@icure/cardinal-sdk 2.1.3 → 2.3.1

package/api/ContactApi.d.mts

@@ -119,6 +119,18 @@ export interface ContactApi {
      *  of the contact.
      */
     decryptPatientIdOf(contact: Contact): Promise<Array<EntityReferenceInGroup>>;
+    /**
+     *
+     *  Attempts to extract the patient id linked to a service.
+     *  Note: services usually should be linked with only one patient, but this method returns a set for compatibility
+     *  with older versions of iCure
+     *  It is to be noted that only services returned by getServices, or filterServices method will have the metadata necessary
+     *  to deduce the patient id. In the case of services obtained directly from the Contact, you should use decryptPatientIdOf(Contact) instead.
+     *  @param service a service returned by getServices, or filterServices method.
+     *  @return the id of the patient linked to the service, or empty if the current user can't access any patient id
+     *  of the service.
+     */
+    decryptPatientIdOfService(service: Service): Promise<Array<EntityReferenceInGroup>>;
     /**
      *
      *  Create metadata to allow other users to identify the anonymous delegates of a contact.

package/api/ContactInGroupApi.d.mts

@@ -43,6 +43,11 @@ export interface ContactInGroupApi {
      *  In-group version of [ContactApi.decryptPatientIdOf]
      */
     decryptPatientIdOf(contact: GroupScoped<Contact>): Promise<Array<EntityReferenceInGroup>>;
+    /**
+     *
+     *  In-group version of [ContactApi.decryptPatientIdOfService]
+     */
+    decryptPatientIdOfService(service: GroupScoped<Service>): Promise<Array<EntityReferenceInGroup>>;
     /**
      *
      *  In-group version of [ContactApi.createDelegationDeAnonymizationMetadata]

package/api/GroupApi.d.mts

@@ -16,7 +16,6 @@ import { RoleConfiguration } from '../model/embed/RoleConfiguration.mjs';
 import { UserType } from '../model/embed/UserType.mjs';
 import { ExternalJwtConfig } from '../model/security/ExternalJwtConfig.mjs';
 import { Operation } from '../model/security/Operation.mjs';
-import { PermissionType } from '../model/security/PermissionType.mjs';
 export interface GroupApi {
     listGroups(): Promise<Array<Group>>;
     getGroup(id: string): Promise<Group>;
@@ -30,7 +29,6 @@ export interface GroupApi {
     }): Promise<Group>;
     registerNewGroupAdministrator(registrationInformation: RegistrationInformation, options?: {
         type?: GroupType | undefined;
-        role?: PermissionType | undefined;
     }): Promise<RegistrationSuccess>;
     listApps(): Promise<Array<Group>>;
     findGroups(id: string, options?: {

package/api/RecoveryApi.d.mts

@@ -26,23 +26,54 @@ export interface RecoveryApi {
      *
      *  # Important
      *
-     *  The recovery key must be kept secret can give access to the private key of the user, therefore it must be kept
-     *  private.
+     *  The recovery key can give access to the private key of the user, therefore it must be kept private.
      *
-     *  @param includeParentsKeys if true, the recovery data will also contain any available keypairs for parents data
-     *  owners.
+     *  @param includeParentsKeys if true, the recovery data will also contain any available keypairs for parents (direct
+     *  or indirect) data owners.
      *  @param lifetimeSeconds the amount of seconds the recovery data will be available. If not provided, the recovery
      *  data will be available until it is explicitly deleted.
      *  @param recoveryKeyOptions specifies the size of the recovery key to generate, or if it should use a precomputed
      *  key.
-     *  @return an hexadecimal string that is the `recoveryKey` which will allow the user to recover his keypair later or
-     *  from another device. This value must be kept secret from other users. You can use this value with {@link recoverKeyPairs}
+     *  @return a recovery key for the available keypairs
      */
     createRecoveryInfoForAvailableKeyPairs(options?: {
         includeParentsKeys?: boolean;
         lifetimeSeconds?: number | undefined;
         recoveryKeyOptions?: RecoveryKeyOptions | undefined;
     }): Promise<RecoveryDataKey>;
+    /**
+     *
+     *  Create recovery data containing available keypairs for a parent hcp of the logged user and stores it encrypted
+     *  on the iCure server, similarly to [createRecoveryInfoForAvailableKeyPairs].
+     *
+     *  Requires that the current user has the "RecoveryDataManagement.ExtendedCreate.ForParent" permission (or stronger),
+     *  and that the user for which the data is intended has the "RecoveryDataManagement.ExtendedRead.ForParent"
+     *
+     *  This can be used to let another user that is a child of the same [parentId] to initialize or recover the
+     *  existing keypairs of the parent data owner.
+     *
+     *  # Important
+     *
+     *   The recovery key can give access to the private key of the parent, therefore it must be kept private or shared
+     *   only with other users that have the same parent.
+     *
+     *  @param parentId the id of a parent of the current user's data owner
+     *  @param includeAncestorKeys if true, the recovery data will also contain any available keypairs for parents
+     *  (direct or indirect) of the [parentId] data owners.
+     *  @param lifetimeSeconds the amount of seconds the recovery data will be available. If not provided, the recovery
+     *  data will be available until it is explicitly deleted.
+     *  @param recoveryKeyOptions specifies the size of the recovery key to generate, or if it should use a precomputed
+     *  key.
+     *  @return a recovery key for the available parent keypairs.
+     *  @throws IllegalArgumentException if the provided [parentId] is not a parent of the current user's data owner, or
+     *  if the current data owner has no access to any of the parent keys (the sdk was not initialized in hierarchical
+     *  mode)
+     */
+    createRecoveryInfoForAvailableParentKeyPairs(parentId: string, options?: {
+        includeAncestorKeys?: boolean;
+        lifetimeSeconds?: number | undefined;
+        recoveryKeyOptions?: RecoveryKeyOptions | undefined;
+    }): Promise<RecoveryDataKey>;
     /**
      *
      *  Equivalent to [KeyPairRecoverer.recoverWithRecoveryKey]

