npm - @appsemble/utils - Versions diffs - 0.29.10 → 0.30.1 - Mend

@appsemble/utils 0.29.10 → 0.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (493) hide show

package/README.md +3 -3
package/api/components/parameters/$own.d.ts +2 -0
package/api/components/parameters/$own.js +7 -0
package/api/components/parameters/appMemberId.d.ts +2 -0
package/api/components/parameters/appMemberId.js +8 -0
package/api/components/parameters/groupId.d.ts +2 -0
package/api/components/parameters/groupId.js +8 -0
package/api/components/parameters/groupMemberId.d.ts +2 -0
package/api/components/parameters/groupMemberId.js +8 -0
package/api/components/parameters/index.d.ts +17 -13
package/api/components/parameters/index.js +17 -13
package/api/components/parameters/organizationId.d.ts +9 -2
package/api/components/parameters/organizationId.js +1 -1
package/api/components/parameters/roles.js +12 -6
package/api/components/parameters/seed.d.ts +2 -0
package/api/components/parameters/seed.js +9 -0
package/api/components/parameters/selectedGroupId.d.ts +2 -0
package/api/components/parameters/selectedGroupId.js +7 -0
package/api/components/parameters/serviceSecretId.d.ts +2 -0
package/api/components/parameters/{appServiceId.js → serviceSecretId.js} +3 -3
package/api/components/requestBodies/oauth2Consent.js +1 -5
package/api/components/requestBodies/user.js +1 -1
package/api/components/schemas/ActionDefinition.js +14 -11
package/api/components/schemas/AppAccount.js +7 -24
package/api/components/schemas/AppDefinition.js +3 -15
package/api/components/schemas/AppMember.d.ts +2 -0
package/api/components/schemas/AppMember.js +26 -0
package/api/components/schemas/AppMemberCurrentPatchActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberCurrentPatchActionDefinition.js +30 -0
package/api/components/schemas/AppMemberDeleteActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberDeleteActionDefinition.js +20 -0
package/api/components/schemas/AppMemberInfo.d.ts +2 -0
package/api/components/schemas/AppMemberInfo.js +48 -0
package/api/components/schemas/AppMemberInviteActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberInviteActionDefinition.js +24 -0
package/api/components/schemas/AppMemberLoginActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberLoginActionDefinition.js +24 -0
package/api/components/schemas/AppMemberLogoutActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberLogoutActionDefinition.js +14 -0
package/api/components/schemas/AppMemberPropertiesPatchActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberPropertiesPatchActionDefinition.js +26 -0
package/api/components/schemas/AppMemberPropertyDefinition.d.ts +2 -0
package/api/components/schemas/{UserPropertyDefinition.js → AppMemberPropertyDefinition.js} +5 -5
package/api/components/schemas/AppMemberQueryActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberQueryActionDefinition.js +20 -0
package/api/components/schemas/AppMemberRegisterActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberRegisterActionDefinition.js +43 -0
package/api/components/schemas/AppMemberRoleUpdateActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberRoleUpdateActionDefinition.js +27 -0
package/api/components/schemas/AppMembersDefinition.d.ts +2 -0
package/api/components/schemas/AppMembersDefinition.js +17 -0
package/api/components/schemas/GroupMember.d.ts +2 -0
package/api/components/schemas/GroupMember.js +19 -0
package/api/components/schemas/GroupMemberDeleteActionDefinition.d.ts +1 -0
package/api/components/schemas/{TeamMembersActionDefinition.js → GroupMemberDeleteActionDefinition.js} +5 -5
package/api/components/schemas/GroupMemberInviteActionDefinition.d.ts +1 -0
package/api/components/schemas/{TeamInviteActionDefinition.js → GroupMemberInviteActionDefinition.js} +5 -6
package/api/components/schemas/GroupMemberQueryActionDefinition.d.ts +1 -0
package/api/components/schemas/GroupMemberQueryActionDefinition.js +18 -0
package/api/components/schemas/GroupMemberRoleUpdateActionDefinition.d.ts +1 -0
package/api/components/schemas/GroupMemberRoleUpdateActionDefinition.js +22 -0
package/api/components/schemas/GroupQueryActionDefinition.d.ts +1 -0
package/api/components/schemas/{UserLogoutActionDefinition.js → GroupQueryActionDefinition.js} +4 -4
package/api/components/schemas/OrganizationMember.js +2 -2
package/api/components/schemas/ResourceCountActionDefinition.js +4 -0
package/api/components/schemas/ResourceCreateActionDefinition.js +1 -1
package/api/components/schemas/ResourceDefinition.js +0 -22
package/api/components/schemas/ResourceQueryActionDefinition.js +4 -0
package/api/components/schemas/SecurityDefaultDefinition.js +1 -1
package/api/components/schemas/SecurityDefinition.js +2 -6
package/api/components/schemas/SecurityGuestDefinition.d.ts +2 -0
package/api/components/schemas/SecurityGuestDefinition.js +26 -0
package/api/components/schemas/SecurityRoleDefinition.js +7 -0
package/api/components/schemas/User.js +2 -22
package/api/components/schemas/UserInfo.d.ts +2 -0
package/api/components/schemas/UserInfo.js +42 -0
package/api/components/schemas/index.d.ts +22 -15
package/api/components/schemas/index.js +22 -15
package/api/components/securitySchemes/app.js +6 -6
package/api/components/securitySchemes/cli.js +3 -3
package/api/paths/app-collections/appCollectionId/apps/appId/pinned.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/apps/appId/pinned.js +70 -0
package/api/paths/app-collections/appCollectionId/apps/appId.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/apps/appId.js +34 -0
package/api/paths/app-collections/appCollectionId/apps.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/apps.js +93 -0
package/api/paths/app-collections/appCollectionId/expert/profileImage.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/expert/profileImage.js +31 -0
package/api/paths/app-collections/appCollectionId/headerImage.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/headerImage.js +31 -0
package/api/paths/app-collections/appCollectionId.d.ts +2 -0
package/api/paths/app-collections/appCollectionId.js +102 -0
package/api/paths/app-invites/token/respond.d.ts +2 -0
package/api/paths/app-invites/token/respond.js +51 -0
package/api/paths/app-invites/token.d.ts +2 -0
package/api/paths/app-invites/token.js +23 -0
package/api/paths/app-members/appMemberId/picture.d.ts +2 -0
package/api/paths/app-members/appMemberId/picture.js +30 -0
package/api/paths/app-members/appMemberId/properties.d.ts +2 -0
package/api/paths/app-members/appMemberId/properties.js +48 -0
package/api/paths/app-members/appMemberId/role.d.ts +2 -0
package/api/paths/app-members/appMemberId/role.js +46 -0
package/api/paths/app-members/appMemberId.d.ts +2 -0
package/api/paths/app-members/appMemberId.js +24 -0
package/api/paths/appCollections.d.ts +1 -1
package/api/paths/appCollections.js +12 -454
package/api/paths/appTemplates.d.ts +2 -0
package/api/paths/appTemplates.js +94 -0
package/api/paths/apps/appId/actions/path.d.ts +2 -0
package/api/paths/{action.js → apps/appId/actions/path.js} +18 -20
package/api/paths/apps/appId/assets/assetId.d.ts +2 -0
package/api/paths/apps/appId/assets/assetId.js +38 -0
package/api/paths/apps/appId/assets/count.d.ts +2 -0
package/api/paths/apps/appId/assets/count.js +22 -0
package/api/paths/apps/appId/assets.d.ts +2 -0
