@byline/admin 2.3.3 → 2.4.1

package/dist/modules/admin-account/components/update_module.css

@@ -0,0 +1,27 @@
+:is(.wrap-d0Vkmj, .byline-account-update-wrap) {
+  gap: var(--spacing-8);
+  padding: var(--spacing-4);
+  margin-top: var(--spacing-4);
+  flex-direction: column;
+  display: flex;
+}
+
+:is(.form-VjOmD9, .byline-account-update-form) {
+  gap: var(--spacing-16);
+  padding-top: var(--spacing-8);
+  flex-direction: column;
+  display: flex;
+}
+
+:is(.actions-QYTC9w, .byline-account-update-actions) {
+  justify-content: flex-end;
+  align-items: center;
+  gap: var(--spacing-8);
+  margin-top: var(--spacing-16);
+  display: flex;
+}
+
+:is(.action-Qs2VUY, .byline-account-update-action) {
+  min-width: 4rem;
+}
+

package/dist/modules/admin-account/errors.js

@@ -1,51 +1,20 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-/**
- * Module-local error codes for admin-account self-service.
- *
- * Same `code + factory` shape as the other admin modules. The codes are
- * prefixed `admin.account.*` so they sort alongside any future
- * `admin.account` ability keys (today there are none — self-service is
- * gated only by "you must be authenticated and you can only act on
- * yourself") and so transport layers can branch on them distinctly
- * from `admin.users.*`. Note that `admin.users.versionConflict` and
- * `admin.users.emailInUse` are also reachable here because the service
- * delegates to `AdminUsersRepository.update` / `setPasswordHash`; both
- * are deliberately surfaced unmodified so the UI sees a single error
- * code per condition.
- */
-export const AdminAccountErrorCodes = {
+const AdminAccountErrorCodes = {
     NOT_FOUND: 'admin.account.notFound',
-    INVALID_CURRENT_PASSWORD: 'admin.account.invalidCurrentPassword',
+    INVALID_CURRENT_PASSWORD: 'admin.account.invalidCurrentPassword'
 };
-export class AdminAccountError extends Error {
-    code;
-    constructor(code, options) {
-        super(options.message, options.cause != null ? { cause: options.cause } : undefined);
+class AdminAccountError extends Error {
+    constructor(code, options){
+        super(options.message, null != options.cause ? {
+            cause: options.cause
+        } : void 0);
         this.name = 'AdminAccountError';
         this.code = code;
     }
 }
-const make = (code, defaultMessage) => (options) => new AdminAccountError(code, {
-    message: options?.message ?? defaultMessage,
-    cause: options?.cause,
-});
-/**
- * The actor's admin-user id no longer resolves to a row. Typically
- * means the session refers to a user that has been deleted out of band
- * — the transport handler should clear cookies and redirect to
- * sign-in.
- */
-export const ERR_ADMIN_ACCOUNT_NOT_FOUND = make(AdminAccountErrorCodes.NOT_FOUND, 'admin account not found');
-/**
- * The supplied current password did not verify against the stored hash.
- * Returned for the change-password flow — message is intentionally
- * generic so it can be surfaced verbatim to end users without leaking
- * timing or existence signals.
- */
-export const ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD = make(AdminAccountErrorCodes.INVALID_CURRENT_PASSWORD, 'current password is incorrect');
+const make = (code, defaultMessage)=>(options)=>new AdminAccountError(code, {
+            message: options?.message ?? defaultMessage,
+            cause: options?.cause
+        });
+const ERR_ADMIN_ACCOUNT_NOT_FOUND = make(AdminAccountErrorCodes.NOT_FOUND, 'admin account not found');
+const ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD = make(AdminAccountErrorCodes.INVALID_CURRENT_PASSWORD, 'current password is incorrect');
+export { AdminAccountError, AdminAccountErrorCodes, ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD, ERR_ADMIN_ACCOUNT_NOT_FOUND };

