valknar/sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: role-based ACL + admin management UI

Browse Source 
Backend:
- Add acl.ts with requireAuth/requireRole/requireOwnerOrAdmin helpers
- Gate premium videos from unauthenticated users in videos query/resolver
- Fix updateVideoPlay to verify ownership before updating
- Add admin mutations: adminListUsers, adminUpdateUser, adminDeleteUser
- Add admin mutations: createVideo, updateVideo, deleteVideo, setVideoModels, adminListVideos
- Add admin mutations: createArticle, updateArticle, deleteArticle, adminListArticles
- Add deleteComment mutation (owner or admin only)
- Add AdminUserListType to GraphQL types
- Fix featured filter on articles query

Frontend:
- Install marked for markdown rendering
- Add /admin/* section with sidebar layout and admin-only guard
- Admin users page: paginated table with search, role filter, inline role change, delete
- Admin videos pages: list, create form, edit form with file upload and model assignment
- Admin articles pages: list, create form, edit form with split-pane markdown editor
- Add admin nav link in header (desktop + mobile) for admin users
- Render article content through marked in magazine detail page
- Add all admin GraphQL service functions to services.ts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2026-03-06 12:31:33 +01:00
parent b200498a10
commit c1770ab9c9
28 changed files with 2311 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/frontend/src/routes/admin/articles/+page.server.ts Normal file
View File

@@ -0,0 +1,6 @@
import { adminListArticles } from "$lib/services";
export async function load({ fetch }) {
const articles = await adminListArticles(fetch).catch(() => []);
return { articles };
}

137
packages/frontend/src/routes/admin/articles/+page.svelte Normal file
View File

@@ -0,0 +1,137 @@
<script lang="ts">
import { invalidateAll } from "$app/navigation";
import { toast } from "svelte-sonner";
import { deleteArticle } from "$lib/services";
import { getAssetUrl } from "$lib/api";
import { Button } from "$lib/components/ui/button";
import * as Dialog from "$lib/components/ui/dialog";
import type { Article } from "$lib/types";
import TimeAgo from "javascript-time-ago";
const { data } = $props();
const timeAgo = new TimeAgo("en");
let deleteTarget: Article | null = $state(null);
let deleteOpen = $state(false);
let deleting = $state(false);
function confirmDelete(article: Article) {
deleteTarget = article;
deleteOpen = true;
}
async function handleDelete() {
if (!deleteTarget) return;
deleting = true;
try {
await deleteArticle(deleteTarget.id);
toast.success("Article deleted");
deleteOpen = false;
deleteTarget = null;
await invalidateAll();
} catch {
toast.error("Failed to delete article");
