npm - @appsemble/utils - Versions diffs - 0.29.10 → 0.30.1 - Mend

@appsemble/utils 0.29.10 → 0.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (493) hide show

package/README.md +3 -3
package/api/components/parameters/$own.d.ts +2 -0
package/api/components/parameters/$own.js +7 -0
package/api/components/parameters/appMemberId.d.ts +2 -0
package/api/components/parameters/appMemberId.js +8 -0
package/api/components/parameters/groupId.d.ts +2 -0
package/api/components/parameters/groupId.js +8 -0
package/api/components/parameters/groupMemberId.d.ts +2 -0
package/api/components/parameters/groupMemberId.js +8 -0
package/api/components/parameters/index.d.ts +17 -13
package/api/components/parameters/index.js +17 -13
package/api/components/parameters/organizationId.d.ts +9 -2
package/api/components/parameters/organizationId.js +1 -1
package/api/components/parameters/roles.js +12 -6
package/api/components/parameters/seed.d.ts +2 -0
package/api/components/parameters/seed.js +9 -0
package/api/components/parameters/selectedGroupId.d.ts +2 -0
package/api/components/parameters/selectedGroupId.js +7 -0
package/api/components/parameters/serviceSecretId.d.ts +2 -0
package/api/components/parameters/{appServiceId.js → serviceSecretId.js} +3 -3
package/api/components/requestBodies/oauth2Consent.js +1 -5
package/api/components/requestBodies/user.js +1 -1
package/api/components/schemas/ActionDefinition.js +14 -11
package/api/components/schemas/AppAccount.js +7 -24
package/api/components/schemas/AppDefinition.js +3 -15
package/api/components/schemas/AppMember.d.ts +2 -0
package/api/components/schemas/AppMember.js +26 -0
package/api/components/schemas/AppMemberCurrentPatchActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberCurrentPatchActionDefinition.js +30 -0
package/api/components/schemas/AppMemberDeleteActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberDeleteActionDefinition.js +20 -0
package/api/components/schemas/AppMemberInfo.d.ts +2 -0
package/api/components/schemas/AppMemberInfo.js +48 -0
package/api/components/schemas/AppMemberInviteActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberInviteActionDefinition.js +24 -0
package/api/components/schemas/AppMemberLoginActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberLoginActionDefinition.js +24 -0
package/api/components/schemas/AppMemberLogoutActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberLogoutActionDefinition.js +14 -0
package/api/components/schemas/AppMemberPropertiesPatchActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberPropertiesPatchActionDefinition.js +26 -0
package/api/components/schemas/AppMemberPropertyDefinition.d.ts +2 -0
package/api/components/schemas/{UserPropertyDefinition.js → AppMemberPropertyDefinition.js} +5 -5
package/api/components/schemas/AppMemberQueryActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberQueryActionDefinition.js +20 -0
package/api/components/schemas/AppMemberRegisterActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberRegisterActionDefinition.js +43 -0
package/api/components/schemas/AppMemberRoleUpdateActionDefinition.d.ts +1 -0
package/api/components/schemas/AppMemberRoleUpdateActionDefinition.js +27 -0
package/api/components/schemas/AppMembersDefinition.d.ts +2 -0
package/api/components/schemas/AppMembersDefinition.js +17 -0
package/api/components/schemas/GroupMember.d.ts +2 -0
package/api/components/schemas/GroupMember.js +19 -0
package/api/components/schemas/GroupMemberDeleteActionDefinition.d.ts +1 -0
package/api/components/schemas/{TeamMembersActionDefinition.js → GroupMemberDeleteActionDefinition.js} +5 -5
package/api/components/schemas/GroupMemberInviteActionDefinition.d.ts +1 -0
package/api/components/schemas/{TeamInviteActionDefinition.js → GroupMemberInviteActionDefinition.js} +5 -6
package/api/components/schemas/GroupMemberQueryActionDefinition.d.ts +1 -0
package/api/components/schemas/GroupMemberQueryActionDefinition.js +18 -0
package/api/components/schemas/GroupMemberRoleUpdateActionDefinition.d.ts +1 -0
package/api/components/schemas/GroupMemberRoleUpdateActionDefinition.js +22 -0
package/api/components/schemas/GroupQueryActionDefinition.d.ts +1 -0
package/api/components/schemas/{UserLogoutActionDefinition.js → GroupQueryActionDefinition.js} +4 -4
package/api/components/schemas/OrganizationMember.js +2 -2
package/api/components/schemas/ResourceCountActionDefinition.js +4 -0
package/api/components/schemas/ResourceCreateActionDefinition.js +1 -1
package/api/components/schemas/ResourceDefinition.js +0 -22
package/api/components/schemas/ResourceQueryActionDefinition.js +4 -0
package/api/components/schemas/SecurityDefaultDefinition.js +1 -1
package/api/components/schemas/SecurityDefinition.js +2 -6
package/api/components/schemas/SecurityGuestDefinition.d.ts +2 -0
package/api/components/schemas/SecurityGuestDefinition.js +26 -0
package/api/components/schemas/SecurityRoleDefinition.js +7 -0
package/api/components/schemas/User.js +2 -22
package/api/components/schemas/UserInfo.d.ts +2 -0
package/api/components/schemas/UserInfo.js +42 -0
package/api/components/schemas/index.d.ts +22 -15
package/api/components/schemas/index.js +22 -15
package/api/components/securitySchemes/app.js +6 -6
package/api/components/securitySchemes/cli.js +3 -3
package/api/paths/app-collections/appCollectionId/apps/appId/pinned.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/apps/appId/pinned.js +70 -0
package/api/paths/app-collections/appCollectionId/apps/appId.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/apps/appId.js +34 -0
package/api/paths/app-collections/appCollectionId/apps.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/apps.js +93 -0
package/api/paths/app-collections/appCollectionId/expert/profileImage.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/expert/profileImage.js +31 -0
package/api/paths/app-collections/appCollectionId/headerImage.d.ts +2 -0
package/api/paths/app-collections/appCollectionId/headerImage.js +31 -0
package/api/paths/app-collections/appCollectionId.d.ts +2 -0
package/api/paths/app-collections/appCollectionId.js +102 -0
package/api/paths/app-invites/token/respond.d.ts +2 -0
package/api/paths/app-invites/token/respond.js +51 -0
package/api/paths/app-invites/token.d.ts +2 -0
package/api/paths/app-invites/token.js +23 -0
package/api/paths/app-members/appMemberId/picture.d.ts +2 -0
package/api/paths/app-members/appMemberId/picture.js +30 -0
package/api/paths/app-members/appMemberId/properties.d.ts +2 -0
package/api/paths/app-members/appMemberId/properties.js +48 -0
package/api/paths/app-members/appMemberId/role.d.ts +2 -0
package/api/paths/app-members/appMemberId/role.js +46 -0
package/api/paths/app-members/appMemberId.d.ts +2 -0
package/api/paths/app-members/appMemberId.js +24 -0
package/api/paths/appCollections.d.ts +1 -1
package/api/paths/appCollections.js +12 -454
package/api/paths/appTemplates.d.ts +2 -0
package/api/paths/appTemplates.js +94 -0
package/api/paths/apps/appId/actions/path.d.ts +2 -0
package/api/paths/{action.js → apps/appId/actions/path.js} +18 -20
package/api/paths/apps/appId/assets/assetId.d.ts +2 -0
package/api/paths/apps/appId/assets/assetId.js +38 -0
package/api/paths/apps/appId/assets/count.d.ts +2 -0
package/api/paths/apps/appId/assets/count.js +22 -0
package/api/paths/apps/appId/assets.d.ts +2 -0
package/api/paths/apps/appId/assets.js +96 -0
package/api/paths/apps/appId/auth/email/login.d.ts +2 -0
package/api/paths/apps/appId/auth/email/login.js +10 -0
package/api/paths/apps/appId/auth/email/register.d.ts +2 -0
package/api/paths/apps/appId/auth/email/register.js +52 -0
package/api/paths/apps/appId/auth/email/requestResetPassword.d.ts +2 -0
package/api/paths/apps/appId/auth/email/requestResetPassword.js +31 -0
package/api/paths/apps/appId/auth/email/resendVerification.d.ts +2 -0
