: "0.3.17-beta.37",
     description: "Local development server for Playcademy game development",
     type: "module",
     exports: {
@@ -11297,8 +11297,9 @@ var init_pg_core = __esm(() => {
 });
 // ../data/src/domains/game/table.ts
-var gamePlatformEnum, gameTypeEnum, gameVisibilityEnum, games, gameSessions, gameStates, deploymentProviderEnum, deployJobStatusEnum, gameDeployments, gameDeployJobs, customHostnameStatusEnum, customHostnameSslStatusEnum, customHostnameEnvironmentEnum, gameCustomHostnames;
+var gamePlatformEnum, gameTypeEnum, gameVisibilityEnum, games, gameMemberRoleEnum, gameMembers, gameMembersRelations, gameSessions, gameStates, deploymentProviderEnum, deployJobStatusEnum, gameDeployments, gameDeployJobs, customHostnameStatusEnum, customHostnameSslStatusEnum, customHostnameEnvironmentEnum, gameCustomHostnames;
 var init_table3 = __esm(() => {
+  init_drizzle_orm();
   init_pg_core();
   init_table5();
   init_table6();
@@ -11307,9 +11308,6 @@ var init_table3 = __esm(() => {
   gameVisibilityEnum = pgEnum("game_visibility", ["visible", "unlisted", "internal"]);
   games = pgTable("games", {
     id: uuid("id").primaryKey().defaultRandom(),
-    developerId: text("developer_id").references(() => users.id, {
-      onDelete: "set null"
-    }),
     slug: varchar("slug", { length: 255 }).notNull().unique(),
     displayName: varchar("display_name", { length: 255 }).notNull(),
     version: varchar("version", { length: 50 }).notNull(),
@@ -11325,6 +11323,24 @@ var init_table3 = __esm(() => {
     createdAt: timestamp("created_at", { withTimezone: true }).defaultNow(),
     updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow()
   });
+  gameMemberRoleEnum = pgEnum("game_member_role", ["owner", "collaborator"]);
+  gameMembers = pgTable("game_members", {
+    id: uuid("id").primaryKey().defaultRandom(),
+    gameId: uuid("game_id").notNull().references(() => games.id, { onDelete: "cascade" }),
+    userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+    role: gameMemberRoleEnum("role").notNull().default("collaborator"),
+    createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
+  }, (table3) => [uniqueIndex("game_members_game_user_idx").on(table3.gameId, table3.userId)]);
+  gameMembersRelations = relations(gameMembers, ({ one }) => ({
+    game: one(games, {
+      fields: [gameMembers.gameId],
+      references: [games.id]
+    }),
+    user: one(users, {
+      fields: [gameMembers.userId],
+      references: [users.id]
+    })
+  }));
   gameSessions = pgTable("game_sessions", {
     id: uuid("id").primaryKey().defaultRandom(),
     userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
@@ -12142,6 +12158,9 @@ __export(exports_tables_index, {
   gameScoresRelations: () => gameScoresRelations,
   gameScores: () => gameScores,
   gamePlatformEnum: () => gamePlatformEnum,
+  gameMembersRelations: () => gameMembersRelations,
+  gameMembers: () => gameMembers,
+  gameMemberRoleEnum: () => gameMemberRoleEnum,
   gameDeployments: () => gameDeployments,
   gameDeployJobs: () => gameDeployJobs,
   gameCustomHostnames: () => gameCustomHostnames,
@@ -26776,29 +26795,33 @@ var init_game_service = __esm(() => {
       const db2 = this.deps.db;
       const isAdmin = caller?.role === "admin";
       const isDeveloper = caller?.role === "developer";
-      let whereClause;
       if (isAdmin) {
-        whereClause = undefined;
-      } else if (isDeveloper && caller?.id) {
-        whereClause = or(ne(games.visibility, "internal"), eq(games.developerId, caller.id));
-      } else {
-        whereClause = ne(games.visibility, "internal");
+        return db2.query.games.findMany({
+          orderBy: [desc(games.createdAt)]
+        });
+      }
+      if (isDeveloper && caller?.id) {
+        const rows = await db2.select().from(games).where(or(ne(games.visibility, "internal"), exists(db2.select({ one: sql`1` }).from(gameMembers).where(and(eq(gameMembers.gameId, games.id), eq(gameMembers.userId, caller.id)))))).orderBy(desc(games.createdAt));
+        return rows;
       }
       return db2.query.games.findMany({
-        where: whereClause,
+        where: ne(games.visibility, "internal"),
         orderBy: [desc(games.createdAt)]
       });
     }
-    async listManageable(user) {
+    async listAccessible(user) {
       const seesAllGames = user.role === "admin" || user.role === "teacher";
       if (!seesAllGames) {
         this.validateDeveloperStatus(user);
       }
       const db2 = this.deps.db;
-      return db2.query.games.findMany({
-        where: seesAllGames ? undefined : eq(games.developerId, user.id),
-        orderBy: [desc(games.createdAt)]
-      });
+      if (seesAllGames) {
