@casual-simulation/aux-common 3.2.12 → 3.2.14-alpha.7890390188
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bots/Bot.d.ts +0 -39
- package/bots/Bot.js.map +1 -1
- package/bots/BotEvents.d.ts +38 -40
- package/bots/BotEvents.js +0 -14
- package/bots/BotEvents.js.map +1 -1
- package/common/Action.d.ts +3 -0
- package/common/DenialReason.d.ts +48 -30
- package/common/PolicyPermissions.d.ts +574 -1198
- package/common/PolicyPermissions.js +122 -418
- package/common/PolicyPermissions.js.map +1 -1
- package/common/PrivacyFeatures.d.ts +22 -0
- package/common/PrivacyFeatures.js +2 -0
- package/common/PrivacyFeatures.js.map +1 -0
- package/common/index.d.ts +1 -0
- package/common/index.js +1 -0
- package/common/index.js.map +1 -1
- package/package.json +2 -2
|
@@ -1,1307 +1,695 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
/**
|
|
3
|
-
* The possible types of
|
|
3
|
+
* The possible types of subjects that can be affected by permissions.
|
|
4
|
+
*
|
|
5
|
+
* - "user" - The permission is for a user.
|
|
6
|
+
* - "inst" - The permission is for an inst.
|
|
7
|
+
* - "role" - The permission is for a role.
|
|
4
8
|
*
|
|
5
9
|
* @dochash types/permissions
|
|
6
|
-
* @doctitle
|
|
10
|
+
* @doctitle Permissions Types
|
|
7
11
|
* @docsidebar Permissions
|
|
8
|
-
* @docdescription
|
|
9
|
-
* @docname
|
|
12
|
+
* @docdescription Types that represent permissions that control access to resources.
|
|
13
|
+
* @docname SubjectType
|
|
14
|
+
*/
|
|
15
|
+
export type SubjectType = 'user' | 'inst' | 'role';
|
|
16
|
+
export declare const DATA_RESOURCE_KIND = "data";
|
|
17
|
+
export declare const FILE_RESOURCE_KIND = "file";
|
|
18
|
+
export declare const EVENT_RESOURCE_KIND = "event";
|
|
19
|
+
export declare const MARKER_RESOURCE_KIND = "marker";
|
|
20
|
+
export declare const ROLE_RESOURCE_KIND = "role";
|
|
21
|
+
export declare const INST_RESOURCE_KIND = "inst";
|
|
22
|
+
/**
|
|
23
|
+
* The possible types of resources that can be affected by permissions.
|
|
24
|
+
*
|
|
25
|
+
* @dochash types/permissions
|
|
26
|
+
* @docname ResourceKinds
|
|
27
|
+
*/
|
|
28
|
+
export type ResourceKinds = 'data' | 'file' | 'event' | 'marker' | 'role' | 'inst';
|
|
29
|
+
export declare const READ_ACTION = "read";
|
|
30
|
+
export declare const CREATE_ACTION = "create";
|
|
31
|
+
export declare const UPDATE_ACTION = "update";
|
|
32
|
+
export declare const DELETE_ACTION = "delete";
|
|
33
|
+
export declare const ASSIGN_ACTION = "assign";
|
|
34
|
+
export declare const UNASSIGN_ACTION = "unassign";
|
|
35
|
+
export declare const INCREMENT_ACTION = "increment";
|
|
36
|
+
export declare const COUNT_ACTION = "count";
|
|
37
|
+
export declare const LIST_ACTION = "list";
|
|
38
|
+
export declare const GRANT_PERMISSION_ACTION = "grantPermission";
|
|
39
|
+
export declare const REVOKE_PERMISSION_ACTION = "revokePermission";
|
|
40
|
+
export declare const GRANT_ACTION = "grant";
|
|
41
|
+
export declare const REVOKE_ACTION = "revoke";
|
|
42
|
+
export declare const SEND_ACTION_ACTION = "sendAction";
|
|
43
|
+
export declare const UPDATE_DATA_ACTION = "updateData";
|
|
44
|
+
/**
|
|
45
|
+
* The possible types of actions that can be performed on resources.
|
|
46
|
+
*
|
|
47
|
+
* @dochash types/permissions
|
|
48
|
+
* @docname ActionKinds
|
|
10
49
|
*/
|
|
11
|
-
export type
|
|
12
|
-
export type AvailableDataPermissions = CreateDataPermission | ReadDataPermission | UpdateDataPermission | DeleteDataPermission | ListDataPermission;
|
|
13
|
-
export type AvailableFilePermissions = CreateFilePermission | ReadFilePermission | ListFilePermission | UpdateFilePermission | DeleteFilePermission;
|
|
14
|
-
export type AvailableEventPermissions = IncrementEventPermission | CountEventPermission | UpdateEventPermission | ListEventPermission;
|
|
15
|
-
export type AvailablePolicyPermissions = AssignPolicyPermission | UnassignPolicyPermission | ListPoliciesPermission | GrantPermissionToPolicyPermission | RevokePermissionFromPolicyPermission | ReadPolicyPermission;
|
|
16
|
-
export type AvailableRolePermissions = GrantRolePermission | RevokeRolePermission | ListRolesPermission | ReadRolePermission | UpdateRolePermission;
|
|
17
|
-
export type AvailableInstPermissions = CreateInstPermission | ReadInstPermission | DeleteInstPermission | UpdateInstPermission | UpdateDataInstPermission | ListInstPermission | SendInstActionPermission;
|
|
50
|
+
export type ActionKinds = 'read' | 'create' | 'update' | 'delete' | 'assign' | 'unassign' | 'increment' | 'count' | 'list' | 'grantPermission' | 'revokePermission' | 'grant' | 'revoke' | 'sendAction' | 'updateData';
|
|
18
51
|
/**
|
|
19
|
-
*
|
|
52
|
+
* The possible types of actions that can be performed on data resources.
|
|
53
|
+
*
|
|
54
|
+
* @dochash types/permissions
|
|
55
|
+
* @docname DataActionKinds
|
|
20
56
|
*/
|
|
21
|
-
export
|
|
22
|
-
/**
|
|
23
|
-
* The type of the permission.
|
|
24
|
-
*/
|
|
25
|
-
type: string;
|
|
26
|
-
/**
|
|
27
|
-
* The role that this permission is can be performed by.
|
|
28
|
-
*
|
|
29
|
-
* If true, then the permission is valid for all roles. (everyone)
|
|
30
|
-
* If a string, then the permission is valid for that specific role.
|
|
31
|
-
*/
|
|
32
|
-
role: string | true;
|
|
33
|
-
}
|
|
34
|
-
export declare const PERMISSION_VALIDATION: z.ZodObject<{
|
|
35
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
36
|
-
}, "strip", z.ZodTypeAny, {
|
|
37
|
-
role?: string | true;
|
|
38
|
-
}, {
|
|
39
|
-
role?: string | true;
|
|
40
|
-
}>;
|
|
57
|
+
export type DataActionKinds = 'read' | 'create' | 'update' | 'delete' | 'list';
|
|
41
58
|
/**
|
|
42
|
-
*
|
|
59
|
+
* The possible types of actions that can be performed on file resources.
|
|
60
|
+
*
|
|
61
|
+
* @dochash types/permissions
|
|
62
|
+
* @docname FileActionKinds
|
|
43
63
|
*/
|
|
44
|
-
export
|
|
45
|
-
/**
|
|
46
|
-
* The addresses that can be manipulated.
|
|
47
|
-
*
|
|
48
|
-
* If true, then all addresses are allowed.
|
|
49
|
-
* If a string, then it should be a Regular Expression that matches only addresses that are allowed to be created.
|
|
50
|
-
*/
|
|
51
|
-
addresses: string | true;
|
|
52
|
-
}
|
|
53
|
-
export declare const DATA_PERMISSION_VALIDATION: z.ZodObject<{
|
|
54
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
55
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
56
|
-
}, "strip", z.ZodTypeAny, {
|
|
57
|
-
role?: string | true;
|
|
58
|
-
addresses?: string | true;
|
|
59
|
-
}, {
|
|
60
|
-
role?: string | true;
|
|
61
|
-
addresses?: string | true;
|
|
62
|
-
}>;
|
|
64
|
+
export type FileActionKinds = 'read' | 'create' | 'update' | 'delete' | 'list';
|
|
63
65
|
/**
|
|
64
|
-
*
|
|
66
|
+
* The possible types of actions that can be performed on event resources.
|
|
65
67
|
*
|
|
66
68
|
* @dochash types/permissions
|
|
69
|
+
* @docname EventActionKinds
|
|
67
70
|
*/
|
|
68
|
-
export
|
|
69
|
-
type: 'data.create';
|
|
70
|
-
}
|
|
71
|
-
export declare const CREATE_DATA_VALIDATION: z.ZodObject<{
|
|
72
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
73
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
74
|
-
type: z.ZodLiteral<"data.create">;
|
|
75
|
-
}, "strip", z.ZodTypeAny, {
|
|
76
|
-
role?: string | true;
|
|
77
|
-
addresses?: string | true;
|
|
78
|
-
type?: "data.create";
|
|
79
|
-
}, {
|
|
80
|
-
role?: string | true;
|
|
81
|
-
addresses?: string | true;
|
|
82
|
-
type?: "data.create";
|
|
83
|
-
}>;
|
|
71
|
+
export type EventActionKinds = 'increment' | 'count' | 'update' | 'list';
|
|
84
72
|
/**
|
|
85
|
-
*
|
|
73
|
+
* The possible types of actions that can be performed on marker resources.
|
|
86
74
|
*
|
|
87
75
|
* @dochash types/permissions
|
|
76
|
+
* @docname MarkerActionKinds
|
|
88
77
|
*/
|
|
89
|
-
export
|
|
90
|
-
type: 'data.read';
|
|
91
|
-
}
|
|
92
|
-
export declare const READ_DATA_VALIDATION: z.ZodObject<{
|
|
93
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
94
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
95
|
-
type: z.ZodLiteral<"data.read">;
|
|
96
|
-
}, "strip", z.ZodTypeAny, {
|
|
97
|
-
role?: string | true;
|
|
98
|
-
addresses?: string | true;
|
|
99
|
-
type?: "data.read";
|
|
100
|
-
}, {
|
|
101
|
-
role?: string | true;
|
|
102
|
-
addresses?: string | true;
|
|
103
|
-
type?: "data.read";
|
|
104
|
-
}>;
|
|
78
|
+
export type MarkerActionKinds = 'assign' | 'unassign' | 'grantPermission' | 'revokePermission' | 'read';
|
|
105
79
|
/**
|
|
106
|
-
*
|
|
80
|
+
* The possible types of actions that can be performed on roles resources.