package/api/paths/apps/appId/assets.js +96 -0
package/api/paths/apps/appId/auth/email/login.d.ts +2 -0
package/api/paths/apps/appId/auth/email/login.js +10 -0
package/api/paths/apps/appId/auth/email/register.d.ts +2 -0
package/api/paths/apps/appId/auth/email/register.js +52 -0
package/api/paths/apps/appId/auth/email/requestResetPassword.d.ts +2 -0
package/api/paths/apps/appId/auth/email/requestResetPassword.js +31 -0
package/api/paths/apps/appId/auth/email/resendVerification.d.ts +2 -0
package/api/paths/apps/appId/auth/email/resendVerification.js +32 -0
package/api/paths/apps/appId/auth/email/resetPassword.d.ts +2 -0
package/api/paths/apps/appId/auth/email/resetPassword.js +34 -0
package/api/paths/apps/appId/auth/email/verify.d.ts +2 -0
package/api/paths/apps/appId/auth/email/verify.js +31 -0
package/api/paths/apps/appId/broadcast.d.ts +2 -0
package/api/paths/apps/appId/broadcast.js +36 -0
package/api/paths/apps/appId/demo-groups.d.ts +2 -0
package/api/paths/apps/appId/demo-groups.js +29 -0
package/api/paths/apps/appId/demo-members.d.ts +2 -0
package/api/paths/apps/appId/demo-members.js +27 -0
package/api/paths/apps/appId/email.d.ts +2 -0
package/api/paths/apps/appId/email.js +48 -0
package/api/paths/apps/appId/export.d.ts +2 -0
package/api/paths/apps/appId/export.js +41 -0
package/api/paths/apps/appId/groups.d.ts +2 -0
package/api/paths/apps/appId/groups.js +79 -0
package/api/paths/apps/appId/icon.d.ts +2 -0
package/api/paths/apps/appId/icon.js +31 -0
package/api/paths/apps/appId/invites.d.ts +2 -0
package/api/paths/apps/appId/invites.js +79 -0
package/api/paths/apps/appId/lock.d.ts +2 -0
package/api/paths/apps/appId/lock.js +35 -0
package/api/paths/apps/appId/maskableIcon.d.ts +2 -0
package/api/paths/apps/appId/maskableIcon.js +15 -0
package/api/paths/apps/appId/members/current/groups.d.ts +2 -0
package/api/paths/apps/appId/members/current/groups.js +30 -0
package/api/paths/apps/appId/members/current/link.d.ts +2 -0
package/api/paths/apps/appId/members/current/link.js +41 -0
package/api/paths/apps/appId/members/current.d.ts +2 -0
package/api/paths/apps/appId/members/current.js +111 -0
package/api/paths/apps/appId/members.d.ts +2 -0
package/api/paths/apps/appId/members.js +29 -0
package/api/paths/apps/appId/messages/language.d.ts +2 -0
package/api/paths/apps/appId/messages/language.js +47 -0
package/api/paths/apps/appId/messages.d.ts +2 -0
package/api/paths/apps/appId/messages.js +72 -0
package/api/paths/apps/appId/quotas/emails.d.ts +2 -0
package/api/paths/apps/appId/quotas/emails.js +36 -0
package/api/paths/apps/appId/ratings.d.ts +2 -0
package/api/paths/apps/appId/ratings.js +58 -0
package/api/paths/apps/appId/readmes/readmeId.d.ts +2 -0
package/api/paths/apps/appId/readmes/readmeId.js +17 -0
package/api/paths/apps/appId/reseed.d.ts +2 -0
package/api/paths/apps/appId/reseed.js +12 -0
package/api/paths/apps/appId/resources/resourceType/count.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/count.js +30 -0
package/api/paths/apps/appId/resources/resourceType/resourceId/subscriptions.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/resourceId/subscriptions.js +31 -0
package/api/paths/apps/appId/resources/resourceType/resourceId.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/resourceId.js +74 -0
package/api/paths/apps/appId/resources/resourceType/subscriptions.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/subscriptions.js +26 -0
package/api/paths/apps/appId/resources/resourceType.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType.js +171 -0
package/api/paths/apps/appId/resources/versions.d.ts +2 -0
package/api/paths/apps/appId/resources/versions.js +29 -0
package/api/paths/apps/appId/resources.d.ts +2 -0
package/api/paths/apps/appId/resources.js +15 -0
package/api/paths/apps/appId/saml/secretId/acs.d.ts +2 -0
package/api/paths/apps/appId/saml/secretId/acs.js +35 -0
package/api/paths/apps/appId/saml/secretId/authn.d.ts +2 -0
package/api/paths/apps/appId/saml/secretId/authn.js +37 -0
package/api/paths/apps/appId/saml/secretId/metadata.d.ts +2 -0
package/api/paths/apps/appId/saml/secretId/metadata.js +21 -0
package/api/paths/apps/appId/scim/resource-types/resourceTypeId.d.ts +2 -0
package/api/paths/apps/appId/scim/resource-types/resourceTypeId.js +25 -0
package/api/paths/apps/appId/scim/resource-types.d.ts +2 -0
package/api/paths/apps/appId/scim/resource-types.js +22 -0
package/api/paths/apps/appId/scim/schemas/schemaId.d.ts +2 -0
package/api/paths/apps/appId/scim/schemas/schemaId.js +24 -0
package/api/paths/apps/appId/scim/schemas.d.ts +2 -0
package/api/paths/apps/appId/scim/schemas.js +21 -0
package/api/paths/apps/appId/scim/service-provider-config.d.ts +2 -0
package/api/paths/apps/appId/scim/service-provider-config.js +22 -0
package/api/paths/apps/appId/scim/users/userId.d.ts +2 -0
package/api/paths/apps/appId/scim/users/userId.js +92 -0
package/api/paths/apps/appId/scim/users.d.ts +2 -0
package/api/paths/apps/appId/scim/users.js +58 -0
package/api/paths/apps/appId/screenshots/screenshotId.d.ts +2 -0
package/api/paths/apps/appId/screenshots/screenshotId.js +28 -0
package/api/paths/apps/appId/screenshots.d.ts +2 -0
package/api/paths/apps/appId/screenshots.js +55 -0
package/api/paths/apps/appId/secrets/oauth2/secretId/verify.d.ts +2 -0
package/api/paths/apps/appId/secrets/oauth2/secretId/verify.js +47 -0
package/api/paths/apps/appId/secrets/oauth2/secretId.d.ts +2 -0
package/api/paths/apps/appId/secrets/oauth2/secretId.js +60 -0
package/api/paths/apps/appId/secrets/oauth2.d.ts +2 -0
package/api/paths/apps/appId/secrets/oauth2.js +54 -0
package/api/paths/apps/appId/secrets/saml/secretId.d.ts +2 -0
package/api/paths/apps/appId/secrets/saml/secretId.js +39 -0
package/api/paths/apps/appId/secrets/saml.d.ts +2 -0
package/api/paths/apps/appId/secrets/saml.js +54 -0
package/api/paths/apps/appId/secrets/scim.d.ts +2 -0
package/api/paths/apps/appId/secrets/scim.js +43 -0
package/api/paths/apps/appId/secrets/service/secretId.d.ts +2 -0
package/api/paths/apps/appId/secrets/service/secretId.js +39 -0
package/api/paths/apps/appId/secrets/service.d.ts +2 -0
package/api/paths/apps/appId/secrets/service.js +54 -0
package/api/paths/apps/appId/secrets/ssl.d.ts +2 -0
package/api/paths/apps/appId/secrets/ssl.js +37 -0
package/api/paths/apps/appId/snapshots/snapshotId.d.ts +2 -0
package/api/paths/apps/appId/snapshots/snapshotId.js +47 -0
package/api/paths/apps/appId/snapshots.d.ts +2 -0
package/api/paths/apps/appId/snapshots.js +40 -0
package/api/paths/apps/appId/style/block/organizationId/blockId.d.ts +2 -0
package/api/paths/apps/appId/style/block/organizationId/blockId.js +53 -0
package/api/paths/apps/appId/style/core.d.ts +2 -0
package/api/paths/apps/appId/style/core.js +17 -0
package/api/paths/apps/appId/style/shared.d.ts +2 -0
package/api/paths/apps/appId/style/shared.js +17 -0
package/api/paths/apps/appId/subscriptions.d.ts +2 -0
package/api/paths/apps/appId/subscriptions.js +91 -0
package/api/paths/apps/appId/variables/variableId.d.ts +2 -0
package/api/paths/apps/appId/variables/variableId.js +39 -0
package/api/paths/apps/appId/variables.d.ts +2 -0
package/api/paths/apps/appId/variables.js +53 -0
package/api/paths/apps/appId.d.ts +2 -0
package/api/paths/apps/appId.js +175 -0
package/api/paths/apps.d.ts +1 -1
package/api/paths/apps.js +95 -1518
package/api/paths/auth/email/login.d.ts +2 -0