package/api/paths/apps/appId/auth/email/resendVerification.js +32 -0
package/api/paths/apps/appId/auth/email/resetPassword.d.ts +2 -0
package/api/paths/apps/appId/auth/email/resetPassword.js +34 -0
package/api/paths/apps/appId/auth/email/verify.d.ts +2 -0
package/api/paths/apps/appId/auth/email/verify.js +31 -0
package/api/paths/apps/appId/broadcast.d.ts +2 -0
package/api/paths/apps/appId/broadcast.js +36 -0
package/api/paths/apps/appId/demo-groups.d.ts +2 -0
package/api/paths/apps/appId/demo-groups.js +29 -0
package/api/paths/apps/appId/demo-members.d.ts +2 -0
package/api/paths/apps/appId/demo-members.js +27 -0
package/api/paths/apps/appId/email.d.ts +2 -0
package/api/paths/apps/appId/email.js +48 -0
package/api/paths/apps/appId/export.d.ts +2 -0
package/api/paths/apps/appId/export.js +41 -0
package/api/paths/apps/appId/groups.d.ts +2 -0
package/api/paths/apps/appId/groups.js +79 -0
package/api/paths/apps/appId/icon.d.ts +2 -0
package/api/paths/apps/appId/icon.js +31 -0
package/api/paths/apps/appId/invites.d.ts +2 -0
package/api/paths/apps/appId/invites.js +79 -0
package/api/paths/apps/appId/lock.d.ts +2 -0
package/api/paths/apps/appId/lock.js +35 -0
package/api/paths/apps/appId/maskableIcon.d.ts +2 -0
package/api/paths/apps/appId/maskableIcon.js +15 -0
package/api/paths/apps/appId/members/current/groups.d.ts +2 -0
package/api/paths/apps/appId/members/current/groups.js +30 -0
package/api/paths/apps/appId/members/current/link.d.ts +2 -0
package/api/paths/apps/appId/members/current/link.js +41 -0
package/api/paths/apps/appId/members/current.d.ts +2 -0
package/api/paths/apps/appId/members/current.js +111 -0
package/api/paths/apps/appId/members.d.ts +2 -0
package/api/paths/apps/appId/members.js +29 -0
package/api/paths/apps/appId/messages/language.d.ts +2 -0
package/api/paths/apps/appId/messages/language.js +47 -0
package/api/paths/apps/appId/messages.d.ts +2 -0
package/api/paths/apps/appId/messages.js +72 -0
package/api/paths/apps/appId/quotas/emails.d.ts +2 -0
package/api/paths/apps/appId/quotas/emails.js +36 -0
package/api/paths/apps/appId/ratings.d.ts +2 -0
package/api/paths/apps/appId/ratings.js +58 -0
package/api/paths/apps/appId/readmes/readmeId.d.ts +2 -0
package/api/paths/apps/appId/readmes/readmeId.js +17 -0
package/api/paths/apps/appId/reseed.d.ts +2 -0
package/api/paths/apps/appId/reseed.js +12 -0
package/api/paths/apps/appId/resources/resourceType/count.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/count.js +30 -0
package/api/paths/apps/appId/resources/resourceType/resourceId/subscriptions.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/resourceId/subscriptions.js +31 -0
package/api/paths/apps/appId/resources/resourceType/resourceId.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/resourceId.js +74 -0
package/api/paths/apps/appId/resources/resourceType/subscriptions.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType/subscriptions.js +26 -0
package/api/paths/apps/appId/resources/resourceType.d.ts +2 -0
package/api/paths/apps/appId/resources/resourceType.js +171 -0
package/api/paths/apps/appId/resources/versions.d.ts +2 -0
package/api/paths/apps/appId/resources/versions.js +29 -0
package/api/paths/apps/appId/resources.d.ts +2 -0
package/api/paths/apps/appId/resources.js +15 -0
package/api/paths/apps/appId/saml/secretId/acs.d.ts +2 -0
package/api/paths/apps/appId/saml/secretId/acs.js +35 -0
package/api/paths/apps/appId/saml/secretId/authn.d.ts +2 -0
package/api/paths/apps/appId/saml/secretId/authn.js +37 -0
package/api/paths/apps/appId/saml/secretId/metadata.d.ts +2 -0
package/api/paths/apps/appId/saml/secretId/metadata.js +21 -0
package/api/paths/apps/appId/scim/resource-types/resourceTypeId.d.ts +2 -0
package/api/paths/apps/appId/scim/resource-types/resourceTypeId.js +25 -0
package/api/paths/apps/appId/scim/resource-types.d.ts +2 -0
package/api/paths/apps/appId/scim/resource-types.js +22 -0
package/api/paths/apps/appId/scim/schemas/schemaId.d.ts +2 -0
package/api/paths/apps/appId/scim/schemas/schemaId.js +24 -0
package/api/paths/apps/appId/scim/schemas.d.ts +2 -0
package/api/paths/apps/appId/scim/schemas.js +21 -0
package/api/paths/apps/appId/scim/service-provider-config.d.ts +2 -0
package/api/paths/apps/appId/scim/service-provider-config.js +22 -0
package/api/paths/apps/appId/scim/users/userId.d.ts +2 -0
package/api/paths/apps/appId/scim/users/userId.js +92 -0
package/api/paths/apps/appId/scim/users.d.ts +2 -0
package/api/paths/apps/appId/scim/users.js +58 -0
package/api/paths/apps/appId/screenshots/screenshotId.d.ts +2 -0
package/api/paths/apps/appId/screenshots/screenshotId.js +28 -0
package/api/paths/apps/appId/screenshots.d.ts +2 -0
package/api/paths/apps/appId/screenshots.js +55 -0
package/api/paths/apps/appId/secrets/oauth2/secretId/verify.d.ts +2 -0
package/api/paths/apps/appId/secrets/oauth2/secretId/verify.js +47 -0
package/api/paths/apps/appId/secrets/oauth2/secretId.d.ts +2 -0
package/api/paths/apps/appId/secrets/oauth2/secretId.js +60 -0
package/api/paths/apps/appId/secrets/oauth2.d.ts +2 -0
package/api/paths/apps/appId/secrets/oauth2.js +54 -0
package/api/paths/apps/appId/secrets/saml/secretId.d.ts +2 -0
package/api/paths/apps/appId/secrets/saml/secretId.js +39 -0
package/api/paths/apps/appId/secrets/saml.d.ts +2 -0
package/api/paths/apps/appId/secrets/saml.js +54 -0
package/api/paths/apps/appId/secrets/scim.d.ts +2 -0
package/api/paths/apps/appId/secrets/scim.js +43 -0
package/api/paths/apps/appId/secrets/service/secretId.d.ts +2 -0
package/api/paths/apps/appId/secrets/service/secretId.js +39 -0
package/api/paths/apps/appId/secrets/service.d.ts +2 -0
package/api/paths/apps/appId/secrets/service.js +54 -0
package/api/paths/apps/appId/secrets/ssl.d.ts +2 -0
package/api/paths/apps/appId/secrets/ssl.js +37 -0
package/api/paths/apps/appId/snapshots/snapshotId.d.ts +2 -0
package/api/paths/apps/appId/snapshots/snapshotId.js +47 -0
package/api/paths/apps/appId/snapshots.d.ts +2 -0
package/api/paths/apps/appId/snapshots.js +40 -0
package/api/paths/apps/appId/style/block/organizationId/blockId.d.ts +2 -0
package/api/paths/apps/appId/style/block/organizationId/blockId.js +53 -0
package/api/paths/apps/appId/style/core.d.ts +2 -0
package/api/paths/apps/appId/style/core.js +17 -0
package/api/paths/apps/appId/style/shared.d.ts +2 -0
package/api/paths/apps/appId/style/shared.js +17 -0
package/api/paths/apps/appId/subscriptions.d.ts +2 -0
package/api/paths/apps/appId/subscriptions.js +91 -0
package/api/paths/apps/appId/variables/variableId.d.ts +2 -0
package/api/paths/apps/appId/variables/variableId.js +39 -0
package/api/paths/apps/appId/variables.d.ts +2 -0
package/api/paths/apps/appId/variables.js +53 -0
package/api/paths/apps/appId.d.ts +2 -0
package/api/paths/apps/appId.js +175 -0
package/api/paths/apps.d.ts +1 -1
package/api/paths/apps.js +95 -1518
package/api/paths/auth/email/login.d.ts +2 -0
package/api/paths/auth/email/login.js +10 -0
package/api/paths/auth/email/register.d.ts +2 -0
package/api/paths/auth/email/register.js +45 -0
package/api/paths/auth/email/requestResetPassword.d.ts +2 -0
package/api/paths/auth/email/requestResetPassword.js +30 -0
package/api/paths/auth/email/resendVerification.d.ts +2 -0
package/api/paths/auth/email/resendVerification.js +31 -0
package/api/paths/auth/email/resetPassword.d.ts +2 -0
package/api/paths/auth/email/resetPassword.js +33 -0
package/api/paths/auth/email/verify.d.ts +2 -0
package/api/paths/auth/email/verify.js +30 -0
package/api/paths/auth/oauth2/authorizations/connect.d.ts +2 -0
package/api/paths/auth/oauth2/authorizations/connect.js +45 -0
package/api/paths/auth/oauth2/authorizations/register.d.ts +2 -0
package/api/paths/auth/oauth2/authorizations/register.js +32 -0
package/api/paths/auth/refreshToken.d.ts +2 -0
package/api/paths/auth/refreshToken.js +26 -0
