matthiasschaub
diff --git a/‎esbuild.mjs
+2 b/‎esbuild.mjs
+2
diff --git a/‎maat/app/maat-api.hoon
+10-50 b/‎maat/app/maat-api.hoon
+10-50
diff --git a/‎maat/app/maat-ui.hoon
+56-23 b/‎maat/app/maat-ui.hoon
+56-23
diff --git a/‎test.sh
+7 b/‎test.sh
+7
diff --git a/‎tests/integration/test_invites.py
+10-2 b/‎tests/integration/test_invites.py
+10-2
diff --git a/‎tests/integration/test_lists.py
+11-17 b/‎tests/integration/test_lists.py
+11-17
diff --git a/‎tests/integration/test_members.py
+15-1 b/‎tests/integration/test_members.py
+15-1
@@ -8,10 +8,12 @@ let ctx = await esbuild.context({
     "./ui/html/invite.html",
     "./ui/html/invites.html",
     "./ui/html/tasks.html",
+    "./ui/html/tasks-public.html",
     "./ui/html/settings.html",
     "./ui/html/about.html",
     "./ui/html/edit-list.html",
     "./ui/html/edit-task.html",
+    "./ui/html/show-task.html",
     "./ui/css/udjat.css",
     "./ui/css/style.css",
     "./ui/css/soria.woff2",
 
