NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-01-31 16:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

admin panel for editor

Browse source
This commit is contained in:
lesion 2024-02-09 22:33:27 +01:00
parent 464f230749
commit 32b7e35a1a
No known key found for this signature in database
GPG key ID: 352918250B012177
6 changed files with 35 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
components/NavHeader.vue
View file

@ -49,12 +49,12 @@
</v-list-item-content>
</v-list-item>
<v-list-item v-if='$auth.user.is_admin' nuxt to='/admin'>
<v-list-item v-if='$auth.user.is_admin || $auth.user.is_editor' nuxt to='/admin'>
<v-list-item-icon>
<v-icon v-text='mdiAccount' />
</v-list-item-icon>
<v-list-item-content>
<v-list-item-title v-text="$t('common.admin')" />
<v-list-item-title v-text="$t(`common.${$auth.user.role}`)" />
</v-list-item-content>
</v-list-item>

5
middleware/isAdminOrEditor.js Normal file
View file

@ -0,0 +1,5 @@
export default async function ({ redirect, $auth }) {
if (!$auth.user.is_editor && !$auth.user.is_admin) {
return redirect('/')
}
}

24
pages/Admin.vue
View file

@ -1,14 +1,16 @@
<template lang="pug">
v-container.container.pa-0.pa-md-3
v-card
template(v-if='$auth.user.is_admin')
v-alert(v-if='url!==settings.baseurl' rounded="0" flat border="left" type='warning' show-icon :icon='mdiAlert')
span(v-html="$t('admin.wrong_domain_warning', { url, baseurl: settings.baseurl })")
v-alert(v-if='!selfReachable' rounded="0" flat border="left" type='warning' show-icon :icon='mdiAlert')
span(v-html="$t('admin.not_reachable_warning', { baseurl: settings.baseurl })")
v-tabs(v-model='selectedTab' show-arrows :next-icon='mdiChevronRight' :prev-icon='mdiChevronLeft')
//- SETTINGS
v-tab(href='#settings') {{$t('common.settings')}}
v-tab(href='#settings' v-if='$auth.user.is_admin') {{$t('common.settings')}}
v-tab-item(value='settings')
Settings
@ -20,49 +22,49 @@ v-container.container.pa-0.pa-md-3
@confirmed='id => { unconfirmedEvents = unconfirmedEvents.filter(e => e.id !== id)}')
//- THEME
v-tab(href='#theme') {{$t('common.theme')}}
v-tab(href='#theme' v-if='$auth.user.is_admin') {{$t('common.theme')}}
v-tab-item(value='theme')
Theme
//- USERS
v-tab(href='#users')
v-tab(href='#users' v-if='$auth.user.is_admin')
v-badge(:value='!!unconfirmedUsers.length' :content='unconfirmedUsers.length') {{$t('common.users')}}
v-tab-item(value='users')
Users(:users='users' @update='updateUsers')
//- PLACES
v-tab(href='#places') {{$t('common.places')}}
v-tab(href='#places' v-if='$auth.user.is_admin') {{$t('common.places')}}
v-tab-item(value='places')
Places
//- TAGS
v-tab(href='#tags') {{$t('common.tags')}}
v-tab(href='#tags' v-if='$auth.user.is_admin') {{$t('common.tags')}}
v-tab-item(value='tags')
Tags
//- GEOCODING / MAPS
v-tab(href='#geolocation' v-if='settings.allow_geolocation') {{$t('admin.geolocation')}}
v-tab(href='#geolocation' v-if='settings.allow_geolocation && $auth.user.is_admin') {{$t('admin.geolocation')}}
v-tab-item(value='geolocation')
client-only(placeholder='Loading...')
Geolocation
//- Collections
v-tab(href='#collections') {{$t('common.collections')}}
v-tab(href='#collections' v-if='$auth.user.is_admin') {{$t('common.collections')}}
v-tab-item(value='collections')
Collections
//- ANNOUNCEMENTS
v-tab(href='#announcements') {{$t('common.announcements')}}
v-tab(href='#announcements' v-if='$auth.user.is_admin') {{$t('common.announcements')}}
v-tab-item(value='announcements')
Announcement
//- PLUGINS
v-tab(href='#plugins') {{$t('common.plugins')}}
v-tab(href='#plugins' v-if='$auth.user.is_admin') {{$t('common.plugins')}}
v-tab-item(value='plugins')
Plugin
//- FEDERATION
v-tab(href='#federation') {{$t('common.federation')}}
v-tab(href='#federation' v-if='$auth.user.is_admin') {{$t('common.federation')}}
v-tab-item(value='federation')
Federation
@ -91,7 +93,7 @@ export default {
Announcement: () => import(/* webpackChunkName: "admin" */'../components/admin/Announcement.vue'),
Theme: () => import(/* webpackChunkName: "admin" */'../components/admin/Theme.vue')
},
middleware: ['auth', 'isAdmin'],
middleware: ['auth', 'isAdminOrEditor'],
async asyncData ({ $axios, req }) {
let url
if (process.client) {

