@axium/core 0.22.1 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/access.d.ts +24 -5
  2. package/dist/access.js +38 -4
  3. package/dist/api.d.ts +4 -4
  4. package/dist/format.js +1 -1
  5. package/package.json +1 -1
package/dist/access.d.ts CHANGED
@@ -1,5 +1,6 @@
1
- import * as z from 'zod';
2
1
  import { type Omit } from 'utilium';
2
+ import * as z from 'zod';
3
+ import { UserPublic } from './user.js';
3
4
  export declare const AccessControl: z.ZodObject<{
4
5
  itemId: z.ZodUUID;
5
6
  userId: z.ZodOptional<z.ZodNullable<z.ZodUUID>>;
@@ -25,19 +26,37 @@ export declare const AccessControl: z.ZodObject<{
25
26
  export interface AccessControl extends z.infer<typeof AccessControl> {
26
27
  }
27
28
  export declare function getTarget(ac: AccessControl): AccessTarget;
28
- export declare function fromTarget(target: AccessTarget): Partial<Pick<AccessControl, 'userId' | 'role' | 'tag'>>;
29
- export declare function pickPermissions<T extends AccessControl & object>(ac: T): Omit<T, 'itemId' | 'userId' | 'role' | 'tag' | 'user' | 'createdAt'>;
29
+ export declare function fromTarget(target: AccessTarget): Pick<AccessControl, 'userId' | 'role' | 'tag'>;
30
+ export declare function controlMatchesUser(control: AccessControl, user?: Pick<UserPublic, 'id' | 'roles' | 'tags'>): boolean;
31
+ type NonPermKeys = keyof (typeof AccessControl)['shape'];
32
+ export type PickPermissions<T extends AccessControl> = Omit<T, NonPermKeys>;
33
+ export declare function pickPermissions<T extends AccessControl>(ac: T): PickPermissions<T>;
34
+ /**
35
+ * Check an ACL against a set of permissions.
36
+ * Returns the set of permissions that are missing.
37
+ */
38
+ export declare function checkACL<const AC extends AccessControl>(acl: AC[], permissions: Partial<PickPermissions<AC>>): Set<keyof PickPermissions<AC>>;
39
+ /**
40
+ * Check an ACL against a set of permissions and a user.
41
+ * Returns the set of permissions that are missing for the user.
42
+ */
43
+ export declare function checkAndMatchACL<const AC extends AccessControl>(acl: AC[], user: Pick<UserPublic, 'id' | 'roles' | 'tags'>, permissions: Partial<PickPermissions<AC>>): Set<keyof PickPermissions<AC>>;
30
44
  export interface AccessControllable {
31
45
  id: string;
32
46
  userId: string;
33
47
  parentId?: string | null;
34
48
  acl?: AccessControl[];
35
49
  }
36
- export declare const AccessTarget: z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<"public">]>;
50
+ export declare const AccessTarget: z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<null>]>;
51
+ /**
52
+ * A primitive representation for the target of an access control.
53
+ *
54
+ */
37
55
  export type AccessTarget = z.infer<typeof AccessTarget>;
38
56
  export declare const AccessControlUpdate: z.ZodObject<{
39
- target: z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<"public">]>;
57
+ target: z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<null>]>;
40
58
  permissions: z.ZodRecord<z.ZodString, z.ZodAny>;
41
59
  }, z.core.$strip>;
42
60
  export interface AccessControlUpdate extends z.infer<typeof AccessControlUpdate> {
43
61
  }
62
+ export {};
package/dist/access.js CHANGED
@@ -1,6 +1,6 @@
1
+ import { omit } from 'utilium';
1
2
  import * as z from 'zod';
2
3
  import { UserPublic } from './user.js';
3
- import { omit } from 'utilium';
4
4
  export const AccessControl = z
5
5
  .object({
6
6
  itemId: z.uuid(),
@@ -18,10 +18,10 @@ export function getTarget(ac) {
18
18
  return '@' + ac.role;
19
19
  if (ac.tag)
20
20
  return '#' + ac.tag;
21
- return 'public';
21
+ return null;
22
22
  }
23
23
  export function fromTarget(target) {
24
- if (target == 'public')
24
+ if (target == null)
25
25
  return { userId: null, role: null, tag: null };
26
26
  if (target[0] == '@')
27
27
  return { userId: null, role: target.slice(1), tag: null };
@@ -29,14 +29,48 @@ export function fromTarget(target) {
29
29
  return { userId: null, role: null, tag: target.slice(1) };
30
30
  return { userId: target, role: null, tag: null };
31
31
  }
32
+ export function controlMatchesUser(control, user) {
33
+ if (!control.role && !control.tag && !control.userId)
34
+ return true;
35
+ if (!user)
36
+ return false;
37
+ return !!(control.userId === user.id ||
38
+ (control.role && user.roles.includes(control.role)) ||
39
+ (control.tag && user.tags?.includes(control.tag)));
40
+ }
32
41
  export function pickPermissions(ac) {
33
42
  return omit(ac, 'itemId', 'userId', 'role', 'tag', 'user', 'createdAt');
34
43
  }
44
+ /**
45
+ * Check an ACL against a set of permissions.