package/dist/modules/admin-account/index.js

@@ -1,34 +1,4 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-/**
- * `@byline/admin/admin-account` — self-service surfaces for the currently
- * signed-in admin user.
- *
- * Distinct from `@byline/admin/admin-users` in two ways:
- *
- *   1. The actor IS the target. Commands take no `id` field — the
- *      target is sourced from `actor.id` on the authenticated
- *      `RequestContext`. There is no way at the command surface to
- *      ask "operate on someone else."
- *   2. There is no ability gate. The other admin modules use
- *      `assertAdminActor(context, ability)`; this module uses
- *      `requireAdminActor(context)` — authn-only. "Anyone may change
- *      their own password" is the policy.
- *
- * Reuses `AdminUsersRepository` from `@byline/admin/admin-users` rather
- * than introducing a parallel repo — the table is the same and the
- * narrower self-service surface is structural rather than physical.
- *
- * Active-session listing / revocation is intentionally not included
- * yet — that depends on `RefreshTokensRepository` semantics and a
- * "sign out everywhere on password change" follow-up.
- */
-export { changeAccountPasswordCommand, getAccountCommand, updateAccountCommand, } from './commands.js';
-export { AdminAccountError, AdminAccountErrorCodes, ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD, ERR_ADMIN_ACCOUNT_NOT_FOUND, } from './errors.js';
-export { accountResponseSchema, changeAccountPasswordRequestSchema, getAccountRequestSchema, okResponseSchema, updateAccountRequestSchema, } from './schemas.js';
-export { AdminAccountService } from './service.js';
+export { changeAccountPasswordCommand, getAccountCommand, updateAccountCommand } from "./commands.js";
+export { AdminAccountError, AdminAccountErrorCodes, ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD, ERR_ADMIN_ACCOUNT_NOT_FOUND } from "./errors.js";
+export { accountResponseSchema, changeAccountPasswordRequestSchema, getAccountRequestSchema, okResponseSchema, updateAccountRequestSchema } from "./schemas.js";
+export { AdminAccountService } from "./service.js";

package/dist/modules/admin-account/schemas.js

@@ -1,68 +1,34 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-/**
- * Zod schemas for the admin-account commands.
- *
- * Self-service is intentionally narrower than admin-users:
- *
- *   - The actor IS the target. None of the request schemas accept an
- *     `id` field — the command resolves the target from
- *     `actor.id`. Persisting `id` in the request shape would
- *     immediately invite "but what if I pass someone else's id?"
- *     mistakes downstream.
- *   - The update patch excludes `is_super_admin`, `is_enabled`, and
- *     `is_email_verified`. Self-service must never let a user grant
- *     themselves super-admin or flip their own enabled state. Those
- *     fields stay editable through the admin-users module by an admin
- *     who holds the relevant ability.
- *   - `changePassword` requires the *current* password as a defence
- *     against session-hijack abuse: an attacker with a stolen session
- *     cookie still needs the password they don't have to swap it out.
- *
- * The response shape is the same as `adminUserResponseSchema` so the
- * admin-account UI and the admin-users UI render the same row shape
- * — re-exported here for convenience.
- */
-import { passwordSchema } from '@byline/core/validation';
-import { z } from 'zod';
-import { adminUserResponseSchema, okResponseSchema } from '../admin-users/schemas.js';
-const vidSchema = z
-    .number({ message: 'vid is required' })
-    .int({ message: 'vid must be an integer' })
-    .positive({ message: 'vid must be positive' });
-const emailSchema = z
-    .email({ message: 'email must be a valid address' })
-    .min(3)
-    .max(254)
-    .transform((v) => v.toLowerCase());
+import { passwordSchema } from "@byline/core/validation";
+import { z } from "zod";
+const vidSchema = z.number({
+    message: 'vid is required'
+}).int({
+    message: 'vid must be an integer'
+}).positive({
+    message: 'vid must be positive'
+});
+const emailSchema = z.email({
+    message: 'email must be a valid address'
+}).min(3).max(254).transform((v)=>v.toLowerCase());
 const nameSchema = z.string().min(1).max(100);
-// ---------------------------------------------------------------------------
-// Requests
-// ---------------------------------------------------------------------------
-/** No payload — target is the actor on context. */
-export const getAccountRequestSchema = z.object({}).strict();
-export const updateAccountRequestSchema = z.object({
+const getAccountRequestSchema = z.object({}).strict();
+const updateAccountRequestSchema = z.object({
     vid: vidSchema,
-    patch: z
-        .object({
+    patch: z.object({
         email: emailSchema.optional(),
         given_name: nameSchema.nullish(),
         family_name: nameSchema.nullish(),
-        username: z.string().min(1).max(100).nullish(),
+        username: z.string().min(1).max(100).nullish()
+    }).refine((p)=>Object.keys(p).length > 0, {
+        message: 'patch cannot be empty'
     })
-        .refine((p) => Object.keys(p).length > 0, { message: 'patch cannot be empty' }),
 });
-export const changeAccountPasswordRequestSchema = z.object({
+const changeAccountPasswordRequestSchema = z.object({
     vid: vidSchema,
-    currentPassword: z.string().min(1, { message: 'current password is required' }),
-    newPassword: passwordSchema,
+    currentPassword: z.string().min(1, {
+        message: 'current password is required'
+    }),
+    newPassword: passwordSchema
 });
-// ---------------------------------------------------------------------------
-// Responses (re-exports — same shape as the admin-users module)
-// ---------------------------------------------------------------------------
-export { adminUserResponseSchema as accountResponseSchema, okResponseSchema };
+export { adminUserResponseSchema as accountResponseSchema, okResponseSchema } from "../admin-users/schemas.js";
+export { changeAccountPasswordRequestSchema, getAccountRequestSchema, updateAccountRequestSchema };

