@keboola/api-client 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (221) hide show
  1. package/dist/ai/index.cjs +5 -201
  2. package/dist/ai/index.cjs.map +1 -1
  3. package/dist/ai/index.js +2 -201
  4. package/dist/ai/index.js.map +1 -1
  5. package/dist/assets/index.cjs +5 -180
  6. package/dist/assets/index.cjs.map +1 -1
  7. package/dist/assets/index.js +2 -180
  8. package/dist/assets/index.js.map +1 -1
  9. package/dist/chat/index.cjs +6 -422
  10. package/dist/chat/index.cjs.map +1 -1
  11. package/dist/chat/index.d.cts +1 -1
  12. package/dist/chat/index.d.ts +1 -1
  13. package/dist/chat/index.js +3 -422
  14. package/dist/chat/index.js.map +1 -1
  15. package/dist/chat/suggestions.cjs +70 -152
  16. package/dist/chat/suggestions.cjs.map +1 -1
  17. package/dist/chat/suggestions.js +1 -138
  18. package/dist/chat/suggestions.js.map +1 -1
  19. package/dist/chat/types.d.cts +1 -1
  20. package/dist/chat/types.d.ts +1 -1
  21. package/dist/chunk-345V46LR.cjs +934 -0
  22. package/dist/chunk-345V46LR.cjs.map +1 -0
  23. package/dist/chunk-3B7L6MCG.js +189 -0
  24. package/dist/chunk-3B7L6MCG.js.map +1 -0
  25. package/dist/chunk-3T54WH4X.cjs +42 -0
  26. package/dist/chunk-3T54WH4X.cjs.map +1 -0
  27. package/dist/chunk-3Y6NK7TC.js +34 -0
  28. package/dist/chunk-3Y6NK7TC.js.map +1 -0
  29. package/dist/chunk-4N7XBMWP.js +930 -0
  30. package/dist/chunk-4N7XBMWP.js.map +1 -0
  31. package/dist/chunk-4RC5E3SL.js +140 -0
  32. package/dist/chunk-4RC5E3SL.js.map +1 -0
  33. package/dist/chunk-633QJMHH.cjs +73 -0
  34. package/dist/chunk-633QJMHH.cjs.map +1 -0
  35. package/dist/chunk-6RQDX6JY.cjs +132 -0
  36. package/dist/chunk-6RQDX6JY.cjs.map +1 -0
  37. package/dist/chunk-76AHKXLC.cjs +29 -0
  38. package/dist/chunk-76AHKXLC.cjs.map +1 -0
  39. package/dist/chunk-7FY6COWG.js +71 -0
  40. package/dist/chunk-7FY6COWG.js.map +1 -0
  41. package/dist/chunk-7J2R6XHB.js +3 -0
  42. package/dist/chunk-7J2R6XHB.js.map +1 -0
  43. package/dist/chunk-BGLICNTG.cjs +33 -0
  44. package/dist/chunk-BGLICNTG.cjs.map +1 -0
  45. package/dist/chunk-BR3SBEFE.cjs +182 -0
  46. package/dist/chunk-BR3SBEFE.cjs.map +1 -0
  47. package/dist/chunk-CVV4HROS.cjs +37 -0
  48. package/dist/chunk-CVV4HROS.cjs.map +1 -0
  49. package/dist/chunk-DCTDH77P.cjs +277 -0
  50. package/dist/chunk-DCTDH77P.cjs.map +1 -0
  51. package/dist/chunk-EBCZUGUX.js +35 -0
  52. package/dist/chunk-EBCZUGUX.js.map +1 -0
  53. package/dist/chunk-EY5LALX2.cjs +26 -0
  54. package/dist/chunk-EY5LALX2.cjs.map +1 -0
  55. package/dist/chunk-FBQHHAL5.js +40 -0
  56. package/dist/chunk-FBQHHAL5.js.map +1 -0
  57. package/dist/chunk-GF4XZK5N.cjs +43 -0
  58. package/dist/chunk-GF4XZK5N.cjs.map +1 -0
  59. package/dist/chunk-GNPQB3MT.js +27 -0
  60. package/dist/chunk-GNPQB3MT.js.map +1 -0
  61. package/dist/chunk-GO6SOMGL.js +181 -0
  62. package/dist/chunk-GO6SOMGL.js.map +1 -0
  63. package/dist/chunk-HCNNMUTR.cjs +36 -0
  64. package/dist/chunk-HCNNMUTR.cjs.map +1 -0
  65. package/dist/chunk-HPVTVQBJ.cjs +238 -0
  66. package/dist/chunk-HPVTVQBJ.cjs.map +1 -0
  67. package/dist/chunk-HYUGRMCY.cjs +247 -0
  68. package/dist/chunk-HYUGRMCY.cjs.map +1 -0
  69. package/dist/chunk-IJMQCOBC.js +34 -0
  70. package/dist/chunk-IJMQCOBC.js.map +1 -0
  71. package/dist/chunk-IY3VNVXD.cjs +183 -0
  72. package/dist/chunk-IY3VNVXD.cjs.map +1 -0
  73. package/dist/chunk-JKFIB6SQ.cjs +685 -0
  74. package/dist/chunk-JKFIB6SQ.cjs.map +1 -0
  75. package/dist/chunk-JLNOESHX.cjs +47 -0
  76. package/dist/chunk-JLNOESHX.cjs.map +1 -0
  77. package/dist/chunk-JURD5MC3.js +178 -0
  78. package/dist/chunk-JURD5MC3.js.map +1 -0
  79. package/dist/chunk-LV3ZWNDC.js +75 -0
  80. package/dist/chunk-LV3ZWNDC.js.map +1 -0
  81. package/dist/chunk-LZ6A6J2E.cjs +77 -0
  82. package/dist/chunk-LZ6A6J2E.cjs.map +1 -0
