@lightdash/common 0.1936.2 → 0.1937.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (157) hide show
  1. package/dist/cjs/authorization/index.d.ts +8 -4
  2. package/dist/cjs/authorization/index.d.ts.map +1 -1
  3. package/dist/cjs/authorization/index.js +26 -3
  4. package/dist/cjs/authorization/index.js.map +1 -1
  5. package/dist/cjs/authorization/index.mock.d.ts +2 -0
  6. package/dist/cjs/authorization/index.mock.d.ts.map +1 -1
  7. package/dist/cjs/authorization/index.mock.js +2 -0
  8. package/dist/cjs/authorization/index.mock.js.map +1 -1
  9. package/dist/cjs/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
  10. package/dist/cjs/authorization/organizationMemberAbility.mock.js +1 -0
  11. package/dist/cjs/authorization/organizationMemberAbility.mock.js.map +1 -1
  12. package/dist/cjs/authorization/parseScopes.d.ts +3 -2
  13. package/dist/cjs/authorization/parseScopes.d.ts.map +1 -1
  14. package/dist/cjs/authorization/parseScopes.js +17 -8
  15. package/dist/cjs/authorization/parseScopes.js.map +1 -1
  16. package/dist/cjs/authorization/parseScopes.test.js +9 -14
  17. package/dist/cjs/authorization/parseScopes.test.js.map +1 -1
  18. package/dist/cjs/authorization/projectMemberAbility.mock.d.ts.map +1 -1
  19. package/dist/cjs/authorization/projectMemberAbility.mock.js +1 -0
  20. package/dist/cjs/authorization/projectMemberAbility.mock.js.map +1 -1
  21. package/dist/cjs/authorization/roleToScopeMapping.d.ts +19 -0
  22. package/dist/cjs/authorization/roleToScopeMapping.d.ts.map +1 -0
  23. package/dist/cjs/authorization/roleToScopeMapping.js +163 -0
  24. package/dist/cjs/authorization/roleToScopeMapping.js.map +1 -0
  25. package/dist/cjs/authorization/roleToScopeMapping.test.d.ts +2 -0
  26. package/dist/cjs/authorization/roleToScopeMapping.test.d.ts.map +1 -0
  27. package/dist/cjs/authorization/roleToScopeMapping.test.js +549 -0
  28. package/dist/cjs/authorization/roleToScopeMapping.test.js.map +1 -0
  29. package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
  30. package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
  31. package/dist/cjs/authorization/roleToScopeMapping.testUtils.js +329 -0
  32. package/dist/cjs/authorization/roleToScopeMapping.testUtils.js.map +1 -0
  33. package/dist/cjs/authorization/scopeAbilityBuilder.d.ts +14 -8
  34. package/dist/cjs/authorization/scopeAbilityBuilder.d.ts.map +1 -1
  35. package/dist/cjs/authorization/scopeAbilityBuilder.js +7 -7
  36. package/dist/cjs/authorization/scopeAbilityBuilder.js.map +1 -1
  37. package/dist/cjs/authorization/scopeAbilityBuilder.test.js +258 -185
  38. package/dist/cjs/authorization/scopeAbilityBuilder.test.js.map +1 -1
  39. package/dist/cjs/authorization/scopes.d.ts.map +1 -1
  40. package/dist/cjs/authorization/scopes.js +132 -187
  41. package/dist/cjs/authorization/scopes.js.map +1 -1
  42. package/dist/cjs/ee/AiAgent/schemas/tools/index.d.ts +1 -0
  43. package/dist/cjs/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
  44. package/dist/cjs/ee/AiAgent/schemas/tools/index.js +1 -0
  45. package/dist/cjs/ee/AiAgent/schemas/tools/index.js.map +1 -1
  46. package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
  47. package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
  48. package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +41 -0
  49. package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
  50. package/dist/cjs/types/organizationMemberProfile.d.ts +1 -0
  51. package/dist/cjs/types/organizationMemberProfile.d.ts.map +1 -1
  52. package/dist/cjs/types/organizationMemberProfile.js.map +1 -1
  53. package/dist/cjs/types/projectMemberProfile.d.ts +1 -0
  54. package/dist/cjs/types/projectMemberProfile.d.ts.map +1 -1
  55. package/dist/cjs/types/scopes.d.ts +19 -9
  56. package/dist/cjs/types/scopes.d.ts.map +1 -1
  57. package/dist/cjs/types/search.d.ts +20 -0
  58. package/dist/cjs/types/search.d.ts.map +1 -1
  59. package/dist/cjs/types/search.js.map +1 -1
  60. package/dist/cjs/types/user.d.ts +1 -0
  61. package/dist/cjs/types/user.d.ts.map +1 -1
  62. package/dist/cjs/types/user.js.map +1 -1
  63. package/dist/esm/authorization/index.d.ts +8 -4
  64. package/dist/esm/authorization/index.d.ts.map +1 -1
  65. package/dist/esm/authorization/index.js +26 -3
