Updates to make Journals more secure

2025-05-02 13:01:49 -04:00
parent 8f515e034b
commit 0b61596833
4 changed files with 134 additions and 190 deletions
--- a/src/routes/journals/[journal_id]/entry/[journal_entry_id]/+page.svelte
+++ b/src/routes/journals/[journal_id]/entry/[journal_entry_id]/+page.svelte
@@ -86,6 +86,7 @@ let lq__journal_entry_obj = $derived(liveQuery(async () => {
 </svelte:head> -->


+{#if $ae_loc.person_id == $lq__journal_obj?.person_id}
 <section
    class="
        ae_journals__journal_entry
@@ -111,6 +112,7 @@ let lq__journal_entry_obj = $derived(liveQuery(async () => {
    Back to Journal Entries
 </a> -->

+
 {#if $lq__journal_entry_obj}
 <Journal_entry_view
    lq__journal_obj={lq__journal_obj}
@@ -121,123 +123,12 @@ let lq__journal_entry_obj = $derived(liveQuery(async () => {

 </section>

+{:else}

-<!-- Modal: Journal edit ID -->
-<Modal
-    title="{$lq__journal_entry_obj?.name} - {$lq__journal_entry_obj?.id}"
-    bind:open={$journals_sess.show__modal_edit__journal_entry_id}
-    autoclose={false}
-    placement="top-center"
-    size="xl"
-    class="top-center bg-white dark:bg-gray-800 text-gray-800 dark:text-gray-200 rounded-lg border-gray-200 dark:border-gray-700 divide-gray-200 dark:divide-gray-700 shadow-md relative flex flex-col mx-auto w-full divide-y"
-    >
+<section class="main_content flex-grow px-1 md:px-2 pb-28 flex flex-col gap-1 items-center">
+    <p class="text-center">
+    You must be logged in as the owner to view this Journal Entry.
+    </p>
+</section>

-    {#snippet header()}
-
-            <div class="flex flex-row items-center justify-between w-full">
-                <h3 class="text-lg font-semibold">
-                {#if $ae_loc.trusted_access}
-                <!-- <div class="ae_options"> -->
-                    <button
-                        onclick={() => {
-                        // const url = new URL(location);
-                        // url.searchParams.set('event_id', $lq__journal_entry_obj?.event_id_random);
-                        // history.pushState({}, '', url);
-
-                        $journals_sess.show__modal_view__journal_entry_id = $journals_slct.journal_entry_id;
-                        $journals_sess.show__modal_edit__journal_entry_id = false;
-                    }}
-                        class="novi_btn btn btn-sm variant-ghost-warning hover:variant-filled-warning transition"
-                        title={`View meeting: ${$lq__journal_entry_obj?.name}`}
-                        >
-                        <span class="fas fa-eye m-1"></span> View
-                    </button>
-                <!-- </div> -->
-                {/if}
-
-                <span class="text-sm text-gray-500">
-                    Edit Journal Entry:
-                </span>
-                {$lq__journal_entry_obj?.name}
-            </h3>
-            </div>
-
-
-    {/snippet}
-
-    <!-- <Journal_obj_id_edit
-        lq__journal_entry_obj={lq__journal_entry_obj}
-        /> -->
-
-
-    <!-- <svelte:fragment slot="footer">
-        <div class="text-center w-full">
-            <button
-                type="button"
-                on:click={() => {
-                    console.log('Close modal');
-                    $journals_sess.recovery_meetings.show__modal_edit__journal_entry_id = false;
-                }}
-                class="btn btn-sm variant-soft-warning hover:variant-ghost-warning"
-                >
-                <span class="fas fa-times mx-1"></span>
-                Close
-            </button>
-        </div>
-    </svelte:fragment> -->
-
-</Modal>
-
-
-<!-- Modal: Journal Content edit ID -->
-<!-- <Modal
-    bind:open={$journals_sess.show__modal_edit__journal_entry_id}
-    title="{$lq__journal_entry_obj?.name ?? 'New Journal Content'} - {$lq__journal_entry_obj?.id ?? 'Not Saved Yet'}"
-    autoclose={false}
-    placement="top-center"
-    size="xl"
-    class="top-center bg-white dark:bg-gray-800 text-gray-800 dark:text-gray-200 rounded-lg border-gray-200 dark:border-gray-700 divide-gray-200 dark:divide-gray-700 shadow-md relative flex flex-col mx-auto w-full divide-y"
-    >
-
-    {#snippet header()}
-
-            <div class="flex flex-row items-center justify-between w-full">
-                <h3 class="text-lg font-semibold">
-                    {#if $ae_loc.trusted_access}
-
-                        <button
-                            onclick={() => {
-                            // const url = new URL(location);
-                            // url.searchParams.set('event_id', $lq__journal_entry_obj?.event_id_random);
-                            // history.pushState({}, '', url);
-
-                            $journals_sess.show__modal_view__journal_entry_id = $journals_slct.journal_entry_id;
-                            $journals_sess.show__modal_edit__journal_entry_id = false;
-                        }}
-                            class="novi_btn btn btn-sm variant-ghost-warning hover:variant-filled-warning transition"
-                            title={`View meeting: ${$lq__journal_entry_obj?.name}`}
-                            >
-                            <span class="fas fa-eye m-1"></span> View
-                        </button>
-                    {/if}
-
-                    <span class="text-sm text-gray-500">
-                        Edit Journal Content:
-                    </span>
-                    {$lq__journal_entry_obj?.name ?? 'New Journal Content'}
-                </h3>
-            </div>
-
-
-    {/snippet}
-
-
-</Modal> -->
-
-
-<!-- Modal: Journal Content ID media player -->
-<!-- {#if $journals_slct.journal_entry_id && $journals_sess.show__modal_view__journal_entry_id}
-    <Modal_media_player
-        lq__journal_entry_obj={lq__journal_entry_obj}
-        />
-{/if} -->
+{/if}