NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-01-31 16:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

admin panel for editor

Browse source
This commit is contained in:
lesion 2024-02-09 22:33:27 +01:00
parent 464f230749
commit 32b7e35a1a
No known key found for this signature in database
GPG key ID: 352918250B012177
6 changed files with 35 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
components/NavHeader.vue
View file

@ -49,12 +49,12 @@
</v-list-item-content> </v-list-item-content>
</v-list-item> </v-list-item>
<v-list-item v-if='$auth.user.is_admin' nuxt to='/admin'> <v-list-item v-if='$auth.user.is_admin || $auth.user.is_editor' nuxt to='/admin'>
<v-list-item-icon> <v-list-item-icon>
<v-icon v-text='mdiAccount' /> <v-icon v-text='mdiAccount' />
</v-list-item-icon> </v-list-item-icon>
<v-list-item-content> <v-list-item-content>
<v-list-item-title v-text="$t('common.admin')" /> <v-list-item-title v-text="$t(`common.${$auth.user.role}`)" />
</v-list-item-content> </v-list-item-content>
</v-list-item> </v-list-item>

5
middleware/isAdminOrEditor.js Normal file
View file

@ -0,0 +1,5 @@
export default async function ({ redirect, $auth }) {
if (!$auth.user.is_editor && !$auth.user.is_admin) {
return redirect('/')
}
}