package/api/paths/blocks/organizationId/blockId/versions/list.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/list.js +27 -0
package/api/paths/blocks/organizationId/blockId/versions/version/asset.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version/asset.js +24 -0
package/api/paths/blocks/organizationId/blockId/versions/version/icon.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version/icon.js +18 -0
package/api/paths/blocks/organizationId/blockId/versions/version/messages/language.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version/messages/language.js +37 -0
package/api/paths/blocks/organizationId/blockId/versions/version.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions/version.js +29 -0
package/api/paths/blocks/organizationId/blockId/versions.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId/versions.js +27 -0
package/api/paths/blocks/organizationId/blockId.d.ts +2 -0
package/api/paths/blocks/organizationId/blockId.js +18 -0
package/api/paths/blocks/versions/blockVersion.js +21 -0
package/api/paths/blocks.d.ts +1 -1
package/api/paths/blocks.js +29 -204
package/api/paths/containerLogs.d.ts +1 -1
package/api/paths/containerLogs.js +28 -30
package/api/paths/group-invites/token/respond.d.ts +2 -0
package/api/paths/group-invites/token/respond.js +42 -0
package/api/paths/group-invites/token.d.ts +2 -0
package/api/paths/group-invites/token.js +23 -0
package/api/paths/group-members/groupMemberId/role.d.ts +2 -0
package/api/paths/group-members/groupMemberId/role.js +40 -0
package/api/paths/group-members/groupMemberId.d.ts +2 -0
package/api/paths/group-members/groupMemberId.js +34 -0
package/api/paths/groups/groupId/invites.d.ts +2 -0
package/api/paths/groups/groupId/invites.js +87 -0
package/api/paths/groups/groupId/members.d.ts +2 -0
package/api/paths/groups/groupId/members.js +34 -0
package/api/paths/groups/groupId.d.ts +2 -0
package/api/paths/groups/groupId.js +86 -0
package/api/paths/health.d.ts +1 -1
package/api/paths/health.js +12 -66
package/api/paths/index.d.ts +145 -136
package/api/paths/index.js +294 -58
package/api/paths/messages/language.d.ts +2 -0
package/api/paths/messages/language.js +21 -0
package/api/paths/messages.d.ts +2 -0
package/api/paths/messages.js +26 -0
package/api/paths/organization-invites/token/respond.d.ts +2 -0
package/api/paths/organization-invites/token/respond.js +42 -0
package/api/paths/organization-invites/token.d.ts +2 -0
package/api/paths/organization-invites/token.js +23 -0
package/api/paths/organizations/organizationId/appCollections.d.ts +2 -0
package/api/paths/organizations/organizationId/appCollections.js +76 -0
package/api/paths/organizations/organizationId/apps/import.d.ts +2 -0
package/api/paths/organizations/organizationId/apps/import.js +26 -0
package/api/paths/organizations/organizationId/apps.d.ts +2 -0
package/api/paths/organizations/organizationId/apps.js +33 -0
package/api/paths/organizations/organizationId/blocks.d.ts +2 -0
package/api/paths/organizations/organizationId/blocks.js +25 -0
package/api/paths/organizations/organizationId/icon.d.ts +2 -0
package/api/paths/organizations/organizationId/icon.js +14 -0
package/api/paths/organizations/organizationId/invites/resend.d.ts +2 -0
package/api/paths/organizations/organizationId/invites/resend.js +32 -0
package/api/paths/organizations/organizationId/invites.d.ts +2 -0
package/api/paths/organizations/organizationId/invites.js +108 -0
package/api/paths/organizations/organizationId/members/memberId/role.d.ts +2 -0
package/api/paths/organizations/organizationId/members/memberId/role.js +50 -0
package/api/paths/organizations/organizationId/members/memberId.d.ts +2 -0
package/api/paths/organizations/organizationId/members/memberId.js +25 -0
package/api/paths/organizations/organizationId/members.d.ts +2 -0
package/api/paths/organizations/organizationId/members.js +25 -0
package/api/paths/organizations/organizationId.d.ts +2 -0
package/api/paths/organizations/organizationId.js +67 -0
package/api/paths/organizations.d.ts +1 -1
package/api/paths/organizations.js +46 -452
package/api/paths/ssl.d.ts +2 -0
package/api/paths/ssl.js +31 -0
package/api/paths/timezones.d.ts +2 -0
package/api/paths/timezones.js +23 -0
package/api/paths/trainingBlocks/trainingBlockId.d.ts +2 -0
package/api/paths/trainingBlocks/trainingBlockId.js +41 -0
package/api/paths/trainings/trainingId/blocks.d.ts +2 -0
package/api/paths/trainings/trainingId/blocks.js +51 -0
package/api/paths/trainings/trainingId/users/current.d.ts +2 -0
package/api/paths/trainings/trainingId/users/current.js +62 -0
package/api/paths/trainings/trainingId/users.d.ts +2 -0
package/api/paths/trainings/trainingId/users.js +25 -0
package/api/paths/trainings/trainingId.d.ts +2 -0
package/api/paths/trainings/trainingId.js +85 -0
package/api/paths/trainings.d.ts +1 -1
package/api/paths/trainings.js +26 -287
package/api/paths/users/current/apps/accounts.d.ts +2 -0
package/api/paths/users/current/apps/accounts.js +24 -0
package/api/paths/users/current/apps/appId/account.d.ts +2 -0
package/api/paths/users/current/apps/appId/account.js +65 -0
package/api/paths/users/current/apps.d.ts +2 -0
package/api/paths/users/current/apps.js +32 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/agree.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/agree.js +12 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/verify.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/apps/appId/consent/verify.js +12 -0
package/api/paths/users/current/auth/oauth2/authorizations.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/authorizations.js +43 -0
package/api/paths/users/current/auth/oauth2/clientCredentials/clientId.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/clientCredentials/clientId.js +23 -0
package/api/paths/users/current/auth/oauth2/clientCredentials.d.ts +2 -0
package/api/paths/users/current/auth/oauth2/clientCredentials.js +53 -0
package/api/paths/users/current/emails.d.ts +2 -0
package/api/paths/users/current/emails.js +73 -0
package/api/paths/users/current/organizations.d.ts +2 -0
package/api/paths/users/current/organizations.js +29 -0
package/api/paths/users/current/unsubscribe.d.ts +2 -0
package/api/paths/users/current/unsubscribe.js +29 -0
package/api/paths/users/current.d.ts +2 -0
package/api/paths/users/current.js +43 -0
package/api/paths/users/subscribed.d.ts +2 -0
package/api/paths/users/subscribed.js +12 -0
package/api/tags/index.d.ts +2 -1
package/api/tags/index.js +170 -8
package/appMembers.d.ts +1 -0
package/appMembers.js +9 -0
package/authorization.d.ts +12 -0
package/authorization.js +171 -0
package/constants/index.d.ts +0 -2
package/constants/index.js +0 -2
package/constants/scopes.d.ts +1 -1
package/constants/scopes.js +2 -2
package/examples.js +13 -14
package/index.d.ts +2 -2
package/index.js +2 -2
package/package.json +2 -2
package/reference-schemas/remappers/data.js +23 -38
package/remap.d.ts +3 -7
package/remap.js +1 -2
package/remap.test.js +8 -9
package/validation.js +396 -83
package/validation.test.js +1039 -230
package/api/components/parameters/$team.d.ts +0 -2
package/api/components/parameters/$team.js +0 -8
package/api/components/parameters/appServiceId.d.ts +0 -2
package/api/components/parameters/memberEmail.d.ts +0 -2
package/api/components/parameters/memberEmail.js +0 -8
package/api/components/schemas/TeamInviteActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamJoinActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamJoinActionDefinition.js +0 -14
package/api/components/schemas/TeamListActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamListActionDefinition.js +0 -14
package/api/components/schemas/TeamMembersActionDefinition.d.ts +0 -1
package/api/components/schemas/TeamsDefinition.d.ts +0 -2
package/api/components/schemas/TeamsDefinition.js +0 -28
package/api/components/schemas/UserCreateActionDefinition.d.ts +0 -1