+        return db2.query.games.findMany({
+          orderBy: [desc(games.createdAt)]
+        });
+      }
+      const rows = await db2.select({ games }).from(games).innerJoin(gameMembers, eq(gameMembers.gameId, games.id)).where(eq(gameMembers.userId, user.id)).orderBy(desc(games.createdAt));
+      return rows.map((r) => r.games);
     }
     async getSubjects() {
       const db2 = this.deps.db;
@@ -26822,7 +26845,7 @@ var init_game_service = __esm(() => {
       if (!game) {
         throw new NotFoundError("Game", gameId);
       }
-      this.enforceVisibility(game, caller, gameId);
+      await this.enforceVisibility(game, caller, gameId);
       return game;
     }
     async getBySlug(slug, caller) {
@@ -26833,7 +26856,7 @@ var init_game_service = __esm(() => {
       if (!game) {
         throw new NotFoundError("Game", slug);
       }
-      this.enforceVisibility(game, caller, slug);
+      await this.enforceVisibility(game, caller, slug);
       return game;
     }
     async getManifest(gameId, caller) {
@@ -26999,15 +27022,20 @@ var init_game_service = __esm(() => {
         };
       }
     }
-    enforceVisibility(game, caller, lookupIdentifier) {
+    async enforceVisibility(game, caller, lookupIdentifier) {
       if (game.visibility !== "internal") {
         return;
       }
-      const isAdmin = caller?.role === "admin";
-      const isOwner = caller?.id != null && caller.id === game.developerId;
-      if (!isAdmin && !isOwner) {
+      if (!caller) {
         throw new NotFoundError("Game", lookupIdentifier);
       }
+      if (caller.role === "admin") {
+        return;
+      }
+      if (await this.hasGameMembership(game.id, caller.id)) {
+        return;
+      }
+      throw new NotFoundError("Game", lookupIdentifier);
     }
     async upsertBySlug(slug, data, user) {
       const db2 = this.deps.db;
@@ -27044,17 +27072,24 @@ var init_game_service = __esm(() => {
           ...gameDataForDb,
           id: gameId,
           slug,
-          developerId: user.id,
           metadata: data.metadata || {},
           version: data.gameType === "external" ? "external" : "",
           deploymentUrl: null,
           createdAt: new Date
         };
-        const [createdGame] = await db2.insert(games).values(insertData).returning();
-        if (!createdGame) {
-          logger5.error("Game insert returned no rows", { slug, developerId: user.id });
-          throw new InternalError("DB insert failed to return result for new game");
-        }
+        const createdGame = await db2.transaction(async (tx) => {
+          const [game] = await tx.insert(games).values(insertData).returning();
+          if (!game) {
+            logger5.error("Game insert returned no rows", { slug, userId: user.id });
+            throw new InternalError("DB insert failed to return result for new game");
+          }
+          await tx.insert(gameMembers).values({
+            gameId: game.id,
+            userId: user.id,
+            role: "owner"
+          });
+          return game;
+        });
         gameResponse = createdGame;
       }
       if (data.mapElementId) {
@@ -27152,51 +27187,43 @@ var init_game_service = __esm(() => {
         displayName: gameToDelete.displayName
       };
     }
+    async hasGameMembership(gameId, userId) {
+      const membership = await this.deps.db.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, gameId), eq(gameMembers.userId, userId)),
+        columns: { id: true }
+      });
+      return Boolean(membership);
+    }
     async validateOwnership(user, gameId) {
-      if (user.role === "admin") {
-        const gameExists = await this.deps.db.query.games.findFirst({
-          where: eq(games.id, gameId),
-          columns: { id: true }
-        });
-        if (!gameExists) {
-          throw new NotFoundError("Game", gameId);
-        }
-        return;
-      }
       const db2 = this.deps.db;
-      const gameOwnership = await db2.query.games.findFirst({
-        where: and(eq(games.id, gameId), eq(games.developerId, user.id)),
+      const gameExists = await db2.query.games.findFirst({
+        where: eq(games.id, gameId),
         columns: { id: true }
       });
-      if (!gameOwnership) {
-        const gameExists = await db2.query.games.findFirst({
-          where: eq(games.id, gameId),
-          columns: { id: true }
-        });
-        if (!gameExists) {
-          throw new NotFoundError("Game", gameId);
-        }
+      if (!gameExists) {
+        throw new NotFoundError("Game", gameId);
+      }
+      if (user.role === "admin") {
+        return;
+      }
+      if (!await this.hasGameMembership(gameId, user.id)) {
         throw new AccessDeniedError("You do not own this game");
