@keboola/api-client 1.0.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (213) hide show
  1. package/dist/ai/index.cjs +5 -201
  2. package/dist/ai/index.cjs.map +1 -1
  3. package/dist/ai/index.js +2 -201
  4. package/dist/ai/index.js.map +1 -1
  5. package/dist/assets/index.cjs +5 -180
  6. package/dist/assets/index.cjs.map +1 -1
  7. package/dist/assets/index.js +2 -180
  8. package/dist/assets/index.js.map +1 -1
  9. package/dist/chat/index.cjs +6 -422
  10. package/dist/chat/index.cjs.map +1 -1
  11. package/dist/chat/index.js +3 -422
  12. package/dist/chat/index.js.map +1 -1
  13. package/dist/chat/suggestions.cjs +70 -152
  14. package/dist/chat/suggestions.cjs.map +1 -1
  15. package/dist/chat/suggestions.js +1 -138
  16. package/dist/chat/suggestions.js.map +1 -1
  17. package/dist/chunk-3B7L6MCG.js +189 -0
  18. package/dist/chunk-3B7L6MCG.js.map +1 -0
  19. package/dist/chunk-3T54WH4X.cjs +42 -0
  20. package/dist/chunk-3T54WH4X.cjs.map +1 -0
  21. package/dist/chunk-3Y6NK7TC.js +34 -0
  22. package/dist/chunk-3Y6NK7TC.js.map +1 -0
  23. package/dist/chunk-4RC5E3SL.js +140 -0
  24. package/dist/chunk-4RC5E3SL.js.map +1 -0
  25. package/dist/chunk-633QJMHH.cjs +73 -0
  26. package/dist/chunk-633QJMHH.cjs.map +1 -0
  27. package/dist/chunk-6RQDX6JY.cjs +132 -0
  28. package/dist/chunk-6RQDX6JY.cjs.map +1 -0
  29. package/dist/chunk-76AHKXLC.cjs +29 -0
  30. package/dist/chunk-76AHKXLC.cjs.map +1 -0
  31. package/dist/chunk-7FY6COWG.js +71 -0
  32. package/dist/chunk-7FY6COWG.js.map +1 -0
  33. package/dist/chunk-7J2R6XHB.js +3 -0
  34. package/dist/chunk-7J2R6XHB.js.map +1 -0
  35. package/dist/chunk-BGLICNTG.cjs +33 -0
  36. package/dist/chunk-BGLICNTG.cjs.map +1 -0
  37. package/dist/chunk-BR3SBEFE.cjs +182 -0
  38. package/dist/chunk-BR3SBEFE.cjs.map +1 -0
  39. package/dist/chunk-CVV4HROS.cjs +37 -0
  40. package/dist/chunk-CVV4HROS.cjs.map +1 -0
  41. package/dist/chunk-DCTDH77P.cjs +277 -0
  42. package/dist/chunk-DCTDH77P.cjs.map +1 -0
  43. package/dist/chunk-EBCZUGUX.js +35 -0
  44. package/dist/chunk-EBCZUGUX.js.map +1 -0
  45. package/dist/chunk-EY5LALX2.cjs +26 -0
  46. package/dist/chunk-EY5LALX2.cjs.map +1 -0
  47. package/dist/chunk-FBQHHAL5.js +40 -0
  48. package/dist/chunk-FBQHHAL5.js.map +1 -0
  49. package/dist/chunk-GF4XZK5N.cjs +43 -0
  50. package/dist/chunk-GF4XZK5N.cjs.map +1 -0
  51. package/dist/chunk-GNPQB3MT.js +27 -0
  52. package/dist/chunk-GNPQB3MT.js.map +1 -0
  53. package/dist/chunk-GO6SOMGL.js +181 -0
  54. package/dist/chunk-GO6SOMGL.js.map +1 -0
  55. package/dist/chunk-HCNNMUTR.cjs +36 -0
  56. package/dist/chunk-HCNNMUTR.cjs.map +1 -0
  57. package/dist/chunk-HPVTVQBJ.cjs +238 -0
  58. package/dist/chunk-HPVTVQBJ.cjs.map +1 -0
  59. package/dist/chunk-HYUGRMCY.cjs +247 -0
  60. package/dist/chunk-HYUGRMCY.cjs.map +1 -0
  61. package/dist/chunk-IJMQCOBC.js +34 -0
  62. package/dist/chunk-IJMQCOBC.js.map +1 -0
  63. package/dist/chunk-IY3VNVXD.cjs +183 -0
  64. package/dist/chunk-IY3VNVXD.cjs.map +1 -0
  65. package/dist/chunk-JKFIB6SQ.cjs +685 -0
  66. package/dist/chunk-JKFIB6SQ.cjs.map +1 -0
  67. package/dist/chunk-JLNOESHX.cjs +47 -0
  68. package/dist/chunk-JLNOESHX.cjs.map +1 -0
  69. package/dist/chunk-JURD5MC3.js +178 -0
  70. package/dist/chunk-JURD5MC3.js.map +1 -0
  71. package/dist/chunk-LV3ZWNDC.js +75 -0
  72. package/dist/chunk-LV3ZWNDC.js.map +1 -0
  73. package/dist/chunk-LZ6A6J2E.cjs +77 -0
  74. package/dist/chunk-LZ6A6J2E.cjs.map +1 -0
  75. package/dist/chunk-OKVYLO6C.js +108 -0
  76. package/dist/chunk-OKVYLO6C.js.map +1 -0
  77. package/dist/chunk-PD3LJYS2.js +218 -0
  78. package/dist/chunk-PD3LJYS2.js.map +1 -0
  79. package/dist/chunk-PV4HIVW2.js +130 -0
  80. package/dist/chunk-PV4HIVW2.js.map +1 -0
  81. package/dist/chunk-R7PD3BRA.js +261 -0
  82. package/dist/chunk-R7PD3BRA.js.map +1 -0
  83. package/dist/chunk-SAEG42HW.js +64 -0
  84. package/dist/chunk-SAEG42HW.js.map +1 -0