package/api/components/schemas/UserCreateActionDefinition.js +0 -33
package/api/components/schemas/UserLoginActionDefinition.d.ts +0 -1
package/api/components/schemas/UserLoginActionDefinition.js +0 -22
package/api/components/schemas/UserLogoutActionDefinition.d.ts +0 -1
package/api/components/schemas/UserPropertyDefinition.d.ts +0 -2
package/api/components/schemas/UserQueryActionDefinition.d.ts +0 -1
package/api/components/schemas/UserQueryActionDefinition.js +0 -20
package/api/components/schemas/UserRegisterActionDefinition.d.ts +0 -1
package/api/components/schemas/UserRegisterActionDefinition.js +0 -37
package/api/components/schemas/UserRemoveActionDefinition.d.ts +0 -1
package/api/components/schemas/UserRemoveActionDefinition.js +0 -20
package/api/components/schemas/UserUpdateActionDefinition.d.ts +0 -1
package/api/components/schemas/UserUpdateActionDefinition.js +0 -36
package/api/components/schemas/UsersDefinition.d.ts +0 -2
package/api/components/schemas/UsersDefinition.js +0 -17
package/api/paths/appMessages.d.ts +0 -2
package/api/paths/appMessages.js +0 -120
package/api/paths/appOAuth2Secrets.d.ts +0 -2
package/api/paths/appOAuth2Secrets.js +0 -161
package/api/paths/appQuotas.d.ts +0 -2
package/api/paths/appQuotas.js +0 -38
package/api/paths/appSSLSecrets.d.ts +0 -2
package/api/paths/appSSLSecrets.js +0 -39
package/api/paths/appSamlSecrets.d.ts +0 -2
package/api/paths/appSamlSecrets.js +0 -94
package/api/paths/appScimEndpoints.d.ts +0 -2
package/api/paths/appScimEndpoints.js +0 -260
package/api/paths/appScimSecrets.d.ts +0 -2
package/api/paths/appScimSecrets.js +0 -45
package/api/paths/appServiceSecrets.d.ts +0 -2
package/api/paths/appServiceSecrets.js +0 -94
package/api/paths/appVariables.d.ts +0 -2
package/api/paths/appVariables.js +0 -93
package/api/paths/appsembleMessages.d.ts +0 -2
package/api/paths/appsembleMessages.js +0 -48
package/api/paths/assets.d.ts +0 -2
package/api/paths/assets.js +0 -213
package/api/paths/emails.d.ts +0 -2
package/api/paths/emails.js +0 -167
package/api/paths/invite.d.ts +0 -2
package/api/paths/invite.js +0 -25
package/api/paths/oauth2ClientCredentials.d.ts +0 -2
package/api/paths/oauth2ClientCredentials.js +0 -77
package/api/paths/oauth2Login.d.ts +0 -2
package/api/paths/oauth2Login.js +0 -119
package/api/paths/oauth2Provider.d.ts +0 -2
package/api/paths/oauth2Provider.js +0 -75
package/api/paths/resourceHistory.d.ts +0 -2
package/api/paths/resourceHistory.js +0 -31
package/api/paths/resources.d.ts +0 -2
package/api/paths/resources.js +0 -395
package/api/paths/saml.d.ts +0 -2
package/api/paths/saml.js +0 -126
package/api/paths/templates.d.ts +0 -2
package/api/paths/templates.js +0 -96
package/api/paths/user.d.ts +0 -2
package/api/paths/user.js +0 -649
package/api/tags/app.d.ts +0 -2
package/api/tags/app.js +0 -5
package/api/tags/appMember.d.ts +0 -2
package/api/tags/appMember.js +0 -5
package/api/tags/asset.d.ts +0 -2
package/api/tags/asset.js +0 -5
package/api/tags/auth.d.ts +0 -2
package/api/tags/auth.js +0 -5
package/api/tags/language.d.ts +0 -2
package/api/tags/language.js +0 -5
package/api/tags/organization.d.ts +0 -2
package/api/tags/organization.js +0 -5
package/api/tags/resource.d.ts +0 -2
package/api/tags/resource.js +0 -5
package/api/tags/template.d.ts +0 -2
package/api/tags/template.js +0 -5
package/api/tags/user.d.ts +0 -2
package/api/tags/user.js +0 -5
package/appSecurity.d.ts +0 -9
package/appSecurity.js +0 -41
package/appSecurity.test.d.ts +0 -1
package/appSecurity.test.js +0 -114
package/checkAppRole.d.ts +0 -11
package/checkAppRole.js +0 -34
package/constants/Permission.d.ts +0 -114
package/constants/Permission.js +0 -116
package/constants/roles.d.ts +0 -16
package/constants/roles.js +0 -58
/package/api/paths/{action.d.ts → blocks/versions/blockVersion.d.ts} +0 -0

package/validation.test.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { predefinedAppRoles, } from '@appsemble/types';
 import { ValidationError } from 'jsonschema';
 import { describe, expect, it } from 'vitest';
 import { validateAppDefinition } from './validation.js';
@@ -885,15 +886,6 @@ describe('validateAppDefinition', () => {
             ]),
         ]);
     });
-    it('should validate the top level default roles exist', async () => {
-        const app = createTestApp();
-        app.roles = ['Unknown'];
-        const result = await validateAppDefinition(app, () => []);
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, ['roles', 0]),
-        ]);
-    });
     it('should validate resource types against reserved keywords', async () => {
         const app = {
             name: 'Test app',
@@ -984,92 +976,23 @@ describe('validateAppDefinition', () => {
             new ValidationError('is a reserved keyword', { type: 'object', properties: { name: { type: 'string' } } }, undefined, ['resources', 'expires']),
         ]);
     });
-    it('should validate the resource roles exist', async () => {
-        const app = createTestApp();
-        app.resources.person.roles = ['Unknown'];
-        const result = await validateAppDefinition(app, () => []);
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'roles',
-                0,
-            ]),
-        ]);
-    });
-    it('should validate the resource action roles', async () => {
-        const app = createTestApp();
-        app.resources.person.count = { roles: ['Unknown'] };
-        app.resources.person.create = { roles: ['Unknown'] };
-        app.resources.person.delete = { roles: ['Unknown'] };
-        app.resources.person.get = { roles: ['Unknown'] };
-        app.resources.person.query = { roles: ['Unknown'] };
-        app.resources.person.update = { roles: ['Unknown'] };
-        const result = await validateAppDefinition(app, () => []);
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'count',
-                'roles',
-                0,
-            ]),
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'create',
-                'roles',
-                0,
-            ]),
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'delete',
-                'roles',
-                0,
-            ]),
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'get',
-                'roles',
-                0,
-            ]),
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'query',
-                'roles',
-                0,
-            ]),
-            new ValidationError('does not exist in this app’s roles', 'Unknown', undefined, [
-                'resources',
-                'person',
-                'update',
-                'roles',
-                0,
-            ]),
-        ]);
-    });
-    it('should validate user properties for type or enum', async () => {
-        const app = { ...createTestApp(), users: { properties: { foo: { schema: {} } } } };
+    it('should validate app member properties for type or enum', async () => {
+        const app = { ...createTestApp(), members: { properties: { foo: { schema: {} } } } };
         const result = await validateAppDefinition(app, () => []);
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
             new ValidationError('must define type or enum', {}, undefined, [
-                'users',
+                'members',
                 'properties',
                 'foo',
                 'schema',
             ]),
         ]);
     });
-    it('should validate user properties for resource references', async () => {
+    it('should validate app member properties for resource references', async () => {
         const app = {
             ...createTestApp(),
-            users: {
+            members: {
                 properties: {
                     foo: {
                         schema: { type: 'integer' },
@@ -1084,7 +1007,7 @@ describe('validateAppDefinition', () => {
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
