npm - includio-cms - Versions diffs - 0.1.1 → 0.1.2 - Mend

includio-cms 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/CHANGELOG.md +38 -0
package/ROADMAP.md +13 -11
package/dist/admin/auth-client.d.ts +1165 -5
package/dist/admin/auth-client.js +4 -1
package/dist/admin/client/account/sessions-section.svelte +1 -21
package/dist/admin/client/index.d.ts +1 -0
package/dist/admin/client/index.js +1 -0
package/dist/admin/client/users/accept-invite-page.svelte +118 -0
package/dist/admin/client/users/accept-invite-page.svelte.d.ts +4 -0
package/dist/admin/client/users/create-user-dialog.svelte +157 -0
package/dist/admin/client/users/create-user-dialog.svelte.d.ts +8 -0
package/dist/admin/client/users/delete-user-dialog.svelte +53 -0
package/dist/admin/client/users/delete-user-dialog.svelte.d.ts +10 -0
package/dist/admin/client/users/edit-user-dialog.svelte +127 -0
package/dist/admin/client/users/edit-user-dialog.svelte.d.ts +16 -0
package/dist/admin/client/users/invite-user-dialog.svelte +107 -0
package/dist/admin/client/users/invite-user-dialog.svelte.d.ts +8 -0
package/dist/admin/client/users/lang.d.ts +57 -0
package/dist/admin/client/users/lang.js +114 -0
package/dist/admin/client/users/pending-invitations.svelte +145 -0
package/dist/admin/client/users/pending-invitations.svelte.d.ts +6 -0
package/dist/admin/client/users/user-sessions-sheet.svelte +141 -0
package/dist/admin/client/users/user-sessions-sheet.svelte.d.ts +8 -0
package/dist/admin/client/users/users-page.svelte +262 -0
package/dist/admin/client/users/users-page.svelte.d.ts +6 -0
package/dist/admin/components/layout/lang.d.ts +1 -0
package/dist/admin/components/layout/lang.js +4 -2
package/dist/admin/components/layout/nav-main.svelte +15 -1
package/dist/admin/remote/invite.d.ts +44 -0
package/dist/admin/remote/invite.js +44 -0
package/dist/admin/remote/middleware/auth.d.ts +5 -0
package/dist/admin/remote/middleware/auth.js +7 -0
package/dist/admin/utils/parseUserAgent.d.ts +5 -0
package/dist/admin/utils/parseUserAgent.js +26 -0
package/dist/cms/runtime/types.d.ts +0 -7
package/dist/components/ui/input-group/input-group-input.svelte.d.ts +1 -1
package/dist/components/ui/sidebar/sidebar-input.svelte.d.ts +1 -1
package/dist/core/cms.d.ts +1 -1
package/dist/core/cms.js +1 -1
package/dist/core/server/forms/submissions/operations/create.js +1 -1
package/dist/email-nodemailer/index.d.ts +1 -0
package/dist/server/auth.d.ts +8 -8
package/dist/server/db/schema/auth-schema.d.ts +143 -0
package/dist/server/db/schema/auth-schema.js +12 -0
package/dist/sveltekit/server/handle.js +13 -0
package/dist/types/cms.d.ts +2 -2
package/dist/types/roles.d.ts +1 -0
package/dist/types/roles.js +1 -0
package/dist/updates/0.1.2/index.d.ts +2 -0
package/dist/updates/0.1.2/index.js +36 -0
package/dist/updates/index.js +2 -1
package/package.json +2 -2

package/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,44 @@
 All notable changes to includio-cms are documented here.
 Generated from `src/lib/updates/` — do not edit manually.
+## 0.1.2 — 2026-02-18
+User management & RBAC
+### Added
+- Role type system (admin/user) with UserRole type
+- RBAC middleware: requireRole() for server-side role checks
+- Admin users page: list, search, pagination via authClient.admin.listUsers
+- Create user dialog: email, password, name, role via authClient.admin.createUser
+- Edit user dialog: name, email, role with self-demotion protection
+- Delete user dialog with self-deletion protection
+- Route gating: /admin/users restricted to admin role
+- Sidebar gating: Users nav item visible only for admins
+- Auth client: adminClient() plugin added
+- CLI: addUser rewritten to use better-auth API with role prompt
+- Admin session management: view/revoke other users' sessions
+- Email invitation system: invite users by email with role assignment
+- Accept invite page: public registration via invite token
+- Pending invitations list with cancel and resend support
+- Email adapter now optional in CMS config
+### Migration
+```sql
+CREATE TABLE IF NOT EXISTS invitation (
+  id TEXT PRIMARY KEY,
+  email TEXT NOT NULL,
+  role TEXT NOT NULL DEFAULT 'user',
+  token TEXT NOT NULL UNIQUE,
+  expires_at TIMESTAMP NOT NULL,
+  created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+  created_by TEXT NOT NULL REFERENCES "user"(id) ON DELETE CASCADE,
+  used_at TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS invitation_token_idx ON invitation (token);
+```
 ## 0.1.1 — 2026-02-18
 Field constraint UI — visible limits, counters, and hints

