Setup wizard & 0.3.0 release (#146)

* fix: small merge fixes

* feat: initial setup wizard

* fix: last few localization items

* fix: lint

* fix: bump version

server/internal/acls/descriptions.ts

@@ -44,6 +44,9 @@ export const userACLDescriptions: ObjectFromList<typeof userACLs> = {
 };
 
 export const systemACLDescriptions: ObjectFromList<typeof systemACLs> = {
+  setup:
+    "All permissions required to setup a new Drop instance (setup wizard).",
+
   "auth:read":
     "Fetch the list of enabled authentication mechanisms configured.",
   "auth:simple:invitation:read": "Fetch simple auth invitations.",

server/internal/acls/index.ts

@@ -41,6 +41,8 @@ const userACLPrefix = "user:";
 export type UserACL = Array<(typeof userACLs)[number]>;
 
 export const systemACLs = [
+  "setup",
+
   "auth:read",
   "auth:simple:invitation:read",
   "auth:simple:invitation:new",
@@ -167,9 +169,11 @@ class ACLManager {
       const user = await prisma.user.findUnique({
         where: { id: userSession.userId },
       });
-      if (!user) return false;
-      if (user.admin) return true;
-      return false;
+      if (user) {
+        if (!user) return false;
+        if (user.admin) return true;
+        return false;
+      }
     }
 
     const authorizationToken = this.getAuthorizationToken(request);
@@ -179,6 +183,10 @@ class ACLManager {
     });
     if (!token) return false;
     if (token.mode != APITokenMode.System) return false;
+
+    // If empty, we just want to check we are an admin *at all*, not specific ACLs
+    if (acls.length == 0) return true;
+
     for (const acl of acls) {
       const tokenACLIndex = token.acls.findIndex((e) => e == acl);
       if (tokenACLIndex != -1) return true;