|
|
107
81
|
*
|
|
108
82
|
* @dochash types/permissions
|
|
83
|
+
* @docname RoleActionKinds
|
|
109
84
|
*/
|
|
110
|
-
export
|
|
111
|
-
type: 'data.update';
|
|
112
|
-
}
|
|
113
|
-
export declare const UPDATE_DATA_VALIDATION: z.ZodObject<{
|
|
114
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
115
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
116
|
-
type: z.ZodLiteral<"data.update">;
|
|
117
|
-
}, "strip", z.ZodTypeAny, {
|
|
118
|
-
role?: string | true;
|
|
119
|
-
addresses?: string | true;
|
|
120
|
-
type?: "data.update";
|
|
121
|
-
}, {
|
|
122
|
-
role?: string | true;
|
|
123
|
-
addresses?: string | true;
|
|
124
|
-
type?: "data.update";
|
|
125
|
-
}>;
|
|
85
|
+
export type RoleActionKinds = 'grant' | 'revoke' | 'read' | 'update' | 'list';
|
|
126
86
|
/**
|
|
127
|
-
*
|
|
87
|
+
* The possible types of actions that can be performed on inst resources.
|
|
128
88
|
*
|
|
129
89
|
* @dochash types/permissions
|
|
90
|
+
* @docname InstActionKinds
|
|
130
91
|
*/
|
|
131
|
-
export
|
|
132
|
-
type: 'data.delete';
|
|
133
|
-
}
|
|
134
|
-
export declare const DELETE_DATA_VALIDATION: z.ZodObject<{
|
|
135
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
136
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
137
|
-
type: z.ZodLiteral<"data.delete">;
|
|
138
|
-
}, "strip", z.ZodTypeAny, {
|
|
139
|
-
role?: string | true;
|
|
140
|
-
addresses?: string | true;
|
|
141
|
-
type?: "data.delete";
|
|
142
|
-
}, {
|
|
143
|
-
role?: string | true;
|
|
144
|
-
addresses?: string | true;
|
|
145
|
-
type?: "data.delete";
|
|
146
|
-
}>;
|
|
92
|
+
export type InstActionKinds = 'create' | 'read' | 'update' | 'updateData' | 'delete' | 'list' | 'sendAction';
|
|
147
93
|
/**
|
|
148
|
-
*
|
|
94
|
+
* The possible types of permissions that can be added to policies.
|
|
149
95
|
*
|
|
150
96
|
* @dochash types/permissions
|
|
97
|
+
* @doctitle Permissions Types
|
|
98
|
+
* @docsidebar Permissions
|
|
99
|
+
* @docdescription Types that represent permissions that control access to resources.
|
|
100
|
+
* @docname AvailablePermissions
|
|
151
101
|
*/
|
|
152
|
-
export
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
export declare const
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
addresses?: string | true;
|
|
162
|
-
type?: "data.list";
|
|
163
|
-
}, {
|
|
164
|
-
role?: string | true;
|
|
165
|
-
addresses?: string | true;
|
|
166
|
-
type?: "data.list";
|
|
167
|
-
}>;
|
|
102
|
+
export type AvailablePermissions = DataPermission | FilePermission | EventPermission | MarkerPermission | RolePermission | InstPermission;
|
|
103
|
+
export declare const SUBJECT_TYPE_VALIDATION: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
104
|
+
export declare const DATA_ACTION_KINDS_VALIDATION: z.ZodUnion<[z.ZodLiteral<"read">, z.ZodLiteral<"create">, z.ZodLiteral<"update">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">]>;
|
|
105
|
+
export declare const FILE_ACTION_KINDS_VALIDATION: z.ZodUnion<[z.ZodLiteral<"read">, z.ZodLiteral<"create">, z.ZodLiteral<"update">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">]>;
|
|
106
|
+
export declare const EVENT_ACTION_KINDS_VALIDATION: z.ZodUnion<[z.ZodLiteral<"increment">, z.ZodLiteral<"count">, z.ZodLiteral<"update">, z.ZodLiteral<"list">]>;
|
|
107
|
+
export declare const MARKER_ACTION_KINDS_VALIDATION: z.ZodUnion<[z.ZodLiteral<"assign">, z.ZodLiteral<"unassign">, z.ZodLiteral<"grantPermission">, z.ZodLiteral<"revokePermission">, z.ZodLiteral<"read">]>;
|
|
108
|
+
export declare const ROLE_ACTION_KINDS_VALIDATION: z.ZodUnion<[z.ZodLiteral<"grant">, z.ZodLiteral<"revoke">, z.ZodLiteral<"read">, z.ZodLiteral<"update">, z.ZodLiteral<"list">]>;
|
|
109
|
+
export declare const INST_ACTION_KINDS_VALIDATION: z.ZodUnion<[z.ZodLiteral<"create">, z.ZodLiteral<"read">, z.ZodLiteral<"update">, z.ZodLiteral<"updateData">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">, z.ZodLiteral<"sendAction">]>;
|
|
110
|
+
export declare const RESOURCE_KIND_VALIDATION: z.ZodUnion<[z.ZodLiteral<"data">, z.ZodLiteral<"file">, z.ZodLiteral<"event">, z.ZodLiteral<"marker">, z.ZodLiteral<"role">, z.ZodLiteral<"inst">]>;
|
|
168
111
|
/**
|
|
169
|
-
* Defines an interface that describes
|
|
112
|
+
* Defines an interface that describes common options for all permissions.
|
|
170
113
|
*/
|
|
171
|
-
export interface
|
|
114
|
+
export interface Permission {
|
|
172
115
|
/**
|
|
173
|
-
* The
|
|
174
|
-
*
|
|
116
|
+
* The marker that the permission is for.
|
|
117
|
+
* If null or undefined, then the permission is for a specific resource instead of a marker.
|
|
175
118
|
*/
|
|
176
|
-
|
|
119
|
+
marker?: string;
|
|
177
120
|
/**
|
|
178
|
-
* The
|
|
179
|
-
*
|
|
180
|
-
*
|
|
121
|
+
* The type of the subject that the permission is for.
|
|
122
|
+
*
|
|
123
|
+
* "user" - The permission is for a user.
|
|
124
|
+
* "inst" - The permission is for an inst.
|
|
125
|
+
* "role" - The permission is for a role.
|
|
181
126
|
*/
|
|
182
|
-
|
|
127
|
+
subjectType: SubjectType;
|
|
128
|
+
/**
|
|
129
|
+
* The ID of the subject.
|
|
130
|
+
*/
|
|
131
|
+
subjectId: string;
|
|
132
|
+
/**
|
|
133
|
+
* The ID of the resource that is allowed.
|
|
134
|
+
* If null, then all resources are allowed.
|
|
135
|
+
*/
|
|
136
|
+
resourceId?: string | null;
|
|
137
|
+
/**
|
|
138
|
+
* The options for the permission.
|
|
139
|
+
*/
|
|
140
|
+
options: {};
|
|
141
|
+
/**
|
|
142
|
+
* The unix time in miliseconds that the permission will expire at.
|
|
143
|
+
* If null, then the permission does not expire.
|
|
144
|
+
*/
|
|
145
|
+
expireTimeMs: number | null;
|
|
183
146
|
}
|
|
184
|
-
export declare const
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
147
|
+
export declare const PERMISSION_VALIDATION: z.ZodObject<{
|
|
148
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
149
|
+
subjectId: z.ZodString;
|
|
150
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
151
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
152
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
188
153
|
}, "strip", z.ZodTypeAny, {
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
154
|
+
subjectType?: "inst" | "user" | "role";
|
|
155
|
+
subjectId?: string;
|
|
156
|
+
resourceId?: string;
|
|
157
|
+
expireTimeMs?: number;
|
|
158
|
+
marker?: string;
|
|
192
159
|
}, {
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
160
|
+
subjectType?: "inst" | "user" | "role";
|
|
161
|
+
subjectId?: string;
|
|
162
|
+
resourceId?: string;
|
|
163
|
+
expireTimeMs?: number;
|
|
164
|
+
marker?: string;
|
|
196
165
|
}>;
|
|
197
166
|
/**
|
|
198
|
-
* Defines an interface that describes
|
|
167
|
+
* Defines an interface that describes the common options for all permissions that affect data records.
|
|
199
168
|
*
|
|
200
169
|
* @dochash types/permissions
|
|
170
|
+
* @docname DataPermission
|
|
201
171
|
*/
|
|
202
|
-
export interface
|
|
203
|
-
|
|
172
|
+
export interface DataPermission extends Permission {
|
|
173
|
+
/**
|
|
174
|
+
* The kind of the permission.
|
|
175
|
+
*/
|
|
176
|
+
resourceKind: 'data';
|
|
177
|
+
/**
|
|
178
|
+
* The action th at is allowed.
|
|
179
|
+
* If null, then all actions are allowed.
|
|
180
|
+
*/
|
|
181
|
+
action: DataActionKinds | null;
|
|
204
182
|
}
|
|
205
|
-
export declare const
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
183
|
+
export declare const DATA_PERMISSION_VALIDATION: z.ZodObject<{
|
|
184
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
185
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
186
|
+
subjectId: z.ZodString;
|
|
187
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
188
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
189
|
+
resourceKind: z.ZodLiteral<"data">;
|
|
190
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"read">, z.ZodLiteral<"create">, z.ZodLiteral<"update">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">]>>;
|
|
191
|
+
}, "strip", z.ZodTypeAny, {
|
|
192
|
+
marker?: string;
|
|
193
|
+
subjectType?: "inst" | "user" | "role";
|
|
194
|
+
subjectId?: string;
|
|
195
|
+
resourceId?: string;
|
|
196
|
+
expireTimeMs?: number;
|
|
197
|
+
resourceKind?: "data";
|
|
198
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
199
|
+
}, {
|
|
200
|
+
marker?: string;
|
|
201
|
+
subjectType?: "inst" | "user" | "role";
|
|
202
|
+
subjectId?: string;
|
|
203
|
+
resourceId?: string;
|
|
204
|
+
expireTimeMs?: number;
|
|
205
|
+
resourceKind?: "data";
|
|
206
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
207
|
+
}>;
|
|
208
|
+
/**
|
|
209
|
+
* Options for file permissions.
|
|
223
210
|
*
|
|
224
211
|
* @dochash types/permissions
|
|
212
|
+
* @docname FilePermissionOptions
|
|
225
213
|
*/
|
|
226
|
-
export interface
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
232
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
233
|
-
type: z.ZodLiteral<"file.read">;
|
|
234
|
-
}, "strip", z.ZodTypeAny, {
|
|
235
|
-
role?: string | true;
|
|
236
|
-
maxFileSizeInBytes?: number;
|
|
237
|
-
allowedMimeTypes?: true | string[];
|
|
238
|
-
type?: "file.read";
|
|
239
|
-
}, {
|
|
240
|
-
role?: string | true;
|
|
214
|
+
export interface FilePermissionOptions {
|
|
215
|
+
/**
|
|
216
|
+
* The maximum allowed file size in bytes.
|
|
217
|
+
* Defaults to Infinity.
|
|
218
|
+
*/
|
|
241
219
|
maxFileSizeInBytes?: number;
|
|
220
|
+
/**
|
|
221
|
+
* The list of allowed file MIME types.
|
|
222
|
+
* If true, then all file types are allowed.
|
|
223
|
+
* If an array of strings, then only MIME types that are specified are allowed.
|
|
224
|
+
*/
|
|
242
225
|
allowedMimeTypes?: true | string[];
|
|
243
|
-
type?: "file.read";
|
|
244
|
-
}>;
|
|
245
|
-
/**
|
|
246
|
-
* Defines an interface that describes a permission to be able to list a file for a record marker.
