@abraca/dabra 1.0.10 → 1.0.12

package/dist/index.d.ts

@@ -362,6 +362,8 @@ declare class AbracadabraClient {
   }): Promise<DocumentMeta>;
   /** List all permissions for a document (requires read access). */
   listPermissions(docId: string): Promise<PermissionEntry[]>;
+  /** List effective permissions including inherited ones from ancestor documents. */
+  listEffectivePermissions(docId: string): Promise<EffectivePermissionsResponse>;
   /** Grant or change a user's role on a document (requires Owner). */
   setPermission(docId: string, opts: {
     user_id: string;
@@ -971,6 +973,18 @@ interface PermissionEntry {
   username: string;
   display_name: string | null;
 }
+interface EffectivePermissionEntry {
+  user_id: string;
+  role: "owner" | "editor" | "viewer" | "observer";
+  username: string;
+  display_name: string | null;
+  source: "direct" | "inherited";
+  inherited_from_doc_id?: string;
+}
+interface EffectivePermissionsResponse {
+  permissions: EffectivePermissionEntry[];
+  default_role: string;
+}
 interface HealthStatus {
   status: string;
   version: string;
@@ -983,6 +997,8 @@ interface ServerInfo {
   version?: string;
   /** Entry-point document ID advertised by the server, if configured. */
   index_doc_id?: string;
+  /** Default role assigned to users without explicit permissions. */
+  default_role?: string;
 }
 interface SearchResult {
   docId: string;
@@ -1352,10 +1368,13 @@ declare class FileBlobStore extends EventEmitter {
   private db;
   /** Tracks active object URLs so we can revoke them on destroy. */
   private readonly objectUrls;
+  /** Keys that returned 404 from the server — avoids repeated requests. TTL: 5 min. */
+  private readonly _notFound;
+  private static readonly NOT_FOUND_TTL;
   /** Prevents concurrent flush runs. */
   private _flushing;
   private readonly _onlineHandler;
-  constructor(serverOrigin: string, client: AbracadabraClient);
+  constructor(serverOrigin: string, client?: AbracadabraClient | null);
   private getDb;
   private blobKey;
   /**
@@ -2114,4 +2133,4 @@ declare class BroadcastChannelSync extends EventEmitter {
   private handleAwarenessMessage;
 }
 //#endregion
-export { AbracadabraBaseProvider, AbracadabraBaseProviderConfiguration, AbracadabraClient, AbracadabraClientConfig, AbracadabraOutgoingMessageArguments, AbracadabraProvider, AbracadabraProviderConfiguration, AbracadabraWS, AbracadabraWSConfiguration, AbracadabraWebRTC, type AbracadabraWebRTCConfiguration, AbracadabraWebSocketConn, AuthMessageType, AuthorizedScope, AwarenessError, BackgroundSyncManager, type BackgroundSyncManagerOptions, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, CloseEvent, CompleteAbracadabraBaseProviderConfiguration, CompleteAbracadabraWSConfiguration, CompleteHocuspocusProviderConfiguration, CompleteHocuspocusProviderWebsocketConfiguration, ConnectionTimeout, Constructable, ConstructableOutgoingMessage, CryptoIdentity, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, type DocEncryptionInfo, DocKeyManager, type DocSyncState, DocumentCache, type DocumentCacheOptions, DocumentMeta, E2EAbracadabraProvider, E2EEChannel, type E2EEIdentity, E2EOfflineStore, EffectiveRole, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, type FileTransferMeta, type FileTransferStatus, Forbidden, HealthStatus, HocusPocusWebSocket, HocuspocusProvider, HocuspocusProviderConfiguration, HocuspocusProviderWebsocket, HocuspocusProviderWebsocketConfiguration, HocuspocusWebSocket, InviteRow, KEY_EXCHANGE_CHANNEL, ManualSignaling, type ManualSignalingBlob, MessageTooBig, MessageType, OfflineStore, OutgoingMessageArguments, OutgoingMessageInterface, PeerConnection, type PeerInfo, type PeerState, PendingSubdoc, PermissionEntry, PublicKeyInfo, ResetConnection, SearchIndex, SearchResult, ServerInfo, type SignalingIncoming, type SignalingOutgoing, SignalingSocket, SpaceMeta, StatesArray, SubdocMessage, SubdocRegisteredEvent, Unauthorized, UploadInfo, UploadMeta, UploadQueueEntry, UploadQueueStatus, UserProfile, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, encryptField, makeEncryptedYMap, makeEncryptedYText, onAuthenticatedParameters, onAuthenticationFailedParameters, onAwarenessChangeParameters, onAwarenessUpdateParameters, onCloseParameters, onDisconnectParameters, onMessageParameters, onOpenParameters, onOutgoingMessageParameters, onStatelessParameters, onStatusParameters, onSubdocLoadedParameters, onSubdocRegisteredParameters, onSyncedParameters, onUnsyncedChangesParameters, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };
+export { AbracadabraBaseProvider, AbracadabraBaseProviderConfiguration, AbracadabraClient, AbracadabraClientConfig, AbracadabraOutgoingMessageArguments, AbracadabraProvider, AbracadabraProviderConfiguration, AbracadabraWS, AbracadabraWSConfiguration, AbracadabraWebRTC, type AbracadabraWebRTCConfiguration, AbracadabraWebSocketConn, AuthMessageType, AuthorizedScope, AwarenessError, BackgroundSyncManager, type BackgroundSyncManagerOptions, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, CloseEvent, CompleteAbracadabraBaseProviderConfiguration, CompleteAbracadabraWSConfiguration, CompleteHocuspocusProviderConfiguration, CompleteHocuspocusProviderWebsocketConfiguration, ConnectionTimeout, Constructable, ConstructableOutgoingMessage, CryptoIdentity, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, type DocEncryptionInfo, DocKeyManager, type DocSyncState, DocumentCache, type DocumentCacheOptions, DocumentMeta, E2EAbracadabraProvider, E2EEChannel, type E2EEIdentity, E2EOfflineStore, EffectivePermissionEntry, EffectivePermissionsResponse, EffectiveRole, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, type FileTransferMeta, type FileTransferStatus, Forbidden, HealthStatus, HocusPocusWebSocket, HocuspocusProvider, HocuspocusProviderConfiguration, HocuspocusProviderWebsocket, HocuspocusProviderWebsocketConfiguration, HocuspocusWebSocket, InviteRow, KEY_EXCHANGE_CHANNEL, ManualSignaling, type ManualSignalingBlob, MessageTooBig, MessageType, OfflineStore, OutgoingMessageArguments, OutgoingMessageInterface, PeerConnection, type PeerInfo, type PeerState, PendingSubdoc, PermissionEntry, PublicKeyInfo, ResetConnection, SearchIndex, SearchResult, ServerInfo, type SignalingIncoming, type SignalingOutgoing, SignalingSocket, SpaceMeta, StatesArray, SubdocMessage, SubdocRegisteredEvent, Unauthorized, UploadInfo, UploadMeta, UploadQueueEntry, UploadQueueStatus, UserProfile, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, encryptField, makeEncryptedYMap, makeEncryptedYText, onAuthenticatedParameters, onAuthenticationFailedParameters, onAwarenessChangeParameters, onAwarenessUpdateParameters, onCloseParameters, onDisconnectParameters, onMessageParameters, onOpenParameters, onOutgoingMessageParameters, onStatelessParameters, onStatusParameters, onSubdocLoadedParameters, onSubdocRegisteredParameters, onSyncedParameters, onUnsyncedChangesParameters, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@abraca/dabra",
-  "version": "1.0.10",
+  "version": "1.0.12",
   "description": "abracadabra provider",
   "keywords": [
     "abracadabra",

