@commonpub/schema 0.22.0 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/contest.d.ts +40 -2
- package/dist/contest.d.ts.map +1 -1
- package/dist/contest.js +5 -0
- package/dist/contest.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -0
- package/dist/index.js.map +1 -1
- package/dist/permissions.d.ts +41 -0
- package/dist/permissions.d.ts.map +1 -0
- package/dist/permissions.js +92 -0
- package/dist/permissions.js.map +1 -0
- package/dist/rbac.d.ts +294 -0
- package/dist/rbac.d.ts.map +1 -0
- package/dist/rbac.js +67 -0
- package/dist/rbac.js.map +1 -0
- package/dist/validators.d.ts +7 -3
- package/dist/validators.d.ts.map +1 -1
- package/dist/validators.js +13 -3
- package/dist/validators.js.map +1 -1
- package/migrations/0009_rbac_roles_permissions.sql +33 -0
- package/migrations/0010_powerful_doctor_faustus.sql +1 -0
- package/migrations/0011_green_lorna_dane.sql +1 -0
- package/migrations/meta/0009_snapshot.json +11007 -0
- package/migrations/meta/0010_snapshot.json +11013 -0
- package/migrations/meta/0011_snapshot.json +11019 -0
- package/migrations/meta/_journal.json +21 -0
- package/package.json +1 -1
package/dist/contest.d.ts
CHANGED
|
@@ -58,6 +58,25 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
58
58
|
}, {}, {
|
|
59
59
|
length: 255;
|
|
60
60
|
}>;
|
|
61
|
+
subheading: import("drizzle-orm/pg-core").PgColumn<{
|
|
62
|
+
name: "subheading";
|
|
63
|
+
tableName: "contests";
|
|
64
|
+
dataType: "string";
|
|
65
|
+
columnType: "PgVarchar";
|
|
66
|
+
data: string;
|
|
67
|
+
driverParam: string;
|
|
68
|
+
notNull: false;
|
|
69
|
+
hasDefault: false;
|
|
70
|
+
isPrimaryKey: false;
|
|
71
|
+
isAutoincrement: false;
|
|
72
|
+
hasRuntimeDefault: false;
|
|
73
|
+
enumValues: [string, ...string[]];
|
|
74
|
+
baseColumn: never;
|
|
75
|
+
identity: undefined;
|
|
76
|
+
generated: undefined;
|
|
77
|
+
}, {}, {
|
|
78
|
+
length: 300;
|
|
79
|
+
}>;
|
|
61
80
|
description: import("drizzle-orm/pg-core").PgColumn<{
|
|
62
81
|
name: "description";
|
|
63
82
|
tableName: "contests";
|
|
@@ -92,6 +111,23 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
92
111
|
identity: undefined;
|
|
93
112
|
generated: undefined;
|
|
94
113
|
}, {}, {}>;
|
|
114
|
+
prizesDescription: import("drizzle-orm/pg-core").PgColumn<{
|
|
115
|
+
name: "prizes_description";
|
|
116
|
+
tableName: "contests";
|
|
117
|
+
dataType: "string";
|
|
118
|
+
columnType: "PgText";
|
|
119
|
+
data: string;
|
|
120
|
+
driverParam: string;
|
|
121
|
+
notNull: false;
|
|
122
|
+
hasDefault: false;
|
|
123
|
+
isPrimaryKey: false;
|
|
124
|
+
isAutoincrement: false;
|
|
125
|
+
hasRuntimeDefault: false;
|
|
126
|
+
enumValues: [string, ...string[]];
|
|
127
|
+
baseColumn: never;
|
|
128
|
+
identity: undefined;
|
|
129
|
+
generated: undefined;
|
|
130
|
+
}, {}, {}>;
|
|
95
131
|
bannerUrl: import("drizzle-orm/pg-core").PgColumn<{
|
|
96
132
|
name: "banner_url";
|
|
97
133
|
tableName: "contests";
|
|
@@ -187,7 +223,8 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
187
223
|
place?: number;
|
|
188
224
|
/** Optional category label (e.g. "Best in Show", "Robotics"). */
|
|
189
225
|
category?: string;
|
|
190
|
-
|
|
226
|
+
/** Optional — a prize can be description-only (no forced placement). */
|
|
227
|
+
title?: string;
|
|
191
228
|
description?: string;
|
|
192
229
|
value?: string;
|
|
193
230
|
}[];
|
|
@@ -207,7 +244,8 @@ export declare const contests: import("drizzle-orm/pg-core").PgTableWithColumns<
|
|
|
207
244
|
place?: number;
|
|
208
245
|
/** Optional category label (e.g. "Best in Show", "Robotics"). */
|
|
209
246
|
category?: string;
|
|
210
|
-
|
|
247
|
+
/** Optional — a prize can be description-only (no forced placement). */
|
|
248
|
+
title?: string;
|
|
211
249
|
description?: string;
|
|
212
250
|
value?: string;
|
|
213
251
|
}[];
|
package/dist/contest.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contest.d.ts","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAMA,uFAAuF;AACvF,eAAO,MAAM,QAAQ
|
|
1
|
+
{"version":3,"file":"contest.d.ts","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAMA,uFAAuF;AACvF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gBAkBf,4EAA4E;wBACpE,MAAM;gBACd,iEAAiE;2BACtD,MAAM;gBACjB,wEAAwE;wBAChE,MAAM;8BACA,MAAM;wBACZ,MAAM;;;;;;;;;;;;;;gBAPd,4EAA4E;wBACpE,MAAM;gBACd,iEAAiE;2BACtD,MAAM;gBACjB,wEAAwE;wBAChE,MAAM;8BACA,MAAM;wBACZ,MAAM;;;;;;;;;uBAUP,MAAM;yBACJ,MAAM;8BACD,MAAM;;;;;;;;;;;;;;uBAFb,MAAM;yBACJ,MAAM;8BACD,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgCxB,CAAC;AAEH,wFAAwF;AACxF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAeZ,MAAM;gBACf,6EAA6E;uBACtE,MAAM;2BACF,MAAM;gBACjB,yEAAyE;iCACxD,KAAK,CAAC;oBAAE,KAAK,EAAE,MAAM,CAAC;oBAAC,KAAK,EAAE,MAAM,CAAC;oBAAC,GAAG,EAAE,MAAM,CAAA;iBAAE,CAAC;;;;;;;;;;;;;;yBAL5D,MAAM;gBACf,6EAA6E;uBACtE,MAAM;2BACF,MAAM;gBACjB,yEAAyE;iCACxD,KAAK,CAAC;oBAAE,KAAK,EAAE,MAAM,CAAC;oBAAC,KAAK,EAAE,MAAM,CAAC;oBAAC,GAAG,EAAE,MAAM,CAAA;iBAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;EAQzE,CAAC;AAIH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAexB,CAAC;AAKH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa9B,CAAC;AAIH,eAAO,MAAM,iBAAiB;;;;EAI3B,CAAC;AAEJ,eAAO,MAAM,uBAAuB;;;;EAOjC,CAAC;AAEJ,eAAO,MAAM,sBAAsB;;;EAGhC,CAAC;AAEJ,eAAO,MAAM,4BAA4B;;;EAGtC,CAAC;AAGJ,MAAM,MAAM,UAAU,GAAG,OAAO,QAAQ,CAAC,YAAY,CAAC;AACtD,MAAM,MAAM,aAAa,GAAG,OAAO,QAAQ,CAAC,YAAY,CAAC;AACzD,MAAM,MAAM,eAAe,GAAG,OAAO,cAAc,CAAC,YAAY,CAAC;AACjE,MAAM,MAAM,kBAAkB,GAAG,OAAO,cAAc,CAAC,YAAY,CAAC;AACpE,MAAM,MAAM,eAAe,GAAG,OAAO,aAAa,CAAC,YAAY,CAAC;AAChE,MAAM,MAAM,kBAAkB,GAAG,OAAO,aAAa,CAAC,YAAY,CAAC;AACnE,MAAM,MAAM,qBAAqB,GAAG,OAAO,mBAAmB,CAAC,YAAY,CAAC;AAC5E,MAAM,MAAM,wBAAwB,GAAG,OAAO,mBAAmB,CAAC,YAAY,CAAC"}
