Add the ability for song book entries to have videos. (#1067)

* Add the ability for song book entries to have videos.
* Add roles for programmes.

Author: SLUCHABLUB

src/database/prisma/migrations/20260126172703_add_song_video/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "songs" ADD COLUMN     "video" TEXT;

src/database/prisma/schema.prisma

@@ -687,6 +687,7 @@ model Song {
   createdAt DateTime? @map("created_at") @db.Timestamptz(6)
   updatedAt DateTime? @map("updated_at") @db.Timestamptz(6)
   deletedAt DateTime? @map("deleted_at") @db.Timestamptz(6)
+  video     String?
 
   @@map("songs")
 }

src/database/schema.zmodel

@@ -186,7 +186,7 @@ model Author {
   // Hide author if the member behind it is currently stab, or if it was posted as a "stab" mandate, AND user does not "see staben"
   // There is one exception: If the author is of type "Custom Author" then it is fine to show, as the person behind it is not shown
   @@deny("read", type != "Custom" && (
-                  startsWith(mandate.positionId, "dsek.noll.stab.") 
+                  startsWith(mandate.positionId, "dsek.noll.stab.")
                   || member.mandates?[startDate < now() && now() < endDate && (startsWith(positionId, "dsek.noll.stab."))]
                   ) && !has(auth().policies, "member:see_staben") && auth().memberId != memberId)
 }
@@ -512,7 +512,7 @@ model Mandate {
   authors     Author[]
   member      Member        @relation(fields: [memberId], references: [id], onDelete: NoAction, onUpdate: NoAction, map: "mandates_member_id_foreign")
   position    Position      @relation(fields: [positionId], references: [id], onDelete: NoAction, onUpdate: NoAction, map: "mandates_position_id_foreign")
-  
+
   // Used on phadder mandates to connect to the phadder group
   phadderInId String?       @db.Uuid @allow("update", auth().memberId == memberId || has(auth().policies, "nollning:phaddrar:groups:manage"))
   phadderIn   PhadderGroup? @relation(fields: [phadderInId], references: [id], onDelete: SetNull, onUpdate: NoAction)
@@ -819,6 +819,7 @@ model Song {
   createdAt DateTime? @map("created_at") @db.Timestamptz(6)
   updatedAt DateTime? @map("updated_at") @db.Timestamptz(6)
   deletedAt DateTime? @map("deleted_at") @db.Timestamptz(6)
+  video     String?
 
   @@allow("create", has(auth().policies, "song:create"))
   @@allow("read", has(auth().policies, "song:read"))
@@ -948,8 +949,8 @@ model Shoppable {
   @@allow("update", auth().memberId == authorId || has(auth().policies, "webshop:manage"))
 
   // I would like to do something like this but it is not possible because has(list: Any[], literal: Any) requires a literal
-  // @@allow("read", isEmpty(accessPolicies) || 
-  //   accessPolicies?[exists(role != null && has(auth().roles, role)) || 
+  // @@allow("read", isEmpty(accessPolicies) ||
+  //   accessPolicies?[exists(role != null && has(auth().roles, role)) ||
   //                   (studentId != null && auth().studentId == studentId)])
   @@allow("read", true)
 
@@ -1155,8 +1156,8 @@ model Expense {
   ))
   @@allow("update", hasBeenSentToBookkeeping == false && (
     (memberId == auth().memberId)
-    || items?[signerMemberId == auth().memberId] 
-    || has(auth().policies, "expenses:bookkeeping") 
+    || items?[signerMemberId == auth().memberId]
+    || has(auth().policies, "expenses:bookkeeping")
   ))
   @@allow("delete" , false)
 
@@ -1183,7 +1184,7 @@ model ExpenseItem {
   @@allow("create", has(auth().policies, "expenses:create") /* && signerMemberId != expense.memberId (TODO: Uncomment this when we upgrade to zenstack v2) */ && signedByMemberId == null && signedAt == null)
   // copy auth from Expense
   @@allow("read", (
-    expense.memberId == auth().memberId 
+    expense.memberId == auth().memberId
     || expense.items?[signerMemberId == auth().memberId]
     || has(auth().policies, "expenses:bookkeeping")
   ))

src/database/seed/.snaplet/dataModel.json

@@ -9111,6 +9111,20 @@
           "hasDefaultValue": false,
           "isId": false,
           "maxLength": 255
+        },
+        {
+          "id": "public.songs.video",
+          "name": "video",
+          "columnName": "video",
+          "type": "text",
+          "isRequired": false,
+          "kind": "scalar",
+          "isList": false,
+          "isGenerated": false,
+          "sequence": false,
+          "hasDefaultValue": false,
+          "isId": false,
+          "maxLength": null
         }
       ],
       "uniqueConstraints": [

src/lib/utils/authorization.ts

@@ -54,9 +54,13 @@ export const getDerivedRoles = (
   if (groupList?.length || signedIn) splitGroups.add("_"); // logged in users
   if (classYear && classYear === new Date().getFullYear())
     splitGroups.add("nolla");
-  if (classYear) {
+  if (classYear !== undefined) {
     const shortYear = String(classYear % 100);
     splitGroups.add(classProgramme + shortYear);
   }
+  if (classProgramme !== undefined) {
+    splitGroups.add(classProgramme);
+  }
+
   return [...splitGroups];
 };

src/routes/(app)/songbook/[slug]/+page.svelte

@@ -5,9 +5,15 @@
   import Disclaimer from "../Disclaimer.svelte";
   import SongElement from "../SongElement.svelte";
   import * as m from "$paraglide/messages";
+  import type { AuthUser } from "@zenstackhq/runtime";
 
   import type { PageData } from "./$types";
   export let data: PageData;
+
+  // This exist to make svansen of spritbolaget private to members.
+  function mayWatchVideos(user: AuthUser): boolean {
+    return user.roles.some((role) => ["C", "D", "VR/AR"].includes(role));
+  }
 </script>
 
 <SetPageTitle title={data.song.title} />
@@ -17,6 +23,13 @@
 
 <SongElement song={data.song} class="my-0 p-0 shadow-none ring-transparent" />
 
+{#if data.song.video !== null && mayWatchVideos(data.user)}
+  <video controls class="pb-8 pt-8">
+    <source src={data.song.video} />
+    <track kind="captions" />
+  </video>
+{/if}
+
 <Disclaimer />
 
 {#if isAuthorized(apiNames.SONG.UPDATE, data.user)}