npm - @lightdash/common - Versions diffs - 0.1930.2 → 0.1931.0 - Mend

@lightdash/common 0.1930.2 → 0.1931.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/dist/cjs/types/scopes.d.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import { type SnakeCase } from 'type-fest';
 import { type AbilityAction, type CaslSubjectNames } from '../authorization/types';
 /**
  * Scope groups to organize permissions in the UI for admins.
@@ -12,14 +11,38 @@ export declare enum ScopeGroup {
     AI = "ai",
     SPOTLIGHT = "spotlight"
 }
+/**
+ * Context given to scope getCondition functions
+ */
+export type ScopeContext = {
+    organizationUuid: string;
+    projectUuid: string;
+    userUuid?: string;
+    /** The scopes available to the current user */
+    scopes: Set<ScopeName>;
+    isEnterprise: boolean;
+    /** The user's role name in the organization (for dynamic permission logic) */
+    organizationRole: string;
+    /** Configuration for dynamic permissions like PAT */
+    permissionsConfig?: {
+        pat: {
+            enabled: boolean;
+            allowedOrgRoles: string[];
+        };
+    };
+};
+/**
+ * The name of the scope, based on ability and subject (e.g. "create:project")
+ */
+export type ScopeName = `${AbilityAction}:${CaslSubjectNames}`;
 /**
  * A scope defines a specific permission in the system
  */
 export type Scope = {
     /**
-     * The name of the scope, based on ability and subject (e.g. "create:project")
+     * The name of the scope, based on ability and subject (e.g. "create:Project")
      */
-    name: Lowercase<`${AbilityAction}:${SnakeCase<CaslSubjectNames>}`>;
+    name: ScopeName;
     /**
      * A helpful description of the permission
      */
@@ -32,5 +55,9 @@ export type Scope = {
      * The grouping from the ScopeGroup enum
      */
     group: ScopeGroup;
+    /**
+     * Get the conditions to be applied to the CASL ability derived from the scope
+     */
+    getConditions?: (context: ScopeContext) => Record<string, unknown>[];
 };
 //# sourceMappingURL=scopes.d.ts.map

package/dist/cjs/types/scopes.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"scopes.d.ts","sourceRoot":"","sources":["../../../src/types/scopes.ts"],"names":[],"mappings":"AAAA,OAAO,~~EAAE,KAAK,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,~~EACH,KAAK,aAAa,EAClB,KAAK,gBAAgB,EACxB,MAAM,wBAAwB,CAAC;AAEhC;;GAEG;AACH,oBAAY,UAAU;IAClB,OAAO,YAAY;IACnB,kBAAkB,uBAAuB;IACzC,uBAAuB,4BAA4B;IACnD,IAAI,SAAS;IACb,OAAO,YAAY;IACnB,EAAE,OAAO;IACT,SAAS,cAAc;CAC1B;AAED;;GAEG;AACH,MAAM,MAAM,~~KAAK~~,GAAG;~~IAChB;;OAEG~~;~~IACH~~,~~IAAI~~,EAAE,~~SAAS~~,CAAC,GAAG,~~aAAa~~,~~IAAI,~~SAAS,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;~~IACnE~~;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,YAAY,EAAE,OAAO,CAAC;IACtB;;OAEG;IACH,KAAK,EAAE,UAAU,CAAC;~~CACrB~~,CAAC"}
1	+ {"version":3,"file":"scopes.d.ts","sourceRoot":"","sources":["../../../src/types/scopes.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,aAAa,EAClB,KAAK,gBAAgB,EACxB,MAAM,wBAAwB,CAAC;AAEhC;;GAEG;AACH,oBAAY,UAAU;IAClB,OAAO,YAAY;IACnB,kBAAkB,uBAAuB;IACzC,uBAAuB,4BAA4B;IACnD,IAAI,SAAS;IACb,OAAO,YAAY;IACnB,EAAE,OAAO;IACT,SAAS,cAAc;CAC1B;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IACvB,YAAY,EAAE,OAAO,CAAC;IACtB,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,GAAG,aAAa,IAAI,gBAAgB,EAAE,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,KAAK,GAAG;IAChB;;OAEG;IACH,IAAI,EAAE,SAAS,CAAC;IAChB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,YAAY,EAAE,OAAO,CAAC;IACtB;;OAEG;IACH,KAAK,EAAE,UAAU,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,YAAY,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;CACxE,CAAC"}