46
+ * Returns the set of permissions that are missing.
47
+ */
48
+ export function checkACL(acl, permissions) {
49
+ const allowed = new Set();
50
+ const all = new Set(Object.keys(permissions));
51
+ const entries = Object.entries(permissions);
52
+ for (const control of acl) {
53
+ for (const [key, needed] of entries) {
54
+ const value = control[key];
55
+ if (value === needed)
56
+ allowed.add(key);
57
+ }
58
+ }
59
+ return all.difference(allowed);
60
+ }
61
+ /**
62
+ * Check an ACL against a set of permissions and a user.
63
+ * Returns the set of permissions that are missing for the user.
64
+ */
65
+ export function checkAndMatchACL(acl, user, permissions) {
66
+ const filtered = acl.filter(c => controlMatchesUser(c, user));
67
+ return checkACL(filtered, permissions);
68
+ }
35
69
  export const AccessTarget = z.union([
36
70
  z.uuid(),
37
71
  z.templateLiteral(['@', z.string()]),
38
72
  z.templateLiteral(['#', z.string()]),
39
- z.literal('public'),
73
+ z.literal(null),
40
74
  ]);
41
75
  export const AccessControlUpdate = z.object({
42
76
  target: AccessTarget,
package/dist/api.d.ts CHANGED
@@ -434,7 +434,7 @@ declare const _API: {
434
434
  createdAt: z.ZodCoercedDate<unknown>;
435
435
  }, z.core.$catchall<z.ZodBoolean>>>;
436
436
  readonly PATCH: [z.ZodObject<{
437
- target: z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<"public">]>;
437
+ target: z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<null>]>;
438
438
  permissions: z.ZodRecord<z.ZodString, z.ZodAny>;
439
439
  }, z.core.$strip>, z.ZodObject<{
440
440
  itemId: z.ZodUUID;
@@ -458,7 +458,7 @@ declare const _API: {
458
458
  }, z.core.$strip>>>;
459
459
  createdAt: z.ZodCoercedDate<unknown>;
460
460
  }, z.core.$catchall<z.ZodBoolean>>];
461
- readonly PUT: [z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<"public">]>, z.ZodObject<{
461
+ readonly PUT: [z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<null>]>, z.ZodObject<{
462
462
  itemId: z.ZodUUID;
463
463
  userId: z.ZodOptional<z.ZodNullable<z.ZodUUID>>;
464
464
  role: z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -480,7 +480,7 @@ declare const _API: {
480
480
  }, z.core.$strip>>>;
481
481
  createdAt: z.ZodCoercedDate<unknown>;
482
482
  }, z.core.$catchall<z.ZodBoolean>>];
483
- readonly DELETE: [z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<"public">]>, z.ZodObject<{
483
+ readonly DELETE: [z.ZodUnion<readonly [z.ZodUUID, z.ZodTemplateLiteral<`@${string}`>, z.ZodTemplateLiteral<`#${string}`>, z.ZodLiteral<null>]>, z.ZodObject<{
484
484
  itemId: z.ZodUUID;
485
485
  userId: z.ZodOptional<z.ZodNullable<z.ZodUUID>>;
486
486
  role: z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -601,9 +601,9 @@ declare const _API: {
601
601
  hooks: z.ZodOptional<z.ZodString>;
602
602
  integrations: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
603
603
  }, z.core.$strip>>;
604
+ description: z.ZodOptional<z.ZodString>;
604
605
  version: z.ZodString;
605
606
  cli: z.ZodOptional<z.ZodString>;
606
- description: z.ZodOptional<z.ZodString>;
607
607
  apps: z.ZodOptional<z.ZodArray<z.ZodObject<{
608
608
  id: z.ZodString;
609
609
  name: z.ZodOptional<z.ZodString>;
package/dist/format.js CHANGED
@@ -8,7 +8,7 @@ export function formatDateRange(date) {
8
8
  export function formatBytes(bytes) {
9
9
  const units = ['B', 'KB', 'MB', 'GB', 'TB'];
10
10
  const i = bytes == 0n ? 0 : Math.floor((bytes.toString(10).length - 1) / 3);
11
- const value = bytes == 0n ? 0 : Number(bytes / 1000n ** BigInt(i));
11
+ const value = bytes == 0n ? 0 : Number(bytes) / Math.pow(1000, i);
12
12
  return `${Number.isInteger(value) ? value : value.toFixed(2)} ${units[i]}`;
13
13
  }
14
14
  export default {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axium/core",
3
- "version": "0.22.1",
3
+ "version": "0.23.0",
4
4
  "author": "James Prevett <axium@jamespre.dev>",
5
5
  "funding": {
6
6
  "type": "individual",