@checkstack/signal-backend 0.0.4 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +78 -0
- package/package.json +1 -1
- package/src/signal-service-impl.ts +10 -10
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,83 @@
|
|
|
1
1
|
# @checkstack/signal-backend
|
|
2
2
|
|
|
3
|
+
## 0.1.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 9faec1f: # Unified AccessRule Terminology Refactoring
|
|
8
|
+
|
|
9
|
+
This release completes a comprehensive terminology refactoring from "permission" to "accessRule" across the entire codebase, establishing a consistent and modern access control vocabulary.
|
|
10
|
+
|
|
11
|
+
## Changes
|
|
12
|
+
|
|
13
|
+
### Core Infrastructure (`@checkstack/common`)
|
|
14
|
+
|
|
15
|
+
- Introduced `AccessRule` interface as the primary access control type
|
|
16
|
+
- Added `accessPair()` helper for creating read/manage access rule pairs
|
|
17
|
+
- Added `access()` builder for individual access rules
|
|
18
|
+
- Replaced `Permission` type with `AccessRule` throughout
|
|
19
|
+
|
|
20
|
+
### API Changes
|
|
21
|
+
|
|
22
|
+
- `env.registerPermissions()` → `env.registerAccessRules()`
|
|
23
|
+
- `meta.permissions` → `meta.access` in RPC contracts
|
|
24
|
+
- `usePermission()` → `useAccess()` in frontend hooks
|
|
25
|
+
- Route `permission:` field → `accessRule:` field
|
|
26
|
+
|
|
27
|
+
### UI Changes
|
|
28
|
+
|
|
29
|
+
- "Roles & Permissions" tab → "Roles & Access Rules"
|
|
30
|
+
- "You don't have permission..." → "You don't have access..."
|
|
31
|
+
- All permission-related UI text updated
|
|
32
|
+
|
|
33
|
+
### Documentation & Templates
|
|
34
|
+
|
|
35
|
+
- Updated 18 documentation files with AccessRule terminology
|
|
36
|
+
- Updated 7 scaffolding templates with `accessPair()` pattern
|
|
37
|
+
- All code examples use new AccessRule API
|
|
38
|
+
|
|
39
|
+
## Migration Guide
|
|
40
|
+
|
|
41
|
+
### Backend Plugins
|
|
42
|
+
|
|
43
|
+
```diff
|
|
44
|
+
- import { permissionList } from "./permissions";
|
|
45
|
+
- env.registerPermissions(permissionList);
|
|
46
|
+
+ import { accessRules } from "./access";
|
|
47
|
+
+ env.registerAccessRules(accessRules);
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
### RPC Contracts
|
|
51
|
+
|
|
52
|
+
```diff
|
|
53
|
+
- .meta({ userType: "user", permissions: [permissions.read.id] })
|
|
54
|
+
+ .meta({ userType: "user", access: [access.read] })
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### Frontend Hooks
|
|
58
|
+
|
|
59
|
+
```diff
|
|
60
|
+
- const canRead = accessApi.usePermission(permissions.read.id);
|
|
61
|
+
+ const canRead = accessApi.useAccess(access.read);
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
### Routes
|
|
65
|
+
|
|
66
|
+
```diff
|
|
67
|
+
- permission: permissions.entityRead.id,
|
|
68
|
+
+ accessRule: access.read,
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
### Patch Changes
|
|
72
|
+
|
|
73
|
+
- Updated dependencies [9faec1f]
|
|
74
|
+
- Updated dependencies [827b286]
|
|
75
|
+
- Updated dependencies [f533141]
|
|
76
|
+
- Updated dependencies [aa4a8ab]
|
|
77
|
+
- @checkstack/backend-api@0.3.0
|
|
78
|
+
- @checkstack/common@0.2.0
|
|
79
|
+
- @checkstack/signal-common@0.1.0
|
|
80
|
+
|
|
3
81
|
## 0.0.4
|
|
4
82
|
|
|
5
83
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { EventBus, Logger } from "@checkstack/backend-api";
|
|
2
|
-
import {
|
|
2
|
+
import { qualifyAccessRuleId } from "@checkstack/common";
|
|
3
3
|
import type {
|
|
4
4
|
Signal,
|
|
5
5
|
SignalMessage,
|
|
@@ -12,9 +12,9 @@ import { SIGNAL_BROADCAST_HOOK, SIGNAL_USER_HOOK } from "./hooks";
|
|
|
12
12
|
* This is a subset of the AuthApi client to avoid circular dependencies.
|
|
13
13
|
*/
|
|
14
14
|
interface AuthClientForSignals {
|
|
15
|
-
|
|
15
|
+
filterUsersByAccessRule: (input: {
|
|
16
16
|
userIds: string[];
|
|
17
|
-
|
|
17
|
+
accessRule: string;
|
|
18
18
|
}) => Promise<string[]>;
|
|
19
19
|
}
|
|
20
20
|
|
|
@@ -30,7 +30,7 @@ export class SignalServiceImpl implements SignalService {
|
|
|
30
30
|
constructor(private eventBus: EventBus, private logger: Logger) {}
|
|
31
31
|
|
|
32
32
|
/**
|
|
33
|
-
* Set the auth client for
|
|
33
|
+
* Set the auth client for access-based signal filtering.
|
|
34
34
|
* This should be called after plugins have loaded.
|
|
35
35
|
*/
|
|
36
36
|
setAuthClient(client: AuthClientForSignals): void {
|
|
@@ -81,7 +81,7 @@ export class SignalServiceImpl implements SignalService {
|
|
|
81
81
|
userIds: string[],
|
|
82
82
|
payload: T,
|
|
83
83
|
pluginMetadata: { pluginId: string },
|
|
84
|
-
|
|
84
|
+
accessRule: { id: string }
|
|
85
85
|
): Promise<void> {
|
|
86
86
|
if (userIds.length === 0) return;
|
|
87
87
|
|
|
@@ -92,18 +92,18 @@ export class SignalServiceImpl implements SignalService {
|
|
|
92
92
|
return;
|
|
93
93
|
}
|
|
94
94
|
|
|
95
|
-
// Construct fully-qualified
|
|
96
|
-
const
|
|
95
|
+
// Construct fully-qualified access rule ID: ${pluginMetadata.pluginId}.${accessRule.id}
|
|
96
|
+
const qualifiedAccessRule = qualifyAccessRuleId(pluginMetadata, accessRule);
|
|
97
97
|
|
|
98
98
|
// Filter users via auth RPC
|
|
99
|
-
const authorizedIds = await this.authClient.
|
|
99
|
+
const authorizedIds = await this.authClient.filterUsersByAccessRule({
|
|
100
100
|
userIds,
|
|
101
|
-
|
|
101
|
+
accessRule: qualifiedAccessRule,
|
|
102
102
|
});
|
|
103
103
|
|
|
104
104
|
if (authorizedIds.length === 0) {
|
|
105
105
|
this.logger.debug(
|
|
106
|
-
`No users authorized for signal ${signal.id} with
|
|
106
|
+
`No users authorized for signal ${signal.id} with access ${qualifiedAccessRule}`
|
|
107
107
|
);
|
|
108
108
|
return;
|
|
109
109
|
}
|