npm - @lightdash/common - Versions diffs - 0.1936.2 → 0.1937.1 - Mend

@lightdash/common 0.1936.2 → 0.1937.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"roleToScopeMapping.testUtils.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.testUtils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAO/D,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;GAGG;AAEH;;GAEG;AACH,eAAO,MAAM,uBAAuB,QAAO;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAgCpB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,SACzB,iBAAiB,KACxB;IACC,KAAK,EAAE,KAAK,CAAC;QACT,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;IACH,UAAU,EAAE,aAAa,CAAC;CAwB7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqHnC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,SACvB,iBAAiB,YACd;IACL,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CJ,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,SAC/B,iBAAiB,aACZ,UAAU,CAAC,OAAO,uBAAuB,CAAC,YAC5C;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,aACvB;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,SAAU,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2B5D,CAAC"}

package/dist/cjs/authorization/roleToScopeMapping.testUtils.js ADDED Viewed

@@ -0,0 +1,329 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.debugRoleScopeMapping = exports.validateAllRoleMappings = exports.compareRoleAndScopeAbilities = exports.createRoleTestParams = exports.createStandardTestCases = exports.extractRolePermissions = exports.validateRoleInheritance = void 0;
+/* eslint-disable no-console */
+const ability_1 = require("@casl/ability");
+const projectMemberRole_1 = require("../types/projectMemberRole");
+const projectMemberAbility_1 = require("./projectMemberAbility");
+const roleToScopeMapping_1 = require("./roleToScopeMapping");
+const scopeAbilityBuilder_1 = require("./scopeAbilityBuilder");
+/**
+ * Test utilities for role to scope mapping validation
+ * These functions are only used for testing migration compatibility
+ */
+/**
+ * Validates that a role properly inherits permissions from lower roles
+ */
+const validateRoleInheritance = () => {
+    const errors = [];
+    const roleOrder = [
+        projectMemberRole_1.ProjectMemberRole.VIEWER,
+        projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER,
+        projectMemberRole_1.ProjectMemberRole.EDITOR,
+        projectMemberRole_1.ProjectMemberRole.DEVELOPER,
+        projectMemberRole_1.ProjectMemberRole.ADMIN,
+    ];
+    for (let i = 1; i < roleOrder.length; i += 1) {
+        const currentRole = roleOrder[i];
+        const previousRole = roleOrder[i - 1];
+        const currentScopes = new Set((0, roleToScopeMapping_1.getScopesForRole)(currentRole));
+        const previousScopes = (0, roleToScopeMapping_1.getScopesForRole)(previousRole);
+        // Check that all previous scopes are included in current role
+        for (const scope of previousScopes) {
+            if (!currentScopes.has(scope)) {
+                errors.push(`Role ${currentRole} is missing inherited scope: ${scope} from ${previousRole}`);
+            }
+        }
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+};
+exports.validateRoleInheritance = validateRoleInheritance;
+/**
+ * Extracts the actual permissions granted by a role builder for analysis and comparison
+ * This is useful for debugging and validating that our scope mappings are correct
+ */
+const extractRolePermissions = (role) => {
+    const builder = new ability_1.AbilityBuilder(ability_1.Ability);
+    const testMember = {
+        role,
+        projectUuid: 'test-project-uuid',
+        userUuid: 'test-user-uuid',
+    };
+    // Build the ability using the role-based system
+    projectMemberAbility_1.projectMemberAbilities[role](testMember, builder);
+    const ability = builder.build();
+    // Extract the rules for analysis
+    return {
+        rules: ability.rules.map((rule) => ({
+            action: rule.action,
+            subject: rule.subject,
+            conditions: rule.conditions,
+            inverted: rule.inverted,
+            reason: rule.reason,
+        })),
