@commonpub/schema 0.22.0 → 0.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/contest.d.ts +23 -2
- package/dist/contest.d.ts.map +1 -1
- package/dist/contest.js +3 -0
- package/dist/contest.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -0
- package/dist/index.js.map +1 -1
- package/dist/permissions.d.ts +41 -0
- package/dist/permissions.d.ts.map +1 -0
- package/dist/permissions.js +92 -0
- package/dist/permissions.js.map +1 -0
- package/dist/rbac.d.ts +294 -0
- package/dist/rbac.d.ts.map +1 -0
- package/dist/rbac.js +67 -0
- package/dist/rbac.js.map +1 -0
- package/dist/validators.d.ts +5 -3
- package/dist/validators.d.ts.map +1 -1
- package/dist/validators.js +11 -3
- package/dist/validators.js.map +1 -1
- package/migrations/0009_rbac_roles_permissions.sql +33 -0
- package/migrations/0010_powerful_doctor_faustus.sql +1 -0
- package/migrations/meta/0009_snapshot.json +11007 -0
- package/migrations/meta/0010_snapshot.json +11013 -0
- package/migrations/meta/_journal.json +14 -0
- package/package.json +1 -1
package/dist/contest.d.ts
CHANGED
|
@@ -58,6 +58,25 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
58
58
|
}, {}, {
|
|
59
59
|
length: 255;
|
|
60
60
|
}>;
|
|
61
|
+
subheading: import("drizzle-orm/pg-core").PgColumn<{
|
|
62
|
+
name: "subheading";
|
|
63
|
+
tableName: "contests";
|
|
64
|
+
dataType: "string";
|
|
65
|
+
columnType: "PgVarchar";
|
|
66
|
+
data: string;
|
|
67
|
+
driverParam: string;
|
|
68
|
+
notNull: false;
|
|
69
|
+
hasDefault: false;
|
|
70
|
+
isPrimaryKey: false;
|
|
71
|
+
isAutoincrement: false;
|
|
72
|
+
hasRuntimeDefault: false;
|
|
73
|
+
enumValues: [string, ...string[]];
|
|
74
|
+
baseColumn: never;
|
|
75
|
+
identity: undefined;
|
|
76
|
+
generated: undefined;
|
|
77
|
+
}, {}, {
|
|
78
|
+
length: 300;
|
|
79
|
+
}>;
|
|
61
80
|
description: import("drizzle-orm/pg-core").PgColumn<{
|
|
62
81
|
name: "description";
|
|
63
82
|
tableName: "contests";
|
|
@@ -187,7 +206,8 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
187
206
|
place?: number;
|
|
188
207
|
/** Optional category label (e.g. "Best in Show", "Robotics"). */
|
|
189
208
|
category?: string;
|
|
190
|
-
|
|
209
|
+
/** Optional — a prize can be description-only (no forced placement). */
|
|
210
|
+
title?: string;
|
|
191
211
|
description?: string;
|
|
192
212
|
value?: string;
|
|
193
213
|
}[];
|
|
@@ -207,7 +227,8 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
207
227
|
place?: number;
|
|
208
228
|
/** Optional category label (e.g. "Best in Show", "Robotics"). */
|
|
209
229
|
category?: string;
|
|
210
|
-
|
|
230
|
+
/** Optional — a prize can be description-only (no forced placement). */
|
|
231
|
+
title?: string;
|
|
211
232
|
description?: string;
|
|
212
233
|
value?: string;
|
|
213
234
|
}[];
|
package/dist/contest.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contest.d.ts","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAMA,uFAAuF;AACvF,eAAO,MAAM,QAAQ
|
|
1
|
+
{"version":3,"file":"contest.d.ts","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAMA,uFAAuF;AACvF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gBAgBf,4EAA4E;wBACpE,MAAM;gBACd,iEAAiE;2BACtD,MAAM;gBACjB,wEAAwE;wBAChE,MAAM;8BACA,MAAM;wBACZ,MAAM;;;;;;;;;;;;;;gBAPd,4EAA4E;wBACpE,MAAM;gBACd,iEAAiE;2BACtD,MAAM;gBACjB,wEAAwE;wBAChE,MAAM;8BACA,MAAM;wBACZ,MAAM;;;;;;;;;uBAUP,MAAM;yBACJ,MAAM;8BACD,MAAM;;;;;;;;;;;;;;uBAFb,MAAM;yBACJ,MAAM;8BACD,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgCxB,CAAC;AAEH,wFAAwF;AACxF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAeZ,MAAM;gBACf,6EAA6E;uBACtE,MAAM;2BACF,MAAM;gBACjB,yEAAyE;iCACxD,KAAK,CAAC;oBAAE,KAAK,EAAE,MAAM,CAAC;oBAAC,KAAK,EAAE,MAAM,CAAC;oBAAC,GAAG,EAAE,MAAM,CAAA;iBAAE,CAAC;;;;;;;;;;;;;;yBAL5D,MAAM;gBACf,6EAA6E;uBACtE,MAAM;2BACF,MAAM;gBACjB,yEAAyE;iCACxD,KAAK,CAAC;oBAAE,KAAK,EAAE,MAAM,CAAC;oBAAC,KAAK,EAAE,MAAM,CAAC;oBAAC,GAAG,EAAE,MAAM,CAAA;iBAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;EAQzE,CAAC;AAIH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAexB,CAAC;AAKH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa9B,CAAC;AAIH,eAAO,MAAM,iBAAiB;;;;EAI3B,CAAC;AAEJ,eAAO,MAAM,uBAAuB;;;;EAOjC,CAAC;AAEJ,eAAO,MAAM,sBAAsB;;;EAGhC,CAAC;AAEJ,eAAO,MAAM,4BAA4B;;;EAGtC,CAAC;AAGJ,MAAM,MAAM,UAAU,GAAG,OAAO,QAAQ,CAAC,YAAY,CAAC;AACtD,MAAM,MAAM,aAAa,GAAG,OAAO,QAAQ,CAAC,YAAY,CAAC;AACzD,MAAM,MAAM,eAAe,GAAG,OAAO,cAAc,CAAC,YAAY,CAAC;AACjE,MAAM,MAAM,kBAAkB,GAAG,OAAO,cAAc,CAAC,YAAY,CAAC;AACpE,MAAM,MAAM,eAAe,GAAG,OAAO,aAAa,CAAC,YAAY,CAAC;AAChE,MAAM,MAAM,kBAAkB,GAAG,OAAO,aAAa,CAAC,YAAY,CAAC;AACnE,MAAM,MAAM,qBAAqB,GAAG,OAAO,mBAAmB,CAAC,YAAY,CAAC;AAC5E,MAAM,MAAM,wBAAwB,GAAG,OAAO,mBAAmB,CAAC,YAAY,CAAC"}
|
package/dist/contest.js
CHANGED
|
@@ -8,6 +8,9 @@ export const contests = pgTable('contests', {
|
|
|
8
8
|
id: uuid('id').defaultRandom().primaryKey(),
|
|
9
9
|
title: varchar('title', { length: 255 }).notNull(),
|
|
10
10
|
slug: varchar('slug', { length: 255 }).notNull().unique(),
|
|
11
|
+
/** Short one-line tagline shown in the contest hero (plain text). */
|
|
12
|
+
subheading: varchar('subheading', { length: 300 }),
|
|
13
|
+
/** Long-form body, rendered as Markdown (may contain inline HTML). */
|
|
11
14
|
description: text('description'),
|
|
12
15
|
rules: text('rules'),
|
|
13
16
|
bannerUrl: text('banner_url'),
|