package/src/AbracadabraClient.ts

@@ -5,6 +5,7 @@ import type {
 	UploadInfo,
 	PublicKeyInfo,
 	PermissionEntry,
+	EffectivePermissionsResponse,
 	HealthStatus,
 	ServerInfo,
 	InviteRow,
@@ -355,6 +356,25 @@ export class AbracadabraClient {
 		return res.permissions;
 	}
 
+	/** List effective permissions including inherited ones from ancestor documents. */
+	async listEffectivePermissions(
+		docId: string,
+	): Promise<EffectivePermissionsResponse> {
+		try {
+			return await this.request<EffectivePermissionsResponse>(
+				"GET",
+				`/docs/${encodeURIComponent(docId)}/effective-permissions`,
+			);
+		} catch {
+			// Fallback for older servers that don't support this endpoint
+			const perms = await this.listPermissions(docId);
+			return {
+				permissions: perms.map((p) => ({ ...p, source: "direct" as const })),
+				default_role: "viewer",
+			};
+		}
+	}
+
 	/** Grant or change a user's role on a document (requires Owner). */
 	async setPermission(
 		docId: string,

package/src/AbracadabraWS.ts

@@ -218,6 +218,13 @@ export class AbracadabraWS extends EventEmitter {
   }
 
   attach(provider: AbracadabraBaseProvider) {
+    const existing = this.configuration.providerMap.get(provider.configuration.name);
+    if (existing && existing !== provider) {
+      console.warn(
+        `[AbracadabraWS] attach: overwriting provider for "${provider.configuration.name}". ` +
+        `This may indicate a duplicate loadChild for the same document.`
+      );
+    }
     this.configuration.providerMap.set(provider.configuration.name, provider);
 