       }
     }
     async validateDeveloperAccess(user, gameId) {
       this.validateDeveloperStatus(user);
-      if (user.role === "admin") {
-        const gameExists = await this.deps.db.query.games.findFirst({
-          where: eq(games.id, gameId),
-          columns: { id: true }
-        });
-        if (!gameExists) {
-          throw new NotFoundError("Game", gameId);
-        }
-        return;
-      }
       const db2 = this.deps.db;
-      const existingGame = await db2.query.games.findFirst({
-        where: and(eq(games.id, gameId), eq(games.developerId, user.id)),
+      const gameExists = await db2.query.games.findFirst({
+        where: eq(games.id, gameId),
         columns: { id: true }
       });
-      if (!existingGame) {
+      if (!gameExists) {
+        throw new NotFoundError("Game", gameId);
+      }
+      if (user.role === "admin") {
+        return;
+      }
+      if (!await this.hasGameMembership(gameId, user.id)) {
         throw new NotFoundError("Game", gameId);
       }
     }
@@ -27216,21 +27243,18 @@ var init_game_service = __esm(() => {
     async validateDeveloperAccessBySlug(user, slug) {
       this.validateDeveloperStatus(user);
       const db2 = this.deps.db;
-      if (user.role === "admin") {
-        const game2 = await db2.query.games.findFirst({
-          where: eq(games.slug, slug)
-        });
-        if (!game2) {
-          throw new NotFoundError("Game", slug);
-        }
-        return game2;
-      }
       const game = await db2.query.games.findFirst({
-        where: and(eq(games.slug, slug), eq(games.developerId, user.id))
+        where: eq(games.slug, slug)
       });
       if (!game) {
         throw new NotFoundError("Game", slug);
       }
+      if (user.role === "admin") {
+        return game;
+      }
+      if (!await this.hasGameMembership(game.id, user.id)) {
+        throw new NotFoundError("Game", slug);
+      }
       return game;
     }
     validateDeveloperStatus(user) {
@@ -34879,10 +34903,17 @@ class LogsService {
         throw new AccessDeniedError("Must be an approved developer");
       }
       const game = await db2.query.games.findFirst({
-        where: and(eq(games.slug, slug2), eq(games.developerId, user.id)),
+        where: eq(games.slug, slug2),
         columns: { id: true }
       });
       if (!game) {
+        throw new NotFoundError("Game", slug2);
+      }
+      const membership = await db2.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, game.id), eq(gameMembers.userId, user.id)),
+        columns: { id: true }
+      });
+      if (!membership) {
         logger28.warn("Developer attempted access to unowned game logs", {
           userId: user.id,
           slug: slug2
@@ -93763,7 +93794,6 @@ async function seedCoreGames(db2) {
   const coreGames = [
     {
       id: CORE_GAME_UUIDS.PLAYGROUND,
-      developerId: DEMO_USERS.developer.id,
       slug: "playground",
       displayName: "Playground",
       version: "local",
@@ -93780,6 +93810,11 @@ async function seedCoreGames(db2) {
   for (const gameData of coreGames) {
     try {
       await db2.insert(games).values(gameData).onConflictDoNothing();
+      await db2.insert(gameMembers).values({
+        gameId: gameData.id,
+        userId: DEMO_USERS.developer.id,
+        role: "owner"
+      }).onConflictDoNothing();
     } catch (error2) {
       logger37.error(`Error seeding core game '${gameData.slug}': ${error2}`);
     }
@@ -93804,7 +93839,6 @@ async function seedCurrentProjectGame(db2, project) {
     }
     const gameRecord = {
       id: desiredGameId ?? crypto.randomUUID(),
-      developerId: DEMO_USERS.developer.id,
       slug: project.slug,
       displayName: project.displayName,
       version: project.version,
@@ -93822,6 +93856,11 @@ async function seedCurrentProjectGame(db2, project) {
     if (!newGame) {
       throw new Error("Failed to create game record");
     }
+    await db2.insert(gameMembers).values({
+      gameId: newGame.id,
+      userId: DEMO_USERS.developer.id,
+      role: "owner"
+    }).onConflictDoNothing();
     if (project.timebackCourses && project.timebackCourses.length > 0) {
       await seedTimebackIntegrations(db2, newGame.id, project.timebackCourses);
     }
@@ -94810,7 +94849,6 @@ var init_schemas2 = __esm(() => {
     id: true,
     slug: true,
     createdAt: true,
-    developerId: true,
     version: true
   }).refine((data) => {
     if (data.gameType === "hosted" && data.deploymentUrl === null) {
@@ -96212,7 +96250,7 @@ var init_domain_controller = __esm(() => {
 });
 // ../api-core/src/controllers/game.controller.ts
-var logger48, list3, listManageable, getSubjects, getById2, getBySlug, getManifest, upsertBySlug, remove3, games2;
