@cosmicdrift/kumiko-bundled-features 0.5.0 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,51 @@
|
|
|
1
1
|
# @cosmicdrift/kumiko-bundled-features
|
|
2
2
|
|
|
3
|
+
## 0.5.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 4f0d781: fix(tenant): updateMemberRoles erlaubt "system"-Rolle (symmetrisch zu create)
|
|
8
|
+
|
|
9
|
+
Drift innerhalb des tenant-Features: `tenant:write:create` akzeptierte
|
|
10
|
+
`["system", "SystemAdmin"]`, `tenant:write:update-member-roles` aber
|
|
11
|
+
nur `["SystemAdmin"]`. Konsequenz: ops-tooling und seed-migrations
|
|
12
|
+
(`createSystemUser` mit `roles: ["system"]`) konnten den Handler nicht
|
|
13
|
+
aufrufen — `access_denied`.
|
|
14
|
+
|
|
15
|
+
Live entdeckt beim ersten Driver-Sample der es-ops Phase 1: publicstatus
|
|
16
|
+
seed `2026-05-20-fix-admin-roles.ts` rief `update-member-roles` via
|
|
17
|
+
`systemWriteAs` → access_denied → Pod CrashLoopBackOff.
|
|
18
|
+
|
|
19
|
+
Plus access-rule-Pinning-Test in `tenant.integration.ts`-scenario-7.
|
|
20
|
+
|
|
21
|
+
- Updated dependencies [4f0d781]
|
|
22
|
+
- @cosmicdrift/kumiko-framework@0.5.2
|
|
23
|
+
- @cosmicdrift/kumiko-dispatcher-live@0.5.2
|
|
24
|
+
- @cosmicdrift/kumiko-renderer@0.5.2
|
|
25
|
+
- @cosmicdrift/kumiko-renderer-web@0.5.2
|
|
26
|
+
|
|
27
|
+
## 0.5.1
|
|
28
|
+
|
|
29
|
+
### Patch Changes
|
|
30
|
+
|
|
31
|
+
- 0e00015: fix(es-ops): path.resolve statt path.join für seedsDir → seed-files
|
|
32
|
+
|
|
33
|
+
Bun's `await import()` braucht absolute Pfade. Wenn der App-Author
|
|
34
|
+
`runProdApp({ seedsDir: "./seeds" })` setzt (relativ), würde
|
|
35
|
+
`path.join("./seeds", "foo.ts")` einen relativen Pfad liefern → Bun's
|
|
36
|
+
Import-Resolver such relativ zum `runner.ts`-Modul (nicht zum
|
|
37
|
+
`process.cwd()`) → `Cannot find module 'seeds/...' from '<runner-path>'`.
|
|
38
|
+
|
|
39
|
+
`path.resolve` löst gegen `process.cwd()` auf → absolute Pfade →
|
|
40
|
+
Import funktioniert. Aufgedeckt beim ersten Live-Boot der publicstatus-
|
|
41
|
+
Driver-Migration (Pod CrashLoopBackOff).
|
|
42
|
+
|
|
43
|
+
- Updated dependencies [0e00015]
|
|
44
|
+
- @cosmicdrift/kumiko-framework@0.5.1
|
|
45
|
+
- @cosmicdrift/kumiko-dispatcher-live@0.5.1
|
|
46
|
+
- @cosmicdrift/kumiko-renderer@0.5.1
|
|
47
|
+
- @cosmicdrift/kumiko-renderer-web@0.5.1
|
|
48
|
+
|
|
3
49
|
## 0.5.0
|
|
4
50
|
|
|
5
51
|
### Minor Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cosmicdrift/kumiko-bundled-features",
|
|
3
|
-
"version": "0.5.
|
|
3
|
+
"version": "0.5.2",
|
|
4
4
|
"description": "Built-in features — tenant, user, auth, delivery. The stuff you'd rewrite anyway, already typed.",
|
|
5
5
|
"license": "BUSL-1.1",
|
|
6
6
|
"author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
|
|
@@ -74,10 +74,10 @@
|
|
|
74
74
|
"@aws-sdk/client-s3": "^3.1045.0",
|
|
75
75
|
"@aws-sdk/lib-storage": "^3.1045.0",
|
|
76
76
|
"@aws-sdk/s3-request-presigner": "^3.1045.0",
|
|
77
|
-
"@cosmicdrift/kumiko-dispatcher-live": "0.5.
|
|
78
|
-
"@cosmicdrift/kumiko-framework": "0.5.
|
|
79
|
-
"@cosmicdrift/kumiko-renderer": "0.5.
|
|
80
|
-
"@cosmicdrift/kumiko-renderer-web": "0.5.
|
|
77
|
+
"@cosmicdrift/kumiko-dispatcher-live": "0.5.2",
|
|
78
|
+
"@cosmicdrift/kumiko-framework": "0.5.2",
|
|
79
|
+
"@cosmicdrift/kumiko-renderer": "0.5.2",
|
|
80
|
+
"@cosmicdrift/kumiko-renderer-web": "0.5.2",
|
|
81
81
|
"@mollie/api-client": "^4.5.0",
|
|
82
82
|
"@node-rs/argon2": "^2.0.2",
|
|
83
83
|
"@types/nodemailer": "^8.0.0",
|
|
@@ -337,6 +337,11 @@ describe("scenario 7: access rules on handlers", () => {
|
|
|
337
337
|
expect(rolesOf(stack.registry.getWriteHandler(TenantHandlers.disable)?.access)).toEqual([
|
|
338
338
|
"SystemAdmin",
|
|
339
339
|
]);
|
|
340
|
+
// updateMemberRoles akzeptiert "system" (für seed-migrations + ops-tooling)
|
|
341
|
+
// PLUS "SystemAdmin" (echter Operator-Pfad). Symmetrisch zu create.
|
|
342
|
+
expect(
|
|
343
|
+
rolesOf(stack.registry.getWriteHandler(TenantHandlers.updateMemberRoles)?.access),
|
|
344
|
+
).toEqual(["system", "SystemAdmin"]);
|
|
340
345
|
expect(rolesOf(stack.registry.getQueryHandler(TenantQueries.list)?.access)).toEqual([
|
|
341
346
|
"SystemAdmin",
|
|
342
347
|
]);
|
|
@@ -16,7 +16,11 @@ export const updateMemberRolesWrite = defineWriteHandler({
|
|
|
16
16
|
tenantId: z.string(),
|
|
17
17
|
roles: z.array(z.string()).min(1),
|
|
18
18
|
}),
|
|
19
|
-
|
|
19
|
+
// "system" + "SystemAdmin" — symmetrisch zu tenant:write:create. System-
|
|
20
|
+
// User (createSystemUser, roles=["system"]) braucht den Access für seed-
|
|
21
|
+
// migrations + andere ops-tooling-Pfade. SystemAdmin ist der echte
|
|
22
|
+
// human-Operator-Pfad über die UI.
|
|
23
|
+
access: { roles: ["system", "SystemAdmin"] },
|
|
20
24
|
handler: async (event, ctx) => {
|
|
21
25
|
const db = ctx.db;
|
|
22
26
|
const existing = await fetchOne(
|