     if (this.status === WebSocketStatus.Disconnected && this.shouldConnect) {
@@ -230,12 +237,14 @@ export class AbracadabraWS extends EventEmitter {
   }
 
   detach(provider: AbracadabraBaseProvider) {
-    if (this.configuration.providerMap.has(provider.configuration.name)) {
-      provider.send(CloseMessage, {
-        documentName: provider.configuration.name,
-      });
-      this.configuration.providerMap.delete(provider.configuration.name);
+    const name = provider.configuration.name;
+    const current = this.configuration.providerMap.get(name);
+    if (current === provider) {
+      provider.send(CloseMessage, { documentName: name });
+      this.configuration.providerMap.delete(name);
     }
+    // If current !== provider, another provider owns this slot —
+    // don't send CloseMessage or remove it from the map.
   }
 
   public setConfiguration(

package/src/FileBlobStore.ts

@@ -63,22 +63,26 @@ interface BlobCacheEntry {
 
 export class FileBlobStore extends EventEmitter {
 	private readonly origin: string;
-	private readonly client: AbracadabraClient;
+	private readonly client: AbracadabraClient | null;
 	private dbPromise: Promise<IDBDatabase | null> | null = null;
 	private db: IDBDatabase | null = null;
 
 	/** Tracks active object URLs so we can revoke them on destroy. */
 	private readonly objectUrls = new Map<string, string>();
 
+	/** Keys that returned 404 from the server — avoids repeated requests. TTL: 5 min. */
+	private readonly _notFound = new Map<string, number>();
+	private static readonly NOT_FOUND_TTL = 5 * 60 * 1000;
+
 	/** Prevents concurrent flush runs. */
 	private _flushing = false;
 
 	private readonly _onlineHandler: () => void;
 
-	constructor(serverOrigin: string, client: AbracadabraClient) {
+	constructor(serverOrigin: string, client?: AbracadabraClient | null) {
 		super();
 		this.origin = serverOrigin;
-		this.client = client;
+		this.client = client ?? null;
 
 		this._onlineHandler = () => { this.flushQueue().catch(() => null); };
 		if (typeof window !== "undefined") {
@@ -135,11 +139,23 @@ export class FileBlobStore extends EventEmitter {
 			}
 		}
 
-		// Not cached — try downloading
+		// Not cached — try downloading from server (requires a client)
+		if (!this.client) return null;
+
+		// Skip if we recently got a 404 for this key
+		const nfTime = this._notFound.get(key);
+		if (nfTime && Date.now() - nfTime < FileBlobStore.NOT_FOUND_TTL) {
+			return null;
+		}
+
 		let blob: Blob;
 		try {
 			blob = await this.client.getUpload(docId, uploadId);
-		} catch {
+		} catch (err: unknown) {
+			const status = (err as any)?.status;
+			if (status === 404) {
+				this._notFound.set(key, Date.now());
+			}
 			return null;
 		}
 
@@ -174,6 +190,7 @@ export class FileBlobStore extends EventEmitter {
 		if (typeof window === "undefined") return URL.createObjectURL(blob);
 
 		const key = this.blobKey(docId, uploadId);
+		this._notFound.delete(key);
 
 		// Return existing URL if already cached in-memory
 		const existing = this.objectUrls.get(key);
@@ -268,7 +285,7 @@ export class FileBlobStore extends EventEmitter {
 	 * Entries that fail are marked with status "error" and left in the queue.
 	 */
 	async flushQueue(): Promise<void> {
-		if (this._flushing) return;
+		if (this._flushing || !this.client) return;
 		this._flushing = true;
 
 		try {

package/src/types.ts

@@ -202,6 +202,20 @@ export interface PermissionEntry {
   display_name: string | null;
 }
 
+export interface EffectivePermissionEntry {
+  user_id: string;
+  role: "owner" | "editor" | "viewer" | "observer";
+  username: string;
+  display_name: string | null;
+  source: "direct" | "inherited";
+  inherited_from_doc_id?: string;
+}
+
+export interface EffectivePermissionsResponse {
+  permissions: EffectivePermissionEntry[];
+  default_role: string;
+}
+
 export interface HealthStatus {
   status: string;
   version: string;
@@ -215,6 +229,8 @@ export interface ServerInfo {
   version?: string;
   /** Entry-point document ID advertised by the server, if configured. */
   index_doc_id?: string;
+  /** Default role assigned to users without explicit permissions. */
+  default_role?: string;
 }
 
 // ── Search ───────────────────────────────────────────────────────────────────