|
package/dist/contest.js
CHANGED
|
@@ -8,8 +8,13 @@ export const contests = pgTable('contests', {
|
|
|
8
8
|
id: uuid('id').defaultRandom().primaryKey(),
|
|
9
9
|
title: varchar('title', { length: 255 }).notNull(),
|
|
10
10
|
slug: varchar('slug', { length: 255 }).notNull().unique(),
|
|
11
|
+
/** Short one-line tagline shown in the contest hero (plain text). */
|
|
12
|
+
subheading: varchar('subheading', { length: 300 }),
|
|
13
|
+
/** Long-form body, rendered as Markdown (may contain inline HTML). */
|
|
11
14
|
description: text('description'),
|
|
12
15
|
rules: text('rules'),
|
|
16
|
+
/** Markdown intro shown on the Prizes tab, above the individual prize cards. */
|
|
17
|
+
prizesDescription: text('prizes_description'),
|
|
13
18
|
bannerUrl: text('banner_url'),
|
|
14
19
|
status: contestStatusEnum('status').default('upcoming').notNull(),
|
|
15
20
|
startDate: timestamp('start_date', { withTimezone: true }).notNull(),
|
package/dist/contest.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contest.js","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AACtH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAE5G,uFAAuF;AACvF,MAAM,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE;IAC1C,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE;IAClD,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IACzD,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;IAChC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IACpE,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAChE,cAAc,EAAE,SAAS,CAAC,kBAAkB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACrE,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,
|
|
1
|
+
{"version":3,"file":"contest.js","sourceRoot":"","sources":["../src/contest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AACtH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAE5G,uFAAuF;AACvF,MAAM,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE;IAC1C,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE;IAClD,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE;IACzD,qEAAqE;IACrE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IAClD,sEAAsE;IACtE,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;IAChC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC;IACpB,gFAAgF;IAChF,iBAAiB,EAAE,IAAI,CAAC,oBAAoB,CAAC;IAC7C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;IACjE,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IACpE,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IAChE,cAAc,EAAE,SAAS,CAAC,kBAAkB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IACrE,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,EAW1B;IACH;;;;OAIG;IACH,eAAe,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC,KAAK,EAM7C;IACH,iBAAiB,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE;IAC/F;;;;;OAKG;IACH,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAY;IACzC;;;OAGG;IACH,oBAAoB,EAAE,KAAK,CAAC,wBAAwB,CAAC,CAAC,KAAK,EAAY;IACvE,kEAAkE;IAClE,iBAAiB,EAAE,OAAO,CAAC,sBAAsB,CAAC;IAClD,oEAAoE;IACpE,UAAU,EAAE,qBAAqB,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;IAC3E,8EAA8E;IAC9E,cAAc,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC,KAAK,EAAY;IAC3D,WAAW,EAAE,IAAI,CAAC,eAAe,CAAC;SAC/B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,sBAAsB,EAAE,OAAO,CAAC,0BAA0B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE;IACpF,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE;IACvD,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;IACjF,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CAC1C,CAAC,CAAC;AAEH,wFAAwF;AACxF,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC,iBAAiB,EAAE;IACvD,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACzD,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC7D,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC;IACvB,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC;IACrB,WAAW,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,KAAK,EASrC;IACH,WAAW,EAAE,SAAS,CAAC,cAAc,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CACtF,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,MAAM,CAAC,8BAA8B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,SAAS,CAAC;IAC7E,KAAK,CAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,KAAK,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CAClD,CAAC,CAAC;AAEH,yBAAyB;AAEzB,MAAM,CAAC,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE;IACrD,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACzD,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE;IACtD,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;IACjF,UAAU,EAAE,SAAS,CAAC,aAAa,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;CAC7D,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,MAAM,CAAC,gCAAgC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC;IAClE,KAAK,CAAC,+BAA+B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACtD,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CACjD,CAAC,CAAC;AAEH,+BAA+B;AAC/B,kFAAkF;AAClF,iFAAiF;AACjF,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC,sBAAsB,EAAE;IACjE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE;IAC3C,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;SAC1B,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACzD,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;SACpB,OAAO,EAAE;SACT,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtD,SAAS,EAAE,SAAS,CAAC,YAAY,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,OAAO,EAAE;CAClF,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;IACR,MAAM,CAAC,sCAAsC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC;IACxE,KAAK,CAAC,qCAAqC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,KAAK,CAAC,kCAAkC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;CACvD,CAAC,CAAC;AAEH,oBAAoB;AAEpB,MAAM,CAAC,MAAM,iBAAiB,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACvE,SAAS,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;IACjF,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC;IAC7B,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC;CAC/B,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,uBAAuB,GAAG,SAAS,CAAC,cAAc,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IACzF,OAAO,EAAE,GAAG,CAAC,YAAY,EAAE;QACzB,MAAM,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC;QAClC,UAAU,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;KAC9B,CAAC;IACF,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CAC9E,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,sBAAsB,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IAC3E,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IACxF,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CAC7E,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,4BAA4B,GAAG,SAAS,CAAC,mBAAmB,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;IACvF,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IAC9F,IAAI,EAAE,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;CACnF,CAAC,CAAC,CAAC"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAG3B,cAAc,WAAW,CAAC;AAG1B,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,UAAU,CAAC;AAGzB,cAAc,cAAc,CAAC;AAG7B,cAAc,eAAe,CAAC;AAG9B,cAAc,WAAW,CAAC;AAG1B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,YAAY,CAAC;AAG3B,cAAc,aAAa,CAAC;AAG5B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAG3B,cAAc,WAAW,CAAC;AAG1B,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AAGjC,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,UAAU,CAAC;AAGzB,cAAc,cAAc,CAAC;AAG7B,cAAc,eAAe,CAAC;AAG9B,cAAc,WAAW,CAAC;AAG1B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC;AAG5B,cAAc,aAAa,CAAC;AAG5B,cAAc,YAAY,CAAC;AAG3B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,YAAY,CAAC;AAG3B,cAAc,aAAa,CAAC;AAG5B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
export * from './enums.js';
|
|
3
3
|
// Auth & Users
|
|
4
4
|
export * from './auth.js';
|
|
5
|
+
// Global RBAC (roles/permissions — session 175, migration 0009)
|
|
6
|
+
export * from './rbac.js';
|
|
7
|
+
export * from './permissions.js';
|
|
5
8
|
// Content
|
|
6
9
|
export * from './content.js';
|
|
7
10
|
// Social
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,eAAe;AACf,cAAc,WAAW,CAAC;AAE1B,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,OAAO;AACP,cAAc,UAAU,CAAC;AAEzB,WAAW;AACX,cAAc,cAAc,CAAC;AAE7B,WAAW;AACX,cAAc,eAAe,CAAC;AAE9B,OAAO;AACP,cAAc,WAAW,CAAC;AAE1B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,+BAA+B;AAC/B,cAAc,aAAa,CAAC;AAE5B,8FAA8F;AAC9F,cAAc,qBAAqB,CAAC;AAEpC,yCAAyC;AACzC,cAAc,gBAAgB,CAAC;AAE/B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,UAAU;AACV,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,eAAe;AACf,cAAc,WAAW,CAAC;AAE1B,gEAAgE;AAChE,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AAEjC,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,OAAO;AACP,cAAc,UAAU,CAAC;AAEzB,WAAW;AACX,cAAc,cAAc,CAAC;AAE7B,WAAW;AACX,cAAc,eAAe,CAAC;AAE9B,OAAO;AACP,cAAc,WAAW,CAAC;AAE1B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,UAAU;AACV,cAAc,cAAc,CAAC;AAE7B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,SAAS;AACT,cAAc,aAAa,CAAC;AAE5B,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,QAAQ;AACR,cAAc,YAAY,CAAC;AAE3B,+BAA+B;AAC/B,cAAc,aAAa,CAAC;AAE5B,8FAA8F;AAC9F,cAAc,qBAAqB,CAAC;AAEpC,yCAAyC;AACzC,cAAc,gBAAgB,CAAC;AAE/B,aAAa;AACb,cAAc,iBAAiB,CAAC;AAEhC,UAAU;AACV,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
/**
|
|
3
|
+
* Global RBAC permission catalog — a CODE CONSTANT, not a table.
