npm - @budibase/backend-core - Versions diffs - 2.13.14 → 2.13.16 - Mend

@budibase/backend-core 2.13.14 → 2.13.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/index.js +302 -242
package/dist/index.js.map +3 -3
package/dist/index.js.meta.json +1 -1
package/dist/package.json +4 -4
package/dist/plugins.js.meta.json +1 -1
package/dist/src/auth/auth.js.map +1 -1
package/dist/src/configs/configs.js +3 -4
package/dist/src/configs/configs.js.map +1 -1
package/dist/src/constants/db.js.map +1 -1
package/dist/src/db/utils.js.map +1 -1
package/dist/src/docIds/conversions.js.map +1 -1
package/dist/src/events/processors/posthog/index.js.map +1 -1
package/dist/src/features/index.js.map +1 -1
package/dist/src/index.js.map +1 -1
package/dist/src/installation.js +2 -3
package/dist/src/installation.js.map +1 -1
package/dist/src/logging/correlation/correlation.js.map +1 -1
package/dist/src/logging/correlation/middleware.js.map +1 -1
package/dist/src/logging/pino/middleware.js.map +1 -1
package/dist/src/middleware/index.js.map +1 -1
package/dist/src/middleware/passport/sso/google.js.map +1 -1
package/dist/src/objectStore/objectStore.js.map +1 -1
package/dist/src/security/permissions.d.ts +1 -0
package/dist/src/security/permissions.js +2 -1
package/dist/src/security/permissions.js.map +1 -1
package/dist/src/security/roles.js +1 -2
package/dist/src/security/roles.js.map +1 -1
package/dist/src/security/sessions.js.map +1 -1
package/dist/src/users/db.d.ts +6 -1
package/dist/src/users/db.js +29 -8
package/dist/src/users/db.js.map +1 -1
package/dist/src/users/users.d.ts +14 -11
package/dist/src/users/users.js +200 -144
package/dist/src/users/users.js.map +1 -1
package/dist/src/utils/hashing.js.map +1 -1
package/dist/src/utils/utils.js.map +1 -1
package/dist/tests/core/utilities/mocks/alerts.js.map +1 -1
package/dist/tests/core/utilities/mocks/index.js.map +1 -1
package/dist/tests/core/utilities/structures/generator.js.map +1 -1
package/dist/tests/jestSetup.js.map +1 -1
package/package.json +4 -4
package/src/auth/auth.ts +2 -0
package/src/configs/configs.ts +3 -4
package/src/constants/db.ts +1 -0
package/src/db/utils.ts +1 -0
package/src/docIds/conversions.ts +1 -0
package/src/events/processors/posthog/index.ts +1 -0
package/src/events/processors/posthog/tests/PosthogProcessor.spec.ts +2 -0
package/src/features/index.ts +1 -0
package/src/index.ts +1 -0
package/src/installation.ts +1 -2
package/src/logging/correlation/correlation.ts +1 -0
package/src/logging/correlation/middleware.ts +1 -0
package/src/logging/pino/middleware.ts +3 -0
package/src/middleware/index.ts +1 -0
package/src/middleware/passport/sso/google.ts +1 -0
package/src/middleware/passport/sso/tests/google.spec.ts +1 -0
package/src/middleware/passport/sso/tests/sso.spec.ts +1 -0
package/src/middleware/tests/builder.spec.ts +1 -0
package/src/objectStore/objectStore.ts +1 -0
package/src/security/permissions.ts +1 -0
package/src/security/roles.ts +7 -2
package/src/security/sessions.ts +1 -0
package/src/users/db.ts +35 -14
package/src/users/users.ts +46 -16
package/src/utils/hashing.ts +1 -0
package/src/utils/utils.ts +1 -0
package/tests/core/utilities/mocks/alerts.ts +1 -0
package/tests/core/utilities/mocks/index.ts +1 -0
package/tests/core/utilities/structures/generator.ts +1 -0
package/tests/jestSetup.ts +1 -0

package/dist/index.js CHANGED Viewed

@@ -691,6 +691,7 @@ var init_permissions = __esm({
       PermissionType2["AUTOMATION"] = "automation";
       PermissionType2["WEBHOOK"] = "webhook";
       PermissionType2["BUILDER"] = "builder";
+      PermissionType2["CREATOR"] = "creator";
       PermissionType2["GLOBAL_BUILDER"] = "globalBuilder";
       PermissionType2["QUERY"] = "query";
       PermissionType2["VIEW"] = "view";
@@ -6672,9 +6673,11 @@ var getStatus = async () => {