package/dist/contest.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contest.js","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AACtH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAE5G,uFAAuF;AACvF,MAAM,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE;IAC1C,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE;IAClD,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IACzD,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;IAChC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IACpE,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAChE,cAAc,EAAE,SAAS,CAAC,kBAAkB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACrE,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,
|
|
1
|
+
{"version":3,"file":"contest.js","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AACtH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAE5G,uFAAuF;AACvF,MAAM,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE;IAC1C,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE;IAClD,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IACzD,qEAAqE;IACrE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IAClD,sEAAsE;IACtE,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;IAChC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IACpE,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAChE,cAAc,EAAE,SAAS,CAAC,kBAAkB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACrE,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,EAW1B;IACH;;;;OAIG;IACH,eAAe,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC,KAAK,EAM7C;IACH,iBAAiB,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE;IAC/F;;;;;OAKG;IACH,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAY;IACzC;;;OAGG;IACH,oBAAoB,EAAE,KAAK,CAAC,wBAAwB,CAAC,CAAC,KAAK,EAAY;IACvE,kEAAkE;IAClE,iBAAiB,EAAE,OAAO,CAAC,sBAAsB,CAAC;IAClD,oEAAoE;IACpE,UAAU,EAAE,qBAAqB,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;IAC3E,8EAA8E;IAC9E,cAAc,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC,KAAK,EAAY;IAC3D,WAAW,EAAE,IAAI,CAAC,eAAe,CAAC;SAC/B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,sBAAsB,EAAE,OAAO,CAAC,0BAA0B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE;IACpF,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE;IACvD,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;IACjF,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CAC1C,CAAC,CAAC;AAEH,wFAAwF;AACxF,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC,iBAAiB,EAAE;IACvD,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACzD,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC7D,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC;IACvB,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC;IACrB,WAAW,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,KAAK,EASrC;IACH,WAAW,EAAE,SAAS,CAAC,cAAc,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CACtF,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,MAAM,CAAC,8BAA8B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,SAAS,CAAC;IAC7E,KAAK,CAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,KAAK,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CAClD,CAAC,CAAC;AAEH,yBAAyB;AAEzB,MAAM,CAAC,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE;IACrD,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACzD,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IACtD,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;IACjF,UAAU,EAAE,SAAS,CAAC,aAAa,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;CAC7D,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,MAAM,CAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC;IAClE,KAAK,CAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACtD,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CACjD,CAAC,CAAC;AAEH,+BAA+B;AAC/B,kFAAkF;AAClF,iFAAiF;AACjF,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC,sBAAsB,EAAE;IACjE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACzD,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,MAAM,CAAC,sCAAsC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC;IACxE,KAAK,CAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,KAAK,CAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CACvD,CAAC,CAAC;AAEH,oBAAoB;AAEpB,MAAM,CAAC,MAAM,iBAAiB,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACvE,SAAS,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;IACjF,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC;IAC7B,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC;CAC/B,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,uBAAuB,GAAG,SAAS,CAAC,cAAc,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,OAAO,EAAE,GAAG,CAAC,YAAY,EAAE;QACzB,MAAM,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC;QAClC,UAAU,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;KAC9B,CAAC;IACF,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CAC9E,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,sBAAsB,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAC3E,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IACxF,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CAC7E,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,4BAA4B,GAAG,SAAS,CAAC,mBAAmB,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IACvF,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IAC9F,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CACnF,CAAC,CAAC,CAAC"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAG3B,cAAc,WAAW,CAAC;AAG1B,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,UAAU,CAAC;AAGzB,cAAc,cAAc,CAAC;AAG7B,cAAc,eAAe,CAAC;AAG9B,cAAc,WAAW,CAAC;AAG1B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,YAAY,CAAC;AAG3B,cAAc,aAAa,CAAC;AAG5B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAG3B,cAAc,WAAW,CAAC;AAG1B,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AAGjC,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,UAAU,CAAC;AAGzB,cAAc,cAAc,CAAC;AAG7B,cAAc,eAAe,CAAC;AAG9B,cAAc,WAAW,CAAC;AAG1B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,YAAY,CAAC;AAG3B,cAAc,aAAa,CAAC;AAG5B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