+var logger48, list3, listAccessible, getSubjects, getById2, getBySlug, getManifest, upsertBySlug, remove3, games2;
 var init_game_controller = __esm(() => {
   init_esm();
   init_schemas_index();
@@ -96225,9 +96263,9 @@ var init_game_controller = __esm(() => {
     logger48.debug("Listing games", { userId: ctx.user.id });
     return ctx.services.game.list(ctx.user);
   });
-  listManageable = requireNonAnonymous(async (ctx) => {
-    logger48.debug("Listing manageable games", { userId: ctx.user.id });
-    return ctx.services.game.listManageable(ctx.user);
+  listAccessible = requireNonAnonymous(async (ctx) => {
+    logger48.debug("Listing accessible games", { userId: ctx.user.id });
+    return ctx.services.game.listAccessible(ctx.user);
   });
   getSubjects = requireNonAnonymous(async (ctx) => {
     logger48.debug("Getting game subjects", { userId: ctx.user.id });
@@ -96300,7 +96338,7 @@ var init_game_controller = __esm(() => {
   });
   games2 = {
     list: list3,
-    listManageable,
+    listAccessible,
     getSubjects,
     getById: getById2,
     getManifest,
@@ -98421,6 +98459,7 @@ var init_crud = __esm(() => {
   init_api();
   gameCrudRouter = new Hono2;
   gameCrudRouter.get("/", handle2(games2.list));
+  gameCrudRouter.get("/accessible", handle2(games2.listAccessible));
   gameCrudRouter.get("/:gameId{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}}/manifest", handle2(games2.getManifest));
   gameCrudRouter.get("/:gameId{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}}", handle2(games2.getById));
   gameCrudRouter.get("/:slug", handle2(games2.getBySlug));
@@ -98563,10 +98602,12 @@ var init_deploy = __esm(() => {
     const db2 = ctx.db;
     const existingGames = await db2.select().from(games).where(eq(games.slug, slug2));
     const existingGame = existingGames[0];
-    if (existingGame) {
-      const isAdmin = user.role === "admin";
-      const isOwner = existingGame.developerId === user.id;
-      if (!isAdmin && !isOwner) {
+    if (existingGame && user.role !== "admin") {
+      const membership = await db2.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, existingGame.id), eq(gameMembers.userId, user.id)),
+        columns: { id: true }
+      });
+      if (!membership) {
         return c2.json({
           error: {
             code: "FORBIDDEN",
@@ -98590,17 +98631,24 @@ var init_deploy = __esm(() => {
       if (!body2.metadata?.displayName) {
         return c2.json({ error: { code: "BAD_REQUEST", message: "Display name required for new game" } }, 400);
       }
-      const inserted = await db2.insert(games).values({
+      const gameValues = {
         slug: slug2,
         displayName: body2.metadata.displayName,
         version: "1.0.0",
         platform: body2.metadata.platform ?? "web",
         gameType: "hosted",
-        developerId: user.id,
         deploymentUrl: `http://localhost:4321`,
         metadata: body2.metadata.metadata ?? {}
-      }).returning();
-      game = inserted[0];
+      };
+      game = await db2.transaction(async (tx) => {
+        const [inserted] = await tx.insert(games).values(gameValues).returning();
+        await tx.insert(gameMembers).values({
+          gameId: inserted.id,
+          userId: user.id,
+          role: "owner"
+        });
+        return inserted;
+      });
     }
     let backendCode = body2.code;
     if (!backendCode && body2.codeUploadToken) {
@@ -98679,13 +98727,19 @@ var init_deploy = __esm(() => {
     const ctx = getSandboxContext();
     const game = await ctx.db.query.games.findFirst({
       where: eq(games.slug, slug2 ?? ""),
-      columns: { id: true, developerId: true }
+      columns: { id: true }
     });
     if (!game) {
       return c2.json({ error: { code: "NOT_FOUND", message: "Game not found" } }, 404);
     }
-    if (game.developerId !== user.id && user.role !== "admin") {
-      return c2.json({ error: { code: "NOT_FOUND", message: "Game not found" } }, 404);
+    if (user.role !== "admin") {
+      const membership = await ctx.db.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, game.id), eq(gameMembers.userId, user.id)),
+        columns: { id: true }
+      });
+      if (!membership) {
+        return c2.json({ error: { code: "NOT_FOUND", message: "Game not found" } }, 404);
+      }
     }
     const job = await ctx.db.query.gameDeployJobs.findFirst({
       where: and(eq(gameDeployJobs.id, jobId), eq(gameDeployJobs.gameId, game.id))

package/dist/server.js CHANGED Viewed

@@ -1329,7 +1329,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@playcademy/sandbox",
-    version: "0.3.17-beta.36",
+    version: "0.3.17-beta.37",
