feat(acls): added backend acls

server/api/v1/admin/auth/invitation/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const id = body.id;

server/api/v1/admin/auth/invitation/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   await runTask("cleanup:invitations");
 

server/api/v1/admin/auth/invitation/index.post.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "auth:simple:invitation:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const isAdmin = body.isAdmin;
@@ -30,7 +33,7 @@ export default defineEventHandler(async (h3) => {
       isAdmin: isAdmin,
       username: username,
       email: email,
-      expires: expiresDate
+      expires: expiresDate,
     },
   });
 

server/api/v1/admin/game/image/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:image:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.gameId;

server/api/v1/admin/game/image/index.post.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import { handleFileUpload } from "~/server/internal/utils/handlefileupload";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:image:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const form = await readMultipartFormData(h3);
   if (!form)

server/api/v1/admin/game/index.delete.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/game/index.get.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/game/index.patch.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:update",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const id = body.id;

server/api/v1/admin/game/metadata.post.ts

@@ -1,9 +1,12 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import { handleFileUpload } from "~/server/internal/utils/handlefileupload";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:update",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const form = await readMultipartFormData(h3);
   if (!form)

server/api/v1/admin/game/version/index.delete.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:version:delete",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.id.toString();

server/api/v1/admin/game/version/index.patch.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "game:version:update",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.id?.toString();

server/api/v1/admin/import/game/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:game:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const unimportedGames = await libraryManager.fetchAllUnimportedGames();
   return { unimportedGames };

server/api/v1/admin/import/game/index.post.ts

@@ -1,3 +1,4 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 import {
   GameMetadataSearchResult,
@@ -5,8 +6,10 @@ import {
 } from "~/server/internal/metadata/types";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:game:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
 

server/api/v1/admin/import/game/search.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:game:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = getQuery(h3);
   const search = query.q?.toString();

server/api/v1/admin/import/version/index.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:version:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = await getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/import/version/index.post.ts

@@ -1,10 +1,13 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 import libraryManager from "~/server/internal/library";
 import { parsePlatform } from "~/server/internal/utils/parseplatform";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:version:new",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const body = await readBody(h3);
   const gameId = body.id;

server/api/v1/admin/import/version/preload.get.ts

@@ -1,8 +1,11 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, [
+    "import:version:read",
+  ]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const query = await getQuery(h3);
   const gameId = query.id?.toString();

server/api/v1/admin/index.get.ts

@@ -1,6 +0,0 @@
-export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getUser(h3);
-  if (!user)
-    throw createError({ statusCode: 403, statusMessage: "Not authenticated" });
-  return { admin: user.admin };
-});

server/api/v1/admin/library/index.get.ts

@@ -1,8 +1,9 @@
+import aclManager from "~/server/internal/acls";
 import libraryManager from "~/server/internal/library";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, ["library:read"]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const unimportedGames = await libraryManager.fetchAllUnimportedGames();
   const games = await libraryManager.fetchGamesWithStatus();

server/api/v1/admin/news/[id].delete.ts

@@ -0,0 +1,23 @@
+import { defineEventHandler, createError } from "h3";
+import newsManager from "~/server/internal/news";
+
+export default defineEventHandler(async (event) => {
+  const userId = await event.context.session.getUserId(event);
+  if (!userId) {
+    throw createError({
+      statusCode: 401,
+      message: "Unauthorized",
+    });
+  }
+
+  const id = event.context.params?.id;
+  if (!id) {
+    throw createError({
+      statusCode: 400,
+      message: "Missing news ID",
+    });
+  }
+
+  await newsManager.delete(id);
+  return { success: true };
+}); 

server/api/v1/admin/news/index.post.ts

@@ -0,0 +1,24 @@
+import { defineEventHandler, createError, readBody } from "h3";
+import newsManager from "~/server/internal/news";
+
+export default defineEventHandler(async (event) => {
+  const body = await readBody(event);
+  
+  if (!body.authorId) {
+    throw createError({
+      statusCode: 400,
+      message: 'Author ID is required'
+    });
+  }
+
+  const article = await newsManager.create({
+    title: body.title,
+    content: body.content,
+    excerpt: body.excerpt,
+    tags: body.tags,
+    image: body.image,
+    authorId: body.authorId,
+  });
+
+  return article;
+});

server/api/v1/admin/user/index.get.ts

@@ -1,8 +1,9 @@
+import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";
 
 export default defineEventHandler(async (h3) => {
-  const user = await h3.context.session.getAdminUser(h3);
-  if (!user) throw createError({ statusCode: 403 });
+  const allowed = await aclManager.allowSystemACL(h3, ["user:read"]);
+  if (!allowed) throw createError({ statusCode: 403 });
 
   const users = await prisma.user.findMany({});