@halix/action-sdk 1.0.48 → 1.0.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/access.js +86 -44
- package/lib/cjs/index.js +8 -4
- package/lib/cjs/types/access.d.ts +113 -47
- package/lib/cjs/types/access.d.ts.map +1 -1
- package/lib/cjs/types/index.d.ts +1 -1
- package/lib/cjs/types/index.d.ts.map +1 -1
- package/lib/esm/access.js +76 -42
- package/lib/esm/access.js.map +1 -1
- package/lib/esm/index.js.map +1 -1
- package/lib/esm/index.mjs +1 -1
- package/lib/esm/types/access.d.ts +113 -47
- package/lib/esm/types/index.d.ts +1 -1
- package/package.json +1 -1
package/lib/cjs/access.js
CHANGED
|
@@ -28,10 +28,14 @@ exports.listSandboxUsers = listSandboxUsers;
|
|
|
28
28
|
exports.listSandboxUsersAsObservable = listSandboxUsersAsObservable;
|
|
29
29
|
exports.getUserAccess = getUserAccess;
|
|
30
30
|
exports.getUserAccessAsObservable = getUserAccessAsObservable;
|
|
31
|
-
exports.inviteUser = inviteUser;
|
|
32
|
-
exports.inviteUserAsObservable = inviteUserAsObservable;
|
|
33
31
|
exports.linkUserProxy = linkUserProxy;
|
|
34
32
|
exports.linkUserProxyAsObservable = linkUserProxyAsObservable;
|
|
33
|
+
exports.listUserProxyAccessRoster = listUserProxyAccessRoster;
|
|
34
|
+
exports.listUserProxyAccessRosterAsObservable = listUserProxyAccessRosterAsObservable;
|
|
35
|
+
exports.inviteOrLinkUserProxyByEmail = inviteOrLinkUserProxyByEmail;
|
|
36
|
+
exports.inviteOrLinkUserProxyByEmailAsObservable = inviteOrLinkUserProxyByEmailAsObservable;
|
|
37
|
+
exports.setUserProxyRosterRoles = setUserProxyRosterRoles;
|
|
38
|
+
exports.setUserProxyRosterRolesAsObservable = setUserProxyRosterRolesAsObservable;
|
|
35
39
|
exports.updateUserAccess = updateUserAccess;
|
|
36
40
|
exports.updateUserAccessAsObservable = updateUserAccessAsObservable;
|
|
37
41
|
exports.removeUserAccess = removeUserAccess;
|
|
@@ -62,9 +66,10 @@ exports.canDeleteDataElementAsObservable = canDeleteDataElementAsObservable;
|
|
|
62
66
|
* - `BusinessPrivilege.id` is the stable privilege identifier used by server-validated checks such as `hasBusinessPrivilege`.
|
|
63
67
|
* - Data element access checks use stable data element IDs and resolve to persisted keys on the server.
|
|
64
68
|
* - `ScopeKeyItem` entries define the data scope a user receives for an organization, user proxy, or custom data scope.
|
|
65
|
-
* - `inviteUser` invites an email address through an existing unlinked user proxy record. Create or select that record
|
|
66
|
-
* first, then pass its object key as `userProxyKey`.
|
|
67
69
|
* - `linkUserProxy` links an existing platform user (`userKey`) to an existing unlinked user proxy record.
|
|
70
|
+
* - `listUserProxyAccessRoster` and `inviteOrLinkUserProxyByEmail` are the standard user-access page helpers. They use
|
|
71
|
+
* the access service to join shared user proxy identity records with current-sandbox login, invite, scope, and role
|
|
72
|
+
* state. Do not infer current-solution access from shared proxy records alone.
|
|
68
73
|
*
|
|
69
74
|
* @usage
|
|
70
75
|
* ## When to Use
|
|
@@ -72,7 +77,7 @@ exports.canDeleteDataElementAsObservable = canDeleteDataElementAsObservable;
|
|
|
72
77
|
* - **Show or check business privileges** -> `listBusinessPrivileges`, `hasBusinessPrivilege`, `userPrivileges`
|
|
73
78
|
* - **List users in the current sandbox** -> `listSandboxUsers`
|
|
74
79
|
* - **Inspect one user's access** -> `getUserAccess`
|
|
75
|
-
* - **Invite a user by email** -> `
|
|
80
|
+
* - **Invite or link a user by email** -> `inviteOrLinkUserProxyByEmail`
|
|
76
81
|
* - **Link an existing platform user to a user proxy** -> `linkUserProxy`
|
|
77
82
|
* - **Add or update a user's scope entry** -> `updateUserAccess`
|
|
78
83
|
* - **Remove one user scope entry** -> `removeUserAccess`
|
|
@@ -81,7 +86,7 @@ exports.canDeleteDataElementAsObservable = canDeleteDataElementAsObservable;
|
|
|
81
86
|
* Never submit semantic role IDs as `roleKeys`. Resolve them first:
|
|
82
87
|
* 1. call `listRoles()`
|
|
83
88
|
* 2. find the role where `role.id` matches the semantic ID
|
|
84
|
-
* 3. submit `role.objKey` in `
|
|
89
|
+
* 3. submit `role.objKey` in `InviteOrLinkUserProxyByEmailRequest.roleKeys`, `LinkUserProxyRequest.roleKeys`, or `UpdateAccessRequest.roleKeys`
|
|
85
90
|
*
|
|
86
91
|
* ## Key Functions
|
|
87
92
|
* | Function | Use For |
|
|
@@ -90,8 +95,10 @@ exports.canDeleteDataElementAsObservable = canDeleteDataElementAsObservable;
|
|
|
90
95
|
* | `listBusinessPrivileges` | Read business privilege metadata |
|
|
91
96
|
* | `listSandboxUsers` | Read users with access to the current sandbox |
|
|
92
97
|
* | `getUserAccess` | Read one user's current scope entries and roles |
|
|
93
|
-
* | `inviteUser` | Invite an email address through an existing user proxy and assign initial role keys/scopes |
|
|
94
98
|
* | `linkUserProxy` | Link an existing platform user to an existing user proxy |
|
|
99
|
+
* | `listUserProxyAccessRoster` | Read shared proxy rows enriched with current-sandbox access status |
|
|
100
|
+
* | `inviteOrLinkUserProxyByEmail` | Reuse/create a proxy, invite/link by email, and return refreshed access state |
|
|
101
|
+
* | `setUserProxyRosterRoles` | Update roles for one roster row |
|
|
95
102
|
* | `updateUserAccess` | Add or update one user scope entry |
|
|
96
103
|
* | `removeUserAccess` | Remove one user scope entry |
|
|
97
104
|
* | `hasBusinessPrivilege` | Server-check whether the current user has a privilege ID |
|
|
@@ -121,20 +128,6 @@ exports.canDeleteDataElementAsObservable = canDeleteDataElementAsObservable;
|
|
|
121
128
|
* }
|
|
122
129
|
*
|
|
123
130
|
* @example
|
|
124
|
-
* // Invite an existing unlinked user proxy record
|
|
125
|
-
* const roles = await hx.listRoles();
|
|
126
|
-
* const memberRole = roles.find((role) => role.id === 'householdMember');
|
|
127
|
-
* if (!memberRole?.objKey) {
|
|
128
|
-
* throw new Error('Required role not found.');
|
|
129
|
-
* }
|
|
130
|
-
* await hx.inviteUser({
|
|
131
|
-
* email: 'new-member@example.com',
|
|
132
|
-
* userProxyElementId: 'familyMember',
|
|
133
|
-
* userProxyKey: pendingFamilyMember.objKey,
|
|
134
|
-
* roleKeys: [memberRole.objKey],
|
|
135
|
-
* });
|
|
136
|
-
*
|
|
137
|
-
* @example
|
|
138
131
|
* // Link an existing platform user to an existing unlinked user proxy record
|
|
139
132
|
* await hx.linkUserProxy({
|
|
140
133
|
* userKey: 'usr~00~existing',
|
|
@@ -247,53 +240,102 @@ function getUserAccessAsObservable(userKey) {
|
|
|
247
240
|
return (0, rxjs_1.from)(getUserAccess(userKey));
|
|
248
241
|
}
|
|
249
242
|
/**
|
|
250
|
-
*
|
|
243
|
+
* Links an existing platform user to an existing unlinked user proxy record and assigns role keys for that scope.
|
|
251
244
|
*
|
|
252
|
-
*
|
|
253
|
-
* `req.
|
|
245
|
+
* Use this when the user already exists and you have selected or created the user proxy record that should represent
|
|
246
|
+
* them in the solution. `req.userKey` is the platform user object key. `req.userProxyKey` is the solution user proxy
|
|
247
|
+
* object key. `req.roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
254
248
|
*
|
|
255
|
-
*
|
|
256
|
-
|
|
249
|
+
* @param req - Existing-user link request
|
|
250
|
+
*/
|
|
251
|
+
function linkUserProxy(req) {
|
|
252
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
253
|
+
const roleKeys = req.roleKeys.map((roleKey) => encodeURIComponent(roleKey)).join(',');
|
|
254
|
+
yield axios_1.default.post(`${sdk_general_1.serviceAddress}/access/sandboxes/${sdk_general_1.sandboxKey}/userProxy/${encodeURIComponent(req.userProxyKey)}/${encodeURIComponent(req.userProxyElementId)}/linkProxy?userKey=${encodeURIComponent(req.userKey)}&roleKeys=${roleKeys}`, null, {
|
|
255
|
+
headers: yield authHeaders(),
|
|
256
|
+
});
|
|
257
|
+
});
|
|
258
|
+
}
|
|
259
|
+
/**
|
|
260
|
+
* Observable version of `linkUserProxy`. See `linkUserProxy` for details.
|
|
261
|
+
*/
|
|
262
|
+
function linkUserProxyAsObservable(req) {
|
|
263
|
+
return (0, rxjs_1.from)(linkUserProxy(req));
|
|
264
|
+
}
|
|
265
|
+
/**
|
|
266
|
+
* Lists shared user proxy records enriched with current-sandbox access state.
|
|
257
267
|
*
|
|
258
|
-
*
|
|
259
|
-
*
|
|
268
|
+
* Use this for generated user-access pages. A returned proxy/member record is identity data; `row.hasAccess` and
|
|
269
|
+
* `row.matchingScopeElement` describe whether that identity has access in the current sandbox for the requested
|
|
270
|
+
* org/user-proxy context.
|
|
271
|
+
*
|
|
272
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
273
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
274
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
260
275
|
*/
|
|
261
|
-
function
|
|
276
|
+
function listUserProxyAccessRoster(orgProxyKey, orgProxyElementId, userProxyElementId) {
|
|
262
277
|
return __awaiter(this, void 0, void 0, function* () {
|
|
263
|
-
const response = yield axios_1.default.
|
|
278
|
+
const response = yield axios_1.default.get(`${sdk_general_1.serviceAddress}/access/sandboxes/${sdk_general_1.sandboxKey}/userProxyRoster/${encodeURIComponent(orgProxyKey)}/${encodeURIComponent(orgProxyElementId)}/${encodeURIComponent(userProxyElementId)}`, {
|
|
264
279
|
headers: yield authHeaders(),
|
|
265
280
|
});
|
|
266
281
|
return response.data;
|
|
267
282
|
});
|
|
268
283
|
}
|
|
269
284
|
/**
|
|
270
|
-
* Observable version of `
|
|
285
|
+
* Observable version of `listUserProxyAccessRoster`. See `listUserProxyAccessRoster` for details.
