feat: role-based ACL + admin management UI

Backend: - Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers - Gate premium videos from unauthenticated users in videos query/resolver - Fix updateVideoPlay to verify ownership before updating - Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser - Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos - Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles - Add deleteComment mutation (owner or admin only) - Add AdminUserListType to GraphQL types - Fix featured filter on articles query Frontend: - Install marked for markdown rendering - Add /admin/* section with sidebar layout and admin-only guard - Admin users page: paginated table with search, role filter, inline role change, delete - Admin videos pages: list, create form, edit form with file upload and model assignment - Admin articles pages: list, create form, edit form with split-pane markdown editor - Add admin nav link in header (desktop + mobile) for admin users - Render article content through marked in magazine detail page - Add all admin GraphQL service functions to services.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-06 12:31:33 +01:00
parent b200498a10
commit c1770ab9c9
28 changed files with 2311 additions and 43 deletions
--- a/packages/frontend/src/routes/admin/+layout.svelte
+++ b/packages/frontend/src/routes/admin/+layout.svelte
@@ -0,0 +1,50 @@
+<script lang="ts">
+  import { page } from "$app/state";
+
+  const { children } = $props();
+
+  const navLinks = [
+    { name: "Users", href: "/admin/users", icon: "icon-[ri--team-line]" },
+    { name: "Videos", href: "/admin/videos", icon: "icon-[ri--film-line]" },
+    { name: "Articles", href: "/admin/articles", icon: "icon-[ri--article-line]" },
+  ];
+
+  function isActive(href: string) {
+    return page.url.pathname.startsWith(href);
+  }
+</script>
+
+<div class="flex min-h-screen bg-background">
+  <!-- Sidebar -->
+  <aside
+    class="w-56 shrink-0 border-r border-border/40 bg-card/60 backdrop-blur-sm flex flex-col"
+  >
+    <div class="px-4 py-5 border-b border-border/40">
+      <a href="/" class="text-xs text-muted-foreground hover:text-foreground transition-colors">
+        ← Back to site
+      </a>
+      <h1 class="mt-2 text-base font-bold text-foreground">Admin</h1>
+    </div>
+
+    <nav class="flex-1 p-3 space-y-1">
+      {#each navLinks as link (link.href)}
+        <a
+          href={link.href}
+          class={`flex items-center gap-3 rounded-lg px-3 py-2 text-sm font-medium transition-colors ${
+            isActive(link.href)
+              ? "bg-primary/10 text-primary"
+              : "text-muted-foreground hover:text-foreground hover:bg-muted/50"
+          }`}
+        >
+          <span class={`${link.icon} h-4 w-4`}></span>
+          {link.name}
+        </a>
+      {/each}
+    </nav>
+  </aside>
+
+  <!-- Main content -->
+  <main class="flex-1 overflow-auto">
+    {@render children()}
+  </main>
+</div>