             new ValidationError('refers to a resource that doesn’t exist', 'tasks', undefined, [
-                'users',
+                'members',
                 'properties',
                 'foo',
                 'reference',
@@ -1269,27 +1192,6 @@ describe('validateAppDefinition', () => {
             ]),
         ]);
     });
-    it('should allow the $author role for resource actions', async () => {
-        const app = createTestApp();
-        app.resources.person.roles = ['$author'];
-        app.resources.person.count = { roles: ['$author'] };
-        app.resources.person.create = { roles: ['$author'] };
-        app.resources.person.delete = { roles: ['$author'] };
-        app.resources.person.get = { roles: ['$author'] };
-        app.resources.person.query = { roles: ['$author'] };
-        app.resources.person.update = { roles: ['$author'] };
-        const result = await validateAppDefinition(app, () => []);
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('does not exist in this app’s roles', '$author', undefined, [
-                'resources',
-                'person',
-                'create',
-                'roles',
-                0,
-            ]),
-        ]);
-    });
     it('should validate page roles', async () => {
         const app = createTestApp();
         app.pages[0].roles = ['Unknown'];
@@ -1351,17 +1253,17 @@ describe('validateAppDefinition', () => {
         const result = await validateAppDefinition(app, () => []);
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
-            new ValidationError('cyclicly inherits itself', { inherits: ['B'] }, undefined, [
+            new ValidationError('cyclically inherits itself', { inherits: ['B'] }, undefined, [
                 'security',
                 'roles',
                 'A',
             ]),
-            new ValidationError('cyclicly inherits itself', { inherits: ['C'] }, undefined, [
+            new ValidationError('cyclically inherits itself', { inherits: ['C'] }, undefined, [
                 'security',
                 'roles',
                 'B',
             ]),
-            new ValidationError('cyclicly inherits itself', { inherits: ['E', 'A'] }, undefined, [
+            new ValidationError('cyclically inherits itself', { inherits: ['E', 'A'] }, undefined, [
                 'security',
                 'roles',
                 'C',
@@ -1665,14 +1567,14 @@ describe('validateAppDefinition', () => {
         expect(result.valid).toBe(true);
         expect(result.errors).toStrictEqual([]);
     });
-    it('should report an error if user actions are used without a security definition', async () => {
+    it('should report an error if app member actions are used without a security definition', async () => {
         const { security, ...app } = createTestApp();
         app.pages[0].blocks.push({
             type: 'test',
             version: '1.2.3',
             actions: {
                 onWhatever: {
-                    type: 'user.login',
+                    type: 'app.member.login',
                     email: 'example@example.com',
                     password: 'password',
                 },
@@ -1683,10 +1585,10 @@ describe('validateAppDefinition', () => {
             version: '1.2.3',
             actions: {
                 onWhatever: {
-                    type: 'user.register',
+                    type: 'app.member.register',
                     email: 'example@example.com',
                     password: 'password',
-                    displayName: 'Test User',
+                    name: 'Test User',
                 },
             },
         });
@@ -1695,9 +1597,7 @@ describe('validateAppDefinition', () => {
             version: '1.2.3',
             actions: {
                 onWhatever: {
-                    type: 'user.update',
-                    currentEmail: 'example@example.com',
-                    password: 'password',
+                    type: 'app.member.current.patch',
                 },
             },
         });
@@ -1714,9 +1614,9 @@ describe('validateAppDefinition', () => {
         ]);
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
-            new ValidationError('refers to a user action but the app doesn’t have a security definition', 'user.login', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'type']),
-            new ValidationError('refers to a user action but the app doesn’t have a security definition', 'user.register', undefined, ['pages', 0, 'blocks', 1, 'actions', 'onWhatever', 'type']),
-            new ValidationError('refers to a user action but the app doesn’t have a security definition', 'user.update', undefined, ['pages', 0, 'blocks', 2, 'actions', 'onWhatever', 'type']),
+            new ValidationError('refers to an app member action but the app doesn’t have a security definition', 'app.member.login', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'type']),
+            new ValidationError('refers to an app member action but the app doesn’t have a security definition', 'app.member.register', undefined, ['pages', 0, 'blocks', 1, 'actions', 'onWhatever', 'type']),
+            new ValidationError('refers to an app member action but the app doesn’t have a security definition', 'app.member.current.patch', undefined, ['pages', 0, 'blocks', 2, 'actions', 'onWhatever', 'type']),
         ]);
     });
     it('should report an error if flow actions are used on a non-flow page', async () => {
@@ -1905,53 +1805,7 @@ describe('validateAppDefinition', () => {
     it('should report an error if a user register action on a block adds unsupported user properties', async () => {
         const app = {
             ...createTestApp(),
-            users: {
-                properties: {
-                    foo: {
-                        schema: {
-                            type: 'string',
-                        },
-                    },
-                },
-            },
-        };
-        app.pages[0].blocks.push({
-            type: 'test',
-            version: '1.2.3',
-            actions: {
-                onWhatever: {
-                    type: 'user.register',
-                    displayName: 'name',
-                    email: 'email@example.com',
-                    password: 'password',
-                    properties: {
-                        'object.from': {
-                            bar: 'baz',
-                        },
-                    },
-                },
-            },
-        });
-        const result = await validateAppDefinition(app, () => [
-            {
-                name: '@appsemble/test',
-                version: '1.2.3',
-                files: [],
-                languages: [],
-                actions: {
-                    onWhatever: {},
-                },
-            },
-        ]);
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('contains a property that doesn’t exist in users.properties', 'user.register', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'properties']),
-        ]);
-    });
-    it('should report an error if a user create action on a block adds unsupported user properties', async () => {
-        const app = {
-            ...createTestApp(),
-            users: {
+            members: {
                 properties: {
                     foo: {
                         schema: {
@@ -1966,11 +1820,10 @@ describe('validateAppDefinition', () => {
             version: '1.2.3',
             actions: {
                 onWhatever: {
-                    type: 'user.create',
+                    type: 'app.member.register',
                     name: 'name',
                     email: 'email@example.com',
                     password: 'password',
-                    role: 'role',
