[Blog] Admin-gated CRUD routes for /news#221
Merged
Merged
Conversation
Backs the new frontend /admin/blog CMS (opportunity-hack/frontend-ohack.dev#293). The existing public POST /api/messages/news with X-Api-Key auth is untouched so the Slack integration keeps working. - New routes under /api/messages/admin/news (all gated with volunteer.admin via auth.require_org_member_with_permission): - GET /admin/news?limit=&status= — admin list, includes drafts - POST /admin/news — create (default status=draft, skips OpenAI image-gen when featured_image supplied) - PATCH /admin/news/<id> — partial update (allowlisted fields only, clears get_news cache) - DELETE /admin/news/<id> — hard delete - services/news_service.py adds admin_create_news, admin_update_news, admin_delete_news, admin_list_news plus _ADMIN_ALLOWED_KEYS allowlist and _is_publicly_visible filter so the public get_news drops status=draft|archived (over-fetches 3x to keep the post-filter count). - common/utils/firebase.py adds update_news_partial, delete_news, and get_all_news_admin. New optional fields on a news doc (all optional, legacy docs unchanged): content_markdown, content_format, featured_image, author, tags, slug, status, published_at, seo{}, last_updated_by, created_by. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does the PR do?
Adds admin-gated CRUD routes for the
newsFirestore collection so the new frontend/admin/blogCMS (opportunity-hack/frontend-ohack.dev#293) can create, edit, publish/unpublish, and delete blog posts. Today the only write path isPOST /api/messages/newswithX-Api-Key(the Slack integration); that path is not touched so the Slack flow keeps working.New routes (all under
/api/messages/admin/news, gated withvolunteer.admin)GET /admin/news?limit=&status=— admin list, includes drafts and archived postsPOST /admin/news— create (defaultstatus="draft", skips OpenAI image-gen whenfeatured_imageis supplied)PATCH /admin/news/<id>— partial update (allowlisted fields only, clearsget_newscache)DELETE /admin/news/<id>— hard deleteService / firebase changes
services/news_service.pyaddsadmin_create_news,admin_update_news,admin_delete_news,admin_list_news. The allowlist_ADMIN_ALLOWED_KEYSis the only way new fields get throughPATCH. New helper_is_publicly_visiblefiltersstatus in ("draft", "archived")out of the publicget_newsfor both list and single-item reads (over-fetches by 3x so the post-filter count still hits the requested limit).common/utils/firebase.pyaddsupdate_news_partial,delete_news, andget_all_news_admin.New optional fields on a news doc (legacy docs unchanged)
content_markdown,content_format("html" | "markdown"),featured_image,author{name,email,propel_user_id,db_id},tags[],slug,status("draft" | "published" | "archived"),published_at(ISO),seo{title,description,keywords[],canonical,og_image},last_updated_by,created_by.Type of change
Linked Issue
Frontend companion: opportunity-hack/frontend-ohack.dev#293 — must merge alongside this so the admin UI is functional end-to-end.
Make sure you have
frontend-ohack.dev/CLAUDE.md)Reviewer notes
POST /api/messages/newsendpoint (X-Api-Key) is deliberately untouched — the Slack integration depends on it. Only new admin routes are added.get_newsnow dropsstatus=draft|archivedfrom public responses; admins reading via the new/admin/newsroutes see everything.DELETEis hard delete (Firestore doc removed). The frontend confirm dialog spells out the post title to make accidental deletes hard.admin_create_newsskips OpenAI image generation whenfeatured_imageis supplied — saves an API call and lets admins use their own images.slack_tsis stamped totime.time()on admin-created posts so existing ordering keeps working without an explicit Slack message.🤖 Generated with Claude Code