  83. package/dist/chunk-OKVYLO6C.js +108 -0
  84. package/dist/chunk-OKVYLO6C.js.map +1 -0
  85. package/dist/chunk-PD3LJYS2.js +218 -0
  86. package/dist/chunk-PD3LJYS2.js.map +1 -0
  87. package/dist/chunk-PV4HIVW2.js +130 -0
  88. package/dist/chunk-PV4HIVW2.js.map +1 -0
  89. package/dist/chunk-R7PD3BRA.js +261 -0
  90. package/dist/chunk-R7PD3BRA.js.map +1 -0
  91. package/dist/chunk-SAEG42HW.js +64 -0
  92. package/dist/chunk-SAEG42HW.js.map +1 -0
  93. package/dist/chunk-TIIRBQUA.cjs +110 -0
  94. package/dist/chunk-TIIRBQUA.cjs.map +1 -0
  95. package/dist/chunk-TXFQ4YIK.js +31 -0
  96. package/dist/chunk-TXFQ4YIK.js.map +1 -0
  97. package/dist/chunk-U5SE6W5M.cjs +158 -0
  98. package/dist/chunk-U5SE6W5M.cjs.map +1 -0
  99. package/dist/chunk-UABYNGBZ.js +39 -0
  100. package/dist/chunk-UABYNGBZ.js.map +1 -0
  101. package/dist/chunk-UXF53ZOV.js +220 -0
  102. package/dist/chunk-UXF53ZOV.js.map +1 -0
  103. package/dist/chunk-VAOCYA6B.js +20 -0
  104. package/dist/chunk-VAOCYA6B.js.map +1 -0
  105. package/dist/chunk-VS5PM7KL.js +45 -0
  106. package/dist/chunk-VS5PM7KL.js.map +1 -0
  107. package/dist/chunk-WQ7EZWBF.js +24 -0
  108. package/dist/chunk-WQ7EZWBF.js.map +1 -0
  109. package/dist/chunk-XPDEQND7.cjs +4 -0
  110. package/dist/chunk-XPDEQND7.cjs.map +1 -0
  111. package/dist/chunk-XUDMML5C.cjs +211 -0
  112. package/dist/chunk-XUDMML5C.cjs.map +1 -0
  113. package/dist/chunk-YPCD7M2N.cjs +22 -0
  114. package/dist/chunk-YPCD7M2N.cjs.map +1 -0
  115. package/dist/chunk-YUEYMIMI.cjs +67 -0
  116. package/dist/chunk-YUEYMIMI.cjs.map +1 -0
  117. package/dist/chunk-YXCVNX2Q.cjs +36 -0
  118. package/dist/chunk-YXCVNX2Q.cjs.map +1 -0
  119. package/dist/chunk-ZEMKE6DI.js +681 -0
  120. package/dist/chunk-ZEMKE6DI.js.map +1 -0
  121. package/dist/dataScience/index.cjs +8 -412
  122. package/dist/dataScience/index.cjs.map +1 -1
  123. package/dist/dataScience/index.js +2 -391
  124. package/dist/dataScience/index.js.map +1 -1
  125. package/dist/domain/permissions/index.cjs +131 -2
  126. package/dist/domain/permissions/index.cjs.map +1 -1
  127. package/dist/domain/permissions/index.d.cts +108 -2
  128. package/dist/domain/permissions/index.d.ts +108 -2
  129. package/dist/domain/permissions/index.js +106 -3
  130. package/dist/domain/permissions/index.js.map +1 -1
  131. package/dist/editor/index.cjs +5 -264
  132. package/dist/editor/index.cjs.map +1 -1
  133. package/dist/editor/index.js +2 -264
  134. package/dist/editor/index.js.map +1 -1
  135. package/dist/encryption/index.cjs +5 -190
  136. package/dist/encryption/index.cjs.map +1 -1
  137. package/dist/encryption/index.js +2 -190
  138. package/dist/encryption/index.js.map +1 -1
  139. package/dist/import/index.cjs +5 -196
  140. package/dist/import/index.cjs.map +1 -1
  141. package/dist/import/index.js +2 -196
  142. package/dist/import/index.js.map +1 -1
  143. package/dist/index.cjs +314 -3569
  144. package/dist/index.cjs.map +1 -1
  145. package/dist/index.d.cts +2004 -105
  146. package/dist/index.d.ts +2004 -105
  147. package/dist/index.js +176 -3464
  148. package/dist/index.js.map +1 -1
  149. package/dist/management/index.cjs +10 -881
  150. package/dist/management/index.cjs.map +1 -1
  151. package/dist/management/index.js +3 -880
  152. package/dist/management/index.js.map +1 -1
  153. package/dist/metastore/index.cjs +5 -337
  154. package/dist/metastore/index.cjs.map +1 -1
  155. package/dist/metastore/index.js +2 -337
  156. package/dist/metastore/index.js.map +1 -1
  157. package/dist/oauth/index.cjs +5 -226
  158. package/dist/oauth/index.cjs.map +1 -1
  159. package/dist/oauth/index.js +2 -226
  160. package/dist/oauth/index.js.map +1 -1
  161. package/dist/project-Bzslbq4u.d.ts +16 -0
  162. package/dist/project-CYhB6rYN.d.cts +16 -0