|
|
271
286
|
*/
|
|
272
|
-
function
|
|
273
|
-
return (0, rxjs_1.from)(
|
|
287
|
+
function listUserProxyAccessRosterAsObservable(orgProxyKey, orgProxyElementId, userProxyElementId) {
|
|
288
|
+
return (0, rxjs_1.from)(listUserProxyAccessRoster(orgProxyKey, orgProxyElementId, userProxyElementId));
|
|
274
289
|
}
|
|
275
290
|
/**
|
|
276
|
-
*
|
|
291
|
+
* Invites or links a user by email through the access service roster helper.
|
|
277
292
|
*
|
|
278
|
-
*
|
|
279
|
-
*
|
|
280
|
-
* object key. `req.roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
293
|
+
* The server normalizes email, reuses an existing shared proxy for the same org/user-proxy context when present,
|
|
294
|
+
* creates a proxy only when absent, links active users, refreshes pending invites, and returns the refreshed roster row.
|
|
281
295
|
*
|
|
282
|
-
* @param
|
|
296
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
297
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
298
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
299
|
+
* @param req - Invite/link request
|
|
283
300
|
*/
|
|
284
|
-
function
|
|
301
|
+
function inviteOrLinkUserProxyByEmail(orgProxyKey, orgProxyElementId, userProxyElementId, req) {
|
|
285
302
|
return __awaiter(this, void 0, void 0, function* () {
|
|
286
|
-
const
|
|
287
|
-
yield axios_1.default.post(`${sdk_general_1.serviceAddress}/access/sandboxes/${sdk_general_1.sandboxKey}/userProxy/${encodeURIComponent(req.userProxyKey)}/${encodeURIComponent(req.userProxyElementId)}/linkProxy?userKey=${encodeURIComponent(req.userKey)}&roleKeys=${roleKeys}`, null, {
|
|
303
|
+
const response = yield axios_1.default.post(`${sdk_general_1.serviceAddress}/access/sandboxes/${sdk_general_1.sandboxKey}/userProxyRoster/${encodeURIComponent(orgProxyKey)}/${encodeURIComponent(orgProxyElementId)}/${encodeURIComponent(userProxyElementId)}/inviteOrLink`, req, {
|
|
288
304
|
headers: yield authHeaders(),
|
|
289
305
|
});
|
|
306
|
+
return response.data;
|
|
290
307
|
});
|
|
291
308
|
}
|
|
292
309
|
/**
|
|
293
|
-
* Observable version of `
|
|
310
|
+
* Observable version of `inviteOrLinkUserProxyByEmail`. See `inviteOrLinkUserProxyByEmail` for details.
|
|
294
311
|
*/
|
|
295
|
-
function
|
|
296
|
-
return (0, rxjs_1.from)(
|
|
312
|
+
function inviteOrLinkUserProxyByEmailAsObservable(orgProxyKey, orgProxyElementId, userProxyElementId, req) {
|
|
313
|
+
return (0, rxjs_1.from)(inviteOrLinkUserProxyByEmail(orgProxyKey, orgProxyElementId, userProxyElementId, req));
|
|
314
|
+
}
|
|
315
|
+
/**
|
|
316
|
+
* Updates role keys for one roster row and returns the refreshed row.
|
|
317
|
+
*
|
|
318
|
+
* `roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
319
|
+
*
|
|
320
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
321
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
322
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
323
|
+
* @param proxyKey - User proxy object key for the row being updated
|
|
324
|
+
* @param req - Role update request
|
|
325
|
+
*/
|
|
326
|
+
function setUserProxyRosterRoles(orgProxyKey, orgProxyElementId, userProxyElementId, proxyKey, req) {
|
|
327
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
328
|
+
const response = yield axios_1.default.post(`${sdk_general_1.serviceAddress}/access/sandboxes/${sdk_general_1.sandboxKey}/userProxyRoster/${encodeURIComponent(orgProxyKey)}/${encodeURIComponent(orgProxyElementId)}/${encodeURIComponent(userProxyElementId)}/proxy/${encodeURIComponent(proxyKey)}/roles`, req, {
|
|
329
|
+
headers: yield authHeaders(),
|
|
330
|
+
});
|
|
331
|
+
return response.data;
|
|
332
|
+
});
|
|
333
|
+
}
|
|
334
|
+
/**
|
|
335
|
+
* Observable version of `setUserProxyRosterRoles`. See `setUserProxyRosterRoles` for details.
|
|
336
|
+
*/
|
|
337
|
+
function setUserProxyRosterRolesAsObservable(orgProxyKey, orgProxyElementId, userProxyElementId, proxyKey, req) {
|
|
338
|
+
return (0, rxjs_1.from)(setUserProxyRosterRoles(orgProxyKey, orgProxyElementId, userProxyElementId, proxyKey, req));
|
|
297
339
|
}
|
|
298
340
|
/**
|
|
299
341
|
* Adds or updates one user's sandbox scope entry.
|
package/lib/cjs/index.js
CHANGED
|
@@ -8,8 +8,8 @@
|
|
|
8
8
|
// Unauthorized use outside the Halix platform is prohibited.
|
|
9
9
|
// Full license terms available in the LICENSE file.
|
|
10
10
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
-
exports.
|
|
12
|
-
exports.debounceFn = exports.getValueFromObject = exports.compareValues = exports.sortObjectArray = exports.sendAIMessageAsObservable = exports.sendAIMessage = exports.submitStandalonePaymentAsObservable = exports.submitStandalonePayment = exports.getAggregateDataAsObservable = exports.getAggregateData = exports.AggregationResponse = exports.massDeleteAsObservable = exports.massDelete = exports.massEditAsObservable = exports.massEdit = exports.getListDataAsObservable = exports.getListData = exports.getOrganizationPreferenceAsObservable = exports.getUserPreferenceAsObservable = exports.getOrganizationPreference = exports.getUserPreference = exports.sendMessageAsObservable = exports.sendMessage = exports.MessageMethod = exports.downloadResourceAsObservable = exports.downloadResource = exports.createOrUpdateResourceAsObservable = exports.createOrUpdateResource = exports.sendFileContentsAsObservable = exports.sendFileContents = exports.saveResourceAsObservable = exports.saveResource = exports.getOrCreateResourceAsObservable = exports.getOrCreateResource = exports.canDeleteDataElementAsObservable = exports.canDeleteDataElement = exports.canWriteDataElementAsObservable = exports.canWriteDataElement = exports.canReadDataElementAsObservable = exports.canReadDataElement = exports.hasDataElementAccessAsObservable = exports.hasDataElementAccess = void 0;
|
|
11
|
+
exports.hasBusinessPrivilegeAsObservable = exports.hasBusinessPrivilege = exports.removeUserAccessAsObservable = exports.removeUserAccess = exports.updateUserAccessAsObservable = exports.updateUserAccess = exports.setUserProxyRosterRolesAsObservable = exports.setUserProxyRosterRoles = exports.inviteOrLinkUserProxyByEmailAsObservable = exports.inviteOrLinkUserProxyByEmail = exports.listUserProxyAccessRosterAsObservable = exports.listUserProxyAccessRoster = exports.linkUserProxyAsObservable = exports.linkUserProxy = exports.getUserAccessAsObservable = exports.getUserAccess = exports.listSandboxUsersAsObservable = exports.listSandboxUsers = exports.listBusinessPrivilegesAsObservable = exports.listBusinessPrivileges = exports.listRolesAsObservable = exports.listRoles = exports.deleteRelatedObjectsAsObservable = exports.deleteRelatedObjects = exports.deleteRelatedObjectAsObservable = exports.deleteRelatedObject = exports.deleteObjectAsObservable = exports.deleteObject = exports.saveRelatedObjectAsObservable = exports.saveRelatedObject = exports.saveObjectAsObservable = exports.saveObject = exports.getObjectsAsObservable = exports.getObjects = exports.getAccessibleObjectsAsObservable = exports.getAccessibleObjects = exports.getRelatedObjectsAsObservable = exports.getRelatedObjects = exports.getObjectAsObservable = exports.getObject = exports.prepareErrorResponse = exports.prepareSuccessResponse = exports.initialize = exports.useBody = exports.params = exports.userContext = exports.actionSubject = exports.serviceAddress = exports.sandboxKey = exports.getAuthToken = void 0;
|
|
12
|
+
exports.debounceFn = exports.getValueFromObject = exports.compareValues = exports.sortObjectArray = exports.sendAIMessageAsObservable = exports.sendAIMessage = exports.submitStandalonePaymentAsObservable = exports.submitStandalonePayment = exports.getAggregateDataAsObservable = exports.getAggregateData = exports.AggregationResponse = exports.massDeleteAsObservable = exports.massDelete = exports.massEditAsObservable = exports.massEdit = exports.getListDataAsObservable = exports.getListData = exports.getOrganizationPreferenceAsObservable = exports.getUserPreferenceAsObservable = exports.getOrganizationPreference = exports.getUserPreference = exports.sendMessageAsObservable = exports.sendMessage = exports.MessageMethod = exports.downloadResourceAsObservable = exports.downloadResource = exports.createOrUpdateResourceAsObservable = exports.createOrUpdateResource = exports.sendFileContentsAsObservable = exports.sendFileContents = exports.saveResourceAsObservable = exports.saveResource = exports.getOrCreateResourceAsObservable = exports.getOrCreateResource = exports.canDeleteDataElementAsObservable = exports.canDeleteDataElement = exports.canWriteDataElementAsObservable = exports.canWriteDataElement = exports.canReadDataElementAsObservable = exports.canReadDataElement = exports.hasDataElementAccessAsObservable = exports.hasDataElementAccess = exports.dataElementAccessAsObservable = exports.dataElementAccess = exports.userPrivilegesAsObservable = exports.userPrivileges = void 0;
|
|
13
13
|
/**
|
|
14
14
|
* @module @halix/action-sdk
|
|
15
15
|
* @description Halix Platform action SDK for developing NodeJS Lambda-based actions on the Halix
|
|
@@ -69,10 +69,14 @@ Object.defineProperty(exports, "listSandboxUsers", { enumerable: true, get: func
|
|
|
69
69
|
Object.defineProperty(exports, "listSandboxUsersAsObservable", { enumerable: true, get: function () { return access_1.listSandboxUsersAsObservable; } });
|
|
70
70
|
Object.defineProperty(exports, "getUserAccess", { enumerable: true, get: function () { return access_1.getUserAccess; } });
|
|
71
71
|
Object.defineProperty(exports, "getUserAccessAsObservable", { enumerable: true, get: function () { return access_1.getUserAccessAsObservable; } });
|
|
72
|
-
Object.defineProperty(exports, "inviteUser", { enumerable: true, get: function () { return access_1.inviteUser; } });
|
|
73
|
-
Object.defineProperty(exports, "inviteUserAsObservable", { enumerable: true, get: function () { return access_1.inviteUserAsObservable; } });
|
|
74
72
|
Object.defineProperty(exports, "linkUserProxy", { enumerable: true, get: function () { return access_1.linkUserProxy; } });
|
|
75
73
|
Object.defineProperty(exports, "linkUserProxyAsObservable", { enumerable: true, get: function () { return access_1.linkUserProxyAsObservable; } });
|
|
74
|
+
Object.defineProperty(exports, "listUserProxyAccessRoster", { enumerable: true, get: function () { return access_1.listUserProxyAccessRoster; } });
|
|
75
|
+
Object.defineProperty(exports, "listUserProxyAccessRosterAsObservable", { enumerable: true, get: function () { return access_1.listUserProxyAccessRosterAsObservable; } });
|
|
76
|
+
Object.defineProperty(exports, "inviteOrLinkUserProxyByEmail", { enumerable: true, get: function () { return access_1.inviteOrLinkUserProxyByEmail; } });
|
|
77
|
+
Object.defineProperty(exports, "inviteOrLinkUserProxyByEmailAsObservable", { enumerable: true, get: function () { return access_1.inviteOrLinkUserProxyByEmailAsObservable; } });
|
|
78
|
+
Object.defineProperty(exports, "setUserProxyRosterRoles", { enumerable: true, get: function () { return access_1.setUserProxyRosterRoles; } });
|
|
79
|
+
Object.defineProperty(exports, "setUserProxyRosterRolesAsObservable", { enumerable: true, get: function () { return access_1.setUserProxyRosterRolesAsObservable; } });
|
|
76
80
|
Object.defineProperty(exports, "updateUserAccess", { enumerable: true, get: function () { return access_1.updateUserAccess; } });
|
|
77
81
|
Object.defineProperty(exports, "updateUserAccessAsObservable", { enumerable: true, get: function () { return access_1.updateUserAccessAsObservable; } });
|
|
78
82
|
Object.defineProperty(exports, "removeUserAccess", { enumerable: true, get: function () { return access_1.removeUserAccess; } });
|
|
@@ -81,50 +81,85 @@ export interface UserAccessWrapper {
|
|
|
81
81
|
roles?: Role[];
|
|
82
82
|
}
|
|
83
83
|
/**
|
|
84
|
-
* Request body for
|
|
84
|
+
* Request body for linking an existing platform user to an existing unlinked user proxy record.