+        rawAbility: ability,
+    };
+};
+exports.extractRolePermissions = extractRolePermissions;
+/**
+ * Helper function to create standardized test cases for role compatibility testing
+ */
+const createStandardTestCases = () => [
+    // View permissions
+    {
+        action: 'view',
+        subject: 'Dashboard',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'view',
+        subject: 'SavedChart',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'view',
+        subject: 'Space',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'view',
+        subject: 'Project',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Create permissions
+    {
+        action: 'create',
+        subject: 'Space',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+        },
+    },
+    {
+        action: 'create',
+        subject: 'DashboardComments',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'create',
+        subject: 'ScheduledDeliveries',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Manage permissions (varies by role level)
+    {
+        action: 'manage',
+        subject: 'Space',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'manage',
+        subject: 'Job',
+        resource: {},
+    },
+    {
+        action: 'manage',
+        subject: 'PinnedItems',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+        },
+    },
+    {
+        action: 'manage',
+        subject: 'Explore',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Higher-level permissions (developer+ only)
+    {
+        action: 'manage',
+        subject: 'Project',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'manage',
+        subject: 'Validation',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'manage',
+        subject: 'VirtualView',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'manage',
+        subject: 'CustomSql',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Admin-only permissions
+    {
+        action: 'delete',
+        subject: 'Project',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'view',
+        subject: 'Analytics',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+];
+exports.createStandardTestCases = createStandardTestCases;
+/**
+ * Helper function to create test parameters for role compatibility testing
+ */
+const createRoleTestParams = (role, options = {}) => {
+    const { isEnterprise = false, projectUuid = 'test-project-uuid', userUuid = 'test-user-uuid', organizationUuid = 'test-org-uuid', } = options;
+    const scopes = isEnterprise
+        ? (0, roleToScopeMapping_1.getScopesForRole)(role)
+        : (0, roleToScopeMapping_1.getNonEnterpriseScopesForRole)(role);
+    const scopeBuilderParams = {
+        userUuid,
+        scopes,
+        isEnterprise,
+        organizationRole: 'editor',
+        permissionsConfig: {
+            pat: {
+                enabled: false,
+                allowedOrgRoles: [],
+            },
+        },
+    };
+    return {
+        role,
+        scopes,
+        projectMember: {
+            role,
+            projectUuid,
+            userUuid,
+        },
+        scopeOrgBuilderParams: {
+            ...scopeBuilderParams,
+            organizationUuid,
+        },
+        scopeProjectBuilderParams: {
+            ...scopeBuilderParams,
+            projectUuid,
+        },
+    };
+};
+exports.createRoleTestParams = createRoleTestParams;
+/**
+ * Compares role-based and scope-based abilities for a specific set of test cases
+ * Returns detailed results showing which permissions match or differ
+ */
+const compareRoleAndScopeAbilities = (role, testCases, options = {}) => {
+    const { isEnterprise = false } = options;
+    const testParams = (0, exports.createRoleTestParams)(role, { isEnterprise });
+    // Build role-based ability
+    const roleBuilder = new ability_1.AbilityBuilder(ability_1.Ability);
+    projectMemberAbility_1.projectMemberAbilities[role](testParams.projectMember, roleBuilder);
+    const roleAbility = roleBuilder.build();
+    // Build Project-based scope-based ability