  163. package/dist/queryService/index.cjs +5 -248
  164. package/dist/queryService/index.cjs.map +1 -1
  165. package/dist/queryService/index.js +2 -248
  166. package/dist/queryService/index.js.map +1 -1
  167. package/dist/queue/index.cjs +5 -190
  168. package/dist/queue/index.cjs.map +1 -1
  169. package/dist/queue/index.js +2 -190
  170. package/dist/queue/index.js.map +1 -1
  171. package/dist/sdk/configurations/index.d.cts +2 -12
  172. package/dist/sdk/configurations/index.d.ts +2 -12
  173. package/dist/sdk/storage/index.cjs +49 -248
  174. package/dist/sdk/storage/index.cjs.map +1 -1
  175. package/dist/sdk/storage/index.d.cts +2 -2
  176. package/dist/sdk/storage/index.d.ts +2 -2
  177. package/dist/sdk/storage/index.js +1 -240
  178. package/dist/sdk/storage/index.js.map +1 -1
  179. package/dist/sdk/tag/index.cjs +6 -203
  180. package/dist/sdk/tag/index.cjs.map +1 -1
  181. package/dist/sdk/tag/index.js +2 -206
  182. package/dist/sdk/tag/index.js.map +1 -1
  183. package/dist/status/index.cjs +6 -176
  184. package/dist/status/index.cjs.map +1 -1
  185. package/dist/status/index.js +3 -176
  186. package/dist/status/index.js.map +1 -1
  187. package/dist/status/types.cjs +2 -0
  188. package/dist/status/types.js +1 -1
  189. package/dist/storage/index.cjs +9 -1023
  190. package/dist/storage/index.cjs.map +1 -1
  191. package/dist/storage/index.d.cts +1 -1
  192. package/dist/storage/index.d.ts +1 -1
  193. package/dist/storage/index.js +3 -1023
  194. package/dist/storage/index.js.map +1 -1
  195. package/dist/storage/types.d.cts +68 -5
  196. package/dist/storage/types.d.ts +68 -5
  197. package/dist/{storageClient-C8LDO4gr.d.ts → storageClient-BicsbzZy.d.ts} +7 -1
  198. package/dist/{storageClient-D05fdGHW.d.cts → storageClient-CmK1LPHr.d.cts} +7 -1
  199. package/dist/storageSdk-BZ7ZW6_h.d.cts +143 -0
  200. package/dist/storageSdk-DCcD68FQ.d.ts +143 -0
  201. package/dist/syncActions/index.cjs +5 -364
  202. package/dist/syncActions/index.cjs.map +1 -1
  203. package/dist/syncActions/index.js +2 -345
  204. package/dist/syncActions/index.js.map +1 -1
  205. package/dist/telemetry/index.cjs +5 -187
  206. package/dist/telemetry/index.cjs.map +1 -1
  207. package/dist/telemetry/index.js +2 -187
  208. package/dist/telemetry/index.js.map +1 -1
  209. package/dist/{types-DJ6nbNq5.d.cts → types-CNkgmuhe.d.cts} +1 -1
  210. package/dist/{types-BjrNNn5I.d.ts → types-DzwzVgyG.d.ts} +1 -1
  211. package/dist/vault/index.cjs +5 -219
  212. package/dist/vault/index.cjs.map +1 -1
  213. package/dist/vault/index.js +2 -219
  214. package/dist/vault/index.js.map +1 -1
  215. package/dist/verify/index.cjs +5 -184
  216. package/dist/verify/index.cjs.map +1 -1
  217. package/dist/verify/index.js +2 -184
  218. package/dist/verify/index.js.map +1 -1
  219. package/package.json +1 -1
  220. package/dist/storageSdk-CX03lGn-.d.ts +0 -18
  221. package/dist/storageSdk-DZV4nB3o.d.cts +0 -18
@@ -1,5 +1,111 @@
1
+ import { S as StorageToken } from '../../types-DYMMsuU0.cjs';
2
+ export { h as hasAdminFeature, a as hasFeature } from '../../project-CYhB6rYN.cjs';
3
+
4
+ /**
5
+ * @module domain/permissions/errors
6
+ *
7
+ * Stable error contract for permission denials.
8
+ *
9
+ * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The
10
+ * three public fields are part of the SDK's published contract — consumers
11
+ * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`
12
+ * and surface `reason` in UI, so renames here are breaking changes.
13
+ *
14
+ * PII boundary on `subject`:
15
+ * `subject` is optional and intended for debugging hints only — admin id,
16
+ * role name, configuration id, branch id, etc. It MUST NOT carry the full
17
+ * `StorageToken`, raw tokens, secrets, or any value that could be logged or
18
+ * surfaced to a user without further redaction.