  66. package/dist/esm/authorization/index.js.map +1 -1
  67. package/dist/esm/authorization/index.mock.d.ts +2 -0
  68. package/dist/esm/authorization/index.mock.d.ts.map +1 -1
  69. package/dist/esm/authorization/index.mock.js +2 -0
  70. package/dist/esm/authorization/index.mock.js.map +1 -1
  71. package/dist/esm/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
  72. package/dist/esm/authorization/organizationMemberAbility.mock.js +1 -0
  73. package/dist/esm/authorization/organizationMemberAbility.mock.js.map +1 -1
  74. package/dist/esm/authorization/parseScopes.d.ts +3 -2
  75. package/dist/esm/authorization/parseScopes.d.ts.map +1 -1
  76. package/dist/esm/authorization/parseScopes.js +15 -7
  77. package/dist/esm/authorization/parseScopes.js.map +1 -1
  78. package/dist/esm/authorization/parseScopes.test.js +9 -14
  79. package/dist/esm/authorization/parseScopes.test.js.map +1 -1
  80. package/dist/esm/authorization/projectMemberAbility.mock.d.ts.map +1 -1
  81. package/dist/esm/authorization/projectMemberAbility.mock.js +1 -0
  82. package/dist/esm/authorization/projectMemberAbility.mock.js.map +1 -1
  83. package/dist/esm/authorization/roleToScopeMapping.d.ts +19 -0
  84. package/dist/esm/authorization/roleToScopeMapping.d.ts.map +1 -0
  85. package/dist/esm/authorization/roleToScopeMapping.js +157 -0
  86. package/dist/esm/authorization/roleToScopeMapping.js.map +1 -0
  87. package/dist/esm/authorization/roleToScopeMapping.test.d.ts +2 -0
  88. package/dist/esm/authorization/roleToScopeMapping.test.d.ts.map +1 -0
  89. package/dist/esm/authorization/roleToScopeMapping.test.js +547 -0
  90. package/dist/esm/authorization/roleToScopeMapping.test.js.map +1 -0
  91. package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
  92. package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
  93. package/dist/esm/authorization/roleToScopeMapping.testUtils.js +319 -0
  94. package/dist/esm/authorization/roleToScopeMapping.testUtils.js.map +1 -0
  95. package/dist/esm/authorization/scopeAbilityBuilder.d.ts +14 -8
  96. package/dist/esm/authorization/scopeAbilityBuilder.d.ts.map +1 -1
  97. package/dist/esm/authorization/scopeAbilityBuilder.js +7 -7
  98. package/dist/esm/authorization/scopeAbilityBuilder.js.map +1 -1
  99. package/dist/esm/authorization/scopeAbilityBuilder.test.js +259 -186
  100. package/dist/esm/authorization/scopeAbilityBuilder.test.js.map +1 -1
  101. package/dist/esm/authorization/scopes.d.ts.map +1 -1
  102. package/dist/esm/authorization/scopes.js +132 -187
  103. package/dist/esm/authorization/scopes.js.map +1 -1
  104. package/dist/esm/ee/AiAgent/schemas/tools/index.d.ts +1 -0
  105. package/dist/esm/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
  106. package/dist/esm/ee/AiAgent/schemas/tools/index.js +1 -0
  107. package/dist/esm/ee/AiAgent/schemas/tools/index.js.map +1 -1
  108. package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
  109. package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
  110. package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +38 -0
  111. package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
  112. package/dist/esm/types/organizationMemberProfile.d.ts +1 -0
  113. package/dist/esm/types/organizationMemberProfile.d.ts.map +1 -1
  114. package/dist/esm/types/organizationMemberProfile.js.map +1 -1
  115. package/dist/esm/types/projectMemberProfile.d.ts +1 -0
  116. package/dist/esm/types/projectMemberProfile.d.ts.map +1 -1
  117. package/dist/esm/types/scopes.d.ts +19 -9
  118. package/dist/esm/types/scopes.d.ts.map +1 -1
  119. package/dist/esm/types/search.d.ts +20 -0
  120. package/dist/esm/types/search.d.ts.map +1 -1
  121. package/dist/esm/types/search.js.map +1 -1
  122. package/dist/esm/types/user.d.ts +1 -0
  123. package/dist/esm/types/user.d.ts.map +1 -1
  124. package/dist/esm/types/user.js.map +1 -1
  125. package/dist/tsconfig.types.tsbuildinfo +1 -1
  126. package/dist/types/authorization/index.d.ts +8 -4
  127. package/dist/types/authorization/index.d.ts.map +1 -1
  128. package/dist/types/authorization/index.mock.d.ts +2 -0
  129. package/dist/types/authorization/index.mock.d.ts.map +1 -1
  130. package/dist/types/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
  131. package/dist/types/authorization/parseScopes.d.ts +3 -2
