npm - @byline/admin - Versions diffs - 2.4.0 → 2.4.2 - Mend

@byline/admin 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/dist/abilities.js +5 -24
package/dist/index.js +8 -30
package/dist/lib/assert-admin-actor.js +13 -74
package/dist/lib/create-command.js +6 -16
package/dist/modules/admin-account/commands.js +35 -24
package/dist/modules/admin-account/components/change-password.d.ts +8 -0
package/dist/modules/admin-account/components/change-password.js +192 -0
package/dist/modules/admin-account/components/change-password.module.js +8 -0
package/dist/modules/admin-account/components/change-password_module.css +27 -0
package/dist/modules/admin-account/components/container.d.ts +29 -0
package/dist/modules/admin-account/components/container.js +298 -0
package/dist/modules/admin-account/components/container.module.js +28 -0
package/dist/modules/admin-account/components/container_module.css +106 -0
package/dist/modules/admin-account/components/update.d.ts +8 -0
package/dist/modules/admin-account/components/update.js +207 -0
package/dist/modules/admin-account/components/update.module.js +8 -0
package/dist/modules/admin-account/components/update_module.css +27 -0
package/dist/modules/admin-account/errors.js +14 -45
package/dist/modules/admin-account/index.js +4 -34
package/dist/modules/admin-account/schemas.js +25 -59
package/dist/modules/admin-account/service.js +56 -61
package/dist/modules/admin-permissions/abilities.js +6 -24
package/dist/modules/admin-permissions/commands.js +42 -28
package/dist/modules/admin-permissions/components/inspector.d.ts +4 -0
package/dist/modules/admin-permissions/components/inspector.js +284 -0
package/dist/modules/admin-permissions/components/inspector.module.js +56 -0
package/dist/modules/admin-permissions/components/inspector_module.css +238 -0
package/dist/modules/admin-permissions/dto.js +3 -16
package/dist/modules/admin-permissions/errors.js +14 -27
package/dist/modules/admin-permissions/index.js +6 -26
package/dist/modules/admin-permissions/repository.js +1 -8
package/dist/modules/admin-permissions/schemas.js +33 -70
package/dist/modules/admin-permissions/service.js +88 -92
package/dist/modules/admin-roles/abilities.js +8 -30
package/dist/modules/admin-roles/commands.js +89 -55
package/dist/modules/admin-roles/components/create.d.ts +7 -0
package/dist/modules/admin-roles/components/create.js +177 -0
package/dist/modules/admin-roles/components/create.module.js +8 -0
package/dist/modules/admin-roles/components/create_module.css +27 -0
package/dist/modules/admin-roles/components/permissions.d.ts +10 -0
package/dist/modules/admin-roles/components/permissions.js +303 -0
package/dist/modules/admin-roles/components/permissions.module.js +44 -0
package/dist/modules/admin-roles/components/permissions_module.css +192 -0
package/dist/modules/admin-roles/components/update.d.ts +8 -0
package/dist/modules/admin-roles/components/update.js +166 -0
package/dist/modules/admin-roles/components/update.module.js +8 -0
package/dist/modules/admin-roles/components/update_module.css +27 -0
package/dist/modules/admin-roles/dto.js +3 -16
package/dist/modules/admin-roles/errors.js +16 -40
package/dist/modules/admin-roles/index.js +6 -26
package/dist/modules/admin-roles/repository.js +1 -8
package/dist/modules/admin-roles/schemas.js +41 -71
package/dist/modules/admin-roles/service.js +79 -82
package/dist/modules/admin-users/abilities.js +9 -38
package/dist/modules/admin-users/commands.js +92 -50
package/dist/modules/admin-users/components/create.d.ts +8 -0
package/dist/modules/admin-users/components/create.js +268 -0
package/dist/modules/admin-users/components/create.module.js +10 -0
package/dist/modules/admin-users/components/create_module.css +45 -0
package/dist/modules/admin-users/components/roles.d.ts +11 -0
package/dist/modules/admin-users/components/roles.js +148 -0
package/dist/modules/admin-users/components/roles.module.js +18 -0
package/dist/modules/admin-users/components/roles_module.css +75 -0
package/dist/modules/admin-users/components/set-password.d.ts +8 -0
package/dist/modules/admin-users/components/set-password.js +170 -0
package/dist/modules/admin-users/components/set-password.module.js +9 -0
package/dist/modules/admin-users/components/set-password_module.css +31 -0
package/dist/modules/admin-users/components/update.d.ts +8 -0
package/dist/modules/admin-users/components/update.js +254 -0
package/dist/modules/admin-users/components/update.module.js +9 -0