|
|
85
|
+
*/
|
|
86
|
+
export interface LinkUserProxyRequest {
|
|
87
|
+
/** Persisted platform user object key to link. */
|
|
88
|
+
userKey: string;
|
|
89
|
+
/** User proxy data element ID for the proxy record being linked. */
|
|
90
|
+
userProxyElementId: string;
|
|
91
|
+
/** Existing unlinked user proxy object key to link to the platform user. */
|
|
92
|
+
userProxyKey: string;
|
|
93
|
+
/** Persisted role object keys (`Role.objKey`). Never pass semantic `Role.id` values here. */
|
|
94
|
+
roleKeys: string[];
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* One row in a user proxy access roster.
|
|
98
|
+
*
|
|
99
|
+
* `userProxy` is the shared identity/member record. `hasAccess` is current-sandbox access state and should be used
|
|
100
|
+
* before rendering someone as active or authorized for the current solution.
|
|
101
|
+
*/
|
|
102
|
+
export interface UserProxyAccessRosterRow {
|
|
103
|
+
/** Shared solution user proxy record. */
|
|
104
|
+
userProxy: Record<string, unknown>;
|
|
105
|
+
/** Linked platform user, when one exists and is visible to the access service. */
|
|
106
|
+
user?: Record<string, unknown>;
|
|
107
|
+
/** Pending invite token metadata, when a pending invite exists. */
|
|
108
|
+
userToken?: Record<string, unknown>;
|
|
109
|
+
/** Whether token lookup failed. */
|
|
110
|
+
userTokenError?: boolean;
|
|
111
|
+
/** Token validation error code, when available. */
|
|
112
|
+
userTokenErrorCode?: string;
|
|
113
|
+
/** User proxy login status such as `Pending`, `Active`, or empty. */
|
|
114
|
+
loginStatus?: string;
|
|
115
|
+
/** Whether the linked user has current-sandbox scope access for this roster context. */
|
|
116
|
+
hasAccess: boolean;
|
|
117
|
+
/** Matching current-sandbox scope element for this proxy/org context. */
|
|
118
|
+
matchingScopeElement?: Record<string, unknown>;
|
|
119
|
+
/** Persisted role object keys assigned on the matching scope element. */
|
|
120
|
+
roleKeys?: string[];
|
|
121
|
+
/** Role metadata for `roleKeys`, when available. */
|
|
122
|
+
roles?: Role[];
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Request body for access-service managed user proxy invite/link flow.
|
|
85
126
|
*/
|
|
86
|
-
export interface
|
|
87
|
-
/** Email address
|
|
127
|
+
export interface InviteOrLinkUserProxyByEmailRequest {
|
|
128
|
+
/** Email address to normalize and invite/link. */
|
|
88
129
|
email: string;
|
|
89
|
-
/** Optional first name
|
|
130
|
+
/** Optional first name to use when the server must create a new proxy. */
|
|
90
131
|
firstName?: string;
|
|
91
|
-
/** Optional last name
|
|
132
|
+
/** Optional last name to use when the server must create a new proxy. */
|
|
92
133
|
lastName?: string;
|
|
93
|
-
/**
|
|
94
|
-
|
|
95
|
-
/** Existing unlinked user proxy object key to invite or link. */
|
|
96
|
-
userProxyKey: string;
|
|
97
|
-
/** Optional organization proxy object key for context; this is not a substitute for `userProxyKey`. */
|
|
98
|
-
orgProxyKey?: string;
|
|
134
|
+
/** Whether the created/reused proxy should be marked as an org proxy admin identity. */
|
|
135
|
+
orgProxyAdmin?: boolean;
|
|
99
136
|
/** Persisted role object keys (`Role.objKey`). Never pass semantic `Role.id` values here. */
|
|
100
137
|
roleKeys: string[];
|
|
101
|
-
/** Optional data scopes granted to the invited user. */
|
|
102
|
-
scopeKeyItems?: ScopeKeyItem[];
|
|
103
138
|
/** Optional notification template identifier. */
|
|
104
139
|
notificationTemplate?: string;
|
|
105
140
|
}
|
|
106
141
|
/**
|
|
107
|
-
*
|
|
142
|
+
* Action performed by `inviteOrLinkUserProxyByEmail`.
|
|
108
143
|
*/
|
|
109
|
-
export
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
144
|
+
export type InviteOrLinkUserProxyAction = 'createdProxyAndInvited' | 'reusedProxyAndInvited' | 'resentInvite' | 'linkedExistingUser' | 'alreadyLinked';
|
|
145
|
+
/**
|
|
146
|
+
* Result returned from access-service managed invite/link flow.
|
|
147
|
+
*
|
|
148
|
+
* `rolesUpdated` is only meaningful for `alreadyLinked` and `linkedExistingUser`. It is false for invite actions
|
|
149
|
+
* because invite role keys are carried by the pending invite/access configuration.
|
|
150
|
+
*/
|
|
151
|
+
export interface InviteOrLinkUserProxyResult {
|
|
152
|
+
/** Server action that was performed. */
|
|
153
|
+
action: InviteOrLinkUserProxyAction;
|
|
154
|
+
/** Whether requested role keys were added or updated on existing current-sandbox access. */
|
|
155
|
+
rolesUpdated?: boolean;
|
|
156
|
+
/** Refreshed roster row after the operation. */
|
|
157
|
+
row: UserProxyAccessRosterRow;
|
|
117
158
|
}
|
|
118
159
|
/**
|
|
119
|
-
* Request body for
|
|
160
|
+
* Request body for setting roles on one roster row.
|
|
120
161
|
*/
|
|
121
|
-
export interface
|
|
122
|
-
/** Persisted platform user object key to link. */
|
|
123
|
-
userKey: string;
|
|
124
|
-
/** User proxy data element ID for the proxy record being linked. */
|
|
125
|
-
userProxyElementId: string;
|
|
126
|
-
/** Existing unlinked user proxy object key to link to the platform user. */
|
|
127
|
-
userProxyKey: string;
|
|
162
|
+
export interface SetUserProxyRosterRolesRequest {
|
|
128
163
|
/** Persisted role object keys (`Role.objKey`). Never pass semantic `Role.id` values here. */
|
|
129
164
|
roleKeys: string[];
|
|
130
165
|
}
|
|
@@ -225,23 +260,6 @@ export declare function getUserAccess(userKey: string): Promise<UserAccessWrappe
|
|
|
225
260
|
* Observable version of `getUserAccess`. See `getUserAccess` for details.
|
|
226
261
|
*/
|
|
227
262
|
export declare function getUserAccessAsObservable(userKey: string): Observable<UserAccessWrapper>;
|
|
228
|
-
/**
|
|
229
|
-
* Invites a user by email and assigns initial sandbox access.
|
|
230
|
-
*
|
|
231
|
-
* The target user proxy record must already exist and be unlinked. Pass that record's persisted object key in
|
|
232
|
-
* `req.userProxyKey` and its data element ID in `req.userProxyElementId`.
|
|
233
|
-
*
|
|
234
|
-
* `req.roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs. Resolve desired
|
|
235
|
-
* semantic IDs with `listRoles` before calling this function.
|
|
236
|
-
*
|
|
237
|
-
* @param req - Invitation and initial access request
|
|
238
|
-
* @returns Promise resolving to invitation result metadata
|
|
239
|
-
*/
|
|
240
|
-
export declare function inviteUser(req: InviteUserRequest): Promise<InviteResult>;
|
|
241
|
-
/**
|
|
242
|
-
* Observable version of `inviteUser`. See `inviteUser` for details.
|
|
243
|
-
*/
|
|
244
|
-
export declare function inviteUserAsObservable(req: InviteUserRequest): Observable<InviteResult>;
|
|
245
263
|
/**
|
|
246
264
|
* Links an existing platform user to an existing unlinked user proxy record and assigns role keys for that scope.
|
|
247
265
|
*
|
|
@@ -256,6 +274,54 @@ export declare function linkUserProxy(req: LinkUserProxyRequest): Promise<void>;
|
|
|
256
274
|
* Observable version of `linkUserProxy`. See `linkUserProxy` for details.
|
|
257
275
|
*/
|
|
258
276
|
export declare function linkUserProxyAsObservable(req: LinkUserProxyRequest): Observable<void>;
|
|
277
|
+
/**
|
|
278
|
+
* Lists shared user proxy records enriched with current-sandbox access state.
|
|
279
|
+
*
|
|
280
|
+
* Use this for generated user-access pages. A returned proxy/member record is identity data; `row.hasAccess` and
|
|
281
|
+
* `row.matchingScopeElement` describe whether that identity has access in the current sandbox for the requested
|
|
282
|
+
* org/user-proxy context.
|
|
283
|
+
*
|
|
284
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
285
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
286
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
287
|
+
*/
|
|
288
|
+
export declare function listUserProxyAccessRoster(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string): Promise<UserProxyAccessRosterRow[]>;
|
|
289
|
+
/**
|
|
290
|
+
* Observable version of `listUserProxyAccessRoster`. See `listUserProxyAccessRoster` for details.
|
|
291
|
+
*/
|
|
292
|
+
export declare function listUserProxyAccessRosterAsObservable(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string): Observable<UserProxyAccessRosterRow[]>;
|
|
293
|
+
/**
|
|
294
|
+
* Invites or links a user by email through the access service roster helper.
|
|
295
|
+
*
|
|
296
|
+
* The server normalizes email, reuses an existing shared proxy for the same org/user-proxy context when present,
|
|
297
|
+
* creates a proxy only when absent, links active users, refreshes pending invites, and returns the refreshed roster row.