32
pages/Admin.vue
View file

@ -1,14 +1,16 @@
<template lang="pug"> <template lang="pug">
v-container.container.pa-0.pa-md-3 v-container.container.pa-0.pa-md-3
v-card v-card
v-alert(v-if='url!==settings.baseurl' rounded="0" flat border="left" type='warning' show-icon :icon='mdiAlert') template(v-if='$auth.user.is_admin')
span(v-html="$t('admin.wrong_domain_warning', { url, baseurl: settings.baseurl })") v-alert(v-if='url!==settings.baseurl' rounded="0" flat border="left" type='warning' show-icon :icon='mdiAlert')
v-alert(v-if='!selfReachable' rounded="0" flat border="left" type='warning' show-icon :icon='mdiAlert') span(v-html="$t('admin.wrong_domain_warning', { url, baseurl: settings.baseurl })")
span(v-html="$t('admin.not_reachable_warning', { baseurl: settings.baseurl })") v-alert(v-if='!selfReachable' rounded="0" flat border="left" type='warning' show-icon :icon='mdiAlert')
span(v-html="$t('admin.not_reachable_warning', { baseurl: settings.baseurl })")
v-tabs(v-model='selectedTab' show-arrows :next-icon='mdiChevronRight' :prev-icon='mdiChevronLeft') v-tabs(v-model='selectedTab' show-arrows :next-icon='mdiChevronRight' :prev-icon='mdiChevronLeft')
//- SETTINGS //- SETTINGS
v-tab(href='#settings') {{$t('common.settings')}} v-tab(href='#settings' v-if='$auth.user.is_admin') {{$t('common.settings')}}
v-tab-item(value='settings') v-tab-item(value='settings')
Settings Settings
@ -20,49 +22,49 @@ v-container.container.pa-0.pa-md-3
@confirmed='id => { unconfirmedEvents = unconfirmedEvents.filter(e => e.id !== id)}') @confirmed='id => { unconfirmedEvents = unconfirmedEvents.filter(e => e.id !== id)}')
//- THEME //- THEME
v-tab(href='#theme') {{$t('common.theme')}} v-tab(href='#theme' v-if='$auth.user.is_admin') {{$t('common.theme')}}
v-tab-item(value='theme') v-tab-item(value='theme')
Theme Theme
//- USERS //- USERS
v-tab(href='#users') v-tab(href='#users' v-if='$auth.user.is_admin')
v-badge(:value='!!unconfirmedUsers.length' :content='unconfirmedUsers.length') {{$t('common.users')}} v-badge(:value='!!unconfirmedUsers.length' :content='unconfirmedUsers.length') {{$t('common.users')}}
v-tab-item(value='users') v-tab-item(value='users')
Users(:users='users' @update='updateUsers') Users(:users='users' @update='updateUsers')
//- PLACES //- PLACES
v-tab(href='#places') {{$t('common.places')}} v-tab(href='#places' v-if='$auth.user.is_admin') {{$t('common.places')}}
v-tab-item(value='places') v-tab-item(value='places')
Places Places
//- TAGS //- TAGS
v-tab(href='#tags') {{$t('common.tags')}} v-tab(href='#tags' v-if='$auth.user.is_admin') {{$t('common.tags')}}
v-tab-item(value='tags') v-tab-item(value='tags')
Tags Tags
//- GEOCODING / MAPS //- GEOCODING / MAPS
v-tab(href='#geolocation' v-if='settings.allow_geolocation') {{$t('admin.geolocation')}} v-tab(href='#geolocation' v-if='settings.allow_geolocation && $auth.user.is_admin') {{$t('admin.geolocation')}}
v-tab-item(value='geolocation') v-tab-item(value='geolocation')
client-only(placeholder='Loading...') client-only(placeholder='Loading...')
Geolocation Geolocation
//- Collections //- Collections
v-tab(href='#collections') {{$t('common.collections')}} v-tab(href='#collections' v-if='$auth.user.is_admin') {{$t('common.collections')}}
v-tab-item(value='collections') v-tab-item(value='collections')
Collections Collections
//- ANNOUNCEMENTS //- ANNOUNCEMENTS
v-tab(href='#announcements') {{$t('common.announcements')}} v-tab(href='#announcements' v-if='$auth.user.is_admin') {{$t('common.announcements')}}
v-tab-item(value='announcements') v-tab-item(value='announcements')
Announcement Announcement
//- PLUGINS //- PLUGINS
v-tab(href='#plugins') {{$t('common.plugins')}} v-tab(href='#plugins' v-if='$auth.user.is_admin') {{$t('common.plugins')}}
v-tab-item(value='plugins') v-tab-item(value='plugins')
Plugin Plugin
//- FEDERATION //- FEDERATION
v-tab(href='#federation') {{$t('common.federation')}} v-tab(href='#federation' v-if='$auth.user.is_admin') {{$t('common.federation')}}
v-tab-item(value='federation') v-tab-item(value='federation')
Federation Federation
@ -91,7 +93,7 @@ export default {
Announcement: () => import(/* webpackChunkName: "admin" */'../components/admin/Announcement.vue'), Announcement: () => import(/* webpackChunkName: "admin" */'../components/admin/Announcement.vue'),
Theme: () => import(/* webpackChunkName: "admin" */'../components/admin/Theme.vue') Theme: () => import(/* webpackChunkName: "admin" */'../components/admin/Theme.vue')
}, },
middleware: ['auth', 'isAdmin'], middleware: ['auth', 'isAdminOrEditor'],
async asyncData ({ $axios, req }) { async asyncData ({ $axios, req }) {
let url let url
if (process.client) { if (process.client) {

6
pages/event/_slug.vue
View file

@ -84,7 +84,7 @@
//- admin actions //- admin actions
template(v-if='is_mine') template(v-if='can_edit')
v-divider v-divider
EventAdmin(:event='event') EventAdmin(:event='event')
@ -240,12 +240,12 @@ export default {
plainDescription () { plainDescription () {
return this.event.plain_description || '' return this.event.plain_description || ''
}, },
is_mine () { can_edit () {
if (!this.$auth.user) { if (!this.$auth.user) {
return false return false
} }
return ( return (
this.event.isMine || this.$auth.user.is_admin this.event.isMine || this.$auth.user.is_admin || this.$auth.user.is_editor
) )
}, },
showResources () { showResources () {

