npm - @api-client/core - Versions diffs - 0.18.50 → 0.18.52 - Mend

@api-client/core 0.18.50 → 0.18.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/build/src/models/store/Permission.d.ts +12 -1
package/build/src/models/store/Permission.d.ts.map +1 -1
package/build/src/models/store/Permission.js +52 -2
package/build/src/models/store/Permission.js.map +1 -1
package/build/src/runtime/http-engine/ntlm/MD4.js +3 -3
package/build/src/runtime/http-engine/ntlm/MD4.js.map +1 -1
package/build/tsconfig.tsbuildinfo +1 -1
package/data/models/example-generator-api.json +10 -10
package/package.json +2 -2
package/src/models/store/Permission.ts +57 -2
package/src/runtime/http-engine/ntlm/MD4.ts +3 -3
package/tests/unit/models/store/Permission.spec.ts +278 -0

package/data/models/example-generator-api.json CHANGED Viewed

@@ -42068,10 +42068,10 @@
 "@id": "#194"
 },
 {
-"@id": "#197"
+"@id": "#200"
 },
 {
-"@id": "#200"
+"@id": "#197"
 },
 {
 "@id": "#203"
@@ -42810,10 +42810,10 @@
 "@id": "#219"
 },
 {
-"@id": "#210"
+"@id": "#219"
 },
 {
-"@id": "#219"
+"@id": "#210"
 },
 {
 "@id": "#213"
@@ -43478,7 +43478,7 @@
 "doc:ExternalDomainElement",
 "doc:DomainElement"
 ],
-"doc:raw": "code: '5'\ndescription: 'Limited company'\n",
+"doc:raw": "class: '3'\ndescription: '150 - 300'\nnumberOfFte: 5500\nnumberOfEmployees: 5232\n",
 "core:mediaType": "application/yaml",
 "sourcemaps:sources": [
 {
@@ -43499,7 +43499,7 @@
 "doc:ExternalDomainElement",
 "doc:DomainElement"
 ],
-"doc:raw": "class: '3'\ndescription: '150 - 300'\nnumberOfFte: 5500\nnumberOfEmployees: 5232\n",
+"doc:raw": "code: '5'\ndescription: 'Limited company'\n",
 "core:mediaType": "application/yaml",
 "sourcemaps:sources": [
 {
@@ -44232,7 +44232,7 @@
 "doc:ExternalDomainElement",
 "doc:DomainElement"
 ],
-"doc:raw": "type: 'GENERAL'\ncountryDialCode : '+32'\nareaCode : '22'\nsubscriberNumber: '12.87.00'\nformatted: '+32-(0)22 000000'\n",
+"doc:raw": "type: 'GENERAL'\ncountryDialCode : '+32'\nareaCode : '21'\nsubscriberNumber: '12.87.00'\nformatted: '+32-(0)21 302099'\n",
 "core:mediaType": "application/yaml",
 "sourcemaps:sources": [
 {
@@ -44295,7 +44295,7 @@
 "doc:ExternalDomainElement",
 "doc:DomainElement"
 ],
-"doc:raw": "type: 'GENERAL'\ncountryDialCode : '+32'\nareaCode : '21'\nsubscriberNumber: '12.87.00'\nformatted: '+32-(0)21 302099'\n",
+"doc:raw": "type: 'GENERAL'\ncountryDialCode : '+32'\nareaCode : '22'\nsubscriberNumber: '12.87.00'\nformatted: '+32-(0)22 000000'\n",
 "core:mediaType": "application/yaml",
 "sourcemaps:sources": [
 {
@@ -44766,12 +44766,12 @@
 {
 "@id": "#199/source-map/lexical/element_0",
 "sourcemaps:element": "amf://id#199",
-"sourcemaps:value": "[(1,0)-(3,0)]"
+"sourcemaps:value": "[(1,0)-(5,0)]"
 },
 {
 "@id": "#202/source-map/lexical/element_0",
 "sourcemaps:element": "amf://id#202",
-"sourcemaps:value": "[(1,0)-(5,0)]"
+"sourcemaps:value": "[(1,0)-(3,0)]"
 },
 {
 "@id": "#205/source-map/lexical/element_0",