  132. package/dist/types/authorization/parseScopes.d.ts.map +1 -1
  133. package/dist/types/authorization/projectMemberAbility.mock.d.ts.map +1 -1
  134. package/dist/types/authorization/roleToScopeMapping.d.ts +19 -0
  135. package/dist/types/authorization/roleToScopeMapping.d.ts.map +1 -0
  136. package/dist/types/authorization/roleToScopeMapping.test.d.ts +2 -0
  137. package/dist/types/authorization/roleToScopeMapping.test.d.ts.map +1 -0
  138. package/dist/types/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
  139. package/dist/types/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
  140. package/dist/types/authorization/scopeAbilityBuilder.d.ts +14 -8
  141. package/dist/types/authorization/scopeAbilityBuilder.d.ts.map +1 -1
  142. package/dist/types/authorization/scopes.d.ts.map +1 -1
  143. package/dist/types/ee/AiAgent/schemas/tools/index.d.ts +1 -0
  144. package/dist/types/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
  145. package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
  146. package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
  147. package/dist/types/types/organizationMemberProfile.d.ts +1 -0
  148. package/dist/types/types/organizationMemberProfile.d.ts.map +1 -1
  149. package/dist/types/types/projectMemberProfile.d.ts +1 -0
  150. package/dist/types/types/projectMemberProfile.d.ts.map +1 -1
  151. package/dist/types/types/scopes.d.ts +19 -9
  152. package/dist/types/types/scopes.d.ts.map +1 -1
  153. package/dist/types/types/search.d.ts +20 -0
  154. package/dist/types/types/search.d.ts.map +1 -1
  155. package/dist/types/types/user.d.ts +1 -0
  156. package/dist/types/types/user.d.ts.map +1 -1
  157. package/package.json +1 -1
package/dist/cjs/authorization/scopes.js CHANGED
@@ -1,40 +1,42 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.getAllScopeMap = exports.getScopes = void 0;
4
+ const lodash_1 = require("lodash");
4
5
  const projects_1 = require("../types/projects");
5
6
  const scopes_1 = require("../types/scopes");
6
7
  const space_1 = require("../types/space");
8
+ /** Context can have either/or organizationUuid or projectUuid. Applies the one we have. */
9
+ const addUuidCondition = (context, modifiers) => {
10
+ const projectOrOrg = context.organizationUuid
11
+ ? { organizationUuid: context.organizationUuid }
12
+ : { projectUuid: context.projectUuid };
13
+ return {
14
+ ...projectOrOrg,
15
+ ...modifiers,
16
+ };
17
+ };
18
+ /** Applies the UUID condition with Space access. */
7
19
  const addAccessCondition = (context, role) => ({
8
- $elemMatch: {
9
- userUuid: context.userUuid || false,
10
- ...(role ? { role } : {}),
20
+ ...addUuidCondition(context),
21
+ access: {
22
+ $elemMatch: {
23
+ userUuid: context.userUuid || false,
24
+ ...(role ? { role } : {}),
25
+ },
11
26
  },
12
27
  });
13
- const addDefaultOrgIdCondition = (context) => [
14
- {
15
- organizationUuid: context.organizationUuid,
16
- },
17
- ];
28
+ /** Applies the UUID condition as the only condition for a scope. */
29
+ const addDefaultUuidCondition = (0, lodash_1.flow)(addUuidCondition, Array.of);
18
30
  const scopes = [
19
31
  {
20
32
  name: 'view:Dashboard',
21
33
  description: 'View dashboards',
22
34
  isEnterprise: false,
23
35
  group: scopes_1.ScopeGroup.CONTENT,
24
- getConditions: (context) => {
25
- // Public dashboards
26
- const conditions = [
27
- {
28
- organizationUuid: context.organizationUuid,
29
- isPrivate: false,
30
- },
31
- ];
32
- conditions.push({
33
- organizationUuid: context.organizationUuid,
34
- access: addAccessCondition(context),
35
- });
36
- return conditions;
37
- },
36
+ getConditions: (context) => [
37
+ addUuidCondition(context, { isPrivate: false }),
38
+ addAccessCondition(context),
39
+ ],
38
40
  },
39
41
  {
40
42
  name: 'manage:Dashboard',
@@ -42,19 +44,12 @@ const scopes = [
42
44
  isEnterprise: false,
43
45
  group: scopes_1.ScopeGroup.CONTENT,
44
46
  getConditions: (context) => {
45
- const { organizationUuid } = context;
46
47
  if (context.scopes.has('manage:Organization')) {
47
- return [{ organizationUuid }];
48
+ return addDefaultUuidCondition(context);
48
49
  }
49
50
  return [
50
- {
51
- organizationUuid,
52
- access: addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