@@ -86,19 +86,19 @@
       ::
         %'GET'
       ~&  >  '%maat-api: GET'
-      ?.  auth
-        [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
       ?+  site  [(send [404 ~ [%plain "404 - Not Found"]]) state]
         ::
           [%apps %maat %api @t ~]
         =/  endpoint  (snag 3 `(list @t)`site)
         ?+  endpoint  [(send [404 ~ [%plain "404 - Not Found"]]) state]
-
+          ::
             %invites
+          ?.  auth
+            [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
           =/  path      /(scot %p our.bowl)/maat/(scot %da now.bowl)/invs/noun
           =/  invs   .^(invs %gx path)
           [(send [200 ~ [%json (groups:enjs invs)]]) state]
-
+          ::
             %lists
           =/  path      /(scot %p our.bowl)/maat/(scot %da now.bowl)/groups/noun
           =/  groups    .^(groups %gx path)
@@ -121,22 +121,13 @@
           [(send [404 ~ [%plain "404 - Not Found"]]) state]
           ::
              %version
-           [(send [200 ~ [%json (version:enjs '2024-06-21.2')]]) state]
+           [(send [200 ~ [%json (version:enjs '2024-06-30.1')]]) state]
           ::
             %members
+          ?.  auth
+            [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
           [(send [200 ~ [%json (ships:enjs reg)]]) state]
-          ::::
-            ::%castoffs
-          ::=/  regmod    `(set @tas)`(silt (skim ~(tap in reg) |=(m=member ?~(`(unit @p)`(slaw %p `@t`m) %.n %.y))))
-          ::=/  aclmod    `(set @tas)`(~(run in acl) |=(=@p `@tas`(scot %p `@t`p)))
-          ::=/  castoffs   (~(dif in regmod) aclmod)
-          ::[(send [200 ~ [%json (members:enjs castoffs)]]) state]
-            ::::
-          ::   %invitees
-          :: =/  path  /(scot %p our.bowl)/maat/(scot %da now.bowl)/invs/noun
-          :: =,  .^(=invs %gx path)
-          :: [(send [200 ~ [%json (ships:enjs (val by invs))]]) state]
-          ::::
+          ::
             %tasks
           =/  filter-by-done
             ?~  (find [[key='done' value='true'] ~] args)
@@ -163,15 +154,6 @@
           =/  raw    (apply tasks |=(=task ~(tap in tags.task)))
           =/  =tags  (silt `(list @tas)`(flatten raw))
           [(send [200 ~ [%json (tags:enjs tags)]]) state]
-          ::::
-          ::  %balances
-          ::=/  path  /(scot %p our.bowl)/tahuti/(scot %da now.bowl)/[gid]/net/noun
-          ::=/  net   .^(net %gx path)
-          ::[(send [200 ~ [%json (net:enjs [net currency.group])]]) state]
-          ::  %reimbursements
-          ::=/  path  /(scot %p our.bowl)/tahuti/(scot %da now.bowl)/[gid]/rei/noun
-          ::=/  rei   .^(rei %gx path)
-          ::[(send [200 ~ [%json (rei:enjs [rei currency.group])]]) state]
         ==
           [%apps %maat %api %lists @t %tasks @t ~]
         =/  gid       (snag 4 `(list @t)`site)
@@ -241,11 +223,11 @@
       ::
         %'DELETE'
       ~&  >  '%maat-api: DELETE'
+      ?.  auth
+        [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
       ?+  site  [(send [404 ~ [%plain "404 - Not Found"]]) state]
         ::
           [%apps %maat %api %lists @t ~]
-        ?.  auth
-          [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
         =/  gid        (snag 4 `(list @t)`site)
         =/  path  /(scot %p our.bowl)/maat/(scot %da now.bowl)/[gid]/noun
         =,  .^([=group =acl =reg =led] %gx path)
@@ -259,8 +241,6 @@
         state
       ::
           [%apps %maat %api %lists @t %tasks @t ~]
-        ?.  auth
-          [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
         ~&  >  '%tahuti-api: DELETE /tasks/{tid}'
         =/  gid       (snag 4 `(list @t)`site)
         =/  tid       (snag 6 `(list @t)`site)
@@ -293,27 +273,7 @@
             (send [200 ~ [%plain "ok"]])
           [%pass ~ %agent [our.bowl %maat] %poke %maat-action !>(action)]
         state
-        ::
       ==
-        ::
-      ::
-      ::   %'PATCH'
-      :: ~&  >  '%maat-api: PATCH'
-      :: ?+  site  [(send [404 ~ [%plain "404 - Not Found"]]) state]
-      ::   ::
-      ::     [%apps %maat %api %lists @t %tasks @t ~]
-      ::   ?.  auth
-      ::     [(send [401 ~ [%plain "401 - Unauthorized"]]) state]
-      ::   ~&  >  '%tahuti-api: PATCH /tasks/{tid}'
-      ::   =/  gid       (snag 4 `(list @t)`site)
-      ::   =/  tid       (snag 6 `(list @t)`site)
-      ::   =/  action    [%upt-task gid tid]
-      ::   :-  ^-  (list card)
-      ::     %+  snoc
-      ::       (send [200 ~ [%plain "ok"]])
-      ::     [%pass ~ %agent [our.bowl %maat] %poke %maat-action !>(action)]
-      ::   state
-      :: ==
     ==
   --
 ++  on-arvo
 