package/dist/modules/admin-users/components/update_module.css +34 -0
package/dist/modules/admin-users/dto.js +3 -18
package/dist/modules/admin-users/errors.js +17 -43
package/dist/modules/admin-users/index.js +7 -27
package/dist/modules/admin-users/repository.js +1 -8
package/dist/modules/admin-users/schemas.js +44 -75
package/dist/modules/admin-users/seed-super-admin.js +9 -34
package/dist/modules/admin-users/service.js +76 -91
package/dist/modules/auth/components/sign-in-form.d.ts +12 -0
package/dist/modules/auth/components/sign-in-form.js +115 -0
package/dist/modules/auth/components/sign-in-form.module.js +12 -0
package/dist/modules/auth/components/sign-in-form_module.css +41 -0
package/dist/modules/auth/index.js +3 -24
package/dist/modules/auth/jwt-session-provider.js +179 -149
package/dist/modules/auth/password.js +11 -53
package/dist/modules/auth/phc.js +21 -54
package/dist/modules/auth/refresh-tokens-repository.js +1 -8
package/dist/modules/auth/resolve-actor.js +6 -28
package/dist/services/admin-services-context.d.ts +16 -0
package/dist/services/admin-services-context.js +13 -0
package/dist/services/admin-services-types.d.ts +129 -0
package/dist/services/admin-services-types.js +1 -0
package/dist/store.js +1 -8
package/dist/vendor/noble-argon2/_blake.js +277 -45
package/dist/vendor/noble-argon2/_md.js +81 -136
package/dist/vendor/noble-argon2/_u64.js +65 -67
package/dist/vendor/noble-argon2/argon2.js +181 -342
package/dist/vendor/noble-argon2/blake2.js +252 -327
package/dist/vendor/noble-argon2/utils.js +110 -490
package/dist/vendor/noble-argon2/utils.js.LICENSE.txt +1 -0
package/package.json +89 -10
package/src/abilities.ts +32 -0
package/src/declarations.d.ts +4 -0
package/src/index.ts +39 -0
package/src/lib/assert-admin-actor.ts +90 -0
package/src/lib/create-command.ts +109 -0
package/src/modules/admin-account/commands.ts +76 -0
package/src/modules/admin-account/components/change-password.module.css +40 -0
package/src/modules/admin-account/components/change-password.tsx +232 -0
package/src/modules/admin-account/components/container.module.css +158 -0
package/src/modules/admin-account/components/container.tsx +229 -0
package/src/modules/admin-account/components/update.module.css +40 -0
package/src/modules/admin-account/components/update.tsx +263 -0
package/src/modules/admin-account/errors.ts +75 -0
package/src/modules/admin-account/index.ts +60 -0
package/src/modules/admin-account/schemas.ts +84 -0
package/src/modules/admin-account/service.ts +92 -0
package/src/modules/admin-permissions/abilities.ts +46 -0
package/src/modules/admin-permissions/commands.ts +103 -0
package/src/modules/admin-permissions/components/inspector.module.css +326 -0
package/src/modules/admin-permissions/components/inspector.tsx +298 -0
package/src/modules/admin-permissions/dto.ts +28 -0
package/src/modules/admin-permissions/errors.ts +57 -0
package/src/modules/admin-permissions/index.ts +72 -0
package/src/modules/admin-permissions/repository.ts +49 -0
package/src/modules/admin-permissions/schemas.ts +128 -0
package/src/modules/admin-permissions/service.ts +137 -0
package/src/modules/admin-roles/abilities.ts +62 -0
package/src/modules/admin-roles/commands.ts +161 -0
package/src/modules/admin-roles/components/create.module.css +40 -0
package/src/modules/admin-roles/components/create.tsx +218 -0
package/src/modules/admin-roles/components/permissions.module.css +279 -0
package/src/modules/admin-roles/components/permissions.tsx +396 -0
package/src/modules/admin-roles/components/update.module.css +40 -0
package/src/modules/admin-roles/components/update.tsx +218 -0
package/src/modules/admin-roles/dto.ts +30 -0
package/src/modules/admin-roles/errors.ts +76 -0
package/src/modules/admin-roles/index.ts +81 -0
package/src/modules/admin-roles/repository.ts +96 -0
package/src/modules/admin-roles/schemas.ts +139 -0
package/src/modules/admin-roles/service.ts +136 -0
package/src/modules/admin-users/abilities.ts +76 -0
package/src/modules/admin-users/commands.ts +157 -0
package/src/modules/admin-users/components/create.module.css +63 -0
package/src/modules/admin-users/components/create.tsx +323 -0
package/src/modules/admin-users/components/roles.module.css +119 -0
package/src/modules/admin-users/components/roles.tsx +172 -0
package/src/modules/admin-users/components/set-password.module.css +46 -0
package/src/modules/admin-users/components/set-password.tsx +199 -0
