@datatechsolutions/ui 2.11.81 → 2.11.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/dist/astrlabe/contracts.d.mts +5 -0
  2. package/dist/astrlabe/contracts.d.ts +5 -0
  3. package/dist/astrlabe/index.d.mts +11 -83
  4. package/dist/astrlabe/index.d.ts +11 -83
  5. package/dist/astrlabe/index.js +175 -4777
  6. package/dist/astrlabe/index.js.map +1 -1
  7. package/dist/astrlabe/index.mjs +3 -4740
  8. package/dist/astrlabe/index.mjs.map +1 -1
  9. package/dist/astrlabe/workflow-canvas.d.mts +69 -5
  10. package/dist/astrlabe/workflow-canvas.d.ts +69 -5
  11. package/dist/chunk-6PBTB5ZX.js +165 -0
  12. package/dist/chunk-6PBTB5ZX.js.map +1 -0
  13. package/dist/chunk-HAZP5J67.mjs +4781 -0
  14. package/dist/chunk-HAZP5J67.mjs.map +1 -0
  15. package/dist/chunk-HZ4LOVHM.js +46 -0
  16. package/dist/chunk-HZ4LOVHM.js.map +1 -0
  17. package/dist/chunk-K4QJV3GC.js +4825 -0
  18. package/dist/chunk-K4QJV3GC.js.map +1 -0
  19. package/dist/chunk-UHHPBREK.mjs +135 -0
  20. package/dist/chunk-UHHPBREK.mjs.map +1 -0
  21. package/dist/chunk-ZJPNP2YW.mjs +44 -0
  22. package/dist/chunk-ZJPNP2YW.mjs.map +1 -0
  23. package/dist/{workflow-canvas-NSxfr5dy.d.ts → index-AioB90qq.d.mts} +2 -67
  24. package/dist/{workflow-canvas-D4928AfA.d.mts → index-D5ai0cGZ.d.ts} +2 -67
  25. package/dist/platform/index.d.mts +41 -0
  26. package/dist/platform/index.d.ts +41 -0
  27. package/dist/platform/index.js +237 -0
  28. package/dist/platform/index.js.map +1 -0
  29. package/dist/platform/index.mjs +109 -0
  30. package/dist/platform/index.mjs.map +1 -0
  31. package/dist/platform/pages/index.d.mts +272 -0
  32. package/dist/platform/pages/index.d.ts +272 -0
  33. package/dist/platform/pages/index.js +1793 -0
  34. package/dist/platform/pages/index.js.map +1 -0
  35. package/dist/platform/pages/index.mjs +1777 -0
  36. package/dist/platform/pages/index.mjs.map +1 -0
  37. package/dist/platform/rbac.d.mts +41 -0
  38. package/dist/platform/rbac.d.ts +41 -0
  39. package/dist/platform/rbac.js +13 -0
  40. package/dist/platform/rbac.js.map +1 -0
  41. package/dist/platform/rbac.mjs +4 -0
  42. package/dist/platform/rbac.mjs.map +1 -0
  43. package/dist/platform/utils/index.d.mts +32 -0
  44. package/dist/platform/utils/index.d.ts +32 -0
  45. package/dist/platform/utils/index.js +131 -0
  46. package/dist/platform/utils/index.js.map +1 -0
  47. package/dist/platform/utils/index.mjs +119 -0
  48. package/dist/platform/utils/index.mjs.map +1 -0
  49. package/dist/platform/windsock-admin-client.d.mts +57 -0
  50. package/dist/platform/windsock-admin-client.d.ts +57 -0
  51. package/dist/platform/windsock-admin-client.js +125 -0
  52. package/dist/platform/windsock-admin-client.js.map +1 -0
  53. package/dist/platform/windsock-admin-client.mjs +4 -0
  54. package/dist/platform/windsock-admin-client.mjs.map +1 -0
  55. package/dist/rule-form-F5jBOeqk.d.mts +79 -0
  56. package/dist/rule-form-F5jBOeqk.d.ts +79 -0
  57. package/package.json +27 -1
package/dist/chunk-HZ4LOVHM.js ADDED
@@ -0,0 +1,46 @@
1
+ "use client";
2
+ 'use strict';
3
+
4
+ // src/platform/rbac.ts
5
+ function matchPermission(pattern, target) {
6
+ if (pattern === "*") return true;
7
+ if (pattern === target) return true;
8
+ const patternParts = pattern.split(":");
9
