Skip to content

Support admin-less events #67

Merged
KhoaNguyen706 merged 1 commit intomainfrom
khoa/supportAmin-less
Apr 20, 2026
Merged

Support admin-less events #67
KhoaNguyen706 merged 1 commit intomainfrom
khoa/supportAmin-less

Conversation

@KhoaNguyen706
Copy link
Copy Markdown
Collaborator

@KhoaNguyen706 KhoaNguyen706 commented Apr 18, 2026
edited
Loading

  • Event.CanEdit: when Admins is empty, any site admin (user_role=admin) can edit; otherwise only listed admins.
  • Event.IsListedAdmin: renamed from IsAdmin for clarity.
  • PATCH/DELETE handlers: read user_id and user_role from query, return 401 when unauthenticated and 403 when unauthorized via CanEdit.
  • Added doc comment on Admins field pointing at issue Support "admin-less' events #65.
    Admin Less tesing:
image No auth: image Token failed: image

Closes #65

@steeevin88 steeevin88 mentioned this pull request Apr 18, 2026
Merged
steeevin88
steeevin88 reviewed Apr 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@steeevin88 steeevin88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few comments

i'm fine with merging this now but this definitely won't be our end-logic b/c it's technically not safe 😅 we need to properly verify that the user-role isn't just a spoofed value

#41 will solve this but it's a bit complicated... we can just merge this now + fix it

Comment thread pkg/models/event.go Outdated
Comment thread pkg/models/event.go Outdated
Comment thread pkg/models/event.go Outdated
Comment thread pkg/models/event.go Outdated
Comment thread pkg/models/event.go Outdated
Comment thread pkg/handlers/event.go Outdated
@steeevin88
Copy link
Copy Markdown
Contributor

steeevin88 commented Apr 18, 2026

can you also remoe #65 from the PR title

steeevin88
steeevin88 reviewed Apr 18, 2026
View reviewed changes
Comment thread pkg/handlers/event.go Outdated
Comment thread pkg/handlers/event.go Outdated
@KhoaNguyen706 KhoaNguyen706 force-pushed the khoa/supportAmin-less branch from 05b64c9 to 574adbe Compare April 19, 2026 04:27
steeevin88
steeevin88 reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@steeevin88 steeevin88 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was this tested? if not can we test this + provide screenshots in the PR description 😄

also this is targeted to merge into your branch for #64 , but we should probably just merge this into main? not sure how to "redirect" it. we can merge either first

edit: to change the branch you can just edit the PR + it'll let you change the target branch

image

@KhoaNguyen706 KhoaNguyen706 changed the title Support admin-less events (#65) Support admin-less events (#65) Merge To Main Apr 20, 2026
@KhoaNguyen706 KhoaNguyen706 changed the title Support admin-less events (#65) Merge To Main Support admin-less events (#65) Merge To main Apr 20, 2026
@KhoaNguyen706 KhoaNguyen706 changed the title Support admin-less events (#65) Merge To main Support admin-less events Apr 20, 2026
@KhoaNguyen706 KhoaNguyen706 changed the base branch from khoa/auto-migrate to main April 20, 2026 02:12
@steeevin88 steeevin88 force-pushed the khoa/supportAmin-less branch from 574adbe to 1eadfd0 Compare April 20, 2026 02:12
@KhoaNguyen706
Support admin-less events
1483482 
- Event.CanEdit: when Admins is empty, only callers asserting the site admin role may edit; otherwise only listed admins.

- PATCH/DELETE handlers: read userID and userRole from gin context (set by the auth middleware from #69); remove query param fallback.

- Short doc comment on Admins field.

Closes #65

Made-with: Cursor
@KhoaNguyen706 KhoaNguyen706 force-pushed the khoa/supportAmin-less branch from 1eadfd0 to 1483482 Compare April 20, 2026 20:09
steeevin88
steeevin88 approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@steeevin88 steeevin88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome, thanks for fixing everything

@KhoaNguyen706 KhoaNguyen706 merged commit 2789317 into main Apr 20, 2026
1 check passed
@KhoaNguyen706 KhoaNguyen706 deleted the khoa/supportAmin-less branch April 20, 2026 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steeevin88 steeevin88 steeevin88 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support "admin-less' events

2 participants

@KhoaNguyen706 @steeevin88