packages/backend/src/lib/acl.ts

import { GraphQLError } from "graphql";
import type { Context } from "../graphql/builder";

export function requireAuth(ctx: Context): void {
  if (!ctx.currentUser) throw new GraphQLError("Unauthorized");
}

export function requireAdmin(ctx: Context): void {
  requireAuth(ctx);
  if (!ctx.currentUser!.is_admin) throw new GraphQLError("Forbidden");
}

export function requireOwnerOrAdmin(ctx: Context, ownerId: string): void {
  requireAuth(ctx);
  if (ctx.currentUser!.id !== ownerId && !ctx.currentUser!.is_admin) {
    throw new GraphQLError("Forbidden");
  }
}
feat: role-based ACL + admin management UI Backend: - Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers - Gate premium videos from unauthenticated users in videos query/resolver - Fix updateVideoPlay to verify ownership before updating - Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser - Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos - Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles - Add deleteComment mutation (owner or admin only) - Add AdminUserListType to GraphQL types - Fix featured filter on articles query Frontend: - Install marked for markdown rendering - Add /admin/* section with sidebar layout and admin-only guard - Admin users page: paginated table with search, role filter, inline role change, delete - Admin videos pages: list, create form, edit form with file upload and model assignment - Admin articles pages: list, create form, edit form with split-pane markdown editor - Add admin nav link in header (desktop + mobile) for admin users - Render article content through marked in magazine detail page - Add all admin GraphQL service functions to services.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 12:31:33 +01:00			`import { GraphQLError } from "graphql";`
			`import type { Context } from "../graphql/builder";`

			`export function requireAuth(ctx: Context): void {`
			`if (!ctx.currentUser) throw new GraphQLError("Unauthorized");`
			`}`

feat: refactor role system to is_admin flag, add Badge component, fix native dialogs - Separate admin identity from role: viewer\|model + is_admin boolean flag - DB migration 0001_is_admin: adds column, migrates former admin role users - Update ACL helpers, auth session, GraphQL types and all resolvers - Admin layout guard and header links check is_admin instead of role - Admin users table: show Admin badge next to name, remove admin from role select - Admin user edit page: is_admin checkbox toggle - Install shadcn Badge component; use in admin users table - Fix duplicate photo keys in adminGetUser resolver - Replace confirm() in /me recordings with Dialog component Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 16:14:00 +01:00			`export function requireAdmin(ctx: Context): void {`
feat: role-based ACL + admin management UI Backend: - Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers - Gate premium videos from unauthenticated users in videos query/resolver - Fix updateVideoPlay to verify ownership before updating - Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser - Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos - Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles - Add deleteComment mutation (owner or admin only) - Add AdminUserListType to GraphQL types - Fix featured filter on articles query Frontend: - Install marked for markdown rendering - Add /admin/* section with sidebar layout and admin-only guard - Admin users page: paginated table with search, role filter, inline role change, delete - Admin videos pages: list, create form, edit form with file upload and model assignment - Admin articles pages: list, create form, edit form with split-pane markdown editor - Add admin nav link in header (desktop + mobile) for admin users - Render article content through marked in magazine detail page - Add all admin GraphQL service functions to services.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 12:31:33 +01:00			`requireAuth(ctx);`
feat: refactor role system to is_admin flag, add Badge component, fix native dialogs - Separate admin identity from role: viewer\|model + is_admin boolean flag - DB migration 0001_is_admin: adds column, migrates former admin role users - Update ACL helpers, auth session, GraphQL types and all resolvers - Admin layout guard and header links check is_admin instead of role - Admin users table: show Admin badge next to name, remove admin from role select - Admin user edit page: is_admin checkbox toggle - Install shadcn Badge component; use in admin users table - Fix duplicate photo keys in adminGetUser resolver - Replace confirm() in /me recordings with Dialog component Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 16:14:00 +01:00			`if (!ctx.currentUser!.is_admin) throw new GraphQLError("Forbidden");`
feat: role-based ACL + admin management UI Backend: - Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers - Gate premium videos from unauthenticated users in videos query/resolver - Fix updateVideoPlay to verify ownership before updating - Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser - Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos - Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles - Add deleteComment mutation (owner or admin only) - Add AdminUserListType to GraphQL types - Fix featured filter on articles query Frontend: - Install marked for markdown rendering - Add /admin/* section with sidebar layout and admin-only guard - Admin users page: paginated table with search, role filter, inline role change, delete - Admin videos pages: list, create form, edit form with file upload and model assignment - Admin articles pages: list, create form, edit form with split-pane markdown editor - Add admin nav link in header (desktop + mobile) for admin users - Render article content through marked in magazine detail page - Add all admin GraphQL service functions to services.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 12:31:33 +01:00			`}`

			`export function requireOwnerOrAdmin(ctx: Context, ownerId: string): void {`
			`requireAuth(ctx);`
feat: refactor role system to is_admin flag, add Badge component, fix native dialogs - Separate admin identity from role: viewer\|model + is_admin boolean flag - DB migration 0001_is_admin: adds column, migrates former admin role users - Update ACL helpers, auth session, GraphQL types and all resolvers - Admin layout guard and header links check is_admin instead of role - Admin users table: show Admin badge next to name, remove admin from role select - Admin user edit page: is_admin checkbox toggle - Install shadcn Badge component; use in admin users table - Fix duplicate photo keys in adminGetUser resolver - Replace confirm() in /me recordings with Dialog component Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 16:14:00 +01:00			`if (ctx.currentUser!.id !== ownerId && !ctx.currentUser!.is_admin) {`
feat: role-based ACL + admin management UI Backend: - Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers - Gate premium videos from unauthenticated users in videos query/resolver - Fix updateVideoPlay to verify ownership before updating - Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser - Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos - Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles - Add deleteComment mutation (owner or admin only) - Add AdminUserListType to GraphQL types - Fix featured filter on articles query Frontend: - Install marked for markdown rendering - Add /admin/* section with sidebar layout and admin-only guard - Admin users page: paginated table with search, role filter, inline role change, delete - Admin videos pages: list, create form, edit form with file upload and model assignment - Admin articles pages: list, create form, edit form with split-pane markdown editor - Add admin nav link in header (desktop + mobile) for admin users - Render article content through marked in magazine detail page - Add all admin GraphQL service functions to services.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-06 12:31:33 +01:00			`throw new GraphQLError("Forbidden");`
			`}`
			`}`