package/dist/cjs/types/scopes.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"scopes.js","sourceRoot":"","sources":["../../../src/types/scopes.ts"],"names":[],"mappings":";;;~~AAMA~~;;GAEG;AACH,IAAY,UAQX;AARD,WAAY,UAAU;IAClB,iCAAmB,CAAA;IACnB,uDAAyC,CAAA;IACzC,iEAAmD,CAAA;IACnD,2BAAa,CAAA;IACb,iCAAmB,CAAA;IACnB,uBAAS,CAAA;IACT,qCAAuB,CAAA;AAC3B,CAAC,EARW,UAAU,0BAAV,UAAU,QAQrB"}
1	+ {"version":3,"file":"scopes.js","sourceRoot":"","sources":["../../../src/types/scopes.ts"],"names":[],"mappings":";;;AAKA;;GAEG;AACH,IAAY,UAQX;AARD,WAAY,UAAU;IAClB,iCAAmB,CAAA;IACnB,uDAAyC,CAAA;IACzC,iEAAmD,CAAA;IACnD,2BAAa,CAAA;IACb,iCAAmB,CAAA;IACnB,uBAAS,CAAA;IACT,qCAAuB,CAAA;AAC3B,CAAC,EARW,UAAU,0BAAV,UAAU,QAQrB"}

package/dist/esm/authorization/parseScopes.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { type ScopeName } from '../types/scopes';
+import { type AbilityAction, type CaslSubjectNames } from './types';
+export declare const parseScope: (scope: string) => [AbilityAction, CaslSubjectNames];
+export declare const parseScopes: ({ scopes, isEnterprise, }: {
+    scopes: string[];
+    isEnterprise: boolean;
+}) => Set<ScopeName>;
+//# sourceMappingURL=parseScopes.d.ts.map

package/dist/esm/authorization/parseScopes.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseScopes.d.ts","sourceRoot":"","sources":["../../../src/authorization/parseScopes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEpE,eAAO,MAAM,UAAU,UACZ,MAAM,KACd,CAAC,aAAa,EAAE,gBAAgB,CAKlC,CAAC;AAEF,eAAO,MAAM,WAAW,8BAGrB;IACC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;CACzB,KAAG,GAAG,CAAC,SAAS,CAiBhB,CAAC"}

package/dist/esm/authorization/parseScopes.js ADDED Viewed

@@ -0,0 +1,22 @@
+import { camelCase, upperFirst } from 'lodash';
+import { ParameterError } from '../types/errors';
+import { getAllScopeMap } from './scopes';
+export const parseScope = (scope) => {
+    const [action, subjectPart] = scope.split(':');
+    const subject = upperFirst(camelCase(subjectPart));
+    return [action, subject];
+};
+export const parseScopes = ({ scopes, isEnterprise, }) => {
+    const scopeMap = getAllScopeMap({ isEnterprise });
+    const filtered = scopes
+        .map((scope) => parseScope(scope).join(':'))
+        .filter((scope) => {
+        const foundScope = scopeMap[scope];
+        if (!foundScope) {
+            throw new ParameterError(`Invalid scope: ${scope}. Please check the scope name and try again.`);
+        }
+        return true;
+    });
+    return new Set(filtered);
+};
+//# sourceMappingURL=parseScopes.js.map

package/dist/esm/authorization/parseScopes.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseScopes.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,MAAM,CAAC,MAAM,UAAU,GAAG,CACtB,KAAa,EACoB,EAAE;IACnC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IAEnD,OAAO,CAAC,MAAuB,EAAE,OAA2B,CAAC,CAAC;AAClE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,EACxB,MAAM,EACN,YAAY,GAIf,EAAkB,EAAE;IACjB,MAAM,QAAQ,GAAG,cAAc,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,MAAM;SAClB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAc,CAAC;SACxD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACd,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEnC,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,cAAc,CACpB,kBAAkB,KAAK,8CAA8C,CACxE,CAAC;QACN,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC,CAAC,CAAC;IAEP,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC7B,CAAC,CAAC"}

package/dist/esm/authorization/parseScopes.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=parseScopes.test.d.ts.map

package/dist/esm/authorization/parseScopes.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"parseScopes.test.d.ts","sourceRoot":"","sources":["../../../src/authorization/parseScopes.test.ts"],"names":[],"mappings":""}