|
|
4
|
+
*
|
|
5
|
+
* Modeled exactly on `PUBLIC_API_SCOPES` (validators.ts) + `hasScope`
|
|
6
|
+
* (packages/server/src/publicApi/scopes.ts). Permissions are capability-level
|
|
7
|
+
* keys (one per coherent admin capability) and only change when code does, so
|
|
8
|
+
* they need a compile-time type, not operator-editable data. ROLES are data
|
|
9
|
+
* (see rbac.ts); the keys a role bundles are validated against THIS catalog on
|
|
10
|
+
* write (like `filterKnownScopes`).
|
|
11
|
+
*
|
|
12
|
+
* Grant forms stored in `role_permissions.permissionKey`:
|
|
13
|
+
* - `*` — full wildcard (admin only)
|
|
14
|
+
* - an exact catalog key (e.g. `content.moderate`)
|
|
15
|
+
* - a segment wildcard `<prefix>.*` (e.g. `content.*`) where `<prefix>` is the
|
|
16
|
+
* first segment of at least one catalog key.
|
|
17
|
+
*
|
|
18
|
+
* Wildcard matching itself lives in the pure `hasPermissionPure`
|
|
19
|
+
* (packages/auth/src/permissions.ts) — this module only defines + validates the
|
|
20
|
+
* vocabulary.
|
|
21
|
+
*/
|
|
22
|
+
export declare const PERMISSIONS: readonly ["*", "admin.access", "users.read", "users.manage", "users.delete", "roles.manage", "content.read", "content.moderate", "content.editorial", "reports.review", "contest.create", "contest.manage", "event.create", "event.manage", "settings.manage", "theme.manage", "layout.manage", "navigation.manage", "search.manage", "apikeys.manage", "storage.manage", "categories.manage", "federation.manage", "audit.read"];
|
|
23
|
+
export type PermissionKey = (typeof PERMISSIONS)[number];
|
|
24
|
+
/** True if `value` is an exact catalog key. */
|
|
25
|
+
export declare function isPermissionKey(value: string): value is PermissionKey;
|
|
26
|
+
/**
|
|
27
|
+
* True if `value` is a valid STORED grant: `*`, an exact catalog key, or a
|
|
28
|
+
* recognized `<prefix>.*` segment wildcard. Used to validate
|
|
29
|
+
* `role_permissions.permissionKey` on write (the catalog-as-gate), mirroring
|
|
30
|
+
* `filterKnownScopes`.
|
|
31
|
+
*/
|
|
32
|
+
export declare function isPermissionGrant(value: string): boolean;
|
|
33
|
+
/** Zod validator for a single stored grant (catalog-gated). */
|
|
34
|
+
export declare const permissionKeySchema: z.ZodString;
|
|
35
|
+
/**
|
|
36
|
+
* Filter a stored grant array down to still-recognized grants. Defensive load
|
|
37
|
+
* guard, exactly like `filterKnownScopes` — catches leftovers from a removed
|
|
38
|
+
* catalog key or a typo that predates validation.
|
|
39
|
+
*/
|
|
40
|
+
export declare function filterKnownPermissions(grants: readonly string[]): string[];
|
|
41
|
+
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,WAAW,maAkCd,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC;AASzD,+CAA+C;AAC/C,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,aAAa,CAErE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAOxD;AAED,+DAA+D;AAC/D,eAAO,MAAM,mBAAmB,aAEmC,CAAC;AAEpE;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,EAAE,CAE1E"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
/**
|
|
3
|
+
* Global RBAC permission catalog — a CODE CONSTANT, not a table.
|
|
4
|
+
*
|
|
5
|
+
* Modeled exactly on `PUBLIC_API_SCOPES` (validators.ts) + `hasScope`
|
|
6
|
+
* (packages/server/src/publicApi/scopes.ts). Permissions are capability-level
|
|
7
|
+
* keys (one per coherent admin capability) and only change when code does, so
|
|
8
|
+
* they need a compile-time type, not operator-editable data. ROLES are data
|
|
9
|
+
* (see rbac.ts); the keys a role bundles are validated against THIS catalog on
|
|
10
|
+
* write (like `filterKnownScopes`).
|
|
11
|
+
*
|
|
12
|
+
* Grant forms stored in `role_permissions.permissionKey`:
|
|
13
|
+
* - `*` — full wildcard (admin only)
|
|
14
|
+
* - an exact catalog key (e.g. `content.moderate`)
|
|
15
|
+
* - a segment wildcard `<prefix>.*` (e.g. `content.*`) where `<prefix>` is the
|
|
16
|
+
* first segment of at least one catalog key.
|
|
17
|
+
*
|
|
18
|
+
* Wildcard matching itself lives in the pure `hasPermissionPure`
|
|
19
|
+
* (packages/auth/src/permissions.ts) — this module only defines + validates the
|
|
20
|
+
* vocabulary.
|
|
21
|
+
*/
|
|
22
|
+
export const PERMISSIONS = [
|
|
23
|
+
// Admin bypass — only ever granted to the `admin` role.
