dev day #100 - WE ARE FUCKING DONE, hotfixes incoming but we did it in 100 days, lets fucking go guys, anyone reading this...i love you

internal/controllers/navigation_controller.go

@@ -262,6 +262,11 @@ func (nc *NavigationController) UpdateNavigationItem(c *gin.Context) {
 			updates["requires_admin"] = b
 		}
 	}
+	if v, ok := raw["allow_editor"]; ok {
+		if b, ok2 := v.(bool); ok2 {
+			updates["allow_editor"] = b
+		}
+	}
 
 	if len(updates) == 0 {
 		// Nothing to update
@@ -372,6 +377,72 @@ func (nc *NavigationController) GetSocialLinks(c *gin.Context) {
 	c.JSON(http.StatusOK, links)
 }
 
+// GetEditorAllowedAdminNav returns admin navigation items that are explicitly allowed for editors
+// Top-level items are included only when:
+//   - type != dropdown and allow_editor = true (and visible = true), or
+//   - type == dropdown and it has at least one child with allow_editor = true (and visible = true)
+//
+// Children are filtered to allow_editor = true and visible = true
+func (nc *NavigationController) GetEditorAllowedAdminNav(c *gin.Context) {
+	var top []models.NavigationItem
+	// Load all top-level admin items (categories and direct items)
+	if err := nc.DB.Where("parent_id IS NULL AND requires_admin = ? AND visible = ?", true, true).
+		Order("display_order ASC").
+		Preload("Children", func(db *gorm.DB) *gorm.DB {
+			return db.Where("requires_admin = ? AND visible = ? AND allow_editor = ?", true, true, true).Order("display_order ASC")
+		}).
+		Find(&top).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to fetch editor navigation"})
+		return
+	}
+
+	// Filter according to allow_editor rules
+	out := make([]models.NavigationItem, 0, len(top))
+	// Only allow a curated set of admin pages that have editor-capable APIs
+	allowed := map[string]bool{
+		"articles":   true,
+		"activities": true,
+		"shortlinks": true,
+	}
+	for i := range top {
+		it := top[i]
+		include := false
+		if it.Type == models.NavTypeDropdown {
+			// Filter children by page_type allow-list (children already have allow_editor=true from preload)
+			if len(it.Children) > 0 {
+				children := make([]models.NavigationItem, 0, len(it.Children))
+				for _, ch := range it.Children {
+					if allowed[ch.PageType] {
+						// ensure URL is set
+						if ch.URL == "" {
+							ch.URL = ch.GetURL()
+						}
+						children = append(children, ch)
+					}
+				}
+				it.Children = children
+				if len(it.Children) > 0 {
+					include = true
+				}
+			}
+		} else {
+			// direct admin page: include only when marked allow_editor
+			if it.AllowEditor && allowed[it.PageType] {
+				include = true
+			}
+		}
+		if include {
+			// Ensure URLs are computed
+			if it.URL == "" {
+				it.URL = it.GetURL()
+			}
+			out = append(out, it)
+		}
+	}
+
+	c.JSON(http.StatusOK, out)
+}
+
 // GetAllSocialLinks returns all social links including hidden ones (admin only)
 // @Summary Get all social links (admin)
 // @Description Returns all social links for admin management
@@ -593,7 +664,12 @@ func (nc *NavigationController) SeedDefaultNavigation(c *gin.Context) {
 
 			createChild := func(parent *models.NavigationItem, label, pageType string, order int) error {
 				pid := parent.ID
-				child := &models.NavigationItem{Label: label, Type: models.NavTypeInternal, PageType: pageType, DisplayOrder: order, Visible: true, RequiresAdmin: true}
+				allowEditor := false
+				switch pageType {
+				case "articles", "activities", "shortlinks":
+					allowEditor = true
+				}
+				child := &models.NavigationItem{Label: label, Type: models.NavTypeInternal, PageType: pageType, DisplayOrder: order, Visible: true, RequiresAdmin: true, AllowEditor: allowEditor}
 				child.ParentID = &pid
 				return tx.Create(child).Error
 			}