From 304756592013ee0a60ad61fafee5816da9ed7204 Mon Sep 17 00:00:00 2001
From: Padreug <padreug@aiolabs.dev>
Date: Thu, 21 May 2026 15:55:19 +0200
Subject: [PATCH 1/3] feat(activities): fetchMyEvents + invoice-key
 auto_approve probe

`fetchMyEvents` hits the existing all_wallets=true endpoint to surface
the caller's own events regardless of status. `getAutoApprove` now
calls the public probe (invoice-key-gated) added in events extension
v1.3.0-aio.5 so non-admin webapp users get accurate edit-flow copy.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../activities/services/TicketApiService.ts   | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/modules/activities/services/TicketApiService.ts b/src/modules/activities/services/TicketApiService.ts
index 432771d..64c5fdb 100644
--- a/src/modules/activities/services/TicketApiService.ts
+++ b/src/modules/activities/services/TicketApiService.ts
@@ -34,6 +34,20 @@ export class TicketApiService {
     return response
   }
 
+  /**
+   * Fetch the authenticated user's own events across all their wallets,
+   * regardless of status. Lets the webapp show the user's pending /
+   * rejected events alongside the public approved feed — without this
+   * a user who edits under `auto_approve=false` loses sight of their
+   * own event the moment it drops to `proposed`.
+   */
+  async fetchMyEvents(invoiceKey: string): Promise<any[]> {
+    return this.request('/events/api/v1/events?all_wallets=true', {
+      method: 'GET',
+      headers: { 'X-API-KEY': invoiceKey },
+    })
+  }
+
   /**
    * Request a ticket purchase (creates a Lightning invoice).
    * Uses POST /tickets/{event_id} with user_id in body (upstream API).
@@ -187,14 +201,16 @@ export class TicketApiService {
   }
 
   /**
-   * Read the extension's auto_approve flag. Admin-only endpoint, so
-   * non-admin callers see false (the safe default for UI gating).
+   * Read the extension's auto_approve flag. Hits the public probe
+   * (invoice-key-gated, available to any wallet holder), so non-admin
+   * users see the real value and the edit-flow copy is accurate.
+   * Degrades to `false` on failure — the safer default for warning UI.
    */
-  async getAutoApprove(adminKey: string): Promise<boolean> {
+  async getAutoApprove(invoiceKey: string): Promise<boolean> {
     try {
-      const settings = await this.request('/events/api/v1/events/settings', {
+      const settings = await this.request('/events/api/v1/events/settings/public', {
         method: 'GET',
-        headers: { 'X-API-KEY': adminKey },
+        headers: { 'X-API-KEY': invoiceKey },
       })
       return Boolean(settings?.auto_approve)
     } catch {

From 01b871e7fad7aac5c5ca6eee2231586335d0703e Mon Sep 17 00:00:00 2001
From: Padreug <padreug@aiolabs.dev>
Date: Thu, 21 May 2026 15:55:19 +0200
Subject: [PATCH 2/3] feat(activities): merge own events into the feed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When authenticated, parallel-fetch the caller's own events (any
status) alongside the public approved feed and merge with public-wins
dedup. Without this, an event that drops to `proposed` after a
non-admin edit disappears from the user's view — they couldn't find
it to make a follow-up edit or watch for re-approval.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../activities/composables/useEvents.ts       | 31 ++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/modules/activities/composables/useEvents.ts b/src/modules/activities/composables/useEvents.ts
index a67cf69..cdc5902 100644
--- a/src/modules/activities/composables/useEvents.ts
+++ b/src/modules/activities/composables/useEvents.ts
@@ -1,14 +1,43 @@
 import { computed } from 'vue'
 import { useAsyncState } from '@vueuse/core'
 import { injectService, SERVICE_TOKENS } from '@/core/di-container'
+import { useAuth } from '@/composables/useAuthService'
 import type { TicketApiService } from '../services/TicketApiService'
 import type { TicketedEvent } from '../types/ticket'
 