53
- },
54
- {
55
- organizationUuid,
56
- access: addAccessCondition(context, space_1.SpaceMemberRole.ADMIN),
57
- },
51
+ addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
52
+ addAccessCondition(context, space_1.SpaceMemberRole.ADMIN),
58
53
  ];
59
54
  },
60
55
  },
@@ -63,23 +58,10 @@ const scopes = [
63
58
  description: 'View saved charts',
64
59
  isEnterprise: false,
65
60
  group: scopes_1.ScopeGroup.CONTENT,
66
- getConditions: (context) => {
67
- // Public saved charts
68
- const conditions = [
69
- {
70
- organizationUuid: context.organizationUuid,
71
- projectUuid: context.projectUuid,
72
- isPrivate: false,
73
- },
74
- ];
75
- // User's accessible saved charts via space access
76
- conditions.push({
77
- organizationUuid: context.organizationUuid,
78
- projectUuid: context.projectUuid,
79
- access: addAccessCondition(context),
80
- });
81
- return conditions;
82
- },
61
+ getConditions: (context) => [
62
+ addUuidCondition(context, { isPrivate: false }),
63
+ addAccessCondition(context),
64
+ ],
83
65
  },
84
66
  {
85
67
  name: 'manage:SavedChart',
@@ -87,19 +69,12 @@ const scopes = [
87
69
  isEnterprise: false,
88
70
  group: scopes_1.ScopeGroup.CONTENT,
89
71
  getConditions: (context) => {
90
- const { organizationUuid } = context;
91
72
  if (context.scopes.has('manage:Organization')) {
92
- return [{ organizationUuid }];
73
+ return addDefaultUuidCondition(context);
93
74
  }
94
75
  return [
95
- {
96
- organizationUuid,
97
- access: addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
98
- },
99
- {
100
- organizationUuid,
101
- access: addAccessCondition(context, space_1.SpaceMemberRole.ADMIN),
102
- },
76
+ addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
77
+ addAccessCondition(context, space_1.SpaceMemberRole.ADMIN),
103
78
  ];
104
79
  },
105
80
  },
@@ -108,110 +83,91 @@ const scopes = [
108
83
  description: 'View spaces',
109
84
  isEnterprise: false,
110
85
  group: scopes_1.ScopeGroup.CONTENT,
111
- getConditions: (context) => {
112
- // Public spaces
113
- const conditions = [
114
- {
115
- organizationUuid: context.organizationUuid,
116
- projectUuid: context.projectUuid,
117
- isPrivate: false,
118
- },
119
- ];
120
- // User's accessible spaces
121
- conditions.push({
122
- organizationUuid: context.organizationUuid,
123
- projectUuid: context.projectUuid,
124
- access: addAccessCondition(context),
125
- });
126
- return conditions;
127
- },
86
+ getConditions: (context) => [
87
+ addUuidCondition(context, { isPrivate: false }),
88
+ addAccessCondition(context),
89
+ ],
128
90
  },
129
91
  {
130
92
  name: 'create:Space',
131
93
  description: 'Create new spaces',
132
94
  isEnterprise: false,
133
95
  group: scopes_1.ScopeGroup.CONTENT,
134
- getConditions: addDefaultOrgIdCondition,
96
+ getConditions: addDefaultUuidCondition,
135
97
  },
136
98
  {
137
99
  name: 'manage:Space',
138
- description: 'Edit and delete spaces',
100
+ description: 'Create, edit, and delete all spaces',
139
101
  isEnterprise: false,
140
102
  group: scopes_1.ScopeGroup.CONTENT,
141
- getConditions: (context) => {
142
- const { organizationUuid } = context;
143
- // Manage all spaces where user is admin of the organization
144
- if (context.scopes.has('manage:Organization')) {
145
- return [{ organizationUuid }];
146
- }
147
- const conditions = [
148
- {
149
- organizationUuid,
150
- access: addAccessCondition(context, space_1.SpaceMemberRole.ADMIN),
151
- },
152
- ];
153
- if (context.scopes.has('manage:Project')) {
154
- // Manage public spaces where user is admin of the project
155
- conditions.push({
156
- organizationUuid: context.organizationUuid,
157
- isPrivate: false,
158
- });
159
- }
160
- return conditions;
161
- },
103
+ getConditions: addDefaultUuidCondition,
104
+ },
105
+ {
106
+ name: 'manage:Space@public',
107
+ description: 'Create, edit, and delete public spaces',
108
+ isEnterprise: false,
109
+ group: scopes_1.ScopeGroup.CONTENT,
110
+ getConditions: (context) => [
111
+ addUuidCondition(context, { isPrivate: false }),
112
+ ],
113
+ },
114
+ {
115
+ name: 'manage:Space@assigned',
116
+ description: 'Create, edit, and delete spaces owned by the user',
117
+ isEnterprise: false,
118
+ group: scopes_1.ScopeGroup.CONTENT,
119
+ getConditions: (context) => [