6
server/api/controller/event.js
View file

@ -216,7 +216,7 @@ const eventController = {
log.warn(`Trying to confirm a unknown event, id: ${id}`) log.warn(`Trying to confirm a unknown event, id: ${id}`)
return res.sendStatus(404) return res.sendStatus(404)
} }
if (!req.user.is_admin && req.user.id !== event.userId) { if (!req.user.is_editor && !req.user.is_admin && req.user.id !== event.userId) {
log.warn(`Someone not allowed is trying to confirm -> "${event.title} `) log.warn(`Someone not allowed is trying to confirm -> "${event.title} `)
return res.sendStatus(403) return res.sendStatus(403)
} }
@ -241,7 +241,7 @@ const eventController = {
const id = Number(req.params.event_id) const id = Number(req.params.event_id)
const event = await Event.findByPk(id) const event = await Event.findByPk(id)
if (!event) { return req.sendStatus(404) } if (!event) { return req.sendStatus(404) }
if (!req.user.is_admin && req.user.id !== event.userId) { if (!req.user.is_editor && !req.user.is_admin && req.user.id !== event.userId) {
log.warn(`Someone not allowed is trying to unconfirm -> "${event.title} `) log.warn(`Someone not allowed is trying to unconfirm -> "${event.title} `)
return res.sendStatus(403) return res.sendStatus(403)
} }
@ -573,7 +573,7 @@ const eventController = {
async remove(req, res) { async remove(req, res) {
const event = await Event.findByPk(req.params.id) const event = await Event.findByPk(req.params.id)
// check if event is mine (or user is admin) // check if event is mine (or user is admin)
if (event && (req.user.is_admin || req.user.id === event.userId)) { if (event && (req.user.is_editor || req.user.is_admin || req.user.id === event.userId)) {
if (event.media && event.media.length && !event.recurrent) { if (event.media && event.media.length && !event.recurrent) {
try { try {
const old_path = path.join(config.upload_path, event.media[0].url) const old_path = path.join(config.upload_path, event.media[0].url)

10
server/api/index.js
View file

@ -169,7 +169,7 @@ module.exports = () => {
api.get('/settings/smtp', isAdmin, settingsController.getSMTPSettings) api.get('/settings/smtp', isAdmin, settingsController.getSMTPSettings)
// get unconfirmed events // get unconfirmed events
api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed) api.get('/event/unconfirmed', isAdminOrEditor, eventController.getUnconfirmed)
// [un]confirm event // [un]confirm event
api.put('/event/confirm/:event_id', isAuth, eventController.confirm) api.put('/event/confirm/:event_id', isAuth, eventController.confirm)
@ -204,12 +204,12 @@ module.exports = () => {
api.get('/instances', isAdminOrEditor, instanceController.getAll) api.get('/instances', isAdminOrEditor, instanceController.getAll)
api.get('/instances/trusted', instanceController.getTrusted) api.get('/instances/trusted', instanceController.getTrusted)
api.get('/instances/:instance_domain', isAdminOrEditor, instanceController.get) api.get('/instances/:instance_domain', isAdminOrEditor, instanceController.get)
api.post('/instances/toggle_block', isAdmin, instanceController.toggleBlock) api.post('/instances/toggle_block', isAdminOrEditor, instanceController.toggleBlock)
api.post('/instances/toggle_user_block', isAdmin, apUserController.toggleBlock) api.post('/instances/toggle_user_block', isAdminOrEditor, apUserController.toggleBlock)
api.post('/instances/add_trust', isAdmin, instanceController.addTrust) api.post('/instances/add_trust', isAdmin, instanceController.addTrust)
api.delete('/instances/trust', isAdmin, instanceController.removeTrust) api.delete('/instances/trust', isAdmin, instanceController.removeTrust)
api.put('/resources/:resource_id', isAdmin, resourceController.hide) api.put('/resources/:resource_id', isAdminOrEditor, resourceController.hide)
api.delete('/resources/:resource_id', isAdmin, resourceController.remove) api.delete('/resources/:resource_id', isAdminOrEditor, resourceController.remove)
api.get('/resources', isAdminOrEditor, resourceController.getAll) api.get('/resources', isAdminOrEditor, resourceController.getAll)
// - ADMIN ANNOUNCEMENTS // - ADMIN ANNOUNCEMENTS