export * from './enums.js';
|
|
3
3
|
// Auth & Users
|
|
4
4
|
export * from './auth.js';
|
|
5
|
+
// Global RBAC (roles/permissions — session 175, migration 0009)
|
|
6
|
+
export * from './rbac.js';
|
|
7
|
+
export * from './permissions.js';
|
|
5
8
|
// Content
|
|
6
9
|
export * from './content.js';
|
|
7
10
|
// Social
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,eAAe;AACf,cAAc,WAAW,CAAC;AAE1B,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,OAAO;AACP,cAAc,UAAU,CAAC;AAEzB,WAAW;AACX,cAAc,cAAc,CAAC;AAE7B,WAAW;AACX,cAAc,eAAe,CAAC;AAE9B,OAAO;AACP,cAAc,WAAW,CAAC;AAE1B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,+BAA+B;AAC/B,cAAc,aAAa,CAAC;AAE5B,8FAA8F;AAC9F,cAAc,qBAAqB,CAAC;AAEpC,yCAAyC;AACzC,cAAc,gBAAgB,CAAC;AAE/B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,UAAU;AACV,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,eAAe;AACf,cAAc,WAAW,CAAC;AAE1B,gEAAgE;AAChE,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AAEjC,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,OAAO;AACP,cAAc,UAAU,CAAC;AAEzB,WAAW;AACX,cAAc,cAAc,CAAC;AAE7B,WAAW;AACX,cAAc,eAAe,CAAC;AAE9B,OAAO;AACP,cAAc,WAAW,CAAC;AAE1B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,+BAA+B;AAC/B,cAAc,aAAa,CAAC;AAE5B,8FAA8F;AAC9F,cAAc,qBAAqB,CAAC;AAEpC,yCAAyC;AACzC,cAAc,gBAAgB,CAAC;AAE/B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,UAAU;AACV,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
/**
|
|
3
|
+
* Global RBAC permission catalog — a CODE CONSTANT, not a table.
|
|
4
|
+
*
|
|
5
|
+
* Modeled exactly on `PUBLIC_API_SCOPES` (validators.ts) + `hasScope`
|
|
6
|
+
* (packages/server/src/publicApi/scopes.ts). Permissions are capability-level
|
|
7
|
+
* keys (one per coherent admin capability) and only change when code does, so
|
|
8
|
+
* they need a compile-time type, not operator-editable data. ROLES are data
|
|
9
|
+
* (see rbac.ts); the keys a role bundles are validated against THIS catalog on
|
|
10
|
+
* write (like `filterKnownScopes`).
|
|
11
|
+
*
|
|
12
|
+
* Grant forms stored in `role_permissions.permissionKey`:
|
|
13
|
+
* - `*` — full wildcard (admin only)
|
|
14
|
+
* - an exact catalog key (e.g. `content.moderate`)
|
|
15
|
+
* - a segment wildcard `<prefix>.*` (e.g. `content.*`) where `<prefix>` is the
|
|
16
|
+
* first segment of at least one catalog key.
|
|
17
|
+
*
|
|
18
|
+
* Wildcard matching itself lives in the pure `hasPermissionPure`
|
|
19
|
+
* (packages/auth/src/permissions.ts) — this module only defines + validates the
|
|
20
|
+
* vocabulary.
|
|
21
|
+
*/
|
|
22
|
+
export declare const PERMISSIONS: readonly ["*", "admin.access", "users.read", "users.manage", "users.delete", "roles.manage", "content.read", "content.moderate", "content.editorial", "reports.review", "contest.create", "contest.manage", "event.create", "event.manage", "settings.manage", "theme.manage", "layout.manage", "navigation.manage", "search.manage", "apikeys.manage", "storage.manage", "categories.manage", "federation.manage", "audit.read"];
|
|
23
|
+
export type PermissionKey = (typeof PERMISSIONS)[number];
|
|
24
|
+
/** True if `value` is an exact catalog key. */
|
|
25
|
+
export declare function isPermissionKey(value: string): value is PermissionKey;
|
|
26
|
+
/**
|
|
27
|
+
* True if `value` is a valid STORED grant: `*`, an exact catalog key, or a
|
|
28
|
+
* recognized `<prefix>.*` segment wildcard. Used to validate
|
|
29
|
+
* `role_permissions.permissionKey` on write (the catalog-as-gate), mirroring
|
|
30
|
+
* `filterKnownScopes`.
|
|
31
|
+
*/
|
|
32
|
+
export declare function isPermissionGrant(value: string): boolean;
|
|
33
|
+
/** Zod validator for a single stored grant (catalog-gated). */
|
|
34
|
+
export declare const permissionKeySchema: z.ZodString;
|
|
35
|
+
/**
|
|
36
|
+
* Filter a stored grant array down to still-recognized grants. Defensive load
|
|
37
|
+
* guard, exactly like `filterKnownScopes` — catches leftovers from a removed
|
|
38
|
+
* catalog key or a typo that predates validation.
|
|
39
|
+
*/
|
|
40
|
+
export declare function filterKnownPermissions(grants: readonly string[]): string[];
|
|
41
|
+
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,WAAW,maAkCd,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC;AASzD,+CAA+C;AAC/C,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,aAAa,CAErE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAOxD;AAED,+DAA+D;AAC/D,eAAO,MAAM,mBAAmB,aAEmC,CAAC;AAEpE;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,EAAE,CAE1E"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
/**
|
|
3
|
+
* Global RBAC permission catalog — a CODE CONSTANT, not a table.
|
|
4
|
+
*
|
|
5
|
+
* Modeled exactly on `PUBLIC_API_SCOPES` (validators.ts) + `hasScope`
|
|
6
|
+
* (packages/server/src/publicApi/scopes.ts). Permissions are capability-level
|
|
7
|
+
* keys (one per coherent admin capability) and only change when code does, so
|
|
8
|
+
* they need a compile-time type, not operator-editable data. ROLES are data
|
|
9
|
+
* (see rbac.ts); the keys a role bundles are validated against THIS catalog on
|
|
10
|
+
* write (like `filterKnownScopes`).
