From 50d8fd326f0496bf6892b9f5714aa5b219d62b05 Mon Sep 17 00:00:00 2001 From: eewing Date: Wed, 18 Mar 2026 08:12:47 -0500 Subject: [PATCH] Refactor training page and admin access control. Updated user role checks to include 'training_admin' for permissions, removed unnecessary admin checks from the training page, and added video deletion functionality with appropriate error handling. Improved UI for video management actions. --- src/lib/user-from-record.ts | 2 +- src/routes/training/+page.server.ts | 40 +++++++++++++++++++++-- src/routes/training/+page.svelte | 31 ++++++++++++------ src/routes/training/admin/+page.server.ts | 18 ++++++++-- 4 files changed, 75 insertions(+), 16 deletions(-) diff --git a/src/lib/user-from-record.ts b/src/lib/user-from-record.ts index 2f202932..d35ef4c4 100644 --- a/src/lib/user-from-record.ts +++ b/src/lib/user-from-record.ts @@ -24,6 +24,6 @@ export function mapUserRecord(r: Record): UserFromRecord { tasgrid: bool(r, 'TasGrid', 'tasgrid'), stackq: bool(r, 'Stackq', 'stackq'), hrm: bool(r, 'HRM', 'hrm', 'Hrm'), - training_admin: bool(r, 'training_admin', 'TrainingAdmin', 'trainingAdmin') + training_admin: bool(r, 'training_admin', 'TrainingAdmin', 'trainingAdmin', 'Admin') }; } diff --git a/src/routes/training/+page.server.ts b/src/routes/training/+page.server.ts index cee4df91..a45c9f36 100644 --- a/src/routes/training/+page.server.ts +++ b/src/routes/training/+page.server.ts @@ -46,12 +46,10 @@ export const load: PageServerLoad = async ({ locals }) => { }); const canUpload = Boolean(user?.training_admin); - const isAdmin = Boolean((user as any)?.Admin); return { videos, - canUpload, - isAdmin + canUpload }; }; @@ -109,6 +107,42 @@ export const actions: Actions = { }); } + throw redirect(303, '/training'); + }, + delete: async ({ request, locals }) => { + const user = locals.user; + + if (!user) { + throw redirect(303, '/login'); + } + + if (!user.training_admin) { + return fail(403, { + error: 'You do not have permission to delete training videos.' + }); + } + + const formData = await request.formData(); + const id = String(formData.get('id') ?? '').trim(); + + if (!id) { + return fail(400, { + error: 'Missing video id.' + }); + } + + try { + await locals.pb.collection(VIDEO_COLLECTION).delete(id); + } catch (e) { + const message = + e && typeof e === 'object' && 'message' in e + ? String((e as { message: string }).message) + : 'Could not delete video.'; + return fail(500, { + error: message + }); + } + throw redirect(303, '/training'); } }; diff --git a/src/routes/training/+page.svelte b/src/routes/training/+page.svelte index 8012fc92..b7141b45 100644 --- a/src/routes/training/+page.svelte +++ b/src/routes/training/+page.svelte @@ -20,12 +20,11 @@ }; } | null; - let { data, form }: { data: { videos: TrainingVideo[]; canUpload: boolean; isAdmin: boolean }; form: UploadFormState } = + let { data, form }: { data: { videos: TrainingVideo[]; canUpload: boolean }; form: UploadFormState } = $props(); const videos = $derived(data.videos); const canUpload = $derived(data.canUpload); - const isAdmin = $derived(data.isAdmin); function formatDate(created: string) { if (!created) return ''; @@ -88,11 +87,6 @@

Training

- {#if isAdmin} - - - - {/if}
{#if canUpload} @@ -162,9 +156,26 @@ {video.title} {formatDate(video.created)} - - - +
+ + + + {#if canUpload} +
+ + +
+ {/if} +
{#if video.videoUrl} diff --git a/src/routes/training/admin/+page.server.ts b/src/routes/training/admin/+page.server.ts index f02efe8e..410733f3 100644 --- a/src/routes/training/admin/+page.server.ts +++ b/src/routes/training/admin/+page.server.ts @@ -21,7 +21,15 @@ export const load: PageServerLoad = async ({ locals }) => { throw redirect(303, '/login'); } - if (!(user as any)?.Admin) { + console.log('training/admin load user', user); + + const isAdmin = Boolean( + (user as any)?.Admin || + (user as any)?.admin || + (user as any)?.training_admin + ); + + if (!isAdmin) { throw error(403, 'You do not have access to training admin.'); } @@ -65,7 +73,13 @@ export const actions: Actions = { throw redirect(303, '/login'); } - if (!(user as any)?.Admin) { + const isAdmin = Boolean( + (user as any)?.Admin || + (user as any)?.admin || + (user as any)?.training_admin + ); + + if (!isAdmin) { return fail(403, { error: 'You do not have permission to manage training videos.' });