  85. package/dist/chunk-TIIRBQUA.cjs +110 -0
  86. package/dist/chunk-TIIRBQUA.cjs.map +1 -0
  87. package/dist/chunk-TNJWOHPM.js +948 -0
  88. package/dist/chunk-TNJWOHPM.js.map +1 -0
  89. package/dist/chunk-TXFQ4YIK.js +31 -0
  90. package/dist/chunk-TXFQ4YIK.js.map +1 -0
  91. package/dist/chunk-U5SE6W5M.cjs +158 -0
  92. package/dist/chunk-U5SE6W5M.cjs.map +1 -0
  93. package/dist/chunk-UABYNGBZ.js +39 -0
  94. package/dist/chunk-UABYNGBZ.js.map +1 -0
  95. package/dist/chunk-UXF53ZOV.js +220 -0
  96. package/dist/chunk-UXF53ZOV.js.map +1 -0
  97. package/dist/chunk-VAOCYA6B.js +20 -0
  98. package/dist/chunk-VAOCYA6B.js.map +1 -0
  99. package/dist/chunk-VS5PM7KL.js +45 -0
  100. package/dist/chunk-VS5PM7KL.js.map +1 -0
  101. package/dist/chunk-WQ7EZWBF.js +24 -0
  102. package/dist/chunk-WQ7EZWBF.js.map +1 -0
  103. package/dist/chunk-XFC52BJV.cjs +952 -0
  104. package/dist/chunk-XFC52BJV.cjs.map +1 -0
  105. package/dist/chunk-XPDEQND7.cjs +4 -0
  106. package/dist/chunk-XPDEQND7.cjs.map +1 -0
  107. package/dist/chunk-XUDMML5C.cjs +211 -0
  108. package/dist/chunk-XUDMML5C.cjs.map +1 -0
  109. package/dist/chunk-YPCD7M2N.cjs +22 -0
  110. package/dist/chunk-YPCD7M2N.cjs.map +1 -0
  111. package/dist/chunk-YUEYMIMI.cjs +67 -0
  112. package/dist/chunk-YUEYMIMI.cjs.map +1 -0
  113. package/dist/chunk-YXCVNX2Q.cjs +36 -0
  114. package/dist/chunk-YXCVNX2Q.cjs.map +1 -0
  115. package/dist/chunk-ZEMKE6DI.js +681 -0
  116. package/dist/chunk-ZEMKE6DI.js.map +1 -0
  117. package/dist/dataScience/index.cjs +8 -412
  118. package/dist/dataScience/index.cjs.map +1 -1
  119. package/dist/dataScience/index.js +2 -391
  120. package/dist/dataScience/index.js.map +1 -1
  121. package/dist/domain/permissions/index.cjs +131 -2
  122. package/dist/domain/permissions/index.cjs.map +1 -1
  123. package/dist/domain/permissions/index.d.cts +108 -2
  124. package/dist/domain/permissions/index.d.ts +108 -2
  125. package/dist/domain/permissions/index.js +106 -3
  126. package/dist/domain/permissions/index.js.map +1 -1
  127. package/dist/editor/index.cjs +5 -264
  128. package/dist/editor/index.cjs.map +1 -1
  129. package/dist/editor/index.js +2 -264
  130. package/dist/editor/index.js.map +1 -1
  131. package/dist/encryption/index.cjs +5 -190
  132. package/dist/encryption/index.cjs.map +1 -1
  133. package/dist/encryption/index.js +2 -190
  134. package/dist/encryption/index.js.map +1 -1
  135. package/dist/import/index.cjs +5 -196
  136. package/dist/import/index.cjs.map +1 -1
  137. package/dist/import/index.js +2 -196
  138. package/dist/import/index.js.map +1 -1
  139. package/dist/index.cjs +334 -3752
  140. package/dist/index.cjs.map +1 -1
  141. package/dist/index.d.cts +1814 -104
  142. package/dist/index.d.ts +1814 -104
  143. package/dist/index.js +176 -3627
  144. package/dist/index.js.map +1 -1
  145. package/dist/management/index.cjs +10 -881
  146. package/dist/management/index.cjs.map +1 -1
  147. package/dist/management/index.js +3 -880
  148. package/dist/management/index.js.map +1 -1
  149. package/dist/metastore/index.cjs +5 -337
  150. package/dist/metastore/index.cjs.map +1 -1
  151. package/dist/metastore/index.js +2 -337
  152. package/dist/metastore/index.js.map +1 -1
  153. package/dist/oauth/index.cjs +5 -226
  154. package/dist/oauth/index.cjs.map +1 -1
  155. package/dist/oauth/index.js +2 -226
  156. package/dist/oauth/index.js.map +1 -1
  157. package/dist/project-Bzslbq4u.d.ts +16 -0
  158. package/dist/project-CYhB6rYN.d.cts +16 -0
  159. package/dist/queryService/index.cjs +5 -248
  160. package/dist/queryService/index.cjs.map +1 -1
  161. package/dist/queryService/index.js +2 -248
  162. package/dist/queryService/index.js.map +1 -1
  163. package/dist/queue/index.cjs +5 -190
  164. package/dist/queue/index.cjs.map +1 -1
  165. package/dist/queue/index.js +2 -190
  166. package/dist/queue/index.js.map +1 -1
  167. package/dist/sdk/configurations/index.d.cts +2 -12