} finally {
deleting = false;
}
}
</script>
<div class="p-6">
<div class="flex items-center justify-between mb-6">
<h1 class="text-2xl font-bold">Articles</h1>
<Button href="/admin/articles/new">
<span class="icon-[ri--add-line] h-4 w-4 mr-1"></span>New article
</Button>
</div>
<div class="rounded-lg border border-border/40 overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-muted/30">
<tr>
<th class="px-4 py-3 text-left font-medium text-muted-foreground">Article</th>
<th class="px-4 py-3 text-left font-medium text-muted-foreground">Category</th>
<th class="px-4 py-3 text-left font-medium text-muted-foreground">Published</th>
<th class="px-4 py-3 text-right font-medium text-muted-foreground">Actions</th>
</tr>
</thead>
<tbody class="divide-y divide-border/30">
{#each data.articles as article (article.id)}
<tr class="hover:bg-muted/10 transition-colors">
<td class="px-4 py-3">
<div class="flex items-center gap-3">
{#if article.image}
<img
src={getAssetUrl(article.image, "mini")}
alt=""
class="h-10 w-16 rounded object-cover"
/>
{:else}
<div
class="h-10 w-16 rounded bg-muted/50 flex items-center justify-center text-muted-foreground"
>
<span class="icon-[ri--article-line] h-5 w-5"></span>
</div>
{/if}
<div>
<p class="font-medium">{article.title}</p>
{#if article.featured}
<span
class="text-xs px-1.5 py-0.5 rounded bg-primary/10 text-primary font-medium"
>Featured</span
>
{/if}
</div>
</div>
</td>
<td class="px-4 py-3 text-muted-foreground capitalize">{article.category ?? "—"}</td>
<td class="px-4 py-3 text-muted-foreground">
{timeAgo.format(new Date(article.publish_date))}
</td>
<td class="px-4 py-3 text-right">
<div class="flex items-center justify-end gap-1">
<Button size="sm" variant="ghost" href="/admin/articles/{article.id}">
<span class="icon-[ri--edit-line] h-4 w-4"></span>
</Button>
<Button
size="sm"
variant="ghost"
class="text-destructive hover:text-destructive hover:bg-destructive/10"
onclick={() => confirmDelete(article)}
>
<span class="icon-[ri--delete-bin-line] h-4 w-4"></span>
</Button>
</div>
</td>
</tr>
{/each}
{#if data.articles.length === 0}
<tr>
<td colspan="4" class="px-4 py-8 text-center text-muted-foreground">
No articles yet
</td>
</tr>
{/if}
</tbody>
</table>
</div>
</div>
<Dialog.Root bind:open={deleteOpen}>
<Dialog.Content>
<Dialog.Header>
<Dialog.Title>Delete article</Dialog.Title>
<Dialog.Description>
Permanently delete <strong>{deleteTarget?.title}</strong>? This cannot be undone.
</Dialog.Description>
</Dialog.Header>
<Dialog.Footer>
<Button variant="outline" onclick={() => (deleteOpen = false)}>Cancel</Button>
<Button variant="destructive" disabled={deleting} onclick={handleDelete}>
{deleting ? "Deleting…" : "Delete"}
</Button>
</Dialog.Footer>
</Dialog.Content>
</Dialog.Root>

