feat(admin): affiliate/personal discounts, user-videos, internal routes, authz

Closes the remaining legacy-admin gaps: - Users «مدیریت» modal: create personal discount or affiliate code (owner_user_id + owner_profit_percentage on existing /v1/discounts), and view the user's saved projects ("videos") via new admin GET /v1/saved-projects/by-user/{id} (studio) - Internal routes admin (/admin/routes): CRUD on content.internal_routes (RoutesController + CmsService + gateway /v1/routes/*) - Security: lock identity UsersController Search + Ban to [Authorize(Roles="Admin")] Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 22:42:01 +03:30
parent 0b538e1b1e
commit 3091911260
13 changed files with 182 additions and 2 deletions
@@ -331,7 +331,8 @@
      "stats": "Dashboard",
      "music": "Music",
      "homeEvents": "Home Events",
-      "comments": "Comments"
+      "comments": "Comments",
+      "routes": "Internal Routes"
    },
    "appAdminNodesPage": {
      "title": "Render Nodes",
@@ -331,7 +331,8 @@
      "stats": "داشبورد",
      "music": "موسیقی",
      "homeEvents": "رویدادهای صفحه اصلی",
-      "comments": "نظرات"
+      "comments": "نظرات",
+      "routes": "مسیرهای داخلی"
    },
    "appAdminNodesPage": {
      "title": "نودهای رندر",
@@ -223,6 +223,41 @@ public class CmsService(ContentDbContext db)
        e.StartsAt = Utc(r.StartsAt); e.EndsAt = Utc(r.EndsAt);
    }

+    // ── Internal routes ─────────────────────────────────────────────────────────
+
+    public async Task<List<InternalRouteResponse>> GetRoutesAsync(Guid? tenantId)
+    {
+        return await db.InternalRoutes
+            .Where(x => x.TenantId == null || x.TenantId == tenantId)
+            .OrderBy(x => x.Priority)
+            .Select(r => new InternalRouteResponse(r.Id, r.Name, r.Image, r.Slug, r.Priority, r.LastDate))
+            .ToListAsync();
+    }
+
+    public async Task<InternalRouteResponse> CreateRouteAsync(UpsertRouteRequest req)
+    {
+        var r = new InternalRoute { Name = req.Name, Image = req.Image, Slug = req.Slug, Priority = req.Priority, LastDate = Utc(req.LastDate) };
+        db.InternalRoutes.Add(r);
+        await db.SaveChangesAsync();
+        return new InternalRouteResponse(r.Id, r.Name, r.Image, r.Slug, r.Priority, r.LastDate);
+    }
+
+    public async Task<InternalRouteResponse> UpdateRouteAsync(Guid id, UpsertRouteRequest req)
+    {
+        var r = await db.InternalRoutes.FindAsync(id) ?? throw new KeyNotFoundException($"Route {id} not found");
+        r.Name = req.Name; r.Image = req.Image; r.Slug = req.Slug; r.Priority = req.Priority;
+        r.LastDate = Utc(req.LastDate); r.UpdatedAt = DateTime.UtcNow;
+        await db.SaveChangesAsync();
+        return new InternalRouteResponse(r.Id, r.Name, r.Image, r.Slug, r.Priority, r.LastDate);
+    }
+
+    public async Task DeleteRouteAsync(Guid id)
+    {
+        var r = await db.InternalRoutes.FindAsync(id) ?? throw new KeyNotFoundException($"Route {id} not found");
+        db.InternalRoutes.Remove(r);
+        await db.SaveChangesAsync();
+    }
+
    // ── Website Settings ──────────────────────────────────────────────────────

    public async Task<List<WebsiteSettingResponse>> GetSettingsAsync(Guid? tenantId, bool includeSecret = false)
@@ -181,3 +181,30 @@ public class FavoritesController(CmsService svc) : ControllerBase
        return NoContent();
    }
 }
+
+[ApiController]
+[Route("v1/routes")]
+public class RoutesController(CmsService svc) : ControllerBase
+{
+    [HttpGet]
+    public async Task<IActionResult> List([FromQuery] Guid? tenantId = null) =>
+        Ok(await svc.GetRoutesAsync(tenantId));
+
+    [Authorize(Roles = "Admin")]
+    [HttpPost]
+    public async Task<IActionResult> Create([FromBody] UpsertRouteRequest req) =>
+        Ok(await svc.CreateRouteAsync(req));
+
+    [Authorize(Roles = "Admin")]
+    [HttpPut("{id:guid}")]
+    public async Task<IActionResult> Update(Guid id, [FromBody] UpsertRouteRequest req) =>
+        Ok(await svc.UpdateRouteAsync(id, req));
+
+    [Authorize(Roles = "Admin")]
+    [HttpDelete("{id:guid}")]
+    public async Task<IActionResult> Delete(Guid id)
+    {
+        await svc.DeleteRouteAsync(id);
+        return NoContent();
+    }
+}
@@ -95,6 +95,14 @@ public record CreateMusicTrackRequest(
    int Sort
 );