package/src/modules/admin-users/components/update.module.css +49 -0
package/src/modules/admin-users/components/update.tsx +328 -0
package/src/modules/admin-users/dto.ts +39 -0
package/src/modules/admin-users/errors.ts +84 -0
package/src/modules/admin-users/index.ts +91 -0
package/src/modules/admin-users/repository.ts +161 -0
package/src/modules/admin-users/schemas.ts +168 -0
package/src/modules/admin-users/seed-super-admin.ts +102 -0
package/src/modules/admin-users/service.ts +166 -0
package/src/modules/auth/components/sign-in-form.module.css +62 -0
package/src/modules/auth/components/sign-in-form.tsx +132 -0
package/src/modules/auth/index.ts +31 -0
package/src/modules/auth/jwt-session-provider.ts +301 -0
package/src/modules/auth/password.ts +94 -0
package/src/modules/auth/phc.ts +121 -0
package/src/modules/auth/refresh-tokens-repository.ts +74 -0
package/src/modules/auth/resolve-actor.ts +42 -0
package/src/services/admin-services-context.tsx +52 -0
package/src/services/admin-services-types.ts +177 -0
package/src/store.ts +32 -0
package/src/vendor/noble-argon2/LICENSE +21 -0
package/src/vendor/noble-argon2/README.md +87 -0
package/src/vendor/noble-argon2/_blake.ts +58 -0
package/src/vendor/noble-argon2/_md.ts +223 -0
package/src/vendor/noble-argon2/_u64.ts +118 -0
package/src/vendor/noble-argon2/argon2.ts +668 -0
package/src/vendor/noble-argon2/blake2.ts +583 -0
package/src/vendor/noble-argon2/utils.ts +849 -0

package/dist/modules/admin-permissions/index.js CHANGED Viewed

@@ -1,26 +1,6 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-/**
- * `@byline/admin/admin-permissions` — ability grants against roles plus
- * the read-only inspector view.
- *
- * Backs the `byline_admin_permissions` table. Ability keys are
- * registered at `initBylineCore()` time through the `AbilityRegistry`
- * from `@byline/auth`; this module owns the per-role grant data and the
- * inspector that surfaces it.
- *
- * The editor surface (`getRoleAbilities` / `setRoleAbilities`) is
- * deliberately out of scope on this first ship — it lands with Phase B
- * and mounts on the admin-roles role detail page.
- */
-export { ADMIN_PERMISSIONS_ABILITIES, registerAdminPermissionsAbilities, } from './abilities.js';
-export { getRoleAbilitiesCommand, listRegisteredAbilitiesCommand, setRoleAbilitiesCommand, whoHasAbilityCommand, } from './commands.js';
-export { toAbilityDescriptor } from './dto.js';
-export { AdminPermissionsError, AdminPermissionsErrorCodes, ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED, ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND, } from './errors.js';
-export { abilityDescriptorResponseSchema, abilityGroupResponseSchema, abilityHolderRoleSchema, abilityHolderUserSchema, getRoleAbilitiesRequestSchema, getRoleAbilitiesResponseSchema, listRegisteredAbilitiesRequestSchema, listRegisteredAbilitiesResponseSchema, setRoleAbilitiesRequestSchema, setRoleAbilitiesResponseSchema, whoHasAbilityRequestSchema, whoHasAbilityResponseSchema, } from './schemas.js';
-export { AdminPermissionsService } from './service.js';
+export { ADMIN_PERMISSIONS_ABILITIES, registerAdminPermissionsAbilities } from "./abilities.js";
+export { getRoleAbilitiesCommand, listRegisteredAbilitiesCommand, setRoleAbilitiesCommand, whoHasAbilityCommand } from "./commands.js";
+export { toAbilityDescriptor } from "./dto.js";
+export { AdminPermissionsError, AdminPermissionsErrorCodes, ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED, ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND } from "./errors.js";
+export { abilityDescriptorResponseSchema, abilityGroupResponseSchema, abilityHolderRoleSchema, abilityHolderUserSchema, getRoleAbilitiesRequestSchema, getRoleAbilitiesResponseSchema, listRegisteredAbilitiesRequestSchema, listRegisteredAbilitiesResponseSchema, setRoleAbilitiesRequestSchema, setRoleAbilitiesResponseSchema, whoHasAbilityRequestSchema, whoHasAbilityResponseSchema } from "./schemas.js";
+export { AdminPermissionsService } from "./service.js";

package/dist/modules/admin-permissions/repository.js CHANGED Viewed

@@ -1,8 +1 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-export {};
+export { };

package/dist/modules/admin-permissions/schemas.js CHANGED Viewed

@@ -1,98 +1,61 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { uuidSchema } from '@byline/core/validation';
-import { z } from 'zod';
-/**
- * Zod request/response schemas for the admin-permissions inspector.