|
|
11
|
+
*
|
|
12
|
+
* Grant forms stored in `role_permissions.permissionKey`:
|
|
13
|
+
* - `*` — full wildcard (admin only)
|
|
14
|
+
* - an exact catalog key (e.g. `content.moderate`)
|
|
15
|
+
* - a segment wildcard `<prefix>.*` (e.g. `content.*`) where `<prefix>` is the
|
|
16
|
+
* first segment of at least one catalog key.
|
|
17
|
+
*
|
|
18
|
+
* Wildcard matching itself lives in the pure `hasPermissionPure`
|
|
19
|
+
* (packages/auth/src/permissions.ts) — this module only defines + validates the
|
|
20
|
+
* vocabulary.
|
|
21
|
+
*/
|
|
22
|
+
export const PERMISSIONS = [
|
|
23
|
+
// Admin bypass — only ever granted to the `admin` role.
|
|
24
|
+
'*',
|
|
25
|
+
// Admin-only umbrella. `requireAdmin` is reimplemented as
|
|
26
|
+
// `requirePermission(event, 'admin.access')`, so this key is the linchpin
|
|
27
|
+
// routing all legacy admin gates through the new machinery.
|
|
28
|
+
'admin.access',
|
|
29
|
+
// Users
|
|
30
|
+
'users.read',
|
|
31
|
+
'users.manage',
|
|
32
|
+
'users.delete',
|
|
33
|
+
// Roles (RBAC self-administration — Phase 3 admin UI gates on this)
|
|
34
|
+
'roles.manage',
|
|
35
|
+
// Content + moderation
|
|
36
|
+
'content.read',
|
|
37
|
+
'content.moderate',
|
|
38
|
+
'content.editorial',
|
|
39
|
+
'reports.review',
|
|
40
|
+
// Contests + events
|
|
41
|
+
'contest.create',
|
|
42
|
+
'contest.manage',
|
|
43
|
+
'event.create',
|
|
44
|
+
'event.manage',
|
|
45
|
+
// Instance administration
|
|
46
|
+
'settings.manage',
|
|
47
|
+
'theme.manage',
|
|
48
|
+
'layout.manage',
|
|
49
|
+
'navigation.manage',
|
|
50
|
+
'search.manage',
|
|
51
|
+
'apikeys.manage',
|
|
52
|
+
'storage.manage',
|
|
53
|
+
'categories.manage',
|
|
54
|
+
'federation.manage',
|
|
55
|
+
'audit.read',
|
|
56
|
+
];
|
|
57
|
+
const PERMISSION_SET = new Set(PERMISSIONS);
|
|
58
|
+
/** Valid first segments for `<prefix>.*` segment-wildcard grants. */
|
|
59
|
+
const PERMISSION_PREFIXES = new Set(PERMISSIONS.filter((p) => p.includes('.')).map((p) => p.slice(0, p.indexOf('.'))));
|
|
60
|
+
/** True if `value` is an exact catalog key. */
|
|
61
|
+
export function isPermissionKey(value) {
|
|
62
|
+
return PERMISSION_SET.has(value);
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* True if `value` is a valid STORED grant: `*`, an exact catalog key, or a
|
|
66
|
+
* recognized `<prefix>.*` segment wildcard. Used to validate
|
|
67
|
+
* `role_permissions.permissionKey` on write (the catalog-as-gate), mirroring
|
|
68
|
+
* `filterKnownScopes`.
|
|
69
|
+
*/
|
|
70
|
+
export function isPermissionGrant(value) {
|
|
71
|
+
if (value === '*')
|
|
72
|
+
return true;
|
|
73
|
+
if (isPermissionKey(value))
|
|
74
|
+
return true;
|
|
75
|
+
if (value.endsWith('.*')) {
|
|
76
|
+
return PERMISSION_PREFIXES.has(value.slice(0, -2));
|
|
77
|
+
}
|
|
78
|
+
return false;
|
|
79
|
+
}
|
|
80
|
+
/** Zod validator for a single stored grant (catalog-gated). */
|
|
81
|
+
export const permissionKeySchema = z
|
|
82
|
+
.string()
|
|
83
|
+
.refine(isPermissionGrant, { message: 'Unknown permission key' });
|
|
84
|
+
/**
|
|
85
|
+
* Filter a stored grant array down to still-recognized grants. Defensive load
|
|
86
|
+
* guard, exactly like `filterKnownScopes` — catches leftovers from a removed
|
|
87
|
+
* catalog key or a typo that predates validation.
|
|
88
|
+
*/
|
|
89
|
+
export function filterKnownPermissions(grants) {
|
|
90
|
+
return grants.filter((g) => isPermissionGrant(g));
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=permissions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,wDAAwD;IACxD,GAAG;IACH,0DAA0D;IAC1D,0EAA0E;IAC1E,4DAA4D;IAC5D,cAAc;IACd,QAAQ;IACR,YAAY;IACZ,cAAc;IACd,cAAc;IACd,oEAAoE;IACpE,cAAc;IACd,uBAAuB;IACvB,cAAc;IACd,kBAAkB;IAClB,mBAAmB;IACnB,gBAAgB;IAChB,oBAAoB;IACpB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,0BAA0B;IAC1B,iBAAiB;IACjB,cAAc;IACd,eAAe;IACf,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,mBAAmB;IACnB,mBAAmB;IACnB,YAAY;CACJ,CAAC;AAIX,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;AAEjE,qEAAqE;AACrE,MAAM,mBAAmB,GAAwB,IAAI,GAAG,CACtD,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAClF,CAAC;AAEF,+CAA+C;AAC/C,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,eAAe,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,EAAE;KACR,MAAM,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;AAEpE;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAyB;IAC9D,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC"}
|
package/dist/rbac.d.ts
ADDED
|
@@ -0,0 +1,294 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Global RBAC tables (migration 0009, ADDITIVE only).