|
|
24
|
+
'*',
|
|
25
|
+
// Admin-only umbrella. `requireAdmin` is reimplemented as
|
|
26
|
+
// `requirePermission(event, 'admin.access')`, so this key is the linchpin
|
|
27
|
+
// routing all legacy admin gates through the new machinery.
|
|
28
|
+
'admin.access',
|
|
29
|
+
// Users
|
|
30
|
+
'users.read',
|
|
31
|
+
'users.manage',
|
|
32
|
+
'users.delete',
|
|
33
|
+
// Roles (RBAC self-administration — Phase 3 admin UI gates on this)
|
|
34
|
+
'roles.manage',
|
|
35
|
+
// Content + moderation
|
|
36
|
+
'content.read',
|
|
37
|
+
'content.moderate',
|
|
38
|
+
'content.editorial',
|
|
39
|
+
'reports.review',
|
|
40
|
+
// Contests + events
|
|
41
|
+
'contest.create',
|
|
42
|
+
'contest.manage',
|
|
43
|
+
'event.create',
|
|
44
|
+
'event.manage',
|
|
45
|
+
// Instance administration
|
|
46
|
+
'settings.manage',
|
|
47
|
+
'theme.manage',
|
|
48
|
+
'layout.manage',
|
|
49
|
+
'navigation.manage',
|
|
50
|
+
'search.manage',
|
|
51
|
+
'apikeys.manage',
|
|
52
|
+
'storage.manage',
|
|
53
|
+
'categories.manage',
|
|
54
|
+
'federation.manage',
|
|
55
|
+
'audit.read',
|
|
56
|
+
];
|
|
57
|
+
const PERMISSION_SET = new Set(PERMISSIONS);
|
|
58
|
+
/** Valid first segments for `<prefix>.*` segment-wildcard grants. */
|
|
59
|
+
const PERMISSION_PREFIXES = new Set(PERMISSIONS.filter((p) => p.includes('.')).map((p) => p.slice(0, p.indexOf('.'))));
|
|
60
|
+
/** True if `value` is an exact catalog key. */
|
|
61
|
+
export function isPermissionKey(value) {
|
|
62
|
+
return PERMISSION_SET.has(value);
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* True if `value` is a valid STORED grant: `*`, an exact catalog key, or a
|
|
66
|
+
* recognized `<prefix>.*` segment wildcard. Used to validate
|
|
67
|
+
* `role_permissions.permissionKey` on write (the catalog-as-gate), mirroring
|
|
68
|
+
* `filterKnownScopes`.
|
|
69
|
+
*/
|
|
70
|
+
export function isPermissionGrant(value) {
|
|
71
|
+
if (value === '*')
|
|
72
|
+
return true;
|
|
73
|
+
if (isPermissionKey(value))
|
|
74
|
+
return true;
|
|
75
|
+
if (value.endsWith('.*')) {
|
|
76
|
+
return PERMISSION_PREFIXES.has(value.slice(0, -2));
|
|
77
|
+
}
|
|
78
|
+
return false;
|
|
79
|
+
}
|
|
80
|
+
/** Zod validator for a single stored grant (catalog-gated). */
|
|
81
|
+
export const permissionKeySchema = z
|
|
82
|
+
.string()
|
|
83
|
+
.refine(isPermissionGrant, { message: 'Unknown permission key' });
|
|
84
|
+
/**
|
|
85
|
+
* Filter a stored grant array down to still-recognized grants. Defensive load
|
|
86
|
+
* guard, exactly like `filterKnownScopes` — catches leftovers from a removed
|
|
87
|
+
* catalog key or a typo that predates validation.
|
|
88
|
+
*/
|
|
89
|
+
export function filterKnownPermissions(grants) {
|
|
90
|
+
return grants.filter((g) => isPermissionGrant(g));
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=permissions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,wDAAwD;IACxD,GAAG;IACH,0DAA0D;IAC1D,0EAA0E;IAC1E,4DAA4D;IAC5D,cAAc;IACd,QAAQ;IACR,YAAY;IACZ,cAAc;IACd,cAAc;IACd,oEAAoE;IACpE,cAAc;IACd,uBAAuB;IACvB,cAAc;IACd,kBAAkB;IAClB,mBAAmB;IACnB,gBAAgB;IAChB,oBAAoB;IACpB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,0BAA0B;IAC1B,iBAAiB;IACjB,cAAc;IACd,eAAe;IACf,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,mBAAmB;IACnB,mBAAmB;IACnB,YAAY;CACJ,CAAC;AAIX,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;AAEjE,qEAAqE;AACrE,MAAM,mBAAmB,GAAwB,IAAI,GAAG,CACtD,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAClF,CAAC;AAEF,+CAA+C;AAC/C,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,eAAe,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,EAAE;KACR,MAAM,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;AAEpE;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAyB;IAC9D,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC"}
|
package/dist/rbac.d.ts
ADDED
|
@@ -0,0 +1,294 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Global RBAC tables (migration 0009, ADDITIVE only).
|
|
3
|
+
*
|
|
4
|
+
* ROLES are data (operator-authorable); PERMISSIONS are a code constant
|
|
5
|
+
* (see permissions.ts). `users.role` (userRoleEnum) is KEPT as the
|
|
6
|
+
* denormalized primary/display role read by enrichUser/roleGuard — these M2M
|
|
7
|
+
* tables are the source of truth for *permissions*, never written back to
|
|
8
|
+
* `users.role`. No `ALTER` on `users` (safe for heatsync `db:push --force` +
|
|
9
|
+
* the drizzle populated-table DDL hazard).