                     properties: {
                         'object.from': {
                             bar: 'baz',
@@ -1992,13 +1845,13 @@ describe('validateAppDefinition', () => {
         ]);
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
-            new ValidationError('contains a property that doesn’t exist in users.properties', 'user.create', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'properties']),
+            new ValidationError('contains a property that doesn’t exist in app member properties', 'app.member.register', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'properties']),
         ]);
     });
-    it('should report an error if a user update action on a block adds unsupported user properties', async () => {
+    it('should report an error if a app member update action on a block adds unsupported app member properties', async () => {
         const app = {
             ...createTestApp(),
-            users: {
+            members: {
                 properties: {
                     foo: {
                         schema: {
@@ -2013,12 +1866,8 @@ describe('validateAppDefinition', () => {
             version: '1.2.3',
             actions: {
                 onWhatever: {
-                    type: 'user.update',
+                    type: 'app.member.current.patch',
                     name: 'name',
-                    currentEmail: 'email@example.com',
-                    newEmail: 'new-email@example.com',
-                    password: 'password',
-                    role: 'role',
                     properties: {
                         'object.from': {
                             bar: 'baz',
@@ -2040,7 +1889,7 @@ describe('validateAppDefinition', () => {
         ]);
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
-            new ValidationError('contains a property that doesn’t exist in users.properties', 'user.update', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'properties']),
+            new ValidationError('contains a property that doesn’t exist in app member properties', 'app.member.current.patch', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'properties']),
         ]);
     });
     it('should report an error if a resource action on a block refers to a non-existent resource', async () => {
@@ -2104,7 +1953,7 @@ describe('validateAppDefinition', () => {
             ]),
         ]);
     });
-    it('should report an error if a resource action on a block refers to a private resource action', async () => {
+    it('should report an error if a resource action on a block is accessible by no roles in the app', async () => {
         const app = createTestApp();
         app.pages[0].blocks.push({
             type: 'test',
@@ -2129,10 +1978,10 @@ describe('validateAppDefinition', () => {
         ]);
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
-            new ValidationError('refers to a resource action that is currently set to private', 'resource.get', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'resource']),
+            new ValidationError('there is no-one in the app, who has permissions to use this action', 'resource.get', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'resource']),
         ]);
     });
-    it('should report an error if a resource action on the controller refers to a private resource action', async () => {
+    it('should report an error if a resource action on the controller is accessible by no roles in the app', async () => {
         const app = createTestApp();
         app.controller = {
             actions: {
@@ -2149,57 +1998,7 @@ describe('validateAppDefinition', () => {
         });
         expect(result.valid).toBe(false);
         expect(result.errors).toStrictEqual([
-            new ValidationError('refers to a resource action that is currently set to private', 'resource.get', undefined, ['controller', 'actions', 'onWhatever', 'resource']),
-        ]);
-    });
-    it('should report an error if a resource action on a block refers is private action without a security definition', async () => {
-        const { security, ...app } = createTestApp();
-        app.resources.person.roles = [];
-        app.pages[0].blocks.push({
-            type: 'test',
-            version: '1.2.3',
-            actions: {
-                onWhatever: {
-                    type: 'resource.get',
-                    resource: 'person',
-                },
-            },
-        });
-        const result = await validateAppDefinition(app, () => [
-            {
-                name: '@appsemble/test',
-                version: '1.2.3',
-                files: [],
-                languages: [],
-                actions: {
-                    onWhatever: {},
-                },
-            },
-        ]);
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('refers to a resource action that is accessible when logged in, but the app has no security definitions', 'resource.get', undefined, ['pages', 0, 'blocks', 0, 'actions', 'onWhatever', 'resource']),
-        ]);
-    });
-    it('should report an error if a resource action on the controller refers is private action without a security definition', async () => {
-        const { security, ...app } = createTestApp();
-        app.resources.person.roles = [];
-        app.controller = {
-            actions: {
-                onWhatever: {
-                    type: 'resource.get',
-                    resource: 'person',
-                },
-            },
-        };
-        const result = await validateAppDefinition(app, () => [], {
-            actions: {
-                onWhatever: {},
-            },
-        });
-        expect(result.valid).toBe(false);
-        expect(result.errors).toStrictEqual([
-            new ValidationError('refers to a resource action that is accessible when logged in, but the app has no security definitions', 'resource.get', undefined, ['controller', 'actions', 'onWhatever', 'resource']),
+            new ValidationError('there is no-one in the app, who has permissions to use this action', 'resource.get', undefined, ['controller', 'actions', 'onWhatever', 'resource']),
         ]);
     });
     it('should ignore if an app is null', async () => {
@@ -2302,5 +2101,1015 @@ describe('validateAppDefinition', () => {
             }, undefined, ['pages', 0, 'blocks', 0, 'actions', 'onClick', 'type']),
         ]);
     });
+    it('should validate security definition', async () => {
+        const { security, ...app } = createTestApp();
+        app.security = {};
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('invalid security definition. Must define either guest or roles and default', app, undefined, ['security']),
+        ]);
+    });
+    it('should report an error on duplicate guest permissions', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$group:query', '$group:query'],
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('duplicate permission declaration', app, undefined, [
+                'security',
+                'guest',
+                'permissions',
+                1,
+            ]),
+        ]);
+    });
+    it('should report an error when a guest resource permission references a non existing resource', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:unknown:query'],
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError("resource unknown does not exist in the app's resources definition", app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource permission for a specific resource is declared and there is already a resource permission with scope all declared', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query', '$resource:all:query'],