+    const scopeBuilder = new ability_1.AbilityBuilder(ability_1.Ability);
+    (0, scopeAbilityBuilder_1.buildAbilityFromScopes)(testParams.scopeProjectBuilderParams, scopeBuilder);
+    const scopeAbility = scopeBuilder.build();
+    const results = testCases.map((testCase) => {
+        const subjectWithResource = (0, ability_1.subject)(testCase.subject, testCase.resource);
+        const roleResult = roleAbility.can(testCase.action, subjectWithResource);
+        const scopeResult = scopeAbility.can(testCase.action, subjectWithResource);
+        return {
+            ...testCase,
+            roleResult,
+            scopeResult,
+            match: roleResult === scopeResult,
+        };
+    });
+    const summary = {
+        total: results.length,
+        matches: results.filter((r) => r.match).length,
+        mismatches: results.filter((r) => !r.match),
+        allMatch: results.every((r) => r.match),
+    };
+    return {
+        role,
+        scopes: testParams.scopes,
+        results,
+        summary,
+    };
+};
+exports.compareRoleAndScopeAbilities = compareRoleAndScopeAbilities;
+/**
+ * Runs a comprehensive comparison of all roles against standard test cases
+ */
+const validateAllRoleMappings = (options = {}) => {
+    const roles = [
+        projectMemberRole_1.ProjectMemberRole.VIEWER,
+        projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER,
+        projectMemberRole_1.ProjectMemberRole.EDITOR,
+        projectMemberRole_1.ProjectMemberRole.DEVELOPER,
+        projectMemberRole_1.ProjectMemberRole.ADMIN,
+    ];
+    const testCases = (0, exports.createStandardTestCases)();
+    const results = roles.map((role) => (0, exports.compareRoleAndScopeAbilities)(role, testCases, options));
+    const overallSummary = {
+        rolesValidated: results.length,
+        successfulRoles: results
+            .filter((r) => r.summary.allMatch)
+            .map((r) => r.role),
+        failedRoles: results
+            .filter((r) => !r.summary.allMatch)
+            .map((r) => ({
+            role: r.role,
+            mismatches: r.summary.mismatches.length,
+        })),
+        totalTestCases: results.reduce((sum, r) => sum + r.summary.total, 0),
+        totalMatches: results.reduce((sum, r) => sum + r.summary.matches, 0),
+    };
+    return {
+        roleResults: results,
+        overallSummary,
+        allRolesValid: overallSummary.failedRoles.length === 0,
+    };
+};
+exports.validateAllRoleMappings = validateAllRoleMappings;
+/**
+ * Debug utility to show what scopes are missing or extra for a specific role
+ */
+const debugRoleScopeMapping = (role) => {
+    const testCases = (0, exports.createStandardTestCases)();
+    const comparison = (0, exports.compareRoleAndScopeAbilities)(role, testCases);
+    const mismatches = comparison.results.filter((r) => !r.match);
+    console.debug(`\n=== Debug: ${role} Role Scope Mapping ===`);
+    console.debug(`Scopes assigned: ${comparison.scopes.length}`);
+    console.debug(`Test cases: ${comparison.summary.total}`);
+    console.debug(`Matches: ${comparison.summary.matches}`);
+    console.debug(`Mismatches: ${mismatches.length}`);
+    if (mismatches.length > 0) {
+        console.debug('\n--- Mismatched Permissions ---');
+        mismatches.forEach((mismatch) => {
+            console.debug(`${mismatch.action}:${mismatch.subject}`);
+            console.debug(`  Role-based: ${mismatch.roleResult}`);
+            console.debug(`  Scope-based: ${mismatch.scopeResult}`);
+            console.debug(`  Resource:`, mismatch.resource);
+            console.debug('');
+        });
+    }
+    console.debug(`\nAssigned Scopes:`);
+    comparison.scopes.forEach((scope) => console.debug(`  - ${scope}`));
+    return comparison;
+};
+exports.debugRoleScopeMapping = debugRoleScopeMapping;
+//# sourceMappingURL=roleToScopeMapping.testUtils.js.map