 var users_exports3 = {};
 __export(users_exports3, {
   UserDB: () => UserDB,
+  addAppBuilder: () => addAppBuilder,
   bulkGetGlobalUsersById: () => bulkGetGlobalUsersById,
   bulkUpdateGlobalUsers: () => bulkUpdateGlobalUsers,
   cleanseUserObject: () => cleanseUserObject,
+  doesUserExist: () => doesUserExist,
   getAccountHolderFromUserIds: () => getAccountHolderFromUserIds,
   getAllUserIds: () => getAllUserIds,
   getById: () => getById,
@@ -6696,6 +6699,7 @@ __export(users_exports3, {
   isGlobalBuilder: () => isGlobalBuilder2,
   isSupportedUserSearch: () => isSupportedUserSearch,
   paginatedUsers: () => paginatedUsers,
+  removeAppBuilder: () => removeAppBuilder,
   removePortalUserPermissions: () => removePortalUserPermissions,
   searchExistingEmails: () => searchExistingEmails,
   searchGlobalUsersByApp: () => searchGlobalUsersByApp,
@@ -7306,12 +7310,14 @@ function getProdAppID2(appId) {
 // ../shared-core/src/sdk/documents/users.ts
 var users_exports2 = {};
 __export(users_exports2, {
+  canCreateApps: () => canCreateApps,
   containsUserID: () => containsUserID,
   getGlobalUserID: () => getGlobalUserID,
   hasAdminPermissions: () => hasAdminPermissions,
   hasAppBuilderPermissions: () => hasAppBuilderPermissions,
   hasAppCreatorPermissions: () => hasAppCreatorPermissions,
   hasBuilderPermissions: () => hasBuilderPermissions,
+  hasCreatorPermissions: () => hasCreatorPermissions,
   isAdmin: () => isAdmin,
   isAdminOrBuilder: () => isAdminOrBuilder,
   isAdminOrGlobalBuilder: () => isAdminOrGlobalBuilder,
@@ -7335,6 +7341,9 @@ function isBuilder(user, appId) {
 function isGlobalBuilder(user) {
   return isBuilder(user) && !hasAppBuilderPermissions(user) || isAdmin(user);
 }
+function canCreateApps(user) {
+  return isGlobalBuilder(user) || hasCreatorPermissions(user);
+}
 function isAdmin(user) {
   if (!user) {
     return false;
@@ -7362,7 +7371,7 @@ function hasAppCreatorPermissions(user) {
   return _.flow(
     _.get("roles"),
     _.values,
-    _.find((x) => ["CREATOR", "ADMIN"].includes(x)),
+    _.find((x) => x === "CREATOR"),
     (x) => !!x
   )(user);
 }
@@ -7370,7 +7379,7 @@ function hasBuilderPermissions(user) {
   if (!user) {
     return false;
   }
-  return user.builder?.global || hasAppBuilderPermissions(user);
+  return user.builder?.global || hasAppBuilderPermissions(user) || hasCreatorPermissions(user);
 }
 function hasAdminPermissions(user) {
   if (!user) {
@@ -7378,11 +7387,17 @@ function hasAdminPermissions(user) {
   }
   return !!user.admin?.global;
 }
+function hasCreatorPermissions(user) {
+  if (!user) {
+    return false;
+  }
+  return !!user.builder?.creator;
+}
 function isCreator(user) {
   if (!user) {
     return false;
   }
-  return isGlobalBuilder(user) || hasAdminPermissions(user) || hasAppBuilderPermissions(user) || hasAppCreatorPermissions(user);
+  return isGlobalBuilder(user) || hasAdminPermissions(user) || hasCreatorPermissions(user) || hasAppBuilderPermissions(user) || hasAppCreatorPermissions(user);
 }
 function getGlobalUserID(userId) {
   if (typeof userId !== "string") {
@@ -7477,239 +7492,6 @@ async function getAccountHolderFromUserIds(userIds) {
   }
 }
-// src/users/users.ts
-function removeUserPassword(users) {
-  if (Array.isArray(users)) {
-    return users.map((user) => {
-      if (user) {
-        delete user.password;
-        return user;
-      }
-    });
-  } else if (users) {
-    delete users.password;
-    return users;
-  }
-  return users;
-}
-var isSupportedUserSearch = (query) => {
-  const allowed = [
-    { op: "string" /* STRING */, key: "email" },
-    { op: "equal" /* EQUAL */, key: "_id" }
-  ];
-  for (let [key, operation] of Object.entries(query)) {
-    if (typeof operation !== "object") {
-      return false;
-    }
