@byline/admin 2.4.0 → 2.4.1

package/dist/modules/auth/resolve-actor.js

@@ -1,35 +1,13 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { AdminAuth } from '@byline/auth';
-/**
- * Build an `AdminAuth` from a user id by reading the admin-users row and
- * collecting the distinct abilities granted through every role the user
- * holds.
- *
- * Returns `null` when the user does not exist or is not enabled — callers
- * interpret a null result as "no actor, sign-in refused". The enablement
- * check lives here (rather than in the session provider) so that any code
- * path resolving an actor from a stored user id — sign-in, token refresh,
- * seeded super-admin context — applies the same gate.
- *
- * Consumes the admin-users and admin-permissions repositories through the
- * `AdminStore` bundle; adapter-agnostic.
- */
-export async function resolveActor(store, adminUserId) {
+import { AdminAuth } from "@byline/auth";
+async function resolveActor(store, adminUserId) {
     const user = await store.adminUsers.getById(adminUserId);
-    if (!user)
-        return null;
-    if (!user.is_enabled)
-        return null;
+    if (!user) return null;
+    if (!user.is_enabled) return null;
     const abilities = await store.adminPermissions.listAbilitiesForUser(adminUserId);
     return new AdminAuth({
         id: user.id,
         abilities,
-        isSuperAdmin: user.is_super_admin,
+        isSuperAdmin: user.is_super_admin
     });
 }
+export { resolveActor };

package/dist/services/admin-services-context.d.ts

@@ -0,0 +1,16 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+import { type ReactNode } from 'react';
+import type { BylineAdminServices } from './admin-services-types.js';
+export type { AdminServiceCall, BylineAdminServices, ChangeAccountPasswordInput, CreateAdminRoleInput, CreateAdminUserInput, SetAdminUserPasswordInput, SetRoleAbilitiesInput, SetUserRolesInput, SignInInput, SignInResult, UpdateAccountInput, UpdateAdminRoleInput, UpdateAdminUserInput, WhoHasAbilityInput, } from './admin-services-types.js';
+interface BylineAdminServicesProviderProps {
+    services: BylineAdminServices;
+    children: ReactNode;
+}
+export declare const BylineAdminServicesProvider: ({ services, children, }: BylineAdminServicesProviderProps) => import("react").JSX.Element;
+export declare const useBylineAdminServices: () => BylineAdminServices;

package/dist/services/admin-services-context.js

@@ -0,0 +1,13 @@
+import { jsx } from "react/jsx-runtime";
+import { createContext, useContext } from "react";
+const AdminServicesContext = /*#__PURE__*/ createContext(null);
+const BylineAdminServicesProvider = ({ services, children })=>/*#__PURE__*/ jsx(AdminServicesContext.Provider, {
+        value: services,
+        children: children
+    });
+const useBylineAdminServices = ()=>{
+    const ctx = useContext(AdminServicesContext);
+    if (!ctx) throw new Error('@byline/admin: BylineAdminServicesProvider missing. Wrap your admin tree with <BylineAdminServicesProvider services={…} />.');
+    return ctx;
+};
+export { BylineAdminServicesProvider, useBylineAdminServices };