+ const targetParts = target.split(":");
10
+ for (let i = 0; i < patternParts.length; i++) {
11
+ if (patternParts[i] === "*") return true;
12
+ if (patternParts[i] !== targetParts[i]) return false;
13
+ }
14
+ return patternParts.length === targetParts.length;
15
+ }
16
+ function createPlatformRbac(opts) {
17
+ const ROLE_DEFINITIONS = opts.roles;
18
+ const MODULE_PERMISSIONS = opts.modulePermissions ?? {};
19
+ const PERMISSION_CLAIMS_MAP = opts.permissionClaimsMap;
20
+ const knownRoles = Object.keys(ROLE_DEFINITIONS);
21
+ const fallbackRole = opts.defaultRole ?? knownRoles[0];
22
+ function normalizePlatformRole(input) {
23
+ if (typeof input === "string" && input in ROLE_DEFINITIONS) {
24
+ return input;
25
+ }
26
+ return fallbackRole;
27
+ }
28
+ function can(user, permission) {
29
+ if (!user) return false;
30
+ const userClaims = user.permissions ?? [];
31
+ const requiredClaims = PERMISSION_CLAIMS_MAP[permission] ?? [];
32
+ return requiredClaims.some(
33
+ (claim) => userClaims.some((userClaim) => matchPermission(userClaim, claim))
34
+ );
35
+ }
36
+ return {
37
+ ROLE_DEFINITIONS,
38
+ MODULE_PERMISSIONS,
39
+ normalizePlatformRole,
40
+ can
41
+ };
42
+ }
43
+
44
+ exports.createPlatformRbac = createPlatformRbac;
45
+ //# sourceMappingURL=chunk-HZ4LOVHM.js.map
46
+ //# sourceMappingURL=chunk-HZ4LOVHM.js.map
package/dist/chunk-HZ4LOVHM.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/platform/rbac.ts"],"names":[],"mappings":";;;AAiDA,SAAS,eAAA,CAAgB,SAAiB,MAAA,EAAyB;AACjE,EAAA,IAAI,OAAA,KAAY,KAAK,OAAO,IAAA;AAC5B,EAAA,IAAI,OAAA,KAAY,QAAQ,OAAO,IAAA;AAC/B,EAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AACtC,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,YAAA,CAAa,QAAQ,CAAA,EAAA,EAAK;AAC5C,IAAA,IAAI,YAAA,CAAa,CAAC,CAAA,KAAM,GAAA,EAAK,OAAO,IAAA;AACpC,IAAA,IAAI,aAAa,CAAC,CAAA,KAAM,WAAA,CAAY,CAAC,GAAG,OAAO,KAAA;AAAA,EACjD;AACA,EAAA,OAAO,YAAA,CAAa,WAAW,WAAA,CAAY,MAAA;AAC7C;AAEO,SAAS,mBAGd,IAAA,EAAuF;AACvF,EAAA,MAAM,mBAAmB,IAAA,CAAK,KAAA;AAC9B,EAAA,MAAM,kBAAA,GAAqB,IAAA,CAAK,iBAAA,IAAsB,EAAC;AACvD,EAAA,MAAM,wBAAwB,IAAA,CAAK,mBAAA;AAInC,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,gBAAgB,CAAA;AAC/C,EAAA,MAAM,YAAA,GAAsB,IAAA,CAAK,WAAA,IAAgB,UAAA,CAAW,CAAC,CAAA;AAE7D,EAAA,SAAS,sBAAsB,KAAA,EAAuB;AACpD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAa,KAAA,IAAmB,gBAAA,EAAkB;AACrE,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,YAAA;AAAA,EACT;AAEA,EAAA,SAAS,GAAA,CAAI,MAAuB,UAAA,EAAkC;AACpE,IAAA,IAAI,CAAC,MAAM,OAAO,KAAA;AAClB,IAAA,MAAM,UAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AAEzC,IAAA,MAAM,cAAA,GAAiB,qBAAA,CAAsB,UAAU,CAAA,IAAK,EAAC;AAC7D,IAAA,OAAO,cAAA,CAAe,IAAA;AAAA,MAAK,CAAC,UAC1B,UAAA,CAAW,IAAA,CAAK,CAAC,SAAA,KAAc,eAAA,CAAgB,SAAA,EAAW,KAAK,CAAC;AAAA,KAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,qBAAA;AAAA,IACA;AAAA,GACF;AACF","file":"chunk-HZ4LOVHM.js","sourcesContent":["import type { AuthUser } from '@datatechsolutions/windsock/client'\n\n/**\n * Generic role-based access factory shared across platform apps (astrlabe,\n * kori-erp, etc). Each app instantiates this with its own role + permission\n * unions and seed-claim mapping. The factory closes over the config and\n * exports `ROLE_DEFINITIONS`, `MODULE_PERMISSIONS`, `normalizePlatformRole`,\n * and `can()` — the same surface the per-app file used to expose.