19
+ */
1
20
  declare class PermissionDeniedError extends Error {
2
- constructor(message: string);
21
+ readonly action: string;
22
+ readonly reason?: string;
23
+ readonly subject?: string;
24
+ constructor({ action, reason, subject }: {
25
+ action: string;
26
+ reason?: string;
27
+ subject?: string;
28
+ });
3
29
  }
4
30
 
5
- export { PermissionDeniedError };
31
+ /**
32
+ * @module domain/permissions/admin
33
+ *
34
+ * Baseline admin-role predicates. Token-only — depend purely on the admin
35
+ * role string carried in `StorageToken.admin.role`. Each predicate has an
36
+ * `assertCan*` pair that throws `PermissionDeniedError` with a stable
37
+ * kebab-case `action` field documented per pair.
38
+ */
39
+
40
+ declare const isAdmin: (token: StorageToken) => boolean;
41
+ declare const isAdminOrShare: (token: StorageToken) => boolean;
42
+ declare const isProductionManager: (token: StorageToken) => boolean;
43
+ declare const isDeveloperOrReviewer: (token: StorageToken) => boolean;
44
+ declare const assertCanAdmin: (token: StorageToken) => void;
45
+ declare const assertCanAdminOrShare: (token: StorageToken) => void;
46
+ declare const assertCanProductionManage: (token: StorageToken) => void;
47
+ declare const assertCanDevelopOrReview: (token: StorageToken) => void;
48
+
49
+ /**
50
+ * @module domain/permissions/configurations
51
+ *
52
+ * Predicate pairs guarding the Core SDK configuration workflow methods
53
+ * (create / copy / migrate-from-template / purge / assign-folder). Each
54
+ * predicate composes the baseline admin role predicates with the caller-
55
+ * supplied dev-mode flag from `ctx`.
56
+ *
57
+ * Rule shape:
58
+ * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a
59
+ * developer or reviewer.
60
+ * - In production (`ctx.isDevModeActive === false`) → caller must be a
61
+ * production manager.
62
+ * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.
63
+ * Purge is destructive and the situational base rule does not apply —
64
+ * `token.admin.role` is a single scalar, so requiring both "admin" and
65
+ * "developer/reviewer/productionManager" simultaneously would be an
66
+ * impossible conjunction. The `ctx` parameter is accepted for signature
67
+ * symmetry with the other configuration predicates and ignored.
68
+ *
69
+ * `ctx` is the trailing object argument convention for composed predicates;
70
+ * extra fields land here as future rules grow (see AGENTS.md).
71
+ */
72
+
73
+ /**
74
+ * Caller-supplied context for configuration predicates.
75
+ *
76
+ * @property isDevModeActive — `true` when the user is operating inside a
77
+ * development branch (any storage branch other than the protected default /
78
+ * production branch); `false` when operating on the default branch in
79
+ * production.
80
+ *
81
+ * How the caller determines this:
82
+ * - The active branch comes from the caller's own routing / app state
83
+ * (e.g. `/branch/:branchId` in kbc-ui).
84
+ * - A branch is "dev mode" when it is **not** the default branch returned by
85
+ * `apiClient.storage.devBranches.list()` (where `isDefault === true`).
86
+ * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`
87
+ * compared against the default branch id; the api-client itself stays
88
+ * isomorphic and never reads that state directly.
89
+ *
90
+ * Why it changes the rule:
91
+ * - In dev branches Keboola allows broader write access — `developer` and
92
+ * `reviewer` roles may create / copy / migrate configurations because the
93
+ * branch is sandboxed from production.
94
+ * - On the default branch only `productionManager` (or `admin`) may perform
95
+ * the same writes, since changes ship live to production.
96
+ */
97
+ type ConfigurationCtx = {
98
+ isDevModeActive: boolean;
99
+ };
100
+ declare const canCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
101
+ declare const canCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
102
+ declare const canMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
103
+ declare const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
104
+ declare const canAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
105
+ declare const assertCanCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
106
+ declare const assertCanCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
107
+ declare const assertCanMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => void;
108
+ declare const assertCanPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
109
+ declare const assertCanAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => void;
110
+
111
+ export { type ConfigurationCtx, PermissionDeniedError, assertCanAdmin, assertCanAdminOrShare, assertCanAssignFolder, assertCanCopyConfiguration, assertCanCreateConfiguration, assertCanDevelopOrReview, assertCanMigrateFromTemplate, assertCanProductionManage, assertCanPurgeConfiguration, canAssignFolder, canCopyConfiguration, canCreateConfiguration, canMigrateFromTemplate, canPurgeConfiguration, isAdmin, isAdminOrShare, isDeveloperOrReviewer, isProductionManager };
@@ -1,5 +1,111 @@
1
+ import { S as StorageToken } from '../../types-DYMMsuU0.js';
2
+ export { h as hasAdminFeature, a as hasFeature } from '../../project-Bzslbq4u.js';
3
+
4
+ /**
5
+ * @module domain/permissions/errors
6
+ *
7
+ * Stable error contract for permission denials.
8
+ *
9
+ * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The
10
+ * three public fields are part of the SDK's published contract — consumers
11
+ * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`
12
+ * and surface `reason` in UI, so renames here are breaking changes.
13
+ *
14
+ * PII boundary on `subject`:
15
+ * `subject` is optional and intended for debugging hints only — admin id,
16
+ * role name, configuration id, branch id, etc. It MUST NOT carry the full
17
+ * `StorageToken`, raw tokens, secrets, or any value that could be logged or
18
+ * surfaced to a user without further redaction.