|
|
298
|
+
*
|
|
299
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
300
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
301
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
302
|
+
* @param req - Invite/link request
|
|
303
|
+
*/
|
|
304
|
+
export declare function inviteOrLinkUserProxyByEmail(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, req: InviteOrLinkUserProxyByEmailRequest): Promise<InviteOrLinkUserProxyResult>;
|
|
305
|
+
/**
|
|
306
|
+
* Observable version of `inviteOrLinkUserProxyByEmail`. See `inviteOrLinkUserProxyByEmail` for details.
|
|
307
|
+
*/
|
|
308
|
+
export declare function inviteOrLinkUserProxyByEmailAsObservable(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, req: InviteOrLinkUserProxyByEmailRequest): Observable<InviteOrLinkUserProxyResult>;
|
|
309
|
+
/**
|
|
310
|
+
* Updates role keys for one roster row and returns the refreshed row.
|
|
311
|
+
*
|
|
312
|
+
* `roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
313
|
+
*
|
|
314
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
315
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
316
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
317
|
+
* @param proxyKey - User proxy object key for the row being updated
|
|
318
|
+
* @param req - Role update request
|
|
319
|
+
*/
|
|
320
|
+
export declare function setUserProxyRosterRoles(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, proxyKey: string, req: SetUserProxyRosterRolesRequest): Promise<UserProxyAccessRosterRow>;
|
|
321
|
+
/**
|
|
322
|
+
* Observable version of `setUserProxyRosterRoles`. See `setUserProxyRosterRoles` for details.
|
|
323
|
+
*/
|
|
324
|
+
export declare function setUserProxyRosterRolesAsObservable(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, proxyKey: string, req: SetUserProxyRosterRolesRequest): Observable<UserProxyAccessRosterRow>;
|
|
259
325
|
/**
|
|
260
326
|
* Adds or updates one user's sandbox scope entry.
|
|
261
327
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../../src/access.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../../src/access.ts"],"names":[],"mappings":"AAmGA,OAAO,EAAuB,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvD;;GAEG;AACH,MAAM,WAAW,YAAY;IACzB,0FAA0F;IAC1F,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,aAAa,EAAE,MAAM,CAAC;IACtB,kDAAkD;IAClD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED;;;;GAIG;AACH,MAAM,WAAW,IAAI;IACjB,mFAAmF;IACnF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,sDAAsD;IACtD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,sDAAsD;IACtD,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,uDAAuD;IACvD,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,mDAAmD;IACnD,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,qCAAqC;IACrC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAC9B,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4EAA4E;IAC5E,EAAE,EAAE,MAAM,CAAC;IACX,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0CAA0C;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IACxB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oCAAoC;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,aAAa,CAAC,EAAE,OAAO,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAC9B,uDAAuD;IACvD,IAAI,EAAE,OAAO,CAAC;IACd,sCAAsC;IACtC,aAAa,EAAE,OAAO,EAAE,CAAC;IACzB,sEAAsE;IACtE,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACjC,kDAAkD;IAClD,OAAO,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,4EAA4E;IAC5E,YAAY,EAAE,MAAM,CAAC;IACrB,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACrC,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,kFAAkF;IAClF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,mCAAmC;IACnC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,mDAAmD;IACnD,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wFAAwF;IACxF,SAAS,EAAE,OAAO,CAAC;IACnB,yEAAyE;IACzE,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,yEAAyE;IACzE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,oDAAoD;IACpD,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mCAAmC;IAChD,kDAAkD;IAClD,KAAK,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yEAAyE;IACzE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wFAAwF;IACxF,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,MAAM,2BAA2B,GACjC,wBAAwB,GACxB,uBAAuB,GACvB,cAAc,GACd,oBAAoB,GACpB,eAAe,CAAC;AAEtB;;;;;GAKG;AACH,MAAM,WAAW,2BAA2B;IACxC,wCAAwC;IACxC,MAAM,EAAE,2BAA2B,CAAC;IACpC,4FAA4F;IAC5F,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gDAAgD;IAChD,GAAG,EAAE,wBAAwB,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC3C,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,2EAA2E;IAC3E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6FAA6F;IAC7F,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,+CAA+C;IAC/C,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sGAAsG;IACtG,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IACzC,qCAAqC;IACrC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,+EAA+E;IAC/E,YAAY,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC5C,uFAAuF;IACvF,kBAAkB,EAAE,MAAM,EAAE,CAAC;CAChC;AAID;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACpC,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;IACtB,gEAAgE;IAChE,cAAc,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,OAAO,EAAE,OAAO,CAAC;IACjB,yFAAyF;IACzF,QAAQ,EAAE,OAAO,CAAC;IAClB,+EAA+E;IAC/E,SAAS,EAAE,OAAO,CAAC;CACtB;AAWD;;;;;;;GAOG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAKjD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,CAE1D;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAK3E;AAED;;GAEG;AACH,wBAAgB,kCAAkC,IAAI,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAEpF;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,CAK/D;AAED;;GAEG;AACH,wBAAgB,4BAA4B,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC,CAExE;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAK/E;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAExF;AAED;;;;;;;;GAQG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAS5E;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,oBAAoB,GAAG,UAAU,CAAC,IAAI,CAAC,CAErF;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,yBAAyB,CAC3C,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,GAC3B,OAAO,CAAC,wBAAwB,EAAE,CAAC,CAQrC;AAED;;GAEG;AACH,wBAAgB,qCAAqC,CACjD,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,GAC3B,UAAU,CAAC,wBAAwB,EAAE,CAAC,CAExC;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,4BAA4B,CAC9C,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,GAAG,EAAE,mCAAmC,GACzC,OAAO,CAAC,2BAA2B,CAAC,CAStC;AAED;;GAEG;AACH,wBAAgB,wCAAwC,CACpD,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,GAAG,EAAE,mCAAmC,GACzC,UAAU,CAAC,2BAA2B,CAAC,CAEzC;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,CACzC,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,8BAA8B,GACpC,OAAO,CAAC,wBAAwB,CAAC,CASnC;AAED;;GAEG;AACH,wBAAgB,mCAAmC,CAC/C,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,8BAA8B,GACpC,UAAU,CAAC,wBAAwB,CAAC,CAEtC;AAED;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAK/F;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAExG;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAK7F;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAEtG;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAQhF;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAEzF;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAWxD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,CAEjE;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAQ/F;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,CAAC,uBAAuB,CAAC,CAExG;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC,CAYjH;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAC5C,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,qBAAqB,GAC9B,UAAU,CAAC,OAAO,CAAC,CAErB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE1E;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAEzF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE3E;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAE1F;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAE5E;AAED;;GAEG;AACH,wBAAgB,gCAAgC,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAE3F"}
|
package/lib/cjs/types/index.d.ts
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
*/
|
|
6
6
|
export { getAuthToken, sandboxKey, serviceAddress, actionSubject, userContext, params, useBody, initialize, type UserContext, type IncomingEventBody, type BaseActionResponse, type ActionResponse, type NotificationConfig, type ListActionResponse, type FormTemplateActionResponse, type PageTemplateActionResponse, type ObjectSaveActionResponse, type CalculatedFieldActionResponse, type SingleValueActionResponse, type ErrorResponse, prepareSuccessResponse, prepareErrorResponse } from './sdk-general';
|
|
7
7
|
export { type SaveOptions, getObject, getObjectAsObservable, getRelatedObjects, getRelatedObjectsAsObservable, getAccessibleObjects, getAccessibleObjectsAsObservable, getObjects, getObjectsAsObservable, saveObject, saveObjectAsObservable, saveRelatedObject, saveRelatedObjectAsObservable, deleteObject, deleteObjectAsObservable, deleteRelatedObject, deleteRelatedObjectAsObservable, deleteRelatedObjects, deleteRelatedObjectsAsObservable } from './data-crud';
|
|
8
|
-
export { type ScopeKeyItem, type Role, type BusinessPrivilege, type SandboxUser, type UserAccessWrapper, type
|
|
8
|
+
export { type ScopeKeyItem, type Role, type BusinessPrivilege, type SandboxUser, type UserAccessWrapper, type LinkUserProxyRequest, type UserProxyAccessRosterRow, type InviteOrLinkUserProxyByEmailRequest, type InviteOrLinkUserProxyAction, type InviteOrLinkUserProxyResult, type SetUserProxyRosterRolesRequest, type UpdateAccessRequest, type BusinessPrivilegeCheckResult, type CurrentBusinessPrivilegesResult, type DataElementAccessMode, type DataElementAccessResult, listRoles, listRolesAsObservable, listBusinessPrivileges, listBusinessPrivilegesAsObservable, listSandboxUsers, listSandboxUsersAsObservable, getUserAccess, getUserAccessAsObservable, linkUserProxy, linkUserProxyAsObservable, listUserProxyAccessRoster, listUserProxyAccessRosterAsObservable, inviteOrLinkUserProxyByEmail, inviteOrLinkUserProxyByEmailAsObservable, setUserProxyRosterRoles, setUserProxyRosterRolesAsObservable, updateUserAccess, updateUserAccessAsObservable, removeUserAccess, removeUserAccessAsObservable, hasBusinessPrivilege, hasBusinessPrivilegeAsObservable, userPrivileges, userPrivilegesAsObservable, dataElementAccess, dataElementAccessAsObservable, hasDataElementAccess, hasDataElementAccessAsObservable, canReadDataElement, canReadDataElementAsObservable, canWriteDataElement, canWriteDataElementAsObservable, canDeleteDataElement, canDeleteDataElementAsObservable, } from './access';
|
|