package/dist/modules/admin-account/service.js

@@ -1,75 +1,70 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { toAdminUser } from '../admin-users/dto.js';
-import { ERR_ADMIN_USER_EMAIL_IN_USE } from '../admin-users/errors.js';
-import { hashPassword, verifyPassword } from '../auth/password.js';
-import { ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD, ERR_ADMIN_ACCOUNT_NOT_FOUND, } from './errors.js';
-/**
- * Self-service business logic for the currently signed-in admin user.
- *
- * Reuses `AdminUsersRepository` rather than introducing a parallel
- * repository — the underlying table is the same, and self-service is
- * just a narrower surface over it. The narrowing is structural:
- *
- *   - Every method takes `actorId` (sourced server-side from the
- *     authenticated `RequestContext`) and uses it as the target id.
- *     Callers cannot supply a target id; commands look it up from
- *     `actor.id` and pass it in.
- *   - `updateAccount` excludes `is_super_admin`, `is_enabled`, and
- *     `is_email_verified` from the writable surface. The schema
- *     already strips them, but the service signature reinforces it.
- *   - `changePassword` verifies the *current* password before swapping
- *     in the new hash. A hijacked session cannot use this flow to lock
- *     out the legitimate owner.
- *
- * Note on session revocation: changing a password here does **not**
- * currently revoke other refresh tokens — existing access tokens stay
- * valid until their 15-minute expiry, and other refresh tokens remain
- * useable. A "sign out everywhere on password change" follow-up should
- * call `RefreshTokensRepository.revokeAllExcept(adminUserId, currentJti)`
- * once that lands.
- */
-export class AdminAccountService {
-    #repo;
-    constructor(deps) {
-        this.#repo = deps.repo;
+import { toAdminUser } from "../admin-users/dto.js";
+import { ERR_ADMIN_USER_EMAIL_IN_USE } from "../admin-users/errors.js";
+import { hashPassword, verifyPassword } from "../auth/password.js";
+import { ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD, ERR_ADMIN_ACCOUNT_NOT_FOUND } from "./errors.js";
+function _check_private_redeclaration(obj, privateCollection) {
+    if (privateCollection.has(obj)) throw new TypeError("Cannot initialize the same private elements twice on an object");
+}
+function _class_apply_descriptor_get(receiver, descriptor) {
+    if (descriptor.get) return descriptor.get.call(receiver);
+    return descriptor.value;
+}
+function _class_apply_descriptor_set(receiver, descriptor, value) {
+    if (descriptor.set) descriptor.set.call(receiver, value);
+    else {
+        if (!descriptor.writable) throw new TypeError("attempted to set read only private field");
+        descriptor.value = value;
     }
+}
+function _class_extract_field_descriptor(receiver, privateMap, action) {
+    if (!privateMap.has(receiver)) throw new TypeError("attempted to " + action + " private field on non-instance");
+    return privateMap.get(receiver);
+}
+function _class_private_field_get(receiver, privateMap) {
+    var descriptor = _class_extract_field_descriptor(receiver, privateMap, "get");
+    return _class_apply_descriptor_get(receiver, descriptor);
+}
+function _class_private_field_init(obj, privateMap, value) {
+    _check_private_redeclaration(obj, privateMap);
+    privateMap.set(obj, value);
+}
+function _class_private_field_set(receiver, privateMap, value) {
+    var descriptor = _class_extract_field_descriptor(receiver, privateMap, "set");
+    _class_apply_descriptor_set(receiver, descriptor, value);
+    return value;
+}
+var _repo = /*#__PURE__*/ new WeakMap();
+class AdminAccountService {
     async getAccount(actorId) {
-        const row = await this.#repo.getById(actorId);
-        if (!row)
-            throw ERR_ADMIN_ACCOUNT_NOT_FOUND();
+        const row = await _class_private_field_get(this, _repo).getById(actorId);
+        if (!row) throw ERR_ADMIN_ACCOUNT_NOT_FOUND();
         return toAdminUser(row);
     }
     async updateAccount(actorId, request) {
-        const current = await this.#repo.getById(actorId);
-        if (!current)
-            throw ERR_ADMIN_ACCOUNT_NOT_FOUND();
-        if (request.patch.email != null && request.patch.email !== current.email) {
-            const owner = await this.#repo.getByEmail(request.patch.email);
-            if (owner && owner.id !== actorId)
-                throw ERR_ADMIN_USER_EMAIL_IN_USE();
+        const current = await _class_private_field_get(this, _repo).getById(actorId);
+        if (!current) throw ERR_ADMIN_ACCOUNT_NOT_FOUND();
+        if (null != request.patch.email && request.patch.email !== current.email) {
+            const owner = await _class_private_field_get(this, _repo).getByEmail(request.patch.email);
+            if (owner && owner.id !== actorId) throw ERR_ADMIN_USER_EMAIL_IN_USE();
         }
-        const row = await this.#repo.update(actorId, request.vid, request.patch);
+        const row = await _class_private_field_get(this, _repo).update(actorId, request.vid, request.patch);
         return toAdminUser(row);
     }
     async changePassword(actorId, request) {
-        // Pull the row *with* the password hash so we can verify the
-        // supplied current password before persisting a new one. The
-        // sign-in-shaped row is treated as ephemeral here — the hash
-        // string is never propagated outside this method.
-        const withHash = await this.#repo.getByIdForSignIn(actorId);
-        if (!withHash)
-            throw ERR_ADMIN_ACCOUNT_NOT_FOUND();
+        const withHash = await _class_private_field_get(this, _repo).getByIdForSignIn(actorId);
+        if (!withHash) throw ERR_ADMIN_ACCOUNT_NOT_FOUND();
         const ok = await verifyPassword(request.currentPassword, withHash.password_hash);
-        if (!ok)
-            throw ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD();
+        if (!ok) throw ERR_ADMIN_ACCOUNT_INVALID_CURRENT_PASSWORD();
         const newHash = await hashPassword(request.newPassword);
-        const row = await this.#repo.setPasswordHash(actorId, request.vid, newHash);
+        const row = await _class_private_field_get(this, _repo).setPasswordHash(actorId, request.vid, newHash);
         return toAdminUser(row);
     }
+    constructor(deps){
+        _class_private_field_init(this, _repo, {
+            writable: true,
+            value: void 0
+        });
+        _class_private_field_set(this, _repo, deps.repo);
+    }
 }
+export { AdminAccountService };