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@api-client/core",
   "description": "The API Client's core client library. Works in NodeJS and in a ES enabled browser.",
-  "version": "0.18.50",
+  "version": "0.18.52",
   "license": "Apache-2.0",
   "exports": {
     "./browser.js": {
@@ -18,7 +18,7 @@
       "types": "./build/src/index.d.ts"
     },
     "./package.json": "./package.json",
-    "./nanoid.js": "./build/src/nanoid*.js",
+    "./nanoid.js": "./build/src/nanoid.js",
     "./amf/*.js": "./build/src/amf/*.js",
     "./amf/*": "./build/src/amf/*",
     "./authorization/*.js": "./build/src/authorization/*.js",

package/src/models/store/Permission.ts CHANGED Viewed

@@ -15,6 +15,8 @@ const orderedRoles: PermissionRole[] = ['reader', 'commenter', 'writer', 'owner'
  * A predefined set of rules that can be used to determine the source of the permission.
  * - `direct_user_grant`: The permission is granted directly to the user.
  * - `creator_default_owner`: The permission is granted to the creator of the item as the default owner.
+ * - `parent_owner_editor_rule`: The object is placed in a folder and the owner of the folder
+ *                               has automatically granted role to the object.
  */
 export type PermissionSourceRule = 'direct_user_grant' | 'creator_default_owner' | 'parent_owner_editor_rule'
@@ -338,8 +340,61 @@ export class Permission {
    * Link to the `Permission.hasRole(minimumLevel, currentRole)`.
    * @see {@link Permission.hasRole}
    */
-  hasRole(minimumLevel: PermissionRole, currentRole: PermissionRole): boolean {
-    return Permission.hasRole(minimumLevel, currentRole)
+  hasRole(minimumLevel: PermissionRole): boolean {
+    return Permission.hasRole(minimumLevel, this.role)
+  }
+  /**
+   * Checks if the user has the required role in the list of permissions.
+   * The permissions list must be filtered for the user, user's organization, and user's groups.
+   *
+   * @param minimumLevel The minimum requested role
+   * @param permissions The list of permissions to check.
+   * @returns True if the user has the required role.
+   */
+  static hasRoleIn(minimumLevel: PermissionRole, permissions: IPermission[]): boolean {
+    if (!permissions || !permissions.length) {
+      return false
+    }
+    // 1. Sort/Group permissions by depth (ascending).
+    // We want to process the closest permissions first.
+    const sorted = [...permissions].sort((a, b) => a.depth - b.depth)
+    const closestDepth = sorted[0].depth
+    const closestPermissions = sorted.filter((p) => p.depth === closestDepth)
+    // 2. Specificity: User > Group > Organization
+    let effectivePermission: IPermission | undefined
+    // Check for user permissions
+    const userPermissions = closestPermissions.filter((p) => p.type === 'user')
+    if (userPermissions.length) {
+      // Pick highest role if multiple user permissions exist at same depth (unlikely but safe)
+      effectivePermission = userPermissions.sort((a, b) => {
+        return orderedRoles.indexOf(b.role) - orderedRoles.indexOf(a.role)
+      })[0]
+    } else {
+      // Check for group permissions
+      const groupPermissions = closestPermissions.filter((p) => p.type === 'group')
+      if (groupPermissions.length) {
+        effectivePermission = groupPermissions.sort((a, b) => {
+          return orderedRoles.indexOf(b.role) - orderedRoles.indexOf(a.role)
+        })[0]
+      } else {
+        // Check for organization permissions
+        const orgPermissions = closestPermissions.filter((p) => p.type === 'organization')
+        if (orgPermissions.length) {
+          effectivePermission = orgPermissions.sort((a, b) => {
+            return orderedRoles.indexOf(b.role) - orderedRoles.indexOf(a.role)
+          })[0]
+        }
+      }
+    }
+    if (!effectivePermission) {
+      return false
+    }
+    return Permission.hasRole(minimumLevel, effectivePermission.role)
   }
   toJSON(): IPermission {