@@ -1,4 +1,4 @@
-:: /-  *maat
+/-  *maat
 /+  dbug
 /+  verb
 /+  default-agent
@@ -7,12 +7,15 @@
 ::
 /*  html-index                %html   /app/ui/html/index/html
 /*  html-tasks                %html   /app/ui/html/tasks/html
+/*  html-tasks-public         %html   /app/ui/html/tasks-public/html
 /*  html-create               %html   /app/ui/html/create/html
 /*  html-invites              %html   /app/ui/html/invites/html
 /*  html-invite               %html   /app/ui/html/invite/html
 /*  html-settings             %html   /app/ui/html/settings/html
+/*  html-about                %html   /app/ui/html/about/html
 /*  html-edit-list            %html   /app/ui/html/edit-list/html
 /*  html-edit-task            %html   /app/ui/html/edit-task/html
+/*  html-show-task            %html   /app/ui/html/show-task/html
 /*  css-udjat                 %css    /app/ui/css/udjat/css
 /*  css-style                 %css    /app/ui/css/style/css
 /*  svg-circles               %svg    /app/ui/svg/circles/svg
@@ -102,8 +105,27 @@
     =+  ext=ext.request-line
     =+  send=(cury response:schooner eyre-id)
     =+  auth=authenticated.inbound-request
-    :: TODO:
-    =/  public  %.n
+    =/  group=(unit group)
+      ?.  (gte (lent site) 4)
+        ~
+      =/  gid   (snag 3 site)
+      =/  path  /(scot %p our.bowl)/maat/(scot %da now.bowl)/[gid]/noun
+      =,  .^([=group =acl =reg =led] %gx path)
+      (some group)
+    =/  public=?
+      ?^  group
+        public:(need group)
+      ?~  ext
+        %.n
+      ?+  +.ext  %.n
+        %css    %.y
+        %js     %.y
+        %ttf    %.y
+        %woff2  %.y
+        %png    %.y
+        %svg    %.y
+        %json   %.y
+      ==
     ?.  ?|(auth public)
       ?.  hx-req
         [(send [302 ~ [%login-redirect './apps/maat']]) state]
@@ -172,29 +194,40 @@
       ::  html
       ::
       [%apps %maat %lists @t %tasks @t %edit ~]
-        [(send [200 ~ [%html html-edit-task]]) state]
+        ?:  auth
+          [(send [200 ~ [%html html-edit-task]]) state]
+        ?.  hx-req
+          [(send [302 ~ [%login-redirect './apps/maat']]) state]
+        [(send [200 ~ [%hx-login-redirect './apps/maat']]) state]
+      [%apps %maat %lists @t %tasks @t %show ~]
+        [(send [200 ~ [%html html-show-task]]) state]
       [%apps %maat %lists @t @t ~]
         =/  endpoint  (snag 4 `(list @t)`site)
         ?+  endpoint  [(send [404 ~ [%plain "404 - Not Found"]]) state]
-          %tasks     [(send [200 ~ [%html html-tasks]]) state]
-          %settings  [(send [200 ~ [%html html-settings]]) state]
-          %edit      [(send [200 ~ [%html html-edit-list]]) state]
-          %invite    [(send [200 ~ [%html html-invite]]) state]
-          :: %settings
-          ::   ?:  auth
-          ::     ?:  .=(our.bowl host:(need group))
-          ::       [(send [200 ~ [%html html-settings-host]]) state]
-          ::     [(send [200 ~ [%html html-settings-member]]) state]
-          ::   [(send [200 ~ [%html html-settings-public]]) state]
-          :: %about           [(send [200 ~ [%html html-about]]) state]
-          :: %invite
-          ::   ?.  auth
-          ::     ?.  hx-req
-          ::       [(send [302 ~ [%login-redirect './apps/tahuti']]) state]
-          ::     [(send [200 ~ [%hx-login-redirect './apps/tahuti']]) state]
-          ::   ?:  public
-          ::     [(send [200 ~ [%html html-invite-public]]) state]
-          ::   [(send [200 ~ [%html html-invite]]) state]
+          %tasks
+            ?:  auth
+              [(send [200 ~ [%html html-tasks]]) state]
+            [(send [200 ~ [%html html-tasks-public]]) state]
+          %settings
+            ?:  auth
+              [(send [200 ~ [%html html-settings]]) state]
+            ?.  hx-req
+              [(send [302 ~ [%login-redirect './apps/maat']]) state]
+            [(send [200 ~ [%hx-login-redirect './apps/maat']]) state]
+          %about
+            [(send [200 ~ [%html html-about]]) state]
+          %edit
+            ?:  auth
+              [(send [200 ~ [%html html-edit-list]]) state]
+            ?.  hx-req
+              [(send [302 ~ [%login-redirect './apps/maat']]) state]
+            [(send [200 ~ [%hx-login-redirect './apps/maat']]) state]
+          %invite
+            ?:  auth
+              [(send [200 ~ [%html html-invite]]) state]
+            ?.  hx-req
+              [(send [302 ~ [%login-redirect './apps/maat']]) state]
+            [(send [200 ~ [%hx-login-redirect './apps/maat']]) state]
         ==
     ==
   --
 