- *
- * The inspector ships two endpoints:
- *
- *   - `listRegisteredAbilities` — flat list + grouped buckets straight
- *     out of the `AbilityRegistry`. No DB read.
- *   - `whoHasAbility` — for a given ability key, the list of roles that
- *     grant it and the distinct list of admin users transitively
- *     holding it. Two DB joins.
- *
- * Phase B will add `getRoleAbilities` / `setRoleAbilities` for the
- * per-role editor on the admin-roles detail page; both are deliberately
- * out of scope here.
- */
+import { uuidSchema } from "@byline/core/validation";
+import { z } from "zod";
 const abilityKeySchema = z.string().min(1).max(128);
-// ---------------------------------------------------------------------------
-// Requests
-// ---------------------------------------------------------------------------
-export const listRegisteredAbilitiesRequestSchema = z.object({}).optional();
-export const whoHasAbilityRequestSchema = z.object({
-    ability: abilityKeySchema,
+const listRegisteredAbilitiesRequestSchema = z.object({}).optional();
+const whoHasAbilityRequestSchema = z.object({
+    ability: abilityKeySchema
 });
-export const getRoleAbilitiesRequestSchema = z.object({
-    id: uuidSchema,
+const getRoleAbilitiesRequestSchema = z.object({
+    id: uuidSchema
 });
-export const setRoleAbilitiesRequestSchema = z.object({
+const setRoleAbilitiesRequestSchema = z.object({
     id: uuidSchema,
-    abilities: z.array(abilityKeySchema),
-});
-// ---------------------------------------------------------------------------
-// Responses
-// ---------------------------------------------------------------------------
-const abilitySourceSchema = z.enum(['collection', 'plugin', 'core', 'admin']).nullable();
-export const abilityDescriptorResponseSchema = z.object({
+    abilities: z.array(abilityKeySchema)
+});
+const abilitySourceSchema = z["enum"]([
+    'collection',
+    'plugin',
+    'core',
+    'admin'
+]).nullable();
+const abilityDescriptorResponseSchema = z.object({
     key: z.string(),
     label: z.string(),
     description: z.string().nullable(),
     group: z.string(),
-    source: abilitySourceSchema,
+    source: abilitySourceSchema
 });
-export const abilityGroupResponseSchema = z.object({
+const abilityGroupResponseSchema = z.object({
     group: z.string(),
-    abilities: z.array(abilityDescriptorResponseSchema),
+    abilities: z.array(abilityDescriptorResponseSchema)
 });
-/**
- * Inspector list payload. Returns both the flat list and the grouped
- * buckets so the UI can render either shape without re-bucketing.
- */
-export const listRegisteredAbilitiesResponseSchema = z.object({
+const listRegisteredAbilitiesResponseSchema = z.object({
     abilities: z.array(abilityDescriptorResponseSchema),
     groups: z.array(abilityGroupResponseSchema),
-    total: z.number().int().min(0),
+    total: z.number().int().min(0)
 });
-/**
- * Who-has-ability matrix entry. Roles and users are surfaced in the
- * same response so the inline-expand row in the inspector renders in
- * one round-trip.
- */
-export const abilityHolderRoleSchema = z.object({
+const abilityHolderRoleSchema = z.object({
     id: z.string(),
     name: z.string(),
-    machine_name: z.string(),
+    machine_name: z.string()
 });
-export const abilityHolderUserSchema = z.object({
+const abilityHolderUserSchema = z.object({
     id: z.string(),
     email: z.string(),
     given_name: z.string().nullable(),
-    family_name: z.string().nullable(),
+    family_name: z.string().nullable()
 });
-export const whoHasAbilityResponseSchema = z.object({
+const whoHasAbilityResponseSchema = z.object({
     ability: z.string(),
     roles: z.array(abilityHolderRoleSchema),
-    users: z.array(abilityHolderUserSchema),
+    users: z.array(abilityHolderUserSchema)
 });
-/**
- * Editor payloads. `roleId` is echoed back on both responses so the
- * caller can match async writes against the role they were editing
- * without holding the id separately. `abilities` is the authoritative
- * stored set after the write.