120
+ addAccessCondition(context, space_1.SpaceMemberRole.ADMIN),
121
+ ],
162
122
  },
163
123
  {
164
124
  name: 'view:DashboardComments',
165
125
  description: 'View dashboard comments',
166
126
  isEnterprise: false,
167
127
  group: scopes_1.ScopeGroup.CONTENT,
168
- getConditions: addDefaultOrgIdCondition,
128
+ getConditions: addDefaultUuidCondition,
169
129
  },
170
130
  {
171
131
  name: 'create:DashboardComments',
172
132
  description: 'Create dashboard comments',
173
133
  isEnterprise: false,
174
134
  group: scopes_1.ScopeGroup.CONTENT,
175
- getConditions: addDefaultOrgIdCondition,
135
+ getConditions: addDefaultUuidCondition,
176
136
  },
177
137
  {
178
138
  name: 'manage:DashboardComments',
179
139
  description: 'Edit and delete dashboard comments',
180
140
  isEnterprise: false,
181
141
  group: scopes_1.ScopeGroup.CONTENT,
182
- getConditions: addDefaultOrgIdCondition,
142
+ getConditions: addDefaultUuidCondition,
183
143
  },
184
144
  {
185
145
  name: 'view:Tags',
186
146
  description: 'View tags',
187
147
  isEnterprise: false,
188
148
  group: scopes_1.ScopeGroup.CONTENT,
189
- getConditions: (context) => [
190
- {
191
- organizationUuid: context.organizationUuid,
192
- },
193
- ],
149
+ getConditions: addDefaultUuidCondition,
194
150
  },
195
151
  {
196
152
  name: 'manage:Tags',
197
153
  description: 'Create, edit, and delete tags',
198
154
  isEnterprise: false,
199
155
  group: scopes_1.ScopeGroup.CONTENT,
200
- getConditions: addDefaultOrgIdCondition,
156
+ getConditions: addDefaultUuidCondition,
201
157
  },
202
158
  {
203
159
  name: 'view:PinnedItems',
204
160
  description: 'View pinned items',
205
161
  isEnterprise: false,
206
162
  group: scopes_1.ScopeGroup.CONTENT,
207
- getConditions: addDefaultOrgIdCondition,
163
+ getConditions: addDefaultUuidCondition,
208
164
  },
209
165
  {
210
166
  name: 'manage:PinnedItems',
211
167
  description: 'Pin and unpin items',
212
168
  isEnterprise: false,
213
169
  group: scopes_1.ScopeGroup.CONTENT,
214
- getConditions: addDefaultOrgIdCondition,
170
+ getConditions: addDefaultUuidCondition,
215
171
  },
216
172
  {
217
173
  name: 'promote:SavedChart',
@@ -220,19 +176,9 @@ const scopes = [
220
176
  group: scopes_1.ScopeGroup.CONTENT,
221
177
  getConditions: (context) => {
222
178
  if (context.scopes.has('manage:Organization')) {
223
- return [
224
- {
225
- organizationUuid: context.organizationUuid,
226
- },
227
- ];
179
+ return addDefaultUuidCondition(context);
228
180
  }
229
- return [
230
- {
231
- organizationUuid: context.organizationUuid,
232
- projectUuid: context.projectUuid,
233
- access: addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
234
- },
235
- ];
181
+ return [addAccessCondition(context, space_1.SpaceMemberRole.EDITOR)];
236
182
  },
237
183
  },
238
184
  {
@@ -242,19 +188,9 @@ const scopes = [
242
188
  group: scopes_1.ScopeGroup.CONTENT,
243
189
  getConditions: (context) => {
244
190
  if (context.scopes.has('manage:Organization')) {
245
- return [
246
- {
247
- organizationUuid: context.organizationUuid,
248
- },
249
- ];
191
+ return addDefaultUuidCondition(context);
250
192
  }
251
- return [
252
- {
253
- organizationUuid: context.organizationUuid,
254
- projectUuid: context.projectUuid,
255
- access: addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
256
- },
257
- ];
193
+ return [addAccessCondition(context, space_1.SpaceMemberRole.EDITOR)];
258
194
  },
259
195
  },
260
196
  // Project Management Scopes
@@ -263,7 +199,7 @@ const scopes = [
263
199
  description: 'View project details',
264
200
  isEnterprise: false,
265
201
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
266
- getConditions: addDefaultOrgIdCondition,
202
+ getConditions: addDefaultUuidCondition,
267
203
  },
268
204
  {
269
205
  name: 'create:Project',
@@ -274,7 +210,7 @@ const scopes = [
274
210
  // Allow creating preview projects by default
275
211
  [
276
212
  {
277
- organizationUuid: context.organizationUuid,
213
+ ...addUuidCondition(context),
278
214
  type: projects_1.ProjectType.PREVIEW,
279
215
  },
280
216
  ],
@@ -284,7 +220,7 @@ const scopes = [
284
220
  description: 'Update project settings',
285
221
  isEnterprise: false,
286
222
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