9
9
|
export { type ContentResource, getOrCreateResource, getOrCreateResourceAsObservable, saveResource, saveResourceAsObservable, sendFileContents, sendFileContentsAsObservable, createOrUpdateResource, createOrUpdateResourceAsObservable, downloadResource, downloadResourceAsObservable } from './content';
|
|
10
10
|
export { MessageMethod, type MessageRequest, sendMessage, sendMessageAsObservable } from './messaging';
|
|
11
11
|
export { getUserPreference, getOrganizationPreference, getUserPreferenceAsObservable, getOrganizationPreferenceAsObservable } from './preferences';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AASA;;;;GAIG;AAMH,OAAO,EAEH,YAAY,EACZ,UAAU,EACV,cAAc,EACd,aAAa,EACb,WAAW,EACX,MAAM,EACN,OAAO,EAGP,UAAU,EAGV,KAAK,WAAW,EAChB,KAAK,iBAAiB,EAGtB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,6BAA6B,EAClC,KAAK,yBAAyB,EAC9B,KAAK,aAAa,EAGlB,sBAAsB,EACtB,oBAAoB,EACvB,MAAM,eAAe,CAAC;AAMvB,OAAO,EAEH,KAAK,WAAW,EAGhB,SAAS,EACT,qBAAqB,EACrB,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,gCAAgC,EAChC,UAAU,EACV,sBAAsB,EAGtB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,6BAA6B,EAG7B,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,+BAA+B,EAC/B,oBAAoB,EACpB,gCAAgC,EACnC,MAAM,aAAa,CAAC;AAMrB,OAAO,EACH,KAAK,YAAY,EACjB,KAAK,IAAI,EACT,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AASA;;;;GAIG;AAMH,OAAO,EAEH,YAAY,EACZ,UAAU,EACV,cAAc,EACd,aAAa,EACb,WAAW,EACX,MAAM,EACN,OAAO,EAGP,UAAU,EAGV,KAAK,WAAW,EAChB,KAAK,iBAAiB,EAGtB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,6BAA6B,EAClC,KAAK,yBAAyB,EAC9B,KAAK,aAAa,EAGlB,sBAAsB,EACtB,oBAAoB,EACvB,MAAM,eAAe,CAAC;AAMvB,OAAO,EAEH,KAAK,WAAW,EAGhB,SAAS,EACT,qBAAqB,EACrB,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,gCAAgC,EAChC,UAAU,EACV,sBAAsB,EAGtB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,6BAA6B,EAG7B,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,+BAA+B,EAC/B,oBAAoB,EACpB,gCAAgC,EACnC,MAAM,aAAa,CAAC;AAMrB,OAAO,EACH,KAAK,YAAY,EACjB,KAAK,IAAI,EACT,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,EAC7B,KAAK,mCAAmC,EACxC,KAAK,2BAA2B,EAChC,KAAK,2BAA2B,EAChC,KAAK,8BAA8B,EACnC,KAAK,mBAAmB,EACxB,KAAK,4BAA4B,EACjC,KAAK,+BAA+B,EACpC,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,SAAS,EACT,qBAAqB,EACrB,sBAAsB,EACtB,kCAAkC,EAClC,gBAAgB,EAChB,4BAA4B,EAC5B,aAAa,EACb,yBAAyB,EACzB,aAAa,EACb,yBAAyB,EACzB,yBAAyB,EACzB,qCAAqC,EACrC,4BAA4B,EAC5B,wCAAwC,EACxC,uBAAuB,EACvB,mCAAmC,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,gBAAgB,EAChB,4BAA4B,EAC5B,oBAAoB,EACpB,gCAAgC,EAChC,cAAc,EACd,0BAA0B,EAC1B,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,gCAAgC,EAChC,kBAAkB,EAClB,8BAA8B,EAC9B,mBAAmB,EACnB,+BAA+B,EAC/B,oBAAoB,EACpB,gCAAgC,GACnC,MAAM,UAAU,CAAC;AAMlB,OAAO,EAEH,KAAK,eAAe,EAGpB,mBAAmB,EACnB,+BAA+B,EAC/B,YAAY,EACZ,wBAAwB,EACxB,gBAAgB,EAChB,4BAA4B,EAC5B,sBAAsB,EACtB,kCAAkC,EAClC,gBAAgB,EAChB,4BAA4B,EAC/B,MAAM,WAAW,CAAC;AAMnB,OAAO,EAEH,aAAa,EAGb,KAAK,cAAc,EAGnB,WAAW,EACX,uBAAuB,EAC1B,MAAM,aAAa,CAAC;AAMrB,OAAO,EAEH,iBAAiB,EACjB,yBAAyB,EACzB,6BAA6B,EAC7B,qCAAqC,EACxC,MAAM,eAAe,CAAC;AAMvB,OAAO,EAEH,KAAK,SAAS,EACd,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EAGvB,WAAW,EACX,uBAAuB,EACvB,QAAQ,EACR,oBAAoB,EACpB,UAAU,EACV,sBAAsB,EACzB,MAAM,SAAS,CAAC;AAMjB,OAAO,EAEH,mBAAmB,EAGnB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,yBAAyB,EAC9B,KAAK,aAAa,EAClB,KAAK,eAAe,EAGpB,gBAAgB,EAChB,4BAA4B,EAC/B,MAAM,kBAAkB,CAAC;AAM1B,OAAO,EAEH,KAAK,2BAA2B,EAChC,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAG5B,uBAAuB,EACvB,mCAAmC,EACtC,MAAM,YAAY,CAAC;AAMpB,OAAO,EAEH,KAAK,gBAAgB,EAGrB,aAAa,EACb,yBAAyB,EAC5B,MAAM,MAAM,CAAC;AAMd,OAAO,EACH,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,UAAU,EACb,MAAM,aAAa,CAAC"}
|
package/lib/esm/access.js
CHANGED
|
@@ -18,9 +18,10 @@
|
|
|
18
18
|
* - `BusinessPrivilege.id` is the stable privilege identifier used by server-validated checks such as `hasBusinessPrivilege`.
|
|
19
19
|
* - Data element access checks use stable data element IDs and resolve to persisted keys on the server.
|
|
20
20
|
* - `ScopeKeyItem` entries define the data scope a user receives for an organization, user proxy, or custom data scope.
|
|
21
|
-
* - `inviteUser` invites an email address through an existing unlinked user proxy record. Create or select that record
|
|
22
|
-
* first, then pass its object key as `userProxyKey`.
|
|
23
21
|
* - `linkUserProxy` links an existing platform user (`userKey`) to an existing unlinked user proxy record.
|
|
22
|
+
* - `listUserProxyAccessRoster` and `inviteOrLinkUserProxyByEmail` are the standard user-access page helpers. They use
|
|
23
|
+
* the access service to join shared user proxy identity records with current-sandbox login, invite, scope, and role
|
|
24
|
+
* state. Do not infer current-solution access from shared proxy records alone.
|
|
24
25
|
*
|
|
25
26
|
* @usage
|
|
26
27
|
* ## When to Use
|
|
@@ -28,7 +29,7 @@
|
|
|
28
29
|
* - **Show or check business privileges** -> `listBusinessPrivileges`, `hasBusinessPrivilege`, `userPrivileges`
|
|
29
30
|
* - **List users in the current sandbox** -> `listSandboxUsers`
|
|
30
31
|
* - **Inspect one user's access** -> `getUserAccess`
|
|
31
|
-
* - **Invite a user by email** -> `
|
|
32
|
+
* - **Invite or link a user by email** -> `inviteOrLinkUserProxyByEmail`
|
|
32
33
|
* - **Link an existing platform user to a user proxy** -> `linkUserProxy`
|
|
33
34
|
* - **Add or update a user's scope entry** -> `updateUserAccess`
|
|
34
35
|
* - **Remove one user scope entry** -> `removeUserAccess`
|
|
@@ -37,7 +38,7 @@
|
|
|
37
38
|
* Never submit semantic role IDs as `roleKeys`. Resolve them first:
|
|
38
39
|
* 1. call `listRoles()`
|
|
39
40
|
* 2. find the role where `role.id` matches the semantic ID
|
|
40
|
-
* 3. submit `role.objKey` in `
|
|
41
|
+
* 3. submit `role.objKey` in `InviteOrLinkUserProxyByEmailRequest.roleKeys`, `LinkUserProxyRequest.roleKeys`, or `UpdateAccessRequest.roleKeys`
|
|
41
42
|
*
|
|
42
43
|
* ## Key Functions
|
|
43
44
|
* | Function | Use For |
|
|
@@ -46,8 +47,10 @@
|
|
|
46
47
|
* | `listBusinessPrivileges` | Read business privilege metadata |
|
|
47
48
|
* | `listSandboxUsers` | Read users with access to the current sandbox |
|
|
48
49
|
* | `getUserAccess` | Read one user's current scope entries and roles |
|
|
49
|
-
* | `inviteUser` | Invite an email address through an existing user proxy and assign initial role keys/scopes |
|
|
50
50
|
* | `linkUserProxy` | Link an existing platform user to an existing user proxy |
|
|
51
|
+
* | `listUserProxyAccessRoster` | Read shared proxy rows enriched with current-sandbox access status |
|
|
52
|
+
* | `inviteOrLinkUserProxyByEmail` | Reuse/create a proxy, invite/link by email, and return refreshed access state |
|
|
53
|
+
* | `setUserProxyRosterRoles` | Update roles for one roster row |
|
|
51
54
|
* | `updateUserAccess` | Add or update one user scope entry |
|
|
52
55
|
* | `removeUserAccess` | Remove one user scope entry |
|
|
53
56
|
* | `hasBusinessPrivilege` | Server-check whether the current user has a privilege ID |
|
|
@@ -77,20 +80,6 @@
|
|
|
77
80
|
* }
|
|
78
81
|
*
|
|
79
82
|
* @example
|
|
80
|
-
* // Invite an existing unlinked user proxy record
|
|
81
|
-
* const roles = await hx.listRoles();
|
|
82
|
-
* const memberRole = roles.find((role) => role.id === 'householdMember');
|
|
83
|
-
* if (!memberRole?.objKey) {
|
|
84
|
-
* throw new Error('Required role not found.');
|
|
85
|
-
* }
|
|
86
|
-
* await hx.inviteUser({
|
|
87
|
-
* email: 'new-member@example.com',
|
|
88
|
-
* userProxyElementId: 'familyMember',
|
|
89
|
-
* userProxyKey: pendingFamilyMember.objKey,
|
|
90
|
-
* roleKeys: [memberRole.objKey],
|
|
91
|
-
* });
|
|
92
|
-
*
|
|
93
|
-
* @example
|
|
94
83
|
* // Link an existing platform user to an existing unlinked user proxy record
|
|
95
84
|
* await hx.linkUserProxy({
|
|
96
85
|
* userKey: 'usr~00~existing',
|
|
@@ -193,49 +182,94 @@ export function getUserAccessAsObservable(userKey) {
|
|
|
193
182
|
return from(getUserAccess(userKey));
|
|
194
183
|
}
|
|
195
184
|
/**
|
|
196
|
-
*
|
|
185
|
+
* Links an existing platform user to an existing unlinked user proxy record and assigns role keys for that scope.
|
|
197
186
|
*
|
|
198
|
-
*
|
|
199
|
-
* `req.
|
|
187
|
+
* Use this when the user already exists and you have selected or created the user proxy record that should represent
|
|
188
|
+
* them in the solution. `req.userKey` is the platform user object key. `req.userProxyKey` is the solution user proxy
|
|
189
|
+
* object key. `req.roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
200
190
|
*
|
|
201
|
-
*
|
|
202
|
-
|
|
191
|
+
* @param req - Existing-user link request
|
|
192
|
+
*/
|
|
193
|
+
export async function linkUserProxy(req) {
|
|
194
|
+
const roleKeys = req.roleKeys.map((roleKey) => encodeURIComponent(roleKey)).join(',');
|
|
195
|
+
await axios.post(`${serviceAddress}/access/sandboxes/${sandboxKey}/userProxy/${encodeURIComponent(req.userProxyKey)}/${encodeURIComponent(req.userProxyElementId)}/linkProxy?userKey=${encodeURIComponent(req.userKey)}&roleKeys=${roleKeys}`, null, {
|
|
196
|
+
headers: await authHeaders(),
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
/**
|
|
200
|
+
* Observable version of `linkUserProxy`. See `linkUserProxy` for details.
|
|
201
|
+
*/
|
|
202
|
+
export function linkUserProxyAsObservable(req) {
|
|
203
|
+
return from(linkUserProxy(req));
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* Lists shared user proxy records enriched with current-sandbox access state.
|
|
203
207
|
*
|
|
204
|
-
*
|
|
205
|
-
*
|
|
208
|
+
* Use this for generated user-access pages. A returned proxy/member record is identity data; `row.hasAccess` and
|
|
209
|
+
* `row.matchingScopeElement` describe whether that identity has access in the current sandbox for the requested
|
|
210
|
+
* org/user-proxy context.
|
|
211
|
+
*
|
|
212
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
213
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
214
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
206
215
|
*/
|
|
207
|
-
export async function
|
|
208
|
-
const response = await axios.
|
|
216
|
+
export async function listUserProxyAccessRoster(orgProxyKey, orgProxyElementId, userProxyElementId) {
|
|
217
|
+
const response = await axios.get(`${serviceAddress}/access/sandboxes/${sandboxKey}/userProxyRoster/${encodeURIComponent(orgProxyKey)}/${encodeURIComponent(orgProxyElementId)}/${encodeURIComponent(userProxyElementId)}`, {
|
|
209
218
|
headers: await authHeaders(),
|
|
210
219
|
});
|
|
211
220
|
return response.data;
|
|
212
221
|
}
|
|
213
222
|
/**
|
|
214
|
-
* Observable version of `
|
|
223
|
+
* Observable version of `listUserProxyAccessRoster`. See `listUserProxyAccessRoster` for details.