|
|
247
|
-
*/
|
|
248
|
-
export interface ListFilePermission extends FilePermission {
|
|
249
|
-
type: 'file.list';
|
|
250
226
|
}
|
|
251
|
-
export declare const
|
|
252
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
227
|
+
export declare const FILE_PERMISSION_OPTIONS_VALIDATION: z.ZodObject<{
|
|
253
228
|
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
254
229
|
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
255
|
-
type: z.ZodLiteral<"file.list">;
|
|
256
230
|
}, "strip", z.ZodTypeAny, {
|
|
257
|
-
role?: string | true;
|
|
258
231
|
maxFileSizeInBytes?: number;
|
|
259
232
|
allowedMimeTypes?: true | string[];
|
|
260
|
-
type?: "file.list";
|
|
261
233
|
}, {
|
|
262
|
-
role?: string | true;
|
|
263
234
|
maxFileSizeInBytes?: number;
|
|
264
235
|
allowedMimeTypes?: true | string[];
|
|
265
|
-
type?: "file.list";
|
|
266
236
|
}>;
|
|
267
237
|
/**
|
|
268
|
-
* Defines an interface that describes
|
|
269
|
-
* Currently only used to update resource markers that are on a file.
|
|
238
|
+
* Defines an interface that describes the common options for all permissions that affect file records.
|
|
270
239
|
*
|
|
271
240
|
* @dochash types/permissions
|
|
241
|
+
* @docname FilePermission
|
|
272
242
|
*/
|
|
273
|
-
export interface
|
|
274
|
-
|
|
243
|
+
export interface FilePermission extends Permission {
|
|
244
|
+
/**
|
|
245
|
+
* The kind of the permission.
|
|
246
|
+
*/
|
|
247
|
+
resourceKind: 'file';
|
|
248
|
+
/**
|
|
249
|
+
* The action th at is allowed.
|
|
250
|
+
* If null, then all actions are allowed.
|
|
251
|
+
*/
|
|
252
|
+
action: FileActionKinds | null;
|
|
253
|
+
/**
|
|
254
|
+
* The options for the permission.
|
|
255
|
+
*/
|
|
256
|
+
options: FilePermissionOptions;
|
|
275
257
|
}
|
|
276
|
-
export declare const
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
258
|
+
export declare const FILE_PERMISSION_VALIDATION: z.ZodObject<{
|
|
259
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
260
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
261
|
+
subjectId: z.ZodString;
|
|
262
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
263
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
264
|
+
resourceKind: z.ZodLiteral<"file">;
|
|
265
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"read">, z.ZodLiteral<"create">, z.ZodLiteral<"update">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">]>>;
|
|
266
|
+
options: z.ZodObject<{
|
|
267
|
+
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
268
|
+
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
269
|
+
}, "strip", z.ZodTypeAny, {
|
|
270
|
+
maxFileSizeInBytes?: number;
|
|
271
|
+
allowedMimeTypes?: true | string[];
|
|
272
|
+
}, {
|
|
273
|
+
maxFileSizeInBytes?: number;
|
|
274
|
+
allowedMimeTypes?: true | string[];
|
|
275
|
+
}>;
|
|
276
|
+
}, "strip", z.ZodTypeAny, {
|
|
277
|
+
marker?: string;
|
|
278
|
+
subjectType?: "inst" | "user" | "role";
|
|
279
|
+
subjectId?: string;
|
|
280
|
+
resourceId?: string;
|
|
281
|
+
expireTimeMs?: number;
|
|
282
|
+
resourceKind?: "file";
|
|
283
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
284
|
+
options?: {
|
|
285
|
+
maxFileSizeInBytes?: number;
|
|
286
|
+
allowedMimeTypes?: true | string[];
|
|
287
|
+
};
|
|
288
|
+
}, {
|
|
289
|
+
marker?: string;
|
|
290
|
+
subjectType?: "inst" | "user" | "role";
|
|
291
|
+
subjectId?: string;
|
|
292
|
+
resourceId?: string;
|
|
293
|
+
expireTimeMs?: number;
|
|
294
|
+
resourceKind?: "file";
|
|
295
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
296
|
+
options?: {
|
|
297
|
+
maxFileSizeInBytes?: number;
|
|
298
|
+
allowedMimeTypes?: true | string[];
|
|
299
|
+
};
|
|
291
300
|
}>;
|
|
292
301
|
/**
|
|
293
|
-
* Defines an interface that describes
|
|
302
|
+
* Defines an interface that describes the common options for all permissions that affect event records.
|
|
294
303
|
*
|
|
295
304
|
* @dochash types/permissions
|
|
296
|
-
|
|
297
|
-
export interface DeleteFilePermission extends FilePermission {
|
|
298
|
-
type: 'file.delete';
|
|
299
|
-
}
|
|
300
|
-
export declare const DELETE_FILE_VALIDATION: z.ZodObject<{
|
|
301
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
302
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
303
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
304
|
-
type: z.ZodLiteral<"file.delete">;
|
|
305
|
-
}, "strip", z.ZodTypeAny, {
|
|
306
|
-
role?: string | true;
|
|
307
|
-
maxFileSizeInBytes?: number;
|
|
308
|
-
allowedMimeTypes?: true | string[];
|
|
309
|
-
type?: "file.delete";
|
|
310
|
-
}, {
|
|
311
|
-
role?: string | true;
|
|
312
|
-
maxFileSizeInBytes?: number;
|
|
313
|
-
allowedMimeTypes?: true | string[];
|
|
314
|
-
type?: "file.delete";
|
|
315
|
-
}>;
|
|
316
|
-
/**
|
|
317
|
-
* Defines an interface that describes the common options for all permissions that affect event records.
|
|
305
|
+
* @docname EventPermission
|
|
318
306
|
*/
|
|
319
307
|
export interface EventPermission extends Permission {
|
|
320
308
|
/**
|
|
321
|
-
* The
|
|
322
|
-
*
|
|
323
|
-
* If true, then all events are allowed.
|
|
324
|
-
* If a string, then it should be a Regular Expression that matches only events that are allowed to be created.
|
|
309
|
+
* The kind of the permission.
|
|
325
310
|
*/
|
|
326
|
-
|
|
311
|
+
resourceKind: 'event';
|
|
312
|
+
/**
|
|
313
|
+
* The action th at is allowed.
|
|
314
|
+
* If null, then all actions are allowed.
|
|
315
|
+
*/
|
|
316
|
+
action: EventActionKinds | null;
|
|
327
317
|
}
|
|
328
318
|
export declare const EVENT_PERMISSION_VALIDATION: z.ZodObject<{
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
role?: string | true;
|
|
356
|
-
events?: string | true;
|
|
357
|
-
type?: "event.increment";
|
|
358
|
-
}>;
|
|
359
|
-
/**
|
|
360
|
-
* Defines an interface that describes a permission to be able to count an event record.
|
|
361
|
-
*
|
|
362
|
-
* @dochash types/permissions
|
|
363
|
-
*/
|
|
364
|
-
export interface CountEventPermission extends EventPermission {
|
|
365
|
-
type: 'event.count';
|
|
366
|
-
}
|
|
367
|
-
export declare const COUNT_EVENT_VALIDATION: z.ZodObject<{
|
|
368
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
369
|
-
events: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
370
|
-
type: z.ZodLiteral<"event.count">;
|
|
371
|
-
}, "strip", z.ZodTypeAny, {
|
|
372
|
-
role?: string | true;
|
|
373
|
-
events?: string | true;
|
|
374
|
-
type?: "event.count";
|
|
375
|
-
}, {
|
|
376
|
-
role?: string | true;
|
|
377
|
-
events?: string | true;
|
|
378
|
-
type?: "event.count";
|
|
379
|
-
}>;
|
|
380
|
-
/**
|
|
381
|
-
* Defines an interface that describes a permission to be able to update an event record.
|
|
382
|
-
* Currently only used to update resource markers that are on an event.
|
|
383
|
-
*
|
|
384
|
-
* @dochash types/permissions
|
|
385
|
-
*/
|
|
386
|
-
export interface UpdateEventPermission extends EventPermission {
|
|
387
|
-
type: 'event.update';
|
|
388
|
-
}
|
|
389
|
-
export declare const UPDATE_EVENT_VALIDATION: z.ZodObject<{
|
|
390
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
391
|
-
events: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
392
|
-
type: z.ZodLiteral<"event.update">;
|
|
393
|
-
}, "strip", z.ZodTypeAny, {
|
|
394
|
-
role?: string | true;
|
|
395
|
-
events?: string | true;
|
|
396
|
-
type?: "event.update";
|
|
397
|
-
}, {
|
|
398
|
-
role?: string | true;
|
|
399
|
-
events?: string | true;
|
|
400
|
-
type?: "event.update";
|
|
401
|
-
}>;
|
|
402
|
-
/**
|
|
403
|
-
* Defines an interface that describes a permission to be able to list events in a record.
|
|
319
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
320
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
321
|
+
subjectId: z.ZodString;
|
|
322
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
323
|
+
resourceKind: z.ZodLiteral<"event">;
|
|
324
|
+
resourceId: z.ZodNullable<z.ZodString>;
|
|
325
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"increment">, z.ZodLiteral<"count">, z.ZodLiteral<"update">, z.ZodLiteral<"list">]>>;
|
|
326
|
+
}, "strip", z.ZodTypeAny, {
|
|
327
|
+
marker?: string;
|
|
328
|
+
subjectType?: "inst" | "user" | "role";
|
|
329
|
+
subjectId?: string;
|
|
330
|
+
expireTimeMs?: number;
|
|
331
|
+
resourceKind?: "event";
|
|
332
|
+
resourceId?: string;
|
|
333
|
+
action?: "update" | "increment" | "count" | "list";
|
|
334
|
+
}, {
|
|
335
|
+
marker?: string;
|
|
336
|
+
subjectType?: "inst" | "user" | "role";
|
|
337
|
+
subjectId?: string;
|
|
338
|
+
expireTimeMs?: number;
|
|
339
|
+
resourceKind?: "event";
|
|
340
|
+
resourceId?: string;
|
|
341
|
+
action?: "update" | "increment" | "count" | "list";
|
|
342
|
+
}>;
|
|
343
|
+
/**
|
|
344
|
+
* Defines an interface that describes the common options for all permissions that affect markers.
|
|
404
345
|
*
|
|
405
346
|
* @dochash types/permissions
|
|
347
|
+
* @docname MarkerPermission
|
|
406
348
|
*/
|
|
407
|
-
export interface
|
|
408
|
-
type: 'event.list';
|
|
409
|
-
}
|
|
410
|
-
export declare const LIST_EVENT_VALIDATION: z.ZodObject<{
|
|
411
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
412
|
-
events: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
413
|
-
type: z.ZodLiteral<"event.list">;
|
|
414
|
-
}, "strip", z.ZodTypeAny, {
|
|
415
|
-
role?: string | true;
|
|
416
|
-
events?: string | true;
|
|
417
|
-
type?: "event.list";
|
|
418
|
-
}, {
|
|
419
|
-
role?: string | true;
|
|
420
|
-
events?: string | true;
|
|
421
|
-
type?: "event.list";
|
|
422
|
-
}>;
|
|
423
|
-
/**
|
|
424
|
-
* Defines an interface that describes the common options for all permissions that affect policies.