287
- getConditions: addDefaultOrgIdCondition,
223
+ getConditions: addDefaultUuidCondition,
288
224
  },
289
225
  {
290
226
  name: 'delete:Project',
@@ -293,69 +229,77 @@ const scopes = [
293
229
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
294
230
  getConditions: (context) => {
295
231
  if (context.projectUuid) {
296
- return [
297
- {
298
- projectUuid: context.projectUuid,
299
- },
300
- ];
232
+ return [{}];
301
233
  }
302
234
  // Can delete preview projects in organization
303
235
  return [
304
236
  {
305
- organizationUuid: context.organizationUuid,
237
+ ...addUuidCondition(context),
306
238
  type: projects_1.ProjectType.PREVIEW,
307
239
  },
308
240
  ];
309
241
  },
310
242
  },
243
+ {
244
+ name: 'delete:Project@self',
245
+ description: 'Delete projects created by the user',
246
+ isEnterprise: false,
247
+ group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
248
+ getConditions: (context) => [
249
+ {
250
+ createdByUserUuid: context.userUuid || false,
251
+ type: projects_1.ProjectType.PREVIEW,
252
+ },
253
+ ],
254
+ },
311
255
  {
312
256
  name: 'manage:Project',
313
257
  description: 'Full project management permissions',
314
258
  isEnterprise: false,
315
259
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
316
- getConditions: addDefaultOrgIdCondition,
260
+ getConditions: addDefaultUuidCondition,
317
261
  },
318
262
  {
319
263
  name: 'manage:CompileProject',
320
264
  description: 'Compile and refresh dbt projects',
321
265
  isEnterprise: false,
322
266
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
323
- getConditions: addDefaultOrgIdCondition,
267
+ getConditions: addDefaultUuidCondition,
324
268
  },
325
269
  {
326
270
  name: 'manage:Validation',
327
271
  description: 'Manage data validation rules',
328
272
  isEnterprise: false,
329
273
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
330
- getConditions: addDefaultOrgIdCondition,
274
+ getConditions: addDefaultUuidCondition,
331
275
  },
332
276
  {
333
277
  name: 'create:ScheduledDeliveries',
334
278
  description: 'Create scheduled deliveries',
335
279
  isEnterprise: false,
336
280
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
337
- getConditions: addDefaultOrgIdCondition,
281
+ getConditions: addDefaultUuidCondition,
338
282
  },
339
283
  {
340
284
  name: 'manage:ScheduledDeliveries',
341
285
  description: 'Manage scheduled deliveries',
342
286
  isEnterprise: false,
343
287
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
344
- getConditions: addDefaultOrgIdCondition,
288
+ getConditions: addDefaultUuidCondition,
345
289
  },
346
290
  {
347
291
  name: 'manage:GoogleSheets',
348
292
  description: 'Manage google sheets',
349
293
  isEnterprise: false,
350
294
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
351
- getConditions: addDefaultOrgIdCondition,
295
+ getConditions: addDefaultUuidCondition,
352
296
  },
353
297
  {
354
298
  name: 'view:Analytics',
355
299
  description: 'View usage analytics',
356
300
  isEnterprise: false,
357
301
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
358
- getConditions: addDefaultOrgIdCondition,
302
+ getConditions: addDefaultUuidCondition,
359
303
  },
360
304
  {
361
305
  name: 'create:Job',
@@ -385,7 +329,7 @@ const scopes = [
385
329
  group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
386
330
  getConditions: (context) => {
387
331
  if (context.scopes.has('manage:Organization')) {
388
- return addDefaultOrgIdCondition(context);
332
+ return addDefaultUuidCondition(context);
389
333
  }
390
334
  return [
391
335
  {
@@ -394,62 +338,69 @@ const scopes = [
394
338
  ];
395
339
  },
396
340
  },
341
+ {
342
+ name: 'manage:Validation',
343
+ description: 'Manage data validation rules',
344
+ isEnterprise: false,
345
+ group: scopes_1.ScopeGroup.PROJECT_MANAGEMENT,
346
+ getConditions: addDefaultUuidCondition,
347
+ },
397
348
  // Organization Management Scopes
398
349
  {
399
350
  name: 'view:Organization',
400
351
  description: 'View organization details',
401
352
  isEnterprise: false,
402
353
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
403
- getConditions: addDefaultOrgIdCondition,
354
+ getConditions: addDefaultUuidCondition,
404
355
  },
405
356
  {
406
357
  name: 'manage:Organization',