package/dist/modules/admin-permissions/abilities.js

@@ -1,39 +1,21 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-/**
- * Ability keys for the admin-permissions module.
- *
- * `read` gates the inspector view (see docs/AUTHN-AUTHZ.md).
- * `update` will gate the per-role ability editor mounted on the
- * admin-roles role detail page — declared here so the role editor can
- * assert against it once that surface lands. The per-role editor shares
- * the `update` key rather than minting `grant` / `revoke` keys: granting
- * abilities to a role is a single editorial operation from the admin's
- * perspective, and a granular split would force a redundant key on
- * every permission-managing role.
- */
-export const ADMIN_PERMISSIONS_ABILITIES = {
+const ADMIN_PERMISSIONS_ABILITIES = {
     read: 'admin.permissions.read',
-    update: 'admin.permissions.update',
+    update: 'admin.permissions.update'
 };
-export function registerAdminPermissionsAbilities(registry) {
+function registerAdminPermissionsAbilities(registry) {
     registry.register({
         key: ADMIN_PERMISSIONS_ABILITIES.read,
         label: 'Read admin permissions',
         description: 'View the abilities inspector and per-role ability grants.',
         group: 'admin.permissions',
-        source: 'admin',
+        source: 'admin'
     });
     registry.register({
         key: ADMIN_PERMISSIONS_ABILITIES.update,
         label: 'Update admin permissions',
         description: "Edit a role's ability grants.",
         group: 'admin.permissions',
-        source: 'admin',
+        source: 'admin'
     });
 }
+export { ADMIN_PERMISSIONS_ABILITIES, registerAdminPermissionsAbilities };

