Add page and user monitoring in admin. Add permission editing in administration.

This commit is contained in:
2024-11-28 17:18:35 +01:00
parent 5062d52667
commit 429f1d4b38
13 changed files with 416 additions and 50 deletions

View File

@@ -1,3 +1,50 @@
export default defineEventHandler((e) => {
return [];
import { ne, sql } from 'drizzle-orm';
import useDatabase from '~/composables/useDatabase';
import { explorerContentTable } from '~/db/schema';
import { hasPermissions } from '~/shared/auth.util';
export default defineEventHandler(async (e) => {
const session = await getUserSession(e);
if(!session || !session.user || !hasPermissions(session.user.permissions, ['admin']))
{
throw createError({
statusCode: 401,
message: 'Unauthorized',
});
}
const db = useDatabase();
const content = db.select({
path: explorerContentTable.path,
owner: explorerContentTable.owner,
title: explorerContentTable.title,
type: explorerContentTable.type,
size: sql<number>`CASE WHEN ${explorerContentTable.content} IS NULL THEN 0 ELSE length(${explorerContentTable.content}) END`.as('size'),
navigable: explorerContentTable.navigable,
private: explorerContentTable.private,
order: explorerContentTable.order,
visit: explorerContentTable.visit,
timestamp: explorerContentTable.timestamp,
}).from(explorerContentTable).all();
content.sort((a, b) => {
return a.path.split('/').length - b.path.split('/').length;
});
for(let i = 0; i < content.length; i++)
{
const path = content[i].path.substring(0, content[i].path.lastIndexOf('/'));
if(path !== '')
{
const parent = content.find(e => e.path === path);
if(parent)
{
content[i].private = content[i].private || parent.private;
}
}
}
return content.filter(e => e.type !== 'folder');
})

View File

@@ -0,0 +1,55 @@
import { hasPermissions } from "~/shared/auth.util";
import useDatabase from '~/composables/useDatabase';
import { and, eq, notInArray } from "drizzle-orm";
import { z } from "zod";
import { userPermissionsTable } from "~/db/schema";
const schema = z.array(z.string());
export default defineEventHandler(async (e) => {
const session = await getUserSession(e);
if(!session || !session.user || !hasPermissions(session.user.permissions, ['admin']))
{
throw createError({
statusCode: 401,
message: 'Unauthorized',
});
}
const param = getRouterParam(e, 'id');
if(!param)
{
throw createError({
statusCode: 403,
message: 'Forbidden',
});
}
const body = await readValidatedBody(e, schema.safeParse);
if(!body.success)
{
throw createError({
statusCode: 403,
message: 'Forbidden',
});
}
try {
const id = parseInt(param, 10);
const db = useDatabase();
const permissions = body.data.map(e => ({ id: id, permission: e }));
db.transaction((tx) => {
tx.delete(userPermissionsTable).where(eq(userPermissionsTable.id, id)).run();
tx.insert(userPermissionsTable).values(permissions).run();
});
} catch(e) {
console.error(e);
throw e;
}
});

View File

@@ -1,3 +1,34 @@
export default defineEventHandler((e) => {
return [];
import { sql } from 'drizzle-orm';
import useDatabase from '~/composables/useDatabase';
import { userSessionsTable } from '~/db/schema';
import { hasPermissions } from '~/shared/auth.util';
export default defineEventHandler(async (e) => {
const session = await getUserSession(e);
if(!session || !session.user || !hasPermissions(session.user.permissions, ['admin']))
{
throw createError({
statusCode: 401,
message: 'Unauthorized',
});
}
const db = useDatabase();
return db.query.usersTable.findMany({
columns: {
email: false,
hash: false,
},
with: {
data: true,
permission: true,
session: {
columns: {
timestamp: false,
user_id: false,
}
}
}
}).sync();
})