@aooth/arbac-moost 0.1.36 → 0.1.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/plugin.mjs +8 -0
- package/package.json +14 -14
package/dist/plugin.mjs
CHANGED
|
@@ -54,27 +54,32 @@ function arbacPlugin() {
|
|
|
54
54
|
role: new AnnotationSpec({
|
|
55
55
|
description: "Marks this field as THE source of role identifiers for ARBAC evaluation. Two shapes are supported: inline (string | string[]) or @db.rel.from nav prop. Exactly one @arbac.role field per type — multiple declarations throw at boot.",
|
|
56
56
|
nodeType: ["prop"],
|
|
57
|
+
passedWhenReferred: false,
|
|
57
58
|
multiple: false
|
|
58
59
|
}),
|
|
59
60
|
attribute: new AnnotationSpec({
|
|
60
61
|
description: "Marks this field as a user attribute used by ARBAC scope evaluation. The field name becomes the attribute key. Multiple fields are merged.",
|
|
61
62
|
nodeType: ["prop"],
|
|
63
|
+
passedWhenReferred: false,
|
|
62
64
|
multiple: false
|
|
63
65
|
}),
|
|
64
66
|
userId: new AnnotationSpec({
|
|
65
67
|
description: "Overrides which field provides the user identifier for ARBAC. Resolution chain: @arbac.userId → @db.table.preferredId.uniqueIndex field → @meta.id.",
|
|
66
68
|
nodeType: ["prop"],
|
|
69
|
+
passedWhenReferred: false,
|
|
67
70
|
multiple: false
|
|
68
71
|
}),
|
|
69
72
|
attenuate: {
|
|
70
73
|
role: new AnnotationSpec({
|
|
71
74
|
description: "Marks the credential field holding the assumed-role SUBSET (string[]) for restrict-only ARBAC attenuation. Intersected with the user's roles (fail-closed). Exactly one @arbac.attenuate.role field per type — multiple declarations throw at boot.",
|
|
72
75
|
nodeType: ["prop"],
|
|
76
|
+
passedWhenReferred: false,
|
|
73
77
|
multiple: false
|
|
74
78
|
}),
|
|
75
79
|
attr: new AnnotationSpec({
|
|
76
80
|
description: "Marks a credential field whose value narrows the named USER attribute for restrict-only ARBAC attenuation. The argument is the target key in the user model's @arbac.attribute keyspace (validated to exist at boot). Multiple fields may each carry it, targeting different attrs.",
|
|
77
81
|
nodeType: ["prop"],
|
|
82
|
+
passedWhenReferred: false,
|
|
78
83
|
multiple: false,
|
|
79
84
|
argument: {
|
|
80
85
|
name: "userAttr",
|
|
@@ -89,17 +94,20 @@ function arbacPlugin() {
|
|
|
89
94
|
email: new AnnotationSpec({
|
|
90
95
|
description: "Marks this field as the EMAIL login/recovery handle. The framework resolves the field by this annotation (name-agnostic) for findByHandle / recovery / signup. The field MUST carry @db.index.unique (unique-when-present) — a handle must resolve to at most one row; without a unique index the email handle is DISABLED with a warning. At most one @aooth.user.email field per type — multiple declarations throw at boot.",
|
|
91
96
|
nodeType: ["prop"],
|
|
97
|
+
passedWhenReferred: false,
|
|
92
98
|
multiple: false
|
|
93
99
|
}),
|
|
94
100
|
phone: new AnnotationSpec({
|
|
95
101
|
description: "Marks this field as the PHONE login/recovery handle. Same resolution + unique-index contract as @aooth.user.email (disabled with a warning when the field lacks @db.index.unique). At most one @aooth.user.phone field per type — multiple throw at boot.",
|
|
96
102
|
nodeType: ["prop"],
|
|
103
|
+
passedWhenReferred: false,
|
|
97
104
|
multiple: false
|
|
98
105
|
})
|
|
99
106
|
},
|
|
100
107
|
auth: { metadata: new AnnotationSpec({
|
|
101
108
|
description: "Marks the consumer's fully-typed credential-metadata column (@db.json) on their `extends AoothAuthCredential` model — the runtime/validation twin of the `CredentialMetadata` declaration merge. Resolved by `getAoothCredentialMetadataSpec` and threaded to `CredentialStoreAtscriptDb` as `metadataField`. The field MUST carry @db.json (a structured metadata object needs a json column — without it, metadata persistence is DISABLED with a warning). At most one @aooth.auth.metadata field per type — multiple declarations throw at boot. Absent → the atscript-db credential store persists no metadata (non-fatal, warned at boot by the wiring).",
|
|
102
109
|
nodeType: ["prop"],
|
|
110
|
+
passedWhenReferred: false,
|
|
103
111
|
multiple: false
|
|
104
112
|
}) }
|
|
105
113
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aooth/arbac-moost",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.37",
|
|
4
4
|
"description": "Moost RBAC integration for aoothjs (migrated from @moostjs/arbac)",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"abac",
|
|
@@ -60,27 +60,27 @@
|
|
|
60
60
|
"access": "public"
|
|
61
61
|
},
|
|
62
62
|
"dependencies": {
|
|
63
|
-
"@aooth/arbac": "0.1.
|
|
64
|
-
"@aooth/
|
|
65
|
-
"@aooth/
|
|
63
|
+
"@aooth/arbac": "0.1.37",
|
|
64
|
+
"@aooth/arbac-core": "0.1.37",
|
|
65
|
+
"@aooth/user": "0.1.37"
|
|
66
66
|
},
|
|
67
67
|
"devDependencies": {
|
|
68
|
-
"@atscript/core": "^0.1.
|
|
69
|
-
"@atscript/db": "^0.1.
|
|
70
|
-
"@atscript/db-sql-tools": "^0.1.
|
|
71
|
-
"@atscript/db-sqlite": "^0.1.
|
|
72
|
-
"@atscript/moost-db": "^0.1.
|
|
73
|
-
"@atscript/typescript": "^0.1.
|
|
68
|
+
"@atscript/core": "^0.1.79",
|
|
69
|
+
"@atscript/db": "^0.1.111",
|
|
70
|
+
"@atscript/db-sql-tools": "^0.1.111",
|
|
71
|
+
"@atscript/db-sqlite": "^0.1.111",
|
|
72
|
+
"@atscript/moost-db": "^0.1.111",
|
|
73
|
+
"@atscript/typescript": "^0.1.79",
|
|
74
74
|
"@moostjs/event-http": "^0.6.28",
|
|
75
75
|
"@types/better-sqlite3": "^7.6.13",
|
|
76
76
|
"@uniqu/core": "^0.1.6",
|
|
77
77
|
"better-sqlite3": "^12.6.2",
|
|
78
|
-
"unplugin-atscript": "^0.1.
|
|
78
|
+
"unplugin-atscript": "^0.1.79"
|
|
79
79
|
},
|
|
80
80
|
"peerDependencies": {
|
|
81
|
-
"@atscript/db": "^0.1.
|
|
82
|
-
"@atscript/moost-db": "^0.1.
|
|
83
|
-
"@atscript/typescript": "^0.1.
|
|
81
|
+
"@atscript/db": "^0.1.111",
|
|
82
|
+
"@atscript/moost-db": "^0.1.111",
|
|
83
|
+
"@atscript/typescript": "^0.1.79",
|
|
84
84
|
"@moostjs/event-http": "^0.6.28",
|
|
85
85
|
"@wooksjs/event-core": "^0.7.19",
|
|
86
86
|
"@wooksjs/event-http": "^0.7.19",
|