2026-03-04 18:07:18 +01:00
|
|
|
import { GraphQLError } from "graphql";
|
2026-03-04 18:42:58 +01:00
|
|
|
import { builder } from "../builder";
|
|
|
|
|
import { CommentType } from "../types/index";
|
|
|
|
|
import { comments, users } from "../../db/schema/index";
|
2026-03-04 18:07:18 +01:00
|
|
|
import { eq, and, desc } from "drizzle-orm";
|
2026-03-04 18:42:58 +01:00
|
|
|
import { awardPoints, checkAchievements } from "../../lib/gamification";
|
feat: role-based ACL + admin management UI
Backend:
- Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers
- Gate premium videos from unauthenticated users in videos query/resolver
- Fix updateVideoPlay to verify ownership before updating
- Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser
- Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos
- Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles
- Add deleteComment mutation (owner or admin only)
- Add AdminUserListType to GraphQL types
- Fix featured filter on articles query
Frontend:
- Install marked for markdown rendering
- Add /admin/* section with sidebar layout and admin-only guard
- Admin users page: paginated table with search, role filter, inline role change, delete
- Admin videos pages: list, create form, edit form with file upload and model assignment
- Admin articles pages: list, create form, edit form with split-pane markdown editor
- Add admin nav link in header (desktop + mobile) for admin users
- Render article content through marked in magazine detail page
- Add all admin GraphQL service functions to services.ts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-06 12:31:33 +01:00
|
|
|
import { requireOwnerOrAdmin } from "../../lib/acl";
|
2026-03-04 18:07:18 +01:00
|
|
|
|
|
|
|
|
builder.queryField("commentsForVideo", (t) =>
|
|
|
|
|
t.field({
|
|
|
|
|
type: [CommentType],
|
|
|
|
|
args: {
|
|
|
|
|
videoId: t.arg.string({ required: true }),
|
|
|
|
|
},
|
|
|
|
|
resolve: async (_root, args, ctx) => {
|
|
|
|
|
const commentList = await ctx.db
|
|
|
|
|
.select()
|
|
|
|
|
.from(comments)
|
|
|
|
|
.where(and(eq(comments.collection, "videos"), eq(comments.item_id, args.videoId)))
|
|
|
|
|
.orderBy(desc(comments.date_created));
|
|
|
|
|
|
|
|
|
|
return Promise.all(
|
|
|
|
|
commentList.map(async (c: any) => {
|
|
|
|
|
const user = await ctx.db
|
2026-03-04 22:27:54 +01:00
|
|
|
.select({
|
|
|
|
|
id: users.id,
|
|
|
|
|
first_name: users.first_name,
|
|
|
|
|
last_name: users.last_name,
|
feat: add shared @sexy.pivoine.art/types package and fix type safety across frontend/backend
- Create packages/types with shared TypeScript domain model interfaces (User, Video, Model, Article, Comment, Recording, etc.)
- Wire both frontend and backend packages to use @sexy.pivoine.art/types via workspace:*
- Update backend Pothos objectRef types to use shared interfaces instead of inline types
- Update frontend $lib/types.ts to re-export from shared package
- Fix all type errors introduced by more accurate nullable types (avatar/banner as string|null UUIDs, author nullable, events/device_info as object[])
- Add artist_name to comment user select in backend resolver
- Widen utility function signatures (getAssetUrl, getUserInitials, calcReadingTime) to accept null/undefined
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-05 11:01:11 +01:00
|
|
|
artist_name: users.artist_name,
|
2026-03-04 22:27:54 +01:00
|
|
|
avatar: users.avatar,
|
|
|
|
|
})
|
2026-03-04 18:07:18 +01:00
|
|
|
.from(users)
|
|
|
|
|
.where(eq(users.id, c.user_id))
|
|
|
|
|
.limit(1);
|
|
|
|
|
return { ...c, user: user[0] || null };
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
builder.mutationField("createCommentForVideo", (t) =>
|
|
|
|
|
t.field({
|
|
|
|
|
type: CommentType,
|
|
|
|
|
args: {
|
|
|
|
|
videoId: t.arg.string({ required: true }),
|
|
|
|
|
comment: t.arg.string({ required: true }),