|
|
425
|
-
*/
|
|
426
|
-
export interface PolicyPermission extends Permission {
|
|
349
|
+
export interface MarkerPermission extends Permission {
|
|
427
350
|
/**
|
|
428
|
-
* The
|
|
429
|
-
*
|
|
430
|
-
* If true, then all policies are allowed.
|
|
431
|
-
* If a string, then it should be a Regular Expression that matches only policies that are allowed to be manipulated.
|
|
351
|
+
* The kind of the permission.
|
|
432
352
|
*/
|
|
433
|
-
|
|
434
|
-
}
|
|
435
|
-
export declare const POLICY_PERMISSION_VALIDATION: z.ZodObject<{
|
|
436
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
437
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
438
|
-
}, "strip", z.ZodTypeAny, {
|
|
439
|
-
role?: string | true;
|
|
440
|
-
policies?: string | true;
|
|
441
|
-
}, {
|
|
442
|
-
role?: string | true;
|
|
443
|
-
policies?: string | true;
|
|
444
|
-
}>;
|
|
445
|
-
/**
|
|
446
|
-
* Defines an interface that describes a permission to be able to read a policy.
|
|
447
|
-
*
|
|
448
|
-
* @dochash types/permissions
|
|
449
|
-
*/
|
|
450
|
-
export interface ReadPolicyPermission extends PolicyPermission {
|
|
451
|
-
type: 'policy.read';
|
|
452
|
-
}
|
|
453
|
-
export declare const READ_POLICY_VALIDATION: z.ZodObject<{
|
|
454
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
455
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
456
|
-
type: z.ZodLiteral<"policy.read">;
|
|
457
|
-
}, "strip", z.ZodTypeAny, {
|
|
458
|
-
role?: string | true;
|
|
459
|
-
policies?: string | true;
|
|
460
|
-
type?: "policy.read";
|
|
461
|
-
}, {
|
|
462
|
-
role?: string | true;
|
|
463
|
-
policies?: string | true;
|
|
464
|
-
type?: "policy.read";
|
|
465
|
-
}>;
|
|
466
|
-
/**
|
|
467
|
-
* Defines an interface that describes a permission to be able to list policies.
|
|
468
|
-
*
|
|
469
|
-
* @dochash types/permissions
|
|
470
|
-
*/
|
|
471
|
-
export interface ListPoliciesPermission extends PolicyPermission {
|
|
472
|
-
type: 'policy.list';
|
|
473
|
-
}
|
|
474
|
-
export declare const LIST_POLICIES_VALIDATION: z.ZodObject<{
|
|
475
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
476
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
477
|
-
type: z.ZodLiteral<"policy.list">;
|
|
478
|
-
}, "strip", z.ZodTypeAny, {
|
|
479
|
-
role?: string | true;
|
|
480
|
-
policies?: string | true;
|
|
481
|
-
type?: "policy.list";
|
|
482
|
-
}, {
|
|
483
|
-
role?: string | true;
|
|
484
|
-
policies?: string | true;
|
|
485
|
-
type?: "policy.list";
|
|
486
|
-
}>;
|
|
487
|
-
/**
|
|
488
|
-
* Defines an interface that describes a permission to be able to grant a permission to a policy.
|
|
489
|
-
*
|
|
490
|
-
* @dochash types/permissions
|
|
491
|
-
*/
|
|
492
|
-
export interface GrantPermissionToPolicyPermission extends PolicyPermission {
|
|
493
|
-
type: 'policy.grantPermission';
|
|
494
|
-
}
|
|
495
|
-
export declare const GRANT_PERMISSION_TO_POLICY_VALIDATION: z.ZodObject<{
|
|
496
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
497
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
498
|
-
type: z.ZodLiteral<"policy.grantPermission">;
|
|
499
|
-
}, "strip", z.ZodTypeAny, {
|
|
500
|
-
role?: string | true;
|
|
501
|
-
policies?: string | true;
|
|
502
|
-
type?: "policy.grantPermission";
|
|
503
|
-
}, {
|
|
504
|
-
role?: string | true;
|
|
505
|
-
policies?: string | true;
|
|
506
|
-
type?: "policy.grantPermission";
|
|
507
|
-
}>;
|
|
508
|
-
/**
|
|
509
|
-
* Defines an interface that describes a permission to revoke a permission from a policy.
|
|
510
|
-
*
|
|
511
|
-
* @dochash types/permissions
|
|
512
|
-
*/
|
|
513
|
-
export interface RevokePermissionFromPolicyPermission extends PolicyPermission {
|
|
514
|
-
type: 'policy.revokePermission';
|
|
515
|
-
}
|
|
516
|
-
export declare const REVOKE_PERMISSION_VALIDATION: z.ZodObject<{
|
|
517
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
518
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
519
|
-
type: z.ZodLiteral<"policy.revokePermission">;
|
|
520
|
-
}, "strip", z.ZodTypeAny, {
|
|
521
|
-
role?: string | true;
|
|
522
|
-
policies?: string | true;
|
|
523
|
-
type?: "policy.revokePermission";
|
|
524
|
-
}, {
|
|
525
|
-
role?: string | true;
|
|
526
|
-
policies?: string | true;
|
|
527
|
-
type?: "policy.revokePermission";
|
|
528
|
-
}>;
|
|
529
|
-
/**
|
|
530
|
-
* Defines an interface that describes a permission to assign a policy to a particular resource.
|
|
531
|
-
*
|
|
532
|
-
* @dochash types/permissions
|
|
533
|
-
*/
|
|
534
|
-
export interface AssignPolicyPermission extends PolicyPermission {
|
|
535
|
-
type: 'policy.assign';
|
|
536
|
-
}
|
|
537
|
-
export declare const ASSIGN_POLICY_VALIDATION: z.ZodObject<{
|
|
538
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
539
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
540
|
-
type: z.ZodLiteral<"policy.assign">;
|
|
541
|
-
}, "strip", z.ZodTypeAny, {
|
|
542
|
-
role?: string | true;
|
|
543
|
-
policies?: string | true;
|
|
544
|
-
type?: "policy.assign";
|
|
545
|
-
}, {
|
|
546
|
-
role?: string | true;
|
|
547
|
-
policies?: string | true;
|
|
548
|
-
type?: "policy.assign";
|
|
549
|
-
}>;
|
|
550
|
-
/**
|
|
551
|
-
* Defines an interface that describes a permission to remove a policy from a particular resource.
|
|
552
|
-
*
|
|
553
|
-
* @dochash types/permissions
|
|
554
|
-
*/
|
|
555
|
-
export interface UnassignPolicyPermission extends PolicyPermission {
|
|
556
|
-
type: 'policy.unassign';
|
|
557
|
-
}
|
|
558
|
-
export declare const UNASSIGN_POLICY_VALIDATION: z.ZodObject<{
|
|
559
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
560
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
561
|
-
type: z.ZodLiteral<"policy.unassign">;
|
|
562
|
-
}, "strip", z.ZodTypeAny, {
|
|
563
|
-
role?: string | true;
|
|
564
|
-
policies?: string | true;
|
|
565
|
-
type?: "policy.unassign";
|
|
566
|
-
}, {
|
|
567
|
-
role?: string | true;
|
|
568
|
-
policies?: string | true;
|
|
569
|
-
type?: "policy.unassign";
|
|
570
|
-
}>;
|
|
571
|
-
/**
|
|
572
|
-
* Defines an interface that describes the common options for all permissions that affect roles.
|
|
573
|
-
*/
|
|
574
|
-
export interface RolePermission extends Permission {
|
|
353
|
+
resourceKind: 'marker';
|
|
575
354
|
/**
|
|
576
|
-
* The
|
|
577
|
-
*
|
|
578
|
-
* If true, then all roles are allowed.
|
|
579
|
-
* If a string, then it should be a Regular Expression that matches only roles that are allowed to be manipulated.
|
|
355
|
+
* The action th at is allowed.
|
|
356
|
+
* If null, then all actions are allowed.
|
|
580
357
|
*/
|
|
581
|
-
|
|
582
|
-
}
|
|
583
|
-
export declare const
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
358
|
+
action: MarkerActionKinds | null;
|
|
359
|
+
}
|
|
360
|
+
export declare const MARKER_PERMISSION_VALIDATION: z.ZodObject<{
|
|
361
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
362
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
363
|
+
subjectId: z.ZodString;
|
|
364
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
365
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
366
|
+
resourceKind: z.ZodLiteral<"marker">;
|
|
367
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"assign">, z.ZodLiteral<"unassign">, z.ZodLiteral<"grantPermission">, z.ZodLiteral<"revokePermission">, z.ZodLiteral<"read">]>>;
|
|
368
|
+
}, "strip", z.ZodTypeAny, {
|
|
369
|
+
marker?: string;
|
|
370
|
+
subjectType?: "inst" | "user" | "role";
|
|
371
|
+
subjectId?: string;
|
|
372
|
+
resourceId?: string;
|
|
373
|
+
expireTimeMs?: number;
|
|
374
|
+
resourceKind?: "marker";
|
|
375
|
+
action?: "read" | "assign" | "unassign" | "grantPermission" | "revokePermission";
|
|
376
|
+
}, {
|
|
377
|
+
marker?: string;
|
|
378
|
+
subjectType?: "inst" | "user" | "role";
|
|
379
|
+
subjectId?: string;
|
|
380
|
+
resourceId?: string;
|
|
381
|
+
expireTimeMs?: number;
|
|
382
|
+
resourceKind?: "marker";
|
|
383
|
+
action?: "read" | "assign" | "unassign" | "grantPermission" | "revokePermission";
|
|
384
|
+
}>;
|
|
385
|
+
/**
|
|
386
|
+
* Options for role permissions.
|
|
595
387
|
*
|
|
596
388
|
* @dochash types/permissions
|
|
389
|
+
* @docname RolePermissionOptions
|
|
597
390
|
*/
|
|
598
|
-
export interface
|
|
599
|
-
type: 'role.grant';
|
|
600
|
-
/**
|
|
601
|
-
* What user IDs can the role be granted to?
|
|
602
|
-
* If true, then the role can be granted to anyone.
|
|
603
|
-
* If false, then the role cannot be granted to a user.
|
|
604
|
-
* If an array of strings, then the role can only be granted to the users with the given IDs.
|
|
605
|
-
*/
|
|
606
|
-
userIds: string[] | boolean;
|
|
607
|
-
/**
|
|
608
|
-
* What instances can the role be granted to?
|
|
609
|
-
* If true, then the role can be granted to any instance.
|
|
610
|
-
* If false, then the role cannot be granted to an instance.
|
|
611
|
-
* If a string, then it should be a Regular Expression that matches only instances that are allowed to be granted to.
|
|
612
|
-
*/
|
|
613
|
-
instances: string | boolean;
|
|
391
|
+
export interface RolePermissionOptions {
|
|
614
392
|
/**
|
|
615
393
|
* The maximum lifetime that the role can be granted for in miliseconds.
|
|
616
394
|
* If not specified, then the role can be granted for an infinite amount of time.