  168. package/dist/sdk/configurations/index.d.ts +2 -12
  169. package/dist/sdk/storage/index.cjs +49 -267
  170. package/dist/sdk/storage/index.cjs.map +1 -1
  171. package/dist/sdk/storage/index.d.cts +2 -2
  172. package/dist/sdk/storage/index.d.ts +2 -2
  173. package/dist/sdk/storage/index.js +1 -259
  174. package/dist/sdk/storage/index.js.map +1 -1
  175. package/dist/sdk/tag/index.cjs +6 -203
  176. package/dist/sdk/tag/index.cjs.map +1 -1
  177. package/dist/sdk/tag/index.js +2 -206
  178. package/dist/sdk/tag/index.js.map +1 -1
  179. package/dist/status/index.cjs +6 -176
  180. package/dist/status/index.cjs.map +1 -1
  181. package/dist/status/index.js +3 -176
  182. package/dist/status/index.js.map +1 -1
  183. package/dist/status/types.cjs +2 -0
  184. package/dist/status/types.js +1 -1
  185. package/dist/storage/index.cjs +9 -1110
  186. package/dist/storage/index.cjs.map +1 -1
  187. package/dist/storage/index.d.cts +1 -1
  188. package/dist/storage/index.d.ts +1 -1
  189. package/dist/storage/index.js +3 -1110
  190. package/dist/storage/index.js.map +1 -1
  191. package/dist/storage/types.d.cts +39 -2
  192. package/dist/storage/types.d.ts +39 -2
  193. package/dist/{storageClient-DrYOs4Xm.d.ts → storageClient-BgvUM7gy.d.ts} +4 -1
  194. package/dist/{storageClient-DSLTM3Cr.d.cts → storageClient-CDX-GvNV.d.cts} +4 -1
  195. package/dist/{storageSdk-BBqAo0Vx.d.cts → storageSdk-IOIdwqy-.d.cts} +1 -1
  196. package/dist/{storageSdk-ZVmKQQSl.d.ts → storageSdk-qGaWB1dy.d.ts} +1 -1
  197. package/dist/syncActions/index.cjs +5 -364
  198. package/dist/syncActions/index.cjs.map +1 -1
  199. package/dist/syncActions/index.js +2 -345
  200. package/dist/syncActions/index.js.map +1 -1
  201. package/dist/telemetry/index.cjs +5 -187
  202. package/dist/telemetry/index.cjs.map +1 -1
  203. package/dist/telemetry/index.js +2 -187
  204. package/dist/telemetry/index.js.map +1 -1
  205. package/dist/vault/index.cjs +5 -219
  206. package/dist/vault/index.cjs.map +1 -1
  207. package/dist/vault/index.js +2 -219
  208. package/dist/vault/index.js.map +1 -1
  209. package/dist/verify/index.cjs +5 -184
  210. package/dist/verify/index.cjs.map +1 -1
  211. package/dist/verify/index.js +2 -184
  212. package/dist/verify/index.js.map +1 -1
  213. package/package.json +1 -1
@@ -1,5 +1,111 @@
1
+ import { S as StorageToken } from '../../types-DYMMsuU0.cjs';
2
+ export { h as hasAdminFeature, a as hasFeature } from '../../project-CYhB6rYN.cjs';
3
+
4
+ /**
5
+ * @module domain/permissions/errors
6
+ *
7
+ * Stable error contract for permission denials.
8
+ *
9
+ * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The
10
+ * three public fields are part of the SDK's published contract — consumers
11
+ * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`
12
+ * and surface `reason` in UI, so renames here are breaking changes.
13
+ *
14
+ * PII boundary on `subject`:
15
+ * `subject` is optional and intended for debugging hints only — admin id,
16
+ * role name, configuration id, branch id, etc. It MUST NOT carry the full
17
+ * `StorageToken`, raw tokens, secrets, or any value that could be logged or
18
+ * surfaced to a user without further redaction.
19
+ */
1
20
  declare class PermissionDeniedError extends Error {
2
- constructor(message: string);
21
+ readonly action: string;
22
+ readonly reason?: string;
23
+ readonly subject?: string;
24
+ constructor({ action, reason, subject }: {
25
+ action: string;
26
+ reason?: string;
27
+ subject?: string;
28
+ });
3
29
  }
4
30
 
5
- export { PermissionDeniedError };
31
+ /**
32
+ * @module domain/permissions/admin
33
+ *
34
+ * Baseline admin-role predicates. Token-only — depend purely on the admin
35
+ * role string carried in `StorageToken.admin.role`. Each predicate has an
36
+ * `assertCan*` pair that throws `PermissionDeniedError` with a stable
37
+ * kebab-case `action` field documented per pair.
