feat(feedback): in-app user feedback with admin review and account roles
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 12s
CI / ui (pull_request) Successful in 47s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m12s
User-facing Feedback screen (Settings -> Info, registered accounts only): a message (<=1024 runes) plus one optional attachment, an anti-spam gate (one unreviewed message at a time), and the operator's inline reply with a Settings/Info badge. Server-rendered admin console section (/_gm/feedback): unread/read/archived queue with per-user search, detail with read/reply/ archive/delete/delete-all, safe attachment serving (nosniff, images inline via <img>, others download-only). Introduces account_roles, the first per-account role table; feedback_banned blocks only feedback submission, granted/revoked from /users and the delete-with-block action. - migration 00004_feedback (feedback_messages + account_roles) + jetgen - backend internal/feedback (store+service), internal/account/roles.go - wire: FlatBuffers feedback.submit/get/unread; gateway guest gate (Op.NonGuest, is_guest via session resolve) -> guest_forbidden before any backend call - reply push reuses NotificationEvent with a new admin_reply sub-kind - UI: /feedback route + screen, attachment picker, badge, channel detection, i18n - tests: feedback unit (Go+UI), gateway guest-gate, inttest lifecycle, e2e - docs: PLAN stage 19, ARCHITECTURE s15, FUNCTIONAL(+ru), TESTING, READMEs
This commit is contained in:
@@ -0,0 +1,92 @@
|
||||
package account
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"github.com/go-jet/jet/v2/postgres"
|
||||
"github.com/google/uuid"
|
||||
|
||||
"scrabble/backend/internal/postgres/jet/backend/table"
|
||||
)
|
||||
|
||||
// Per-account roles. A role is a named capability or restriction attached to an
|
||||
// account, the reusable replacement for per-feature boolean flags. The set is
|
||||
// expected to grow; roles are validated against KnownRoles in Go so adding one
|
||||
// needs no migration. Granted/revoked from the admin console (/users and the
|
||||
// feedback section).
|
||||
const (
|
||||
// RoleFeedbackBanned forbids the account from submitting feedback (only that;
|
||||
// it is not a full account suspension). See internal/feedback.
|
||||
RoleFeedbackBanned = "feedback_banned"
|
||||
)
|
||||
|
||||
// KnownRoles is the set of roles the console may grant or revoke; an operator
|
||||
// cannot assign an unrecognised role.
|
||||
var KnownRoles = []string{RoleFeedbackBanned}
|
||||
|
||||
// IsKnownRole reports whether role is a recognised account role.
|
||||
func IsKnownRole(role string) bool {
|
||||
for _, r := range KnownRoles {
|
||||
if r == role {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// GrantRole gives the account the role, idempotently (a repeat grant is a no-op).
|
||||
func (s *Store) GrantRole(ctx context.Context, accountID uuid.UUID, role string) error {
|
||||
stmt := table.AccountRoles.
|
||||
INSERT(table.AccountRoles.AccountID, table.AccountRoles.Role).
|
||||
VALUES(accountID, role).
|
||||
ON_CONFLICT(table.AccountRoles.AccountID, table.AccountRoles.Role).DO_NOTHING()
|
||||
if _, err := stmt.ExecContext(ctx, s.db); err != nil {
|
||||
return fmt.Errorf("account: grant role %q to %s: %w", role, accountID, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// RevokeRole removes the role from the account, idempotently.
|
||||
func (s *Store) RevokeRole(ctx context.Context, accountID uuid.UUID, role string) error {
|
||||
stmt := table.AccountRoles.
|
||||
DELETE().
|
||||
WHERE(table.AccountRoles.AccountID.EQ(postgres.UUID(accountID)).
|
||||
AND(table.AccountRoles.Role.EQ(postgres.String(role))))
|
||||
if _, err := stmt.ExecContext(ctx, s.db); err != nil {
|
||||
return fmt.Errorf("account: revoke role %q from %s: %w", role, accountID, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// HasRole reports whether the account holds the role.
|
||||
func (s *Store) HasRole(ctx context.Context, accountID uuid.UUID, role string) (bool, error) {
|
||||
var ok bool
|
||||
err := s.db.QueryRowContext(ctx,
|
||||
`SELECT EXISTS (SELECT 1 FROM backend.account_roles WHERE account_id = $1 AND role = $2)`,
|
||||
accountID, role).Scan(&ok)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("account: has-role %q %s: %w", role, accountID, err)
|
||||
}
|
||||
return ok, nil
|
||||
}
|
||||
|
||||
// ListRoles returns the account's roles, oldest grant first.
|
||||
func (s *Store) ListRoles(ctx context.Context, accountID uuid.UUID) ([]string, error) {
|
||||
rows, err := s.db.QueryContext(ctx,
|
||||
`SELECT role FROM backend.account_roles WHERE account_id = $1 ORDER BY granted_at ASC`,
|
||||
accountID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("account: list roles %s: %w", accountID, err)
|
||||
}
|
||||
defer rows.Close()
|
||||
var out []string
|
||||
for rows.Next() {
|
||||
var role string
|
||||
if err := rows.Scan(&role); err != nil {
|
||||
return nil, fmt.Errorf("account: scan role: %w", err)
|
||||
}
|
||||
out = append(out, role)
|
||||
}
|
||||
return out, rows.Err()
|
||||
}
|
||||
Reference in New Issue
Block a user