package/dist/services/admin-services-types.d.ts

@@ -0,0 +1,129 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+/**
+ * Framework-neutral function contracts that admin UI components in
+ * `@byline/ui` need from the host application. The host wires concrete
+ * implementations via `BylineAdminServicesProvider` — typically thin
+ * adapters around TanStack Start server functions, Next.js server
+ * actions, or any other RPC-style transport.
+ *
+ * The call shape `(args: { data: TInput }) => Promise<TOutput>` mirrors
+ * TanStack Start's `createServerFn().handler()` calling convention so a
+ * webapp host can pass its server fns through as-is. Other transports
+ * just need a tiny adapter.
+ *
+ * Scope: Phase 2.1 covers the framework-neutral admin UI components
+ * only — the 15 forms, modals, and inner widgets that don't touch
+ * TanStack Router. Page containers (list/edit/delete pages) keep using
+ * server fns directly today and move into `@byline/host-tanstack-start`
+ * in Phase 3 along with the route factories.
+ */
+import type { AccountResponse, ChangeAccountPasswordRequest, UpdateAccountRequest } from '../modules/admin-account/index.js';
+import type { SetRoleAbilitiesResponse, WhoHasAbilityResponse } from '../modules/admin-permissions/index.js';
+import type { AdminRoleResponse, UserRolesResponse } from '../modules/admin-roles/index.js';
+import type { AdminUserResponse } from '../modules/admin-users/index.js';
+/**
+ * The TanStack Start `createServerFn(...).handler(...)` calling shape:
+ * `fn({ data: input }) → Promise<output>`. Hosts using a different
+ * transport supply small adapters that match this shape.
+ */
+export type AdminServiceCall<TInput, TOutput> = (args: {
+    data: TInput;
+}) => Promise<TOutput>;
+export interface SignInInput {
+    email: string;
+    password: string;
+}
+/**
+ * The admin UI's sign-in form does not consume the `SignInResult`
+ * payload directly — on success it navigates via `window.location`. The
+ * shape is left as `unknown` here so each host's session provider can
+ * supply whatever envelope it produces without forcing a public type.
+ */
+export type SignInResult = unknown;
+/** Same shape as `UpdateAccountRequest` from `@byline/admin/admin-account`. */
+export type UpdateAccountInput = UpdateAccountRequest;
+/** Same shape as `ChangeAccountPasswordRequest` from `@byline/admin/admin-account`. */
+export type ChangeAccountPasswordInput = ChangeAccountPasswordRequest;
+export interface CreateAdminUserInput {
+    email: string;
+    password: string;
+    given_name?: string | null;
+    family_name?: string | null;
+    username?: string | null;
+    is_super_admin: boolean;
+    is_enabled: boolean;
+    is_email_verified: boolean;
+}
+export interface UpdateAdminUserInput {
+    id: string;
+    vid: number;
+    patch: {
+        email?: string;
+        given_name?: string | null;
+        family_name?: string | null;
+        username?: string | null;
+        is_super_admin?: boolean;
+        is_enabled?: boolean;
+        is_email_verified?: boolean;
+    };
+}
+export interface SetAdminUserPasswordInput {
+    id: string;
+    vid: number;
+    password: string;
+}
+export interface SetUserRolesInput {
+    userId: string;
+    roleIds: string[];
+}
+export interface CreateAdminRoleInput {
+    name: string;
+    machine_name: string;
+    description: string | null;
+}
+export interface UpdateAdminRoleInput {
+    id: string;
+    vid: number;
+    patch: {
+        name?: string;
+        description?: string | null;
+    };
+}
+export interface SetRoleAbilitiesInput {
+    id: string;
+    abilities: string[];
+}
+export interface WhoHasAbilityInput {
+    ability: string;
+}
+export interface BylineAdminServices {
+    adminSignIn: AdminServiceCall<SignInInput, SignInResult>;
+    updateAccount: AdminServiceCall<UpdateAccountInput, AccountResponse>;
+    changeAccountPassword: AdminServiceCall<ChangeAccountPasswordInput, AccountResponse>;
+    createAdminUser: AdminServiceCall<CreateAdminUserInput, AdminUserResponse>;
+    updateAdminUser: AdminServiceCall<UpdateAdminUserInput, AdminUserResponse>;
+    setAdminUserPassword: AdminServiceCall<SetAdminUserPasswordInput, AdminUserResponse>;
+    setUserRoles: AdminServiceCall<SetUserRolesInput, UserRolesResponse>;
+    createAdminRole: AdminServiceCall<CreateAdminRoleInput, AdminRoleResponse>;
+    updateAdminRole: AdminServiceCall<UpdateAdminRoleInput, AdminRoleResponse>;
+    setRoleAbilities: AdminServiceCall<SetRoleAbilitiesInput, SetRoleAbilitiesResponse>;
+    whoHasAbility: AdminServiceCall<WhoHasAbilityInput, WhoHasAbilityResponse>;
+    /**
+     * Diff helper. Loads a specific historical version of a document so
+     * the diff modal can compare it against the current version. Returns
+     * the same shape as the regular document loader — the diff modal
+     * consumes only `doc.fields` (or strips known meta keys when an
+     * older flat-shape doc is encountered).
+     *
+     * Positional-args shape rather than `{ data }` because this helper
+     * predates the contract and is consumed only by `DiffModal`. Hosts
+     * adapt their server fn into this call signature.
+     */
+    getCollectionDocumentVersion: (collection: string, documentId: string, versionId: string, locale: string | undefined) => Promise<Record<string, unknown>>;
+}

package/dist/services/admin-services-types.js

@@ -0,0 +1 @@
+export { };

package/dist/store.js

@@ -1,8 +1 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-export {};
+export { };