package/api/paths/auth/email/login.js +10 -0
package/api/paths/auth/email/register.d.ts +2 -0
package/api/paths/auth/email/register.js +45 -0
package/api/paths/auth/email/requestResetPassword.d.ts +2 -0
package/api/paths/auth/email/requestResetPassword.js +30 -0
package/api/paths/auth/email/resendVerification.d.ts +2 -0
package/api/paths/auth/email/resendVerification.js +31 -0
package/api/paths/auth/email/resetPassword.d.ts +2 -0
package/api/paths/auth/email/resetPassword.js +33 -0
package/api/paths/auth/email/verify.d.ts +2 -0
package/api/paths/auth/email/verify.js +30 -0
package/api/paths/auth/oauth2/authorizations/connect.d.ts +2 -0
package/api/paths/auth/oauth2/authorizations/connect.js +45 -0
package/api/paths/auth/oauth2/authorizations/register.d.ts +2 -0
package/api/paths/auth/oauth2/authorizations/register.js +32 -0
package/api/paths/auth/refreshToken.d.ts +2 -0
package/api/paths/auth/refreshToken.js +26 -0
package/api/paths/blocks/organizationId/blockId/versions/list.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/list.js +27 -0
package/api/paths/blocks/organizationId/blockId/versions/version/asset.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version/asset.js +24 -0
package/api/paths/blocks/organizationId/blockId/versions/version/icon.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version/icon.js +18 -0
package/api/paths/blocks/organizationId/blockId/versions/version/messages/language.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version/messages/language.js +37 -0
package/api/paths/blocks/organizationId/blockId/versions/version.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version.js +29 -0
package/api/paths/blocks/organizationId/blockId/versions.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions.js +27 -0
package/api/paths/blocks/organizationId/blockId.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId.js +18 -0
package/api/paths/blocks/versions/blockVersion.js +21 -0
package/api/paths/blocks.d.ts +1 -1
package/api/paths/blocks.js +29 -204
package/api/paths/containerLogs.d.ts +1 -1
package/api/paths/containerLogs.js +28 -30
package/api/paths/group-invites/token/respond.d.ts +2 -0
package/api/paths/group-invites/token/respond.js +42 -0
package/api/paths/group-invites/token.d.ts +2 -0
package/api/paths/group-invites/token.js +23 -0
package/api/paths/group-members/groupMemberId/role.d.ts +2 -0
package/api/paths/group-members/groupMemberId/role.js +40 -0
package/api/paths/group-members/groupMemberId.d.ts +2 -0
package/api/paths/group-members/groupMemberId.js +34 -0
package/api/paths/groups/groupId/invites.d.ts +2 -0
package/api/paths/groups/groupId/invites.js +87 -0
package/api/paths/groups/groupId/members.d.ts +2 -0
package/api/paths/groups/groupId/members.js +34 -0
package/api/paths/groups/groupId.d.ts +2 -0
package/api/paths/groups/groupId.js +86 -0
package/api/paths/health.d.ts +1 -1
package/api/paths/health.js +12 -66
package/api/paths/index.d.ts +145 -136
package/api/paths/index.js +294 -58
package/api/paths/messages/language.d.ts +2 -0
package/api/paths/messages/language.js +21 -0
package/api/paths/messages.d.ts +2 -0
package/api/paths/messages.js +26 -0
package/api/paths/organization-invites/token/respond.d.ts +2 -0
package/api/paths/organization-invites/token/respond.js +42 -0
package/api/paths/organization-invites/token.d.ts +2 -0
package/api/paths/organization-invites/token.js +23 -0
package/api/paths/organizations/organizationId/appCollections.d.ts +2 -0
package/api/paths/organizations/organizationId/appCollections.js +76 -0
package/api/paths/organizations/organizationId/apps/import.d.ts +2 -0
package/api/paths/organizations/organizationId/apps/import.js +26 -0
package/api/paths/organizations/organizationId/apps.d.ts +2 -0
package/api/paths/organizations/organizationId/apps.js +33 -0
package/api/paths/organizations/organizationId/blocks.d.ts +2 -0
package/api/paths/organizations/organizationId/blocks.js +25 -0
package/api/paths/organizations/organizationId/icon.d.ts +2 -0
package/api/paths/organizations/organizationId/icon.js +14 -0
package/api/paths/organizations/organizationId/invites/resend.d.ts +2 -0
package/api/paths/organizations/organizationId/invites/resend.js +32 -0
package/api/paths/organizations/organizationId/invites.d.ts +2 -0
package/api/paths/organizations/organizationId/invites.js +108 -0
package/api/paths/organizations/organizationId/members/memberId/role.d.ts +2 -0
package/api/paths/organizations/organizationId/members/memberId/role.js +50 -0
package/api/paths/organizations/organizationId/members/memberId.d.ts +2 -0
package/api/paths/organizations/organizationId/members/memberId.js +25 -0
package/api/paths/organizations/organizationId/members.d.ts +2 -0
package/api/paths/organizations/organizationId/members.js +25 -0
package/api/paths/organizations/organizationId.d.ts +2 -0
package/api/paths/organizations/organizationId.js +67 -0
package/api/paths/organizations.d.ts +1 -1
package/api/paths/organizations.js +46 -452
package/api/paths/ssl.d.ts +2 -0
package/api/paths/ssl.js +31 -0
package/api/paths/timezones.d.ts +2 -0
package/api/paths/timezones.js +23 -0
package/api/paths/trainingBlocks/trainingBlockId.d.ts +2 -0
package/api/paths/trainingBlocks/trainingBlockId.js +41 -0
package/api/paths/trainings/trainingId/blocks.d.ts +2 -0
package/api/paths/trainings/trainingId/blocks.js +51 -0
package/api/paths/trainings/trainingId/users/current.d.ts +2 -0
package/api/paths/trainings/trainingId/users/current.js +62 -0
package/api/paths/trainings/trainingId/users.d.ts +2 -0
package/api/paths/trainings/trainingId/users.js +25 -0
package/api/paths/trainings/trainingId.d.ts +2 -0
package/api/paths/trainings/trainingId.js +85 -0
package/api/paths/trainings.d.ts +1 -1
package/api/paths/trainings.js +26 -287
package/api/paths/users/current/apps/accounts.d.ts +2 -0
package/api/paths/users/current/apps/accounts.js +24 -0
package/api/paths/users/current/apps/appId/account.d.ts +2 -0
package/api/paths/users/current/apps/appId/account.js +65 -0
package/api/paths/users/current/apps.d.ts +2 -0
package/api/paths/users/current/apps.js +32 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/agree.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/agree.js +12 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/verify.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/verify.js +12 -0
package/api/paths/users/current/auth/oauth2/authorizations.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/authorizations.js +43 -0
package/api/paths/users/current/auth/oauth2/clientCredentials/clientId.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/clientCredentials/clientId.js +23 -0
package/api/paths/users/current/auth/oauth2/clientCredentials.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/clientCredentials.js +53 -0
package/api/paths/users/current/emails.d.ts +2 -0
package/api/paths/users/current/emails.js +73 -0
package/api/paths/users/current/organizations.d.ts +2 -0
package/api/paths/users/current/organizations.js +29 -0
package/api/paths/users/current/unsubscribe.d.ts +2 -0
package/api/paths/users/current/unsubscribe.js +29 -0
package/api/paths/users/current.d.ts +2 -0
package/api/paths/users/current.js +43 -0
package/api/paths/users/subscribed.d.ts +2 -0
package/api/paths/users/subscribed.js +12 -0
package/api/tags/index.d.ts +2 -1