     description: "Local development server for Playcademy game development",
     type: "module",
     exports: {
@@ -11296,8 +11296,9 @@ var init_pg_core = __esm(() => {
 });
 // ../data/src/domains/game/table.ts
-var gamePlatformEnum, gameTypeEnum, gameVisibilityEnum, games, gameSessions, gameStates, deploymentProviderEnum, deployJobStatusEnum, gameDeployments, gameDeployJobs, customHostnameStatusEnum, customHostnameSslStatusEnum, customHostnameEnvironmentEnum, gameCustomHostnames;
+var gamePlatformEnum, gameTypeEnum, gameVisibilityEnum, games, gameMemberRoleEnum, gameMembers, gameMembersRelations, gameSessions, gameStates, deploymentProviderEnum, deployJobStatusEnum, gameDeployments, gameDeployJobs, customHostnameStatusEnum, customHostnameSslStatusEnum, customHostnameEnvironmentEnum, gameCustomHostnames;
 var init_table3 = __esm(() => {
+  init_drizzle_orm();
   init_pg_core();
   init_table5();
   init_table6();
@@ -11306,9 +11307,6 @@ var init_table3 = __esm(() => {
   gameVisibilityEnum = pgEnum("game_visibility", ["visible", "unlisted", "internal"]);
   games = pgTable("games", {
     id: uuid("id").primaryKey().defaultRandom(),
-    developerId: text("developer_id").references(() => users.id, {
-      onDelete: "set null"
-    }),
     slug: varchar("slug", { length: 255 }).notNull().unique(),
     displayName: varchar("display_name", { length: 255 }).notNull(),
     version: varchar("version", { length: 50 }).notNull(),
@@ -11324,6 +11322,24 @@ var init_table3 = __esm(() => {
     createdAt: timestamp("created_at", { withTimezone: true }).defaultNow(),
     updatedAt: timestamp("updated_at", { withTimezone: true }).defaultNow()
   });
+  gameMemberRoleEnum = pgEnum("game_member_role", ["owner", "collaborator"]);
+  gameMembers = pgTable("game_members", {
+    id: uuid("id").primaryKey().defaultRandom(),
+    gameId: uuid("game_id").notNull().references(() => games.id, { onDelete: "cascade" }),
+    userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+    role: gameMemberRoleEnum("role").notNull().default("collaborator"),
+    createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
+  }, (table3) => [uniqueIndex("game_members_game_user_idx").on(table3.gameId, table3.userId)]);
+  gameMembersRelations = relations(gameMembers, ({ one }) => ({
+    game: one(games, {
+      fields: [gameMembers.gameId],
+      references: [games.id]
+    }),
+    user: one(users, {
+      fields: [gameMembers.userId],
+      references: [users.id]
+    })
+  }));
   gameSessions = pgTable("game_sessions", {
     id: uuid("id").primaryKey().defaultRandom(),
     userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
@@ -12141,6 +12157,9 @@ __export(exports_tables_index, {
   gameScoresRelations: () => gameScoresRelations,
   gameScores: () => gameScores,
   gamePlatformEnum: () => gamePlatformEnum,
+  gameMembersRelations: () => gameMembersRelations,
+  gameMembers: () => gameMembers,
+  gameMemberRoleEnum: () => gameMemberRoleEnum,
   gameDeployments: () => gameDeployments,
   gameDeployJobs: () => gameDeployJobs,
   gameCustomHostnames: () => gameCustomHostnames,
@@ -26775,29 +26794,33 @@ var init_game_service = __esm(() => {
       const db2 = this.deps.db;
       const isAdmin = caller?.role === "admin";
       const isDeveloper = caller?.role === "developer";
-      let whereClause;
       if (isAdmin) {
-        whereClause = undefined;
-      } else if (isDeveloper && caller?.id) {
-        whereClause = or(ne(games.visibility, "internal"), eq(games.developerId, caller.id));
-      } else {
-        whereClause = ne(games.visibility, "internal");
+        return db2.query.games.findMany({
+          orderBy: [desc(games.createdAt)]
+        });
+      }
+      if (isDeveloper && caller?.id) {
+        const rows = await db2.select().from(games).where(or(ne(games.visibility, "internal"), exists(db2.select({ one: sql`1` }).from(gameMembers).where(and(eq(gameMembers.gameId, games.id), eq(gameMembers.userId, caller.id)))))).orderBy(desc(games.createdAt));
+        return rows;
       }
       return db2.query.games.findMany({
-        where: whereClause,
+        where: ne(games.visibility, "internal"),
         orderBy: [desc(games.createdAt)]
       });
     }
-    async listManageable(user) {
+    async listAccessible(user) {
       const seesAllGames = user.role === "admin" || user.role === "teacher";
       if (!seesAllGames) {
         this.validateDeveloperStatus(user);
       }
       const db2 = this.deps.db;
-      return db2.query.games.findMany({
-        where: seesAllGames ? undefined : eq(games.developerId, user.id),
-        orderBy: [desc(games.createdAt)]
-      });
+      if (seesAllGames) {
+        return db2.query.games.findMany({
+          orderBy: [desc(games.createdAt)]