|
|
|
|
|
},
|
|
|
|
|
resolve: async (_root, args, ctx) => {
|
|
|
|
|
if (!ctx.currentUser) throw new GraphQLError("Unauthorized");
|
|
|
|
|
|
|
|
|
|
const newComment = await ctx.db
|
|
|
|
|
.insert(comments)
|
|
|
|
|
.values({
|
|
|
|
|
collection: "videos",
|
|
|
|
|
item_id: args.videoId,
|
|
|
|
|
comment: args.comment,
|
|
|
|
|
user_id: ctx.currentUser.id,
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
// Gamification
|
|
|
|
|
await awardPoints(ctx.db, ctx.currentUser.id, "COMMENT_CREATE");
|
|
|
|
|
await checkAchievements(ctx.db, ctx.currentUser.id, "social");
|
|
|
|
|
|
|
|
|
|
const user = await ctx.db
|
2026-03-04 22:27:54 +01:00
|
|
|
.select({
|
|
|
|
|
id: users.id,
|
|
|
|
|
first_name: users.first_name,
|
|
|
|
|
last_name: users.last_name,
|
feat: add shared @sexy.pivoine.art/types package and fix type safety across frontend/backend
- Create packages/types with shared TypeScript domain model interfaces (User, Video, Model, Article, Comment, Recording, etc.)
- Wire both frontend and backend packages to use @sexy.pivoine.art/types via workspace:*
- Update backend Pothos objectRef types to use shared interfaces instead of inline types
- Update frontend $lib/types.ts to re-export from shared package
- Fix all type errors introduced by more accurate nullable types (avatar/banner as string|null UUIDs, author nullable, events/device_info as object[])
- Add artist_name to comment user select in backend resolver
- Widen utility function signatures (getAssetUrl, getUserInitials, calcReadingTime) to accept null/undefined
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-05 11:01:11 +01:00
|
|
|
artist_name: users.artist_name,
|
2026-03-04 22:27:54 +01:00
|
|
|
avatar: users.avatar,
|
|
|
|
|
})
|
2026-03-04 18:07:18 +01:00
|
|
|
.from(users)
|
|
|
|
|
.where(eq(users.id, ctx.currentUser.id))
|
|
|
|
|
.limit(1);
|
|
|
|
|
|
|
|
|
|
return { ...newComment[0], user: user[0] || null };
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
);
|
feat: role-based ACL + admin management UI
Backend:
- Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers
- Gate premium videos from unauthenticated users in videos query/resolver
- Fix updateVideoPlay to verify ownership before updating
- Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser
- Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos
- Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles
- Add deleteComment mutation (owner or admin only)
- Add AdminUserListType to GraphQL types
- Fix featured filter on articles query
Frontend:
- Install marked for markdown rendering
- Add /admin/* section with sidebar layout and admin-only guard
- Admin users page: paginated table with search, role filter, inline role change, delete
- Admin videos pages: list, create form, edit form with file upload and model assignment
- Admin articles pages: list, create form, edit form with split-pane markdown editor
- Add admin nav link in header (desktop + mobile) for admin users
- Render article content through marked in magazine detail page
- Add all admin GraphQL service functions to services.ts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-06 12:31:33 +01:00
|
|
|
|
|
|
|
|
builder.mutationField("deleteComment", (t) =>
|
|
|
|
|
t.field({
|
|
|
|
|
type: "Boolean",
|
|
|
|
|
args: {
|
|
|
|
|
id: t.arg.int({ required: true }),
|
|
|
|
|
},
|
|
|
|
|
resolve: async (_root, args, ctx) => {
|
|
|
|
|
const comment = await ctx.db
|
|
|
|
|
.select()
|
|
|
|
|
.from(comments)
|
|
|
|
|
.where(eq(comments.id, args.id))
|
|
|
|
|
.limit(1);
|
|
|
|
|
if (!comment[0]) throw new GraphQLError("Comment not found");
|
|
|
|
|
requireOwnerOrAdmin(ctx, comment[0].user_id);
|
|
|
|
|
await ctx.db.delete(comments).where(eq(comments.id, args.id));
|
|
|
|
|
return true;
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
);
|