diff --git a/src/lib/ae_journals/ae_journals__journal.ts b/src/lib/ae_journals/ae_journals__journal.ts index 4eb0971f..716bbff4 100644 --- a/src/lib/ae_journals/ae_journals__journal.ts +++ b/src/lib/ae_journals/ae_journals__journal.ts @@ -286,11 +286,11 @@ async function _refresh_journal_li_background({ let promise; if (qry_person_id) { const search_query: any = { - and: [{ field: 'person_id_random', op: 'eq', value: qry_person_id }] + and: [{ field: 'person_id', op: 'eq', value: qry_person_id }] }; if (for_obj_id) search_query.and.push({ - field: `${for_obj_type}_id_random`, + field: `${for_obj_type}_id`, op: 'eq', value: for_obj_id }); @@ -344,7 +344,7 @@ async function _refresh_journal_li_background({ load_ae_obj_li__journal_entry({ api_cfg, for_obj_type: 'journal', - for_obj_id: journal.journal_id_random, + for_obj_id: journal.journal_id, enabled, hidden, limit, @@ -396,7 +396,7 @@ export async function create_ae_obj__journal({ api_cfg: api_cfg, obj_type: 'journal', fields: { - account_id_random: account_id, + account_id: account_id, ...data_kv }, params: params, @@ -613,7 +613,7 @@ export async function qry__journal({ if (journal_id) { // Assuming journal_id here is actually the account_id as per original usage context search_query.and.push({ - field: 'account_id_random', + field: 'account_id', op: 'eq', value: journal_id }); @@ -797,7 +797,6 @@ async function _process_generic_props>({ // --- Common Transformations --- // 1. Standardize ID and other '_random' fields - // The API often returns fields like 'person_id_random', which need to be aliased to 'person_id'. for (const key in processed_obj) { if (key.endsWith('_random')) { const newKey = key.slice(0, -7); // Remove '_random' suffix @@ -805,7 +804,7 @@ async function _process_generic_props>({ } } // Ensure 'id' is set from '[obj_type]_id_random' - const randomIdKey = `${obj_type}_id_random`; + const randomIdKey = `${obj_type}_id`; if (processed_obj[randomIdKey]) { (processed_obj as any).id = processed_obj[randomIdKey]; } diff --git a/src/lib/ae_journals/ae_journals__journal_entry.ts b/src/lib/ae_journals/ae_journals__journal_entry.ts index 49b31f5b..cb573172 100644 --- a/src/lib/ae_journals/ae_journals__journal_entry.ts +++ b/src/lib/ae_journals/ae_journals__journal_entry.ts @@ -396,13 +396,13 @@ export async function qry__journal_entry({ // Context scoping: Prefer journal_id if provided, otherwise fallback to person_id (global search) if (journal_id) { search_query.and.push({ - field: 'journal_id_random', + field: 'journal_id', op: 'eq', value: journal_id }); } else if (person_id) { search_query.and.push({ - field: 'person_id_random', + field: 'person_id', op: 'eq', value: person_id }); @@ -621,7 +621,7 @@ export async function update_ae_obj__journal_entry({ // } // if (obj_li && obj_li.length) { -// // let obj_li_id = obj_li.map((obj: any) => obj.journal_entry_id_random); +// // let obj_li_id = obj_li.map((obj: any) => obj.journal_entry_id); // const obj_li_id: string[] = []; // for (const obj of obj_li) { @@ -785,7 +785,7 @@ export async function update_ae_obj__journal_entry({ // try { // id_random = await db_journals.journal_entry.put(obj_record); // } catch (error) { -// console.log(`Error: Failed to put ${obj.journal_entry_id_random}: ${error}`); +// console.log(`Error: Failed to put ${obj.journal_entry_id}: ${error}`); // } // } else { // if (log_lvl) { @@ -926,7 +926,6 @@ async function _process_generic_props>({ // --- Common Transformations --- // 1. Standardize ID and other '_random' fields - // The API often returns fields like 'person_id_random', which need to be aliased to 'person_id'. for (const key in processed_obj) { if (key.endsWith('_random')) { const newKey = key.slice(0, -7); // Remove '_random' suffix @@ -934,7 +933,7 @@ async function _process_generic_props>({ } } // Ensure 'id' is set from '[obj_type]_id_random' - const randomIdKey = `${obj_type}_id_random`; + const randomIdKey = `${obj_type}_id`; if (processed_obj[randomIdKey]) { (processed_obj as any).id = processed_obj[randomIdKey]; } @@ -982,7 +981,7 @@ export async function process_ae_obj__journal_entry_props({ // Inject journal_id if provided and missing if (journal_id) { if (!obj.journal_id) obj.journal_id = journal_id; - if (!obj.journal_id_random) obj.journal_id_random = journal_id; + // if (!obj.journal_id_random) obj.journal_id_random = journal_id; } // Content processing diff --git a/src/lib/ae_journals/db_journals.ts b/src/lib/ae_journals/db_journals.ts index 3f80ef9c..cfbf6715 100644 --- a/src/lib/ae_journals/db_journals.ts +++ b/src/lib/ae_journals/db_journals.ts @@ -39,11 +39,11 @@ export interface Journal extends ae_Journal { export const journal_field_li = [ 'id', 'journal_id', - 'journal_id_random', + // 'journal_id_random', 'account_id', - 'account_id_random', + // 'account_id_random', 'person_id', - 'person_id_random', + // 'person_id_random', 'code', 'name', 'short_name', @@ -88,11 +88,11 @@ export interface Journal_Entry extends ae_JournalEntry { export const journal_entry_field_li = [ 'id', 'journal_entry_id', - 'journal_entry_id_random', + // 'journal_entry_id_random', 'journal_id', - 'journal_id_random', + // 'journal_id_random', 'person_id', - 'person_id_random', + // 'person_id_random', 'code', 'name', 'short_name', @@ -122,16 +122,16 @@ export class MySubClassedDexie extends Dexie { super('ae_journals_db'); this.version(5).stores({ journal: ` - id, journal_id, journal_id_random, + id, journal_id, code, - account_id, account_id_random, - person_id, person_id_random, + account_id, + person_id, name, enable, hide, priority, sort, group, created_on, updated_on`, journal_entry: ` - id, journal_entry_id, journal_entry_id_random, - journal_id, journal_id_random, - person_id, person_id_random, + id, journal_entry_id, + journal_id, + person_id, code, template, name, diff --git a/src/lib/ae_utils/ae_utils.ts b/src/lib/ae_utils/ae_utils.ts index 7ab75d4b..3ff3fdb6 100644 --- a/src/lib/ae_utils/ae_utils.ts +++ b/src/lib/ae_utils/ae_utils.ts @@ -9,7 +9,7 @@ import { import { get_obj_li_w_match_prop } from './ae_utils__get_obj_li_w_match_prop'; import { file_extension_icon } from './ae_utils__file_extension_icon'; import { file_extension_icon_lucide } from './ae_utils__file_extension_icon_lucide'; -import { process_permission_checks } from './ae_utils__perm_checks'; +import { process_permission_checks, compare_access_levels } from './ae_utils__perm_checks'; import { iso_datetime_formatter } from './ae_utils__datetime_format'; import { is_datetime_recent } from './ae_utils__is_datetime_recent'; import { extract_prefixed_form_data } from './ae_utils__extract_prefixed_form_data'; @@ -331,6 +331,7 @@ function shorten_filename({ export const ae_util = { is_datetime_recent: is_datetime_recent, process_permission_checks: process_permission_checks, + compare_access_levels: compare_access_levels, iso_datetime_formatter: iso_datetime_formatter, clean_filename: clean_filename, format_bytes: format_bytes, diff --git a/src/lib/ae_utils/ae_utils__perm_checks.ts b/src/lib/ae_utils/ae_utils__perm_checks.ts index 87b3710e..14b8e157 100644 --- a/src/lib/ae_utils/ae_utils__perm_checks.ts +++ b/src/lib/ae_utils/ae_utils__perm_checks.ts @@ -2,7 +2,34 @@ type key_val = { [key: string]: any; }; +// Hierarchical Order (Highest to Lowest) +export const access_level_order = [ + 'super', + 'manager', + 'administrator', + 'trusted', + 'public', + 'authenticated', + 'anonymous' +]; + +/** + * Compares two access levels based on the