6
pages/event/_slug.vue
View file

@ -84,7 +84,7 @@
//- admin actions
template(v-if='is_mine')
template(v-if='can_edit')
v-divider
EventAdmin(:event='event')
@ -240,12 +240,12 @@ export default {
plainDescription () {
return this.event.plain_description || ''
},
is_mine () {
can_edit () {
if (!this.$auth.user) {
return false
}
return (
this.event.isMine || this.$auth.user.is_admin
this.event.isMine || this.$auth.user.is_admin || this.$auth.user.is_editor
)
},
showResources () {

6
server/api/controller/event.js
View file

@ -216,7 +216,7 @@ const eventController = {
log.warn(`Trying to confirm a unknown event, id: ${id}`)
return res.sendStatus(404)
}
if (!req.user.is_admin && req.user.id !== event.userId) {
if (!req.user.is_editor && !req.user.is_admin && req.user.id !== event.userId) {
log.warn(`Someone not allowed is trying to confirm -> "${event.title} `)
return res.sendStatus(403)
}
@ -241,7 +241,7 @@ const eventController = {
const id = Number(req.params.event_id)
const event = await Event.findByPk(id)
if (!event) { return req.sendStatus(404) }
if (!req.user.is_admin && req.user.id !== event.userId) {
if (!req.user.is_editor && !req.user.is_admin && req.user.id !== event.userId) {
log.warn(`Someone not allowed is trying to unconfirm -> "${event.title} `)
return res.sendStatus(403)
}
@ -573,7 +573,7 @@ const eventController = {
async remove(req, res) {
const event = await Event.findByPk(req.params.id)
// check if event is mine (or user is admin)
if (event && (req.user.is_admin || req.user.id === event.userId)) {
if (event && (req.user.is_editor || req.user.is_admin || req.user.id === event.userId)) {
if (event.media && event.media.length && !event.recurrent) {
try {
const old_path = path.join(config.upload_path, event.media[0].url)

10
server/api/index.js
View file

@ -169,7 +169,7 @@ module.exports = () => {
api.get('/settings/smtp', isAdmin, settingsController.getSMTPSettings)
// get unconfirmed events
api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed)
api.get('/event/unconfirmed', isAdminOrEditor, eventController.getUnconfirmed)
// [un]confirm event
api.put('/event/confirm/:event_id', isAuth, eventController.confirm)
@ -204,12 +204,12 @@ module.exports = () => {
api.get('/instances', isAdminOrEditor, instanceController.getAll)
api.get('/instances/trusted', instanceController.getTrusted)
api.get('/instances/:instance_domain', isAdminOrEditor, instanceController.get)
api.post('/instances/toggle_block', isAdmin, instanceController.toggleBlock)
api.post('/instances/toggle_user_block', isAdmin, apUserController.toggleBlock)
api.post('/instances/toggle_block', isAdminOrEditor, instanceController.toggleBlock)
api.post('/instances/toggle_user_block', isAdminOrEditor, apUserController.toggleBlock)
api.post('/instances/add_trust', isAdmin, instanceController.addTrust)
api.delete('/instances/trust', isAdmin, instanceController.removeTrust)
api.put('/resources/:resource_id', isAdmin, resourceController.hide)
api.delete('/resources/:resource_id', isAdmin, resourceController.remove)
api.put('/resources/:resource_id', isAdminOrEditor, resourceController.hide)
api.delete('/resources/:resource_id', isAdminOrEditor, resourceController.remove)
api.get('/resources', isAdminOrEditor, resourceController.getAll)
// - ADMIN ANNOUNCEMENTS