package/api/tags/index.js +170 -8
package/appMembers.d.ts +1 -0
package/appMembers.js +9 -0
package/authorization.d.ts +12 -0
package/authorization.js +171 -0
package/constants/index.d.ts +0 -2
package/constants/index.js +0 -2
package/constants/scopes.d.ts +1 -1
package/constants/scopes.js +2 -2
package/examples.js +13 -14
package/index.d.ts +2 -2
package/index.js +2 -2
package/package.json +2 -2
package/reference-schemas/remappers/data.js +23 -38
package/remap.d.ts +3 -7
package/remap.js +1 -2
package/remap.test.js +8 -9
package/validation.js +396 -83
package/validation.test.js +1039 -230
package/api/components/parameters/$team.d.ts +0 -2
package/api/components/parameters/$team.js +0 -8
package/api/components/parameters/appServiceId.d.ts +0 -2
package/api/components/parameters/memberEmail.d.ts +0 -2
package/api/components/parameters/memberEmail.js +0 -8
package/api/components/schemas/TeamInviteActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamJoinActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamJoinActionDefinition.js +0 -14
package/api/components/schemas/TeamListActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamListActionDefinition.js +0 -14
package/api/components/schemas/TeamMembersActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamsDefinition.d.ts +0 -2
package/api/components/schemas/TeamsDefinition.js +0 -28
package/api/components/schemas/UserCreateActionDefinition.d.ts +0 -1
package/api/components/schemas/UserCreateActionDefinition.js +0 -33
package/api/components/schemas/UserLoginActionDefinition.d.ts +0 -1
package/api/components/schemas/UserLoginActionDefinition.js +0 -22
package/api/components/schemas/UserLogoutActionDefinition.d.ts +0 -1
package/api/components/schemas/UserPropertyDefinition.d.ts +0 -2
package/api/components/schemas/UserQueryActionDefinition.d.ts +0 -1
package/api/components/schemas/UserQueryActionDefinition.js +0 -20
package/api/components/schemas/UserRegisterActionDefinition.d.ts +0 -1
package/api/components/schemas/UserRegisterActionDefinition.js +0 -37
package/api/components/schemas/UserRemoveActionDefinition.d.ts +0 -1
package/api/components/schemas/UserRemoveActionDefinition.js +0 -20
package/api/components/schemas/UserUpdateActionDefinition.d.ts +0 -1
package/api/components/schemas/UserUpdateActionDefinition.js +0 -36
package/api/components/schemas/UsersDefinition.d.ts +0 -2
package/api/components/schemas/UsersDefinition.js +0 -17
package/api/paths/appMessages.d.ts +0 -2
package/api/paths/appMessages.js +0 -120
package/api/paths/appOAuth2Secrets.d.ts +0 -2
package/api/paths/appOAuth2Secrets.js +0 -161
package/api/paths/appQuotas.d.ts +0 -2
package/api/paths/appQuotas.js +0 -38
package/api/paths/appSSLSecrets.d.ts +0 -2
package/api/paths/appSSLSecrets.js +0 -39
package/api/paths/appSamlSecrets.d.ts +0 -2
package/api/paths/appSamlSecrets.js +0 -94
package/api/paths/appScimEndpoints.d.ts +0 -2
package/api/paths/appScimEndpoints.js +0 -260
package/api/paths/appScimSecrets.d.ts +0 -2
package/api/paths/appScimSecrets.js +0 -45
package/api/paths/appServiceSecrets.d.ts +0 -2
package/api/paths/appServiceSecrets.js +0 -94
package/api/paths/appVariables.d.ts +0 -2
package/api/paths/appVariables.js +0 -93
package/api/paths/appsembleMessages.d.ts +0 -2
package/api/paths/appsembleMessages.js +0 -48
package/api/paths/assets.d.ts +0 -2
package/api/paths/assets.js +0 -213
package/api/paths/emails.d.ts +0 -2
package/api/paths/emails.js +0 -167
package/api/paths/invite.d.ts +0 -2
package/api/paths/invite.js +0 -25
package/api/paths/oauth2ClientCredentials.d.ts +0 -2
package/api/paths/oauth2ClientCredentials.js +0 -77
package/api/paths/oauth2Login.d.ts +0 -2
package/api/paths/oauth2Login.js +0 -119
package/api/paths/oauth2Provider.d.ts +0 -2
package/api/paths/oauth2Provider.js +0 -75
package/api/paths/resourceHistory.d.ts +0 -2
package/api/paths/resourceHistory.js +0 -31
package/api/paths/resources.d.ts +0 -2
package/api/paths/resources.js +0 -395
package/api/paths/saml.d.ts +0 -2
package/api/paths/saml.js +0 -126
package/api/paths/templates.d.ts +0 -2
package/api/paths/templates.js +0 -96
package/api/paths/user.d.ts +0 -2
package/api/paths/user.js +0 -649
package/api/tags/app.d.ts +0 -2
package/api/tags/app.js +0 -5
package/api/tags/appMember.d.ts +0 -2
package/api/tags/appMember.js +0 -5
package/api/tags/asset.d.ts +0 -2
package/api/tags/asset.js +0 -5
package/api/tags/auth.d.ts +0 -2
package/api/tags/auth.js +0 -5
package/api/tags/language.d.ts +0 -2
package/api/tags/language.js +0 -5
package/api/tags/organization.d.ts +0 -2
package/api/tags/organization.js +0 -5
package/api/tags/resource.d.ts +0 -2
package/api/tags/resource.js +0 -5
package/api/tags/template.d.ts +0 -2
package/api/tags/template.js +0 -5
package/api/tags/user.d.ts +0 -2
package/api/tags/user.js +0 -5
package/appSecurity.d.ts +0 -9
package/appSecurity.js +0 -41
package/appSecurity.test.d.ts +0 -1
package/appSecurity.test.js +0 -114
package/checkAppRole.d.ts +0 -11
package/checkAppRole.js +0 -34
package/constants/Permission.d.ts +0 -114
package/constants/Permission.js +0 -116
package/constants/roles.d.ts +0 -16
package/constants/roles.js +0 -58
/package/api/paths/{action.d.ts → blocks/versions/blockVersion.d.ts} +0 -0

package/validation.js CHANGED Viewed

@@ -1,11 +1,18 @@
+import { PredefinedAppRole, predefinedAppRolePermissions, } from '@appsemble/types';
 import cronParser from 'cron-parser';
 import { ValidationError, Validator } from 'jsonschema';
 import languageTags from 'language-tags';
 import { getAppBlocks, normalizeBlockName } from './blockUtils.js';
 import { has } from './has.js';
-import { findPageByName, normalize, partialNormalized } from './index.js';
+import { findPageByName, getAppInheritedRoles, getAppPossibleGuestPermissions, getAppPossiblePermissions, getAppRolePermissions, normalize, partialNormalized, } from './index.js';
 import { iterApp } from './iterApp.js';
 import { serverActions } from './serverActions.js';
+const allResourcePermissionPattern = /^\$resource:all:(get|query|create|delete|patch|update)$/;
+const resourcePermissionPattern = /^\$resource:[^:]+:(get|query|create|delete|patch|update)$/;
+const allOwnResourcePermissionPattern = /^\$resource:all:own:(get|query|delete|patch|update)$/;
+const ownResourcePermissionPattern = /^\$resource:[^:]+:own:(get|query|delete|patch|update)$/;
+const allResourceViewPermissionPattern = /^\$resource:all:(get|query):[^:]+$/;
+const resourceViewPermissionPattern = /^\$resource:[^:]+:(get|query):[^:]+$/;
 /**
  * Check whether or not the given link represents a link related to the Appsemble core.
  *
@@ -65,18 +72,18 @@ function validateUniquePageNames(definition, report) {
     }
     checkPages(definition.pages);
 }
-function validateUsersSchema(definition, report) {
+function validateMembersSchema(definition, report) {
     var _a;
-    if (!definition.users) {
+    if (!definition.members) {
         return;
     }
-    for (const [propertyName, propertyDefinition] of Object.entries(definition.users.properties)) {
+    for (const [propertyName, propertyDefinition] of Object.entries(definition.members.properties)) {
         // Handled by schema validation
         if (!(propertyDefinition === null || propertyDefinition === void 0 ? void 0 : propertyDefinition.schema)) {
             continue;
         }