 export function useEvents() {
   const ticketApi = injectService(SERVICE_TOKENS.TICKET_API) as TicketApiService
+  const { isAuthenticated, currentUser } = useAuth()
+
+  // When authenticated, also fetch the user's own events (any status)
+  // and merge them into the feed. Otherwise an event that drops to
+  // `proposed` after a non-admin edit disappears from the user's view
+  // entirely — they'd be unable to find it to make a follow-up edit or
+  // monitor its approval status. Public approved events from other
+  // users take precedence on dedup (server is the source of truth for
+  // the public view).
+  const fetchAll = async (): Promise<TicketedEvent[]> => {
+    const publicEvents = (await ticketApi.fetchTicketedEvents()) as TicketedEvent[]
+
+    if (!isAuthenticated.value) return publicEvents
+
+    const invoiceKey = currentUser.value?.wallets?.[0]?.inkey
+    if (!invoiceKey) return publicEvents
+
+    try {
+      const myEvents = (await ticketApi.fetchMyEvents(invoiceKey)) as TicketedEvent[]
+      const seen = new Set(publicEvents.map((e) => e.id))
+      const own = myEvents.filter((e) => !seen.has(e.id))
+      return [...publicEvents, ...own]
+    } catch {
+      // Falling back to just the public feed is acceptable — the user
+      // can still browse, they just won't see their own pending events.
+      return publicEvents
+    }
+  }
 
   const { state: events, isLoading, error: asyncError, execute: refresh } = useAsyncState(
-    () => ticketApi.fetchTicketedEvents() as Promise<TicketedEvent[]>,
+    fetchAll,
     [] as TicketedEvent[],
     {
       immediate: true,

From 9b1b56e05d3a4c04cd93ca3e16a970c242395743 Mon Sep 17 00:00:00 2001
From: Padreug <padreug@aiolabs.dev>
Date: Thu, 21 May 2026 15:55:19 +0200
Subject: [PATCH 3/3] feat(activities): status badge + buy-disabled on own
 pending events

Show a "Pending review" (or "Rejected") badge on the user's own
non-approved events, and disable the Buy Ticket button on any
non-approved event with a "Not yet available" label. Probe
auto_approve via the public endpoint with inkey, not adminkey, so the
warning copy works for non-admin owners.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/modules/activities/views/EventsPage.vue | 28 ++++++++++++++++-----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/modules/activities/views/EventsPage.vue b/src/modules/activities/views/EventsPage.vue
index 2a4adac..a8eefdd 100644
--- a/src/modules/activities/views/EventsPage.vue
+++ b/src/modules/activities/views/EventsPage.vue
@@ -48,11 +48,13 @@ function canEdit(event: TicketedEvent): boolean {
 
 onMounted(async () => {
   if (!isAuthenticated.value) return
-  const adminKey = currentUser.value?.wallets?.[0]?.adminkey
-  if (!adminKey) return
+  const wallet = currentUser.value?.wallets?.[0]
+  if (!wallet?.inkey) return
   const ticketApi = injectService(SERVICE_TOKENS.TICKET_API) as TicketApiService
-  isAdmin.value = await ticketApi.isAdmin(adminKey)
-  autoApprove.value = await ticketApi.getAutoApprove(adminKey)
+  autoApprove.value = await ticketApi.getAutoApprove(wallet.inkey)
+  if (wallet.adminkey) {
+    isAdmin.value = await ticketApi.isAdmin(wallet.adminkey)
+  }
 })
 
 function formatDate(dateStr: string | null | undefined) {
@@ -159,7 +161,16 @@ function handleEventChanged() {
           <div class="grid gap-4 md:grid-cols-2 lg:grid-cols-3">
             <Card v-for="event in upcomingEvents" :key="event.id" class="flex flex-col">
               <CardHeader>
-                <CardTitle class="text-foreground">{{ event.name }}</CardTitle>
+                <div class="flex items-start justify-between gap-2">
+                  <CardTitle class="text-foreground">{{ event.name }}</CardTitle>
+                  <Badge
+                    v-if="canEdit(event) && event.status !== 'approved'"
+                    :variant="event.status === 'rejected' ? 'destructive' : 'secondary'"
+                    class="shrink-0 capitalize"
+                  >
+                    {{ event.status === 'rejected' ? 'Rejected' : 'Pending review' }}
+                  </Badge>
+                </div>
                 <CardDescription>{{ event.info }}</CardDescription>
               </CardHeader>
               <CardContent class="flex-grow">
@@ -186,13 +197,18 @@ function handleEventChanged() {
                 <Button
                   class="flex-1"
                   variant="default"
-                  :disabled="event.amount_tickets <= event.sold || !isAuthenticated"
+                  :disabled="
+                    event.status !== 'approved' ||
+                    event.amount_tickets <= event.sold ||
+                    !isAuthenticated
+                  "
                   @click="handlePurchaseClick(event)"
                 >
                   <span v-if="!isAuthenticated" class="flex items-center gap-2">
                     <LogIn class="w-4 h-4" />
                     Login to Purchase
                   </span>
+                  <span v-else-if="event.status !== 'approved'">Not yet available</span>
                   <span v-else>Buy Ticket</span>
                 </Button>
                 <Button