package/dist/modules/admin-permissions/commands.js

@@ -1,41 +1,55 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { createCommand } from '../../lib/create-command.js';
-import { ADMIN_PERMISSIONS_ABILITIES } from './abilities.js';
-import { getRoleAbilitiesRequestSchema, getRoleAbilitiesResponseSchema, listRegisteredAbilitiesRequestSchema, listRegisteredAbilitiesResponseSchema, setRoleAbilitiesRequestSchema, setRoleAbilitiesResponseSchema, whoHasAbilityRequestSchema, whoHasAbilityResponseSchema, } from './schemas.js';
-import { AdminPermissionsService } from './service.js';
+import { createCommand } from "../../lib/create-command.js";
+import { ADMIN_PERMISSIONS_ABILITIES } from "./abilities.js";
+import { getRoleAbilitiesRequestSchema, getRoleAbilitiesResponseSchema, listRegisteredAbilitiesRequestSchema, listRegisteredAbilitiesResponseSchema, setRoleAbilitiesRequestSchema, setRoleAbilitiesResponseSchema, whoHasAbilityRequestSchema, whoHasAbilityResponseSchema } from "./schemas.js";
+import { AdminPermissionsService } from "./service.js";
 function serviceOf(deps) {
-    return new AdminPermissionsService({ store: deps.store, abilities: deps.abilities });
+    return new AdminPermissionsService({
+        store: deps.store,
+        abilities: deps.abilities
+    });
 }
-export const listRegisteredAbilitiesCommand = createCommand({
+const listRegisteredAbilitiesCommand = createCommand({
     method: 'listRegisteredAbilities',
-    auth: { ability: ADMIN_PERMISSIONS_ABILITIES.read },
+    auth: {
+        ability: ADMIN_PERMISSIONS_ABILITIES.read
+    },
     schemas: {
         input: listRegisteredAbilitiesRequestSchema,
-        output: listRegisteredAbilitiesResponseSchema,
+        output: listRegisteredAbilitiesResponseSchema
     },
-    handler: ({ deps }) => serviceOf(deps).listRegisteredAbilities(),
+    handler: ({ deps })=>serviceOf(deps).listRegisteredAbilities()
 });
-export const whoHasAbilityCommand = createCommand({
+const whoHasAbilityCommand = createCommand({
     method: 'whoHasAbility',
-    auth: { ability: ADMIN_PERMISSIONS_ABILITIES.read },
-    schemas: { input: whoHasAbilityRequestSchema, output: whoHasAbilityResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).whoHasAbility(input),
+    auth: {
+        ability: ADMIN_PERMISSIONS_ABILITIES.read
+    },
+    schemas: {
+        input: whoHasAbilityRequestSchema,
+        output: whoHasAbilityResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).whoHasAbility(input)
 });
-export const getRoleAbilitiesCommand = createCommand({
+const getRoleAbilitiesCommand = createCommand({
     method: 'getRoleAbilities',
-    auth: { ability: ADMIN_PERMISSIONS_ABILITIES.read },
-    schemas: { input: getRoleAbilitiesRequestSchema, output: getRoleAbilitiesResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).getRoleAbilities(input),
+    auth: {
+        ability: ADMIN_PERMISSIONS_ABILITIES.read
+    },
+    schemas: {
+        input: getRoleAbilitiesRequestSchema,
+        output: getRoleAbilitiesResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).getRoleAbilities(input)
 });
-export const setRoleAbilitiesCommand = createCommand({
+const setRoleAbilitiesCommand = createCommand({
     method: 'setRoleAbilities',
-    auth: { ability: ADMIN_PERMISSIONS_ABILITIES.update },
-    schemas: { input: setRoleAbilitiesRequestSchema, output: setRoleAbilitiesResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).setRoleAbilities(input),
+    auth: {
+        ability: ADMIN_PERMISSIONS_ABILITIES.update
+    },
+    schemas: {
+        input: setRoleAbilitiesRequestSchema,
+        output: setRoleAbilitiesResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).setRoleAbilities(input)
 });
+export { getRoleAbilitiesCommand, listRegisteredAbilitiesCommand, setRoleAbilitiesCommand, whoHasAbilityCommand };

package/dist/modules/admin-permissions/components/inspector.d.ts

@@ -0,0 +1,4 @@
+import type { ListRegisteredAbilitiesResponse } from '../index.js';
+export declare function AbilitiesInspector({ data }: {
+    data: ListRegisteredAbilitiesResponse;
+}): import("react").JSX.Element;