19
+ */
1
20
  declare class PermissionDeniedError extends Error {
2
- constructor(message: string);
21
+ readonly action: string;
22
+ readonly reason?: string;
23
+ readonly subject?: string;
24
+ constructor({ action, reason, subject }: {
25
+ action: string;
26
+ reason?: string;
27
+ subject?: string;
28
+ });
3
29
  }
4
30
 
5
- export { PermissionDeniedError };
31
+ /**
32
+ * @module domain/permissions/admin
33
+ *
34
+ * Baseline admin-role predicates. Token-only — depend purely on the admin
35
+ * role string carried in `StorageToken.admin.role`. Each predicate has an
36
+ * `assertCan*` pair that throws `PermissionDeniedError` with a stable
37
+ * kebab-case `action` field documented per pair.
38
+ */
39
+
40
+ declare const isAdmin: (token: StorageToken) => boolean;
41
+ declare const isAdminOrShare: (token: StorageToken) => boolean;
42
+ declare const isProductionManager: (token: StorageToken) => boolean;
43
+ declare const isDeveloperOrReviewer: (token: StorageToken) => boolean;
44
+ declare const assertCanAdmin: (token: StorageToken) => void;
45
+ declare const assertCanAdminOrShare: (token: StorageToken) => void;
46
+ declare const assertCanProductionManage: (token: StorageToken) => void;
47
+ declare const assertCanDevelopOrReview: (token: StorageToken) => void;
48
+
49
+ /**
50
+ * @module domain/permissions/configurations
51
+ *
52
+ * Predicate pairs guarding the Core SDK configuration workflow methods
53
+ * (create / copy / migrate-from-template / purge / assign-folder). Each
54
+ * predicate composes the baseline admin role predicates with the caller-
55
+ * supplied dev-mode flag from `ctx`.
56
+ *
57
+ * Rule shape:
58
+ * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a
59
+ * developer or reviewer.
60
+ * - In production (`ctx.isDevModeActive === false`) → caller must be a
61
+ * production manager.
62
+ * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.
63
+ * Purge is destructive and the situational base rule does not apply —
64
+ * `token.admin.role` is a single scalar, so requiring both "admin" and
65
+ * "developer/reviewer/productionManager" simultaneously would be an
66
+ * impossible conjunction. The `ctx` parameter is accepted for signature
67
+ * symmetry with the other configuration predicates and ignored.
68
+ *
69
+ * `ctx` is the trailing object argument convention for composed predicates;
70
+ * extra fields land here as future rules grow (see AGENTS.md).
71
+ */
72
+
73
+ /**
74
+ * Caller-supplied context for configuration predicates.
75
+ *
76
+ * @property isDevModeActive — `true` when the user is operating inside a
77
+ * development branch (any storage branch other than the protected default /
78
+ * production branch); `false` when operating on the default branch in
79
+ * production.
80
+ *
81
+ * How the caller determines this:
82
+ * - The active branch comes from the caller's own routing / app state
83
+ * (e.g. `/branch/:branchId` in kbc-ui).
84
+ * - A branch is "dev mode" when it is **not** the default branch returned by
85
+ * `apiClient.storage.devBranches.list()` (where `isDefault === true`).
86
+ * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`
87
+ * compared against the default branch id; the api-client itself stays
88
+ * isomorphic and never reads that state directly.
89
+ *
90
+ * Why it changes the rule:
91
+ * - In dev branches Keboola allows broader write access — `developer` and
92
+ * `reviewer` roles may create / copy / migrate configurations because the
93
+ * branch is sandboxed from production.
94
+ * - On the default branch only `productionManager` (or `admin`) may perform
95
+ * the same writes, since changes ship live to production.
96
+ */
97
+ type ConfigurationCtx = {
98
+ isDevModeActive: boolean;
99
+ };
100
+ declare const canCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
101
+ declare const canCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
102
+ declare const canMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
103
+ declare const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
104
+ declare const canAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
105
+ declare const assertCanCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
106
+ declare const assertCanCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
107
+ declare const assertCanMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => void;
108
+ declare const assertCanPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
109
+ declare const assertCanAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => void;
110
+
111
+ export { type ConfigurationCtx, PermissionDeniedError, assertCanAdmin, assertCanAdminOrShare, assertCanAssignFolder, assertCanCopyConfiguration, assertCanCreateConfiguration, assertCanDevelopOrReview, assertCanMigrateFromTemplate, assertCanProductionManage, assertCanPurgeConfiguration, canAssignFolder, canCopyConfiguration, canCreateConfiguration, canMigrateFromTemplate, canPurgeConfiguration, isAdmin, isAdminOrShare, isDeveloperOrReviewer, isProductionManager };