@@ -0,0 +1,7 @@
+MAAT_ACCESS_CODE="$(pass talfus-laddus/code)"
+export TAHUTI_ACCESS_CODE
+export MAAT_ACCESS_CODE
+maat backup \
+    --url https://ship.talfus-laddus.de \
+    --gid 185acb93-8166-4447-94fe-c8ec7b2fdcce \
+    --file "$HOME/.backup/maat-$(date -I).json"
@@ -34,11 +34,12 @@ def test_put_invitees(zod, gid):
     assert response.status_code == 200
 
 
-def test_put_invitees_public(gid):
+@pytest.mark.usefixtures("list_public")
+def test_put_invitees_unauthorized_public(gid):
     """Test PUT /invitees with unauthorized requests."""
     url = f"http://localhost:8080/apps/maat/api/lists/{gid}/invitees"
     response = requests.put(url, json={"invitee": "~nus"})
-    assert response.status_code == 500
+    assert response.status_code == 401
 
 
 def test_get_invites(nus, gid, list_, invitee_nus):
@@ -49,3 +50,10 @@ def test_get_invites(nus, gid, list_, invitee_nus):
     result = response.json()
     assert isinstance(result, list)
     assert list_ in result
+
+
+@pytest.mark.usefixtures("list_public")
+def test_get_invites_unauthorized_public():
+    url = f"http://localhost:8080/apps/maat/api/invites"
+    response = requests.get(url)
+    assert response.status_code == 401
@@ -1,5 +1,3 @@
-from time import sleep
-import time
 from uuid import uuid4
 
 import pytest
@@ -64,6 +62,17 @@ def test_lists_put(zod, uuid):
     assert response.status_code == 200
 
 
+def test_lists_put_unauthorized(zod, uuid):
+    list_ = {
+        "gid": uuid,
+        "title": "assembly",
+        "public": False,
+    }
+    url = "http://localhost:8080/apps/maat/api/lists"
+    response = requests.put(url, json=list_)
+    assert response.status_code == 401
+
+
 def test_lists_get_all(zod, list_, lists_schema):
     # GET /lists
     url = "/apps/maat/api/lists"
@@ -138,21 +147,6 @@ def test_lists_update(zod, gid, list_):
     assert result == list_2
 
 
-# @pytest.mark.usefixtures("list_")
-# def test_lists_delete_unauthorized(zod, nus, gid):
-#     # PUT
-#     url = f"/apps/maat/api/lists/{gid}"
-#     response = nus.delete(url)
-#     assert response.status_code == 403
-
-#     # GET /lists
-#     url = "/apps/maat/api/lists"
-#     response = zod.get(url)
-#     assert response.status_code == 200
-#     result = response.json()
-#     assert list in result
-
-
 @pytest.mark.usefixtures("list_")
 def test_lists_get_private(gid):
     # GET /lists/{uuid}
 
@@ -3,7 +3,21 @@
 
 
 @pytest.mark.usefixtures("list_")
-def test_put_members(zod, gid):
+def test_put_members_invalid(zod, gid):
+    url = f"/apps/maat/api/list/{gid}/members"
+    response = zod.put(url, json={})
+    assert response.status_code == 404
+
+
+@pytest.mark.usefixtures("list_public")
+def test_put_members_public_unauthorized(zod, gid):
+    url = f"http://localhost:8080/apps/maat/api/lists/{gid}/members"
+    response = zod.put(url, json={})
+    assert response.status_code == 404
+
+
+@pytest.mark.usefixtures("list_")
+def test_put_members_invalid(zod, gid):
     url = f"/apps/maat/api/list/{gid}/members"
     response = zod.put(url, json={})
     assert response.status_code == 404