|
|
617
395
|
*/
|
|
618
396
|
maxDurationMs?: number;
|
|
619
397
|
}
|
|
620
|
-
export declare const
|
|
621
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
622
|
-
roles: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
623
|
-
type: z.ZodLiteral<"role.grant">;
|
|
624
|
-
userIds: z.ZodUnion<[z.ZodBoolean, z.ZodArray<z.ZodString, "many">]>;
|
|
625
|
-
instances: z.ZodUnion<[z.ZodBoolean, z.ZodString]>;
|
|
398
|
+
export declare const ROLE_PERMISSION_OPTIONS_VALIDATION: z.ZodObject<{
|
|
626
399
|
maxDurationMs: z.ZodOptional<z.ZodNumber>;
|
|
627
400
|
}, "strip", z.ZodTypeAny, {
|
|
628
|
-
role?: string | true;
|
|
629
|
-
roles?: string | true;
|
|
630
|
-
type?: "role.grant";
|
|
631
|
-
userIds?: boolean | string[];
|
|
632
|
-
instances?: string | boolean;
|
|
633
401
|
maxDurationMs?: number;
|
|
634
402
|
}, {
|
|
635
|
-
role?: string | true;
|
|
636
|
-
roles?: string | true;
|
|
637
|
-
type?: "role.grant";
|
|
638
|
-
userIds?: boolean | string[];
|
|
639
|
-
instances?: string | boolean;
|
|
640
403
|
maxDurationMs?: number;
|
|
641
404
|
}>;
|
|
642
405
|
/**
|
|
643
|
-
* Defines an interface that describes
|
|
406
|
+
* Defines an interface that describes the common options for all permissions that affect roles.
|
|
644
407
|
*
|
|
645
408
|
* @dochash types/permissions
|
|
409
|
+
* @docname RolePermission
|
|
646
410
|
*/
|
|
647
|
-
export interface
|
|
648
|
-
type: 'role.revoke';
|
|
411
|
+
export interface RolePermission extends Permission {
|
|
649
412
|
/**
|
|
650
|
-
*
|
|
651
|
-
* If true, then the role can be revoked from anyone.
|
|
652
|
-
* If false, then the role cannot be revoked from a user.
|
|
653
|
-
* If an array of strings, then the role can only be revoked from the users with the given IDs.
|
|
413
|
+
* The kind of the permission.
|
|
654
414
|
*/
|
|
655
|
-
|
|
415
|
+
resourceKind: 'role';
|
|
656
416
|
/**
|
|
657
|
-
*
|
|
658
|
-
* If
|
|
659
|
-
* If false, then the role cannot be revoked from an instance.
|
|
660
|
-
* If a string, then it should be a Regular Expression that matches only instances that are allowed to be revoked from.
|
|
417
|
+
* The ID of the resource that is allowed.
|
|
418
|
+
* If null, then all resources are allowed.
|
|
661
419
|
*/
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
roles?: string | true;
|
|
673
|
-
type?: "role.revoke";
|
|
674
|
-
userIds?: boolean | string[];
|
|
675
|
-
instances?: string | boolean;
|
|
676
|
-
}, {
|
|
677
|
-
role?: string | true;
|
|
678
|
-
roles?: string | true;
|
|
679
|
-
type?: "role.revoke";
|
|
680
|
-
userIds?: boolean | string[];
|
|
681
|
-
instances?: string | boolean;
|
|
682
|
-
}>;
|
|
683
|
-
/**
|
|
684
|
-
* Defines an interface that describes a permission to read a role.
|
|
685
|
-
*
|
|
686
|
-
* @dochash types/permissions
|
|
687
|
-
*/
|
|
688
|
-
export interface ReadRolePermission extends RolePermission {
|
|
689
|
-
type: 'role.read';
|
|
690
|
-
}
|
|
691
|
-
export declare const READ_ROLE_VALIDATION: z.ZodObject<{
|
|
692
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
693
|
-
roles: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
694
|
-
type: z.ZodLiteral<"role.read">;
|
|
695
|
-
}, "strip", z.ZodTypeAny, {
|
|
696
|
-
role?: string | true;
|
|
697
|
-
roles?: string | true;
|
|
698
|
-
type?: "role.read";
|
|
699
|
-
}, {
|
|
700
|
-
role?: string | true;
|
|
701
|
-
roles?: string | true;
|
|
702
|
-
type?: "role.read";
|
|
703
|
-
}>;
|
|
704
|
-
/**
|
|
705
|
-
* Defines an interface that describes a permission to update a role.
|
|
706
|
-
*
|
|
707
|
-
* @dochash types/permissions
|
|
708
|
-
*/
|
|
709
|
-
export interface UpdateRolePermission extends RolePermission {
|
|
710
|
-
type: 'role.update';
|
|
420
|
+
resourceId: string | null;
|
|
421
|
+
/**
|
|
422
|
+
* The action th at is allowed.
|
|
423
|
+
* If null, then all actions are allowed.
|
|
424
|
+
*/
|
|
425
|
+
action: RoleActionKinds | null;
|
|
426
|
+
/**
|
|
427
|
+
* The options for the permission.
|
|
428
|
+
*/
|
|
429
|
+
options: RolePermissionOptions;
|
|
711
430
|
}
|
|
712
|
-
export declare const
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
}
|
|
725
|
-
|
|
726
|
-
|
|
431
|
+
export declare const ROLE_PERMISSION_VALIDATION: z.ZodObject<{
|
|
432
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
433
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
434
|
+
subjectId: z.ZodString;
|
|
435
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
436
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
437
|
+
resourceKind: z.ZodLiteral<"role">;
|
|
438
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"grant">, z.ZodLiteral<"revoke">, z.ZodLiteral<"read">, z.ZodLiteral<"update">, z.ZodLiteral<"list">]>>;
|
|
439
|
+
options: z.ZodObject<{
|
|
440
|
+
maxDurationMs: z.ZodOptional<z.ZodNumber>;
|
|
441
|
+
}, "strip", z.ZodTypeAny, {
|
|
442
|
+
maxDurationMs?: number;
|
|
443
|
+
}, {
|
|
444
|
+
maxDurationMs?: number;
|
|
445
|
+
}>;
|
|
446
|
+
}, "strip", z.ZodTypeAny, {
|
|
447
|
+
marker?: string;
|
|
448
|
+
subjectType?: "inst" | "user" | "role";
|
|
449
|
+
subjectId?: string;
|
|
450
|
+
resourceId?: string;
|
|
451
|
+
expireTimeMs?: number;
|
|
452
|
+
resourceKind?: "role";
|
|
453
|
+
action?: "read" | "update" | "list" | "grant" | "revoke";
|
|
454
|
+
options?: {
|
|
455
|
+
maxDurationMs?: number;
|
|
456
|
+
};
|
|
457
|
+
}, {
|
|
458
|
+
marker?: string;
|
|
459
|
+
subjectType?: "inst" | "user" | "role";
|
|
460
|
+
subjectId?: string;
|
|
461
|
+
resourceId?: string;
|
|
462
|
+
expireTimeMs?: number;
|
|
463
|
+
resourceKind?: "role";
|
|
464
|
+
action?: "read" | "update" | "list" | "grant" | "revoke";
|
|
465
|
+
options?: {
|
|
466
|
+
maxDurationMs?: number;
|
|
467
|
+
};
|
|
468
|
+
}>;
|
|
469
|
+
/**
|
|
470
|
+
* Defines an interface that describes common options for all permissions that affect insts.
|
|
727
471
|
*
|
|
728
472
|
* @dochash types/permissions
|
|
473
|
+
* @docname InstPermission
|
|
729
474
|
*/
|
|
730
|
-
export interface ListRolesPermission extends RolePermission {
|
|
731
|
-
type: 'role.list';
|
|
732
|
-
}
|
|
733
|
-
export declare const LIST_ROLES_VALIDATION: z.ZodObject<{
|
|
734
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
735
|
-
roles: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
736
|
-
type: z.ZodLiteral<"role.list">;
|
|
737
|
-
}, "strip", z.ZodTypeAny, {
|
|
738
|
-
role?: string | true;
|
|
739
|
-
roles?: string | true;
|
|
740
|
-
type?: "role.list";
|
|
741
|
-
}, {
|
|
742
|
-
role?: string | true;
|
|
743
|
-
roles?: string | true;
|
|
744
|
-
type?: "role.list";
|
|
745
|
-
}>;
|
|
746
475
|
export interface InstPermission extends Permission {
|
|
747
476
|
/**
|
|
748
|
-
* The
|
|
749
|
-
*
|
|
750
|
-
* If true, then all insts are allowed.
|
|
751
|
-
* If a string, then it should be a Regular Expression that matches only insts that are allowed to be manipulated.
|
|
477
|
+
* The kind of the permission.
|
|
752
478
|
*/
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
}
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
}
|
|
790
|
-
export declare const
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
}, {
|
|
799
|
-
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
role?: string | true;
|
|
815
|
-
insts?: string | true;
|
|
816
|
-
type?: "inst.update";
|
|
817
|
-
}, {
|
|
818
|
-
role?: string | true;
|
|
819
|
-
insts?: string | true;
|
|
820
|
-
type?: "inst.update";
|
|
821
|
-
}>;
|
|
822
|
-
/**
|
|
823
|
-
* Defines an interface that describes a permission to update data in an inst.
|
|
824
|
-
*/
|
|
825
|
-
export interface UpdateDataInstPermission extends InstPermission {
|
|
826
|
-
type: 'inst.updateData';
|
|
827
|
-
}
|
|
828
|
-
export declare const UPDATE_DATA_INST_VALIDATION: z.ZodObject<{
|
|
829
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
830
|
-
insts: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
831
|
-
type: z.ZodLiteral<"inst.updateData">;
|
|
832
|
-
}, "strip", z.ZodTypeAny, {
|
|
833
|
-
role?: string | true;
|
|
834
|
-
insts?: string | true;
|
|
835
|
-
type?: "inst.updateData";
|
|
836
|
-
}, {
|
|
837
|
-
role?: string | true;
|
|
838
|
-
insts?: string | true;
|
|
839
|
-
type?: "inst.updateData";
|
|
840
|
-
}>;
|
|
841
|
-
/**
|
|
842
|
-
* Defines an interface that describes a permission to delete an inst.
|
|
843
|
-
*/
|
|
844
|
-
export interface DeleteInstPermission extends InstPermission {
|
|
845
|
-
type: 'inst.delete';
|
|
846
|
-
}
|
|
847
|
-
export declare const DELETE_INST_VALIDATION: z.ZodObject<{
|
|
848
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
849
|
-
insts: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
850
|
-
type: z.ZodLiteral<"inst.delete">;
|
|
851
|
-
}, "strip", z.ZodTypeAny, {
|
|
852
|
-
role?: string | true;
|
|
853
|
-
insts?: string | true;
|
|
854
|
-
type?: "inst.delete";
|
|
855
|
-
}, {
|
|
856
|
-
role?: string | true;
|
|
857
|
-
insts?: string | true;
|
|
858
|
-
type?: "inst.delete";
|
|
859
|
-
}>;
|
|
860
|
-
/**
|
|
861
|
-
* Defines an interface that describes a permission to list insts.
