--- /dev/null
+let jst_server = (await import('@ndcode/jst_server')).default
+let XDate = require('xdate')
+
+return async env => {
+ let get_account = await _require('/_lib/get_account.jst')
+ let get_session = await _require('/_lib/get_session.jst')
+ let post_request = await _require('/_lib/post_request.jst')
+
+ await post_request(
+ // env
+ env,
+ // handler
+ async navigation => {
+ // do not bother trying to coerce and/or validate
+ // too complex and nested (do it when we have an automated routine)
+
+ let transaction = await env.site.database.Transaction()
+ try {
+ let root = await transaction.get({})
+ let session = await get_session(env, root)
+
+ let account = await get_account(root, session)
+ if (account === undefined)
+ throw new jst_server.Problem(
+ 'Unauthorized',
+ 'Please sign in first.',
+ 401
+ )
+ if (!await account.get_json('administrator'))
+ throw new jst_server.Problem(
+ 'Unauthorized',
+ 'Not administrator.',
+ 401
+ )
+
+ root.set_json('navigation', navigation)
+ await transaction.commit()
+ }
+ catch (error) {
+ transaction.rollback()
+ throw error
+ }
+ }
+ )
+}