\n *\n * The factory deliberately does not hardcode any specific role enum here —\n * astrlabe, kori-erp, and future apps each pick their own union (admin,\n * manager, analyst, viewer, …) and pass the role definitions in.\n */\n\nexport type PlatformRoleDefinition<TRole extends string> = {\n id: TRole\n label: string\n description: string\n}\n\nexport type CreatePlatformRbacOptions<\n TRole extends string,\n TPermission extends string,\n> = {\n /** Definitions for every role the app supports (id/label/description). */\n roles: Record<TRole, PlatformRoleDefinition<TRole>>\n /**\n * Maps each app-level permission to one or more JWT permission claim\n * strings. `can()` returns true when ANY of the listed claims (using\n * wildcard matching) is present in the user's JWT permissions.\n */\n permissionClaimsMap: Record<TPermission, readonly string[]>\n /** Optional map from navigation/module IDs to required permissions. */\n modulePermissions?: Record<string, TPermission>\n /** Role to fall back to when an unknown role string comes in. */\n defaultRole?: TRole\n}\n\nexport type PlatformRbac<TRole extends string, TPermission extends string> = {\n ROLE_DEFINITIONS: Record<TRole, PlatformRoleDefinition<TRole>>\n MODULE_PERMISSIONS: Record<string, TPermission>\n normalizePlatformRole: (input: unknown) => TRole\n can: (user: AuthUser | null, permission: TPermission) => boolean\n}\n\n/**\n * Match a permission string against a pattern (supports wildcards).\n * Same logic as windsock's usePermissionChecker.\n */\nfunction matchPermission(pattern: string, target: string): boolean {\n if (pattern === '*') return true\n if (pattern === target) return true\n const patternParts = pattern.split(':')\n const targetParts = target.split(':')\n for (let i = 0; i < patternParts.length; i++) {\n if (patternParts[i] === '*') return true\n if (patternParts[i] !== targetParts[i]) return false\n }\n return patternParts.length === targetParts.length\n}\n\nexport function createPlatformRbac<\n TRole extends string,\n TPermission extends string,\n>(opts: CreatePlatformRbacOptions<TRole, TPermission>): PlatformRbac<TRole, TPermission> {\n const ROLE_DEFINITIONS = opts.roles\n const MODULE_PERMISSIONS = opts.modulePermissions ?? ({} as Record<string, TPermission>)\n const PERMISSION_CLAIMS_MAP = opts.permissionClaimsMap\n\n // Pick the fallback role: explicit `defaultRole` first, then the first\n // entry in the roles map. We assume there's at least one role.\n const knownRoles = Object.keys(ROLE_DEFINITIONS) as TRole[]\n const fallbackRole: TRole = opts.defaultRole ?? (knownRoles[0] as TRole)\n\n function normalizePlatformRole(input: unknown): TRole {\n if (typeof input === 'string' && (input as TRole) in ROLE_DEFINITIONS) {\n return input as TRole\n }\n return fallbackRole\n }\n\n function can(user: AuthUser | null, permission: TPermission): boolean {\n if (!user) return false\n const userClaims = (user.permissions ?? []) as string[]\n\n const requiredClaims = PERMISSION_CLAIMS_MAP[permission] ?? []\n return requiredClaims.some((claim) =>\n userClaims.some((userClaim) => matchPermission(userClaim, claim))\n )\n }\n\n return {\n ROLE_DEFINITIONS,\n MODULE_PERMISSIONS,\n normalizePlatformRole,\n can,\n }\n}\n"]}