package/src/runtime/http-engine/ntlm/MD4.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export class MD4 {
   }
   static core(x: number[], len: number): number[] {
-    x[len >> 5] |= 0x80 << len % 32
+    x[len >> 5] |= 0x80 << (len % 32)
     x[(((len + 64) >>> 9) << 4) + 14] = len
     let a = 1732584193
@@ -117,7 +117,7 @@ export class MD4 {
     const bin: number[] = []
     const mask = (1 << MD4.chrsz) - 1
     for (let i = 0; i < str.length * MD4.chrsz; i += MD4.chrsz) {
-      bin[i >> 5] |= (str.charCodeAt(i / MD4.chrsz) & mask) << i % 32
+      bin[i >> 5] |= (str.charCodeAt(i / MD4.chrsz) & mask) << (i % 32)
     }
     return bin
   }
@@ -126,7 +126,7 @@ export class MD4 {
     let str = ''
     const mask = (1 << MD4.chrsz) - 1
     for (let i = 0; i < bin.length * 32; i += MD4.chrsz) {
-      str += String.fromCharCode((bin[i >> 5] >>> i % 32) & mask)
+      str += String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask)
     }
     return str
   }

package/tests/unit/models/store/Permission.spec.ts ADDED Viewed

@@ -0,0 +1,278 @@
+import { test } from '@japa/runner'
+import { IPermission, Permission, PermissionRole, PermissionType } from '../../../../src/models/store/Permission.js'
+test.group('Permission.hasRoleIn()', () => {
+  const createPerm = (role: PermissionRole, depth: number, type: PermissionType = 'user', id = 'id'): IPermission => ({
+    kind: 'Core#Permission',
+    key: 'key',
+    role,
+    depth,
+    type,
+    granteeId: id,
+    itemId: 'item',
+    addingUser: 'user',
+    sourceRule: 'direct_user_grant',
+  })
+  test('returns false for empty permissions', ({ assert }) => {
+    assert.isFalse(Permission.hasRoleIn('reader', []))
+  })
+  test('returns true when user has direct role meeting requirement', ({ assert }) => {
+    const perms = [createPerm('writer', 0)]
+    assert.isTrue(Permission.hasRoleIn('reader', perms))
+    assert.isTrue(Permission.hasRoleIn('writer', perms))
+  })
+  test('returns false when user does not meet requirement', ({ assert }) => {
+    const perms = [createPerm('reader', 0)]
+    assert.isFalse(Permission.hasRoleIn('writer', perms))
+  })
+  test('prioritizes closer depth (depth 0 overrides depth 1)', ({ assert }) => {
+    // Depth 0: Reader (Direct), Depth 1: Owner (Inherited)
+    // Expectation: Reader wins (Specificity of depth) -> returns false for Writer check
+    const perms = [createPerm('reader', 0), createPerm('owner', 1)]
+    assert.isFalse(Permission.hasRoleIn('writer', perms))
+    assert.isTrue(Permission.hasRoleIn('reader', perms))
+  })
+  test('prioritizes closer depth (depth 1 overrides depth 2)', ({ assert }) => {
+    // Depth 1: Writer, Depth 2: Reader
+    // Expectation: Writer wins
+    const perms = [createPerm('writer', 1), createPerm('reader', 2)]
+    assert.isTrue(Permission.hasRoleIn('writer', perms))
+  })
+  test('prioritizes user over group at same depth', ({ assert }) => {
+    // Depth 0: User=Reader, Group=Owner
+    // Expectation: User wins -> Reader
+    const perms = [createPerm('reader', 0, 'user'), createPerm('owner', 0, 'group')]
+    assert.isFalse(Permission.hasRoleIn('writer', perms))
+  })
+  test('prioritizes group over organization at same depth', ({ assert }) => {
+    // Depth 0: Group=Reader, Org=Owner
+    // Expectation: Group wins -> Reader
+    const perms = [createPerm('reader', 0, 'group'), createPerm('owner', 0, 'organization')]
+    assert.isFalse(Permission.hasRoleIn('writer', perms))
+  })
+  test('uses highest role when multiple groups at same depth', ({ assert }) => {
+    // Depth 0: GroupA=Reader, GroupB=Writer