38
+ */
39
+
40
+ declare const isAdmin: (token: StorageToken) => boolean;
41
+ declare const isAdminOrShare: (token: StorageToken) => boolean;
42
+ declare const isProductionManager: (token: StorageToken) => boolean;
43
+ declare const isDeveloperOrReviewer: (token: StorageToken) => boolean;
44
+ declare const assertCanAdmin: (token: StorageToken) => void;
45
+ declare const assertCanAdminOrShare: (token: StorageToken) => void;
46
+ declare const assertCanProductionManage: (token: StorageToken) => void;
47
+ declare const assertCanDevelopOrReview: (token: StorageToken) => void;
48
+
49
+ /**
50
+ * @module domain/permissions/configurations
51
+ *
52
+ * Predicate pairs guarding the Core SDK configuration workflow methods
53
+ * (create / copy / migrate-from-template / purge / assign-folder). Each
54
+ * predicate composes the baseline admin role predicates with the caller-
55
+ * supplied dev-mode flag from `ctx`.
56
+ *
57
+ * Rule shape:
58
+ * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a
59
+ * developer or reviewer.
60
+ * - In production (`ctx.isDevModeActive === false`) → caller must be a
61
+ * production manager.
62
+ * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.
63
+ * Purge is destructive and the situational base rule does not apply —
64
+ * `token.admin.role` is a single scalar, so requiring both "admin" and
65
+ * "developer/reviewer/productionManager" simultaneously would be an
66
+ * impossible conjunction. The `ctx` parameter is accepted for signature
67
+ * symmetry with the other configuration predicates and ignored.
68
+ *
69
+ * `ctx` is the trailing object argument convention for composed predicates;
70
+ * extra fields land here as future rules grow (see AGENTS.md).
71
+ */
72
+
73
+ /**
74
+ * Caller-supplied context for configuration predicates.
75
+ *
76
+ * @property isDevModeActive — `true` when the user is operating inside a
77
+ * development branch (any storage branch other than the protected default /
78
+ * production branch); `false` when operating on the default branch in
79
+ * production.
80
+ *
81
+ * How the caller determines this:
82
+ * - The active branch comes from the caller's own routing / app state
83
+ * (e.g. `/branch/:branchId` in kbc-ui).
84
+ * - A branch is "dev mode" when it is **not** the default branch returned by
85
+ * `apiClient.storage.devBranches.list()` (where `isDefault === true`).
86
+ * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`
87
+ * compared against the default branch id; the api-client itself stays
88
+ * isomorphic and never reads that state directly.
89
+ *
90
+ * Why it changes the rule:
91
+ * - In dev branches Keboola allows broader write access — `developer` and
92
+ * `reviewer` roles may create / copy / migrate configurations because the
93
+ * branch is sandboxed from production.
94
+ * - On the default branch only `productionManager` (or `admin`) may perform
95
+ * the same writes, since changes ship live to production.
96
+ */
97
+ type ConfigurationCtx = {
98
+ isDevModeActive: boolean;
99
+ };
100
+ declare const canCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
101
+ declare const canCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
102
+ declare const canMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
103
+ declare const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
104
+ declare const canAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
105
+ declare const assertCanCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
106
+ declare const assertCanCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
107
+ declare const assertCanMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => void;
108
+ declare const assertCanPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
109
+ declare const assertCanAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => void;
110
+
111
+ export { type ConfigurationCtx, PermissionDeniedError, assertCanAdmin, assertCanAdminOrShare, assertCanAssignFolder, assertCanCopyConfiguration, assertCanCreateConfiguration, assertCanDevelopOrReview, assertCanMigrateFromTemplate, assertCanProductionManage, assertCanPurgeConfiguration, canAssignFolder, canCopyConfiguration, canCreateConfiguration, canMigrateFromTemplate, canPurgeConfiguration, isAdmin, isAdminOrShare, isDeveloperOrReviewer, isProductionManager };
@@ -1,5 +1,111 @@
1
+ import { S as StorageToken } from '../../types-DYMMsuU0.js';
2
+ export { h as hasAdminFeature, a as hasFeature } from '../../project-Bzslbq4u.js';
3
+
4
+ /**
5
+ * @module domain/permissions/errors
6
+ *
7
+ * Stable error contract for permission denials.
8
+ *
9
+ * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The
10
+ * three public fields are part of the SDK's published contract — consumers
11
+ * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`
12
+ * and surface `reason` in UI, so renames here are breaking changes.
13
+ *
14
+ * PII boundary on `subject`:
15
+ * `subject` is optional and intended for debugging hints only — admin id,
16
+ * role name, configuration id, branch id, etc. It MUST NOT carry the full
17
+ * `StorageToken`, raw tokens, secrets, or any value that could be logged or
18
+ * surfaced to a user without further redaction.