package/api/UserApi.d.mts

@@ -32,11 +32,58 @@ export interface UserApi {
     filterUsersBySorted(filter: BaseSortableFilterOptions<User>): Promise<PaginatedListIterator<User>>;
     matchUsersBySorted(filter: BaseSortableFilterOptions<User>): Promise<Array<string>>;
     getMatchingUsers(): Promise<Array<UserGroup>>;
+    /**
+     *
+     *  Configures the roles of a user, replacing the previous ones.
+     *
+     *  By passing an empty list, the user will have no roles, and therefore no permissions. If you intend to change a
+     *  user roles so that it inherits the default roles of its group, you should use [resetUserRoles] instead.
+     */
     setUserRoles(userId: string, rolesIds: Array<string>): Promise<User>;
+    /**
+     *
+     *  If the user has any roles directly assigned to them, they will be removed, and the user will have the
+     *  default roles for its category as configured in its group.
+     *
+     *  This could increase or decrease the permissions of the user depending on the previous roles and the group
+     *  configuration.
+     */
     resetUserRoles(userId: string): Promise<User>;
     enable2faForUser(userId: string, request: Enable2faRequest): Promise<void>;
     disable2faForUser(userId: string): Promise<void>;
     createAdminUser(user: User): Promise<User>;
+    /**
+     *
+     *  Modify a user password. This method does not require knowing the previous user password so that it can be used
+     *  even as a "forgot password" flow, but is protected by the "elevated security" mechanism, so it should only be
+     *  used with a [com.icure.cardinal.sdk.auth.services.SmartAuthProvider] that can provide the required elevated
+     *  security token if needed.
+     *
+     *  This method should be favored over a simple [modifyUser] when changing the Password as it does not require knowing
+     *  the revision of the user directly, and can work even if there is a [com.icure.cardinal.sdk.auth.services.SmartAuthProvider]
+     *  that is modifying the user tokens when performing the request.
+     */
+    modifyUserPassword(userId: string, newPassword: string): Promise<User>;
+    /**
+     *
+     *  Modify a user email given its previous value, throwing a [RevisionConflictException] if the provided
+     *  [previousEmail] does not match the stored value.
+     *
+     *  This method should be favored over a simple [modifyUser] when changing the Email as it does not require knowing
+     *  the revision of the user directly, and can work even if there is a [com.icure.cardinal.sdk.auth.services.SmartAuthProvider]
+     *  that is modifying the user tokens when performing the request.
+     */
+    modifyUserEmail(userId: string, newEmail: string, previousEmail: string | undefined): Promise<User>;
+    /**
+     *
+     *  Modify a user mobile phone given its previous value, throwing a [RevisionConflictException] if the provided
+     *  [previousMobilePhone] does not match the stored value.
+     *
+     *  This method should be favored over a simple [modifyUser] when changing the MobilePhone as it does not require knowing
+     *  the revision of the user directly, and can work even if there is a [com.icure.cardinal.sdk.auth.services.SmartAuthProvider]
+     *  that is modifying the user tokens when performing the request.
+     */
+    modifyUserMobilePhone(userId: string, newMobilePhone: string, previousMobilePhone: string | undefined): Promise<User>;
     /**
      *
      *  Deletes a user. If you don't have write access to the user the method will fail.

package/api/UserInGroupApi.d.mts

@@ -28,7 +28,15 @@ export interface UserInGroupApi {
     matchUsersBy(groupId: string, filter: BaseFilterOptions<User>): Promise<Array<string>>;
     filterUsersBySorted(groupId: string, filter: BaseSortableFilterOptions<User>): Promise<PaginatedListIterator<GroupScoped<User>>>;
     matchUsersBySorted(groupId: string, filter: BaseSortableFilterOptions<User>): Promise<Array<string>>;
+    /**
+     *
+     *  In group equivalent of [UserApi.setUserRoles]
+     */
     setUserRoles(user: GroupScoped<User>, rolesIds: Array<string>): Promise<GroupScoped<User>>;
+    /**
+     *
+     *  In group equivalent of [UserApi.resetUserRoles]
+     */
     resetUserRoles(user: GroupScoped<User>): Promise<GroupScoped<User>>;
     getToken(userIdentifier: string, groupId: string, key: string, options?: {
         token?: string | undefined;
@@ -41,6 +49,21 @@ export interface UserInGroupApi {
     enable2faForUser(user: GroupScoped<User>, request: Enable2faRequest): Promise<void>;
     disable2faForUser(user: GroupScoped<User>): Promise<void>;
     createAdminUser(user: GroupScoped<User>): Promise<GroupScoped<User>>;
+    /**
+     *
+     *  In group equivalent of [UserApi.modifyUserPassword]
+     */
+    modifyUserPassword(groupId: string, userId: string, newPassword: string): Promise<GroupScoped<User>>;
+    /**
+     *
+     *  In group equivalent of [UserApi.modifyUserEmail]
+     */
+    modifyUserEmail(groupId: string, userId: string, newEmail: string, previousEmail: string | undefined): Promise<GroupScoped<User>>;
+    /**
+     *
+     *  In group equivalent of [UserApi.modifyUserMobilePhone]
+     */
+    modifyUserMobilePhone(groupId: string, userId: string, newMobilePhone: string, previousMobilePhone: string | undefined): Promise<GroupScoped<User>>;
     /**
      *
      *  Defines if a user inherits the permission they have in their group in all the groups that are children of their group.