@company-semantics/contracts 1.3.0 → 1.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@company-semantics/contracts",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "private": false,
   "repository": {
     "type": "git",

package/src/org/__tests__/org-units.test.ts

@@ -12,6 +12,8 @@ import {
   OrgUnitClassificationSchema,
   OrgUnitRelationshipTypeSchema,
   OrgUnitMembershipSourceSchema,
+  OrgUnitPermissionsEntrySchema,
+  ListOrgUnitPermissionsResponseSchema,
 } from '../schemas.js';
 
 const UUID_A = '11111111-1111-4111-8111-111111111111';
@@ -200,3 +202,49 @@ describe('Enum exhaustiveness', () => {
     }
   });
 });
+
+describe('OrgUnitPermissionsEntrySchema', () => {
+  const entry = {
+    userId: UUID_A,
+    membershipRole: 'manager' as const,
+    inheritedFromUnitId: UUID_C,
+    inheritedFromUnitName: 'Engineering',
+  };
+
+  it('accepts a well-formed entry', () => {
+    expect(() => OrgUnitPermissionsEntrySchema.parse(entry)).not.toThrow();
+  });
+
+  it('rejects invalid membershipRole', () => {
+    expect(() =>
+      OrgUnitPermissionsEntrySchema.parse({ ...entry, membershipRole: 'member' })
+    ).not.toThrow();
+    expect(() =>
+      OrgUnitPermissionsEntrySchema.parse({ ...entry, membershipRole: 'bogus' })
+    ).toThrow();
+  });
+
+  it('requires UUIDs for user and inherited unit', () => {
+    expect(() =>
+      OrgUnitPermissionsEntrySchema.parse({ ...entry, userId: 'nope' })
+    ).toThrow();
+    expect(() =>
+      OrgUnitPermissionsEntrySchema.parse({ ...entry, inheritedFromUnitId: 'nope' })
+    ).toThrow();
+  });
+
+  it('rejects empty inheritedFromUnitName', () => {
+    expect(() =>
+      OrgUnitPermissionsEntrySchema.parse({ ...entry, inheritedFromUnitName: '' })
+    ).toThrow();
+  });
+
+  it('list response wraps entries with unitId', () => {
+    const parsed = ListOrgUnitPermissionsResponseSchema.parse({
+      unitId: UUID_B,
+      entries: [entry],
+    });
+    expect(parsed.entries).toHaveLength(1);
+    expect(parsed.unitId).toBe(UUID_B);
+  });
+});

package/src/org/index.ts

@@ -225,6 +225,8 @@ export {
   OrgLevelConfigResponseSchema,
   OrgUnitMembershipResponseSchema,
   OrgUnitMembershipListResponseSchema,
+  OrgUnitPermissionsEntrySchema,
+  ListOrgUnitPermissionsResponseSchema,
 } from './schemas';
 export type {
   OrgUnit,
@@ -241,4 +243,6 @@ export type {
   OrgLevelConfigResponse,
   OrgUnitMembershipResponse,
   OrgUnitMembershipListResponse,
+  OrgUnitPermissionsEntry,
+  ListOrgUnitPermissionsResponse,
 } from './schemas';

package/src/org/schemas.ts

@@ -756,6 +756,26 @@ export const OrgUnitMembershipListResponseSchema = z.object({
   memberships: z.array(OrgUnitMembershipSchema),
 });
 
+/**
+ * Effective manager of an org unit — a user whose membership (direct or
+ * inherited from an ancestor) grants the `orgUnit.{id}.manage` capability.
+ *
+ * Direct grants have `inheritedFromUnitId === unitId`. For inherited grants,
+ * `inheritedFromUnitId` identifies the ancestor whose membership propagates
+ * authority down the subtree (ltree `path @>` containment).
+ */
+export const OrgUnitPermissionsEntrySchema = z.object({
+  userId: z.string().uuid(),
+  membershipRole: OrgUnitMembershipRoleSchema,
+  inheritedFromUnitId: z.string().uuid(),
+  inheritedFromUnitName: z.string().min(1),
+});
+
+export const ListOrgUnitPermissionsResponseSchema = z.object({
+  unitId: z.string().uuid(),
+  entries: z.array(OrgUnitPermissionsEntrySchema),
+});
+
 // --- Inferred types ---
 
 export type OrgUnit = z.infer<typeof OrgUnitSchema>;
@@ -772,3 +792,5 @@ export type OrgUnitRelationshipsResponse = z.infer<typeof OrgUnitRelationshipsRe
 export type OrgLevelConfigResponse = z.infer<typeof OrgLevelConfigResponseSchema>;
 export type OrgUnitMembershipResponse = z.infer<typeof OrgUnitMembershipResponseSchema>;
 export type OrgUnitMembershipListResponse = z.infer<typeof OrgUnitMembershipListResponseSchema>;
+export type OrgUnitPermissionsEntry = z.infer<typeof OrgUnitPermissionsEntrySchema>;
+export type ListOrgUnitPermissionsResponse = z.infer<typeof ListOrgUnitPermissionsResponseSchema>;