9
packages/frontend/src/routes/admin/articles/[id]/+page.server.ts Normal file
View File

@@ -0,0 +1,9 @@
import { adminListArticles } from "$lib/services";
import { error } from "@sveltejs/kit";
export async function load({ params, fetch }) {
const articles = await adminListArticles(fetch).catch(() => []);
const article = articles.find((a) => a.id === params.id);
if (!article) throw error(404, "Article not found");
return { article };
}

157
packages/frontend/src/routes/admin/articles/[id]/+page.svelte Normal file
View File

@@ -0,0 +1,157 @@
<script lang="ts">
import { goto } from "$app/navigation";
import { toast } from "svelte-sonner";
import { updateArticle, uploadFile } from "$lib/services";
import { marked } from "marked";
import { Button } from "$lib/components/ui/button";
import { Input } from "$lib/components/ui/input";
import { Label } from "$lib/components/ui/label";
import { Textarea } from "$lib/components/ui/textarea";
import { TagsInput } from "$lib/components/ui/tags-input";
import { FileDropZone, MEGABYTE } from "$lib/components/ui/file-drop-zone";
import { getAssetUrl } from "$lib/api";
const { data } = $props();
let title = $state(data.article.title);
let slug = $state(data.article.slug);
let excerpt = $state(data.article.excerpt ?? "");
let content = $state(data.article.content ?? "");
let category = $state(data.article.category ?? "");
let tags = $state<string[]>(data.article.tags ?? []);
let featured = $state(data.article.featured ?? false);
let publishDate = $state(
data.article.publish_date
? new Date(data.article.publish_date).toISOString().slice(0, 16)
: "",
);
let imageId = $state<string | null>(data.article.image ?? null);
let saving = $state(false);
let preview = $derived(content ? marked.parse(content) as string : "");
async function handleImageUpload(files: File[]) {
const file = files[0];
if (!file) return;
const fd = new FormData();
fd.append("file", file);
try {
const res = await uploadFile(fd);
imageId = res.id;
toast.success("Image uploaded");
} catch {
toast.error("Image upload failed");
}
}
async function handleSubmit() {
saving = true;
try {
await updateArticle({
id: data.article.id,
title,
slug,
excerpt: excerpt || undefined,
content: content || undefined,
imageId: imageId || undefined,
tags,
category: category || undefined,
featured,
publishDate: publishDate || undefined,
});
toast.success("Article updated");
goto("/admin/articles");
} catch (e: any) {
toast.error(e?.message ?? "Failed to update article");
} finally {
saving = false;
}
}
</script>
<div class="p-6">
<div class="flex items-center gap-4 mb-6">
<Button variant="ghost" href="/admin/articles" size="sm">
<span class="icon-[ri--arrow-left-line] h-4 w-4 mr-1"></span>Back
</Button>
<h1 class="text-2xl font-bold">Edit article</h1>
</div>
<div class="space-y-5 max-w-4xl">
<div class="grid grid-cols-2 gap-4">
<div class="space-y-1.5">
<Label for="title">Title *</Label>
<Input id="title" bind:value={title} />
</div>
<div class="space-y-1.5">
<Label for="slug">Slug *</Label>
<Input id="slug" bind:value={slug} />
</div>
</div>
<div class="space-y-1.5">
<Label for="excerpt">Excerpt</Label>
<Textarea id="excerpt" bind:value={excerpt} rows={2} />
</div>
<!-- Markdown editor with live preview -->
<div class="space-y-1.5">
<Label>Content (Markdown)</Label>
<div class="grid grid-cols-2 gap-4 min-h-96">
<Textarea
bind:value={content}
class="h-full min-h-96 font-mono text-sm resize-none"
/>
<div
class="rounded-lg border border-border/40 bg-muted/20 p-4 overflow-auto prose prose-sm max-w-none prose-headings:text-foreground prose-p:text-muted-foreground"
>
{#if preview}
{@html preview}
{:else}
<p class="text-muted-foreground italic text-sm">Preview will appear here…</p>
{/if}
</div>
</div>
</div>
<div class="space-y-1.5">
<Label>Cover image</Label>
{#if imageId}
<img src={getAssetUrl(imageId, "thumbnail")} alt="" class="h-24 rounded object-cover mb-2" />
{/if}
<FileDropZone
accept="image/*"
maxFileSize={10 * MEGABYTE}
onUpload={handleImageUpload}
/>
</div>
<div class="grid grid-cols-2 gap-4">
<div class="space-y-1.5">
<Label for="category">Category</Label>
<Input id="category" bind:value={category} />
</div>
<div class="space-y-1.5">
<Label for="publishDate">Publish date</Label>
<Input id="publishDate" type="datetime-local" bind:value={publishDate} />
</div>
</div>
<div class="space-y-1.5">
<Label>Tags</Label>
<TagsInput bind:value={tags} />
</div>
<label class="flex items-center gap-2 cursor-pointer">
<input type="checkbox" bind:checked={featured} class="rounded" />
<span class="text-sm">Featured</span>
</label>
<div class="flex gap-3 pt-2">
<Button onclick={handleSubmit} disabled={saving}>
{saving ? "Saving…" : "Save changes"}
</Button>
<Button variant="outline" href="/admin/articles">Cancel</Button>
</div>
</div>
</div>

3
packages/frontend/src/routes/admin/articles/new/+page.server.ts Normal file
View File

@@ -0,0 +1,3 @@
export async function load() {
return {};
}

164
packages/frontend/src/routes/admin/articles/new/+page.svelte Normal file
View File