package/dist/cjs/authorization/roleToScopeMapping.testUtils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"roleToScopeMapping.testUtils.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.testUtils.ts"],"names":[],"mappings":";;;AAAA,+BAA+B;AAC/B,2CAAiE;AACjE,kEAA+D;AAC/D,iEAAgE;AAChE,6DAG8B;AAC9B,+DAA+D;AAG/D;;;GAGG;AAEH;;GAEG;AACI,MAAM,uBAAuB,GAAG,GAGrC,EAAE;IACA,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG;QACd,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,kBAAkB;QACpC,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,SAAS;QAC3B,qCAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEtC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,IAAA,qCAAgB,EAAC,WAAW,CAAC,CAAC,CAAC;QAC7D,MAAM,cAAc,GAAG,IAAA,qCAAgB,EAAC,YAAY,CAAC,CAAC;QAEtD,8DAA8D;QAC9D,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACjC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CACP,QAAQ,WAAW,gCAAgC,KAAK,SAAS,YAAY,EAAE,CAClF,CAAC;YACN,CAAC;QACL,CAAC;IACL,CAAC;IAED,OAAO;QACH,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;KACT,CAAC;AACN,CAAC,CAAC;AAlCW,QAAA,uBAAuB,2BAkClC;AAEF;;;GAGG;AACI,MAAM,sBAAsB,GAAG,CAClC,IAAuB,EAUzB,EAAE;IACA,MAAM,OAAO,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG;QACf,IAAI;QACJ,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,gBAAgB;KAC7B,CAAC;IAEF,gDAAgD;IAChD,6CAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhC,iCAAiC;IACjC,OAAO;QACH,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,EAAE,IAAI,CAAC,MAAgB;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAiB;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC,CAAC;QACH,UAAU,EAAE,OAAO;KACtB,CAAC;AACN,CAAC,CAAC;AAlCW,QAAA,sBAAsB,0BAkCjC;AAEF;;GAEG;AACI,MAAM,uBAAuB,GAAG,GAAG,EAAE,CAAC;IACzC,mBAAmB;IACnB;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,YAAqB;QAC9B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,qBAAqB;IACrB;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;SACnC;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,mBAA4B;QACrC,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,qBAA8B;QACvC,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,4CAA4C;IAC5C;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,KAAc;QACvB,QAAQ,EAAE,EAAE;KACf;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,aAAsB;QAC/B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;SACnC;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,6CAA6C;IAC7C;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,YAAqB;QAC9B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,aAAsB;QAC/B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,yBAAyB;IACzB;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;CACJ,CAAC;AArHW,QAAA,uBAAuB,2BAqHlC;AAEF;;GAEG;AACI,MAAM,oBAAoB,GAAG,CAChC,IAAuB,EACvB,UAKI,EAAE,EACR,EAAE;IACA,MAAM,EACF,YAAY,GAAG,KAAK,EACpB,WAAW,GAAG,mBAAmB,EACjC,QAAQ,GAAG,gBAAgB,EAC3B,gBAAgB,GAAG,eAAe,GACrC,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,YAAY;QACvB,CAAC,CAAC,IAAA,qCAAgB,EAAC,IAAI,CAAC;QACxB,CAAC,CAAC,IAAA,kDAA6B,EAAC,IAAI,CAAC,CAAC;IAE1C,MAAM,kBAAkB,GAAG;QACvB,QAAQ;QACR,MAAM;QACN,YAAY;QACZ,gBAAgB,EAAE,QAAiB;QACnC,iBAAiB,EAAE;YACf,GAAG,EAAE;gBACD,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,EAAE;aACtB;SACJ;KACJ,CAAC;IAEF,OAAO;QACH,IAAI;QACJ,MAAM;QACN,aAAa,EAAE;YACX,IAAI;YACJ,WAAW;YACX,QAAQ;SACX;QACD,qBAAqB,EAAE;YACnB,GAAG,kBAAkB;YACrB,gBAAgB;SACnB;QACD,yBAAyB,EAAE;YACvB,GAAG,kBAAkB;YACrB,WAAW;SACd;KACJ,CAAC;AACN,CAAC,CAAC;AAlDW,QAAA,oBAAoB,wBAkD/B;AAEF;;;GAGG;AACI,MAAM,4BAA4B,GAAG,CACxC,IAAuB,EACvB,SAAqD,EACrD,UAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,EAAE,YAAY,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,UAAU,GAAG,IAAA,4BAAoB,EAAC,IAAI,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;IAEhE,2BAA2B;IAC3B,MAAM,WAAW,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC/D,6CAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC;IAExC,0CAA0C;IAC1C,MAAM,YAAY,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAChE,IAAA,4CAAsB,EAAC,UAAU,CAAC,yBAAyB,EAAE,YAAY,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;IAE1C,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QACvC,MAAM,mBAAmB,GAAG,IAAA,iBAAO,EAC/B,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,QAAQ,CACpB,CAAC;QACF,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAC9B,QAAQ,CAAC,MAAM,EACf,mBAAmB,CACtB,CAAC;QACF,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAChC,QAAQ,CAAC,MAAM,EACf,mBAAmB,CACtB,CAAC;QAEF,OAAO;YACH,GAAG,QAAQ;YACX,UAAU;YACV,WAAW;YACX,KAAK,EAAE,UAAU,KAAK,WAAW;SACpC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG;QACZ,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM;QAC9C,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC3C,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;KAC1C,CAAC;IAEF,OAAO;QACH,IAAI;QACJ,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO;QACP,OAAO;KACV,CAAC;AACN,CAAC,CAAC;AArDW,QAAA,4BAA4B,gCAqDvC;AAEF;;GAEG;AACI,MAAM,uBAAuB,GAAG,CACnC,UAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,KAAK,GAAG;QACV,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,kBAAkB;QACpC,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,SAAS;QAC3B,qCAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,MAAM,SAAS,GAAG,IAAA,+BAAuB,GAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC/B,IAAA,oCAA4B,EAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CACzD,CAAC;IAEF,MAAM,cAAc,GAAG;QACnB,cAAc,EAAE,OAAO,CAAC,MAAM;QAC9B,eAAe,EAAE,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvB,WAAW,EAAE,OAAO;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACT,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM;SAC1C,CAAC,CAAC;QACP,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACpE,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;KACvE,CAAC;IAEF,OAAO;QACH,WAAW,EAAE,OAAO;QACpB,cAAc;QACd,aAAa,EAAE,cAAc,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;KACzD,CAAC;AACN,CAAC,CAAC;AApCW,QAAA,uBAAuB,2BAoClC;AAEF;;GAEG;AACI,MAAM,qBAAqB,GAAG,CAAC,IAAuB,EAAE,EAAE;IAC7D,MAAM,SAAS,GAAG,IAAA,+BAAuB,GAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,IAAA,oCAA4B,EAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAEjE,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE9D,OAAO,CAAC,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAC,CAAC;IAC7D,OAAO,CAAC,KAAK,CAAC,oBAAoB,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,KAAK,CAAC,YAAY,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAElD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClD,UAAU,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;YAC5B,OAAO,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,KAAK,CAAC,iBAAiB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,kBAAkB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACpC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpE,OAAO,UAAU,CAAC;AACtB,CAAC,CAAC;AA3BW,QAAA,qBAAqB,yBA2BhC"}

package/dist/cjs/authorization/scopeAbilityBuilder.d.ts CHANGED Viewed

@@ -1,23 +1,29 @@
+import { type AbilityBuilder } from '@casl/ability';
 import { type MemberAbility } from './types';
-type BuilderOptions = {
+type OptionalIdContext = {
     organizationUuid: string;
+    projectUuid?: never;
+} | {
     projectUuid: string;
-    userUuid?: string;
+    organizationUuid?: never;
+};
+type BuilderOptions = {
+    userUuid: string;
     scopes: string[];
-    isEnterprise: boolean;
-    organizationRole: string;
+    isEnterprise: boolean | undefined;
+    organizationRole?: string;
     permissionsConfig?: {
         pat: {
             enabled: boolean;
             allowedOrgRoles: string[];
         };
     };
-};
+} & OptionalIdContext;
 /**
- * Build a complete CASL ability from scope names and context
+ * Apply CASL abilities from scopes to a builder
  * @param context - Context containing organization, project, user, and space access information
- * @returns CASL Ability with applied permissions
+ * @param builder - CASL ability builder to add permissions to
  */
-export declare const buildAbilityFromScopes: (context: BuilderOptions) => MemberAbility;
+export declare const buildAbilityFromScopes: (context: BuilderOptions, builder: AbilityBuilder<MemberAbility>) => void;
 export {};
 //# sourceMappingURL=scopeAbilityBuilder.d.ts.map

