Summary
Follow-up from #53. Implement the TODO on line 227 of cmd/api/api.go:
// TODO: Protect Under a AdminSponsorEditPermissionMiddleware
Requirements
1. Create AdminSponsorEditPermissionMiddleware
- Follow the existing
AdminScheduleEditPermissionMiddleware pattern
- Protect sponsor edit routes under
/admin/sponsors:
POST / (create)PUT /{sponsorID} (update)DELETE /{sponsorID} (delete)POST /{sponsorID}/logo-upload-url (logo upload)
GET / (list) should remain unprotected by this middleware (read-only)
2. Add super admin toggle routes
Add settings routes following the admin-schedule-edit-toggle pattern:
GET /v1/superadmin/settings/admin-sponsor-edit-togglePOST /v1/superadmin/settings/admin-sponsor-edit-toggle
3. Implementation guide
- Reference
AdminScheduleEditPermissionMiddleware for the middleware implementation
- Reference
getAdminScheduleEditToggle / setAdminScheduleEditToggle handlers for the toggle endpoints
- Add the corresponding config key in the store layer
- Add migration if needed for the new config row
- Add tests following existing patterns
Linked PR
This is a follow-up from the sponsors feature PR linked to #53.
Summary
Follow-up from #53. Implement the
TODOon line 227 ofcmd/api/api.go:// TODO: Protect Under a AdminSponsorEditPermissionMiddlewareRequirements
1. Create
AdminSponsorEditPermissionMiddlewareAdminScheduleEditPermissionMiddlewarepattern/admin/sponsors:POST /(create)PUT /{sponsorID}(update)DELETE /{sponsorID}(delete)POST /{sponsorID}/logo-upload-url(logo upload)GET /(list) should remain unprotected by this middleware (read-only)2. Add super admin toggle routes
Add settings routes following the
admin-schedule-edit-togglepattern:GET /v1/superadmin/settings/admin-sponsor-edit-togglePOST /v1/superadmin/settings/admin-sponsor-edit-toggle3. Implementation guide
AdminScheduleEditPermissionMiddlewarefor the middleware implementationgetAdminScheduleEditToggle/setAdminScheduleEditTogglehandlers for the toggle endpointsLinked PR
This is a follow-up from the sponsors feature PR linked to #53.