npm - @cfast/permissions - Versions diffs - 0.6.0 → 0.7.0 - Mend

@cfast/permissions 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -292,4 +292,31 @@ type GrantedAction = {
  */
 declare function getGrantedActions(grants: Grant[], table: DrizzleTable): GrantedAction[];
-export { CrudAction, DrizzleTable, Grant, type GrantedAction, PermissionAction, PermissionCheckResult, PermissionDescriptor, Permissions, PermissionsConfig, SchemaMap, SubjectInput, type UserWithRoles, WhereClause, WithLookups, can, checkPermissions, definePermissions, getGrantedActions, grant, resolveGrants };
+/**
+ * Resolves table-level CRUD permissions for every table in a schema.
+ *
+ * Iterates each key in the schema map, extracts its table name, and calls
+ * {@link can} for each of the four CRUD actions (`read`, `create`, `update`,
+ * `delete`). Returns a flat, serializable map suitable for embedding in
+ * loader data and sending to the client.
+ *
+ * This is a pure grant-structural check — no database access, no SQL.
+ * Row-level `where` clauses on grants are ignored; the result reflects
+ * whether the user has *any* grant for the action on the table.
+ *
+ * @param grants - The user's resolved permission grants.
+ * @param schema - A schema map (e.g. `import * as schema from "./schema"`).
+ * @returns A record keyed by SQL table name, each mapping CRUD actions to booleans.
+ *
+ * @example
+ * ```ts
+ * import { resolveTablePermissions } from "@cfast/permissions";
+ * import * as schema from "../db/schema";
+ *
+ * const perms = resolveTablePermissions(grants, schema);
+ * // { posts: { read: true, create: true, update: false, delete: false }, ... }
+ * ```
+ */
+declare function resolveTablePermissions(grants: Grant[], schema: SchemaMap): Record<string, Record<CrudAction, boolean>>;
+export { CrudAction, DrizzleTable, Grant, type GrantedAction, PermissionAction, PermissionCheckResult, PermissionDescriptor, Permissions, PermissionsConfig, SchemaMap, SubjectInput, type UserWithRoles, WhereClause, WithLookups, can, checkPermissions, definePermissions, getGrantedActions, grant, resolveGrants, resolveTablePermissions };

package/dist/index.js CHANGED Viewed

@@ -253,6 +253,23 @@ function getGrantedActions(grants, table) {
   }
   return result;
 }
+// src/resolve-table-permissions.ts
+function resolveTablePermissions(grants, schema) {
+  const result = {};
+  for (const key of Object.keys(schema)) {
+    const table = schema[key];
+    const tableName = getTableName(table);
+    if (tableName === "unknown") continue;
+    if (result[tableName]) continue;
+    const perms = {};
+    for (const action of CRUD_ACTIONS) {
+      perms[action] = can(grants, action, table);
+    }
+    result[tableName] = perms;
+  }
+  return result;
+}
 export {
   CRUD_ACTIONS,
   ForbiddenError,
@@ -263,5 +280,6 @@ export {
   getGrantedActions,
   getTableName,
   grant,
-  resolveGrants
+  resolveGrants,
+  resolveTablePermissions
 };

package/llms.txt CHANGED Viewed

@@ -229,6 +229,18 @@ Used internally by `@cfast/db` to build row-level `_can` annotations on query re
 const CRUD_ACTIONS: readonly CrudAction[] = ["read", "create", "update", "delete"];
 ```
+### `resolveTablePermissions(grants, schema): Record<string, Record<CrudAction, boolean>>`
+```typescript
+import { resolveTablePermissions } from "@cfast/permissions";
+import * as schema from "../db/schema";
+const perms = resolveTablePermissions(grants, schema);
+// { posts: { read: true, create: true, update: false, delete: false }, ... }
+```
+Pure grant-structural check for every table in the schema. No DB, no SQL. Returns a serializable map. Skips non-table entries (e.g. relation objects) and deduplicates when multiple JS keys map to the same SQL name.
+Used internally by `cfastJson()` from `@cfast/actions` to embed table permissions in loader data.
 ### Client entrypoint
 ```typescript
 import { ForbiddenError, can } from "@cfast/permissions/client";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cfast/permissions",
-  "version": "0.6.0",
+  "version": "0.7.0",
   "description": "Isomorphic, composable permission system with Drizzle-native row-level access control",
   "keywords": [
     "cfast",