         const { schema } = propertyDefinition;
-        const prefix = ['users', 'properties', propertyName, 'schema'];
+        const prefix = ['members', 'properties', propertyName, 'schema'];
         validateJSONSchema(schema, prefix, report);
         if (!('type' in schema) && !('enum' in schema)) {
             report(schema, 'must define type or enum', prefix);
@@ -86,7 +93,7 @@ function validateUsersSchema(definition, report) {
             const resourceDefinition = (_a = definition.resources) === null || _a === void 0 ? void 0 : _a[resourceName];
             if (!resourceDefinition) {
                 report(resourceName, 'refers to a resource that doesn’t exist', [
-                    'users',
+                    'members',
                     'properties',
                     propertyName,
                     'reference',
@@ -342,12 +349,275 @@ function validateBlocks(definition, blockVersions, report) {
         },
     });
 }
+function validatePermissions(appDefinition, permissions, inheritedPermissions, possiblePermissions, report, path) {
+    var _a, _b, _c, _d;
+    const checked = [];
+    for (const [index, permission] of permissions.entries()) {
+        if (checked.includes(permission)) {
+            report(appDefinition, 'duplicate permission declaration', [...path, 'permissions', index]);
+            return;
+        }
+        if (!possiblePermissions.includes(permission)) {
+            if (resourcePermissionPattern.test(permission) ||
+                ownResourcePermissionPattern.test(permission)) {
+                const [, resourceName] = permission.split(':');
+                if (resourceName && resourceName !== 'all' && !((_a = appDefinition.resources) === null || _a === void 0 ? void 0 : _a[resourceName])) {
+                    report(appDefinition, `resource ${resourceName} does not exist in the app's resources definition`, [...path, 'permissions', index]);
+                    return;
+                }
+            }
+            if (resourceViewPermissionPattern.test(permission)) {
+                const [, resourceName, , resourceView] = permission.split(':');
+                if (resourceName === 'all') {
+                    for (const [rName, resourceDefinition] of Object.entries(appDefinition.resources)) {
+                        if (!((_b = resourceDefinition.views) === null || _b === void 0 ? void 0 : _b[resourceView])) {
+                            report(appDefinition, `resource ${rName} is missing a definition for the ${resourceView} view`, [...path, 'permissions', index]);
+                            return;
+                        }
+                    }
+                }
+                else {
+                    if (!((_d = (_c = appDefinition.resources[resourceName]) === null || _c === void 0 ? void 0 : _c.views) === null || _d === void 0 ? void 0 : _d[resourceView])) {
+                        report(appDefinition, `resource ${resourceName} is missing a definition for the ${resourceView} view`, [...path, 'permissions', index]);
+                        return;
+                    }
+                }
+            }
+            report(appDefinition, 'invalid permission', [...path, 'permissions', index]);
+            return;
+        }
+        if (inheritedPermissions.includes(permission)) {
+            report(appDefinition, 'permission is already inherited from another role', [
+                ...path,
+                'permissions',
+                index,
+            ]);
+            return;
+        }
+        const otherPermissions = permissions.filter((p) => p !== permission);
+        if (resourcePermissionPattern.test(permission)) {
+            const [, , resourceAction] = permission.split(':');
+            if (otherPermissions.some((p) => {
+                if (allResourcePermissionPattern.test(p)) {
+                    const [, , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            if (inheritedPermissions.some((p) => {
+                if (allResourcePermissionPattern.test(p)) {
+                    const [, , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+        }
+        if (ownResourcePermissionPattern.test(permission)) {
+            const [, resourceName, , resourceAction] = permission.split(':');
+            if (otherPermissions.some((p) => {
+                if (resourcePermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return (resourceName !== 'all' &&
+                        otherResourceName === resourceName &&
+                        otherResourceAction === resourceAction);
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action on resource ${resourceName} is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            if (otherPermissions.some((p) => {
+                if (allOwnResourcePermissionPattern.test(p)) {
+                    const [, , , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. An own permission for the ${resourceAction} resource action with scope all is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            if (otherPermissions.some((p) => {
+                if (allResourcePermissionPattern.test(p)) {
+                    const [, , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            if (inheritedPermissions.some((p) => {
+                if (resourcePermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return (resourceName !== 'all' &&
+                        otherResourceName === resourceName &&
+                        otherResourceAction === resourceAction);
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action on resource ${resourceName} is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+            if (inheritedPermissions.some((p) => {
+                if (allOwnResourcePermissionPattern.test(p)) {
+                    const [, , , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. An own permission for the ${resourceAction} resource action with scope all is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+            if (inheritedPermissions.some((p) => {
+                if (allResourcePermissionPattern.test(p)) {
+                    const [, , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+        }
+        if (resourceViewPermissionPattern.test(permission)) {
+            const [, resourceName, resourceAction, resourceView] = permission.split(':');
+            // $resource:type:query:public, $resource:type:query:private
+            if (otherPermissions.some((p) => {
+                if (resourceViewPermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return (otherResourceName !== 'all' &&
+                        otherResourceName === resourceName &&
+                        otherResourceAction === resourceAction);
+                }
+                return false;
+            })) {
+                report(appDefinition, `a view permission for the ${resourceAction} action on resource ${resourceName} is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:type:query:public, $resource:all:query:private
+            if (otherPermissions.some((p) => {
+                if (allResourceViewPermissionPattern.test(p)) {
+                    const [, , otherResourceAction, otherResourceView] = p.split(':');
+                    return otherResourceAction === resourceAction && otherResourceView !== resourceView;