+        });
+      }
+      const rows = await db2.select({ games }).from(games).innerJoin(gameMembers, eq(gameMembers.gameId, games.id)).where(eq(gameMembers.userId, user.id)).orderBy(desc(games.createdAt));
+      return rows.map((r) => r.games);
     }
     async getSubjects() {
       const db2 = this.deps.db;
@@ -26821,7 +26844,7 @@ var init_game_service = __esm(() => {
       if (!game) {
         throw new NotFoundError("Game", gameId);
       }
-      this.enforceVisibility(game, caller, gameId);
+      await this.enforceVisibility(game, caller, gameId);
       return game;
     }
     async getBySlug(slug, caller) {
@@ -26832,7 +26855,7 @@ var init_game_service = __esm(() => {
       if (!game) {
         throw new NotFoundError("Game", slug);
       }
-      this.enforceVisibility(game, caller, slug);
+      await this.enforceVisibility(game, caller, slug);
       return game;
     }
     async getManifest(gameId, caller) {
@@ -26998,15 +27021,20 @@ var init_game_service = __esm(() => {
         };
       }
     }
-    enforceVisibility(game, caller, lookupIdentifier) {
+    async enforceVisibility(game, caller, lookupIdentifier) {
       if (game.visibility !== "internal") {
         return;
       }
-      const isAdmin = caller?.role === "admin";
-      const isOwner = caller?.id != null && caller.id === game.developerId;
-      if (!isAdmin && !isOwner) {
+      if (!caller) {
         throw new NotFoundError("Game", lookupIdentifier);
       }
+      if (caller.role === "admin") {
+        return;
+      }
+      if (await this.hasGameMembership(game.id, caller.id)) {
+        return;
+      }
+      throw new NotFoundError("Game", lookupIdentifier);
     }
     async upsertBySlug(slug, data, user) {
       const db2 = this.deps.db;
@@ -27043,17 +27071,24 @@ var init_game_service = __esm(() => {
           ...gameDataForDb,
           id: gameId,
           slug,
-          developerId: user.id,
           metadata: data.metadata || {},
           version: data.gameType === "external" ? "external" : "",
           deploymentUrl: null,
           createdAt: new Date
         };
-        const [createdGame] = await db2.insert(games).values(insertData).returning();
-        if (!createdGame) {
-          logger5.error("Game insert returned no rows", { slug, developerId: user.id });
-          throw new InternalError("DB insert failed to return result for new game");
-        }
+        const createdGame = await db2.transaction(async (tx) => {
+          const [game] = await tx.insert(games).values(insertData).returning();
+          if (!game) {
+            logger5.error("Game insert returned no rows", { slug, userId: user.id });
+            throw new InternalError("DB insert failed to return result for new game");
+          }
+          await tx.insert(gameMembers).values({
+            gameId: game.id,
+            userId: user.id,
+            role: "owner"
+          });
+          return game;
+        });
         gameResponse = createdGame;
       }
       if (data.mapElementId) {
@@ -27151,51 +27186,43 @@ var init_game_service = __esm(() => {
         displayName: gameToDelete.displayName
       };
     }
+    async hasGameMembership(gameId, userId) {
+      const membership = await this.deps.db.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, gameId), eq(gameMembers.userId, userId)),
+        columns: { id: true }
+      });
+      return Boolean(membership);
+    }
     async validateOwnership(user, gameId) {
-      if (user.role === "admin") {
-        const gameExists = await this.deps.db.query.games.findFirst({
-          where: eq(games.id, gameId),
-          columns: { id: true }
-        });
-        if (!gameExists) {
-          throw new NotFoundError("Game", gameId);
-        }
-        return;
-      }
       const db2 = this.deps.db;
-      const gameOwnership = await db2.query.games.findFirst({
-        where: and(eq(games.id, gameId), eq(games.developerId, user.id)),
+      const gameExists = await db2.query.games.findFirst({
+        where: eq(games.id, gameId),
         columns: { id: true }
       });
-      if (!gameOwnership) {
-        const gameExists = await db2.query.games.findFirst({
-          where: eq(games.id, gameId),
-          columns: { id: true }
-        });
-        if (!gameExists) {
-          throw new NotFoundError("Game", gameId);
-        }
+      if (!gameExists) {
+        throw new NotFoundError("Game", gameId);
+      }
+      if (user.role === "admin") {
+        return;
+      }
+      if (!await this.hasGameMembership(gameId, user.id)) {
         throw new AccessDeniedError("You do not own this game");
       }
     }