19
+ */
1
20
  declare class PermissionDeniedError extends Error {
2
- constructor(message: string);
21
+ readonly action: string;
22
+ readonly reason?: string;
23
+ readonly subject?: string;
24
+ constructor({ action, reason, subject }: {
25
+ action: string;
26
+ reason?: string;
27
+ subject?: string;
28
+ });
3
29
  }
4
30
 
5
- export { PermissionDeniedError };
31
+ /**
32
+ * @module domain/permissions/admin
33
+ *
34
+ * Baseline admin-role predicates. Token-only — depend purely on the admin
35
+ * role string carried in `StorageToken.admin.role`. Each predicate has an
36
+ * `assertCan*` pair that throws `PermissionDeniedError` with a stable
37
+ * kebab-case `action` field documented per pair.
38
+ */
39
+
40
+ declare const isAdmin: (token: StorageToken) => boolean;
41
+ declare const isAdminOrShare: (token: StorageToken) => boolean;
42
+ declare const isProductionManager: (token: StorageToken) => boolean;
43
+ declare const isDeveloperOrReviewer: (token: StorageToken) => boolean;
44
+ declare const assertCanAdmin: (token: StorageToken) => void;
45
+ declare const assertCanAdminOrShare: (token: StorageToken) => void;
46
+ declare const assertCanProductionManage: (token: StorageToken) => void;
47
+ declare const assertCanDevelopOrReview: (token: StorageToken) => void;
48
+
49
+ /**
50
+ * @module domain/permissions/configurations
51
+ *
52
+ * Predicate pairs guarding the Core SDK configuration workflow methods
53
+ * (create / copy / migrate-from-template / purge / assign-folder). Each
54
+ * predicate composes the baseline admin role predicates with the caller-
55
+ * supplied dev-mode flag from `ctx`.
56
+ *
57
+ * Rule shape:
58
+ * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a
59
+ * developer or reviewer.
60
+ * - In production (`ctx.isDevModeActive === false`) → caller must be a
61
+ * production manager.
62
+ * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.
63
+ * Purge is destructive and the situational base rule does not apply —
64
+ * `token.admin.role` is a single scalar, so requiring both "admin" and
65
+ * "developer/reviewer/productionManager" simultaneously would be an
66
+ * impossible conjunction. The `ctx` parameter is accepted for signature
67
+ * symmetry with the other configuration predicates and ignored.
68
+ *
69
+ * `ctx` is the trailing object argument convention for composed predicates;
70
+ * extra fields land here as future rules grow (see AGENTS.md).
71
+ */
72
+
73
+ /**
74
+ * Caller-supplied context for configuration predicates.
75
+ *
76
+ * @property isDevModeActive — `true` when the user is operating inside a
77
+ * development branch (any storage branch other than the protected default /
78
+ * production branch); `false` when operating on the default branch in
79
+ * production.
80
+ *
81
+ * How the caller determines this:
82
+ * - The active branch comes from the caller's own routing / app state
83
+ * (e.g. `/branch/:branchId` in kbc-ui).
84
+ * - A branch is "dev mode" when it is **not** the default branch returned by
85
+ * `apiClient.storage.devBranches.list()` (where `isDefault === true`).
86
+ * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`
87
+ * compared against the default branch id; the api-client itself stays
88
+ * isomorphic and never reads that state directly.
89
+ *
90
+ * Why it changes the rule:
91
+ * - In dev branches Keboola allows broader write access — `developer` and
92
+ * `reviewer` roles may create / copy / migrate configurations because the
93
+ * branch is sandboxed from production.
94
+ * - On the default branch only `productionManager` (or `admin`) may perform
95
+ * the same writes, since changes ship live to production.
96
+ */
97
+ type ConfigurationCtx = {
98
+ isDevModeActive: boolean;
99
+ };
100
+ declare const canCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
101
+ declare const canCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
102
+ declare const canMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
103
+ declare const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
104
+ declare const canAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => boolean;
105
+ declare const assertCanCreateConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
106
+ declare const assertCanCopyConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
107
+ declare const assertCanMigrateFromTemplate: (token: StorageToken, ctx: ConfigurationCtx) => void;
108
+ declare const assertCanPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => void;
109
+ declare const assertCanAssignFolder: (token: StorageToken, ctx: ConfigurationCtx) => void;
110
+
111
+ export { type ConfigurationCtx, PermissionDeniedError, assertCanAdmin, assertCanAdminOrShare, assertCanAssignFolder, assertCanCopyConfiguration, assertCanCreateConfiguration, assertCanDevelopOrReview, assertCanMigrateFromTemplate, assertCanProductionManage, assertCanPurgeConfiguration, canAssignFolder, canCopyConfiguration, canCreateConfiguration, canMigrateFromTemplate, canPurgeConfiguration, isAdmin, isAdminOrShare, isDeveloperOrReviewer, isProductionManager };