|
|
3
|
+
*
|
|
4
|
+
* ROLES are data (operator-authorable); PERMISSIONS are a code constant
|
|
5
|
+
* (see permissions.ts). `users.role` (userRoleEnum) is KEPT as the
|
|
6
|
+
* denormalized primary/display role read by enrichUser/roleGuard — these M2M
|
|
7
|
+
* tables are the source of truth for *permissions*, never written back to
|
|
8
|
+
* `users.role`. No `ALTER` on `users` (safe for heatsync `db:push --force` +
|
|
9
|
+
* the drizzle populated-table DDL hazard).
|
|
10
|
+
*/
|
|
11
|
+
export declare const roles: import("drizzle-orm/pg-core").PgTableWithColumns<{
|
|
12
|
+
name: "roles";
|
|
13
|
+
schema: undefined;
|
|
14
|
+
columns: {
|
|
15
|
+
id: import("drizzle-orm/pg-core").PgColumn<{
|
|
16
|
+
name: "id";
|
|
17
|
+
tableName: "roles";
|
|
18
|
+
dataType: "string";
|
|
19
|
+
columnType: "PgUUID";
|
|
20
|
+
data: string;
|
|
21
|
+
driverParam: string;
|
|
22
|
+
notNull: true;
|
|
23
|
+
hasDefault: true;
|
|
24
|
+
isPrimaryKey: true;
|
|
25
|
+
isAutoincrement: false;
|
|
26
|
+
hasRuntimeDefault: false;
|
|
27
|
+
enumValues: undefined;
|
|
28
|
+
baseColumn: never;
|
|
29
|
+
identity: undefined;
|
|
30
|
+
generated: undefined;
|
|
31
|
+
}, {}, {}>;
|
|
32
|
+
key: import("drizzle-orm/pg-core").PgColumn<{
|
|
33
|
+
name: "key";
|
|
34
|
+
tableName: "roles";
|
|
35
|
+
dataType: "string";
|
|
36
|
+
columnType: "PgVarchar";
|
|
37
|
+
data: string;
|
|
38
|
+
driverParam: string;
|
|
39
|
+
notNull: true;
|
|
40
|
+
hasDefault: false;
|
|
41
|
+
isPrimaryKey: false;
|
|
42
|
+
isAutoincrement: false;
|
|
43
|
+
hasRuntimeDefault: false;
|
|
44
|
+
enumValues: [string, ...string[]];
|
|
45
|
+
baseColumn: never;
|
|
46
|
+
identity: undefined;
|
|
47
|
+
generated: undefined;
|
|
48
|
+
}, {}, {
|
|
49
|
+
length: 64;
|
|
50
|
+
}>;
|
|
51
|
+
name: import("drizzle-orm/pg-core").PgColumn<{
|
|
52
|
+
name: "name";
|
|
53
|
+
tableName: "roles";
|
|
54
|
+
dataType: "string";
|
|
55
|
+
columnType: "PgVarchar";
|
|
56
|
+
data: string;
|
|
57
|
+
driverParam: string;
|
|
58
|
+
notNull: true;
|
|
59
|
+
hasDefault: false;
|
|
60
|
+
isPrimaryKey: false;
|
|
61
|
+
isAutoincrement: false;
|
|
62
|
+
hasRuntimeDefault: false;
|
|
63
|
+
enumValues: [string, ...string[]];
|
|
64
|
+
baseColumn: never;
|
|
65
|
+
identity: undefined;
|
|
66
|
+
generated: undefined;
|
|
67
|
+
}, {}, {
|
|
68
|
+
length: 128;
|
|
69
|
+
}>;
|
|
70
|
+
description: import("drizzle-orm/pg-core").PgColumn<{
|
|
71
|
+
name: "description";
|
|
72
|
+
tableName: "roles";
|
|
73
|
+
dataType: "string";
|
|
74
|
+
columnType: "PgText";
|
|
75
|
+
data: string;
|
|
76
|
+
driverParam: string;
|
|
77
|
+
notNull: false;
|
|
78
|
+
hasDefault: false;
|
|
79
|
+
isPrimaryKey: false;
|
|
80
|
+
isAutoincrement: false;
|
|
81
|
+
hasRuntimeDefault: false;
|
|
82
|
+
enumValues: [string, ...string[]];
|
|
83
|
+
baseColumn: never;
|
|
84
|
+
identity: undefined;
|
|
85
|
+
generated: undefined;
|
|
86
|
+
}, {}, {}>;
|
|
87
|
+
isSystem: import("drizzle-orm/pg-core").PgColumn<{
|
|
88
|
+
name: "is_system";
|
|
89
|
+
tableName: "roles";
|
|
90
|
+
dataType: "boolean";
|
|
91
|
+
columnType: "PgBoolean";
|
|
92
|
+
data: boolean;
|
|
93
|
+
driverParam: boolean;
|
|
94
|
+
notNull: true;
|
|
95
|
+
hasDefault: true;
|
|
96
|
+
isPrimaryKey: false;
|
|
97
|
+
isAutoincrement: false;
|
|
98
|
+
hasRuntimeDefault: false;
|
|
99
|
+
enumValues: undefined;
|
|
100
|
+
baseColumn: never;
|
|
101
|
+
identity: undefined;
|
|
102
|
+
generated: undefined;
|
|
103
|
+
}, {}, {}>;
|
|
104
|
+
priority: import("drizzle-orm/pg-core").PgColumn<{
|
|
105
|
+
name: "priority";
|
|
106
|
+
tableName: "roles";
|
|
107
|
+
dataType: "number";
|
|
108
|
+
columnType: "PgInteger";
|
|
109
|
+
data: number;
|
|
110
|
+
driverParam: string | number;
|
|
111
|
+
notNull: false;
|
|
112
|
+
hasDefault: false;
|
|
113
|
+
isPrimaryKey: false;
|
|
114
|
+
isAutoincrement: false;
|
|
115
|
+
hasRuntimeDefault: false;
|
|
116
|
+
enumValues: undefined;
|
|
117
|
+
baseColumn: never;
|
|
118
|
+
identity: undefined;
|
|
119