package/dist/esm/authorization/parseScopes.test.js ADDED Viewed

@@ -0,0 +1,107 @@
+import { ParameterError } from '../types/errors';
+import { parseScopes } from './parseScopes';
+describe('parseScopes', () => {
+    describe('with valid scopes', () => {
+        it('should return a Set of valid scope names for non-enterprise', () => {
+            const result = parseScopes({
+                scopes: ['view:dashboard', 'manage:dashboard'],
+                isEnterprise: false,
+            });
+            expect(result).toBeInstanceOf(Set);
+            expect(result.size).toBe(2);
+            expect(result.has('view:Dashboard')).toBe(true);
+            expect(result.has('manage:Dashboard')).toBe(true);
+        });
+        it('should return a Set of valid scope names for enterprise', () => {
+            const result = parseScopes({
+                scopes: ['view:ai_agent', 'manage:ai_agent'],
+                isEnterprise: true,
+            });
+            expect(result).toBeInstanceOf(Set);
+            expect(result.size).toBe(2);
+            expect(result.has('view:AiAgent')).toBe(true);
+            expect(result.has('manage:AiAgent')).toBe(true);
+        });
+        it('should handle mixed case scope names correctly', () => {
+            const result = parseScopes({
+                scopes: [
+                    'export:dashboard_csv',
+                    'manage:personal_access_token',
+                ],
+                isEnterprise: true,
+            });
+            expect(result.size).toBe(2);
+            expect(result.has('export:DashboardCsv')).toBe(true);
+            expect(result.has('manage:PersonalAccessToken')).toBe(true);
+        });
+        it('should handle single scope correctly', () => {
+            const result = parseScopes({
+                scopes: ['view:project'],
+                isEnterprise: false,
+            });
+            expect(result.size).toBe(1);
+            expect(result.has('view:Project')).toBe(true);
+        });
+        it('should handle empty scopes array', () => {
+            const result = parseScopes({
+                scopes: [],
+                isEnterprise: false,
+            });
+            expect(result).toBeInstanceOf(Set);
+            expect(result.size).toBe(0);
+        });
+    });
+    describe('with invalid scopes', () => {
+        it('should throw ParameterError for invalid scope name', () => {
+            expect(() => parseScopes({
+                scopes: ['view:dashboard', 'invalid:scope'],
+                isEnterprise: false,
+            })).toThrow(ParameterError);
+            expect(() => parseScopes({
+                scopes: ['view:dashboard', 'invalid:scope'],
+                isEnterprise: false,
+            })).toThrow('Invalid scope: invalid:Scope. Please check the scope name and try again.');
+        });
+        it('should throw ParameterError for enterprise scope when not enterprise', () => {
+            expect(() => parseScopes({
+                scopes: ['view:dashboard', 'view:ai_agent'],
+                isEnterprise: false,
+            })).toThrow(ParameterError);
+            expect(() => parseScopes({
+                scopes: ['view:dashboard', 'view:ai_agent'],
+                isEnterprise: false,
+            })).toThrow('Invalid scope: view:AiAgent. Please check the scope name and try again.');
+        });
+    });
+    describe('scope parsing logic', () => {
+        it('should transform snake_case to PascalCase correctly', () => {
+            const result = parseScopes({
+                scopes: [
+                    'export:dashboard_csv',
+                    'manage:personal_access_token',
+                    'view:semantic_viewer',
+                ],
+                isEnterprise: true,
+            });
+            expect(result.has('export:DashboardCsv')).toBe(true);
+            expect(result.has('manage:PersonalAccessToken')).toBe(true);
+            expect(result.has('view:SemanticViewer')).toBe(true);
+        });
+        it('should handle camelCase input correctly', () => {
+            const result = parseScopes({
+                scopes: ['view:dashboard', 'manage:savedChart'],
+                isEnterprise: false,
+            });
+            expect(result.has('view:Dashboard')).toBe(true);
+            expect(result.has('manage:SavedChart')).toBe(true);
+        });
+        it('should handle mixed case input correctly', () => {
+            const result = parseScopes({
+                scopes: ['view:underlying_data'],
+                isEnterprise: false,
+            });
+            expect(result.has('view:UnderlyingData')).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=parseScopes.test.js.map

