jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update project config and documentation, add admin invite script,

Browse source 
implement membersOnly event visibility
This commit is contained in:
Jennie Robinson Faber 2026-05-19 13:26:05 +01:00
parent 96470a604a
commit 9e18560ebf
9 changed files with 387 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

13
server/api/events/[id].get.js
View file

@ -1,4 +1,6 @@
import { loadPublicEvent } from '../../utils/loadEvent.js'
import { getOptionalMember } from '../../utils/auth.js'
import { hasMemberAccess } from '../../utils/tickets.js'
export default defineEventHandler(async (event) => {
try {
@ -8,6 +10,17 @@ export default defineEventHandler(async (event) => {
select: '-registrations.email'
})
// Members-only events are hidden from non-members (parallel to isVisible).
// Registration/ticket endpoints still surface a "members only" error so an
// authenticated guest sees actionable copy when posting; here we just 404.
if (eventData.membersOnly) {
const requester = await getOptionalMember(event)
const canSee = requester?.role === 'admin' || hasMemberAccess(requester)
if (!canSee) {
throw createError({ statusCode: 404, statusMessage: 'Event not found' })
}
}
return {
...eventData,
id: eventData._id.toString(),

11
server/api/events/index.get.js
View file

@ -1,5 +1,7 @@
import Event from "../../models/event.js";
import { connectDB } from "../../utils/mongoose.js";
import { getOptionalMember } from "../../utils/auth.js";
import { hasMemberAccess } from "../../utils/tickets.js";
export default defineEventHandler(async (event) => {
try {
@ -24,9 +26,12 @@ export default defineEventHandler(async (event) => {
filter.eventType = query.eventType;
}
// Filter for members-only events
if (query.membersOnly !== undefined) {
filter.membersOnly = query.membersOnly === "true";
// Hide members-only events from non-members. Admins and members see them.
const requester = await getOptionalMember(event);
const canSeeMembersOnly =
requester?.role === "admin" || hasMemberAccess(requester);
if (!canSeeMembersOnly) {
filter.membersOnly = { $ne: true };
}
// Fetch events from database