-    const fields = Object.keys(operation || {});
-    if (fields.length === 0) {
-      continue;
-    }
-    const allowedOperation = allowed.find(
-      (allow) => allow.op === key && fields.length === 1 && fields[0] === allow.key
-    );
-    if (!allowedOperation) {
-      return false;
-    }
-  }
-  return true;
-};
-var bulkGetGlobalUsersById = async (userIds, opts) => {
-  const db = getGlobalDB();
-  let users = (await db.allDocs({
-    keys: userIds,
-    include_docs: true
-  })).rows.map((row) => row.doc);
-  if (opts?.cleanup) {
-    users = removeUserPassword(users);
-  }
-  return users;
-};
-var getAllUserIds = async () => {
-  const db = getGlobalDB();
-  const startKey = `${"us" /* USER */}${SEPARATOR}`;
-  const response = await db.allDocs({
-    startkey: startKey,
-    endkey: `${startKey}${UNICODE_MAX}`
-  });
-  return response.rows.map((row) => row.id);
-};
-var bulkUpdateGlobalUsers = async (users) => {
-  const db = getGlobalDB();
-  return await db.bulkDocs(users);
-};
-async function getById(id, opts) {
-  const db = getGlobalDB();
-  let user = await db.get(id);
-  if (opts?.cleanup) {
-    user = removeUserPassword(user);
-  }
-  return user;
-}
-var getGlobalUserByEmail = async (email, opts) => {
-  if (email == null) {
-    throw "Must supply an email address to view";
-  }
-  const response = await queryGlobalView("by_email2" /* USER_BY_EMAIL */, {
-    key: email.toLowerCase(),
-    include_docs: true
-  });
-  if (Array.isArray(response)) {
-    throw new Error(`Multiple users found with email address: ${email}`);
-  }
-  let user = response;
-  if (opts?.cleanup) {
-    user = removeUserPassword(user);
-  }
-  return user;
-};
-var searchGlobalUsersByApp = async (appId, opts, getOpts) => {
-  if (typeof appId !== "string") {
-    throw new Error("Must provide a string based app ID");
-  }
-  const params2 = getUsersByAppParams(appId, {
-    include_docs: true
-  });
-  params2.startkey = opts && opts.startkey ? opts.startkey : params2.startkey;
-  let response = await queryGlobalView("by_app" /* USER_BY_APP */, params2);
-  if (!response) {
-    response = [];
-  }
-  let users = Array.isArray(response) ? response : [response];
-  if (getOpts?.cleanup) {
-    users = removeUserPassword(users);
-  }
-  return users;
-};
-var searchGlobalUsersByAppAccess = async (appId, opts) => {
-  const roleSelector = `roles.${appId}`;
-  let orQuery = [
-    {
-      "builder.global": true
-    },
-    {
-      "admin.global": true
-    }
-  ];
-  if (appId) {
-    const roleCheck = {
-      [roleSelector]: {
-        $exists: true
-      }
-    };
-    orQuery.push(roleCheck);
-  }
-  let searchOptions = {
-    selector: {
-      $or: orQuery,
-      _id: {
-        $regex: "^us_"
-      }
-    },
-    limit: opts?.limit || 50
-  };
-  const resp = await directCouchFind(getGlobalDBName(), searchOptions);
-  return resp.rows;
-};
-var getGlobalUserByAppPage = (appId, user) => {
-  if (!user) {
-    return;
-  }
-  return generateAppUserID(getProdAppID(appId), user._id);
-};
-var searchGlobalUsersByEmail = async (email, opts, getOpts) => {
-  if (typeof email !== "string") {
-    throw new Error("Must provide a string to search by");
-  }
-  const lcEmail = email.toLowerCase();
-  const startkey = opts && opts.startkey ? opts.startkey : lcEmail;
-  let response = await queryGlobalView("by_email2" /* USER_BY_EMAIL */, {
-    ...opts,
-    startkey,
-    endkey: `${lcEmail}${UNICODE_MAX}`
-  });
-  if (!response) {
-    response = [];
-  }
-  let users = Array.isArray(response) ? response : [response];
-  if (getOpts?.cleanup) {
-    users = removeUserPassword(users);
-  }
-  return users;
-};
-var PAGE_LIMIT = 8;
-var paginatedUsers = async ({
-  bookmark,
-  query,
-  appId,
-  limit
-} = {}) => {
-  const db = getGlobalDB();