package/dist/esm/authorization/parseScopes.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseScopes.test.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IACzB,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;YACnE,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;gBAC9C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,eAAe,EAAE,iBAAiB,CAAC;gBAC5C,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE;oBACJ,sBAAsB;oBACtB,8BAA8B;iBACjC;gBACD,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,cAAc,CAAC;gBACxB,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,EAAE;gBACV,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC1D,MAAM,CAAC,GAAG,EAAE,CACR,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAE1B,MAAM,CAAC,GAAG,EAAE,CACR,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CACL,0EAA0E,CAC7E,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;YAC5E,MAAM,CAAC,GAAG,EAAE,CACR,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAE1B,MAAM,CAAC,GAAG,EAAE,CACR,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CACL,yEAAyE,CAC5E,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC3D,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE;oBACJ,sBAAsB;oBACtB,8BAA8B;oBAC9B,sBAAsB;iBACzB;gBACD,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;gBAC/C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,sBAAsB,CAAC;gBAChC,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/esm/authorization/scopeAbilityBuilder.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { type MemberAbility } from './types';
+type BuilderOptions = {
+    organizationUuid: string;
+    projectUuid: string;
+    userUuid?: string;
+    scopes: string[];
+    isEnterprise: boolean;
+    organizationRole: string;
+    permissionsConfig?: {
+        pat: {
+            enabled: boolean;
+            allowedOrgRoles: string[];
+        };
+    };
+};
+/**
+ * Build a complete CASL ability from scope names and context
+ * @param context - Context containing organization, project, user, and space access information
+ * @returns CASL Ability with applied permissions
+ */
+export declare const buildAbilityFromScopes: (context: BuilderOptions) => MemberAbility;
+export {};
+//# sourceMappingURL=scopeAbilityBuilder.d.ts.map

package/dist/esm/authorization/scopeAbilityBuilder.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAoD7C,KAAK,cAAc,GAAG;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,KACxB,aAcF,CAAC"}

package/dist/esm/authorization/scopeAbilityBuilder.js ADDED Viewed

@@ -0,0 +1,54 @@
+import { Ability, AbilityBuilder } from '@casl/ability';
+import { parseScope, parseScopes } from './parseScopes';
+import { getAllScopeMap } from './scopes';
+const handlePatConfigApplication = (context, builder) => {
+    const { pat } = context?.permissionsConfig || {};
+    const hasPatRule = builder.rules.find((rule) => rule.action === 'manage' && rule.subject === 'PersonalAccessToken');
+    if (!hasPatRule &&
+        pat?.enabled &&
+        pat?.allowedOrgRoles?.includes(context.organizationRole)) {
+        builder.can('manage', 'PersonalAccessToken');
+    }
+};
+/**
+ * Apply scope-based abilities to a CASL ability builder
+ * @param scopeNames - Array of scope names to apply
+ * @param context - Context containing organization, project, user, and space access information
+ * @param builder - CASL ability builder to add permissions to
+ */
+const applyScopeAbilities = (context, builder) => {
+    const scopeMap = getAllScopeMap({ isEnterprise: context.isEnterprise });
+    context.scopes.forEach((scopeName) => {
+        const scope = scopeMap[scopeName];
+        if (!scope)
+            return;
+        const [action, subject] = parseScope(scopeName);
+        const conditionsList = scope.getConditions
+            ? scope.getConditions(context)
+            : [];
+        // Apply each condition set
+        conditionsList.forEach((conditions) => {
+            builder.can(action, subject, conditions);
+        });
+    });
+    handlePatConfigApplication(context, builder);
+};
+/**
+ * Build a complete CASL ability from scope names and context
+ * @param context - Context containing organization, project, user, and space access information
+ * @returns CASL Ability with applied permissions
+ */
+export const buildAbilityFromScopes = (context) => {
+    const builder = new AbilityBuilder(Ability);
+    const scopes = parseScopes({
+        scopes: context.scopes,
+        isEnterprise: context.isEnterprise,
+    });
+    const parsedContext = {
+        ...context,
+        scopes,
+    };
+    applyScopeAbilities(parsedContext, builder);
+    return builder.build();
+};
+//# sourceMappingURL=scopeAbilityBuilder.js.map

package/dist/esm/authorization/scopeAbilityBuilder.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,cAAc,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAiBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACV,EAAE;IACf,MAAM,OAAO,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,WAAW,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY,EAAE,OAAO,CAAC,YAAY;KACrC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;KACT,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC,CAAC"}

package/dist/esm/authorization/scopeAbilityBuilder.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=scopeAbilityBuilder.test.d.ts.map

package/dist/esm/authorization/scopeAbilityBuilder.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"scopeAbilityBuilder.test.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.test.ts"],"names":[],"mappings":""}