@@ -1,11 +1,114 @@
1
+ export { hasAdminFeature, hasFeature } from '../../chunk-UABYNGBZ.js';
2
+
1
3
  // src/domain/permissions/errors.ts
2
4
  var PermissionDeniedError = class extends Error {
3
- constructor(message) {
4
- super(message);
5
+ action;
6
+ reason;
7
+ subject;
8
+ constructor({ action, reason, subject }) {
9
+ super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);
5
10
  this.name = "PermissionDeniedError";
11
+ this.action = action;
12
+ this.reason = reason;
13
+ this.subject = subject;
14
+ }
15
+ };
16
+
17
+ // src/domain/permissions/admin.ts
18
+ var AdminRoles = {
19
+ ADMIN: "admin",
20
+ SHARE: "share",
21
+ PRODUCTION_MANAGER: "productionManager",
22
+ DEVELOPER: "developer",
23
+ REVIEWER: "reviewer"
24
+ };
25
+ var role = (token) => token.admin.role;
26
+ var isAdmin = (token) => role(token) === AdminRoles.ADMIN;
27
+ var isAdminOrShare = (token) => role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;
28
+ var isProductionManager = (token) => role(token) === AdminRoles.PRODUCTION_MANAGER;
29
+ var isDeveloperOrReviewer = (token) => role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;
30
+ var assertCanAdmin = (token) => {
31
+ if (!isAdmin(token)) {
32
+ throw new PermissionDeniedError({
33
+ action: "admin",
34
+ reason: `role '${role(token)}' is not admin`
35
+ });
36
+ }
37
+ };
38
+ var assertCanAdminOrShare = (token) => {
39
+ if (!isAdminOrShare(token)) {
40
+ throw new PermissionDeniedError({
41
+ action: "admin-or-share",
42
+ reason: `role '${role(token)}' is not admin or share`
43
+ });
44
+ }
45
+ };
46
+ var assertCanProductionManage = (token) => {
47
+ if (!isProductionManager(token)) {
48
+ throw new PermissionDeniedError({
49
+ action: "production-manage",
50
+ reason: `role '${role(token)}' is not productionManager`
51
+ });
52
+ }
53
+ };
54
+ var assertCanDevelopOrReview = (token) => {
55
+ if (!isDeveloperOrReviewer(token)) {
56
+ throw new PermissionDeniedError({
57
+ action: "develop-or-review",
58
+ reason: `role '${role(token)}' is not developer or reviewer`
59
+ });
60
+ }
61
+ };
62
+
63
+ // src/domain/permissions/configurations.ts
64
+ var meetsBaseRule = (token, ctx) => ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);
65
+ var baseDenialReason = (ctx) => ctx.isDevModeActive ? "dev branch requires developer or reviewer role" : "production requires productionManager role";
66
+ var canCreateConfiguration = (token, ctx) => meetsBaseRule(token, ctx);
67
+ var canCopyConfiguration = (token, ctx) => meetsBaseRule(token, ctx);
68
+ var canMigrateFromTemplate = (token, ctx) => meetsBaseRule(token, ctx);
69
+ var canPurgeConfiguration = (token) => isAdmin(token);
70
+ var canAssignFolder = (token, ctx) => meetsBaseRule(token, ctx);
71
+ var assertCanCreateConfiguration = (token, ctx) => {
72
+ if (!canCreateConfiguration(token, ctx)) {
73
+ throw new PermissionDeniedError({
74
+ action: "create-configuration",
75
+ reason: baseDenialReason(ctx)
76
+ });
77
+ }
78
+ };
79
+ var assertCanCopyConfiguration = (token, ctx) => {
80
+ if (!canCopyConfiguration(token, ctx)) {
81
+ throw new PermissionDeniedError({
82
+ action: "copy-configuration",
83
+ reason: baseDenialReason(ctx)
84
+ });
85
+ }
86
+ };
87
+ var assertCanMigrateFromTemplate = (token, ctx) => {
88
+ if (!canMigrateFromTemplate(token, ctx)) {
89
+ throw new PermissionDeniedError({
90
+ action: "migrate-from-template",
91
+ reason: baseDenialReason(ctx)
92
+ });
93
+ }
94
+ };
95
+ var assertCanPurgeConfiguration = (token, ctx) => {
96
+ if (!canPurgeConfiguration(token)) {
97
+ throw new PermissionDeniedError({
98
+ action: "purge-configuration",
99
+ reason: "purge requires admin role"
100
+ });
101
+ }
102
+ };
103
+ var assertCanAssignFolder = (token, ctx) => {
104
+ if (!canAssignFolder(token, ctx)) {
105
+ throw new PermissionDeniedError({
106
+ action: "assign-folder",
107
+ reason: baseDenialReason(ctx)
108
+ });
6
109
  }
7
110
  };
8
111
 
9
- export { PermissionDeniedError };
112
+ export { PermissionDeniedError, assertCanAdmin, assertCanAdminOrShare, assertCanAssignFolder, assertCanCopyConfiguration, assertCanCreateConfiguration, assertCanDevelopOrReview, assertCanMigrateFromTemplate, assertCanProductionManage, assertCanPurgeConfiguration, canAssignFolder, canCopyConfiguration, canCreateConfiguration, canMigrateFromTemplate, canPurgeConfiguration, isAdmin, isAdminOrShare, isDeveloperOrReviewer, isProductionManager };
10
113
  //# sourceMappingURL=index.js.map
11
114
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/domain/permissions/errors.ts"],"names":[],"mappings":";AAAO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/C,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AAAA,EACd;AACF","file":"index.js","sourcesContent":["export class PermissionDeniedError extends Error {\n constructor(message: string) {\n super(message);\n this.name = 'PermissionDeniedError';\n }\n}\n"]}
1