package/dist/cjs/authorization/scopeAbilityBuilder.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"~~AAIA~~,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;~~AAoD7C~~,KAAK,~~cAAc~~,~~GAAG~~;~~IAClB~~,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,~~QAAQ~~,CAAC,EAAE,~~MAAM~~,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;~~IACtB~~,gBAAgB,EAAE,MAAM,CAAC;~~IACzB~~,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,CAAC;~~AAEF~~;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,~~KACxB~~,~~aAcF~~,CAAC"}
1	+ {"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAqD7C,KAAK,iBAAiB,GAChB;IACI,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC;CACvB,GACD;IACI,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,KAAK,CAAC;CAC5B,CAAC;AAER,KAAK,cAAc,GAAG;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,GAAG,SAAS,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,GAAG,iBAAiB,CAAC;AAEtB;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,WACd,cAAc,CAAC,aAAa,CAAC,KACvC,IAaF,CAAC"}

package/dist/cjs/authorization/scopeAbilityBuilder.js CHANGED Viewed

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildAbilityFromScopes = void 0;
-const ability_1 = require("@casl/ability");
 const parseScopes_1 = require("./parseScopes");
 const scopes_1 = require("./scopes");
 const handlePatConfigApplication = (context, builder) => {
@@ -9,6 +8,7 @@ const handlePatConfigApplication = (context, builder) => {
     const hasPatRule = builder.rules.find((rule) => rule.action === 'manage' && rule.subject === 'PersonalAccessToken');
     if (!hasPatRule &&
         pat?.enabled &&
+        context.organizationRole &&
         pat?.allowedOrgRoles?.includes(context.organizationRole)) {
         builder.can('manage', 'PersonalAccessToken');
     }
@@ -37,22 +37,22 @@ const applyScopeAbilities = (context, builder) => {
     handlePatConfigApplication(context, builder);
 };
 /**
- * Build a complete CASL ability from scope names and context
+ * Apply CASL abilities from scopes to a builder
  * @param context - Context containing organization, project, user, and space access information
- * @returns CASL Ability with applied permissions
+ * @param builder - CASL ability builder to add permissions to
  */
-const buildAbilityFromScopes = (context) => {
-    const builder = new ability_1.AbilityBuilder(ability_1.Ability);
+const buildAbilityFromScopes = (context, builder) => {
+    const isEnterprise = context.isEnterprise ?? false;
     const scopes = (0, parseScopes_1.parseScopes)({
         scopes: context.scopes,
-        isEnterprise: context.isEnterprise,
+        isEnterprise,
     });
     const parsedContext = {
         ...context,
         scopes,
+        isEnterprise,
     };
     applyScopeAbilities(parsedContext, builder);
-    return builder.build();
 };
 exports.buildAbilityFromScopes = buildAbilityFromScopes;
 //# sourceMappingURL=scopeAbilityBuilder.js.map

package/dist/cjs/authorization/scopeAbilityBuilder.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":";;;~~AAAA,2CAAwD;AAExD~~,+CAAwD;AACxD,qCAA0C;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAA,wBAAU,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;~~AAiBF~~;;;;GAIG;AACI,MAAM,sBAAsB,GAAG,CAClC,OAAuB,~~EACV~~,EAAE;~~IACf~~,MAAM,~~OAAO~~,GAAG,~~IAAI~~,~~wBAAc~~,~~CAAgB~~,~~iBAAO~~,~~CAAC~~,CAAC;~~IAE3D~~,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY~~,EAAE,OAAO,CAAC,YAAY~~;~~KACrC~~,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;~~KACT~~,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;~~IAC5C~~,~~OAAO,OAAO,~~CAAC,~~KAAK,EAAE,~~CAAC;~~AAC3B,CAAC,CAAC;~~AAhBW,QAAA,sBAAsB,0BAgBjC"}
1	+ {"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":";;;AAEA,+CAAwD;AACxD,qCAA0C;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,OAAO,CAAC,gBAAgB;QACxB,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAA,wBAAU,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAyBF;;;;GAIG;AACI,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACvB,OAAsC,EAClC,EAAE;IACN,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;IACnD,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY;KACf,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;QACN,YAAY;KACf,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC,CAAC;AAhBW,QAAA,sBAAsB,0BAgBjC"}