|
|
215
224
|
*/
|
|
216
|
-
export function
|
|
217
|
-
return from(
|
|
225
|
+
export function listUserProxyAccessRosterAsObservable(orgProxyKey, orgProxyElementId, userProxyElementId) {
|
|
226
|
+
return from(listUserProxyAccessRoster(orgProxyKey, orgProxyElementId, userProxyElementId));
|
|
218
227
|
}
|
|
219
228
|
/**
|
|
220
|
-
*
|
|
229
|
+
* Invites or links a user by email through the access service roster helper.
|
|
221
230
|
*
|
|
222
|
-
*
|
|
223
|
-
*
|
|
224
|
-
* object key. `req.roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
231
|
+
* The server normalizes email, reuses an existing shared proxy for the same org/user-proxy context when present,
|
|
232
|
+
* creates a proxy only when absent, links active users, refreshes pending invites, and returns the refreshed roster row.
|
|
225
233
|
*
|
|
226
|
-
* @param
|
|
234
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
235
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
236
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
237
|
+
* @param req - Invite/link request
|
|
227
238
|
*/
|
|
228
|
-
export async function
|
|
229
|
-
const
|
|
230
|
-
await axios.post(`${serviceAddress}/access/sandboxes/${sandboxKey}/userProxy/${encodeURIComponent(req.userProxyKey)}/${encodeURIComponent(req.userProxyElementId)}/linkProxy?userKey=${encodeURIComponent(req.userKey)}&roleKeys=${roleKeys}`, null, {
|
|
239
|
+
export async function inviteOrLinkUserProxyByEmail(orgProxyKey, orgProxyElementId, userProxyElementId, req) {
|
|
240
|
+
const response = await axios.post(`${serviceAddress}/access/sandboxes/${sandboxKey}/userProxyRoster/${encodeURIComponent(orgProxyKey)}/${encodeURIComponent(orgProxyElementId)}/${encodeURIComponent(userProxyElementId)}/inviteOrLink`, req, {
|
|
231
241
|
headers: await authHeaders(),
|
|
232
242
|
});
|
|
243
|
+
return response.data;
|
|
233
244
|
}
|
|
234
245
|
/**
|
|
235
|
-
* Observable version of `
|
|
246
|
+
* Observable version of `inviteOrLinkUserProxyByEmail`. See `inviteOrLinkUserProxyByEmail` for details.
|
|
236
247
|
*/
|
|
237
|
-
export function
|
|
238
|
-
return from(
|
|
248
|
+
export function inviteOrLinkUserProxyByEmailAsObservable(orgProxyKey, orgProxyElementId, userProxyElementId, req) {
|
|
249
|
+
return from(inviteOrLinkUserProxyByEmail(orgProxyKey, orgProxyElementId, userProxyElementId, req));
|
|
250
|
+
}
|
|
251
|
+
/**
|
|
252
|
+
* Updates role keys for one roster row and returns the refreshed row.
|
|
253
|
+
*
|
|
254
|
+
* `roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
255
|
+
*
|
|
256
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
257
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
258
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
259
|
+
* @param proxyKey - User proxy object key for the row being updated
|
|
260
|
+
* @param req - Role update request
|
|
261
|
+
*/
|
|
262
|
+
export async function setUserProxyRosterRoles(orgProxyKey, orgProxyElementId, userProxyElementId, proxyKey, req) {
|
|
263
|
+
const response = await axios.post(`${serviceAddress}/access/sandboxes/${sandboxKey}/userProxyRoster/${encodeURIComponent(orgProxyKey)}/${encodeURIComponent(orgProxyElementId)}/${encodeURIComponent(userProxyElementId)}/proxy/${encodeURIComponent(proxyKey)}/roles`, req, {
|
|
264
|
+
headers: await authHeaders(),
|
|
265
|
+
});
|
|
266
|
+
return response.data;
|
|
267
|
+
}
|
|
268
|
+
/**
|
|
269
|
+
* Observable version of `setUserProxyRosterRoles`. See `setUserProxyRosterRoles` for details.
|
|
270
|
+
*/
|
|
271
|
+
export function setUserProxyRosterRolesAsObservable(orgProxyKey, orgProxyElementId, userProxyElementId, proxyKey, req) {
|
|
272
|
+
return from(setUserProxyRosterRoles(orgProxyKey, orgProxyElementId, userProxyElementId, proxyKey, req));
|
|
239
273
|
}
|
|
240
274
|
/**
|
|
241
275
|
* Adds or updates one user's sandbox scope entry.
|
package/lib/esm/access.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.js","sourceRoot":"","sources":["../../src/access.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,EAAE;AACF,6DAA6D;AAC7D,oDAAoD;AAEpD
|
|
1
|
+
{"version":3,"file":"access.js","sourceRoot":"","sources":["../../src/access.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,EAAE;AACF,6DAA6D;AAC7D,oDAAoD;AAEpD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuFG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,IAAI,EAAE,aAAa,EAAc,MAAM,MAAM,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AA6OzE,KAAK,UAAU,WAAW;IACtB,IAAI,CAAC,YAAY,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,CAAC,CAAC;IACtD,OAAO,EAAE,aAAa,EAAE,UAAU,SAAS,EAAE,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS;IAC3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,cAAc,qBAAqB,UAAU,WAAW,EAAE;QAC1F,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACjC,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IACxC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,cAAc,qBAAqB,UAAU,qBAAqB,EAAE;QACpG,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kCAAkC;IAC9C,OAAO,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IAClC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,cAAc,qBAAqB,UAAU,QAAQ,EAAE;QACvF,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B;IACxC,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe;IAC/C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,cAAc,qBAAqB,UAAU,SAAS,OAAO,SAAS,EAAE;QACxG,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAe;IACrD,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAyB;IACzD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtF,MAAM,KAAK,CAAC,IAAI,CACZ,GAAG,cAAc,qBAAqB,UAAU,cAAc,kBAAkB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,kBAAkB,CAAC,GAAG,CAAC,kBAAkB,CAAC,sBAAsB,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,QAAQ,EAAE,EAC5N,IAAI,EACJ;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,GAAyB;IAC/D,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;AACpC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC3C,WAAmB,EACnB,iBAAyB,EACzB,kBAA0B;IAE1B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAC5B,GAAG,cAAc,qBAAqB,UAAU,oBAAoB,kBAAkB,CAAC,WAAW,CAAC,IAAI,kBAAkB,CAAC,iBAAiB,CAAC,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,EAAE,EACxL;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;IACF,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qCAAqC,CACjD,WAAmB,EACnB,iBAAyB,EACzB,kBAA0B;IAE1B,OAAO,IAAI,CAAC,yBAAyB,CAAC,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAC9C,WAAmB,EACnB,iBAAyB,EACzB,kBAA0B,EAC1B,GAAwC;IAExC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAC7B,GAAG,cAAc,qBAAqB,UAAU,oBAAoB,kBAAkB,CAAC,WAAW,CAAC,IAAI,kBAAkB,CAAC,iBAAiB,CAAC,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,eAAe,EACrM,GAAG,EACH;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;IACF,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wCAAwC,CACpD,WAAmB,EACnB,iBAAyB,EACzB,kBAA0B,EAC1B,GAAwC;IAExC,OAAO,IAAI,CAAC,4BAA4B,CAAC,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,GAAG,CAAC,CAAC,CAAC;AACvG,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CACzC,WAAmB,EACnB,iBAAyB,EACzB,kBAA0B,EAC1B,QAAgB,EAChB,GAAmC;IAEnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAC7B,GAAG,cAAc,qBAAqB,UAAU,oBAAoB,kBAAkB,CAAC,WAAW,CAAC,IAAI,kBAAkB,CAAC,iBAAiB,CAAC,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,UAAU,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,EACpO,GAAG,EACH;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;IACF,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mCAAmC,CAC/C,WAAmB,EACnB,iBAAyB,EACzB,kBAA0B,EAC1B,QAAgB,EAChB,GAAmC;IAEnC,OAAO,IAAI,CAAC,uBAAuB,CAAC,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;AAC5G,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAe,EAAE,GAAwB;IAC5E,MAAM,IAAI,GAAG,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,iBAAiB,CAAC;IAC3E,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,cAAc,qBAAqB,UAAU,SAAS,OAAO,IAAI,IAAI,EAAE,EAAE,GAAG,EAAE;QAC9F,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAAC,OAAe,EAAE,GAAwB;IAClF,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAe,EAAE,cAAsB;IAC1E,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,cAAc,qBAAqB,UAAU,SAAS,OAAO,sBAAsB,EAAE;QACvG,OAAO,EAAE,MAAM,WAAW,EAAE;QAC5B,IAAI,EAAE,EAAE,eAAe,EAAE,CAAC,cAAc,CAAC,EAAE;KAC9C,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAAC,OAAe,EAAE,cAAsB;IAChF,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,WAAmB;IAC1D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAC5B,GAAG,cAAc,qBAAqB,UAAU,uBAAuB,kBAAkB,CAAC,WAAW,CAAC,0BAA0B,EAChI;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;IACF,OAAO,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAAC,WAAmB;IAChE,OAAO,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAChC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAC5B,GAAG,cAAc,qBAAqB,UAAU,4BAA4B,EAC5E;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;IACF,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,OAAO,QAAQ,CAAC,IAAI,CAAC;IACzB,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B;IACtC,OAAO,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,aAAqB;IACzD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAC5B,GAAG,cAAc,qBAAqB,UAAU,iBAAiB,kBAAkB,CAAC,aAAa,CAAC,oBAAoB,EACtH;QACI,OAAO,EAAE,MAAM,WAAW,EAAE;KAC/B,CACJ,CAAC;IACF,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,6BAA6B,CAAC,aAAqB;IAC/D,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,aAAqB,EAAE,MAA6B;IAC3F,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC;IACtD,QAAQ,MAAM,EAAE,CAAC;QACb,KAAK,MAAM;YACP,OAAO,MAAM,CAAC,OAAO,CAAC;QAC1B,KAAK,OAAO;YACR,OAAO,MAAM,CAAC,QAAQ,CAAC;QAC3B,KAAK,QAAQ;YACT,OAAO,MAAM,CAAC,SAAS,CAAC;QAC5B;YACI,OAAO,KAAK,CAAC;IACrB,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAC5C,aAAqB,EACrB,MAA6B;IAE7B,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,aAAqB;IACpD,OAAO,oBAAoB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,aAAqB;IAChE,OAAO,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,aAAqB;IACrD,OAAO,oBAAoB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAAC,aAAqB;IACjE,OAAO,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,aAAqB;IACtD,OAAO,oBAAoB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAAC,aAAqB;IAClE,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC,CAAC;AACrD,CAAC"}