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all is already declared', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission with scope all is declared and there is a resource that does not define the view', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:all:query:public'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+            note: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('resource note is missing a definition for the public view', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission is declared for a resource that does not define the view', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query:public'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('resource person is missing a definition for the public view', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission redeclares a view permission for an already declared resource action view permission', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query:public', '$resource:person:query:private'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                    private: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('a view permission for the query action on resource person is already declared', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission redeclares a view permission for an already declared resource action view permission with scope all', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query:public', '$resource:all:query:private'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                    private: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('a view permission for the query action with scope all is already declared', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission is declared for a specific view and there is already a permission for the same resource action without a specific view', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query:public', '$resource:person:query'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query action on resource person without a specific view is already declared', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission is declared for a specific view and there is already a permission for the same resource action with scope all without a specific view', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query:public', '$resource:all:query'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all without a specific view is already declared', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a guest resource view permission is declared for a specific view and there is already a permission for the same resource action with scope all with the same view', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:query:public', '$resource:all:query:public'],
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all for this view is already declared', app, undefined, ['security', 'guest', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error on duplicate role permissions', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$group:query', '$group:query'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('duplicate permission declaration', app, undefined, [
+                'security',
+                'roles',
+                'test',
+                'permissions',
+                1,
+            ]),
+        ]);
+    });
+    it('should report an error if a role redeclares an inherited permission', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$group:query'],
+                },
+                test: {
+                    permissions: ['$group:query'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('permission is already inherited from another role', app, undefined, [
+                'security',
+                'roles',
+                'test',
+                'permissions',
+                0,
+            ]),
+        ]);
+    });
+    it('should report an error when a role resource permission references a non existing resource', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:unknown:query'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError("resource unknown does not exist in the app's resources definition", app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource permission for a specific resource is declared and there is already a resource permission with scope all declared', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query', '$resource:all:query'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource permission for a specific resource is declared and there is already an inherited resource permission with scope all', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:all:query'],
+                },
+                test: {
+                    permissions: ['$resource:person:query'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission with scope all is declared and there is a resource that does not define the view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:all:query:public'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('resource person is missing a definition for the public view', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission is declared for a resource that does not define the view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query:public'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('resource person is missing a definition for the public view', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission redeclares a view permission for an already declared resource action view permission', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query:public', '$resource:person:query:private'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                    private: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('a view permission for the query action on resource person is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission redeclares a view permission for an already declared resource action view permission with scope all', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query:public', '$resource:all:query:private'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                    private: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('a view permission for the query action with scope all is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission is declared for a specific view and there is already a permission for the same resource action without a specific view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query:public', '$resource:person:query'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query action on resource person without a specific view is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission is declared for a specific view and there is already a permission for the same resource action with scope all without a specific view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query:public', '$resource:all:query'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all without a specific view is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission is declared for a specific view and there is already a permission for the same resource action with scope all with the same view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:query:public', '$resource:all:query:public'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all for this view is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission redeclares a view permission for an already inherited resource action view permission', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:person:query:private'],
+                },
+                test: {