- */
-export const getRoleAbilitiesResponseSchema = z.object({
+const getRoleAbilitiesResponseSchema = z.object({
     roleId: z.string(),
-    abilities: z.array(z.string()),
+    abilities: z.array(z.string())
 });
-export const setRoleAbilitiesResponseSchema = z.object({
+const setRoleAbilitiesResponseSchema = z.object({
     roleId: z.string(),
-    abilities: z.array(z.string()),
+    abilities: z.array(z.string())
 });
+export { abilityDescriptorResponseSchema, abilityGroupResponseSchema, abilityHolderRoleSchema, abilityHolderUserSchema, getRoleAbilitiesRequestSchema, getRoleAbilitiesResponseSchema, listRegisteredAbilitiesRequestSchema, listRegisteredAbilitiesResponseSchema, setRoleAbilitiesRequestSchema, setRoleAbilitiesResponseSchema, whoHasAbilityRequestSchema, whoHasAbilityResponseSchema };

package/dist/modules/admin-permissions/service.js CHANGED Viewed

@@ -1,113 +1,109 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { toAbilityDescriptor } from './dto.js';
-import { ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED, ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND, } from './errors.js';
-/**
- * Read-only inspector service for admin-permissions.
- *
- * Two responsibilities:
- *
- *   1. **Enumerate registered abilities.** Pure registry read — no DB
- *      access. The registry is populated at `initBylineCore()` time
- *      by collection auto-registration plus subsystem registrars
- *      (`registerAdminAbilities`).
- *   2. **Resolve the who-has matrix.** For a given ability key, list
- *      the roles that grant it and the distinct admin users
- *      transitively holding it. Backed by two single-query joins on
- *      the permissions repository, then resolved against the roles
- *      and users repositories so the inspector can render names
- *      without further round-trips.
- *
- * The editor surface (`getRoleAbilities` / `setRoleAbilities`) is
- * deliberately not on this service yet — it lands with Phase B and
- * will live alongside these methods.
- */
-export class AdminPermissionsService {
-    #store;
-    #abilities;
-    constructor(deps) {
-        this.#store = deps.store;
-        this.#abilities = deps.abilities;
+import { toAbilityDescriptor } from "./dto.js";
+import { ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED, ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND } from "./errors.js";
+function _check_private_redeclaration(obj, privateCollection) {
+    if (privateCollection.has(obj)) throw new TypeError("Cannot initialize the same private elements twice on an object");
+}
+function _class_apply_descriptor_get(receiver, descriptor) {
+    if (descriptor.get) return descriptor.get.call(receiver);
+    return descriptor.value;
+}
+function _class_apply_descriptor_set(receiver, descriptor, value) {
+    if (descriptor.set) descriptor.set.call(receiver, value);
+    else {
+        if (!descriptor.writable) throw new TypeError("attempted to set read only private field");
+        descriptor.value = value;
     }
+}
+function _class_extract_field_descriptor(receiver, privateMap, action) {
+    if (!privateMap.has(receiver)) throw new TypeError("attempted to " + action + " private field on non-instance");
+    return privateMap.get(receiver);
+}
+function _class_private_field_get(receiver, privateMap) {
+    var descriptor = _class_extract_field_descriptor(receiver, privateMap, "get");
+    return _class_apply_descriptor_get(receiver, descriptor);
+}
+function _class_private_field_init(obj, privateMap, value) {
+    _check_private_redeclaration(obj, privateMap);
+    privateMap.set(obj, value);
+}
+function _class_private_field_set(receiver, privateMap, value) {
+    var descriptor = _class_extract_field_descriptor(receiver, privateMap, "set");
+    _class_apply_descriptor_set(receiver, descriptor, value);
+    return value;
+}
+var _store = /*#__PURE__*/ new WeakMap(), _abilities = /*#__PURE__*/ new WeakMap();
+class AdminPermissionsService {
     listRegisteredAbilities() {
-        const flat = this.#abilities.list().map(toAbilityDescriptor);
-        // Re-bucket from the same shaped descriptors so flat and groups
-        // stay byte-identical apart from grouping. Iteration order matches
-        // registration order — the registry's `byGroup` already preserves
-        // insertion order.
-        const grouped = this.#abilities.byGroup();
-        const groups = Array.from(grouped.entries(), ([group, abilities]) => ({
-            group,
-            abilities: abilities.map(toAbilityDescriptor),
-        }));
+        const flat = _class_private_field_get(this, _abilities).list().map(toAbilityDescriptor);
+        const grouped = _class_private_field_get(this, _abilities).byGroup();
+        const groups = Array.from(grouped.entries(), ([group, abilities])=>({
+                group,
+                abilities: abilities.map(toAbilityDescriptor)
+            }));
         return {
             abilities: flat,
             groups,
-            total: flat.length,
+            total: flat.length
         };
     }
     async getRoleAbilities(request) {
-        const role = await this.#store.adminRoles.getById(request.id);
-        if (!role)
-            throw ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND();
-        const abilities = await this.#store.adminPermissions.listAbilities(request.id);
-        return { roleId: request.id, abilities };
+        const role = await _class_private_field_get(this, _store).adminRoles.getById(request.id);
+        if (!role) throw ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND();
+        const abilities = await _class_private_field_get(this, _store).adminPermissions.listAbilities(request.id);
+        return {
+            roleId: request.id,
+            abilities
+        };
     }
     async setRoleAbilities(request) {
-        const role = await this.#store.adminRoles.getById(request.id);
-        if (!role)
-            throw ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND();
-        // Reject any ability that is not in the registry — guards against
-        // typos, stale UI state, and a since-removed plugin's keys lingering
-        // in someone's draft. The registry was populated at init time so
-        // this is an in-memory check.