@@ -0,0 +1,164 @@
<script lang="ts">
import { goto } from "$app/navigation";
import { toast } from "svelte-sonner";
import { createArticle, uploadFile } from "$lib/services";
import { marked } from "marked";
import { Button } from "$lib/components/ui/button";
import { Input } from "$lib/components/ui/input";
import { Label } from "$lib/components/ui/label";
import { Textarea } from "$lib/components/ui/textarea";
import { TagsInput } from "$lib/components/ui/tags-input";
import { FileDropZone, MEGABYTE } from "$lib/components/ui/file-drop-zone";
let title = $state("");
let slug = $state("");
let excerpt = $state("");
let content = $state("");
let category = $state("");
let tags = $state<string[]>([]);
let featured = $state(false);
let publishDate = $state("");
let imageId = $state<string | null>(null);
let saving = $state(false);
let preview = $derived(content ? marked.parse(content) as string : "");
function generateSlug(t: string) {
return t
.toLowerCase()
.replace(/[^a-z0-9]+/g, "-")
.replace(/^-|-$/g, "");
}
async function handleImageUpload(files: File[]) {
const file = files[0];
if (!file) return;
const fd = new FormData();
fd.append("file", file);
try {
const res = await uploadFile(fd);
imageId = res.id;
toast.success("Image uploaded");
} catch {
toast.error("Image upload failed");
}
}
async function handleSubmit() {
if (!title || !slug) {
toast.error("Title and slug are required");
return;
}
saving = true;
try {
await createArticle({
title,
slug,
excerpt: excerpt || undefined,
content: content || undefined,
imageId: imageId || undefined,
tags,
category: category || undefined,
featured,
publishDate: publishDate || undefined,
});
toast.success("Article created");
goto("/admin/articles");
} catch (e: any) {
toast.error(e?.message ?? "Failed to create article");
} finally {
saving = false;
}
}
</script>
<div class="p-6">
<div class="flex items-center gap-4 mb-6">
<Button variant="ghost" href="/admin/articles" size="sm">
<span class="icon-[ri--arrow-left-line] h-4 w-4 mr-1"></span>Back
</Button>
<h1 class="text-2xl font-bold">New article</h1>
</div>
<div class="space-y-5 max-w-4xl">
<div class="grid grid-cols-2 gap-4">
<div class="space-y-1.5">
<Label for="title">Title *</Label>
<Input
id="title"
bind:value={title}
oninput={() => { if (!slug) slug = generateSlug(title); }}
placeholder="Article title"
/>
</div>
<div class="space-y-1.5">
<Label for="slug">Slug *</Label>
<Input id="slug" bind:value={slug} placeholder="article-slug" />
</div>
</div>
<div class="space-y-1.5">
<Label for="excerpt">Excerpt</Label>
<Textarea id="excerpt" bind:value={excerpt} placeholder="Short summary…" rows={2} />
</div>
<!-- Markdown editor with live preview -->
<div class="space-y-1.5">
<Label>Content (Markdown)</Label>
<div class="grid grid-cols-2 gap-4 min-h-96">
<Textarea
bind:value={content}
placeholder="Write in Markdown…"
class="h-full min-h-96 font-mono text-sm resize-none"
/>
<div
class="rounded-lg border border-border/40 bg-muted/20 p-4 overflow-auto prose prose-sm max-w-none prose-headings:text-foreground prose-p:text-muted-foreground"
>
{#if preview}
{@html preview}
{:else}
<p class="text-muted-foreground italic text-sm">Preview will appear here…</p>
{/if}
</div>
</div>
</div>
<div class="space-y-1.5">
<Label>Cover image</Label>
<FileDropZone
accept="image/*"
maxFileSize={10 * MEGABYTE}
onUpload={handleImageUpload}
/>
{#if imageId}<p class="text-xs text-green-600 mt-1">Image uploaded ✓</p>{/if}
</div>
<div class="grid grid-cols-2 gap-4">
<div class="space-y-1.5">
<Label for="category">Category</Label>
<Input id="category" bind:value={category} placeholder="e.g. news, tutorial…" />
</div>
<div class="space-y-1.5">
<Label for="publishDate">Publish date</Label>
<Input id="publishDate" type="datetime-local" bind:value={publishDate} />
</div>
</div>
<div class="space-y-1.5">
<Label>Tags</Label>
<TagsInput bind:value={tags} />
</div>
<label class="flex items-center gap-2 cursor-pointer">
<input type="checkbox" bind:checked={featured} class="rounded" />
<span class="text-sm">Featured</span>
</label>
<div class="flex gap-3 pt-2">
<Button onclick={handleSubmit} disabled={saving}>
{saving ? "Creating…" : "Create article"}
</Button>
<Button variant="outline" href="/admin/articles">Cancel</Button>
</div>
</div>
</div>