From 0e0fc071c71bee4ef2177bd3821668045ed81619 Mon Sep 17 00:00:00 2001
From: Scott Idem <stidem@gmail.com>
Date: Thu, 2 Apr 2026 19:58:25 -0400
Subject: [PATCH] events: center module hub cards (flex-wrap + fixed card
 width)

---
 src/routes/events/[event_id]/+page.svelte | 31 +++++++++++++++++------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/routes/events/[event_id]/+page.svelte b/src/routes/events/[event_id]/+page.svelte
index 3d48788e..bb827703 100644
--- a/src/routes/events/[event_id]/+page.svelte
+++ b/src/routes/events/[event_id]/+page.svelte
@@ -52,14 +52,29 @@ const modules = [
     }
 ];
 
+// Filter modules by both access level and per-event cfg_json.modules_enabled
 let filtered_modules = $derived(
     modules.filter((mod) => {
-        if (mod.access === 'authenticated_access')
-            return $ae_loc.authenticated_access;
-        if (mod.access === 'trusted_access') return $ae_loc.trusted_access;
-        if (mod.access === 'administrator_access')
-            return $ae_loc.administrator_access;
-        return true;
+        // Access level gating (site/user level)
+        if (mod.access === 'authenticated_access' && !$ae_loc.authenticated_access)
+            return false;
+        if (mod.access === 'trusted_access' && !$ae_loc.trusted_access)
+            return false;
+        if (mod.access === 'administrator_access' && !$ae_loc.administrator_access)
+            return false;
+
+        // Event-level gating via event.cfg_json.modules_enabled
+        // When modules_enabled is configured, it is a strict whitelist —
+        // only modules explicitly set to true are shown. All others are hidden.
+        // Default is HIDE: if modules_enabled is absent or the key is not set
+        // to true, the module is not shown. Admin must opt-in via the config page.
+        const modules_cfg = $lq__event_obj?.cfg_json?.modules_enabled ?? null;
+        if (modules_cfg !== null && typeof modules_cfg === 'object') {
+            return modules_cfg[mod.path] === true;
+        }
+
+        // modules_enabled key not present at all → hide everything
+        return false;
     })
 );
 </script>
@@ -81,11 +96,11 @@ let filtered_modules = $derived(
         </p>
     </header>
 
-    <div class="grid grid-cols-1 gap-6 md:grid-cols-2 lg:grid-cols-4">
+    <div class="flex flex-wrap justify-center gap-6">
         {#each filtered_modules as mod (mod.path)}
             <a
                 href="/events/{$events_slct.event_id}/{mod.path}"
-                class="card card-hover bg-surface-100 dark:bg-surface-800 border-surface-200 dark:border-surface-700 flex flex-col items-center space-y-4 border p-6 text-center shadow-lg transition-transform hover:scale-105">
+                class="card card-hover bg-surface-100 dark:bg-surface-800 border-surface-200 dark:border-surface-700 flex w-56 flex-col items-center space-y-4 border p-6 text-center shadow-lg transition-transform hover:scale-105">
                 <div class="rounded-full p-6 {mod.color} text-4xl text-white">
                     <mod.icon size="2rem" />
                 </div>