@commonpub/server 2.88.0 → 2.89.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/admin/admin.d.ts +9 -0
  2. package/dist/admin/admin.d.ts.map +1 -1
  3. package/dist/admin/admin.js +46 -8
  4. package/dist/admin/admin.js.map +1 -1
  5. package/dist/contest/contest.d.ts +16 -3
  6. package/dist/contest/contest.d.ts.map +1 -1
  7. package/dist/contest/contest.js +17 -9
  8. package/dist/contest/contest.js.map +1 -1
  9. package/dist/contest/index.d.ts +1 -1
  10. package/dist/contest/index.d.ts.map +1 -1
  11. package/dist/contest/index.js +1 -1
  12. package/dist/contest/index.js.map +1 -1
  13. package/dist/contest/stakeholders.d.ts +32 -7
  14. package/dist/contest/stakeholders.d.ts.map +1 -1
  15. package/dist/contest/stakeholders.js +55 -14
  16. package/dist/contest/stakeholders.js.map +1 -1
  17. package/dist/index.d.ts +1 -1
  18. package/dist/index.d.ts.map +1 -1
  19. package/dist/index.js +1 -1
  20. package/dist/index.js.map +1 -1
  21. package/dist/rbac/admin.d.ts +43 -0
  22. package/dist/rbac/admin.d.ts.map +1 -0
  23. package/dist/rbac/admin.js +172 -0
  24. package/dist/rbac/admin.js.map +1 -0
  25. package/dist/rbac/index.d.ts +4 -0
  26. package/dist/rbac/index.d.ts.map +1 -1
  27. package/dist/rbac/index.js +2 -0
  28. package/dist/rbac/index.js.map +1 -1
  29. package/dist/rbac/seed.d.ts +30 -0
  30. package/dist/rbac/seed.d.ts.map +1 -0
  31. package/dist/rbac/seed.js +74 -0
  32. package/dist/rbac/seed.js.map +1 -0
  33. package/package.json +6 -6
package/dist/rbac/seed.js ADDED
@@ -0,0 +1,74 @@
1
+ import { eq, sql } from 'drizzle-orm';
2
+ import { roles, rolePermissions } from '@commonpub/schema';
3
+ /**
4
+ * RBAC system-role seed (session 201, Phase 2). The machinery shipped in Phase 0/1
5
+ * but the seed + backfill were never run, so the `roles`/`role_permissions`/
6
+ * `user_roles` tables were empty — flipping `features.rbac` was a no-op. This seeds
7
+ * the five system roles, their permission sets, and backfills `user_roles` from the
8
+ * denormalized `users.role`.
9
+ *
10
+ * Mirrors the SQL appended to migration 0025 (the deploy path, run once via
11
+ * db-migrate.mjs). This TS version is for fresh installs + PGlite tests. Both are
12
+ * ADDITIVE / idempotent (`ON CONFLICT DO NOTHING`) so re-running never clobbers an
13
+ * operator's later edits to a system role's permission set.
14
+ */
15
+ /** The moderator capability set granted to `staff` (NOT `admin.access`). */
16
+ export const STAFF_PERMISSION_SET = [
17
+ 'content.read',
18
+ 'content.moderate',
19
+ 'content.editorial',
20
+ 'reports.review',
21
+ 'contest.create',
22
+ 'contest.manage',
23
+ 'event.create',
24
+ 'event.manage',
25
+ 'audit.read',
26
+ 'users.read',
27
+ ];
28
+ /** The five system roles, priority mirrors the legacy roleGuard hierarchy. */
29
+ export const SYSTEM_ROLE_SEEDS = [
30
+ { key: 'member', name: 'Member', description: 'Default role for every registered user.', priority: 10, permissions: [] },
31
+ { key: 'pro', name: 'Pro', description: 'Pro tier member.', priority: 20, permissions: [] },
32
+ { key: 'verified', name: 'Verified', description: 'Verified member.', priority: 30, permissions: [] },
33
+ {
34
+ key: 'staff',
35
+ name: 'Staff',
36
+ description: 'Moderator: content moderation, contests, events, and reports. No admin panel access.',
37
+ priority: 40,
38
+ permissions: STAFF_PERMISSION_SET,
39
+ },
40
+ { key: 'admin', name: 'Admin', description: 'Full administrative access.', priority: 50, permissions: ['*'] },
41
+ ];
42
+ /**
43
+ * Idempotently seed the system roles + permissions and backfill `user_roles`.