+                }
+                return false;
+            })) {
+                report(appDefinition, `a view permission for the ${resourceAction} action with scope all is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:type:query:public, $resource:type:query
+            if (otherPermissions.some((p) => {
+                if (resourcePermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return otherResourceName === resourceName && otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} action on resource ${resourceName} without a specific view is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:type:query:public, $resource:all:query
+            if (otherPermissions.some((p) => {
+                if (resourcePermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return otherResourceName === 'all' && otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all without a specific view is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:type:query:public, $resource:all:query:public
+            if (otherPermissions.some((p) => {
+                if (allResourceViewPermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction, otherResourceView] = p.split(':');
+                    return (otherResourceName === 'all' &&
+                        otherResourceAction === resourceAction &&
+                        otherResourceView === resourceView);
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all for this view is already declared`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:type:query:private
+            // $resource:type:query:public
+            if (inheritedPermissions.some((p) => {
+                if (resourceViewPermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return (otherResourceName !== 'all' &&
+                        otherResourceName === resourceName &&
+                        otherResourceAction === resourceAction);
+                }
+                return false;
+            })) {
+                report(appDefinition, `a view permission for the ${resourceAction} action on resource ${resourceName} is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:all:query:private
+            // $resource:type:query:public
+            if (inheritedPermissions.some((p) => {
+                if (allResourceViewPermissionPattern.test(p)) {
+                    const [, , otherResourceAction, otherResourceView] = p.split(':');
+                    return otherResourceAction === resourceAction && otherResourceView !== resourceView;
+                }
+                return false;
+            })) {
+                report(appDefinition, `a view permission for the ${resourceAction} action with scope all is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:type:query
+            // $resource:type:query:public
+            if (inheritedPermissions.some((p) => {
+                if (resourcePermissionPattern.test(p)) {
+                    const [, otherResourceName, otherResourceAction] = p.split(':');
+                    return otherResourceName === resourceName && otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} action on resource ${resourceName} without a specific view is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:all:query
+            // $resource:type:query:public
+            if (inheritedPermissions.some((p) => {
+                if (allResourcePermissionPattern.test(p)) {
+                    const [, , otherResourceAction] = p.split(':');
+                    return otherResourceAction === resourceAction;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all without a specific view is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+            // $resource:all:query:public
+            // $resource:type:query:public
+            if (inheritedPermissions.some((p) => {
+                if (allResourceViewPermissionPattern.test(p)) {
+                    const [, , otherResourceAction, otherResourceView] = p.split(':');
+                    return otherResourceAction === resourceAction && otherResourceView === resourceView;
+                }
+                return false;
+            })) {
+                report(appDefinition, `redundant permission. A permission for the ${resourceAction} resource action with scope all for this view is already inherited from another role`, [...path, 'permissions', index]);
+                return;
+            }
+        }
+        checked.push(permission);
+    }
+}
 function checkCyclicRoleInheritance(roles, name, report) {
-    let lastchecked;
+    let lastChecked;
     const stack = [];
     const checkRoleRecursively = (role) => {
         var _a, _b;
-        lastchecked = role;
+        lastChecked = role;
         if (stack.includes(role)) {
             return true;
         }
@@ -355,8 +625,8 @@ function checkCyclicRoleInheritance(roles, name, report) {
         return (_b = (_a = roles[role]) === null || _a === void 0 ? void 0 : _a.inherits) === null || _b === void 0 ? void 0 : _b.some(checkRoleRecursively);
     };
     const duplicate = checkRoleRecursively(name);
-    if (duplicate && lastchecked === name) {
-        report(roles[name], 'cyclicly inherits itself', ['security', 'roles', name]);
+    if (duplicate && lastChecked === name) {
+        report(roles[name], 'cyclically inherits itself', ['security', 'roles', name]);
     }
 }
 /**
@@ -367,59 +637,92 @@ function checkCyclicRoleInheritance(roles, name, report) {
  */
 function validateSecurity(definition, report) {
     const { notifications, security } = definition;
-    const defaultAllow = ['$none', '$public', '$team:member', '$team:manager'];
-    if (!security) {
-        if (notifications === 'login') {
-            report(notifications, 'only works if security is defined', ['notifications']);
-        }
-        return;
-    }
-    const checkRoleExists = (name, path, allow = defaultAllow) => {
-        if (!has(security.roles, name) && !allow.includes(name)) {
+    const predefinedRoles = Object.keys(PredefinedAppRole);
+    const checkRoleExists = (name, path, roles = predefinedRoles) => {
+        if (!has(security.roles, name) && !roles.includes(name)) {
             report(name, 'does not exist in this app’s roles', path);
             return false;
         }
         return true;
     };
-    const checkRoles = (object, path, allow = defaultAllow) => {
+    const checkRoles = (object, path) => {
         if (!(object === null || object === void 0 ? void 0 : object.roles)) {
             return;
         }
         for (const [index, role] of object.roles.entries()) {
-            checkRoleExists(role, [...path, 'roles', index], allow);
+            checkRoleExists(role, [...path, 'roles', index], ['$guest', ...predefinedRoles]);
         }
     };
-    checkRoleExists(security.default.role, ['security', 'default', 'role']);
-    checkRoles(definition, []);
-    if (definition.resources) {
-        for (const [resourceName, resource] of Object.entries(definition.resources)) {
-            checkRoles(resource, ['resources', resourceName], [...defaultAllow, '$author']);
-            checkRoles(resource.count, ['resources', resourceName, 'count'], [...defaultAllow, '$author']);
-            checkRoles(resource.create, ['resources', resourceName, 'create']);