-  const pageSize = limit ?? PAGE_LIMIT;
-  const pageLimit = pageSize + 1;
-  const opts = {
-    include_docs: true,
-    limit: pageLimit
-  };
-  if (bookmark) {
-    opts.startkey = bookmark;
-  }
-  let userList, property = "_id", getKey;
-  if (query?.equal?._id) {
-    userList = [await getById(query.equal._id)];
-  } else if (appId) {
-    userList = await searchGlobalUsersByApp(appId, opts);
-    getKey = (doc) => getGlobalUserByAppPage(appId, doc);
-  } else if (query?.string?.email) {
-    userList = await searchGlobalUsersByEmail(query?.string?.email, opts);
-    property = "email";
-  } else {
-    const response = await db.allDocs(getGlobalUserParams(null, opts));
-    userList = response.rows.map((row) => row.doc);
-  }
-  return pagination(userList, pageSize, {
-    paginate: true,
-    property,
-    getKey
-  });
-};
-async function getUserCount() {
-  const response = await queryGlobalViewRaw("by_email2" /* USER_BY_EMAIL */, {
-    limit: 0,
-    // to be as fast as possible - we just want the total rows count
-    include_docs: false
-  });
-  return response.total_rows;
-}
-async function getCreatorCount() {
-  let creators = 0;
-  async function iterate(startPage) {
-    const page = await paginatedUsers({ bookmark: startPage });
-    creators += page.data.filter(isCreator2).length;
-    if (page.hasNextPage) {
-      await iterate(page.nextPage);
-    }
-  }
-  await iterate();
-  return creators;
-}
-function removePortalUserPermissions(user) {
-  delete user.admin;
-  delete user.builder;
-  return user;
-}
-function cleanseUserObject(user, base) {
-  delete user.admin;
-  delete user.builder;
-  delete user.roles;
-  if (base) {
-    user.admin = base.admin;
-    user.builder = base.builder;
-    user.roles = base.roles;
-  }
-  return user;
-}
 // src/users/db.ts
 init_environment2();
@@ -8425,7 +8207,6 @@ __export(installation_exports, {
   getInstallFromDB: () => getInstallFromDB
 });
 init_db4();
-init_db4();
 init_src();
 init_context2();
 var import_semver = __toESM(require("semver"));
@@ -10486,9 +10267,6 @@ var UserDB = class _UserDB {
     if (!email && !_id) {
       throw new Error("_id or email is required");
     }
-    if (user.builder?.apps?.length && !await _UserDB.features.isAppBuildersEnabled()) {
-      throw new Error("Unable to update app builders, please check license");
-    }
     let dbUser;
     if (_id) {
       try {
@@ -10697,6 +10475,29 @@ var UserDB = class _UserDB {
     await user_exports.invalidateUser(userId);
     await invalidateSessions(userId, { reason: "deletion" });
   }
+  static async createAdminUser(email, password, tenantId, opts) {
+    const user = {
+      email,
+      password,
+      createdAt: Date.now(),
+      roles: {},
+      builder: {
+        global: true
+      },
+      admin: {
+        global: true
+      },
+      tenantId
+    };
+    if (opts?.ssoId) {
+      user.ssoId = opts.ssoId;
+    }
+    await bustCache("checklist" /* CHECKLIST */);
+    return await _UserDB.save(user, {
+      hashPassword: opts?.hashPassword,
+      requirePassword: opts?.requirePassword
+    });
+  }
   static async getGroups(groupIds) {
     return await this.groups.getBulk(groupIds);
   }
@@ -10705,6 +10506,265 @@ var UserDB = class _UserDB {
   }
 };
+// src/users/users.ts
+function removeUserPassword(users) {
+  if (Array.isArray(users)) {
+    return users.map((user) => {
+      if (user) {
+        delete user.password;
+        return user;
+      }
+    });
+  } else if (users) {
+    delete users.password;
+    return users;
+  }
+  return users;
+}
+function isSupportedUserSearch(query) {
+  const allowed = [
+    { op: "string" /* STRING */, key: "email" },
+    { op: "equal" /* EQUAL */, key: "_id" }
+  ];
+  for (let [key, operation] of Object.entries(query)) {