|
package/lib/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,EAAE;AACF,6DAA6D;AAC7D,oDAAoD;AAEpD;;;;GAIG;AAEH,mFAAmF;AACnF,sDAAsD;AACtD,mFAAmF;AAEnF,OAAO;AACH,UAAU;AACV,YAAY,EACZ,UAAU,EACV,cAAc,EACd,aAAa,EACb,WAAW,EACX,MAAM,EACN,OAAO;AAEP,iBAAiB;AACjB,UAAU;AAkBV,mBAAmB;AACnB,sBAAsB,EACtB,oBAAoB,EACvB,MAAM,eAAe,CAAC;AAEvB,mFAAmF;AACnF,sBAAsB;AACtB,mFAAmF;AAEnF,OAAO;AAIH,iBAAiB;AACjB,SAAS,EACT,qBAAqB,EACrB,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,gCAAgC,EAChC,UAAU,EACV,sBAAsB;AAEtB,YAAY;AACZ,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,6BAA6B;AAE7B,cAAc;AACd,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,+BAA+B,EAC/B,oBAAoB,EACpB,gCAAgC,EACnC,MAAM,aAAa,CAAC;AAErB,mFAAmF;AACnF,mBAAmB;AACnB,mFAAmF;AAEnF,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,mCAAmC;AACnC,EAAE;AACF,oEAAoE;AACpE,0EAA0E;AAC1E,EAAE;AACF,6DAA6D;AAC7D,oDAAoD;AAEpD;;;;GAIG;AAEH,mFAAmF;AACnF,sDAAsD;AACtD,mFAAmF;AAEnF,OAAO;AACH,UAAU;AACV,YAAY,EACZ,UAAU,EACV,cAAc,EACd,aAAa,EACb,WAAW,EACX,MAAM,EACN,OAAO;AAEP,iBAAiB;AACjB,UAAU;AAkBV,mBAAmB;AACnB,sBAAsB,EACtB,oBAAoB,EACvB,MAAM,eAAe,CAAC;AAEvB,mFAAmF;AACnF,sBAAsB;AACtB,mFAAmF;AAEnF,OAAO;AAIH,iBAAiB;AACjB,SAAS,EACT,qBAAqB,EACrB,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,gCAAgC,EAChC,UAAU,EACV,sBAAsB;AAEtB,YAAY;AACZ,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,6BAA6B;AAE7B,cAAc;AACd,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,+BAA+B,EAC/B,oBAAoB,EACpB,gCAAgC,EACnC,MAAM,aAAa,CAAC;AAErB,mFAAmF;AACnF,mBAAmB;AACnB,mFAAmF;AAEnF,OAAO,EAiBH,SAAS,EACT,qBAAqB,EACrB,sBAAsB,EACtB,kCAAkC,EAClC,gBAAgB,EAChB,4BAA4B,EAC5B,aAAa,EACb,yBAAyB,EACzB,aAAa,EACb,yBAAyB,EACzB,yBAAyB,EACzB,qCAAqC,EACrC,4BAA4B,EAC5B,wCAAwC,EACxC,uBAAuB,EACvB,mCAAmC,EACnC,gBAAgB,EAChB,4BAA4B,EAC5B,gBAAgB,EAChB,4BAA4B,EAC5B,oBAAoB,EACpB,gCAAgC,EAChC,cAAc,EACd,0BAA0B,EAC1B,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,gCAAgC,EAChC,kBAAkB,EAClB,8BAA8B,EAC9B,mBAAmB,EACnB,+BAA+B,EAC/B,oBAAoB,EACpB,gCAAgC,GACnC,MAAM,UAAU,CAAC;AAElB,mFAAmF;AACnF,oBAAoB;AACpB,mFAAmF;AAEnF,OAAO;AAIH,oBAAoB;AACpB,mBAAmB,EACnB,+BAA+B,EAC/B,YAAY,EACZ,wBAAwB,EACxB,gBAAgB,EAChB,4BAA4B,EAC5B,sBAAsB,EACtB,kCAAkC,EAClC,gBAAgB,EAChB,4BAA4B,EAC/B,MAAM,WAAW,CAAC;AAEnB,mFAAmF;AACnF,sBAAsB;AACtB,mFAAmF;AAEnF,OAAO;AACH,kBAAkB;AAClB,aAAa;AAKb,sBAAsB;AACtB,WAAW,EACX,uBAAuB,EAC1B,MAAM,aAAa,CAAC;AAErB,mFAAmF;AACnF,uBAAuB;AACvB,mFAAmF;AAEnF,OAAO;AACH,uBAAuB;AACvB,iBAAiB,EACjB,yBAAyB,EACzB,6BAA6B,EAC7B,qCAAqC,EACxC,MAAM,eAAe,CAAC;AAEvB,mFAAmF;AACnF,sBAAsB;AACtB,mFAAmF;AAEnF,OAAO;AAcH,YAAY;AACZ,WAAW,EACX,uBAAuB,EACvB,QAAQ,EACR,oBAAoB,EACpB,UAAU,EACV,sBAAsB,EACzB,MAAM,SAAS,CAAC;AAEjB,mFAAmF;AACnF,2BAA2B;AAC3B,mFAAmF;AAEnF,OAAO;AACH,UAAU;AACV,mBAAmB;AAYnB,YAAY;AACZ,gBAAgB,EAChB,4BAA4B,EAC/B,MAAM,kBAAkB,CAAC;AAE1B,mFAAmF;AACnF,oBAAoB;AACpB,mFAAmF;AAEnF,OAAO;AAMH,YAAY;AACZ,uBAAuB,EACvB,mCAAmC,EACtC,MAAM,YAAY,CAAC;AAEpB,mFAAmF;AACnF,eAAe;AACf,mFAAmF;AAEnF,OAAO;AAIH,eAAe;AACf,aAAa,EACb,yBAAyB,EAC5B,MAAM,MAAM,CAAC;AAEd,mFAAmF;AACnF,oBAAoB;AACpB,mFAAmF;AAEnF,OAAO,EACH,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,UAAU,EACb,MAAM,aAAa,CAAC"}
|
package/lib/esm/index.mjs
CHANGED
|
@@ -34,7 +34,7 @@ deleteObject, deleteObjectAsObservable, deleteRelatedObject, deleteRelatedObject
|
|
|
34
34
|
// ================================================================================
|
|
35
35
|
// ACCESS FUNCTIONS
|
|
36
36
|
// ================================================================================
|
|
37
|
-
export { listRoles, listRolesAsObservable, listBusinessPrivileges, listBusinessPrivilegesAsObservable, listSandboxUsers, listSandboxUsersAsObservable, getUserAccess, getUserAccessAsObservable,
|
|
37
|
+
export { listRoles, listRolesAsObservable, listBusinessPrivileges, listBusinessPrivilegesAsObservable, listSandboxUsers, listSandboxUsersAsObservable, getUserAccess, getUserAccessAsObservable, linkUserProxy, linkUserProxyAsObservable, listUserProxyAccessRoster, listUserProxyAccessRosterAsObservable, inviteOrLinkUserProxyByEmail, inviteOrLinkUserProxyByEmailAsObservable, setUserProxyRosterRoles, setUserProxyRosterRolesAsObservable, updateUserAccess, updateUserAccessAsObservable, removeUserAccess, removeUserAccessAsObservable, hasBusinessPrivilege, hasBusinessPrivilegeAsObservable, userPrivileges, userPrivilegesAsObservable, dataElementAccess, dataElementAccessAsObservable, hasDataElementAccess, hasDataElementAccessAsObservable, canReadDataElement, canReadDataElementAsObservable, canWriteDataElement, canWriteDataElementAsObservable, canDeleteDataElement, canDeleteDataElementAsObservable, } from './access';
|
|
38
38
|
// ================================================================================
|
|
39
39
|
// CONTENT FUNCTIONS
|
|
40
40
|
// ================================================================================
|
|
@@ -81,50 +81,85 @@ export interface UserAccessWrapper {
|
|
|
81
81
|
roles?: Role[];
|
|
82
82
|
}
|
|
83
83
|
/**
|
|
84
|
-
* Request body for
|
|
84
|
+
* Request body for linking an existing platform user to an existing unlinked user proxy record.
|
|
85
|
+
*/
|
|
86
|
+
export interface LinkUserProxyRequest {
|
|
87
|
+
/** Persisted platform user object key to link. */
|
|
88
|
+
userKey: string;
|
|
89
|
+
/** User proxy data element ID for the proxy record being linked. */
|
|
90
|
+
userProxyElementId: string;
|
|
91
|
+
/** Existing unlinked user proxy object key to link to the platform user. */
|
|
92
|
+
userProxyKey: string;
|
|
93
|
+
/** Persisted role object keys (`Role.objKey`). Never pass semantic `Role.id` values here. */
|
|
94
|
+
roleKeys: string[];
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* One row in a user proxy access roster.
|
|
98
|
+
*
|
|
99
|
+
* `userProxy` is the shared identity/member record. `hasAccess` is current-sandbox access state and should be used
|
|
100
|
+
* before rendering someone as active or authorized for the current solution.
|
|
101
|
+
*/
|
|
102
|
+
export interface UserProxyAccessRosterRow {
|
|
103
|
+
/** Shared solution user proxy record. */
|
|
104
|
+
userProxy: Record<string, unknown>;
|
|
105
|
+
/** Linked platform user, when one exists and is visible to the access service. */
|
|
106
|
+
user?: Record<string, unknown>;
|
|
107
|
+
/** Pending invite token metadata, when a pending invite exists. */
|
|
108
|
+
userToken?: Record<string, unknown>;
|
|
109
|
+
/** Whether token lookup failed. */
|
|
110
|
+
userTokenError?: boolean;
|
|
111
|
+
/** Token validation error code, when available. */
|
|
112
|
+
userTokenErrorCode?: string;
|
|
113
|
+
/** User proxy login status such as `Pending`, `Active`, or empty. */
|
|
114
|
+
loginStatus?: string;
|
|
115
|
+
/** Whether the linked user has current-sandbox scope access for this roster context. */
|
|
116
|
+
hasAccess: boolean;
|
|
117
|
+
/** Matching current-sandbox scope element for this proxy/org context. */
|
|
118
|
+
matchingScopeElement?: Record<string, unknown>;
|
|
119
|
+
/** Persisted role object keys assigned on the matching scope element. */
|
|
120
|
+
roleKeys?: string[];
|
|
121
|
+
/** Role metadata for `roleKeys`, when available. */
|
|
122
|
+
roles?: Role[];
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Request body for access-service managed user proxy invite/link flow.
|
|
85
126
|
*/
|
|
86
|
-
export interface
|
|
87
|
-
/** Email address
|
|
127
|
+
export interface InviteOrLinkUserProxyByEmailRequest {
|
|
128
|
+
/** Email address to normalize and invite/link. */
|
|
88
129
|
email: string;
|
|
89
|
-
/** Optional first name
|
|
130
|
+
/** Optional first name to use when the server must create a new proxy. */
|
|
90
131
|
firstName?: string;
|
|
91
|
-
/** Optional last name
|
|
132
|
+
/** Optional last name to use when the server must create a new proxy. */
|
|
92
133
|
lastName?: string;
|
|
93
|
-
/**
|
|
94
|
-
|
|
95
|
-
/** Existing unlinked user proxy object key to invite or link. */
|
|
96
|
-
userProxyKey: string;
|
|
97
|
-
/** Optional organization proxy object key for context; this is not a substitute for `userProxyKey`. */
|
|
98
|
-
orgProxyKey?: string;
|
|
134
|
+
/** Whether the created/reused proxy should be marked as an org proxy admin identity. */
|
|
135
|
+
orgProxyAdmin?: boolean;
|
|
99
136
|
/** Persisted role object keys (`Role.objKey`). Never pass semantic `Role.id` values here. */
|
|
100
137
|
roleKeys: string[];
|
|
101
|
-
/** Optional data scopes granted to the invited user. */
|
|
102
|
-
scopeKeyItems?: ScopeKeyItem[];
|
|
103
138
|
/** Optional notification template identifier. */
|
|
104
139
|
notificationTemplate?: string;
|
|
105
140
|
}
|
|
106
141
|
/**
|
|
107
|
-
*
|
|
142
|
+
* Action performed by `inviteOrLinkUserProxyByEmail`.