+ {"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":[],"mappings":";;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;AChBA,IAAM,UAAA,GAAa;AAAA,EACjB,KAAA,EAAO,OAAA;AAAA,EACP,KAAA,EAAO,OAAA;AAAA,EACP,kBAAA,EAAoB,mBAAA;AAAA,EACpB,SAAA,EAAW,WAAA;AAAA,EACX,QAAA,EAAU;AACZ,CAAA;AAEA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAE7E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE1D,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAEtB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE9D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACXA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.js","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { PermissionDeniedError } from './errors';\n\nconst AdminRoles = {\n ADMIN: 'admin',\n SHARE: 'share',\n PRODUCTION_MANAGER: 'productionManager',\n DEVELOPER: 'developer',\n REVIEWER: 'reviewer',\n} as const;\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRoles.ADMIN;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRoles.PRODUCTION_MANAGER;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
@@ -1,272 +1,13 @@
1
1
  'use strict';
2
2
 
3
- var qs = require('qs');
3
+ var chunkTIIRBQUA_cjs = require('../chunk-TIIRBQUA.cjs');
4
+ require('../chunk-HPVTVQBJ.cjs');
4
5
 
5
- function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
6
6
 
7
- var qs__default = /*#__PURE__*/_interopDefault(qs);
8
7
 
9
- // src/errors/ApiError.ts
10
- var ApiError = class extends Error {
11
- response;
12
- request;
13
- data;
14
- constructor({ response, request, data }) {
15
- super(response.statusText);
16
- this.response = response;
17
- this.request = request;
18
- this.data = data;
19
- }
20
- };
21
-
22
- // src/constants.ts
23
- var HttpStatus = {
24
- NO_CONTENT: 204};
25
-
26
- // src/fetchClient/createFetchClient/utils.ts
27
- var HttpHeader = {
28
- CONTENT_TYPE: "content-type"};
29
- var HttpContentType = {
30
- JSON: "application/json"};
31
- var defaultValidateStatus = ({ response }) => response.status >= 200 && response.status <= 299;
32
- function removeUndefined(obj) {
33
- const objCopy = { ...obj };
34
- for (const [key, value] of Object.entries(objCopy)) {
35
- if (value == null) delete objCopy[key];
36
- }
37
- return objCopy;
38
- }
39
- var parseData = async (response) => {
40
- if (response.status === HttpStatus.NO_CONTENT) return null;
41
- const contentType = response.headers.get(HttpHeader.CONTENT_TYPE);
42
- if (contentType && contentType == HttpContentType.JSON) {
43
- return response.json();
44
- }
45
- const text = await response.text();
46
- try {
47
- return JSON.parse(text);
48
- } catch {
49
- return text;
50
- }
51
- };
52
- var cleanHeadersInit = (headersInit) => {
53
- if (Array.isArray(headersInit)) return headersInit;
54
- if (headersInit instanceof Headers) return headersInit;
55
- if (headersInit == null) return headersInit;
56
- return removeUndefined(headersInit);
57
- };
58
- var createHeaders = (headersInitA, headersInitB) => {
59
- const headersA = new Headers(cleanHeadersInit(headersInitA));
60
- const headersB = new Headers(cleanHeadersInit(headersInitB));
61
- headersB.forEach((value, key) => {
62
- headersA.set(key, value);
63
- });
64
- return headersA;
65
- };
66
- var createPath = (path, pathParam = {}) => path.replace(/\{([^}]+)}/g, (_, key) => {
67
- if (!(key in pathParam))
68
- throw new Error(`Path parameter "${key}" is missing in the path "${path}"`);
69
- return encodeURIComponent(pathParam[key]);
8
+ Object.defineProperty(exports, "createEditorClient", {
9
+ enumerable: true,
10
+ get: function () { return chunkTIIRBQUA_cjs.createEditorClient; }
70
11
  });
71
- var createSearch = (query, options = {}) => {
72
- return qs__default.default.stringify(query, {
73
- encodeValuesOnly: true,
74
- skipNulls: true,
75
- ...options
76
- });
77
- };
78
- var createBody = (body, headers) => {
79
- if (body == null) return null;
80
- if (body instanceof FormData) return body;
81
- if (typeof body === "string") return body;
82
- const stringifyBody = JSON.stringify(body);
83
- const stringBody = stringifyBody === "{}" ? null : stringifyBody;
84
- if (stringBody) headers.set(HttpHeader.CONTENT_TYPE, HttpContentType.JSON);
85
- return stringBody;
86
- };
87
- var createFetchRequest = ({
88
- url,
89
- method,
90
- params,
91
- options = {},
92
- defaultOptions
93
- }) => {
94
- const {
95
- baseUrl,
96
- validateStatus: defValidateStatus = defaultValidateStatus,
97
- headers: defaultHeaders,
98
- ...restDefaultOptions
99
- } = defaultOptions;
100
- const { validateStatus, queryArrayFormat, headers: endpointHeaders, ...restOptions } = options;
101
- const headers = createHeaders(defaultHeaders, endpointHeaders);
102
- const path = createPath(url, params.path);
103
- const search = createSearch(params.query ?? {}, { arrayFormat: queryArrayFormat });
104
- const body = createBody(params.body, headers);
105
- const urlInstance = new URL(baseUrl + path);
106
- urlInstance.search = search;
107
- const request = new Request(urlInstance, {
108
- ...restDefaultOptions,
109
- ...restOptions,
110
- headers,
111