|
|
10
|
+
*/
|
|
11
|
+
export declare const roles: import("drizzle-orm/pg-core").PgTableWithColumns<{
|
|
12
|
+
name: "roles";
|
|
13
|
+
schema: undefined;
|
|
14
|
+
columns: {
|
|
15
|
+
id: import("drizzle-orm/pg-core").PgColumn<{
|
|
16
|
+
name: "id";
|
|
17
|
+
tableName: "roles";
|
|
18
|
+
dataType: "string";
|
|
19
|
+
columnType: "PgUUID";
|
|
20
|
+
data: string;
|
|
21
|
+
driverParam: string;
|
|
22
|
+
notNull: true;
|
|
23
|
+
hasDefault: true;
|
|
24
|
+
isPrimaryKey: true;
|
|
25
|
+
isAutoincrement: false;
|
|
26
|
+
hasRuntimeDefault: false;
|
|
27
|
+
enumValues: undefined;
|
|
28
|
+
baseColumn: never;
|
|
29
|
+
identity: undefined;
|
|
30
|
+
generated: undefined;
|
|
31
|
+
}, {}, {}>;
|
|
32
|
+
key: import("drizzle-orm/pg-core").PgColumn<{
|
|
33
|
+
name: "key";
|
|
34
|
+
tableName: "roles";
|
|
35
|
+
dataType: "string";
|
|
36
|
+
columnType: "PgVarchar";
|
|
37
|
+
data: string;
|
|
38
|
+
driverParam: string;
|
|
39
|
+
notNull: true;
|
|
40
|
+
hasDefault: false;
|
|
41
|
+
isPrimaryKey: false;
|
|
42
|
+
isAutoincrement: false;
|
|
43
|
+
hasRuntimeDefault: false;
|
|
44
|
+
enumValues: [string, ...string[]];
|
|
45
|
+
baseColumn: never;
|
|
46
|
+
identity: undefined;
|
|
47
|
+
generated: undefined;
|
|
48
|
+
}, {}, {
|
|
49
|
+
length: 64;
|
|
50
|
+
}>;
|
|
51
|
+
name: import("drizzle-orm/pg-core").PgColumn<{
|
|
52
|
+
name: "name";
|
|
53
|
+
tableName: "roles";
|
|
54
|
+
dataType: "string";
|
|
55
|
+
columnType: "PgVarchar";
|
|
56
|
+
data: string;
|
|
57
|
+
driverParam: string;
|
|
58
|
+
notNull: true;
|
|
59
|
+
hasDefault: false;
|
|
60
|
+
isPrimaryKey: false;
|
|
61
|
+
isAutoincrement: false;
|
|
62
|
+
hasRuntimeDefault: false;
|
|
63
|
+
enumValues: [string, ...string[]];
|
|
64
|
+
baseColumn: never;
|
|
65
|
+
identity: undefined;
|
|
66
|
+
generated: undefined;
|
|
67
|
+
}, {}, {
|
|
68
|
+
length: 128;
|
|
69
|
+
}>;
|
|
70
|
+
description: import("drizzle-orm/pg-core").PgColumn<{
|
|
71
|
+
name: "description";
|
|
72
|
+
tableName: "roles";
|
|
73
|
+
dataType: "string";
|
|
74
|
+
columnType: "PgText";
|
|
75
|
+
data: string;
|
|
76
|
+
driverParam: string;
|
|
77
|
+
notNull: false;
|
|
78
|
+
hasDefault: false;
|
|
79
|
+
isPrimaryKey: false;
|
|
80
|
+
isAutoincrement: false;
|
|
81
|
+
hasRuntimeDefault: false;
|
|
82
|
+
enumValues: [string, ...string[]];
|
|
83
|
+
baseColumn: never;
|
|
84
|
+
identity: undefined;
|
|
85
|
+
generated: undefined;
|
|
86
|
+
}, {}, {}>;
|
|
87
|
+
isSystem: import("drizzle-orm/pg-core").PgColumn<{
|
|
88
|
+
name: "is_system";
|
|
89
|
+
tableName: "roles";
|
|
90
|
+
dataType: "boolean";
|
|
91
|
+
columnType: "PgBoolean";
|
|
92
|
+
data: boolean;
|
|
93
|
+
driverParam: boolean;
|
|
94
|
+
notNull: true;
|
|
95
|
+
hasDefault: true;
|
|
96
|
+
isPrimaryKey: false;
|
|
97
|
+
isAutoincrement: false;
|
|
98
|
+
hasRuntimeDefault: false;
|
|
99
|
+
enumValues: undefined;
|
|
100
|
+
baseColumn: never;
|
|
101
|
+
identity: undefined;
|
|
102
|
+
generated: undefined;
|
|
103
|
+
}, {}, {}>;
|
|
104
|
+
priority: import("drizzle-orm/pg-core").PgColumn<{
|
|
105
|
+
name: "priority";
|
|
106
|
+
tableName: "roles";
|
|
107
|
+
dataType: "number";
|
|
108
|
+
columnType: "PgInteger";
|
|
109
|
+
data: number;
|
|
110
|
+
driverParam: string | number;
|
|
111
|
+
notNull: false;
|
|
112
|
+
hasDefault: false;
|
|
113
|
+
isPrimaryKey: false;
|
|
114
|
+
isAutoincrement: false;
|
|
115
|
+
hasRuntimeDefault: false;
|
|
116
|
+
enumValues: undefined;
|
|
117
|
+
baseColumn: never;
|
|
118
|
+
identity: undefined;
|
|
119
|
+
generated: undefined;
|
|
120
|
+