-        const unknown = request.abilities.filter((key) => !this.#abilities.has(key));
-        if (unknown.length > 0) {
-            throw ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED({
-                message: `Unregistered abilities: ${unknown.join(', ')}`,
-            });
-        }
-        // Wholesale-replace inside a transaction (handled by the repo).
-        await this.#store.adminPermissions.setAbilities(request.id, request.abilities);
-        // Return the freshly-stored set so the client can reset its dirty
-        // state without a second round-trip — also defends against drift if
-        // the repo dedupes or reorders.
-        const stored = await this.#store.adminPermissions.listAbilities(request.id);
-        return { roleId: request.id, abilities: stored };
+        const role = await _class_private_field_get(this, _store).adminRoles.getById(request.id);
+        if (!role) throw ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND();
+        const unknown = request.abilities.filter((key)=>!_class_private_field_get(this, _abilities).has(key));
+        if (unknown.length > 0) throw ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED({
+            message: `Unregistered abilities: ${unknown.join(', ')}`
+        });
+        await _class_private_field_get(this, _store).adminPermissions.setAbilities(request.id, request.abilities);
+        const stored = await _class_private_field_get(this, _store).adminPermissions.listAbilities(request.id);
+        return {
+            roleId: request.id,
+            abilities: stored
+        };
     }
     async whoHasAbility(request) {
-        // Run the two inverse joins in parallel — they read the same table
-        // through different join paths but neither blocks the other.
         const [roleIds, userIds] = await Promise.all([
-            this.#store.adminPermissions.listRolesForAbility(request.ability),
-            this.#store.adminPermissions.listUsersForAbility(request.ability),
+            _class_private_field_get(this, _store).adminPermissions.listRolesForAbility(request.ability),
+            _class_private_field_get(this, _store).adminPermissions.listUsersForAbility(request.ability)
         ]);
-        // Resolve role + user metadata in parallel batches. We accept the
-        // N round-trips here because admin role and user counts are small
-        // by design; if they grow we add `getByIds(ids[])` repo methods
-        // later.
         const [roles, users] = await Promise.all([
-            Promise.all(roleIds.map((id) => this.#store.adminRoles.getById(id))),
-            Promise.all(userIds.map((id) => this.#store.adminUsers.getById(id))),
+            Promise.all(roleIds.map((id)=>_class_private_field_get(this, _store).adminRoles.getById(id))),
+            Promise.all(userIds.map((id)=>_class_private_field_get(this, _store).adminUsers.getById(id)))
         ]);
         return {
             ability: request.ability,
-            roles: roles
-                .filter((r) => r != null)
-                .map((r) => ({ id: r.id, name: r.name, machine_name: r.machine_name })),
-            users: users
-                .filter((u) => u != null)
-                .map((u) => ({
-                id: u.id,
-                email: u.email,
-                given_name: u.given_name,
-                family_name: u.family_name,
-            })),
+            roles: roles.filter((r)=>null != r).map((r)=>({
+                    id: r.id,
+                    name: r.name,
+                    machine_name: r.machine_name
+                })),
+            users: users.filter((u)=>null != u).map((u)=>({
+                    id: u.id,
+                    email: u.email,
+                    given_name: u.given_name,
+                    family_name: u.family_name
+                }))
         };
     }
+    constructor(deps){
+        _class_private_field_init(this, _store, {
+            writable: true,
+            value: void 0
+        });
+        _class_private_field_init(this, _abilities, {
+            writable: true,
+            value: void 0
+        });
+        _class_private_field_set(this, _store, deps.store);
+        _class_private_field_set(this, _abilities, deps.abilities);
+    }
 }
+export { AdminPermissionsService };

package/dist/modules/admin-roles/abilities.js CHANGED Viewed

@@ -1,55 +1,33 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-/**
- * Ability keys for the admin-roles module.
- *
- * Reorder is intentionally **rolled into `update`** — same trust level
- * (mutating role identity), and splitting it would force a redundant
- * `reorder` permission alongside `update` for every role-managing role.