+    // Expectation: Writer wins (Union)
+    const perms = [createPerm('reader', 0, 'group', 'A'), createPerm('writer', 0, 'group', 'B')]
+    assert.isTrue(Permission.hasRoleIn('writer', perms))
+  })
+  test('uses highest role when multiple users at same depth (theoretical)', ({ assert }) => {
+    // Depth 0: User=Reader, User=Writer
+    // Expectation: Writer wins
+    const perms = [createPerm('reader', 0, 'user'), createPerm('writer', 0, 'user')]
+    assert.isTrue(Permission.hasRoleIn('writer', perms))
+  })
+  test('ignores deeper permissions even if they are more specific types', ({ assert }) => {
+    // Depth 0: Org=Reader
+    // Depth 1: User=Owner
+    // Expectation: Depth 0 (Org=Reader) wins because it's closer.
+    // User assumption: "closest to the item directly set... should be considered first"
+    const perms = [createPerm('reader', 0, 'organization'), createPerm('owner', 1, 'user')]
+    assert.isFalse(Permission.hasRoleIn('writer', perms))
+  })
+})
+test.group('Permission.constructor()', () => {
+  test('creates a default permission when no input', ({ assert }) => {
+    const p = new Permission()
+    assert.equal(p.kind, 'Core#Permission')
+    assert.typeOf(p.key, 'string')
+    assert.equal(p.role, 'reader')
+    assert.equal(p.type, 'user')
+    assert.equal(p.depth, 0)
+  })
+  test('creates from string JSON', ({ assert }) => {
+    const json = JSON.stringify({
+      kind: 'Core#Permission',
+      key: 'key',
+      role: 'writer',
+      type: 'group',
+      granteeId: 'group-id',
+      itemId: 'item-id',
+      addingUser: 'adder',
+    })
+    const p = new Permission(json)
+    assert.equal(p.role, 'writer')
+    assert.equal(p.type, 'group')
+  })
+  test('creates from object', ({ assert }) => {
+    const init: IPermission = {
+      kind: 'Core#Permission',
+      key: 'key',
+      role: 'owner',
+      type: 'user',
+      granteeId: 'user-id',
+      itemId: 'item-id',
+      addingUser: 'adder',
+      depth: 0,
+      sourceRule: 'direct_user_grant',
+    }
+    const p = new Permission(init)
+    assert.equal(p.role, 'owner')
+    assert.equal(p.granteeId, 'user-id')
+  })
+  test('throws when input is not a permission', ({ assert }) => {
+    assert.throws(() => new Permission({ kind: 'Wrong' } as unknown as IPermission), /Not a permission/)
+  })
+  test('restores optional fields', ({ assert }) => {
+    const init: IPermission = {
+      kind: 'Core#Permission',
+      key: 'key',
+      role: 'owner',
+      type: 'user',
+      granteeId: 'user-id',
+      itemId: 'item-id',
+      addingUser: 'adder',
+      displayName: 'Name',
+      expirationTime: 12345,
+      depth: 0,
+      sourceRule: 'direct_user_grant',
+    }
+    const p = new Permission(init)
+    assert.equal(p.displayName, 'Name')
+    assert.equal(p.expirationTime, 12345)
+  })
+})
+test.group('Permission static factories', () => {
+  test('fromUserRole creates valid permission', ({ assert }) => {
+    const p = Permission.fromUserRole('writer', 'item', 'user', 'adder')
+    assert.equal(p.type, 'user')
+    assert.equal(p.role, 'writer')
+    assert.equal(p.itemId, 'item')
+    assert.equal(p.granteeId, 'user')
+    assert.equal(p.addingUser, 'adder')
+    assert.typeOf(p.key, 'string')
+  })
+  test('fromGroupRole creates valid permission', ({ assert }) => {
+    const p = Permission.fromGroupRole('commenter', 'item', 'group', 'adder')
+    assert.equal(p.type, 'group')
+    assert.equal(p.role, 'commenter')
+    assert.equal(p.itemId, 'item')
+    assert.equal(p.granteeId, 'group')
+  })
+  test('fromOrganizationRole creates valid permission', ({ assert }) => {