@@ -1,11 +1,114 @@
1
+ export { hasAdminFeature, hasFeature } from '../../chunk-UABYNGBZ.js';
2
+
1
3
  // src/domain/permissions/errors.ts
2
4
  var PermissionDeniedError = class extends Error {
3
- constructor(message) {
4
- super(message);
5
+ action;
6
+ reason;
7
+ subject;
8
+ constructor({ action, reason, subject }) {
9
+ super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);
5
10
  this.name = "PermissionDeniedError";
11
+ this.action = action;
12
+ this.reason = reason;
13
+ this.subject = subject;
14
+ }
15
+ };
16
+
17
+ // src/domain/permissions/admin.ts
18
+ var AdminRoles = {
19
+ ADMIN: "admin",
20
+ SHARE: "share",
21
+ PRODUCTION_MANAGER: "productionManager",
22
+ DEVELOPER: "developer",
23
+ REVIEWER: "reviewer"
24
+ };
25
+ var role = (token) => token.admin.role;
26
+ var isAdmin = (token) => role(token) === AdminRoles.ADMIN;
27
+ var isAdminOrShare = (token) => role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;
28
+ var isProductionManager = (token) => role(token) === AdminRoles.PRODUCTION_MANAGER;
29
+ var isDeveloperOrReviewer = (token) => role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;
30
+ var assertCanAdmin = (token) => {
31
+ if (!isAdmin(token)) {
32
+ throw new PermissionDeniedError({
33
+ action: "admin",
34
+ reason: `role '${role(token)}' is not admin`
35
+ });
36
+ }
37
+ };
38
+ var assertCanAdminOrShare = (token) => {
39
+ if (!isAdminOrShare(token)) {
40
+ throw new PermissionDeniedError({
41
+ action: "admin-or-share",
42
+ reason: `role '${role(token)}' is not admin or share`
43
+ });
44
+ }
45
+ };
46
+ var assertCanProductionManage = (token) => {
47
+ if (!isProductionManager(token)) {
48
+ throw new PermissionDeniedError({
49
+ action: "production-manage",
50
+ reason: `role '${role(token)}' is not productionManager`
51
+ });
52
+ }
53
+ };
54
+ var assertCanDevelopOrReview = (token) => {
55
+ if (!isDeveloperOrReviewer(token)) {
56
+ throw new PermissionDeniedError({
57
+ action: "develop-or-review",
58
+ reason: `role '${role(token)}' is not developer or reviewer`
59
+ });
60
+ }
61
+ };
62
+
63
+ // src/domain/permissions/configurations.ts
64
+ var meetsBaseRule = (token, ctx) => ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);
65
+ var baseDenialReason = (ctx) => ctx.isDevModeActive ? "dev branch requires developer or reviewer role" : "production requires productionManager role";
66
+ var canCreateConfiguration = (token, ctx) => meetsBaseRule(token, ctx);
67
+ var canCopyConfiguration = (token, ctx) => meetsBaseRule(token, ctx);
68
+ var canMigrateFromTemplate = (token, ctx) => meetsBaseRule(token, ctx);
69
+ var canPurgeConfiguration = (token) => isAdmin(token);
70
+ var canAssignFolder = (token, ctx) => meetsBaseRule(token, ctx);
71
+ var assertCanCreateConfiguration = (token, ctx) => {
72
+ if (!canCreateConfiguration(token, ctx)) {
73
+ throw new PermissionDeniedError({
74
+ action: "create-configuration",
75
+ reason: baseDenialReason(ctx)
76
+ });
77
+ }
78
+ };
79
+ var assertCanCopyConfiguration = (token, ctx) => {
80
+ if (!canCopyConfiguration(token, ctx)) {
81
+ throw new PermissionDeniedError({
82
+ action: "copy-configuration",
83
+ reason: baseDenialReason(ctx)
84
+ });
85
+ }
86
+ };
87
+ var assertCanMigrateFromTemplate = (token, ctx) => {
88
+ if (!canMigrateFromTemplate(token, ctx)) {
89
+ throw new PermissionDeniedError({
90
+ action: "migrate-from-template",
91
+ reason: baseDenialReason(ctx)
92
+ });
93
+ }
94
+ };
95
+ var assertCanPurgeConfiguration = (token, ctx) => {
96
+ if (!canPurgeConfiguration(token)) {
97
+ throw new PermissionDeniedError({
98
+ action: "purge-configuration",
99
+ reason: "purge requires admin role"
100
+ });
101
+ }
102
+ };
103
+ var assertCanAssignFolder = (token, ctx) => {
104
+ if (!canAssignFolder(token, ctx)) {
105
+ throw new PermissionDeniedError({
106
+ action: "assign-folder",
107
+ reason: baseDenialReason(ctx)
108
+ });
6
109
  }
7
110
  };
8
111
 
9
- export { PermissionDeniedError };
112
+ export { PermissionDeniedError, assertCanAdmin, assertCanAdminOrShare, assertCanAssignFolder, assertCanCopyConfiguration, assertCanCreateConfiguration, assertCanDevelopOrReview, assertCanMigrateFromTemplate, assertCanProductionManage, assertCanPurgeConfiguration, canAssignFolder, canCopyConfiguration, canCreateConfiguration, canMigrateFromTemplate, canPurgeConfiguration, isAdmin, isAdminOrShare, isDeveloperOrReviewer, isProductionManager };
10
113
  //# sourceMappingURL=index.js.map
11
114
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/domain/permissions/errors.ts"],"names":[],"mappings":";AAAO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/C,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AAAA,EACd;AACF","file":"index.js","sourcesContent":["export class PermissionDeniedError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'PermissionDeniedError';\n }\n}\n"]}
1