- *
- * Per-role ability grants are managed by the sibling
- * `@byline/admin/admin-permissions` module and have their own ability
- * keys there.
- */
-export const ADMIN_ROLES_ABILITIES = {
+const ADMIN_ROLES_ABILITIES = {
     read: 'admin.roles.read',
     create: 'admin.roles.create',
     update: 'admin.roles.update',
-    delete: 'admin.roles.delete',
+    delete: 'admin.roles.delete'
 };
-/**
- * Register every admin-roles ability with the framework's `AbilityRegistry`.
- * Called from `registerAdminAbilities(registry)` at package level, which
- * the webapp wires into `initBylineCore()`.
- */
-export function registerAdminRolesAbilities(registry) {
+function registerAdminRolesAbilities(registry) {
     registry.register({
         key: ADMIN_ROLES_ABILITIES.read,
         label: 'Read admin roles',
         group: 'admin.roles',
-        source: 'admin',
+        source: 'admin'
     });
     registry.register({
         key: ADMIN_ROLES_ABILITIES.create,
         label: 'Create admin roles',
         group: 'admin.roles',
-        source: 'admin',
+        source: 'admin'
     });
     registry.register({
         key: ADMIN_ROLES_ABILITIES.update,
         label: 'Update or reorder admin roles',
         group: 'admin.roles',
-        source: 'admin',
+        source: 'admin'
     });
     registry.register({
         key: ADMIN_ROLES_ABILITIES.delete,
         label: 'Delete admin roles',
         group: 'admin.roles',
-        source: 'admin',
+        source: 'admin'
     });
 }
+export { ADMIN_ROLES_ABILITIES, registerAdminRolesAbilities };

package/dist/modules/admin-roles/commands.js CHANGED Viewed

@@ -1,75 +1,109 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { createCommand } from '../../lib/create-command.js';
-import { ADMIN_USERS_ABILITIES } from '../admin-users/abilities.js';
-import { ADMIN_ROLES_ABILITIES } from './abilities.js';
-import { adminRoleListResponseSchema, adminRoleResponseSchema, createAdminRoleRequestSchema, deleteAdminRoleRequestSchema, getAdminRoleRequestSchema, getRolesForUserRequestSchema, listAdminRolesRequestSchema, okResponseSchema, reorderAdminRolesRequestSchema, setRolesForUserRequestSchema, updateAdminRoleRequestSchema, userRolesResponseSchema, } from './schemas.js';
-import { AdminRolesService } from './service.js';
+import { createCommand } from "../../lib/create-command.js";
+import { ADMIN_USERS_ABILITIES } from "../admin-users/abilities.js";
+import { ADMIN_ROLES_ABILITIES } from "./abilities.js";
+import { adminRoleListResponseSchema, adminRoleResponseSchema, createAdminRoleRequestSchema, deleteAdminRoleRequestSchema, getAdminRoleRequestSchema, getRolesForUserRequestSchema, listAdminRolesRequestSchema, okResponseSchema, reorderAdminRolesRequestSchema, setRolesForUserRequestSchema, updateAdminRoleRequestSchema, userRolesResponseSchema } from "./schemas.js";
+import { AdminRolesService } from "./service.js";
 function serviceOf(deps) {
-    return new AdminRolesService({ store: deps.store });
+    return new AdminRolesService({
+        store: deps.store
+    });
 }
-export const listAdminRolesCommand = createCommand({
+const listAdminRolesCommand = createCommand({
     method: 'listAdminRoles',
-    auth: { ability: ADMIN_ROLES_ABILITIES.read },
-    schemas: { input: listAdminRolesRequestSchema, output: adminRoleListResponseSchema },
-    handler: ({ deps }) => serviceOf(deps).listRoles(),
+    auth: {
+        ability: ADMIN_ROLES_ABILITIES.read
+    },
+    schemas: {
+        input: listAdminRolesRequestSchema,
+        output: adminRoleListResponseSchema
+    },
+    handler: ({ deps })=>serviceOf(deps).listRoles()
 });
-export const getAdminRoleCommand = createCommand({
+const getAdminRoleCommand = createCommand({
     method: 'getAdminRole',
-    auth: { ability: ADMIN_ROLES_ABILITIES.read },
-    schemas: { input: getAdminRoleRequestSchema, output: adminRoleResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).getRole(input),
+    auth: {
+        ability: ADMIN_ROLES_ABILITIES.read
+    },
+    schemas: {
+        input: getAdminRoleRequestSchema,
+        output: adminRoleResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).getRole(input)
 });
-export const createAdminRoleCommand = createCommand({
+const createAdminRoleCommand = createCommand({
     method: 'createAdminRole',
-    auth: { ability: ADMIN_ROLES_ABILITIES.create },
-    schemas: { input: createAdminRoleRequestSchema, output: adminRoleResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).createRole(input),