+                    permissions: ['$resource:person:query:public'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                    private: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('a view permission for the query action on resource person is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission redeclares a view permission for an already inherited resource action view permission with scope all', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:all:query:private'],
+                },
+                test: {
+                    permissions: ['$resource:person:query:public'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                    private: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('a view permission for the query action with scope all is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission is declared for a specific view and there is already an inherited permission for the same resource action without a specific view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:person:query'],
+                },
+                test: {
+                    permissions: ['$resource:person:query:public'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query action on resource person without a specific view is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when a role resource view permission is declared for a specific view and there is already an inherited permission for the same resource action with scope all without a specific view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:all:query'],
+                },
+                test: {
+                    permissions: ['$resource:person:query:public'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all without a specific view is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('a should report an error when a role resource view permission is declared for a specific view and there is already a permission for the same resource action with scope all with the same view', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:all:query:public'],
+                },
+                test: {
+                    permissions: ['$resource:person:query:public'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        app.resources = {
+            person: {
+                schema: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                    },
+                },
+                views: {
+                    public: {
+                        remap: 'log.info',
+                    },
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the query resource action with scope all for this view is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission references a resource that does not exist', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:unknown:own:get'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError("resource unknown does not exist in the app's resources definition", app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission is declared and there is already a generic resource permission for that action on that resource', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:own:get', '$resource:person:get'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the get resource action on resource person is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission is declared and there is already a generic resource permission with scope all for that action', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:own:get', '$resource:all:get'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the get resource action with scope all is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission is declared and there is already an own resource permission with scope all for that action', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:own:get', '$resource:all:own:get'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. An own permission for the get resource action with scope all is already declared', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission is declared and there is already an inherited generic resource permission for that action on that resource', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:person:get'],
+                },
+                test: {
+                    permissions: ['$resource:person:own:get'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the get resource action on resource person is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission is declared and there is already an inherited generic resource permission with scope all for that action', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:all:get'],
+                },
+                test: {
+                    permissions: ['$resource:person:own:get'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. A permission for the get resource action with scope all is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should report an error when an own resource permission is declared and there is already an inherited own resource permission with scope all for that action', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                inherited: {
+                    permissions: ['$resource:all:own:get'],
+                },
+                test: {
+                    permissions: ['$resource:person:own:get'],
+                    inherits: ['inherited'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('redundant permission. An own permission for the get resource action with scope all is already inherited from another role', app, undefined, ['security', 'roles', 'test', 'permissions', 0]),
+        ]);
+    });
+    it('should not allow overwriting predefined roles', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'Member',
+            },
+            roles: {
+                Member: {},
+                MembersManager: {},
+                GroupMembersManager: {},
+                GroupsManager: {},
+                ResourcesManager: {},
+                Owner: {},
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual(predefinedAppRoles.map((role) => new ValidationError(`not allowed to overwrite role ${role}`, app, undefined, [
+            'security',
+            'roles',
+            role,
+        ])));
+    });
+    it('should throw an error on invalid role permissions', async () => {
+        const app = createTestApp();
+        app.security = {
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:modify'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('invalid permission', app, undefined, [
+                'security',
+                'roles',
+                'test',
+                'permissions',
+                0,
+            ]),
+        ]);
+    });
+    it('should throw an error on invalid guest permissions', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                permissions: ['$resource:person:own:modify'],
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('invalid permission', app, undefined, [
+                'security',
+                'guest',
+                'permissions',
+                0,
+            ]),
+        ]);
+    });
+    it('should throw an error on invalid guest inherited permissions', async () => {
+        const app = createTestApp();
+        app.security = {
+            guest: {
+                inherits: ['test'],
+            },
+            default: {
+                role: 'test',
+            },
+            roles: {
+                test: {
+                    permissions: ['$resource:person:own:get'],
+                },
+            },
+        };
+        const result = await validateAppDefinition(app, () => []);
+        expect(result.valid).toBe(false);
+        expect(result.errors).toStrictEqual([
+            new ValidationError('invalid security definition. Guest cannot inherit roles that contain own resource permissions', app, undefined, ['security', 'guest', 'inherits']),
+        ]);
+    });
 });
 //# sourceMappingURL=validation.test.js.map