407
358
  description: 'Manage organization settings',
408
359
  isEnterprise: false,
409
360
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
410
- getConditions: addDefaultOrgIdCondition,
361
+ getConditions: addDefaultUuidCondition,
411
362
  },
412
363
  {
413
364
  name: 'view:OrganizationMemberProfile',
414
365
  description: 'View organization member profiles',
415
366
  isEnterprise: false,
416
367
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
417
- getConditions: addDefaultOrgIdCondition,
368
+ getConditions: addDefaultUuidCondition,
418
369
  },
419
370
  {
420
371
  name: 'manage:OrganizationMemberProfile',
421
372
  description: 'Manage organization member profiles and roles',
422
373
  isEnterprise: false,
423
374
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
424
- getConditions: addDefaultOrgIdCondition,
375
+ getConditions: addDefaultUuidCondition,
425
376
  },
426
377
  {
427
378
  name: 'manage:InviteLink',
428
379
  description: 'Create and manage invite links',
429
380
  isEnterprise: false,
430
381
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
431
- getConditions: addDefaultOrgIdCondition,
382
+ getConditions: addDefaultUuidCondition,
432
383
  },
433
384
  {
434
385
  name: 'manage:Group',
435
386
  description: 'Manage user groups',
436
387
  isEnterprise: false,
437
388
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
438
- getConditions: addDefaultOrgIdCondition,
389
+ getConditions: addDefaultUuidCondition,
439
390
  },
440
391
  {
441
392
  name: 'manage:ContentAsCode',
442
393
  description: 'Manage content as code features',
443
394
  isEnterprise: true,
444
395
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
445
- getConditions: addDefaultOrgIdCondition,
396
+ getConditions: addDefaultUuidCondition,
446
397
  },
447
398
  {
448
399
  name: 'manage:PersonalAccessToken',
449
400
  description: 'Create and manage personal access tokens',
450
401
  isEnterprise: true,
451
402
  group: scopes_1.ScopeGroup.ORGANIZATION_MANAGEMENT,
452
- getConditions: addDefaultOrgIdCondition,
403
+ getConditions: addDefaultUuidCondition,
453
404
  },
454
405
  // Data Scopes
455
406
  {
@@ -457,14 +408,14 @@ const scopes = [
457
408
  description: 'View underlying data in charts',
458
409
  isEnterprise: false,
459
410
  group: scopes_1.ScopeGroup.DATA,
460
- getConditions: addDefaultOrgIdCondition,
411
+ getConditions: addDefaultUuidCondition,
461
412
  },
462
413
  {
463
414
  name: 'view:SemanticViewer',
464
415
  description: 'View data in semantic viewer',
465
416
  isEnterprise: false,
466
417
  group: scopes_1.ScopeGroup.DATA,
467
- getConditions: addDefaultOrgIdCondition,
418
+ getConditions: addDefaultUuidCondition,
468
419
  },
469
420
  {
470
421
  name: 'manage:SemanticViewer',
@@ -473,14 +424,9 @@ const scopes = [
473
424
  group: scopes_1.ScopeGroup.DATA,
474
425
  getConditions: (context) => {
475
426
  if (context.scopes.has('manage:Organization')) {
476
- return addDefaultOrgIdCondition(context);
427
+ return addDefaultUuidCondition(context);
477
428
  }
478
- return [
479
- {
480
- organizationUuid: context.organizationUuid,
481
- access: addAccessCondition(context, space_1.SpaceMemberRole.EDITOR),
482
- },
483
- ];
429
+ return [addAccessCondition(context, space_1.SpaceMemberRole.EDITOR)];
484
430
  },
485
431
  },
486
432
  {
@@ -488,56 +434,56 @@ const scopes = [
488
434
  description: 'Explore and query data',
489
435
  isEnterprise: false,
490
436
  group: scopes_1.ScopeGroup.DATA,
491
- getConditions: addDefaultOrgIdCondition,
437
+ getConditions: addDefaultUuidCondition,
492
438
  },
493
439
  {
494
440
  name: 'manage:SqlRunner',
495
441
  description: 'Run SQL queries directly',
496
442
  isEnterprise: false,
497
443
  group: scopes_1.ScopeGroup.DATA,
498
- getConditions: addDefaultOrgIdCondition,
444
+ getConditions: addDefaultUuidCondition,
499
445
  },
500
446
  {
501
447
  name: 'manage:CustomSql',
502
448
  description: 'Create custom SQL queries',
503
449
  isEnterprise: false,
504
450
  group: scopes_1.ScopeGroup.DATA,
505
- getConditions: addDefaultOrgIdCondition,
451
+ getConditions: addDefaultUuidCondition,
506
452
  },
507
453
  {
508
454
  name: 'create:VirtualView',
509
455
  description: 'Create virtual views',
510
