feat: add event approval workflow with admin UI

Non-admin event submissions now land in a "proposed" queue that LNbits admins review before the event becomes ticketable and publicly listed. - m008 adds events.events.status (proposed/approved/rejected); m010 seeds an events.settings singleton row with the auto_approve toggle. - Models: Event/CreateEvent.status, EventsSettings, optional date fields with sensible defaults (closing_date defaults to event_end_date which defaults to event_start_date), PublicEvent.status surfaces the workflow state on the public endpoint. - crud: get_all/public/pending_events for the admin views; get/update_settings for the auto_approve toggle; create_event auto-fills missing date defaults. - views_api: * POST /api/v1/events accepts wallet invoice keys so anyone can submit; handler stamps status="proposed" for non-admins when auto_approve is off * /public, /all, /pending, /settings (GET+PUT), /{id}/{approve,reject}, /{id}/tickets endpoints; literal-prefix routes declared before /{event_id} so FastAPI matches them correctly * Public GET /{event_id} bypasses sold-out / closing-window gates for proposed/rejected events and returns the trimmed PublicEvent so the SFC can render a "pending approval" banner * POST /tickets/{event_id} rejects when event.status != "approved" - Frontend: index.vue gains an admin Settings card, Pending Approvals list, status badge column and approve/reject row actions, plus an All Users' Events admin table; index.js gains the data + methods + an isAdmin probe via GET /events/all; display.vue shows pending/rejected banners and hides the Buy Ticket form unless status === "approved". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 18:47:49 +02:00 · 2026-05-05 18:47:49 +02:00 · 4c8e06a6a9
commit 4c8e06a6a9
parent 11043ec8a7
7 changed files with 526 additions and 51 deletions
--- a/crud.py
+++ b/crud.py
@ -4,7 +4,7 @@ from datetime import datetime, timedelta, timezone
 from lnbits.db import Database
 from lnbits.helpers import urlsafe_short_hash

-from .models import CreateEvent, Event, Ticket, TicketExtra
+from .models import CreateEvent, Event, EventsSettings, Ticket, TicketExtra

 db = Database("ext_events")

@ -143,6 +143,11 @@ async def purge_unpaid_tickets(event_id: str) -> None:

 async def create_event(data: CreateEvent) -> Event:
    event_id = urlsafe_short_hash()
+    # Default end_date to start_date and closing_date to end_date when omitted.
+    if not data.event_end_date:
+        data.event_end_date = data.event_start_date
+    if not data.closing_date:
+        data.closing_date = data.event_end_date
    event = Event(id=event_id, time=datetime.now(timezone.utc), **data.dict())
    await db.insert("events.events", event)
    return event
@ -171,6 +176,50 @@ async def get_events(wallet_ids: str | list[str]) -> list[Event]:
    )


+async def get_all_events() -> list[Event]:
+    """All events, no wallet filter. Admin-only callers."""
+    return await db.fetchall(
+        "SELECT * FROM events.events ORDER BY time DESC",
+        model=Event,
+    )
+
+
+async def get_public_events() -> list[Event]:
+    """Approved, non-canceled events for the public listing."""
+    return await db.fetchall(
+        """
+        SELECT * FROM events.events
+        WHERE status = 'approved' AND canceled = FALSE
+        ORDER BY event_start_date ASC
+        """,
+        model=Event,
+    )
+
+
+async def get_pending_events() -> list[Event]:
+    """Proposed events awaiting admin approval."""
+    return await db.fetchall(
+        "SELECT * FROM events.events WHERE status = 'proposed' ORDER BY time DESC",
+        model=Event,
+    )
+
+
+async def get_settings() -> EventsSettings:
+    """Singleton settings row, seeded by m010."""
+    row = await db.fetchone("SELECT * FROM events.settings WHERE id = 1")
+    if row:
+        return EventsSettings(**dict(row))
+    return EventsSettings()
+
+
+async def update_settings(settings: EventsSettings) -> EventsSettings:
+    await db.execute(
+        "UPDATE events.settings SET auto_approve = :auto_approve WHERE id = 1",
+        {"auto_approve": settings.auto_approve},
+    )
+    return settings
+
+
 async def delete_event(event_id: str) -> None:
    await db.execute("DELETE FROM events.events WHERE id = :id", {"id": event_id})