@checkstack/maintenance-backend 0.0.3 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +167 -0
- package/package.json +1 -1
- package/src/index.ts +6 -9
- package/src/router.ts +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,172 @@
|
|
|
1
1
|
# @checkstack/maintenance-backend
|
|
2
2
|
|
|
3
|
+
## 0.2.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 9faec1f: # Unified AccessRule Terminology Refactoring
|
|
8
|
+
|
|
9
|
+
This release completes a comprehensive terminology refactoring from "permission" to "accessRule" across the entire codebase, establishing a consistent and modern access control vocabulary.
|
|
10
|
+
|
|
11
|
+
## Changes
|
|
12
|
+
|
|
13
|
+
### Core Infrastructure (`@checkstack/common`)
|
|
14
|
+
|
|
15
|
+
- Introduced `AccessRule` interface as the primary access control type
|
|
16
|
+
- Added `accessPair()` helper for creating read/manage access rule pairs
|
|
17
|
+
- Added `access()` builder for individual access rules
|
|
18
|
+
- Replaced `Permission` type with `AccessRule` throughout
|
|
19
|
+
|
|
20
|
+
### API Changes
|
|
21
|
+
|
|
22
|
+
- `env.registerPermissions()` → `env.registerAccessRules()`
|
|
23
|
+
- `meta.permissions` → `meta.access` in RPC contracts
|
|
24
|
+
- `usePermission()` → `useAccess()` in frontend hooks
|
|
25
|
+
- Route `permission:` field → `accessRule:` field
|
|
26
|
+
|
|
27
|
+
### UI Changes
|
|
28
|
+
|
|
29
|
+
- "Roles & Permissions" tab → "Roles & Access Rules"
|
|
30
|
+
- "You don't have permission..." → "You don't have access..."
|
|
31
|
+
- All permission-related UI text updated
|
|
32
|
+
|
|
33
|
+
### Documentation & Templates
|
|
34
|
+
|
|
35
|
+
- Updated 18 documentation files with AccessRule terminology
|
|
36
|
+
- Updated 7 scaffolding templates with `accessPair()` pattern
|
|
37
|
+
- All code examples use new AccessRule API
|
|
38
|
+
|
|
39
|
+
## Migration Guide
|
|
40
|
+
|
|
41
|
+
### Backend Plugins
|
|
42
|
+
|
|
43
|
+
```diff
|
|
44
|
+
- import { permissionList } from "./permissions";
|
|
45
|
+
- env.registerPermissions(permissionList);
|
|
46
|
+
+ import { accessRules } from "./access";
|
|
47
|
+
+ env.registerAccessRules(accessRules);
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
### RPC Contracts
|
|
51
|
+
|
|
52
|
+
```diff
|
|
53
|
+
- .meta({ userType: "user", permissions: [permissions.read.id] })
|
|
54
|
+
+ .meta({ userType: "user", access: [access.read] })
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### Frontend Hooks
|
|
58
|
+
|
|
59
|
+
```diff
|
|
60
|
+
- const canRead = accessApi.usePermission(permissions.read.id);
|
|
61
|
+
+ const canRead = accessApi.useAccess(access.read);
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
### Routes
|
|
65
|
+
|
|
66
|
+
```diff
|
|
67
|
+
- permission: permissions.entityRead.id,
|
|
68
|
+
+ accessRule: access.read,
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
### Patch Changes
|
|
72
|
+
|
|
73
|
+
- Updated dependencies [9faec1f]
|
|
74
|
+
- Updated dependencies [827b286]
|
|
75
|
+
- Updated dependencies [f533141]
|
|
76
|
+
- Updated dependencies [aa4a8ab]
|
|
77
|
+
- @checkstack/backend-api@0.3.0
|
|
78
|
+
- @checkstack/catalog-common@1.1.0
|
|
79
|
+
- @checkstack/command-backend@0.1.0
|
|
80
|
+
- @checkstack/common@0.2.0
|
|
81
|
+
- @checkstack/integration-backend@0.1.0
|
|
82
|
+
- @checkstack/integration-common@0.1.0
|
|
83
|
+
- @checkstack/maintenance-common@0.2.0
|
|
84
|
+
- @checkstack/notification-common@0.1.0
|
|
85
|
+
- @checkstack/signal-common@0.1.0
|
|
86
|
+
|
|
87
|
+
## 0.1.0
|
|
88
|
+
|
|
89
|
+
### Minor Changes
|
|
90
|
+
|
|
91
|
+
- 8e43507: # Teams and Resource-Level Access Control
|
|
92
|
+
|
|
93
|
+
This release introduces a comprehensive Teams system for organizing users and controlling access to resources at a granular level.