package/ROADMAP.md CHANGED Viewed

@@ -31,20 +31,18 @@
 ### Phase 1 — Core
-- [ ] `[feature]` `[P0]` RBAC middleware — `requireRole()`, role check w `requireAuth()` <!-- files: src/lib/admin/remote/middleware/auth.ts -->
-- [ ] `[feature]` `[P0]` Admin users page — list, search, pagination via `authClient.admin.listUsers` <!-- files: src/lib/admin/client/users/ -->
-- [ ] `[feature]` `[P0]` Create user — dialog z email/password/name/role via `authClient.admin.createUser` <!-- files: src/lib/admin/client/users/create-user-dialog.svelte -->
-- [ ] `[feature]` `[P0]` Edit user — name, email, role via `adminUpdateUser` + `setRole` <!-- files: src/lib/admin/client/users/edit-user-dialog.svelte -->
-- [ ] `[feature]` `[P0]` Delete user — confirmation dialog via `removeUser` <!-- files: src/lib/admin/client/users/ -->
-- [ ] `[feature]` `[P0]` Route/sidebar gating — ukryj Users nav + chroń `/admin/users` dla non-admin <!-- files: src/lib/admin/components/layout/nav-main.svelte, src/lib/sveltekit/server/handle.ts -->
-- [ ] `[feature]` `[P0]` First user bootstrap — pierwszy utworzony user auto-gets role `admin` <!-- files: src/lib/server/auth.ts -->
+- [x] `[feature]` `[P0]` RBAC middleware — `requireRole()`, role check w `requireAuth()` <!-- files: src/lib/admin/remote/middleware/auth.ts -->
+- [x] `[feature]` `[P0]` Admin users page — list, search, pagination via `authClient.admin.listUsers` <!-- files: src/lib/admin/client/users/ -->
+- [x] `[feature]` `[P0]` Create user — dialog z email/password/name/role via `authClient.admin.createUser` <!-- files: src/lib/admin/client/users/create-user-dialog.svelte -->
+- [x] `[feature]` `[P0]` Edit user — name, email, role via `adminUpdateUser` + `setRole` <!-- files: src/lib/admin/client/users/edit-user-dialog.svelte -->
+- [x] `[feature]` `[P0]` Delete user — confirmation dialog via `removeUser` <!-- files: src/lib/admin/client/users/ -->
+- [x] `[feature]` `[P0]` Route/sidebar gating — ukryj Users nav + chroń `/admin/users` dla non-admin <!-- files: src/lib/admin/components/layout/nav-main.svelte, src/lib/sveltekit/server/handle.ts -->
+- [x] `[feature]` `[P0]` First user bootstrap — pierwszy utworzony user auto-gets role `admin` <!-- files: src/lib/server/auth.ts -->
 ### Phase 2 — Extended
-- [ ] `[feature]` `[P1]` Ban/unban UI — reason + expiry, `banUser`/`unbanUser` <!-- files: src/lib/admin/client/users/ban-user-dialog.svelte -->
-- [ ] `[feature]` `[P1]` Admin session mgmt — list/revoke sesji innych userów <!-- files: src/lib/admin/client/users/user-sessions-sheet.svelte -->
-- [ ] `[feature]` `[P1]` Impersonation UI — impersonate/stop bar <!-- files: src/lib/admin/client/users/impersonation-bar.svelte -->
-- [ ] `[feature]` `[P2]` Email invitation system — invite link generation (custom, nie w better-auth) <!-- files: src/lib/core/server/auth/invite.ts -->
+- [x] `[feature]` `[P1]` Admin session mgmt — list/revoke sesji innych userów <!-- files: src/lib/admin/client/users/user-sessions-sheet.svelte -->
+- [x] `[feature]` `[P2]` Email invitation system — invite link generation (custom, nie w better-auth) <!-- files: src/lib/admin/remote/invite.ts -->
 ## 0.2.0 — Plugin system
@@ -57,6 +55,8 @@
 - [ ] `[feature]` `[P1]` Server-side pagination API (formalize 0.1.0 fix)
 - [ ] `[feature]` `[P1]` Improved type generation <!-- files: src/lib/core/server/generator/ -->
 - [ ] `[feature]` `[P1]` Proper filtering API (SQL-level, not JS post-query)
+- [ ] `[feature]` `[breaking]` `[P1]` Simple array field — `type: 'array'` with `of: 'text' | 'number' | ...` for flat lists (tags, categories) <!-- files: src/lib/types/fields.ts, src/lib/admin/components/fields/array-field.svelte, src/lib/core/fields/fieldSchemaToTs.ts -->
+- [ ] `[feature]` `[breaking]` `[P1]` Rename array → blocks — current array becomes `type: 'blocks'`, keeps `of: ObjectField[]` and accordion/DnD UI <!-- files: src/lib/types/fields.ts, src/lib/admin/components/fields/array-field.svelte, src/lib/admin/components/fields/field-renderer.svelte, src/lib/core/server/fields/resolve*.ts -->
 ## 0.3.0 — Admin experience
@@ -87,6 +87,8 @@
 ## Backlog
+- [ ] `[feature]` `[P1]` Ban/unban UI — reason + expiry, `banUser`/`unbanUser` <!-- files: src/lib/admin/client/users/ban-user-dialog.svelte -->
+- [ ] `[feature]` `[P1]` Impersonation UI — impersonate/stop bar <!-- files: src/lib/admin/client/users/impersonation-bar.svelte -->
 - [ ] `[feature]` `[P2]` Alternative richtext editor — Word-like mode, single richtext field instead of blocks
 - [ ] `[chore]` `[P2]` Caching/performance layer (scope TBD)
 - [ ] `[feature]` `[P2]` API/CLI for configuration (setup DX for less technical users)