}, {}, {}>;
|
|
121
|
+
createdAt: import("drizzle-orm/pg-core").PgColumn<{
|
|
122
|
+
name: "created_at";
|
|
123
|
+
tableName: "roles";
|
|
124
|
+
dataType: "date";
|
|
125
|
+
columnType: "PgTimestamp";
|
|
126
|
+
data: Date;
|
|
127
|
+
driverParam: string;
|
|
128
|
+
notNull: true;
|
|
129
|
+
hasDefault: true;
|
|
130
|
+
isPrimaryKey: false;
|
|
131
|
+
isAutoincrement: false;
|
|
132
|
+
hasRuntimeDefault: false;
|
|
133
|
+
enumValues: undefined;
|
|
134
|
+
baseColumn: never;
|
|
135
|
+
identity: undefined;
|
|
136
|
+
generated: undefined;
|
|
137
|
+
}, {}, {}>;
|
|
138
|
+
updatedAt: import("drizzle-orm/pg-core").PgColumn<{
|
|
139
|
+
name: "updated_at";
|
|
140
|
+
tableName: "roles";
|
|
141
|
+
dataType: "date";
|
|
142
|
+
columnType: "PgTimestamp";
|
|
143
|
+
data: Date;
|
|
144
|
+
driverParam: string;
|
|
145
|
+
notNull: true;
|
|
146
|
+
hasDefault: true;
|
|
147
|
+
isPrimaryKey: false;
|
|
148
|
+
isAutoincrement: false;
|
|
149
|
+
hasRuntimeDefault: false;
|
|
150
|
+
enumValues: undefined;
|
|
151
|
+
baseColumn: never;
|
|
152
|
+
identity: undefined;
|
|
153
|
+
generated: undefined;
|
|
154
|
+
}, {}, {}>;
|
|
155
|
+
};
|
|
156
|
+
dialect: "pg";
|
|
157
|
+
}>;
|
|
158
|
+
export declare const rolePermissions: import("drizzle-orm/pg-core").PgTableWithColumns<{
|
|
159
|
+
name: "role_permissions";
|
|
160
|
+
schema: undefined;
|
|
161
|
+
columns: {
|
|
162
|
+
roleId: import("drizzle-orm/pg-core").PgColumn<{
|
|
163
|
+
name: "role_id";
|
|
164
|
+
tableName: "role_permissions";
|
|
165
|
+
dataType: "string";
|
|
166
|
+
columnType: "PgUUID";
|
|
167
|
+
data: string;
|
|
168
|
+
driverParam: string;
|
|
169
|
+
notNull: true;
|
|
170
|
+
hasDefault: false;
|
|
171
|
+
isPrimaryKey: false;
|
|
172
|
+
isAutoincrement: false;
|
|
173
|
+
hasRuntimeDefault: false;
|
|
174
|
+
enumValues: undefined;
|
|
175
|
+
baseColumn: never;
|
|
176
|
+
identity: undefined;
|
|
177
|
+
generated: undefined;
|
|
178
|
+
}, {}, {}>;
|
|
179
|
+
permissionKey: import("drizzle-orm/pg-core").PgColumn<{
|
|
180
|
+
name: "permission_key";
|
|
181
|
+
tableName: "role_permissions";
|
|
182
|
+
dataType: "string";
|
|
183
|
+
columnType: "PgVarchar";
|
|
184
|
+
data: string;
|
|
185
|
+
driverParam: string;
|
|
186
|
+
notNull: true;
|
|
187
|
+
hasDefault: false;
|
|
188
|
+
isPrimaryKey: false;
|
|
189
|
+
isAutoincrement: false;
|
|
190
|
+
hasRuntimeDefault: false;
|
|
191
|
+
enumValues: [string, ...string[]];
|
|
192
|
+
baseColumn: never;
|
|
193
|
+
identity: undefined;
|
|
194
|
+
generated: undefined;
|
|
195
|
+
}, {}, {
|
|
196
|
+
length: 64;
|
|
197
|
+
}>;
|
|
198
|
+
};
|
|
199
|
+
dialect: "pg";
|
|
200
|
+
}>;
|
|
201
|
+
export declare const userRoles: import("drizzle-orm/pg-core").PgTableWithColumns<{
|
|
202
|
+
name: "user_roles";
|
|
203
|
+
schema: undefined;
|
|
204
|
+
columns: {
|
|
205
|
+
userId: import("drizzle-orm/pg-core").PgColumn<{
|
|
206
|
+
name: "user_id";
|
|
207
|
+
tableName: "user_roles";
|
|
208
|
+
dataType: "string";
|
|
209
|
+
columnType: "PgUUID";
|
|
210
|
+
data: string;
|
|
211
|
+
driverParam: string;
|
|
212
|
+
notNull: true;
|
|
213
|
+
hasDefault: false;
|
|
214
|
+
isPrimaryKey: false;
|
|
215
|
+
isAutoincrement: false;
|
|
216
|
+
hasRuntimeDefault: false;
|
|
217
|
+
enumValues: undefined;
|
|
218
|
+
baseColumn: never;
|
|
219
|
+
identity: undefined;
|
|
220
|
+
generated: undefined;
|
|
221
|
+
}, {}, {}>;
|
|
222
|
+
roleId: import("drizzle-orm/pg-core").PgColumn<{
|
|
223
|
+
name: "role_id";
|
|
224
|
+
tableName: "user_roles";
|
|
225
|
+
dataType: "string";
|
|
226
|
+