|
|
862
|
-
*/
|
|
863
|
-
export interface ListInstPermission extends InstPermission {
|
|
864
|
-
type: 'inst.list';
|
|
865
|
-
}
|
|
866
|
-
export declare const LIST_INST_VALIDATION: z.ZodObject<{
|
|
867
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
868
|
-
insts: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
869
|
-
type: z.ZodLiteral<"inst.list">;
|
|
870
|
-
}, "strip", z.ZodTypeAny, {
|
|
871
|
-
role?: string | true;
|
|
872
|
-
insts?: string | true;
|
|
873
|
-
type?: "inst.list";
|
|
874
|
-
}, {
|
|
875
|
-
role?: string | true;
|
|
876
|
-
insts?: string | true;
|
|
877
|
-
type?: "inst.list";
|
|
878
|
-
}>;
|
|
879
|
-
/**
|
|
880
|
-
* Defines an interface that describes a permission to send actions in insts.
|
|
881
|
-
*/
|
|
882
|
-
export interface SendInstActionPermission extends InstPermission {
|
|
883
|
-
type: 'inst.sendAction';
|
|
884
|
-
}
|
|
885
|
-
export declare const SEND_INST_ACTION_PERMISSION_VALIDATION: z.ZodObject<{
|
|
886
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
887
|
-
insts: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
888
|
-
type: z.ZodLiteral<"inst.sendAction">;
|
|
889
|
-
}, "strip", z.ZodTypeAny, {
|
|
890
|
-
role?: string | true;
|
|
891
|
-
insts?: string | true;
|
|
892
|
-
type?: "inst.sendAction";
|
|
893
|
-
}, {
|
|
894
|
-
role?: string | true;
|
|
895
|
-
insts?: string | true;
|
|
896
|
-
type?: "inst.sendAction";
|
|
897
|
-
}>;
|
|
898
|
-
export declare const AVAILABLE_PERMISSIONS_VALIDATION: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
|
|
899
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
900
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
901
|
-
type: z.ZodLiteral<"data.create">;
|
|
902
|
-
}, "strip", z.ZodTypeAny, {
|
|
903
|
-
role?: string | true;
|
|
904
|
-
addresses?: string | true;
|
|
905
|
-
type?: "data.create";
|
|
906
|
-
}, {
|
|
907
|
-
role?: string | true;
|
|
908
|
-
addresses?: string | true;
|
|
909
|
-
type?: "data.create";
|
|
910
|
-
}>, z.ZodObject<{
|
|
911
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
912
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
913
|
-
type: z.ZodLiteral<"data.read">;
|
|
914
|
-
}, "strip", z.ZodTypeAny, {
|
|
915
|
-
role?: string | true;
|
|
916
|
-
addresses?: string | true;
|
|
917
|
-
type?: "data.read";
|
|
918
|
-
}, {
|
|
919
|
-
role?: string | true;
|
|
920
|
-
addresses?: string | true;
|
|
921
|
-
type?: "data.read";
|
|
922
|
-
}>, z.ZodObject<{
|
|
923
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
924
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
925
|
-
type: z.ZodLiteral<"data.update">;
|
|
926
|
-
}, "strip", z.ZodTypeAny, {
|
|
927
|
-
role?: string | true;
|
|
928
|
-
addresses?: string | true;
|
|
929
|
-
type?: "data.update";
|
|
930
|
-
}, {
|
|
931
|
-
role?: string | true;
|
|
932
|
-
addresses?: string | true;
|
|
933
|
-
type?: "data.update";
|
|
934
|
-
}>, z.ZodObject<{
|
|
935
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
936
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
937
|
-
type: z.ZodLiteral<"data.delete">;
|
|
938
|
-
}, "strip", z.ZodTypeAny, {
|
|
939
|
-
role?: string | true;
|
|
940
|
-
addresses?: string | true;
|
|
941
|
-
type?: "data.delete";
|
|
942
|
-
}, {
|
|
943
|
-
role?: string | true;
|
|
944
|
-
addresses?: string | true;
|
|
945
|
-
type?: "data.delete";
|
|
946
|
-
}>, z.ZodObject<{
|
|
947
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
948
|
-
addresses: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
949
|
-
type: z.ZodLiteral<"data.list">;
|
|
950
|
-
}, "strip", z.ZodTypeAny, {
|
|
951
|
-
role?: string | true;
|
|
952
|
-
addresses?: string | true;
|
|
953
|
-
type?: "data.list";
|
|
954
|
-
}, {
|
|
955
|
-
role?: string | true;
|
|
956
|
-
addresses?: string | true;
|
|
957
|
-
type?: "data.list";
|
|
958
|
-
}>, z.ZodObject<{
|
|
959
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
960
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
961
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
962
|
-
type: z.ZodLiteral<"file.create">;
|
|
963
|
-
}, "strip", z.ZodTypeAny, {
|
|
964
|
-
role?: string | true;
|
|
965
|
-
maxFileSizeInBytes?: number;
|
|
966
|
-
allowedMimeTypes?: true | string[];
|
|
967
|
-
type?: "file.create";
|
|
968
|
-
}, {
|
|
969
|
-
role?: string | true;
|
|
970
|
-
maxFileSizeInBytes?: number;
|
|
971
|
-
allowedMimeTypes?: true | string[];
|
|
972
|
-
type?: "file.create";
|
|
973
|
-
}>, z.ZodObject<{
|
|
974
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
975
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
976
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
977
|
-
type: z.ZodLiteral<"file.read">;
|
|
978
|
-
}, "strip", z.ZodTypeAny, {
|
|
979
|
-
role?: string | true;
|
|
980
|
-
maxFileSizeInBytes?: number;
|
|
981
|
-
allowedMimeTypes?: true | string[];
|
|
982
|
-
type?: "file.read";
|
|
983
|
-
}, {
|
|
984
|
-
role?: string | true;
|
|
985
|
-
maxFileSizeInBytes?: number;
|
|
986
|
-
allowedMimeTypes?: true | string[];
|
|
987
|
-
type?: "file.read";
|
|
988
|
-
}>, z.ZodObject<{
|
|
989
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
990
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
991
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
992
|
-
type: z.ZodLiteral<"file.list">;
|
|
993
|
-
}, "strip", z.ZodTypeAny, {
|
|
994
|
-
role?: string | true;
|
|
995
|
-
maxFileSizeInBytes?: number;
|
|
996
|
-
allowedMimeTypes?: true | string[];
|
|
997
|
-
type?: "file.list";
|
|
998
|
-
}, {
|
|
999
|
-
role?: string | true;
|
|
1000
|
-
maxFileSizeInBytes?: number;
|
|
1001
|
-
allowedMimeTypes?: true | string[];
|
|
1002
|
-
type?: "file.list";
|
|
1003
|
-
}>, z.ZodObject<{
|
|
1004
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1005
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
1006
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
1007
|
-
type: z.ZodLiteral<"file.update">;
|
|
1008
|
-
}, "strip", z.ZodTypeAny, {
|
|
1009
|
-
role?: string | true;
|
|
1010
|
-
maxFileSizeInBytes?: number;
|
|
1011
|
-
allowedMimeTypes?: true | string[];
|
|
1012
|
-
type?: "file.update";
|
|
1013
|
-
}, {
|
|
1014
|
-
role?: string | true;
|
|
1015
|
-
maxFileSizeInBytes?: number;
|
|
1016
|
-
allowedMimeTypes?: true | string[];
|
|
1017
|
-
type?: "file.update";
|
|
1018
|
-
}>, z.ZodObject<{
|
|
1019
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1020
|
-
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
1021
|
-
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
1022
|
-
type: z.ZodLiteral<"file.delete">;
|
|
1023
|
-
}, "strip", z.ZodTypeAny, {
|
|
1024
|
-
role?: string | true;
|
|
1025
|
-
maxFileSizeInBytes?: number;
|
|
1026
|
-
allowedMimeTypes?: true | string[];
|
|
1027
|
-
type?: "file.delete";
|
|
1028
|
-
}, {
|
|
1029
|
-
role?: string | true;
|
|
1030
|
-
maxFileSizeInBytes?: number;
|
|
1031
|
-
allowedMimeTypes?: true | string[];
|
|
1032
|
-
type?: "file.delete";
|
|
1033
|
-
}>, z.ZodObject<{
|
|
1034
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1035
|
-
events: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1036
|
-
type: z.ZodLiteral<"event.increment">;
|
|
1037
|
-
}, "strip", z.ZodTypeAny, {
|
|
1038
|
-
role?: string | true;
|
|
1039
|
-
events?: string | true;
|
|
1040
|
-
type?: "event.increment";
|
|
1041
|
-
}, {
|
|
1042
|
-
role?: string | true;
|
|
1043
|
-
events?: string | true;
|
|
1044
|
-
type?: "event.increment";
|
|
1045
|
-
}>, z.ZodObject<{
|
|
1046
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1047
|
-
events: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1048
|
-
type: z.ZodLiteral<"event.count">;
|
|
1049
|
-
}, "strip", z.ZodTypeAny, {
|
|
1050
|
-
role?: string | true;
|
|
1051
|
-
events?: string | true;
|
|
1052
|
-
type?: "event.count";
|
|
1053
|
-
}, {
|
|
1054
|
-
role?: string | true;
|
|
1055
|
-
events?: string | true;
|
|
1056
|
-
type?: "event.count";
|
|
1057
|
-
}>, z.ZodObject<{
|
|
1058
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1059
|
-
events: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1060
|
-
type: z.ZodLiteral<"event.update">;
|
|
1061
|
-
}, "strip", z.ZodTypeAny, {
|
|
1062
|
-
role?: string | true;
|
|
1063
|
-
events?: string | true;
|
|
1064
|
-
type?: "event.update";
|
|
1065
|
-
}, {
|
|
1066
|
-
role?: string | true;
|
|
1067
|
-
events?: string | true;
|
|
1068
|
-
type?: "event.update";
|
|
1069
|
-
}>, z.ZodObject<{
|
|
1070
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1071
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1072
|
-
type: z.ZodLiteral<"policy.read">;
|
|
1073
|
-
}, "strip", z.ZodTypeAny, {
|
|
1074
|
-
role?: string | true;
|
|
1075
|
-
policies?: string | true;
|
|
1076
|
-
type?: "policy.read";
|
|
1077
|
-
}, {
|
|
1078
|
-
role?: string | true;
|
|
1079
|
-
policies?: string | true;
|
|
1080
|
-
type?: "policy.read";
|
|
1081
|
-
}>, z.ZodObject<{
|
|
1082
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1083
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1084
|
-