-            checkRoles(resource.delete, ['resources', resourceName, 'delete'], [...defaultAllow, '$author']);
-            checkRoles(resource.get, ['resources', resourceName, 'get'], [...defaultAllow, '$author']);
-            checkRoles(resource.query, ['resources', resourceName, 'query'], [...defaultAllow, '$author']);
-            checkRoles(resource.update, ['resources', resourceName, 'update'], [...defaultAllow, '$author']);
-            if (resource.views) {
-                for (const [viewName, view] of Object.entries(resource.views)) {
-                    checkRoles(view, ['resources', resourceName, 'views', viewName], [...defaultAllow, '$author']);
-                }
-            }
+    if (!security) {
+        if (notifications === 'login') {
+            report(notifications, 'only works if security is defined', ['notifications']);
         }
+        return;
     }
-    iterApp(definition, { onBlock: checkRoles, onPage: checkRoles });
-    for (const [name, role] of Object.entries(security.roles)) {
-        if (!(role === null || role === void 0 ? void 0 : role.inherits)) {
-            continue;
+    if ((!security.default || !security.roles) && !security.guest) {
+        report(definition, 'invalid security definition. Must define either guest or roles and default', ['security']);
+        return;
+    }
+    if (security.guest) {
+        if (security.guest.inherits && security.guest.inherits.length && !security.roles) {
+            report(definition, 'guest can not inherit roles if the roles property is not defined', [
+                'security',
+                'guest',
+                'inherits',
+            ]);
+            return;
         }
-        let found = false;
-        for (const [index, inheritee] of role.inherits.entries()) {
-            found || (found = checkRoleExists(inheritee, ['security', 'roles', name, 'inherits', index]));
+        const inheritedPermissions = getAppRolePermissions(security, security.guest.inherits || []);
+        const possibleGuestPermissions = getAppPossibleGuestPermissions(definition);
+        if (inheritedPermissions.some((ip) => !possibleGuestPermissions.includes(ip))) {
+            report(definition, 'invalid security definition. Guest cannot inherit roles that contain own resource permissions', ['security', 'guest', 'inherits']);
+            return;
+        }
+        if (security.guest.permissions) {
+            validatePermissions(definition, security.guest.permissions, inheritedPermissions, possibleGuestPermissions, report, ['security', 'guest']);
         }
-        if (found) {
-            checkCyclicRoleInheritance(security.roles, name, report);
+    }
+    else {
+        checkRoleExists(security.default.role, ['security', 'default', 'role']);
+    }
+    if (security.roles) {
+        const possibleAppPermissions = getAppPossiblePermissions(definition);
+        for (const [name, role] of Object.entries(security.roles)) {
+            if (predefinedRoles.includes(name)) {
+                report(definition, `not allowed to overwrite role ${name}`, ['security', 'roles', name]);
+            }
+            const inheritedPermissions = [];
+            if (role === null || role === void 0 ? void 0 : role.inherits) {
+                let found = false;
+                for (const [index, inherited] of (role.inherits || []).entries()) {
+                    found || (found = checkRoleExists(inherited, ['security', 'roles', name, 'inherits', index]));
+                }
+                if (found) {
+                    checkCyclicRoleInheritance(security.roles, name, report);
+                }
+                const inheritedRoles = getAppInheritedRoles(security, [name]).filter((r) => r !== name);
+                for (const inheritedRole of inheritedRoles) {
+                    const roleDefinition = security.roles[inheritedRole];
+                    if (roleDefinition) {
+                        const rolePermissions = roleDefinition.permissions;
+                        if (rolePermissions) {
+                            inheritedPermissions.push(...rolePermissions);
+                        }
+                    }
+                    else {
+                        const predefinedRolePermissions = predefinedAppRolePermissions[inheritedRole];
+                        if (predefinedRolePermissions) {
+                            inheritedPermissions.push(...predefinedRolePermissions);
+                        }
+                    }
+                }
+            }
+            if (role.permissions) {
+                validatePermissions(definition, role.permissions, inheritedPermissions, possibleAppPermissions, report, ['security', 'roles', name]);
+            }
         }
     }
+    iterApp(definition, { onBlock: checkRoles, onPage: checkRoles });
 }
 /**
  * Validates the hooks in resource definition to ensure its properties are valid.
@@ -522,21 +825,21 @@ function validateActions(definition, report) {
     const urlRegex = new RegExp(`^${partialNormalized.source}:`);
     iterApp(definition, {
         onAction(action, path) {
-            var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
+            var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
             if (path[0] === 'cron' && !serverActions.has(action.type)) {
                 report(action.type, 'action type is not supported for cron jobs', [...path, 'type']);
                 return;
             }
-            if (action.type.startsWith('user.') && !definition.security) {
-                report(action.type, 'refers to a user action but the app doesn’t have a security definition', [...path, 'type']);
+            if (action.type.startsWith('app.member.') && !definition.security) {
+                report(action.type, 'refers to an app member action but the app doesn’t have a security definition', [...path, 'type']);
                 return;
             }
-            if (['user.register', 'user.create', 'user.update'].includes(action.type) &&
+            if (['app.member.register', 'app.member.properties.patch', 'app.member.current.patch'].includes(action.type) &&
                 Object.values((_a = action.properties) !== null && _a !== void 0 ? _a : {})[0] &&
-                ((_b = definition.users) === null || _b === void 0 ? void 0 : _b.properties)) {
+                ((_b = definition.members) === null || _b === void 0 ? void 0 : _b.properties)) {
                 for (const propertyName of Object.keys(Object.values((_c = action.properties) !== null && _c !== void 0 ? _c : {})[0])) {
-                    if (!((_d = definition.users) === null || _d === void 0 ? void 0 : _d.properties[propertyName])) {
-                        report(action.type, 'contains a property that doesn’t exist in users.properties', [
+                    if (!((_d = definition.members) === null || _d === void 0 ? void 0 : _d.properties[propertyName])) {
+                        report(action.type, 'contains a property that doesn’t exist in app member properties', [
                             ...path,
                             'properties',
                         ]);
@@ -547,58 +850,68 @@ function validateActions(definition, report) {
                 // All of the actions starting with `resource.` contain a property called `resource`.