+public record UpsertRouteRequest(
+    string Slug,
+    string? Name = null,
+    string? Image = null,
+    int Priority = 5,
+    DateTime? LastDate = null
+);
+
 public record UpsertHomeEventRequest(
    string? Title,
    string? Subtitle,
@@ -415,6 +415,15 @@ public record SlideResponse(
    bool IsActive
 );

+public record InternalRouteResponse(
+    Guid Id,
+    string? Name,
+    string? Image,
+    string Slug,
+    int Priority,
+    DateTime? LastDate
+);
+
 public record HomePageEventResponse(
    Guid Id,
    string? Title,
@@ -112,6 +112,7 @@ func main() {
 	v1.Any("/blogs/*path",        apiRL, optionalAuth, content.Handler())
 	v1.Any("/slides/*path",       apiRL, optionalAuth, content.Handler())
 	v1.Any("/home-events/*path",  apiRL, optionalAuth, content.Handler())
+	v1.Any("/routes/*path",       apiRL, optionalAuth, content.Handler())
 	v1.Any("/settings/*path",     apiRL, optionalAuth, content.Handler())
 	v1.Any("/comments/*path",     apiRL, auth, content.Handler())
 	v1.Any("/favorites/*path",    apiRL, auth, content.Handler())
@@ -40,6 +40,7 @@ public class UsersController(IUserService userService) : ControllerBase
        => Ok(await userService.GetByIdAsync(userId));

    [HttpGet]
+    [Authorize(Roles = "Admin")]
    [ProducesResponseType(typeof(PagedResponse<UserResponse>), 200)]
    public async Task<IActionResult> Search(
        [FromQuery] string? q,
@@ -49,6 +50,7 @@ public class UsersController(IUserService userService) : ControllerBase
        => Ok(await userService.SearchAsync(q, tenantId, page, pageSize));

    [HttpPost("{userId:guid}/ban")]
+    [Authorize(Roles = "Admin")]
    [ProducesResponseType(204)]
    public async Task<IActionResult> Ban(Guid userId, [FromBody] BanUserRequest request)
    {
@@ -19,6 +19,12 @@ public class StudioController(StudioService svc) : ControllerBase
    public async Task<IActionResult> List([FromQuery] SavedProjectListRequest req) =>
        Ok(await svc.ListProjectsAsync(UserId, req));

+    // Admin: view any user's saved projects ("user videos" viewer).
+    [HttpGet("by-user/{userId:guid}")]
+    [Authorize(Roles = "Admin")]
+    public async Task<IActionResult> ListByUser(Guid userId, [FromQuery] SavedProjectListRequest req) =>
+        Ok(await svc.ListProjectsAsync(userId, req));
+
    [HttpGet("{id:guid}")]
    public async Task<IActionResult> Get(Guid id) =>
        Ok(await svc.GetProjectAsync(id, UserId));
@@ -26,6 +26,7 @@ export default async function AdminLayout({
    { href: "/admin/blogs", label: t("blogs") },
    { href: "/admin/slides", label: t("slides") },
    { href: "/admin/home-events", label: t("homeEvents") },
+    { href: "/admin/routes", label: t("routes") },
    { href: "/admin/comments", label: t("comments") },
    { href: "/admin/files", label: t("media") },
    { href: "/admin/ai", label: t("aiContent") },
@@ -0,0 +1,8 @@
+"use client";
+
+import { AdminResource } from "@/components/admin/AdminResource";
+import { routesConfig } from "@/components/admin/admin-resources";
+
+export default function Page() {
+  return <AdminResource config={routesConfig} />;
+}
@@ -20,6 +20,32 @@ export function UserActions({ row }: { row: Record<string, unknown>; reload?: ()
  const [seconds, setSeconds] = useState(""); const [renders, setRenders] = useState("");
  const [planDays, setPlanDays] = useState("");
  const [tags, setTags] = useState(""); const [note, setNote] = useState(""); const [status, setStatus] = useState("new");
+  // discount / affiliate
+  const [dcCode, setDcCode] = useState(""); const [dcKind, setDcKind] = useState("Percentage");
+  const [dcValue, setDcValue] = useState(""); const [dcProfit, setDcProfit] = useState(""); const [dcDays, setDcDays] = useState("30");
+  // videos
+  const [vids, setVids] = useState<Array<Record<string, unknown>> | null>(null);
+
+  const createDiscount = async () => {
+    setBusy(true); setMsg(null);
+    const expires = new Date(Date.now() + (Number(dcDays) || 30) * 864e5).toISOString();
+    const res = await fetch(`/api/admin/resource/discounts`, {
+      method: "POST", headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        name: dcCode || `user-${id.slice(0, 8)}`, code: dcCode, kind: dcKind, value: Number(dcValue) || 0,
+        owner_user_id: id, owner_profit_percentage: Number(dcProfit) || 0, expires_at: expires,
+      }),
+    });
+    const d = await res.json().catch(() => null);
+    setMsg(res.ok ? (Number(dcProfit) > 0 ? "کد افیلیت ساخته شد ✓" : "کد تخفیف ساخته شد ✓") : (d?.error?.message ?? d?.error ?? "خطا"));
+    setBusy(false);
+  };
+
+  const loadVideos = async () => {
+    const r = await fetch(`/api/admin/resource/saved-projects/by-user/${id}?pageSize=50`, { cache: "no-store" })
+      .then((x) => x.json()).catch(() => null);
+    setVids(r?.data ?? r?.items ?? (Array.isArray(r) ? r : []));
+  };