44
+ * Safe to run repeatedly; never deletes (so operator edits survive a redeploy).
45
+ */
46
+ export async function seedRbac(db) {
47
+ for (const seed of SYSTEM_ROLE_SEEDS) {
48
+ await db
49
+ .insert(roles)
50
+ .values({
51
+ key: seed.key,
52
+ name: seed.name,
53
+ description: seed.description,
54
+ isSystem: true,
55
+ priority: seed.priority,
56
+ })
57
+ .onConflictDoNothing({ target: roles.key });
58
+ const [role] = await db.select({ id: roles.id }).from(roles).where(eq(roles.key, seed.key)).limit(1);
59
+ if (!role || seed.permissions.length === 0)
60
+ continue;
61
+ await db
62
+ .insert(rolePermissions)
63
+ .values(seed.permissions.map((permissionKey) => ({ roleId: role.id, permissionKey })))
64
+ .onConflictDoNothing();
65
+ }
66
+ // Backfill: every user gets the user_roles row matching their denormalized
67
+ // users.role. New users are backfilled by updateUserRole / signup going forward.
68
+ await db.execute(sql `
69
+ INSERT INTO user_roles (user_id, role_id)
70
+ SELECT u.id, r.id FROM users u JOIN roles r ON r.key = u.role::text
71
+ ON CONFLICT DO NOTHING
72
+ `);
73
+ }
74
+ //# sourceMappingURL=seed.js.map
package/dist/rbac/seed.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"seed.js","sourceRoot":"","sources":["../../src/rbac/seed.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAG3D;;;;;;;;;;;GAWG;AAEH,4EAA4E;AAC5E,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,cAAc;IACd,kBAAkB;IAClB,mBAAmB;IACnB,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAC;AAUX,8EAA8E;AAC9E,MAAM,CAAC,MAAM,iBAAiB,GAA8B;IAC1D,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;IACxH,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;IAC3F,EAAE,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;IACrG;QACE,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,sFAAsF;QACnG,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,oBAAoB;KAClC;IACD,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,6BAA6B,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,CAAC,GAAG,CAAC,EAAE;CAC9G,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,EAAM;IACnC,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,EAAE;aACL,MAAM,CAAC,KAAK,CAAC;aACb,MAAM,CAAC;YACN,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;aACD,mBAAmB,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAE9C,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAErD,MAAM,EAAE;aACL,MAAM,CAAC,eAAe,CAAC;aACvB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;aACrF,mBAAmB,EAAE,CAAC;IAC3B,CAAC;IAED,2EAA2E;IAC3E,iFAAiF;IACjF,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAA;;;;GAInB,CAAC,CAAC;AACL,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@commonpub/server",
3
- "version": "2.88.0",
3
+ "version": "2.89.0",
4
4
  "type": "module",
5
5
  "description": "Framework-agnostic business logic for CommonPub instances",
6
6
  "license": "AGPL-3.0-or-later",
@@ -114,14 +114,14 @@
114
114
  "linkedom": "^0.18.12",
115
115
  "megalodon": "^10.3.0",
116
116
  "turndown": "^7.2.4",
117
- "@commonpub/editor": "0.7.12",
117
+ "@commonpub/auth": "0.8.0",
118
+ "@commonpub/config": "0.22.1",
118
119
  "@commonpub/docs": "0.6.3",
120
+ "@commonpub/editor": "0.7.12",
119
121
  "@commonpub/learning": "0.5.2",
120
- "@commonpub/config": "0.22.1",
121
- "@commonpub/schema": "0.44.0",
122
- "@commonpub/auth": "0.8.0",
122
+ "@commonpub/protocol": "0.13.0",
123
123
  "@commonpub/infra": "0.8.0",
124
- "@commonpub/protocol": "0.13.0"
124
+ "@commonpub/schema": "0.45.0"
125
125
  },
126
126
  "peerDependencies": {
127
127
  "drizzle-orm": "^0.45.1"