+    auth: {
+        ability: ADMIN_ROLES_ABILITIES.create
+    },
+    schemas: {
+        input: createAdminRoleRequestSchema,
+        output: adminRoleResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).createRole(input)
 });
-export const updateAdminRoleCommand = createCommand({
+const updateAdminRoleCommand = createCommand({
     method: 'updateAdminRole',
-    auth: { ability: ADMIN_ROLES_ABILITIES.update },
-    schemas: { input: updateAdminRoleRequestSchema, output: adminRoleResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).updateRole(input),
+    auth: {
+        ability: ADMIN_ROLES_ABILITIES.update
+    },
+    schemas: {
+        input: updateAdminRoleRequestSchema,
+        output: adminRoleResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).updateRole(input)
 });
-export const deleteAdminRoleCommand = createCommand({
+const deleteAdminRoleCommand = createCommand({
     method: 'deleteAdminRole',
-    auth: { ability: ADMIN_ROLES_ABILITIES.delete },
-    schemas: { input: deleteAdminRoleRequestSchema, output: okResponseSchema },
-    handler: async ({ input, deps }) => {
-        await serviceOf(deps).deleteRole(input);
-        return { ok: true };
+    auth: {
+        ability: ADMIN_ROLES_ABILITIES["delete"]
     },
+    schemas: {
+        input: deleteAdminRoleRequestSchema,
+        output: okResponseSchema
+    },
+    handler: async ({ input, deps })=>{
+        await serviceOf(deps).deleteRole(input);
+        return {
+            ok: true
+        };
+    }
 });
-export const reorderAdminRolesCommand = createCommand({
+const reorderAdminRolesCommand = createCommand({
     method: 'reorderAdminRoles',
-    auth: { ability: ADMIN_ROLES_ABILITIES.update },
-    schemas: { input: reorderAdminRolesRequestSchema, output: okResponseSchema },
-    handler: async ({ input, deps }) => {
-        await serviceOf(deps).reorderRoles(input);
-        return { ok: true };
+    auth: {
+        ability: ADMIN_ROLES_ABILITIES.update
     },
+    schemas: {
+        input: reorderAdminRolesRequestSchema,
+        output: okResponseSchema
+    },
+    handler: async ({ input, deps })=>{
+        await serviceOf(deps).reorderRoles(input);
+        return {
+            ok: true
+        };
+    }
 });
-export const getRolesForUserCommand = createCommand({
+const getRolesForUserCommand = createCommand({
     method: 'getRolesForUser',
-    // Reading a user's role assignments requires read access to admin
-    // users — the data is fundamentally about that user.
-    auth: { ability: ADMIN_USERS_ABILITIES.read },
-    schemas: { input: getRolesForUserRequestSchema, output: userRolesResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).getRolesForUser(input),
+    auth: {
+        ability: ADMIN_USERS_ABILITIES.read
+    },
+    schemas: {
+        input: getRolesForUserRequestSchema,
+        output: userRolesResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).getRolesForUser(input)
 });
-export const setRolesForUserCommand = createCommand({
+const setRolesForUserCommand = createCommand({
     method: 'setRolesForUser',
-    // Editing a user's role-set is at the same trust level as updating
-    // their other admin fields. Roll into `admin.users.update` rather
-    // than minting a separate `admin.users.assignRoles` key — the role
-    // editor's checkbox tree would otherwise need both.
-    auth: { ability: ADMIN_USERS_ABILITIES.update },
-    schemas: { input: setRolesForUserRequestSchema, output: userRolesResponseSchema },
-    handler: ({ input, deps }) => serviceOf(deps).setRolesForUser(input),
+    auth: {
+        ability: ADMIN_USERS_ABILITIES.update
+    },
+    schemas: {
+        input: setRolesForUserRequestSchema,
+        output: userRolesResponseSchema
+    },
+    handler: ({ input, deps })=>serviceOf(deps).setRolesForUser(input)
 });
+export { createAdminRoleCommand, deleteAdminRoleCommand, getAdminRoleCommand, getRolesForUserCommand, listAdminRolesCommand, reorderAdminRolesCommand, setRolesForUserCommand, updateAdminRoleCommand };

package/dist/modules/admin-roles/components/create.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { AdminRoleResponse } from '../index.js';
+interface CreateAdminRoleProps {
+    onClose?: () => void;
+    onSuccess?: (role: AdminRoleResponse) => void;
+}
+export declare function CreateAdminRole({ onClose, onSuccess }: CreateAdminRoleProps): import("react").JSX.Element;
+export {};