     async validateDeveloperAccess(user, gameId) {
       this.validateDeveloperStatus(user);
-      if (user.role === "admin") {
-        const gameExists = await this.deps.db.query.games.findFirst({
-          where: eq(games.id, gameId),
-          columns: { id: true }
-        });
-        if (!gameExists) {
-          throw new NotFoundError("Game", gameId);
-        }
-        return;
-      }
       const db2 = this.deps.db;
-      const existingGame = await db2.query.games.findFirst({
-        where: and(eq(games.id, gameId), eq(games.developerId, user.id)),
+      const gameExists = await db2.query.games.findFirst({
+        where: eq(games.id, gameId),
         columns: { id: true }
       });
-      if (!existingGame) {
+      if (!gameExists) {
+        throw new NotFoundError("Game", gameId);
+      }
+      if (user.role === "admin") {
+        return;
+      }
+      if (!await this.hasGameMembership(gameId, user.id)) {
         throw new NotFoundError("Game", gameId);
       }
     }
@@ -27215,21 +27242,18 @@ var init_game_service = __esm(() => {
     async validateDeveloperAccessBySlug(user, slug) {
       this.validateDeveloperStatus(user);
       const db2 = this.deps.db;
-      if (user.role === "admin") {
-        const game2 = await db2.query.games.findFirst({
-          where: eq(games.slug, slug)
-        });
-        if (!game2) {
-          throw new NotFoundError("Game", slug);
-        }
-        return game2;
-      }
       const game = await db2.query.games.findFirst({
-        where: and(eq(games.slug, slug), eq(games.developerId, user.id))
+        where: eq(games.slug, slug)
       });
       if (!game) {
         throw new NotFoundError("Game", slug);
       }
+      if (user.role === "admin") {
+        return game;
+      }
+      if (!await this.hasGameMembership(game.id, user.id)) {
+        throw new NotFoundError("Game", slug);
+      }
       return game;
     }
     validateDeveloperStatus(user) {
@@ -34878,10 +34902,17 @@ class LogsService {
         throw new AccessDeniedError("Must be an approved developer");
       }
       const game = await db2.query.games.findFirst({
-        where: and(eq(games.slug, slug2), eq(games.developerId, user.id)),
+        where: eq(games.slug, slug2),
         columns: { id: true }
       });
       if (!game) {
+        throw new NotFoundError("Game", slug2);
+      }
+      const membership = await db2.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, game.id), eq(gameMembers.userId, user.id)),
+        columns: { id: true }
+      });
+      if (!membership) {
         logger28.warn("Developer attempted access to unowned game logs", {
           userId: user.id,
           slug: slug2
@@ -93762,7 +93793,6 @@ async function seedCoreGames(db2) {
   const coreGames = [
     {
       id: CORE_GAME_UUIDS.PLAYGROUND,
-      developerId: DEMO_USERS.developer.id,
       slug: "playground",
       displayName: "Playground",
       version: "local",
@@ -93779,6 +93809,11 @@ async function seedCoreGames(db2) {
   for (const gameData of coreGames) {
     try {
       await db2.insert(games).values(gameData).onConflictDoNothing();
+      await db2.insert(gameMembers).values({
+        gameId: gameData.id,
+        userId: DEMO_USERS.developer.id,
+        role: "owner"
+      }).onConflictDoNothing();
     } catch (error2) {
       logger37.error(`Error seeding core game '${gameData.slug}': ${error2}`);
     }
@@ -93803,7 +93838,6 @@ async function seedCurrentProjectGame(db2, project) {
     }
     const gameRecord = {
       id: desiredGameId ?? crypto.randomUUID(),
-      developerId: DEMO_USERS.developer.id,
       slug: project.slug,
       displayName: project.displayName,
       version: project.version,
@@ -93821,6 +93855,11 @@ async function seedCurrentProjectGame(db2, project) {
     if (!newGame) {
       throw new Error("Failed to create game record");
     }
+    await db2.insert(gameMembers).values({
+      gameId: newGame.id,
+      userId: DEMO_USERS.developer.id,
+      role: "owner"
+    }).onConflictDoNothing();
     if (project.timebackCourses && project.timebackCourses.length > 0) {
       await seedTimebackIntegrations(db2, newGame.id, project.timebackCourses);
     }
@@ -94809,7 +94848,6 @@ var init_schemas2 = __esm(() => {
     id: true,
     slug: true,
     createdAt: true,
-    developerId: true,
     version: true
   }).refine((data) => {
     if (data.gameType === "hosted" && data.deploymentUrl === null) {
@@ -96211,7 +96249,7 @@ var init_domain_controller = __esm(() => {
 });
 // ../api-core/src/controllers/game.controller.ts
-var logger48, list3, listManageable, getSubjects, getById2, getBySlug, getManifest, upsertBySlug, remove3, games2;