type: z.ZodLiteral<"policy.grantPermission">;
|
|
1085
|
-
}, "strip", z.ZodTypeAny, {
|
|
1086
|
-
role?: string | true;
|
|
1087
|
-
policies?: string | true;
|
|
1088
|
-
type?: "policy.grantPermission";
|
|
1089
|
-
}, {
|
|
1090
|
-
role?: string | true;
|
|
1091
|
-
policies?: string | true;
|
|
1092
|
-
type?: "policy.grantPermission";
|
|
1093
|
-
}>, z.ZodObject<{
|
|
1094
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1095
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1096
|
-
type: z.ZodLiteral<"policy.revokePermission">;
|
|
1097
|
-
}, "strip", z.ZodTypeAny, {
|
|
1098
|
-
role?: string | true;
|
|
1099
|
-
policies?: string | true;
|
|
1100
|
-
type?: "policy.revokePermission";
|
|
1101
|
-
}, {
|
|
1102
|
-
role?: string | true;
|
|
1103
|
-
policies?: string | true;
|
|
1104
|
-
type?: "policy.revokePermission";
|
|
1105
|
-
}>, z.ZodObject<{
|
|
1106
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1107
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1108
|
-
type: z.ZodLiteral<"policy.assign">;
|
|
1109
|
-
}, "strip", z.ZodTypeAny, {
|
|
1110
|
-
role?: string | true;
|
|
1111
|
-
policies?: string | true;
|
|
1112
|
-
type?: "policy.assign";
|
|
1113
|
-
}, {
|
|
1114
|
-
role?: string | true;
|
|
1115
|
-
policies?: string | true;
|
|
1116
|
-
type?: "policy.assign";
|
|
1117
|
-
}>, z.ZodObject<{
|
|
1118
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1119
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1120
|
-
type: z.ZodLiteral<"policy.unassign">;
|
|
1121
|
-
}, "strip", z.ZodTypeAny, {
|
|
1122
|
-
role?: string | true;
|
|
1123
|
-
policies?: string | true;
|
|
1124
|
-
type?: "policy.unassign";
|
|
1125
|
-
}, {
|
|
1126
|
-
role?: string | true;
|
|
1127
|
-
policies?: string | true;
|
|
1128
|
-
type?: "policy.unassign";
|
|
1129
|
-
}>, z.ZodObject<{
|
|
1130
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1131
|
-
policies: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1132
|
-
type: z.ZodLiteral<"policy.list">;
|
|
1133
|
-
}, "strip", z.ZodTypeAny, {
|
|
1134
|
-
role?: string | true;
|
|
1135
|
-
policies?: string | true;
|
|
1136
|
-
type?: "policy.list";
|
|
1137
|
-
}, {
|
|
1138
|
-
role?: string | true;
|
|
1139
|
-
policies?: string | true;
|
|
1140
|
-
type?: "policy.list";
|
|
1141
|
-
}>, z.ZodObject<{
|
|
1142
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1143
|
-
roles: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1144
|
-
type: z.ZodLiteral<"role.grant">;
|
|
1145
|
-
userIds: z.ZodUnion<[z.ZodBoolean, z.ZodArray<z.ZodString, "many">]>;
|
|
1146
|
-
instances: z.ZodUnion<[z.ZodBoolean, z.ZodString]>;
|
|
1147
|
-
maxDurationMs: z.ZodOptional<z.ZodNumber>;
|
|
1148
|
-
}, "strip", z.ZodTypeAny, {
|
|
1149
|
-
role?: string | true;
|
|
1150
|
-
roles?: string | true;
|
|
1151
|
-
type?: "role.grant";
|
|
1152
|
-
userIds?: boolean | string[];
|
|
1153
|
-
instances?: string | boolean;
|
|
1154
|
-
maxDurationMs?: number;
|
|
1155
|
-
}, {
|
|
1156
|
-
role?: string | true;
|
|
1157
|
-
roles?: string | true;
|
|
1158
|
-
type?: "role.grant";
|
|
1159
|
-
userIds?: boolean | string[];
|
|
1160
|
-
instances?: string | boolean;
|
|
1161
|
-
maxDurationMs?: number;
|
|
1162
|
-
}>, z.ZodObject<{
|
|
1163
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1164
|
-
roles: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1165
|
-
type: z.ZodLiteral<"role.revoke">;
|
|
1166
|
-
userIds: z.ZodUnion<[z.ZodBoolean, z.ZodArray<z.ZodString, "many">]>;
|
|
1167
|
-
instances: z.ZodUnion<[z.ZodBoolean, z.ZodString]>;
|
|
1168
|
-
}, "strip", z.ZodTypeAny, {
|
|
1169
|
-
role?: string | true;
|
|
1170
|
-
roles?: string | true;
|
|
1171
|
-
type?: "role.revoke";
|
|
1172
|
-
userIds?: boolean | string[];
|
|
1173
|
-
instances?: string | boolean;
|
|
1174
|
-
}, {
|
|
1175
|
-
role?: string | true;
|
|
1176
|
-
roles?: string | true;
|
|
1177
|
-
type?: "role.revoke";
|
|
1178
|
-
userIds?: boolean | string[];
|
|
1179
|
-
instances?: string | boolean;
|
|
479
|
+
resourceKind: 'inst';
|
|
480
|
+
/**
|
|
481
|
+
* The ID of the resource that is allowed.
|
|
482
|
+
* If null, then all resources are allowed.
|
|
483
|
+
*/
|
|
484
|
+
resourceId: string | null;
|
|
485
|
+
/**
|
|
486
|
+
* The action th at is allowed.
|
|
487
|
+
* If null, then all actions are allowed.
|
|
488
|
+
*/
|
|
489
|
+
action: InstActionKinds | null;
|
|
490
|
+
}
|
|
491
|
+
export declare const INST_PERMISSION_VALIDATION: z.ZodObject<{
|
|
492
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
493
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
494
|
+
subjectId: z.ZodString;
|
|
495
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
496
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
497
|
+
resourceKind: z.ZodLiteral<"inst">;
|
|
498
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"create">, z.ZodLiteral<"read">, z.ZodLiteral<"update">, z.ZodLiteral<"updateData">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">, z.ZodLiteral<"sendAction">]>>;
|
|
499
|
+
}, "strip", z.ZodTypeAny, {
|
|
500
|
+
marker?: string;
|
|
501
|
+
subjectType?: "inst" | "user" | "role";
|
|
502
|
+
subjectId?: string;
|
|
503
|
+
resourceId?: string;
|
|
504
|
+
expireTimeMs?: number;
|
|
505
|
+
resourceKind?: "inst";
|
|
506
|
+
action?: "create" | "read" | "update" | "delete" | "list" | "sendAction" | "updateData";
|
|
507
|
+
}, {
|
|
508
|
+
marker?: string;
|
|
509
|
+
subjectType?: "inst" | "user" | "role";
|
|
510
|
+
subjectId?: string;
|
|
511
|
+
resourceId?: string;
|
|
512
|
+
expireTimeMs?: number;
|
|
513
|
+
resourceKind?: "inst";
|
|
514
|
+
action?: "create" | "read" | "update" | "delete" | "list" | "sendAction" | "updateData";
|
|
515
|
+
}>;
|
|
516
|
+
export declare const AVAILABLE_PERMISSIONS_VALIDATION: z.ZodDiscriminatedUnion<"resourceKind", [z.ZodObject<{
|
|
517
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
518
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
519
|
+
subjectId: z.ZodString;
|
|
520
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
521
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
522
|
+
resourceKind: z.ZodLiteral<"data">;
|
|
523
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"read">, z.ZodLiteral<"create">, z.ZodLiteral<"update">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">]>>;
|
|
524
|
+
}, "strip", z.ZodTypeAny, {
|
|
525
|
+
marker?: string;
|
|
526
|
+
subjectType?: "inst" | "user" | "role";
|
|
527
|
+
subjectId?: string;
|
|
528
|
+
resourceId?: string;
|
|
529
|
+
expireTimeMs?: number;
|
|
530
|
+
resourceKind?: "data";
|
|
531
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
532
|
+
}, {
|
|
533
|
+
marker?: string;
|
|
534
|
+
subjectType?: "inst" | "user" | "role";
|
|
535
|
+
subjectId?: string;
|
|
536
|
+
resourceId?: string;
|
|
537
|
+
expireTimeMs?: number;
|
|
538
|
+
resourceKind?: "data";
|
|
539
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
1180
540
|
}>, z.ZodObject<{
|
|
1181
|
-
|
|
1182
|
-
|
|
1183
|
-
|
|
1184
|
-
|
|
1185
|
-
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1189
|
-
|
|
1190
|
-
|
|
1191
|
-
|
|
541
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
542
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
543
|
+
subjectId: z.ZodString;
|
|
544
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
545
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
546
|
+
resourceKind: z.ZodLiteral<"file">;
|
|
547
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"read">, z.ZodLiteral<"create">, z.ZodLiteral<"update">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">]>>;
|
|
548
|
+
options: z.ZodObject<{
|
|
549
|
+
maxFileSizeInBytes: z.ZodOptional<z.ZodNumber>;
|
|
550
|
+
allowedMimeTypes: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<true>, z.ZodArray<z.ZodString, "many">]>>;
|
|
551
|
+
}, "strip", z.ZodTypeAny, {
|
|
552
|
+
maxFileSizeInBytes?: number;
|
|
553
|
+
allowedMimeTypes?: true | string[];
|
|
554
|
+
}, {
|
|
555
|
+
maxFileSizeInBytes?: number;
|
|
556
|
+
allowedMimeTypes?: true | string[];
|
|
557
|
+
}>;
|
|
558
|
+
}, "strip", z.ZodTypeAny, {
|
|
559
|
+
marker?: string;
|
|
560
|
+
subjectType?: "inst" | "user" | "role";
|
|
561
|
+
subjectId?: string;
|
|
562
|
+
resourceId?: string;
|
|
563
|
+
expireTimeMs?: number;
|
|
564
|
+
resourceKind?: "file";
|
|
565
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
566
|
+
options?: {
|
|
567
|
+
maxFileSizeInBytes?: number;
|
|
568
|
+
allowedMimeTypes?: true | string[];
|
|
569
|
+
};
|
|
570
|
+
}, {
|
|
571
|
+
marker?: string;
|
|
572
|
+
subjectType?: "inst" | "user" | "role";
|
|
573
|
+
subjectId?: string;
|
|
574
|
+
resourceId?: string;
|
|
575
|
+
expireTimeMs?: number;
|
|
576
|
+
resourceKind?: "file";
|
|
577
|
+
action?: "create" | "read" | "update" | "delete" | "list";
|
|
578
|
+
options?: {
|
|
579
|
+
maxFileSizeInBytes?: number;
|
|
580
|
+
allowedMimeTypes?: true | string[];
|
|
581
|
+
};
|
|
1192
582
|
}>, z.ZodObject<{
|
|
1193
|
-
|
|
1194
|
-
|
|
1195
|
-
|
|
1196
|
-
|
|
1197
|
-
|
|
1198
|
-
|
|
1199
|
-
|
|