|
|
108
143
|
*/
|
|
109
|
-
export
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
144
|
+
export type InviteOrLinkUserProxyAction = 'createdProxyAndInvited' | 'reusedProxyAndInvited' | 'resentInvite' | 'linkedExistingUser' | 'alreadyLinked';
|
|
145
|
+
/**
|
|
146
|
+
* Result returned from access-service managed invite/link flow.
|
|
147
|
+
*
|
|
148
|
+
* `rolesUpdated` is only meaningful for `alreadyLinked` and `linkedExistingUser`. It is false for invite actions
|
|
149
|
+
* because invite role keys are carried by the pending invite/access configuration.
|
|
150
|
+
*/
|
|
151
|
+
export interface InviteOrLinkUserProxyResult {
|
|
152
|
+
/** Server action that was performed. */
|
|
153
|
+
action: InviteOrLinkUserProxyAction;
|
|
154
|
+
/** Whether requested role keys were added or updated on existing current-sandbox access. */
|
|
155
|
+
rolesUpdated?: boolean;
|
|
156
|
+
/** Refreshed roster row after the operation. */
|
|
157
|
+
row: UserProxyAccessRosterRow;
|
|
117
158
|
}
|
|
118
159
|
/**
|
|
119
|
-
* Request body for
|
|
160
|
+
* Request body for setting roles on one roster row.
|
|
120
161
|
*/
|
|
121
|
-
export interface
|
|
122
|
-
/** Persisted platform user object key to link. */
|
|
123
|
-
userKey: string;
|
|
124
|
-
/** User proxy data element ID for the proxy record being linked. */
|
|
125
|
-
userProxyElementId: string;
|
|
126
|
-
/** Existing unlinked user proxy object key to link to the platform user. */
|
|
127
|
-
userProxyKey: string;
|
|
162
|
+
export interface SetUserProxyRosterRolesRequest {
|
|
128
163
|
/** Persisted role object keys (`Role.objKey`). Never pass semantic `Role.id` values here. */
|
|
129
164
|
roleKeys: string[];
|
|
130
165
|
}
|
|
@@ -225,23 +260,6 @@ export declare function getUserAccess(userKey: string): Promise<UserAccessWrappe
|
|
|
225
260
|
* Observable version of `getUserAccess`. See `getUserAccess` for details.
|
|
226
261
|
*/
|
|
227
262
|
export declare function getUserAccessAsObservable(userKey: string): Observable<UserAccessWrapper>;
|
|
228
|
-
/**
|
|
229
|
-
* Invites a user by email and assigns initial sandbox access.
|
|
230
|
-
*
|
|
231
|
-
* The target user proxy record must already exist and be unlinked. Pass that record's persisted object key in
|
|
232
|
-
* `req.userProxyKey` and its data element ID in `req.userProxyElementId`.
|
|
233
|
-
*
|
|
234
|
-
* `req.roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs. Resolve desired
|
|
235
|
-
* semantic IDs with `listRoles` before calling this function.
|
|
236
|
-
*
|
|
237
|
-
* @param req - Invitation and initial access request
|
|
238
|
-
* @returns Promise resolving to invitation result metadata
|
|
239
|
-
*/
|
|
240
|
-
export declare function inviteUser(req: InviteUserRequest): Promise<InviteResult>;
|
|
241
|
-
/**
|
|
242
|
-
* Observable version of `inviteUser`. See `inviteUser` for details.
|
|
243
|
-
*/
|
|
244
|
-
export declare function inviteUserAsObservable(req: InviteUserRequest): Observable<InviteResult>;
|
|
245
263
|
/**
|
|
246
264
|
* Links an existing platform user to an existing unlinked user proxy record and assigns role keys for that scope.
|
|
247
265
|
*
|
|
@@ -256,6 +274,54 @@ export declare function linkUserProxy(req: LinkUserProxyRequest): Promise<void>;
|
|
|
256
274
|
* Observable version of `linkUserProxy`. See `linkUserProxy` for details.
|
|
257
275
|
*/
|
|
258
276
|
export declare function linkUserProxyAsObservable(req: LinkUserProxyRequest): Observable<void>;
|
|
277
|
+
/**
|
|
278
|
+
* Lists shared user proxy records enriched with current-sandbox access state.
|
|
279
|
+
*
|
|
280
|
+
* Use this for generated user-access pages. A returned proxy/member record is identity data; `row.hasAccess` and
|
|
281
|
+
* `row.matchingScopeElement` describe whether that identity has access in the current sandbox for the requested
|
|
282
|
+
* org/user-proxy context.
|
|
283
|
+
*
|
|
284
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
285
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
286
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
287
|
+
*/
|
|
288
|
+
export declare function listUserProxyAccessRoster(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string): Promise<UserProxyAccessRosterRow[]>;
|
|
289
|
+
/**
|
|
290
|
+
* Observable version of `listUserProxyAccessRoster`. See `listUserProxyAccessRoster` for details.
|
|
291
|
+
*/
|
|
292
|
+
export declare function listUserProxyAccessRosterAsObservable(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string): Observable<UserProxyAccessRosterRow[]>;
|
|
293
|
+
/**
|
|
294
|
+
* Invites or links a user by email through the access service roster helper.
|
|
295
|
+
*
|
|
296
|
+
* The server normalizes email, reuses an existing shared proxy for the same org/user-proxy context when present,
|
|
297
|
+
* creates a proxy only when absent, links active users, refreshes pending invites, and returns the refreshed roster row.
|
|
298
|
+
*
|
|
299
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
300
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
301
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
302
|
+
* @param req - Invite/link request
|
|
303
|
+
*/
|
|
304
|
+
export declare function inviteOrLinkUserProxyByEmail(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, req: InviteOrLinkUserProxyByEmailRequest): Promise<InviteOrLinkUserProxyResult>;
|
|
305
|
+
/**
|
|
306
|
+
* Observable version of `inviteOrLinkUserProxyByEmail`. See `inviteOrLinkUserProxyByEmail` for details.
|
|
307
|
+
*/
|
|
308
|
+
export declare function inviteOrLinkUserProxyByEmailAsObservable(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, req: InviteOrLinkUserProxyByEmailRequest): Observable<InviteOrLinkUserProxyResult>;
|
|
309
|
+
/**
|
|
310
|
+
* Updates role keys for one roster row and returns the refreshed row.
|
|
311
|
+
*
|
|
312
|
+
* `roleKeys` must contain persisted role object keys from `Role.objKey`, not semantic role IDs.
|
|
313
|
+
*
|
|
314
|
+
* @param orgProxyKey - Organization proxy object key for the roster context
|
|
315
|
+
* @param orgProxyElementId - Organization proxy data element ID
|
|
316
|
+
* @param userProxyElementId - User proxy/member data element ID
|
|
317
|
+
* @param proxyKey - User proxy object key for the row being updated
|
|
318
|
+
* @param req - Role update request
|
|
319
|
+
*/
|
|
320
|
+
export declare function setUserProxyRosterRoles(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, proxyKey: string, req: SetUserProxyRosterRolesRequest): Promise<UserProxyAccessRosterRow>;
|
|
321
|
+
/**
|
|
322
|
+
* Observable version of `setUserProxyRosterRoles`. See `setUserProxyRosterRoles` for details.
|
|
323
|
+
*/
|
|
324
|
+
export declare function setUserProxyRosterRolesAsObservable(orgProxyKey: string, orgProxyElementId: string, userProxyElementId: string, proxyKey: string, req: SetUserProxyRosterRolesRequest): Observable<UserProxyAccessRosterRow>;
|
|
259
325
|
/**
|
|
260
326
|
* Adds or updates one user's sandbox scope entry.
|
|
261
327
|
*
|
package/lib/esm/types/index.d.ts
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
*/
|
|
6
6
|
export { getAuthToken, sandboxKey, serviceAddress, actionSubject, userContext, params, useBody, initialize, type UserContext, type IncomingEventBody, type BaseActionResponse, type ActionResponse, type NotificationConfig, type ListActionResponse, type FormTemplateActionResponse, type PageTemplateActionResponse, type ObjectSaveActionResponse, type CalculatedFieldActionResponse, type SingleValueActionResponse, type ErrorResponse, prepareSuccessResponse, prepareErrorResponse } from './sdk-general';
|
|
7
7
|
export { type SaveOptions, getObject, getObjectAsObservable, getRelatedObjects, getRelatedObjectsAsObservable, getAccessibleObjects, getAccessibleObjectsAsObservable, getObjects, getObjectsAsObservable, saveObject, saveObjectAsObservable, saveRelatedObject, saveRelatedObjectAsObservable, deleteObject, deleteObjectAsObservable, deleteRelatedObject, deleteRelatedObjectAsObservable, deleteRelatedObjects, deleteRelatedObjectsAsObservable } from './data-crud';
|
|
8
|
-
export { type ScopeKeyItem, type Role, type BusinessPrivilege, type SandboxUser, type UserAccessWrapper, type
|
|
8
|
+
export { type ScopeKeyItem, type Role, type BusinessPrivilege, type SandboxUser, type UserAccessWrapper, type LinkUserProxyRequest, type UserProxyAccessRosterRow, type InviteOrLinkUserProxyByEmailRequest, type InviteOrLinkUserProxyAction, type InviteOrLinkUserProxyResult, type SetUserProxyRosterRolesRequest, type UpdateAccessRequest, type BusinessPrivilegeCheckResult, type CurrentBusinessPrivilegesResult, type DataElementAccessMode, type DataElementAccessResult, listRoles, listRolesAsObservable, listBusinessPrivileges, listBusinessPrivilegesAsObservable, listSandboxUsers, listSandboxUsersAsObservable, getUserAccess, getUserAccessAsObservable, linkUserProxy, linkUserProxyAsObservable, listUserProxyAccessRoster, listUserProxyAccessRosterAsObservable, inviteOrLinkUserProxyByEmail, inviteOrLinkUserProxyByEmailAsObservable, setUserProxyRosterRoles, setUserProxyRosterRolesAsObservable, updateUserAccess, updateUserAccessAsObservable, removeUserAccess, removeUserAccessAsObservable, hasBusinessPrivilege, hasBusinessPrivilegeAsObservable, userPrivileges, userPrivilegesAsObservable, dataElementAccess, dataElementAccessAsObservable, hasDataElementAccess, hasDataElementAccessAsObservable, canReadDataElement, canReadDataElementAsObservable, canWriteDataElement, canWriteDataElementAsObservable, canDeleteDataElement, canDeleteDataElementAsObservable, } from './access';
|
|
9
9
|
export { type ContentResource, getOrCreateResource, getOrCreateResourceAsObservable, saveResource, saveResourceAsObservable, sendFileContents, sendFileContentsAsObservable, createOrUpdateResource, createOrUpdateResourceAsObservable, downloadResource, downloadResourceAsObservable } from './content';
|
|
10
10
|
export { MessageMethod, type MessageRequest, sendMessage, sendMessageAsObservable } from './messaging';
|
|
11
11
|
export { getUserPreference, getOrganizationPreference, getUserPreferenceAsObservable, getOrganizationPreferenceAsObservable } from './preferences';
|