includio-cms 0.1.0 → 0.1.2

package/CHANGELOG.md

@@ -3,6 +3,58 @@
 All notable changes to includio-cms are documented here.
 Generated from `src/lib/updates/` — do not edit manually.
 
+## 0.1.2 — 2026-02-18
+
+User management & RBAC
+
+### Added
+- Role type system (admin/user) with UserRole type
+- RBAC middleware: requireRole() for server-side role checks
+- Admin users page: list, search, pagination via authClient.admin.listUsers
+- Create user dialog: email, password, name, role via authClient.admin.createUser
+- Edit user dialog: name, email, role with self-demotion protection
+- Delete user dialog with self-deletion protection
+- Route gating: /admin/users restricted to admin role
+- Sidebar gating: Users nav item visible only for admins
+- Auth client: adminClient() plugin added
+- CLI: addUser rewritten to use better-auth API with role prompt
+- Admin session management: view/revoke other users' sessions
+- Email invitation system: invite users by email with role assignment
+- Accept invite page: public registration via invite token
+- Pending invitations list with cancel and resend support
+- Email adapter now optional in CMS config
+
+### Migration
+
+```sql
+CREATE TABLE IF NOT EXISTS invitation (
+  id TEXT PRIMARY KEY,
+  email TEXT NOT NULL,
+  role TEXT NOT NULL DEFAULT 'user',
+  token TEXT NOT NULL UNIQUE,
+  expires_at TIMESTAMP NOT NULL,
+  created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+  created_by TEXT NOT NULL REFERENCES "user"(id) ON DELETE CASCADE,
+  used_at TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS invitation_token_idx ON invitation (token);
+```
+
+## 0.1.1 — 2026-02-18
+
+Field constraint UI — visible limits, counters, and hints
+
+### Added
+- Text fields: character counter (X / Y) with aria-live, destructive color at limit
+- Text fields: constraint hints (min/max chars, pattern format) in description
+- Text fields: native minlength/maxlength HTML attributes on input/textarea
+- Number fields: native min/max/step HTML attributes on input
+- Number fields: range and step hints in description
+- Array fields: items counter (X / Y) next to label when maxItems defined
+- Array fields: Add/Duplicate buttons disabled at maxItems limit
+- Array fields: fixed-length mode (minItems === maxItems) — pre-populated, reorder only
+
 ## 0.1.0 — 2026-02-17
 
 Stabilization — pagination, language switcher, and more

package/ROADMAP.md

@@ -22,29 +22,27 @@
 
 ## 0.1.1 — Input integrity
 
-- [ ] `[fix]` `[P1]` Input constraints UI — HTML maxlength, character counter, pattern feedback <!-- files: src/lib/admin/components/fields/text-field.svelte -->
-- [ ] `[fix]` `[P1]` Array field maxItems — disable Add button when max reached <!-- files: src/lib/admin/components/fields/array-field.svelte -->
-- [ ] `[feature]` `[P1]` Array field fixed length — fixed item count, no add/remove, reorder only
-- [ ] `[feature]` `[P1]` Field constraint info display — show constraints before validation error (WCAG/ATAG)
+- [x] `[fix]` `[P1]` Input constraints UI — HTML maxlength, character counter, pattern feedback <!-- files: src/lib/admin/components/fields/text-field.svelte, src/lib/admin/components/fields/text-field-wrapper.svelte -->
+- [x] `[fix]` `[P1]` Array field maxItems — disable Add button when max reached <!-- files: src/lib/admin/components/fields/array-field.svelte -->
+- [x] `[feature]` `[P1]` Array field fixed length — fixed item count, no add/remove, reorder only
+- [x] `[feature]` `[P1]` Field constraint info display — show constraints before validation error (WCAG/ATAG) <!-- files: src/lib/admin/components/fields/text-field-wrapper.svelte, src/lib/admin/components/fields/field-renderer.svelte -->
 