|
+
generated: undefined;
|
|
120
|
+
}, {}, {}>;
|
|
121
|
+
createdAt: import("drizzle-orm/pg-core").PgColumn<{
|
|
122
|
+
name: "created_at";
|
|
123
|
+
tableName: "roles";
|
|
124
|
+
dataType: "date";
|
|
125
|
+
columnType: "PgTimestamp";
|
|
126
|
+
data: Date;
|
|
127
|
+
driverParam: string;
|
|
128
|
+
notNull: true;
|
|
129
|
+
hasDefault: true;
|
|
130
|
+
isPrimaryKey: false;
|
|
131
|
+
isAutoincrement: false;
|
|
132
|
+
hasRuntimeDefault: false;
|
|
133
|
+
enumValues: undefined;
|
|
134
|
+
baseColumn: never;
|
|
135
|
+
identity: undefined;
|
|
136
|
+
generated: undefined;
|
|
137
|
+
}, {}, {}>;
|
|
138
|
+
updatedAt: import("drizzle-orm/pg-core").PgColumn<{
|
|
139
|
+
name: "updated_at";
|
|
140
|
+
tableName: "roles";
|
|
141
|
+
dataType: "date";
|
|
142
|
+
columnType: "PgTimestamp";
|
|
143
|
+
data: Date;
|
|
144
|
+
driverParam: string;
|
|
145
|
+
notNull: true;
|
|
146
|
+
hasDefault: true;
|
|
147
|
+
isPrimaryKey: false;
|
|
148
|
+
isAutoincrement: false;
|
|
149
|
+
hasRuntimeDefault: false;
|
|
150
|
+
enumValues: undefined;
|
|
151
|
+
baseColumn: never;
|
|
152
|
+
identity: undefined;
|
|
153
|
+
generated: undefined;
|
|
154
|
+
}, {}, {}>;
|
|
155
|
+
};
|
|
156
|
+
dialect: "pg";
|
|
157
|
+
}>;
|
|
158
|
+
export declare const rolePermissions: import("drizzle-orm/pg-core").PgTableWithColumns<{
|
|
159
|
+
name: "role_permissions";
|
|
160
|
+
schema: undefined;
|
|
161
|
+
columns: {
|
|
162
|
+
roleId: import("drizzle-orm/pg-core").PgColumn<{
|
|
163
|
+
name: "role_id";
|
|
164
|
+
tableName: "role_permissions";
|
|
165
|
+
dataType: "string";
|
|
166
|
+
columnType: "PgUUID";
|
|
167
|
+
data: string;
|
|
168
|
+
driverParam: string;
|
|
169
|
+
notNull: true;
|
|
170
|
+
hasDefault: false;
|
|
171
|
+
isPrimaryKey: false;
|
|
172
|
+
isAutoincrement: false;
|
|
173
|
+
hasRuntimeDefault: false;
|
|
174
|
+
enumValues: undefined;
|
|
175
|
+
baseColumn: never;
|
|
176
|
+
identity: undefined;
|
|
177
|
+
generated: undefined;
|
|
178
|
+
}, {}, {}>;
|
|
179
|
+
permissionKey: import("drizzle-orm/pg-core").PgColumn<{
|
|
180
|
+
name: "permission_key";
|
|
181
|
+
tableName: "role_permissions";
|
|
182
|
+
dataType: "string";
|
|
183
|
+
columnType: "PgVarchar";
|
|
184
|
+
data: string;
|
|
185
|
+
driverParam: string;
|
|
186
|
+
notNull: true;
|
|
187
|
+
hasDefault: false;
|
|
188
|
+
isPrimaryKey: false;
|
|
189
|
+
isAutoincrement: false;
|
|
190
|
+
hasRuntimeDefault: false;
|
|
191
|
+
enumValues: [string, ...string[]];
|
|
192
|
+
baseColumn: never;
|
|
193
|
+
identity: undefined;
|
|
194
|
+
generated: undefined;
|
|
195
|
+
}, {}, {
|
|
196
|
+
length: 64;
|
|
197
|
+
}>;
|
|
198
|
+
};
|
|
199
|
+
dialect: "pg";
|
|
200
|
+
}>;
|
|
201
|
+
export declare const userRoles: import("drizzle-orm/pg-core").PgTableWithColumns<{
|
|
202
|
+
name: "user_roles";
|
|
203
|
+
schema: undefined;
|
|
204
|
+
columns: {
|
|
205
|
+
userId: import("drizzle-orm/pg-core").PgColumn<{
|
|
206
|
+
name: "user_id";
|
|
207
|
+
tableName: "user_roles";
|
|
208
|
+
dataType: "string";
|
|
209
|
+
columnType: "PgUUID";
|
|
210
|
+
data: string;
|
|
211
|
+
driverParam: string;
|
|
212
|
+
notNull: true;
|
|
213
|
+
hasDefault: false;
|
|
214
|
+
isPrimaryKey: false;
|
|
215
|
+
isAutoincrement: false;
|
|
216
|
+
hasRuntimeDefault: false;
|
|
217
|
+
enumValues: undefined;
|
|
218
|
+
baseColumn: never;
|
|
219
|
+
identity: undefined;
|
|
220
|
+
generated: undefined;
|
|
221
|
+
}, {}, {}>;
|
|
222
|
+
roleId: import("drizzle-orm/pg-core").PgColumn<{
|
|
223
|
+
name: "role_id";
|
|
224
|
+
tableName: "user_roles";
|
|
225
|
+
dataType: "string";
|
|
226
|
+
columnType: "PgUUID";
|
|
227
|
+
data: string;
|
|
228
|
+
driverParam: string;
|
|
229
|
+
notNull: true;
|
|
230
|
+
hasDefault: false;
|
|
231
|
+
isPrimaryKey: false;
|
|
232
|
+
isAutoincrement: false;
|
|
233
|
+
hasRuntimeDefault: false;
|
|
234
|
+
enumValues: undefined;
|
|
235
|
+
baseColumn: never;
|
|
236
|
+
identity: undefined;
|
|
237
|
+
generated: undefined;
|
|
238
|
+
}, {}, {}>;
|
|
239