columnType: "PgUUID";
|
|
227
|
+
data: string;
|
|
228
|
+
driverParam: string;
|
|
229
|
+
notNull: true;
|
|
230
|
+
hasDefault: false;
|
|
231
|
+
isPrimaryKey: false;
|
|
232
|
+
isAutoincrement: false;
|
|
233
|
+
hasRuntimeDefault: false;
|
|
234
|
+
enumValues: undefined;
|
|
235
|
+
baseColumn: never;
|
|
236
|
+
identity: undefined;
|
|
237
|
+
generated: undefined;
|
|
238
|
+
}, {}, {}>;
|
|
239
|
+
grantedBy: import("drizzle-orm/pg-core").PgColumn<{
|
|
240
|
+
name: "granted_by";
|
|
241
|
+
tableName: "user_roles";
|
|
242
|
+
dataType: "string";
|
|
243
|
+
columnType: "PgUUID";
|
|
244
|
+
data: string;
|
|
245
|
+
driverParam: string;
|
|
246
|
+
notNull: false;
|
|
247
|
+
hasDefault: false;
|
|
248
|
+
isPrimaryKey: false;
|
|
249
|
+
isAutoincrement: false;
|
|
250
|
+
hasRuntimeDefault: false;
|
|
251
|
+
enumValues: undefined;
|
|
252
|
+
baseColumn: never;
|
|
253
|
+
identity: undefined;
|
|
254
|
+
generated: undefined;
|
|
255
|
+
}, {}, {}>;
|
|
256
|
+
grantedAt: import("drizzle-orm/pg-core").PgColumn<{
|
|
257
|
+
name: "granted_at";
|
|
258
|
+
tableName: "user_roles";
|
|
259
|
+
dataType: "date";
|
|
260
|
+
columnType: "PgTimestamp";
|
|
261
|
+
data: Date;
|
|
262
|
+
driverParam: string;
|
|
263
|
+
notNull: true;
|
|
264
|
+
hasDefault: true;
|
|
265
|
+
isPrimaryKey: false;
|
|
266
|
+
isAutoincrement: false;
|
|
267
|
+
hasRuntimeDefault: false;
|
|
268
|
+
enumValues: undefined;
|
|
269
|
+
baseColumn: never;
|
|
270
|
+
identity: undefined;
|
|
271
|
+
generated: undefined;
|
|
272
|
+
}, {}, {}>;
|
|
273
|
+
};
|
|
274
|
+
dialect: "pg";
|
|
275
|
+
}>;
|
|
276
|
+
export declare const rolesRelations: import("drizzle-orm").Relations<"roles", {
|
|
277
|
+
permissions: import("drizzle-orm").Many<"role_permissions">;
|
|
278
|
+
userRoles: import("drizzle-orm").Many<"user_roles">;
|
|
279
|
+
}>;
|
|
280
|
+
export declare const rolePermissionsRelations: import("drizzle-orm").Relations<"role_permissions", {
|
|
281
|
+
role: import("drizzle-orm").One<"roles", true>;
|
|
282
|
+
}>;
|
|
283
|
+
export declare const userRolesRelations: import("drizzle-orm").Relations<"user_roles", {
|
|
284
|
+
user: import("drizzle-orm").One<"users", true>;
|
|
285
|
+
role: import("drizzle-orm").One<"roles", true>;
|
|
286
|
+
grantedByUser: import("drizzle-orm").One<"users", false>;
|
|
287
|
+
}>;
|
|
288
|
+
export type RoleRow = typeof roles.$inferSelect;
|
|
289
|
+
export type NewRoleRow = typeof roles.$inferInsert;
|
|
290
|
+
export type RolePermissionRow = typeof rolePermissions.$inferSelect;
|
|
291
|
+
export type NewRolePermissionRow = typeof rolePermissions.$inferInsert;
|
|
292
|
+
export type UserRoleRow = typeof userRoles.$inferSelect;
|
|
293
|
+
export type NewUserRoleRow = typeof userRoles.$inferInsert;
|
|
294
|
+
//# sourceMappingURL=rbac.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../src/rbac.ts"],"names":[],"mappings":"AAcA;;;;;;;;;GASG;AAEH,eAAO,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBjB,CAAC;AAEF,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAa3B,CAAC;AAEF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkBrB,CAAC;AAIF,eAAO,MAAM,cAAc;;;EAGxB,CAAC;AAEJ,eAAO,MAAM,wBAAwB;;EAElC,CAAC;AAEJ,eAAO,MAAM,kBAAkB;;;;EAI5B,CAAC;AAGJ,MAAM,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,YAAY,CAAC;AAChD,MAAM,MAAM,UAAU,GAAG,OAAO,KAAK,CAAC,YAAY,CAAC;AACnD,MAAM,MAAM,iBAAiB,GAAG,OAAO,eAAe,CAAC,YAAY,CAAC;AACpE,MAAM,MAAM,oBAAoB,GAAG,OAAO,eAAe,CAAC,YAAY,CAAC;AACvE,MAAM,MAAM,WAAW,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC;AACxD,MAAM,MAAM,cAAc,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC"}
|