|
|
94
|
+
|
|
95
|
+
## Features
|
|
96
|
+
|
|
97
|
+
### Team Management
|
|
98
|
+
|
|
99
|
+
- Create, update, and delete teams with name and description
|
|
100
|
+
- Add/remove users from teams
|
|
101
|
+
- Designate team managers with elevated privileges
|
|
102
|
+
- View team membership and manager status
|
|
103
|
+
|
|
104
|
+
### Resource-Level Access Control
|
|
105
|
+
|
|
106
|
+
- Grant teams access to specific resources (systems, health checks, incidents, maintenances)
|
|
107
|
+
- Configure read-only or manage permissions per team
|
|
108
|
+
- Resource-level "Team Only" mode that restricts access exclusively to team members
|
|
109
|
+
- Separate `resourceAccessSettings` table for resource-level settings (not per-grant)
|
|
110
|
+
- Automatic cleanup of grants when teams are deleted (database cascade)
|
|
111
|
+
|
|
112
|
+
### Middleware Integration
|
|
113
|
+
|
|
114
|
+
- Extended `autoAuthMiddleware` to support resource access checks
|
|
115
|
+
- Single-resource pre-handler validation for detail endpoints
|
|
116
|
+
- Automatic list filtering for collection endpoints
|
|
117
|
+
- S2S endpoints for access verification
|
|
118
|
+
|
|
119
|
+
### Frontend Components
|
|
120
|
+
|
|
121
|
+
- `TeamsTab` component for managing teams in Auth Settings
|
|
122
|
+
- `TeamAccessEditor` component for assigning team access to resources
|
|
123
|
+
- Resource-level "Team Only" toggle in `TeamAccessEditor`
|
|
124
|
+
- Integration into System, Health Check, Incident, and Maintenance editors
|
|
125
|
+
|
|
126
|
+
## Breaking Changes
|
|
127
|
+
|
|
128
|
+
### API Response Format Changes
|
|
129
|
+
|
|
130
|
+
List endpoints now return objects with named keys instead of arrays directly:
|
|
131
|
+
|
|
132
|
+
```typescript
|
|
133
|
+
// Before
|
|
134
|
+
const systems = await catalogApi.getSystems();
|
|
135
|
+
|
|
136
|
+
// After
|
|
137
|
+
const { systems } = await catalogApi.getSystems();
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
Affected endpoints:
|
|
141
|
+
|
|
142
|
+
- `catalog.getSystems` → `{ systems: [...] }`
|
|
143
|
+
- `healthcheck.getConfigurations` → `{ configurations: [...] }`
|
|
144
|
+
- `incident.listIncidents` → `{ incidents: [...] }`
|
|
145
|
+
- `maintenance.listMaintenances` → `{ maintenances: [...] }`
|
|
146
|
+
|
|
147
|
+
### User Identity Enrichment
|
|
148
|
+
|
|
149
|
+
`RealUser` and `ApplicationUser` types now include `teamIds: string[]` field with team memberships.
|
|
150
|
+
|
|
151
|
+
## Documentation
|
|
152
|
+
|
|
153
|
+
See `docs/backend/teams.md` for complete API reference and integration guide.