|
+
grantedBy: import("drizzle-orm/pg-core").PgColumn<{
|
|
240
|
+
name: "granted_by";
|
|
241
|
+
tableName: "user_roles";
|
|
242
|
+
dataType: "string";
|
|
243
|
+
columnType: "PgUUID";
|
|
244
|
+
data: string;
|
|
245
|
+
driverParam: string;
|
|
246
|
+
notNull: false;
|
|
247
|
+
hasDefault: false;
|
|
248
|
+
isPrimaryKey: false;
|
|
249
|
+
isAutoincrement: false;
|
|
250
|
+
hasRuntimeDefault: false;
|
|
251
|
+
enumValues: undefined;
|
|
252
|
+
baseColumn: never;
|
|
253
|
+
identity: undefined;
|
|
254
|
+
generated: undefined;
|
|
255
|
+
}, {}, {}>;
|
|
256
|
+
grantedAt: import("drizzle-orm/pg-core").PgColumn<{
|
|
257
|
+
name: "granted_at";
|
|
258
|
+
tableName: "user_roles";
|
|
259
|
+
dataType: "date";
|
|
260
|
+
columnType: "PgTimestamp";
|
|
261
|
+
data: Date;
|
|
262
|
+
driverParam: string;
|
|
263
|
+
notNull: true;
|
|
264
|
+
hasDefault: true;
|
|
265
|
+
isPrimaryKey: false;
|
|
266
|
+
isAutoincrement: false;
|
|
267
|
+
hasRuntimeDefault: false;
|
|
268
|
+
enumValues: undefined;
|
|
269
|
+
baseColumn: never;
|
|
270
|
+
identity: undefined;
|
|
271
|
+
generated: undefined;
|
|
272
|
+
}, {}, {}>;
|
|
273
|
+
};
|
|
274
|
+
dialect: "pg";
|
|
275
|
+
}>;
|
|
276
|
+
export declare const rolesRelations: import("drizzle-orm").Relations<"roles", {
|
|
277
|
+
permissions: import("drizzle-orm").Many<"role_permissions">;
|
|
278
|
+
userRoles: import("drizzle-orm").Many<"user_roles">;
|
|
279
|
+
}>;
|
|
280
|
+
export declare const rolePermissionsRelations: import("drizzle-orm").Relations<"role_permissions", {
|
|
281
|
+
role: import("drizzle-orm").One<"roles", true>;
|
|
282
|
+
}>;
|
|
283
|
+
export declare const userRolesRelations: import("drizzle-orm").Relations<"user_roles", {
|
|
284
|
+
user: import("drizzle-orm").One<"users", true>;
|
|
285
|
+
role: import("drizzle-orm").One<"roles", true>;
|
|
286
|
+
grantedByUser: import("drizzle-orm").One<"users", false>;
|
|
287
|
+
}>;
|
|
288
|
+
export type RoleRow = typeof roles.$inferSelect;
|
|
289
|
+
export type NewRoleRow = typeof roles.$inferInsert;
|
|
290
|
+
export type RolePermissionRow = typeof rolePermissions.$inferSelect;
|
|
291
|
+
export type NewRolePermissionRow = typeof rolePermissions.$inferInsert;
|
|
292
|
+
export type UserRoleRow = typeof userRoles.$inferSelect;
|
|
293
|
+
export type NewUserRoleRow = typeof userRoles.$inferInsert;
|
|
294
|
+
//# sourceMappingURL=rbac.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../src/rbac.ts"],"names":[],"mappings":"AAcA;;;;;;;;;GASG;AAEH,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBjB,CAAC;AAEF,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa3B,CAAC;AAEF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBrB,CAAC;AAIF,eAAO,MAAM,cAAc;;;EAGxB,CAAC;AAEJ,eAAO,MAAM,wBAAwB;;EAElC,CAAC;AAEJ,eAAO,MAAM,kBAAkB;;;;EAI5B,CAAC;AAGJ,MAAM,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,YAAY,CAAC;AAChD,MAAM,MAAM,UAAU,GAAG,OAAO,KAAK,CAAC,YAAY,CAAC;AACnD,MAAM,MAAM,iBAAiB,GAAG,OAAO,eAAe,CAAC,YAAY,CAAC;AACpE,MAAM,MAAM,oBAAoB,GAAG,OAAO,eAAe,CAAC,YAAY,CAAC;AACvE,MAAM,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC;AACxD,MAAM,MAAM,cAAc,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC"}
|
package/dist/rbac.js
ADDED
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
import { pgTable, uuid, varchar, text, boolean, integer, timestamp, primaryKey, index, } from 'drizzle-orm/pg-core';
|
|
2
|
+
import { relations } from 'drizzle-orm';
|
|
3
|
+
import { users } from './auth.js';
|
|
4
|
+
/**
|
|
5
|
+
* Global RBAC tables (migration 0009, ADDITIVE only).
|
|
6
|
+
*
|
|
7
|
+
* ROLES are data (operator-authorable); PERMISSIONS are a code constant
|
|
8
|
+
* (see permissions.ts). `users.role` (userRoleEnum) is KEPT as the
|
|
9
|
+
* denormalized primary/display role read by enrichUser/roleGuard — these M2M
|
|
10
|
+
* tables are the source of truth for *permissions*, never written back to
|
|
11
|
+
* `users.role`. No `ALTER` on `users` (safe for heatsync `db:push --force` +
|
|
12
|
+
* the drizzle populated-table DDL hazard).