+var logger48, list3, listAccessible, getSubjects, getById2, getBySlug, getManifest, upsertBySlug, remove3, games2;
 var init_game_controller = __esm(() => {
   init_esm();
   init_schemas_index();
@@ -96224,9 +96262,9 @@ var init_game_controller = __esm(() => {
     logger48.debug("Listing games", { userId: ctx.user.id });
     return ctx.services.game.list(ctx.user);
   });
-  listManageable = requireNonAnonymous(async (ctx) => {
-    logger48.debug("Listing manageable games", { userId: ctx.user.id });
-    return ctx.services.game.listManageable(ctx.user);
+  listAccessible = requireNonAnonymous(async (ctx) => {
+    logger48.debug("Listing accessible games", { userId: ctx.user.id });
+    return ctx.services.game.listAccessible(ctx.user);
   });
   getSubjects = requireNonAnonymous(async (ctx) => {
     logger48.debug("Getting game subjects", { userId: ctx.user.id });
@@ -96299,7 +96337,7 @@ var init_game_controller = __esm(() => {
   });
   games2 = {
     list: list3,
-    listManageable,
+    listAccessible,
     getSubjects,
     getById: getById2,
     getManifest,
@@ -98420,6 +98458,7 @@ var init_crud = __esm(() => {
   init_api();
   gameCrudRouter = new Hono2;
   gameCrudRouter.get("/", handle2(games2.list));
+  gameCrudRouter.get("/accessible", handle2(games2.listAccessible));
   gameCrudRouter.get("/:gameId{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}}/manifest", handle2(games2.getManifest));
   gameCrudRouter.get("/:gameId{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}}", handle2(games2.getById));
   gameCrudRouter.get("/:slug", handle2(games2.getBySlug));
@@ -98562,10 +98601,12 @@ var init_deploy = __esm(() => {
     const db2 = ctx.db;
     const existingGames = await db2.select().from(games).where(eq(games.slug, slug2));
     const existingGame = existingGames[0];
-    if (existingGame) {
-      const isAdmin = user.role === "admin";
-      const isOwner = existingGame.developerId === user.id;
-      if (!isAdmin && !isOwner) {
+    if (existingGame && user.role !== "admin") {
+      const membership = await db2.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, existingGame.id), eq(gameMembers.userId, user.id)),
+        columns: { id: true }
+      });
+      if (!membership) {
         return c2.json({
           error: {
             code: "FORBIDDEN",
@@ -98589,17 +98630,24 @@ var init_deploy = __esm(() => {
       if (!body2.metadata?.displayName) {
         return c2.json({ error: { code: "BAD_REQUEST", message: "Display name required for new game" } }, 400);
       }
-      const inserted = await db2.insert(games).values({
+      const gameValues = {
         slug: slug2,
         displayName: body2.metadata.displayName,
         version: "1.0.0",
         platform: body2.metadata.platform ?? "web",
         gameType: "hosted",
-        developerId: user.id,
         deploymentUrl: `http://localhost:4321`,
         metadata: body2.metadata.metadata ?? {}
-      }).returning();
-      game = inserted[0];
+      };
+      game = await db2.transaction(async (tx) => {
+        const [inserted] = await tx.insert(games).values(gameValues).returning();
+        await tx.insert(gameMembers).values({
+          gameId: inserted.id,
+          userId: user.id,
+          role: "owner"
+        });
+        return inserted;
+      });
     }
     let backendCode = body2.code;
     if (!backendCode && body2.codeUploadToken) {
@@ -98678,13 +98726,19 @@ var init_deploy = __esm(() => {
     const ctx = getSandboxContext();
     const game = await ctx.db.query.games.findFirst({
       where: eq(games.slug, slug2 ?? ""),
-      columns: { id: true, developerId: true }
+      columns: { id: true }
     });
     if (!game) {
       return c2.json({ error: { code: "NOT_FOUND", message: "Game not found" } }, 404);
     }
-    if (game.developerId !== user.id && user.role !== "admin") {
-      return c2.json({ error: { code: "NOT_FOUND", message: "Game not found" } }, 404);
+    if (user.role !== "admin") {
+      const membership = await ctx.db.query.gameMembers.findFirst({
+        where: and(eq(gameMembers.gameId, game.id), eq(gameMembers.userId, user.id)),
+        columns: { id: true }
+      });
+      if (!membership) {
+        return c2.json({ error: { code: "NOT_FOUND", message: "Game not found" } }, 404);
+      }
     }
     const job = await ctx.db.query.gameDeployJobs.findFirst({
       where: and(eq(gameDeployJobs.id, jobId), eq(gameDeployJobs.gameId, game.id))

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@playcademy/sandbox",
-    "version": "0.3.17-beta.36",
+    "version": "0.3.17-beta.37",
     "description": "Local development server for Playcademy game development",
     "type": "module",
     "exports": {