+    const p = Permission.fromOrganizationRole('reader', 'item', 'org', 'adder')
+    assert.equal(p.type, 'organization')
+    assert.equal(p.role, 'reader')
+    assert.equal(p.itemId, 'item')
+    assert.equal(p.granteeId, 'org')
+  })
+  test('fromValues creates permission with new key', ({ assert }) => {
+    const base = {
+      role: 'owner',
+      type: 'user',
+      granteeId: 'u',
+      itemId: 'i',
+      addingUser: 'a',
+      depth: 0,
+      sourceRule: 'direct_user_grant',
+    } as unknown as IPermission as unknown as IPermission
+    const p = Permission.fromValues(base)
+    assert.equal(p.role, 'owner')
+    // fromValues generates a new key
+    assert.typeOf(p.key, 'string')
+  })
+})
+test.group('Permission.isPermission()', () => {
+  test('returns true for valid permission interface', ({ assert }) => {
+    const p = { kind: 'Core#Permission' }
+    assert.isTrue(Permission.isPermission(p))
+  })
+  test('returns false for null', ({ assert }) => {
+    assert.isFalse(Permission.isPermission(null))
+  })
+  test('returns false for wrong kind', ({ assert }) => {
+    assert.isFalse(Permission.isPermission({ kind: 'Wrong' }))
+  })
+})
+test.group('Permission.hasRole()', () => {
+  test('returns false when current role is missing', ({ assert }) => {
+    assert.isFalse(Permission.hasRole('reader', undefined))
+  })
+  test('owner satisfies all', ({ assert }) => {
+    assert.isTrue(Permission.hasRole('owner', 'owner'))
+    assert.isTrue(Permission.hasRole('writer', 'owner'))
+    assert.isTrue(Permission.hasRole('commenter', 'owner'))
+    assert.isTrue(Permission.hasRole('reader', 'owner'))
+  })
+  test('writer satisfies lower', ({ assert }) => {
+    assert.isFalse(Permission.hasRole('owner', 'writer'))
+    assert.isTrue(Permission.hasRole('writer', 'writer'))
+    assert.isTrue(Permission.hasRole('commenter', 'writer'))
+    assert.isTrue(Permission.hasRole('reader', 'writer'))
+  })
+  test('reader only satisfies reader', ({ assert }) => {
+    assert.isFalse(Permission.hasRole('writer', 'reader'))
+    assert.isTrue(Permission.hasRole('reader', 'reader'))
+  })
+  test('instance method calls static', ({ assert }) => {
+    const p = Permission.fromUserRole('writer', 'item', 'user', 'adder')
+    assert.isTrue(p.hasRole('reader'))
+  })
+})
+test.group('Permission.isHigherRole()', () => {
+  test('owner > writer', ({ assert }) => {
+    assert.isTrue(Permission.isHigherRole('owner', 'writer'))
+  })
+  test('writer > reader', ({ assert }) => {
+    assert.isTrue(Permission.isHigherRole('writer', 'reader'))
+  })
+  test('reader !> writer', ({ assert }) => {
+    assert.isFalse(Permission.isHigherRole('reader', 'writer'))
+  })
+  test('same role returns false', ({ assert }) => {
+    assert.isFalse(Permission.isHigherRole('owner', 'owner'))
+  })
+})
+test.group('Permission.toJSON()', () => {
+  test('returns plain object with all fields', ({ assert }) => {
+    const p = Permission.fromUserRole('owner', 'item', 'user', 'adder')
+    p.displayName = 'User Name'
+    p.expirationTime = 1000
+    const json = p.toJSON()
+    assert.equal(json.kind, 'Core#Permission')
+    assert.equal(json.role, 'owner')
+    assert.equal(json.displayName, 'User Name')
+    assert.equal(json.expirationTime, 1000)
+    assert.typeOf(json.key, 'string')
+  })
+  test('omits optional fields if undefined', ({ assert }) => {
+    const p = Permission.fromUserRole('owner', 'item', 'user', 'adder')
+    const json = p.toJSON()
+    assert.isUndefined(json.displayName)
+    assert.isUndefined(json.expirationTime)
+  })
+})