- method: method.toUpperCase(),
112
- body
113
- });
114
- return { request, validateStatus: validateStatus ?? defValidateStatus };
115
- };
116
-
117
- // src/fetchClient/createFetchClient/createFetchClient.ts
118
- var isApiError = (error) => error instanceof ApiError;
119
- var createCoreFetch = (fetchFn) => async ({ request, validateStatus }) => {
120
- const response = await fetchFn(request);
121
- const data = await parseData(response);
122
- const apiResponse = {
123
- request,
124
- response,
125
- data
126
- };
127
- const boolOrError = validateStatus(apiResponse);
128
- if (isApiError(boolOrError)) throw boolOrError;
129
- if (!boolOrError) throw new ApiError(apiResponse);
130
- return apiResponse;
131
- };
132
- var createFetchClient = ({
133
- middlewares = [],
134
- ...defaultOptions
135
- }) => {
136
- const coreFetch = createCoreFetch(defaultOptions.fetchFn ?? fetch);
137
- const fetchWithMiddlewares = middlewares.reduceRight(
138
- (next, middleware) => middleware(next),
139
- coreFetch
140
- );
141
- const createFetchMethod = (method) => async (url, params, options = {}) => {
142
- const request = createFetchRequest({
143
- url,
144
- method,
145
- params,
146
- defaultOptions,
147
- options
148
- });
149
- const methodMiddlewares = options?.middlewares ?? [];
150
- return methodMiddlewares.reduceRight(
151
- (next, middleware) => middleware(next),
152
- fetchWithMiddlewares
153
- )(request);
154
- };
155
- return {
156
- get: createFetchMethod("get"),
157
- post: createFetchMethod("post"),
158
- put: createFetchMethod("put"),
159
- patch: createFetchMethod("patch"),
160
- delete: createFetchMethod("delete")
161
- };
162
- };
163
-
164
- // src/fetchClient/createOpenapiFetchClient.ts
165
- var createOpenapiFetchClient = (defaultOptions) => createFetchClient(defaultOptions);
166
-
167
- // src/clients/editor/editorClient.ts
168
- var createEditorClient = ({ baseUrl, middlewares }) => {
169
- const client = createOpenapiFetchClient({
170
- baseUrl,
171
- middlewares
172
- });
173
- const createSession = async (body) => {
174
- const { data } = await client.post("/sql/sessions", {
175
- body
176
- });
177
- return data;
178
- };
179
- const getSession = async ({ id }, signal) => {
180
- const { data } = await client.get(`/sql/sessions/{id}`, { path: { id } }, { signal });
181
- return data;
182
- };
183
- const getSessions = async (query, signal) => {
184
- const { data } = await client.get(`/sql/sessions`, { query }, { signal });
185
- return data;
186
- };
187
- const getSessionSchema = async ({
188
- id,
189
- onlyWorkspaceSchema = "1",
190
- loadTables = "1"
191
- }, signal) => {
192
- const { data } = await client.get(
193
- `/sql/sessions/{id}/schema`,
194
- {
195
- path: { id },
196
- query: { onlyWorkspaceSchema, loadTables }
197
- },
198
- { signal }
199
- );
200
- return data;
201
- };
202
- const createQueryJob = async ({ id }, body) => {
203
- const { data } = await client.post(`/sql/sessions/{id}/run-query`, {
204
- path: { id },
205
- body
206
- });
207
- return data;
208
- };
209
- const tablePreview = async ({ id }, body) => {
210
- const { data } = await client.post(`/sql/sessions/{id}/table-preview`, {
211
- path: { id },
212
- body
213
- });
214
- return data;
215
- };
216
- const tableDefinition = async ({ id, ...query }, signal) => {
217
- const { data } = await client.get(
218
- `/sql/sessions/{id}/table-ddl`,
219
- { path: { id }, query },
220
- { signal }
221
- );
222
- return data;
223
- };
224
- const load = async ({ id }, body) => {
225
- const { data } = await client.post(`/sql/sessions/{id}/load`, {
226
- path: { id },
227
- body
228
- });
229
- return data;
230
- };
231
- const unload = async ({ id }, body) => {
232
- const { data } = await client.post(`/sql/sessions/{id}/unload`, {
233
- path: { id },
234
- // BE error: The body is optional; however, without it, the request will fail with the message "Request content type must be application/json."
235
- // This is expected, as our client cannot correctly determine the content type without the body.
236
- // This issue should be addressed to indicate that the body is required in their Swagger schema.
237
- body: body ?? { tableId: null }
238
- });
239
- return data;
240
- };
241
- const resetWorkspacePassword = async (id) => {
242
- const { data } = await client.post(`/sql/sessions/{id}/reset-password`, {
243
- path: { id }
244
- });
245
- return data;
246
- };
247
- const getSessionCredentials = async (id, signal) => {
248
- const { data } = await client.get(
249
- `/sql/sessions/{id}/credentials`,
250
- { path: { id } },
251
- { signal }
252
- );
253
- return data;
254
- };
255
- return {
256
- createSession,
257
- getSession,
258
- getSessions,
259
- getSessionSchema,
260
- createQueryJob,
261
- tablePreview,
262
- tableDefinition,
263
- load,
264
- unload,
265
- resetWorkspacePassword,
266
- getSessionCredentials
267
- };
268
- };
269
-
270
- exports.createEditorClient = createEditorClient;
271
12
  //# sourceMappingURL=index.cjs.map
272
13
  //# sourceMappingURL=index.cjs.map