+ {"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":[],"mappings":";;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;AChBA,IAAM,UAAA,GAAa;AAAA,EACjB,KAAA,EAAO,OAAA;AAAA,EACP,KAAA,EAAO,OAAA;AAAA,EACP,kBAAA,EAAoB,mBAAA;AAAA,EACpB,SAAA,EAAW,WAAA;AAAA,EACX,QAAA,EAAU;AACZ,CAAA;AAEA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAE7E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE1D,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAEtB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE9D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACXA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.js","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { PermissionDeniedError } from './errors';\n\nconst AdminRoles = {\n ADMIN: 'admin',\n SHARE: 'share',\n PRODUCTION_MANAGER: 'productionManager',\n DEVELOPER: 'developer',\n REVIEWER: 'reviewer',\n} as const;\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRoles.ADMIN;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRoles.PRODUCTION_MANAGER;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
@@ -1,272 +1,13 @@
1
1
  'use strict';
2
2
 
3
- var qs = require('qs');
3
+ var chunkTIIRBQUA_cjs = require('../chunk-TIIRBQUA.cjs');
4
+ require('../chunk-HPVTVQBJ.cjs');
4
5
 
5
- function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
6
6
 
7
- var qs__default = /*#__PURE__*/_interopDefault(qs);
8
7
 
9
- // src/errors/ApiError.ts
10
- var ApiError = class extends Error {
11
- response;
12
- request;
13
- data;
14
- constructor({ response, request, data }) {
15
- super(response.statusText);
16
- this.response = response;
17
- this.request = request;
18
- this.data = data;
19
- }
20
- };
21
-
22
- // src/constants.ts
23
- var HttpStatus = {
24
- NO_CONTENT: 204};
25
-
26
- // src/fetchClient/createFetchClient/utils.ts
27
- var HttpHeader = {
28
- CONTENT_TYPE: "content-type"};
29
- var HttpContentType = {
30
- JSON: "application/json"};
31
- var defaultValidateStatus = ({ response }) => response.status >= 200 && response.status <= 299;
32
- function removeUndefined(obj) {
33
- const objCopy = { ...obj };
34
- for (const [key, value] of Object.entries(objCopy)) {
35
- if (value == null) delete objCopy[key];
36
- }
37
- return objCopy;
38
- }
39
- var parseData = async (response) => {
40
- if (response.status === HttpStatus.NO_CONTENT) return null;
41
- const contentType = response.headers.get(HttpHeader.CONTENT_TYPE);
42
- if (contentType && contentType == HttpContentType.JSON) {
43
- return response.json();
44
- }
45
- const text = await response.text();
46
- try {
47
- return JSON.parse(text);
48
- } catch {
49
- return text;
50
- }
51
- };
52
- var cleanHeadersInit = (headersInit) => {
53
- if (Array.isArray(headersInit)) return headersInit;
54
- if (headersInit instanceof Headers) return headersInit;
55
- if (headersInit == null) return headersInit;
56
- return removeUndefined(headersInit);
57
- };
58
- var createHeaders = (headersInitA, headersInitB) => {
59
- const headersA = new Headers(cleanHeadersInit(headersInitA));
60
- const headersB = new Headers(cleanHeadersInit(headersInitB));
61
- headersB.forEach((value, key) => {
62
- headersA.set(key, value);
63
- });
64
- return headersA;
65
- };
66
- var createPath = (path, pathParam = {}) => path.replace(/\{([^}]+)}/g, (_, key) => {
67
- if (!(key in pathParam))
68
- throw new Error(`Path parameter "${key}" is missing in the path "${path}"`);
69
- return encodeURIComponent(pathParam[key]);
8
+ Object.defineProperty(exports, "createEditorClient", {
9
+ enumerable: true,
10
+ get: function () { return chunkTIIRBQUA_cjs.createEditorClient; }
70
11
  });
71
- var createSearch = (query, options = {}) => {
72
- return qs__default.default.stringify(query, {
73
- encodeValuesOnly: true,
74
- skipNulls: true,
75
- ...options
76
- });
77
- };
78
- var createBody = (body, headers) => {
79
- if (body == null) return null;
80
- if (body instanceof FormData) return body;
81
- if (typeof body === "string") return body;
82
- const stringifyBody = JSON.stringify(body);
83
- const stringBody = stringifyBody === "{}" ? null : stringifyBody;
84
- if (stringBody) headers.set(HttpHeader.CONTENT_TYPE, HttpContentType.JSON);
85
- return stringBody;
86
- };
87
- var createFetchRequest = ({
88
- url,
89
- method,
90
- params,
91
- options = {},
92
- defaultOptions
93
- }) => {
94
- const {
95
- baseUrl,
96
- validateStatus: defValidateStatus = defaultValidateStatus,
97
- headers: defaultHeaders,
98
- ...restDefaultOptions
99
- } = defaultOptions;
100
- const { validateStatus, queryArrayFormat, headers: endpointHeaders, ...restOptions } = options;
101
- const headers = createHeaders(defaultHeaders, endpointHeaders);
102
- const path = createPath(url, params.path);
103
- const search = createSearch(params.query ?? {}, { arrayFormat: queryArrayFormat });
104
- const body = createBody(params.body, headers);
105
- const urlInstance = new URL(baseUrl + path);
106
- urlInstance.search = search;
107
- const request = new Request(urlInstance, {
108
- ...restDefaultOptions,
109
- ...restOptions,
110
- headers,
111
- method: method.toUpperCase(),