hierarchy. + * @returns 1 if level_a is higher, -1 if level_b is higher, 0 if equal. + */ +export const compare_access_levels = function (level_a: string, level_b: string): number { + const index_a = access_level_order.indexOf(level_a || 'anonymous'); + const index_b = access_level_order.indexOf(level_b || 'anonymous'); + + // LOWER index means HIGHER priority in the array + if (index_a < index_b) return 1; + if (index_a > index_b) return -1; + return 0; +}; + // NOTE: I know there is a better more efficient way to do this, but I don't have time for that right now. +// Reminder: super > manager > administrator > trusted > public > authenticated > anonymous +// Super is the highest level. Anonymous is the lowest level. export const process_permission_checks = function process_permission_checks(access_type: string) { // let access_checks = { 'access_type': null, 'super_check': null }; const access_checks: key_val = {}; diff --git a/src/lib/types/ae_types.ts b/src/lib/types/ae_types.ts index 5e08322f..f74a05de 100644 --- a/src/lib/types/ae_types.ts +++ b/src/lib/types/ae_types.ts @@ -163,9 +163,9 @@ export interface ae_Journal extends ae_BaseObj { */ export interface ae_JournalEntry extends ae_BaseObj { journal_entry_id: string; - journal_entry_id_random: string; + // journal_entry_id_random: string; journal_id: string; - journal_id_random: string; + // journal_id_random: string; person_id?: string; person_id_random?: string; diff --git a/src/routes/idaa/(idaa)/+layout.svelte b/src/routes/idaa/(idaa)/+layout.svelte index 13e4c2ae..bd265ab9 100644 --- a/src/routes/idaa/(idaa)/+layout.svelte +++ b/src/routes/idaa/(idaa)/+layout.svelte @@ -8,6 +8,7 @@ // *** Import other supporting libraries // *** Import Aether specific variables and functions + import { ae_util } from '$lib/ae_utils/ae_utils'; import { ae_snip, ae_loc, @@ -58,96 +59,36 @@ } $idaa_loc.novi_admin_li = $ae_loc.site_cfg_json?.novi_admin_li ?? []; $idaa_loc.novi_trusted_li = $ae_loc.site_cfg_json?.novi_trusted_li ?? []; - // console.log(`$idaa_loc.novi_uuid:`, $idaa_loc.novi_uuid); - // console.log(`$idaa_loc.novi_admin_li:`, $idaa_loc.novi_admin_li); - - // Reminder: super > manager > administrator > trusted > public > authenticated > anonymous - - // NOTE: This is checking if they are in an iframe *and* have a Novi UUID. We ignore the iframe mode for trusted and above (administrators, managers, etc). - if ( - $ae_loc?.iframe && - $idaa_loc?.novi_uuid?.length == 36 && - $idaa_loc?.novi_email?.length > 3 && - $idaa_loc?.novi_full_name?.length > 0 - ) { - $ae_loc.access_type = 'authenticated'; - $ae_loc.super_access = false; - $ae_loc.manager_access = false; - $ae_loc.administrator_access = false; - $ae_loc.trusted_access = false; - $ae_loc.public_access = false; - $ae_loc.authenticated_access = true; - $ae_loc.anonymous_access = true; - - // Resetting these just in case... - $idaa_loc.bb.qry__hidden == 'not_hidden'; - $idaa_loc.bb.qry__enabled == 'enabled'; - // NOTE: This is sort of temporary while we work on getting Jisti working with IDAA's Novi site. - } else if ( - $ae_loc?.iframe && - $idaa_loc?.novi_uuid?.length == 36 - ) { - $ae_loc.access_type = 'authenticated'; - $ae_loc.super_access = false; - $ae_loc.manager_access = false; - $ae_loc.administrator_access = false; - $ae_loc.trusted_access = false; - $ae_loc.public_access = false; - $ae_loc.authenticated_access = true; - $ae_loc.anonymous_access = true; - - // Resetting these just in case... - $idaa_loc.bb.qry__hidden == 'not_hidden'; - $idaa_loc.bb.qry__enabled == 'enabled'; - } else if ($ae_loc?.iframe) { - $ae_loc.access_type = 'anonymous'; - $ae_loc.super_access = false; - $ae_loc.manager_access = false; - $ae_loc.administrator_access = false; - $ae_loc.trusted_access = false; - $ae_loc.public_access = false; - $ae_loc.authenticated_access = false; - $ae_loc.anonymous_access = true; - - // Resetting these just in case... - $idaa_loc.bb.qry__hidden == 'not_hidden'; - $idaa_loc.bb.qry__enabled == 'enabled'; - } + // Determine target Novi-based access level + let target_novi_level = 'anonymous'; if ($idaa_loc.novi_uuid) { - let flag = false; - // NOTE: Check if the novi_uuid is in the novi_admin_li list - if ($idaa_loc.novi_admin_li) { - if ($idaa_loc.novi_admin_li.includes($idaa_loc.novi_uuid)) { - $ae_loc.access_type = 'administrator'; - $ae_loc.super_access = false; - $ae_loc.manager_access = false; - $ae_loc.administrator_access = true; - $ae_loc.trusted_access = true; - $ae_loc.public_access = true; - $ae_loc.authenticated_access = true; - $ae_loc.anonymous_access = true; - - flag = true; - } - } - - // NOTE: Check if the novi_uuid is in the novi_trusted_li list - if ($idaa_loc.novi_trusted_li) { - if ($idaa_loc.novi_trusted_li.includes($idaa_loc.novi_uuid)) { - $ae_loc.access_type = 'trusted'; - $ae_loc.super_access = false; - $ae_loc.manager_access = false; - $ae_loc.administrator_access = false; - $ae_loc.trusted_access = true; - $ae_loc.public_access = true; - $ae_loc.authenticated_access = true; - $ae_loc.anonymous_access = true; - - flag = true; - } + if ($idaa_loc.novi_admin_li?.includes($idaa_loc.novi_uuid)) { + target_novi_level = 'administrator'; + } else if ($idaa_loc.novi_trusted_li?.includes($idaa_loc.novi_uuid)) { + target_novi_level = 'trusted'; + } else if ($ae_loc?.iframe && $idaa_loc?.novi_uuid?.length == 36) { + target_novi_level = 'authenticated'; } + } else if ($ae_loc?.iframe) { + target_novi_level = 'anonymous'; } + + // PERMISSION UPGRADE STRATEGY: + // Only apply Novi-based permissions if they are HIGHER than the current level. + // This prevents a global 'manager' from being downgraded to 'administrator' or 'authenticated' by the IDAA layout. + const current_level = $ae_loc.access_type || 'anonymous'; + if (ae_util.compare_access_levels(target_novi_level, current_level) === 1) { + console.log(`IDAA Layout: Upgrading access from ${current_level} to ${target_novi_level} (Novi detected)`); + const perms = ae_util.process_permission_checks(target_novi_level); + $ae_loc = { ...$ae_loc, ...perms }; + } else { + if (log_lvl > 1) console.log(`IDAA Layout: Keeping current access ${current_level} (Novi level ${target_novi_level} is not an upgrade)`); + } + + // Resetting these just in case... + $idaa_loc.bb.qry__hidden = 'not_hidden'; + $idaa_loc.bb.qry__enabled = 'enabled'; }); } }); diff --git a/src/routes/journals/ae_comp__journal_entry_obj_li.svelte b/src/routes/journals/ae_comp__journal_entry_obj_li.svelte index 25eea496..5f8fa49f 100644 --- a/src/routes/journals/ae_comp__journal_entry_obj_li.svelte +++ b/src/routes/journals/ae_comp__journal_entry_obj_li.svelte @@ -95,15 +95,22 @@ const filtered = list.filter((item: any) => { if (!item) return false; - // ADMIN/TRUSTED: See everything - if ($ae_loc.trusted_access) return true; - - // PUBLIC: Filter hidden/disabled - // Permissive defaults for missing metadata const is_hidden = item.hide === true || item.hide === 1; const is_disabled = item.enable === false || item.enable === 0; - return !is_hidden && !is_disabled; + // Standard Visibility: Filter out hidden/disabled if not in Edit Mode + if (!$ae_loc.edit_mode) { + return !is_hidden && !is_disabled; + } + + // Edit Mode Gating: + // - To see Hidden: Must have Trusted Access or higher + if (is_hidden && !$ae_loc.trusted_access) return false; + + // - To see Disabled: Must have Administrator Access or higher + if (is_disabled && !$ae_loc.administrator_access) return false; + + return true; }); if (log_lvl)