|
|
154
|
+
|
|
155
|
+
### Patch Changes
|
|
156
|
+
|
|
157
|
+
- Updated dependencies [97c5a6b]
|
|
158
|
+
- Updated dependencies [8e43507]
|
|
159
|
+
- Updated dependencies [8e43507]
|
|
160
|
+
- @checkstack/backend-api@0.2.0
|
|
161
|
+
- @checkstack/catalog-common@1.0.0
|
|
162
|
+
- @checkstack/common@0.1.0
|
|
163
|
+
- @checkstack/maintenance-common@0.1.0
|
|
164
|
+
- @checkstack/command-backend@0.0.4
|
|
165
|
+
- @checkstack/integration-backend@0.0.4
|
|
166
|
+
- @checkstack/integration-common@0.0.4
|
|
167
|
+
- @checkstack/notification-common@0.0.4
|
|
168
|
+
- @checkstack/signal-common@0.0.4
|
|
169
|
+
|
|
3
170
|
## 0.0.3
|
|
4
171
|
|
|
5
172
|
### Patch Changes
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -2,16 +2,13 @@ import * as schema from "./schema";
|
|
|
2
2
|
import type { NodePgDatabase } from "drizzle-orm/node-postgres";
|
|
3
3
|
import { z } from "zod";
|
|
4
4
|
import {
|
|
5
|
-
|
|
5
|
+
maintenanceAccessRules,
|
|
6
|
+
maintenanceAccess,
|
|
6
7
|
pluginMetadata,
|
|
7
8
|
maintenanceContract,
|
|
8
9
|
maintenanceRoutes,
|
|
9
|
-
permissions,
|
|
10
10
|
} from "@checkstack/maintenance-common";
|
|
11
|
-
import {
|
|
12
|
-
createBackendPlugin,
|
|
13
|
-
coreServices,
|
|
14
|
-
} from "@checkstack/backend-api";
|
|
11
|
+
import { createBackendPlugin, coreServices } from "@checkstack/backend-api";
|
|
15
12
|
import { integrationEventExtensionPoint } from "@checkstack/integration-backend";
|
|
16
13
|
import { MaintenanceService } from "./service";
|
|
17
14
|
import { createRouter } from "./router";
|
|
@@ -52,7 +49,7 @@ const maintenanceUpdatedPayloadSchema = z.object({
|
|
|
52
49
|
export default createBackendPlugin({
|
|
53
50
|
metadata: pluginMetadata,
|
|
54
51
|
register(env) {
|
|
55
|
-
env.
|
|
52
|
+
env.registerAccessRules(maintenanceAccessRules);
|
|
56
53
|
|
|
57
54
|
// Register hooks as integration events
|
|
58
55
|
const integrationEvents = env.getExtensionPoint(
|
|
@@ -117,7 +114,7 @@ export default createBackendPlugin({
|
|
|
117
114
|
route:
|
|
118
115
|
resolveRoute(maintenanceRoutes.routes.config) +
|
|
119
116
|
"?action=create",
|
|
120
|
-
|
|
117
|
+
requiredAccessRules: [maintenanceAccess.maintenance.manage],
|
|
121
118
|
},
|
|
122
119
|
{
|
|
123
120
|
id: "manage",
|
|
@@ -126,7 +123,7 @@ export default createBackendPlugin({
|
|
|
126
123
|
iconName: "Wrench",
|
|
127
124
|
shortcuts: ["meta+shift+m", "ctrl+shift+m"],
|
|
128
125
|
route: resolveRoute(maintenanceRoutes.routes.config),
|
|
129
|
-
|
|
126
|
+
requiredAccessRules: [maintenanceAccess.maintenance.manage],
|
|
130
127
|
},
|
|
131
128
|
],
|
|
132
129
|
});
|
package/src/router.ts
CHANGED
|
@@ -69,7 +69,7 @@ export function createRouter(
|
|
|
69
69
|
|
|
70
70
|
return os.router({
|
|
71
71
|
listMaintenances: os.listMaintenances.handler(async ({ input }) => {
|
|
72
|
-
return service.listMaintenances(input ?? {});
|
|
72
|
+
return { maintenances: await service.listMaintenances(input ?? {}) };
|
|
73
73
|
}),
|
|
74
74
|
|
|
75
75
|
getMaintenance: os.getMaintenance.handler(async ({ input }) => {
|