@casual-simulation/aux-records 3.4.6-alpha.14668890889 → 3.5.0-alpha.15119114602

package/PolicyController.d.ts

@@ -1,10 +1,11 @@
 import type { AuthController } from './AuthController';
 import type { RecordsController, ValidatePublicRecordKeyFailure, ValidatePublicRecordKeyResult } from './RecordsController';
 import type { NotSupportedError, ServerError, SubscriptionLimitReached } from '@casual-simulation/aux-common/Errors';
-import type { AvailablePermissions, ResourceKinds, ActionKinds, SubjectType, DenialReason, PrivacyFeatures, PermissionOptions } from '@casual-simulation/aux-common';
-import type { ListedStudioAssignment, PublicRecordKeyPolicy } from './RecordsStore';
-import type { AssignedRole, AssignPermissionToSubjectAndMarkerFailure, MarkerPermissionAssignment, PolicyStore, ResourcePermissionAssignment, RoleAssignment, UpdateUserRolesFailure } from './PolicyStore';
-import type { UserRole } from './AuthStore';
+import type { AvailablePermissions, ResourceKinds, ActionKinds, SubjectType, DenialReason, PrivacyFeatures, PermissionOptions, KnownErrorCodes, GrantedEntitlementScope, EntitlementFeature, PublicRecordKeyPolicy, UserRole } from '@casual-simulation/aux-common';
+import type { ListedStudioAssignment } from './RecordsStore';
+import type { AssignedRole, AssignPermissionToSubjectAndMarkerFailure, GrantedPackageEntitlement, MarkerPermissionAssignment, PolicyStore, ResourcePermissionAssignment, RoleAssignment, UpdateUserRolesFailure } from './PolicyStore';
+import type { InstRecordsStore, LoadedPackage } from './websockets/InstRecordsStore';
+import type { PackageVersionRecordsStore } from './packages/version';
 /**
  * The maximum number of instances that can be authorized at once.
  */
@@ -31,7 +32,9 @@ export declare class PolicyController {
     private _auth;
     private _records;
     private _policies;
-    constructor(auth: AuthController, records: RecordsController, policies: PolicyStore);
+    private _insts;
+    private _packageVersions;
+    constructor(auth: AuthController, records: RecordsController, policies: PolicyStore, insts?: InstRecordsStore, packageVersions?: PackageVersionRecordsStore);
     /**
      * Constructs the authorization context that is needed for the given request.
      * @param request The request that will be authorized.
@@ -174,6 +177,13 @@ export declare class PolicyController {
      * @param instances The instances that the request is being made from.
      */
     revokeRole(recordKeyOrRecordName: string, userId: string, request: RevokeRoleRequest, instances?: string[]): Promise<RevokeRoleResult>;
+    /**
+     * Attempts to grant an entitlement to a package.
+     * @param request
+     */
+    grantEntitlement(request: GrantEntitlementRequest): Promise<GrantEntitlementResult>;
+    revokeEntitlement(request: RevokeEntitlementRequest): Promise<RevokeEntitlementResult>;
+    listGrantedEntitlements(request: ListGrantedEntitlementsRequest): Promise<ListGrantedEntitlementsResult>;
 }
 /**
  * Determines if any markers will be remaining after the removal and addition of the specified markers.
@@ -243,10 +253,11 @@ export interface AuthorizationContext {
     userPrivacyFeatures: PrivacyFeatures;
     /**
      * The ID of the user that is currently logged in.
+     * Null if the user is not logged in.
      */
-    userId: string;
+    userId: string | null;
     /**
-     * The role of the user.
+     * The role of the user that is currently logged in.
      */
     userRole: UserRole;
     /**
@@ -261,8 +272,15 @@ export interface ConstructAuthorizationContextRequest {
     recordKeyOrRecordName: string;
     /**
      * The ID of the user that is currently logged in.
+     * Null or undefined if the user is not logged in.
      */
     userId?: string | null;
+    /**
+     * The role of the user.
+     * Null if the user is not logged in.
+     * Null or undefined if the user is not logged in.
+     */
+    userRole?: UserRole | null;
     /**
      * Whether to return not_logged_in results when the user has not provided any authentication mechanism, but needs to.
      */
@@ -659,11 +677,11 @@ export interface AuthorizeUserAndInstancesRequest {
     /**
      * The ID of the user that should be authorized.
      */
-    userId: string;
+    userId: string | null | undefined;
     /**
      * The instances that should be authorized.
      */
-    instances: string[];
+    instances: string[] | null | undefined;
     /**
      * The kind of resource that the action is being performed on.
      */
@@ -699,7 +717,7 @@ export interface AuthorizeUserAndInstancesForResources {
     /**
      * The ID of the user that should be authorized.
      */
-    userId: string;
+    userId: string | null;
     /**
      * The instances that should be authorized.