+    if (typeof operation !== "object") {
+      return false;
+    }
+    const fields = Object.keys(operation || {});
+    if (fields.length === 0) {
+      continue;
+    }
+    const allowedOperation = allowed.find(
+      (allow) => allow.op === key && fields.length === 1 && fields[0] === allow.key
+    );
+    if (!allowedOperation) {
+      return false;
+    }
+  }
+  return true;
+}
+async function bulkGetGlobalUsersById(userIds, opts) {
+  const db = getGlobalDB();
+  let users = (await db.allDocs({
+    keys: userIds,
+    include_docs: true
+  })).rows.map((row) => row.doc);
+  if (opts?.cleanup) {
+    users = removeUserPassword(users);
+  }
+  return users;
+}
+async function getAllUserIds() {
+  const db = getGlobalDB();
+  const startKey = `${"us" /* USER */}${SEPARATOR}`;
+  const response = await db.allDocs({
+    startkey: startKey,
+    endkey: `${startKey}${UNICODE_MAX}`
+  });
+  return response.rows.map((row) => row.id);
+}
+async function bulkUpdateGlobalUsers(users) {
+  const db = getGlobalDB();
+  return await db.bulkDocs(users);
+}
+async function getById(id, opts) {
+  const db = getGlobalDB();
+  let user = await db.get(id);
+  if (opts?.cleanup) {
+    user = removeUserPassword(user);
+  }
+  return user;
+}
+async function getGlobalUserByEmail(email, opts) {
+  if (email == null) {
+    throw "Must supply an email address to view";
+  }
+  const response = await queryGlobalView("by_email2" /* USER_BY_EMAIL */, {
+    key: email.toLowerCase(),
+    include_docs: true
+  });
+  if (Array.isArray(response)) {
+    throw new Error(`Multiple users found with email address: ${email}`);
+  }
+  let user = response;
+  if (opts?.cleanup) {
+    user = removeUserPassword(user);
+  }
+  return user;
+}
+async function doesUserExist(email) {
+  try {
+    const user = await getGlobalUserByEmail(email);
+    if (Array.isArray(user) || user != null) {
+      return true;
+    }
+  } catch (err) {
+    return false;
+  }
+  return false;
+}
+async function searchGlobalUsersByApp(appId, opts, getOpts) {
+  if (typeof appId !== "string") {
+    throw new Error("Must provide a string based app ID");
+  }
+  const params2 = getUsersByAppParams(appId, {
+    include_docs: true
+  });
+  params2.startkey = opts && opts.startkey ? opts.startkey : params2.startkey;
+  let response = await queryGlobalView("by_app" /* USER_BY_APP */, params2);
+  if (!response) {
+    response = [];
+  }
+  let users = Array.isArray(response) ? response : [response];
+  if (getOpts?.cleanup) {
+    users = removeUserPassword(users);
+  }
+  return users;
+}
+async function searchGlobalUsersByAppAccess(appId, opts) {
+  const roleSelector = `roles.${appId}`;
+  let orQuery = [
+    {
+      "builder.global": true
+    },
+    {
+      "admin.global": true
+    }
+  ];
+  if (appId) {
+    const roleCheck = {
+      [roleSelector]: {
+        $exists: true
+      }
+    };
+    orQuery.push(roleCheck);
+  }
+  let searchOptions = {
+    selector: {
+      $or: orQuery,
+      _id: {
+        $regex: "^us_"
+      }
+    },
+    limit: opts?.limit || 50
+  };
+  const resp = await directCouchFind(getGlobalDBName(), searchOptions);
+  return resp.rows;
+}
+function getGlobalUserByAppPage(appId, user) {
+  if (!user) {
+    return;
+  }
+  return generateAppUserID(getProdAppID(appId), user._id);
+}
+async function searchGlobalUsersByEmail(email, opts, getOpts) {
+  if (typeof email !== "string") {
+    throw new Error("Must provide a string to search by");
+  }
+  const lcEmail = email.toLowerCase();
+  const startkey = opts && opts.startkey ? opts.startkey : lcEmail;
+  let response = await queryGlobalView("by_email2" /* USER_BY_EMAIL */, {
+    ...opts,
+    startkey,
+    endkey: `${lcEmail}${UNICODE_MAX}`
+  });