456
  isEnterprise: false,
511
457
  group: scopes_1.ScopeGroup.DATA,
512
- getConditions: addDefaultOrgIdCondition,
458
+ getConditions: addDefaultUuidCondition,
513
459
  },
514
460
  {
515
461
  name: 'delete:VirtualView',
516
462
  description: 'Delete virtual views',
517
463
  isEnterprise: false,
518
464
  group: scopes_1.ScopeGroup.DATA,
519
- getConditions: addDefaultOrgIdCondition,
465
+ getConditions: addDefaultUuidCondition,
520
466
  },
521
467
  {
522
468
  name: 'manage:VirtualView',
523
469
  description: 'Create and manage virtual views',
524
470
  isEnterprise: false,
525
471
  group: scopes_1.ScopeGroup.DATA,
526
- getConditions: addDefaultOrgIdCondition,
472
+ getConditions: addDefaultUuidCondition,
527
473
  },
528
474
  {
529
475
  name: 'manage:ExportCsv',
530
476
  description: 'Export data to CSV',
531
477
  isEnterprise: false,
532
478
  group: scopes_1.ScopeGroup.DATA,
533
- getConditions: addDefaultOrgIdCondition,
479
+ getConditions: addDefaultUuidCondition,
534
480
  },
535
481
  {
536
482
  name: 'manage:ChangeCsvResults',
537
483
  description: 'Modify CSV export results',
538
484
  isEnterprise: false,
539
485
  group: scopes_1.ScopeGroup.DATA,
540
- getConditions: addDefaultOrgIdCondition,
486
+ getConditions: addDefaultUuidCondition,
541
487
  },
542
488
  // Sharing Scopes
543
489
  {
@@ -567,14 +513,14 @@ const scopes = [
567
513
  description: 'View AI agent features',
568
514
  isEnterprise: true,
569
515
  group: scopes_1.ScopeGroup.AI,
570
- getConditions: addDefaultOrgIdCondition,
516
+ getConditions: addDefaultUuidCondition,
571
517
  },
572
518
  {
573
519
  name: 'manage:AiAgent',
574
520
  description: 'Configure AI agent settings',
575
521
  isEnterprise: true,
576
522
  group: scopes_1.ScopeGroup.AI,
577
- getConditions: addDefaultOrgIdCondition,
523
+ getConditions: addDefaultUuidCondition,
578
524
  },
579
525
  {
580
526
  name: 'view:AiAgentThread',
@@ -585,9 +531,8 @@ const scopes = [
585
531
  // View user's own AI agent threads
586
532
  [
587
533
  {
588
- organizationUuid: context.organizationUuid,
589
- projectUuid: context.projectUuid,
590
- ...(context.userUuid && { userUuid: context.userUuid }),
534
+ ...addUuidCondition(context),
535
+ userUuid: context.userUuid || false,
591
536
  },
592
537
  ],
593
538
  },
@@ -596,7 +541,7 @@ const scopes = [
596
541
  description: 'Start new AI agent conversations',
597
542
  isEnterprise: true,
598
543
  group: scopes_1.ScopeGroup.AI,
599
- getConditions: addDefaultOrgIdCondition,
544
+ getConditions: addDefaultUuidCondition,
600
545
  },
601
546
  {
602
547
  name: 'manage:AiAgentThread',
@@ -605,7 +550,7 @@ const scopes = [
605
550
  group: scopes_1.ScopeGroup.AI,
606
551
  getConditions: (context) => {
607
552
  if (context.scopes.has('manage:Organization')) {
608
- return addDefaultOrgIdCondition(context);
553
+ return addDefaultUuidCondition(context);
609
554
  }
610
555
  // Manage user's own AI agent threads
611
556
  return [{ userUuid: context.userUuid || false }];
@@ -617,28 +562,28 @@ const scopes = [
617
562
  description: 'Configure spotlight table settings',
618
563
  isEnterprise: true,
619
564
  group: scopes_1.ScopeGroup.SPOTLIGHT,
620
- getConditions: addDefaultOrgIdCondition,
565
+ getConditions: addDefaultUuidCondition,
621
566
  },
622
567
  {
623
568
  name: 'view:SpotlightTableConfig',
624
569
  description: 'View spotlight table configuration',
625
570
  isEnterprise: true,
626
571
  group: scopes_1.ScopeGroup.SPOTLIGHT,
627
- getConditions: addDefaultOrgIdCondition,
572
+ getConditions: addDefaultUuidCondition,
628
573
  },
629
574
  {
630
575
  name: 'view:MetricsTree',
631
576
  description: 'View metrics tree',
632
577
  isEnterprise: true,
633
578
  group: scopes_1.ScopeGroup.SPOTLIGHT,
634
- getConditions: addDefaultOrgIdCondition,
579
+ getConditions: addDefaultUuidCondition,
635
580
  },
636
581
  {
637
582
  name: 'manage:MetricsTree',
638
583
  description: 'Manage metrics tree configuration',
639
584
  isEnterprise: true,
640
585
  group: scopes_1.ScopeGroup.SPOTLIGHT,
641
- getConditions: addDefaultOrgIdCondition,
586
+ getConditions: addDefaultUuidCondition,
642
587
  },
643
588
  ];
644
589
  const getNonEnterpriseScopes = () => scopes.filter((scope) => !scope.isEnterprise);