                 const { resource: resourceName, view } = action;
                 const resource = (_e = definition.resources) === null || _e === void 0 ? void 0 : _e[resourceName];
+                const [, resourceAction] = action.type.split('.');
                 if (!resource) {
                     report(action.type, 'refers to a resource that doesn’t exist', [...path, 'resource']);
                     return;
                 }
                 if (!action.type.startsWith('resource.subscription.')) {
-                    const type = action.type.split('.')[1];
-                    const roles = (_g = (_f = resource === null || resource === void 0 ? void 0 : resource[type]) === null || _f === void 0 ? void 0 : _f.roles) !== null && _g !== void 0 ? _g : resource === null || resource === void 0 ? void 0 : resource.roles;
-                    if (!roles) {
-                        report(action.type, 'refers to a resource action that is currently set to private', [
-                            ...path,
-                            'resource',
-                        ]);
+                    if (!definition.security) {
+                        report(action.type, 'missing security definition', [...path, 'resource']);
                         return;
                     }
-                    if (roles && !roles.length && !definition.security) {
-                        report(action.type, 'refers to a resource action that is accessible when logged in, but the app has no security definitions', [...path, 'resource']);
-                        return;
+                    const allPermissions = ((_f = definition.security.guest) === null || _f === void 0 ? void 0 : _f.permissions) || [];
+                    if (definition.security.roles) {
+                        const allRolePermissions = getAppRolePermissions(definition.security, Object.keys(definition.security.roles));
+                        allPermissions.push(...allRolePermissions);
                     }
-                    if ((type === 'get' || type === 'query') && view) {
-                        if (!((_h = resource.views) === null || _h === void 0 ? void 0 : _h[view])) {
-                            report(action.type, 'refers to a view that doesn’t exist', [...path, 'view']);
-                            return;
+                    if (!allPermissions.some((permission) => {
+                        if (resourcePermissionPattern.test(permission)) {
+                            const [, permissionResourceName, permissionResourceAction] = permission.split(':');
+                            return (['all', resourceName].includes(permissionResourceName) &&
+                                (permissionResourceAction === resourceAction ||
+                                    (resourceAction === 'count' && permissionResourceAction === 'query')));
                         }
-                        const viewRoles = (_j = resource === null || resource === void 0 ? void 0 : resource.views) === null || _j === void 0 ? void 0 : _j[view].roles;
-                        if (!(viewRoles === null || viewRoles === void 0 ? void 0 : viewRoles.length)) {
-                            report(action.type, 'refers to a resource view that is currently set to private', [
-                                ...path,
-                                'view',
-                            ]);
-                            return;
-                        }
-                        if (viewRoles && !viewRoles.length && !definition.security) {
-                            report(action.type, 'refers to a resource action that is accessible when logged in, but the app has no security definitions', [...path, 'view']);
-                            return;
+                        if (ownResourcePermissionPattern.test(permission)) {
+                            const [, permissionResourceName, , permissionResourceAction] = permission.split(':');
+                            return (['all', resourceName].includes(permissionResourceName) &&
+                                (permissionResourceAction === resourceAction ||
+                                    (resourceAction === 'count' && permissionResourceAction === 'query')));
                         }
+                        return false;
+                    })) {
+                        report(action.type, 'there is no-one in the app, who has permissions to use this action', [...path, 'resource']);
+                        return;
+                    }
+                    if (view &&
+                        !allPermissions.some((permission) => {
+                            if (resourceViewPermissionPattern.test(permission)) {
+                                const [, permissionResourceName, permissionResourceAction, permissionResourceView] = permission.split(':');
+                                return (['all', resourceName].includes(permissionResourceName) &&
+                                    permissionResourceAction === resourceAction &&
+                                    (!permissionResourceView || permissionResourceView === view));
+                            }
+                            return false;
+                        })) {
+                        report(action.type, 'there is no-one in the app, who has permissions to use this action', [...path, 'resource']);
+                        return;
                     }
                 }
             }
             if (action.type.startsWith('flow.')) {
-                const page = (_k = definition.pages) === null || _k === void 0 ? void 0 : _k[Number(path[1])];
+                const page = (_g = definition.pages) === null || _g === void 0 ? void 0 : _g[Number(path[1])];
                 if (page.type !== 'flow' && page.type !== 'loop') {
                     report(action.type, 'flow actions can only be used on pages with the type ‘flow’ or ‘loop’', [...path, 'type']);
                     return;
                 }
-                if (action.type === 'flow.cancel' && !((_l = page.actions) === null || _l === void 0 ? void 0 : _l.onFlowCancel)) {
+                if (action.type === 'flow.cancel' && !((_h = page.actions) === null || _h === void 0 ? void 0 : _h.onFlowCancel)) {
                     report(action.type, 'was defined but ‘onFlowCancel’ page action wasn’t defined', [
                         ...path,
                         'type',
                     ]);
                     return;
                 }
-                if (action.type === 'flow.finish' && !((_m = page.actions) === null || _m === void 0 ? void 0 : _m.onFlowFinish)) {
+                if (action.type === 'flow.finish' && !((_j = page.actions) === null || _j === void 0 ? void 0 : _j.onFlowFinish)) {
                     report(action.type, 'was defined but ‘onFlowFinish’ page action wasn’t defined', [
                         ...path,
                         'type',
@@ -612,7 +925,7 @@ function validateActions(definition, report) {
                 if (page.type === 'flow' &&
                     action.type === 'flow.next' &&
                     Number(path[3]) === page.steps.length - 1 &&
-                    !((_o = page.actions) === null || _o === void 0 ? void 0 : _o.onFlowFinish)) {
+                    !((_k = page.actions) === null || _k === void 0 ? void 0 : _k.onFlowFinish)) {
                     report(action.type, 'was defined on the last step but ‘onFlowFinish’ page action wasn’t defined', [...path, 'type']);
                     return;
                 }
@@ -858,7 +1171,7 @@ export async function validateAppDefinition(definition, getBlockVersions, contro
         validateHooks(definition, report);
         validateLanguage(definition, report);
         validateResourceReferences(definition, report);
-        validateUsersSchema(definition, report);
+        validateMembersSchema(definition, report);
         validateResourceSchemas(definition, report);
         validateSecurity(definition, report);
         validateBlocks(definition, blockVersionMap, report);