      */
@@ -747,6 +765,7 @@ export interface AuthorizeSubjectRequest {
     subjectType: SubjectType;
     /**
      * The ID of the subject that should be authorized.
+     * If null, then the currently logged in user will be used if available.
      */
     subjectId: string | null;
     /**
@@ -791,6 +810,16 @@ export interface AuthorizeSubjectSuccess {
      * The explaination for the authorization.
      */
     explanation: string;
+    /**
+     * The entitlement that was able to grant access to the resource.
+     */
+    entitlementGrant?: EntitlementGrant;
+}
+export interface EntitlementGrant extends GrantedPackageEntitlement {
+    /**
+     * The package that the entitlement is granted through.
+     */
+    loadedPackage: LoadedPackage;
 }
 export interface AuthorizedSubject extends AuthorizeSubjectSuccess {
     /**
@@ -816,6 +845,15 @@ export interface AuthorizeSubjectFailure {
      * The denial reason.
      */
     reason?: DenialReason;
+    /**
+     * If the error was rejected because the inst has not been granted an entitlement,
+     * this will contain the entitlement that is recommended to be granted.
+     *
+     * Note that this recommended entitlement may not actually be able to be granted to one of the loaded packages in an inst.
+     * Instead, it is just a suggestion for what entitlement would be best to grant if possible.
+     * It should be used by the client to help determine what entitlement to grant, but should not be used on its own.
+     */
+    recommendedEntitlement?: RecommendedPackageEntitlement;
 }
 export type ListPermissionsResult = ListPermissionsSuccess | ListPermissionsFailure;
 export interface ListPermissionsSuccess {
@@ -914,4 +952,106 @@ export interface ListedMarkerPermission extends ListedPermission {
      */
     resourceKind: ResourceKinds | null;
 }
+export interface GrantEntitlementRequest {
+    /**
+     * The ID of the currently logged in user.
+     */
+    userId: string | null;
+    /**
+     * The role of the currently logged in user.
+     * If omitted, then the user will be treated as a normal user.
+     */
+    userRole?: UserRole;
+    /**
+     * The ID of the user that is granting the entitlement.
+     */
+    grantingUserId: string;
+    /**
+     * The ID of the package that the entitlement grant is for.
+     */
+    packageId: string;
+    /**
+     * The feature that is being granted.
+     */
+    feature: EntitlementFeature;
+    /**
+     * The scope that is being granted.
+     */
+    scope: GrantedEntitlementScope;
+    /**
+     * The record that the entitlement grant covers.
+     */
+    recordName: string;
+    /**
+     * The unix time in miliseconds that the entitlement grant will expire.
+     */
+    expireTimeMs: number;
+}
+export type GrantEntitlementResult = GrantEntitlementSuccess | GrantEntitlementFailure;
+export interface GrantEntitlementSuccess {
+    success: true;
+    /**
+     * The ID of the entitlement grant.
+     */
+    grantId: string;
+    /**
+     * The feature that was granted.
+     */
+    feature: EntitlementFeature;
+}
+export interface GrantEntitlementFailure {
+    success: false;
+    errorCode: KnownErrorCodes;
+    errorMessage: string;
+}
+export interface RecommendedPackageEntitlement {
+    packageId: string;
+    feature: EntitlementFeature;
+    scope: GrantedEntitlementScope;
+    recordName?: string;
+}
+export interface RevokeEntitlementRequest {
+    /**
+     * The ID of the user that is currently logged in.
+     */
+    userId: string | null;
+    /**
+     * The role of the currently logged in user.
+     */
+    userRole?: UserRole;
+    /**
+     * The ID of the entitlement grant that should be revoked.
+     */
+    grantId: string;
+}
+export type RevokeEntitlementResult = RevokeEntitlementSuccess | RevokeEntitlementFailure;
+export interface RevokeEntitlementSuccess {
+    success: true;
+}
+export interface RevokeEntitlementFailure {
+    success: false;
+    errorCode: KnownErrorCodes;
+    errorMessage: string;
+}
+export interface ListGrantedEntitlementsRequest {
+    /**
+     * The ID of the user that is currently logged in.
+     */
+    userId: string;
+    /**
+     * The ID of the package that the entitlements should be listed for.
+     * If omitted, then all granted entitlements will be listed for the user.
+     */
+    packageId?: string | null;
+}
+export type ListGrantedEntitlementsResult = ListGrantedEntitlementsSuccess | ListGrantedEntitlementsFailure;
+export interface ListGrantedEntitlementsSuccess {
+    success: true;
+    grants: GrantedPackageEntitlement[];
+}
+export interface ListGrantedEntitlementsFailure {
+    success: false;
+    errorCode: KnownErrorCodes;
+    errorMessage: string;
+}
 //# sourceMappingURL=PolicyController.d.ts.map