112
- body
113
- });
114
- return { request, validateStatus: validateStatus ?? defValidateStatus };
115
- };
116
-
117
- // src/fetchClient/createFetchClient/createFetchClient.ts
118
- var isApiError = (error) => error instanceof ApiError;
119
- var createCoreFetch = (fetchFn) => async ({ request, validateStatus }) => {
120
- const response = await fetchFn(request);
121
- const data = await parseData(response);
122
- const apiResponse = {
123
- request,
124
- response,
125
- data
126
- };
127
- const boolOrError = validateStatus(apiResponse);
128
- if (isApiError(boolOrError)) throw boolOrError;
129
- if (!boolOrError) throw new ApiError(apiResponse);
130
- return apiResponse;
131
- };
132
- var createFetchClient = ({
133
- middlewares = [],
134
- ...defaultOptions
135
- }) => {
136
- const coreFetch = createCoreFetch(defaultOptions.fetchFn ?? fetch);
137
- const fetchWithMiddlewares = middlewares.reduceRight(
138
- (next, middleware) => middleware(next),
139
- coreFetch
140
- );
141
- const createFetchMethod = (method) => async (url, params, options = {}) => {
142
- const request = createFetchRequest({
143
- url,
144
- method,
145
- params,
146
- defaultOptions,
147
- options
148
- });
149
- const methodMiddlewares = options?.middlewares ?? [];
150
- return methodMiddlewares.reduceRight(
151
- (next, middleware) => middleware(next),
152
- fetchWithMiddlewares
153
- )(request);
154
- };
155
- return {
156
- get: createFetchMethod("get"),
157
- post: createFetchMethod("post"),
158
- put: createFetchMethod("put"),
159
- patch: createFetchMethod("patch"),
160
- delete: createFetchMethod("delete")
161
- };
162
- };
163
-
164
- // src/fetchClient/createOpenapiFetchClient.ts
165
- var createOpenapiFetchClient = (defaultOptions) => createFetchClient(defaultOptions);
166
-
167
- // src/clients/editor/editorClient.ts
168
- var createEditorClient = ({ baseUrl, middlewares }) => {
169
- const client = createOpenapiFetchClient({
170
- baseUrl,
171
- middlewares
172
- });
173
- const createSession = async (body) => {
174
- const { data } = await client.post("/sql/sessions", {
175
- body
176
- });
177
- return data;
178
- };
179
- const getSession = async ({ id }, signal) => {
180
- const { data } = await client.get(`/sql/sessions/{id}`, { path: { id } }, { signal });
181
- return data;
182
- };
183
- const getSessions = async (query, signal) => {
184
- const { data } = await client.get(`/sql/sessions`, { query }, { signal });
185
- return data;
186
- };
187
- const getSessionSchema = async ({
188
- id,
189
- onlyWorkspaceSchema = "1",
190
- loadTables = "1"
191
- }, signal) => {
192
- const { data } = await client.get(
193
- `/sql/sessions/{id}/schema`,
194
- {
195
- path: { id },
196
- query: { onlyWorkspaceSchema, loadTables }
197
- },
198
- { signal }
199
- );
200
- return data;
201
- };
202
- const createQueryJob = async ({ id }, body) => {
203
- const { data } = await client.post(`/sql/sessions/{id}/run-query`, {
204
- path: { id },
205
- body
206
- });
207
- return data;
208
- };
209
- const tablePreview = async ({ id }, body) => {
210
- const { data } = await client.post(`/sql/sessions/{id}/table-preview`, {
211
- path: { id },
212
- body
213
- });
214
- return data;
215
- };
216
- const tableDefinition = async ({ id, ...query }, signal) => {
217
- const { data } = await client.get(
218
- `/sql/sessions/{id}/table-ddl`,
219
- { path: { id }, query },
220
- { signal }
221
- );
222
- return data;
223
- };
224
- const load = async ({ id }, body) => {
225
- const { data } = await client.post(`/sql/sessions/{id}/load`, {
226
- path: { id },
227
- body
228
- });
229
- return data;
230
- };
231
- const unload = async ({ id }, body) => {
232
- const { data } = await client.post(`/sql/sessions/{id}/unload`, {
233
- path: { id },
234
- // BE error: The body is optional; however, without it, the request will fail with the message "Request content type must be application/json."
235
- // This is expected, as our client cannot correctly determine the content type without the body.
236
- // This issue should be addressed to indicate that the body is required in their Swagger schema.
237
- body: body ?? { tableId: null }
238
- });
239
- return data;
240
- };
241
- const resetWorkspacePassword = async (id) => {
242
- const { data } = await client.post(`/sql/sessions/{id}/reset-password`, {
243
- path: { id }
244
- });
245
- return data;
246
- };
247
- const getSessionCredentials = async (id, signal) => {
248
- const { data } = await client.get(
249
- `/sql/sessions/{id}/credentials`,
250
- { path: { id } },
251
- { signal }
252
- );
253
- return data;
254
- };
255
- return {
256
- createSession,
257
- getSession,
258
- getSessions,
259
- getSessionSchema,
260
- createQueryJob,
261
- tablePreview,
262
- tableDefinition,
263
- load,
264
- unload,
265
- resetWorkspacePassword,
266
- getSessionCredentials
267
- };
268
- };
269
-
270
- exports.createEditorClient = createEditorClient;
271
12
  //# sourceMappingURL=index.cjs.map
272
13
  //# sourceMappingURL=index.cjs.map