 ## 0.1.2 — User management & RBAC
 
 ### Phase 1 — Core
 
-- [ ] `[feature]` `[P0]` RBAC middleware — `requireRole()`, role check w `requireAuth()` <!-- files: src/lib/admin/remote/middleware/auth.ts -->
-- [ ] `[feature]` `[P0]` Admin users page — list, search, pagination via `authClient.admin.listUsers` <!-- files: src/lib/admin/client/users/ -->
-- [ ] `[feature]` `[P0]` Create user — dialog z email/password/name/role via `authClient.admin.createUser` <!-- files: src/lib/admin/client/users/create-user-dialog.svelte -->
-- [ ] `[feature]` `[P0]` Edit user — name, email, role via `adminUpdateUser` + `setRole` <!-- files: src/lib/admin/client/users/edit-user-dialog.svelte -->
-- [ ] `[feature]` `[P0]` Delete user — confirmation dialog via `removeUser` <!-- files: src/lib/admin/client/users/ -->
-- [ ] `[feature]` `[P0]` Route/sidebar gating — ukryj Users nav + chroń `/admin/users` dla non-admin <!-- files: src/lib/admin/components/layout/nav-main.svelte, src/lib/sveltekit/server/handle.ts -->
-- [ ] `[feature]` `[P0]` First user bootstrap — pierwszy utworzony user auto-gets role `admin` <!-- files: src/lib/server/auth.ts -->
+- [x] `[feature]` `[P0]` RBAC middleware — `requireRole()`, role check w `requireAuth()` <!-- files: src/lib/admin/remote/middleware/auth.ts -->
+- [x] `[feature]` `[P0]` Admin users page — list, search, pagination via `authClient.admin.listUsers` <!-- files: src/lib/admin/client/users/ -->
+- [x] `[feature]` `[P0]` Create user — dialog z email/password/name/role via `authClient.admin.createUser` <!-- files: src/lib/admin/client/users/create-user-dialog.svelte -->
+- [x] `[feature]` `[P0]` Edit user — name, email, role via `adminUpdateUser` + `setRole` <!-- files: src/lib/admin/client/users/edit-user-dialog.svelte -->
+- [x] `[feature]` `[P0]` Delete user — confirmation dialog via `removeUser` <!-- files: src/lib/admin/client/users/ -->
+- [x] `[feature]` `[P0]` Route/sidebar gating — ukryj Users nav + chroń `/admin/users` dla non-admin <!-- files: src/lib/admin/components/layout/nav-main.svelte, src/lib/sveltekit/server/handle.ts -->
+- [x] `[feature]` `[P0]` First user bootstrap — pierwszy utworzony user auto-gets role `admin` <!-- files: src/lib/server/auth.ts -->
 
 ### Phase 2 — Extended
 
-- [ ] `[feature]` `[P1]` Ban/unban UI — reason + expiry, `banUser`/`unbanUser` <!-- files: src/lib/admin/client/users/ban-user-dialog.svelte -->
-- [ ] `[feature]` `[P1]` Admin session mgmt — list/revoke sesji innych userów <!-- files: src/lib/admin/client/users/user-sessions-sheet.svelte -->
-- [ ] `[feature]` `[P1]` Impersonation UI — impersonate/stop bar <!-- files: src/lib/admin/client/users/impersonation-bar.svelte -->
-- [ ] `[feature]` `[P2]` Email invitation system — invite link generation (custom, nie w better-auth) <!-- files: src/lib/core/server/auth/invite.ts -->
+- [x] `[feature]` `[P1]` Admin session mgmt — list/revoke sesji innych userów <!-- files: src/lib/admin/client/users/user-sessions-sheet.svelte -->
+- [x] `[feature]` `[P2]` Email invitation system — invite link generation (custom, nie w better-auth) <!-- files: src/lib/admin/remote/invite.ts -->
 
 ## 0.2.0 — Plugin system
 
@@ -57,6 +55,8 @@
 - [ ] `[feature]` `[P1]` Server-side pagination API (formalize 0.1.0 fix)
 - [ ] `[feature]` `[P1]` Improved type generation <!-- files: src/lib/core/server/generator/ -->
 - [ ] `[feature]` `[P1]` Proper filtering API (SQL-level, not JS post-query)
+- [ ] `[feature]` `[breaking]` `[P1]` Simple array field — `type: 'array'` with `of: 'text' | 'number' | ...` for flat lists (tags, categories) <!-- files: src/lib/types/fields.ts, src/lib/admin/components/fields/array-field.svelte, src/lib/core/fields/fieldSchemaToTs.ts -->
+- [ ] `[feature]` `[breaking]` `[P1]` Rename array → blocks — current array becomes `type: 'blocks'`, keeps `of: ObjectField[]` and accordion/DnD UI <!-- files: src/lib/types/fields.ts, src/lib/admin/components/fields/array-field.svelte, src/lib/admin/components/fields/field-renderer.svelte, src/lib/core/server/fields/resolve*.ts -->
 
 ## 0.3.0 — Admin experience
 
@@ -87,6 +87,8 @@
 
 ## Backlog
 
+- [ ] `[feature]` `[P1]` Ban/unban UI — reason + expiry, `banUser`/`unbanUser` <!-- files: src/lib/admin/client/users/ban-user-dialog.svelte -->
+- [ ] `[feature]` `[P1]` Impersonation UI — impersonate/stop bar <!-- files: src/lib/admin/client/users/impersonation-bar.svelte -->
 - [ ] `[feature]` `[P2]` Alternative richtext editor — Word-like mode, single richtext field instead of blocks
 - [ ] `[chore]` `[P2]` Caching/performance layer (scope TBD)
 - [ ] `[feature]` `[P2]` API/CLI for configuration (setup DX for less technical users)