1200
|
-
}, {
|
|
1201
|
-
|
|
1202
|
-
|
|
1203
|
-
|
|
583
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
584
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
585
|
+
subjectId: z.ZodString;
|
|
586
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
587
|
+
resourceKind: z.ZodLiteral<"event">;
|
|
588
|
+
resourceId: z.ZodNullable<z.ZodString>;
|
|
589
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"increment">, z.ZodLiteral<"count">, z.ZodLiteral<"update">, z.ZodLiteral<"list">]>>;
|
|
590
|
+
}, "strip", z.ZodTypeAny, {
|
|
591
|
+
marker?: string;
|
|
592
|
+
subjectType?: "inst" | "user" | "role";
|
|
593
|
+
subjectId?: string;
|
|
594
|
+
expireTimeMs?: number;
|
|
595
|
+
resourceKind?: "event";
|
|
596
|
+
resourceId?: string;
|
|
597
|
+
action?: "update" | "increment" | "count" | "list";
|
|
598
|
+
}, {
|
|
599
|
+
marker?: string;
|
|
600
|
+
subjectType?: "inst" | "user" | "role";
|
|
601
|
+
subjectId?: string;
|
|
602
|
+
expireTimeMs?: number;
|
|
603
|
+
resourceKind?: "event";
|
|
604
|
+
resourceId?: string;
|
|
605
|
+
action?: "update" | "increment" | "count" | "list";
|
|
1204
606
|
}>, z.ZodObject<{
|
|
1205
|
-
|
|
1206
|
-
|
|
1207
|
-
|
|
1208
|
-
|
|
1209
|
-
|
|
1210
|
-
|
|
1211
|
-
|
|
1212
|
-
}, {
|
|
1213
|
-
|
|
1214
|
-
|
|
1215
|
-
|
|
607
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
608
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
609
|
+
subjectId: z.ZodString;
|
|
610
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
611
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
612
|
+
resourceKind: z.ZodLiteral<"marker">;
|
|
613
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"assign">, z.ZodLiteral<"unassign">, z.ZodLiteral<"grantPermission">, z.ZodLiteral<"revokePermission">, z.ZodLiteral<"read">]>>;
|
|
614
|
+
}, "strip", z.ZodTypeAny, {
|
|
615
|
+
marker?: string;
|
|
616
|
+
subjectType?: "inst" | "user" | "role";
|
|
617
|
+
subjectId?: string;
|
|
618
|
+
resourceId?: string;
|
|
619
|
+
expireTimeMs?: number;
|
|
620
|
+
resourceKind?: "marker";
|
|
621
|
+
action?: "read" | "assign" | "unassign" | "grantPermission" | "revokePermission";
|
|
622
|
+
}, {
|
|
623
|
+
marker?: string;
|
|
624
|
+
subjectType?: "inst" | "user" | "role";
|
|
625
|
+
subjectId?: string;
|
|
626
|
+
resourceId?: string;
|
|
627
|
+
expireTimeMs?: number;
|
|
628
|
+
resourceKind?: "marker";
|
|
629
|
+
action?: "read" | "assign" | "unassign" | "grantPermission" | "revokePermission";
|
|
1216
630
|
}>, z.ZodObject<{
|
|
1217
|
-
|
|
1218
|
-
|
|
1219
|
-
|
|
1220
|
-
|
|
1221
|
-
|
|
1222
|
-
|
|
1223
|
-
|
|
1224
|
-
|
|
1225
|
-
|
|
1226
|
-
|
|
1227
|
-
|
|
631
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
632
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
633
|
+
subjectId: z.ZodString;
|
|
634
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
635
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
636
|
+
resourceKind: z.ZodLiteral<"role">;
|
|
637
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"grant">, z.ZodLiteral<"revoke">, z.ZodLiteral<"read">, z.ZodLiteral<"update">, z.ZodLiteral<"list">]>>;
|
|
638
|
+
options: z.ZodObject<{
|
|
639
|
+
maxDurationMs: z.ZodOptional<z.ZodNumber>;
|
|
640
|
+
}, "strip", z.ZodTypeAny, {
|
|
641
|
+
maxDurationMs?: number;
|
|
642
|
+
}, {
|
|
643
|
+
maxDurationMs?: number;
|
|
644
|
+
}>;
|
|
645
|
+
}, "strip", z.ZodTypeAny, {
|
|
646
|
+
marker?: string;
|
|
647
|
+
subjectType?: "inst" | "user" | "role";
|
|
648
|
+
subjectId?: string;
|
|
649
|
+
resourceId?: string;
|
|
650
|
+
expireTimeMs?: number;
|
|
651
|
+
resourceKind?: "role";
|
|
652
|
+
action?: "read" | "update" | "list" | "grant" | "revoke";
|
|
653
|
+
options?: {
|
|
654
|
+
maxDurationMs?: number;
|
|
655
|
+
};
|
|
656
|
+
}, {
|
|
657
|
+
marker?: string;
|
|
658
|
+
subjectType?: "inst" | "user" | "role";
|
|
659
|
+
subjectId?: string;
|
|
660
|
+
resourceId?: string;
|
|
661
|
+
expireTimeMs?: number;
|
|
662
|
+
resourceKind?: "role";
|
|
663
|
+
action?: "read" | "update" | "list" | "grant" | "revoke";
|
|
664
|
+
options?: {
|
|
665
|
+
maxDurationMs?: number;
|
|
666
|
+
};
|
|
1228
667
|
}>, z.ZodObject<{
|
|
1229
|
-
|
|
1230
|
-
|
|
1231
|
-
|
|
1232
|
-
|
|
1233
|
-
|
|
1234
|
-
|
|
1235
|
-
|
|
1236
|
-
}, {
|
|
1237
|
-
|
|
1238
|
-
|
|
1239
|
-
|
|
1240
|
-
|
|
1241
|
-
|
|
1242
|
-
|
|
1243
|
-
|
|
1244
|
-
},
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
|
|
1248
|
-
|
|
1249
|
-
|
|
1250
|
-
|
|
1251
|
-
|
|
1252
|
-
}>, z.ZodObject<{
|
|
1253
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1254
|
-
insts: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1255
|
-
type: z.ZodLiteral<"inst.list">;
|
|
1256
|
-
}, "strip", z.ZodTypeAny, {
|
|
1257
|
-
role?: string | true;
|
|
1258
|
-
insts?: string | true;
|
|
1259
|
-
type?: "inst.list";
|
|
1260
|
-
}, {
|
|
1261
|
-
role?: string | true;
|
|
1262
|
-
insts?: string | true;
|
|
1263
|
-
type?: "inst.list";
|
|
1264
|
-
}>, z.ZodObject<{
|
|
1265
|
-
role: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1266
|
-
insts: z.ZodUnion<[z.ZodLiteral<true>, z.ZodString]>;
|
|
1267
|
-
type: z.ZodLiteral<"inst.sendAction">;
|
|
1268
|
-
}, "strip", z.ZodTypeAny, {
|
|
1269
|
-
role?: string | true;
|
|
1270
|
-
insts?: string | true;
|
|
1271
|
-
type?: "inst.sendAction";
|
|
1272
|
-
}, {
|
|
1273
|
-
role?: string | true;
|
|
1274
|
-
insts?: string | true;
|
|
1275
|
-
type?: "inst.sendAction";
|
|
668
|
+
marker: z.ZodOptional<z.ZodString>;
|
|
669
|
+
subjectType: z.ZodUnion<[z.ZodLiteral<"user">, z.ZodLiteral<"inst">, z.ZodLiteral<"role">]>;
|
|
670
|
+
subjectId: z.ZodString;
|
|
671
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
672
|
+
expireTimeMs: z.ZodNullable<z.ZodNumber>;
|
|
673
|
+
resourceKind: z.ZodLiteral<"inst">;
|
|
674
|
+
action: z.ZodNullable<z.ZodUnion<[z.ZodLiteral<"create">, z.ZodLiteral<"read">, z.ZodLiteral<"update">, z.ZodLiteral<"updateData">, z.ZodLiteral<"delete">, z.ZodLiteral<"list">, z.ZodLiteral<"sendAction">]>>;
|
|
675
|
+
}, "strip", z.ZodTypeAny, {
|
|
676
|
+
marker?: string;
|
|
677
|
+
subjectType?: "inst" | "user" | "role";
|
|
678
|
+
subjectId?: string;
|
|
679
|
+
resourceId?: string;
|
|
680
|
+
expireTimeMs?: number;
|
|
681
|
+
resourceKind?: "inst";
|
|
682
|
+
action?: "create" | "read" | "update" | "delete" | "list" | "sendAction" | "updateData";
|
|
683
|
+
}, {
|
|
684
|
+
marker?: string;
|
|
685
|
+
subjectType?: "inst" | "user" | "role";
|
|
686
|
+
subjectId?: string;
|
|
687
|
+
resourceId?: string;
|
|
688
|
+
expireTimeMs?: number;
|
|
689
|
+
resourceKind?: "inst";
|
|
690
|
+
action?: "create" | "read" | "update" | "delete" | "list" | "sendAction" | "updateData";
|
|
1276
691
|
}>]>;
|
|
1277
|
-
|
|
1278
|
-
* Defines an interface for permissions that affect record keys.
|
|
1279
|
-
*/
|
|
1280
|
-
export interface RecordKeyPermission extends Permission {
|
|
1281
|
-
}
|
|
1282
|
-
/**
|
|
1283
|
-
* Defines an interface that represents a permission to create a record key.
|
|
1284
|
-
*/
|
|
1285
|
-
export interface CreateRecordKeyPermission extends RecordKeyPermission {
|
|
1286
|
-
type: 'recordKey.create';
|
|
1287
|
-
/**
|
|
1288
|
-
* The names of the records that record keys can be created for.
|
|
1289
|
-
*
|
|
1290
|
-
* If true, then keys can be created for all record names.
|
|
1291
|
-
* If a string, then it should be a Regular Expression that matches only record names that are allowed.
|
|
1292
|
-
*/
|
|
1293
|
-
recordNames: string | true;
|
|
1294
|
-
}
|
|
1295
|
-
/**
|
|
1296
|
-
* Defines an interface that represents a policy document.
|
|
1297
|
-
* That is, a list of permissions that are granted to specific roles.
|
|
1298
|
-
*/
|
|
1299
|
-
export interface PolicyDocument {
|
|
1300
|
-
/**
|
|
1301
|
-
* The list of permissions that are allowed by this policy document.
|
|
1302
|
-
*/
|
|
1303
|
-
permissions: AvailablePermissions[];
|
|
1304
|
-
}
|
|
692
|
+
export type PermissionOptions = FilePermissionOptions | RolePermissionOptions;
|
|
1305
693
|
/**
|
|
1306
694
|
* The name of the admin role.
|
|
1307
695
|
*/
|
|
@@ -1330,16 +718,4 @@ export declare const PRIVATE_MARKER = "private";
|
|
|
1330
718
|
* Used by default for policy and role records.
|
|
1331
719
|
*/
|
|
1332
720
|
export declare const ACCOUNT_MARKER = "account";
|
|
1333
|
-
/**
|
|
1334
|
-
* Defines a default policy document for any resource.
|
|
1335
|
-
*/
|
|
1336
|
-
export declare const DEFAULT_ANY_RESOURCE_POLICY_DOCUMENT: PolicyDocument;
|
|
1337
|
-
/**
|
|
1338
|
-
* Defines a policy document that applies only to resources marked with the "publicRead" marker.
|
|
1339
|
-
*/
|
|
1340
|
-
export declare const DEFAULT_PUBLIC_READ_POLICY_DOCUMENT: PolicyDocument;
|
|
1341
|
-
/**
|
|
1342
|
-
* Defines a policy document that applies only to resources marked with the "publicWrite" marker.
|
|
1343
|
-
*/
|
|
1344
|
-
export declare const DEFAULT_PUBLIC_WRITE_POLICY_DOCUMENT: PolicyDocument;
|
|
1345
721
|
//# sourceMappingURL=PolicyPermissions.d.ts.map
|