+  if (!response) {
+    response = [];
+  }
+  let users = Array.isArray(response) ? response : [response];
+  if (getOpts?.cleanup) {
+    users = removeUserPassword(users);
+  }
+  return users;
+}
+var PAGE_LIMIT = 8;
+async function paginatedUsers({
+  bookmark,
+  query,
+  appId,
+  limit
+} = {}) {
+  const db = getGlobalDB();
+  const pageSize = limit ?? PAGE_LIMIT;
+  const pageLimit = pageSize + 1;
+  const opts = {
+    include_docs: true,
+    limit: pageLimit
+  };
+  if (bookmark) {
+    opts.startkey = bookmark;
+  }
+  let userList, property = "_id", getKey;
+  if (query?.equal?._id) {
+    userList = [await getById(query.equal._id)];
+  } else if (appId) {
+    userList = await searchGlobalUsersByApp(appId, opts);
+    getKey = (doc) => getGlobalUserByAppPage(appId, doc);
+  } else if (query?.string?.email) {
+    userList = await searchGlobalUsersByEmail(query?.string?.email, opts);
+    property = "email";
+  } else {
+    const response = await db.allDocs(getGlobalUserParams(null, opts));
+    userList = response.rows.map((row) => row.doc);
+  }
+  return pagination(userList, pageSize, {
+    paginate: true,
+    property,
+    getKey
+  });
+}
+async function getUserCount() {
+  const response = await queryGlobalViewRaw("by_email2" /* USER_BY_EMAIL */, {
+    limit: 0,
+    // to be as fast as possible - we just want the total rows count
+    include_docs: false
+  });
+  return response.total_rows;
+}
+async function getCreatorCount() {
+  let creators = 0;
+  async function iterate(startPage) {
+    const page = await paginatedUsers({ bookmark: startPage });
+    creators += page.data.filter(isCreator2).length;
+    if (page.hasNextPage) {
+      await iterate(page.nextPage);
+    }
+  }
+  await iterate();
+  return creators;
+}
+function removePortalUserPermissions(user) {
+  delete user.admin;
+  delete user.builder;
+  return user;
+}
+function cleanseUserObject(user, base) {
+  delete user.admin;
+  delete user.builder;
+  delete user.roles;
+  if (base) {
+    user.admin = base.admin;
+    user.builder = base.builder;
+    user.roles = base.roles;
+  }
+  return user;
+}
+async function addAppBuilder(user, appId) {
+  const prodAppId = getProdAppID(appId);
+  user.builder ??= {};
+  user.builder.creator = true;
+  user.builder.apps ??= [];
+  user.builder.apps.push(prodAppId);
+  await UserDB.save(user, { hashPassword: false });
+}
+async function removeAppBuilder(user, appId) {
+  const prodAppId = getProdAppID(appId);
+  if (user.builder && user.builder.apps?.includes(prodAppId)) {
+    user.builder.apps = user.builder.apps.filter((id) => id !== prodAppId);
+  }
+  await UserDB.save(user, { hashPassword: false });
+}
 // src/cache/user.ts
 var EXPIRY_SECONDS3 = 3600;
 async function populateFromDB2(userId, tenantId) {
@@ -10934,7 +10994,6 @@ async function getCode2(code) {
 // src/configs/configs.ts
 init_context2();
 init_environment2();
-init_environment2();
 function generateConfigID(type) {
   return `${"config" /* CONFIG */}${SEPARATOR}${type}`;
 }
@@ -11301,6 +11360,7 @@ __export(permissions_exports, {
   BUILDER: () => BUILDER,
   BUILTIN_PERMISSIONS: () => BUILTIN_PERMISSIONS,
   BuiltinPermissionID: () => BuiltinPermissionID,
+  CREATOR: () => CREATOR,
   GLOBAL_BUILDER: () => GLOBAL_BUILDER,
   Permission: () => Permission,
   PermissionLevel: () => PermissionLevel,
@@ -11441,12 +11501,12 @@ function isPermissionLevelHigherThanRead(level) {
   return levelToNumber(level) > 1;
 }
 var BUILDER = "builder" /* BUILDER */;
+var CREATOR = "creator" /* CREATOR */;
 var GLOBAL_BUILDER = "globalBuilder" /* GLOBAL_BUILDER */;
 // src/security/roles.ts
 init_db4();
 init_context2();
-init_db4();
 var import_cloneDeep2 = __toESM(require("lodash/fp/cloneDeep"));
 var BUILTIN_ROLE_IDS = {
   ADMIN: "ADMIN",