  const call = async (path: string, body: object, ok: string) => {
    setBusy(true); setMsg(null);
@@ -96,6 +122,41 @@ export function UserActions({ row }: { row: Record<string, unknown>; reload?: ()
                </div>
              </div>

+              <div className={`${card} p-3`}>
+                <label className={lbl}>کد تخفیف / افیلیت (درصد سود &gt; ۰ یعنی افیلیت)</label>
+                <div className="grid gap-2 sm:grid-cols-2">
+                  <input className={inp} placeholder="کد" value={dcCode} onChange={(e) => setDcCode(e.target.value)} />
+                  <select className={inp} value={dcKind} onChange={(e) => setDcKind(e.target.value)}>
+                    <option value="Percentage">درصدی</option>
+                    <option value="FixedAmount">مبلغ ثابت</option>
+                    <option value="RenderCredits">اعتبار رندر</option>
+                  </select>
+                  <input className={inp} type="number" placeholder="مقدار" value={dcValue} onChange={(e) => setDcValue(e.target.value)} />
+                  <input className={inp} type="number" placeholder="٪ سود افیلیت" value={dcProfit} onChange={(e) => setDcProfit(e.target.value)} />
+                  <input className={inp} type="number" placeholder="اعتبار (روز)" value={dcDays} onChange={(e) => setDcDays(e.target.value)} />
+                </div>
+                <button className={`${btn} mt-2`} disabled={busy || !dcCode || !dcValue} onClick={createDiscount}>ساخت کد</button>
+              </div>
+
+              <div className={`${card} p-3`}>
+                <div className="flex items-center justify-between">
+                  <label className={lbl}>ویدیوهای کاربر</label>
+                  <button className="rounded-lg border border-[#262b40] px-2.5 py-1 text-xs text-gray-300 hover:bg-[#161a2e]" onClick={loadVideos}>بارگذاری</button>
+                </div>
+                {vids != null && (
+                  vids.length === 0 ? <p className="text-xs text-gray-500">ویدیویی یافت نشد.</p> : (
+                    <ul className="mt-1 max-h-40 space-y-1 overflow-y-auto text-sm text-gray-300">
+                      {vids.map((v) => (
+                        <li key={String(v.id)} className="flex items-center justify-between rounded bg-[#0c0e1a] px-2 py-1">
+                          <span className="truncate">{String(v.name ?? v.original_project_name ?? "—")}</span>
+                          <span className="text-[11px] text-gray-500">{String(v.type ?? "")} · {String(v.resolution ?? "")}</span>
+                        </li>
+                      ))}
+                    </ul>
+                  )
+                )}
+              </div>
+
              <div className={`${card} p-3`}>
                <label className={lbl}>یادداشت CRM</label>
                <div className="grid gap-2">
@@ -235,6 +235,26 @@ export const commentsConfig: ResourceConfig = {
  },
 };

+export const routesConfig: ResourceConfig = {
+  title: "Internal Routes",
+  description: "Curated internal routes / featured links (slug, image, priority).",
+  basePath: "routes",
+  canCreate: true,
+  canEdit: true,
+  canDelete: true,
+  columns: [
+    { key: "name", label: "Name" },
+    { key: "slug", label: "Slug" },
+    { key: "priority", label: "Priority" },
+  ],
+  fields: [
+    { key: "slug", label: "Slug (path)", required: true },
+    { key: "name", label: "Name" },
+    { key: "image", label: "Image", type: "image" },
+    { key: "priority", label: "Priority", type: "number" },
+  ],
+};
+
 export const usersConfig: ResourceConfig = {
  title: "Users",
  description: "Accounts in this tenant. Ban or unban below.",