Initial commit

.gitignore

@@ -0,0 +1,38 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# local env files
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# vercel
+.vercel
+
+# keystone
+.keystone

.prettierignore

@@ -0,0 +1 @@
+render.yaml

README.md

@@ -0,0 +1,94 @@
+<h1 align="center">
+  <a href="https://openship.org">
+    <img width="200px" style="margin-right: 20px" src="https://docs.openship.org/images/openship.svg">
+  </a>
+</h1>
+
+<div align="center">
+
+**Openship is an operations and fulfillment platform that enables multi-channel fulfillment**
+
+[Website](https://openship.org) · [Documentation](https://docs.openship.org) · [Openship Cloud](https://openship.org/signup)
+
+</div>
+
+## Running locally
+
+To get Openship running on your local machine:
+
+### Clone the repo
+
+```
+git clone https://github.com/openshiporg/openship
+```
+
+### Rename example.env to .env
+
+```shell
+//.env
+FRONTEND_URL=http://localhost:3000
+DATABASE_URL=postgresql://postgres:example@url:3000/postgres
+SESSION_SECRET=please_change_me
+```
+
+Be sure to replace DATABASE_URL with a postgres connection string.
+
+You can run postgres locally or get a database online.
+
+> Railway offers a free, temporary [postgres database](https://railway.app/new/postgresql).
+
+### Start the application
+
+Run the following commands start up Openship:
+
+```js
+$ cd openship
+$ yarn install
+$ yarn dev
+```
+
+### Openship: http://localhost:3000
+
+Once the application is running, go to localhost:3000. If there are no users in the database, you'll be redirected to localhost:3000/init where you can create the admin user.
+
+### Keystone CMS: http://localhost:8000
+
+Openship uses [Keystone.js](https://github.com/keystonejs/keystone) under the hood. Running Openship locally will give you access to the Keystone CMS at localhost:8000. It's a great way to see and interact with your database.
+
+## Deployment
+
+Under the hood, Openship is using Next.js, so naturally, it can be hosted anywhere that supports Node.js. Openship also requires a `postgres` database.
+
+### 1-Click Deployment
+
+These deployment services offer `Node.js` and `postgres` databases so Openship can be deployed in 1-click.
+
+#### Railway
+
+[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/new/template/31ZaPV?referralCode=fQpsld)
+
+#### Render
+
+[![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/openshiporg/openship)
+
+### Next.js Deployment
+
+To deploy on platforms that don't support databases like [Netlify](https://netlify.com) and [Vercel](https://vercel.com), you'll need to pass a `postgres` connection string as the `DATABASE_URL` variable.
+
+#### Vercel
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fopenshiporg%2Fopenship&env=SESSION_SECRET,FRONTEND_URL,DATABASE_URL&envDescription=A%20postgres%20connection%20string%20is%20used%20for%20DATABASE_URL)
+
+#### Netlify
+
+[![Deploy to Netlify](https://www.netlify.com/img/deploy/button.svg)](https://app.netlify.com/start/deploy?repository=https://github.com/openshiporg/openship)
+
+## Credits
+
+Openship wouldn't be here without these great projects
+
+- [Next.js](https://nextjs.org/)
+- [Keystone.js](https://keystonejs.com/)
+- [Prisma](https://prisma.io/)
+- [Mantine](https://mantine.dev/)
+- [swr](https://swr.vercel.app/)

access.js

@@ -0,0 +1,191 @@
+import { permissionsList } from "./schemas/fields";
+/*
+  The basic level of access to the system is being signed in as a valid user. This gives you access
+  to the Admin UI, access to your own User and Todo items, and read access to roles.
+*/
+export const isSignedIn = ({ session }) => !!session;
+
+/*
+  Permissions are shorthand functions for checking that the current user's role has the specified
+  permission boolean set to true
+*/
+// export const permissions = {
+//   //   canCreateTodos: ({ session }: ListAccessArgs) =>
+//   //     !!session?.data.role?.canCreateTodos,
+//   //   canManageAllTodos: ({ session }: ListAccessArgs) =>
+//   //     !!session?.data.role?.canManageAllTodos,
+//   canManageUsers: ({ session }: ListAccessArgs) =>
+//     !!session?.data.role?.canManageUsers,
+//   canManageRoles: ({ session }: ListAccessArgs) =>
+//     !!session?.data.role?.canManageRoles,
+//   canManageOrders: ({ session }: ListAccessArgs) =>
+//     !!session?.data.role?.canManageOrders,
+//   canManageShops: ({ session }: ListAccessArgs) =>
+//     !!session?.data.role?.canManageShops,
+//   canManageChannels: ({ session }: ListAccessArgs) =>
+//     !!session?.data.role?.canManageChannels,
+//   canManageMatches: ({ session }: ListAccessArgs) =>
+//     !!session?.data.role?.canManageMatches,
+// };
+
+export const permissions = Object.fromEntries(
+  permissionsList.map((permission) => [
+    permission,
+    function ({ session }) {
+      return !!session?.data.role?.[permission];
+    },
+  ])
+);
+
+/*
+  Rules are logical functions that can be used for list access, and may return a boolean (meaning
+  all or no items are available) or a set of filters that limit the available items
+*/
+export const rules = {
+  ownItem({ session }) {
+    if (!isSignedIn({ session })) {
+      return false;
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: session?.itemId } };
+  },
+  canReadUsers: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    if (permissions.canSeeOtherUsers({ session })) {
+      return true; // They can read everything!
+    }
+    // Can only see yourself
+    return { id: { equals: session.itemId } };
+  },
+  canUpdateUsers: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    if (permissions.canManageUsers({ session })) {
+      return true;
+    }
+    // Can update yourself
+    return { id: { equals: session.itemId } };
+  },
+  canReadOrders: ({ session }) => {
+    if (!isSignedIn({ session })) {
+      return false;
+    }
+    if (permissions.canSeeOtherOrders({ session })) {
+      return true; // They can read everything!
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canUpdateOrders: ({ session }) => {
+    if (!isSignedIn({ session })) {
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canManageOrders({ session })) {
+      return true;
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session?.itemId } } };
+  },
+  canReadShops: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canSeeOtherShops({ session })) {
+      return true; // They can read everything!
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canUpdateShops: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canManageShops({ session })) {
+      return true;
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canReadChannels: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canSeeOtherChannels({ session })) {
+      return true; // They can read everything!
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canUpdateChannels: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canManageChannels({ session })) {
+      return true;
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canReadMatches: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canSeeOtherMatches({ session })) {
+      return true; // They can read everything!
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canUpdateMatches: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canManageMatches({ session })) {
+      return true;
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canReadLinks: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canSeeOtherLinks({ session })) {
+      return true; // They can read everything!
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+  canUpdateLinks: ({ session }) => {
+    if (!session) {
+      // No session? No Users.
+      return false;
+    }
+    // 1. Do they have the permission of canManageProducts
+    if (permissions.canManageLinks({ session })) {
+      return true;
+    }
+    // 2. If not, do they own this item?
+    return { user: { id: { equals: session.itemId } } };
+  },
+};