|
|
13
|
+
*/
|
|
14
|
+
export const roles = pgTable('roles', {
|
|
15
|
+
id: uuid('id').defaultRandom().primaryKey(),
|
|
16
|
+
key: varchar('key', { length: 64 }).notNull().unique(),
|
|
17
|
+
name: varchar('name', { length: 128 }).notNull(),
|
|
18
|
+
description: text('description'),
|
|
19
|
+
/** System roles (member/pro/verified/staff/admin) are seeded + undeletable. */
|
|
20
|
+
isSystem: boolean('is_system').default(false).notNull(),
|
|
21
|
+
/** Mirrors the roleGuard hierarchy (10/20/30/40/50) so it can later read priority. */
|
|
22
|
+
priority: integer('priority'),
|
|
23
|
+
createdAt: timestamp('created_at', { withTimezone: true }).defaultNow().notNull(),
|
|
24
|
+
updatedAt: timestamp('updated_at', { withTimezone: true })
|
|
25
|
+
.defaultNow()
|
|
26
|
+
.notNull()
|
|
27
|
+
.$onUpdateFn(() => new Date()),
|
|
28
|
+
});
|
|
29
|
+
export const rolePermissions = pgTable('role_permissions', {
|
|
30
|
+
roleId: uuid('role_id')
|
|
31
|
+
.notNull()
|
|
32
|
+
.references(() => roles.id, { onDelete: 'cascade' }),
|
|
33
|
+
/** Validated against the PERMISSIONS catalog on write (permissionKeySchema). */
|
|
34
|
+
permissionKey: varchar('permission_key', { length: 64 }).notNull(),
|
|
35
|
+
}, (t) => [
|
|
36
|
+
primaryKey({ columns: [t.roleId, t.permissionKey] }),
|
|
37
|
+
index('idx_role_permissions_role_id').on(t.roleId),
|
|
38
|
+
]);
|
|
39
|
+
export const userRoles = pgTable('user_roles', {
|
|
40
|
+
userId: uuid('user_id')
|
|
41
|
+
.notNull()
|
|
42
|
+
.references(() => users.id, { onDelete: 'cascade' }),
|
|
43
|
+
roleId: uuid('role_id')
|
|
44
|
+
.notNull()
|
|
45
|
+
.references(() => roles.id, { onDelete: 'cascade' }),
|
|
46
|
+
/** Who granted this role; nulled (not cascaded) if the granter is deleted. */
|
|
47
|
+
grantedBy: uuid('granted_by').references(() => users.id, { onDelete: 'set null' }),
|
|
48
|
+
grantedAt: timestamp('granted_at', { withTimezone: true }).defaultNow().notNull(),
|
|
49
|
+
}, (t) => [
|
|
50
|
+
primaryKey({ columns: [t.userId, t.roleId] }),
|
|
51
|
+
index('idx_user_roles_user_id').on(t.userId),
|
|
52
|
+
index('idx_user_roles_role_id').on(t.roleId),
|
|
53
|
+
]);
|
|
54
|
+
// --- Relations ---
|
|
55
|
+
export const rolesRelations = relations(roles, ({ many }) => ({
|
|
56
|
+
permissions: many(rolePermissions),
|
|
57
|
+
userRoles: many(userRoles),
|
|
58
|
+
}));
|
|
59
|
+
export const rolePermissionsRelations = relations(rolePermissions, ({ one }) => ({
|
|
60
|
+
role: one(roles, { fields: [rolePermissions.roleId], references: [roles.id] }),
|
|
61
|
+
}));
|
|
62
|
+
export const userRolesRelations = relations(userRoles, ({ one }) => ({
|
|
63
|
+
user: one(users, { fields: [userRoles.userId], references: [users.id] }),
|
|
64
|
+
role: one(roles, { fields: [userRoles.roleId], references: [roles.id] }),
|
|
65
|
+
grantedByUser: one(users, { fields: [userRoles.grantedBy], references: [users.id] }),
|
|
66
|
+
}));
|
|
67
|
+
//# sourceMappingURL=rbac.js.map
|
package/dist/rbac.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../src/rbac.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,IAAI,EACJ,OAAO,EACP,IAAI,EACJ,OAAO,EACP,OAAO,EACP,SAAS,EACT,UAAU,EACV,KAAK,GACN,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAElC;;;;;;;;;GASG;AAEH,MAAM,CAAC,MAAM,KAAK,GAAG,OAAO,CAC1B,OAAO,EACP;IACE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IACtD,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE;IAChD,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;IAChC,+EAA+E;IAC/E,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE;IACvD,sFAAsF;IACtF,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC;IAC7B,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;IACjF,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SACvD,UAAU,EAAE;SACZ,OAAO,EAAE;SACT,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;CACjC,CAEF,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CACpC,kBAAkB,EAClB;IACE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,gFAAgF;IAChF,aAAa,EAAE,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE;CACnE,EACD,CAAC,CAAC,EAAE,EAAE,CAAC;IACL,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC;IACpD,KAAK,CAAC,8BAA8B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CACnD,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAAG,OAAO,CAC9B,YAAY,EACZ;IACE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,8EAA8E;IAC9E,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAClF,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EACD,CAAC,CAAC,EAAE,EAAE,CAAC;IACL,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IAC7C,KAAK,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC5C,KAAK,CAAC,wBAAwB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CAC7C,CACF,CAAC;AAEF,oBAAoB;AAEpB,MAAM,CAAC,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5D,WAAW,EAAE,IAAI,CAAC,eAAe,CAAC;IAClC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC;CAC3B,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,wBAAwB,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/E,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CAC/E,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,kBAAkB,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IACnE,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;IACxE,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;IACxE,aAAa,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CACrF,CAAC,CAAC,CAAC"}
|