package/dist/vendor/noble-argon2/_blake.js

@@ -1,52 +1,284 @@
-// @ts-nocheck — vendored from noble-hashes; see ./README.md
-/**
- * Internal helpers for blake hash.
- * @module
- */
-import { rotr } from './utils.js';
-/**
- * Internal blake permutation table.
- * Rows `0..9` serve BLAKE2s, rows `0..11` serve BLAKE2b with `10..11 = 0..1`, and Blake1 also
- * reuses the later rows shown below. Blake1 expands rounds `10..15` as `SIGMA[i % 10]`, so rows
- * `10..15` intentionally repeat rows `0..5` for the 14-round (256) and 16-round (512) variants.
- */
-// prettier-ignore
-export const BSIGMA = /* @__PURE__ */ Uint8Array.from([
-    0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
-    14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
-    11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
-    7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
-    9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
-    2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
-    12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
-    13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
-    6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
-    10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
-    0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
-    14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
-    // Blake1, unused in others
-    11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
-    7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
-    9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
-    2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+import { rotr } from "./utils.js";
+const BSIGMA = /* @__PURE__ */ Uint8Array.from([
+    0,
+    1,
+    2,
+    3,
+    4,
+    5,
+    6,
+    7,
+    8,
+    9,
+    10,
+    11,
+    12,
+    13,
+    14,
+    15,
+    14,
+    10,
+    4,
+    8,
+    9,
+    15,
+    13,
+    6,
+    1,
+    12,
+    0,
+    2,
+    11,
+    7,
+    5,
+    3,
+    11,
+    8,
+    12,
+    0,
+    5,
+    2,
+    15,
+    13,
+    10,
+    14,
+    3,
+    6,
+    7,
+    1,
+    9,
+    4,
+    7,
+    9,
+    3,
+    1,
+    13,
+    12,
+    11,
+    14,
+    2,
+    6,
+    5,
+    10,
+    4,
+    0,
+    15,
+    8,
+    9,
+    0,
+    5,
+    7,
+    2,
+    4,
+    10,
+    15,
+    14,
+    1,
+    11,
+    12,
+    6,
+    8,
+    3,
+    13,
+    2,
+    12,
+    6,
+    10,
+    0,
+    11,
+    8,
+    3,
+    4,
+    13,
+    7,
+    5,
+    15,
+    14,
+    1,
+    9,
+    12,
+    5,
+    1,
+    15,
+    14,
+    13,
+    4,
+    10,
+    0,
+    7,
+    6,
+    3,
+    9,
+    2,
+    8,
+    11,
+    13,
+    11,
+    7,
+    14,
+    12,
+    1,
+    3,
+    9,
+    5,
+    0,
+    15,
+    4,
+    8,
+    6,
+    2,
+    10,
+    6,
+    15,
+    14,
+    9,
+    11,
+    3,
+    0,
+    8,
+    12,
+    2,
+    13,
+    7,
+    1,
+    4,
+    10,
+    5,
+    10,
+    2,
+    8,
+    4,
+    7,
+    6,
+    1,
+    5,
+    15,
+    11,
+    9,
+    14,
+    3,
+    12,
+    13,
+    0,
+    0,
+    1,
+    2,
+    3,
+    4,
+    5,
+    6,
+    7,
+    8,
+    9,
+    10,
+    11,
+    12,
+    13,
+    14,
+    15,
+    14,
+    10,
+    4,
+    8,
+    9,
+    15,
+    13,
+    6,
+    1,
+    12,
+    0,
+    2,
+    11,
+    7,
+    5,
+    3,
+    11,
+    8,
+    12,
+    0,
+    5,
+    2,
+    15,
+    13,
+    10,
+    14,
+    3,
+    6,
+    7,
+    1,
+    9,
+    4,
+    7,
+    9,
+    3,
+    1,
+    13,
+    12,
+    11,
+    14,
+    2,
+    6,
+    5,
+    10,
+    4,
+    0,
+    15,
+    8,
+    9,
+    0,
+    5,
+    7,
+    2,
+    4,
+    10,
+    15,
+    14,
+    1,
+    11,
+    12,
+    6,
+    8,
+    3,
+    13,
+    2,
+    12,
+    6,
+    10,
+    0,
+    11,
+    8,
+    3,
+    4,
+    13,
+    7,
+    5,
+    15,
+    14,
+    1,
+    9
 ]);
-// 32-bit / BLAKE2s first half of G, with the fixed `(16, 12)` rotation pair.
-// Parameter `x` is the RFC 7693 first-half message word, or Blake1's pre-mixed
-// `m[sigma[r][2i]] ^ u[sigma[r][2i+1]]` addend in the 32-bit path.
-export function G1s(a, b, c, d, x) {
-    a = (a + b + x) | 0;
+function G1s(a, b, c, d, x) {
+    a = a + b + x | 0;
     d = rotr(d ^ a, 16);
-    c = (c + d) | 0;
+    c = c + d | 0;
     b = rotr(b ^ c, 12);
-    return { a, b, c, d };
+    return {
+        a,
+        b,
+        c,
+        d
+    };
 }
-// 32-bit / BLAKE2s second half of G.
-// Parameter `x` is the RFC 7693 second-half (`y`) message word, or Blake1's pre-mixed
-// `m[sigma[r][2i + 1]] ^ u[sigma[r][2i]]` addend in the 32-bit path.
-export function G2s(a, b, c, d, x) {
-    a = (a + b + x) | 0;
+function G2s(a, b, c, d, x) {
+    a = a + b + x | 0;
     d = rotr(d ^ a, 8);
-    c = (c + d) | 0;
+    c = c + d | 0;
     b = rotr(b ^ c, 7);
-    return { a, b, c, d };
+    return {
+        a,
+        b,
+        c,
+        d
+    };
 }
+export { BSIGMA, G1s, G2s };