@lightdash/common 0.1937.0 → 0.1938.0

package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roleToScopeMapping.testUtils.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.testUtils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAO/D,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;GAGG;AAEH;;GAEG;AACH,eAAO,MAAM,uBAAuB,QAAO;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAgCpB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,SACzB,iBAAiB,KACxB;IACC,KAAK,EAAE,KAAK,CAAC;QACT,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;IACH,UAAU,EAAE,aAAa,CAAC;CAwB7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqHnC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,SACvB,iBAAiB,YACd;IACL,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CJ,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,SAC/B,iBAAiB,aACZ,UAAU,CAAC,OAAO,uBAAuB,CAAC,YAC5C;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,aACvB;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,SAAU,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2B5D,CAAC"}

package/dist/esm/authorization/roleToScopeMapping.testUtils.js

@@ -0,0 +1,319 @@
+/* eslint-disable no-console */
+import { Ability, AbilityBuilder, subject } from '@casl/ability';
+import { ProjectMemberRole } from '../types/projectMemberRole';
+import { projectMemberAbilities } from './projectMemberAbility';
+import { getNonEnterpriseScopesForRole, getScopesForRole, } from './roleToScopeMapping';
+import { buildAbilityFromScopes } from './scopeAbilityBuilder';
+/**
+ * Test utilities for role to scope mapping validation
+ * These functions are only used for testing migration compatibility
+ */
+/**
+ * Validates that a role properly inherits permissions from lower roles
+ */
+export const validateRoleInheritance = () => {
+    const errors = [];
+    const roleOrder = [
+        ProjectMemberRole.VIEWER,
+        ProjectMemberRole.INTERACTIVE_VIEWER,
+        ProjectMemberRole.EDITOR,
+        ProjectMemberRole.DEVELOPER,
+        ProjectMemberRole.ADMIN,
+    ];
+    for (let i = 1; i < roleOrder.length; i += 1) {
+        const currentRole = roleOrder[i];
+        const previousRole = roleOrder[i - 1];
+        const currentScopes = new Set(getScopesForRole(currentRole));
+        const previousScopes = getScopesForRole(previousRole);
+        // Check that all previous scopes are included in current role
+        for (const scope of previousScopes) {
+            if (!currentScopes.has(scope)) {
+                errors.push(`Role ${currentRole} is missing inherited scope: ${scope} from ${previousRole}`);
+            }
+        }
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+};
+/**
+ * Extracts the actual permissions granted by a role builder for analysis and comparison
+ * This is useful for debugging and validating that our scope mappings are correct
+ */
+export const extractRolePermissions = (role) => {
+    const builder = new AbilityBuilder(Ability);
+    const testMember = {
+        role,
+        projectUuid: 'test-project-uuid',
+        userUuid: 'test-user-uuid',
+    };
+    // Build the ability using the role-based system
+    projectMemberAbilities[role](testMember, builder);
+    const ability = builder.build();
+    // Extract the rules for analysis
+    return {
+        rules: ability.rules.map((rule) => ({
+            action: rule.action,
+            subject: rule.subject,
+            conditions: rule.conditions,
+            inverted: rule.inverted,
+            reason: rule.reason,
+        })),
+        rawAbility: ability,
+    };
+};
+/**
+ * Helper function to create standardized test cases for role compatibility testing
+ */
+export const createStandardTestCases = () => [
+    // View permissions
+    {
+        action: 'view',
+        subject: 'Dashboard',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'view',
+        subject: 'SavedChart',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'view',
+        subject: 'Space',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'view',
+        subject: 'Project',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Create permissions
+    {
+        action: 'create',
+        subject: 'Space',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+        },
+    },
+    {
+        action: 'create',
+        subject: 'DashboardComments',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'create',
+        subject: 'ScheduledDeliveries',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Manage permissions (varies by role level)
+    {
+        action: 'manage',
+        subject: 'Space',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+            isPrivate: false,
+        },
+    },
+    {
+        action: 'manage',
+        subject: 'Job',
+        resource: {},
+    },
+    {
+        action: 'manage',
+        subject: 'PinnedItems',
+        resource: {
+            organizationUuid: 'org-uuid-test',
+            projectUuid: 'test-project-uuid',
+        },
+    },
+    {
+        action: 'manage',
+        subject: 'Explore',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Higher-level permissions (developer+ only)
+    {
+        action: 'manage',
+        subject: 'Project',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'manage',
+        subject: 'Validation',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'manage',
+        subject: 'VirtualView',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'manage',
+        subject: 'CustomSql',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    // Admin-only permissions
+    {
+        action: 'delete',
+        subject: 'Project',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+    {
+        action: 'view',
+        subject: 'Analytics',
+        resource: { projectUuid: 'test-project-uuid' },
+    },
+];
+/**
+ * Helper function to create test parameters for role compatibility testing
+ */
+export const createRoleTestParams = (role, options = {}) => {
+    const { isEnterprise = false, projectUuid = 'test-project-uuid', userUuid = 'test-user-uuid', organizationUuid = 'test-org-uuid', } = options;
+    const scopes = isEnterprise
+        ? getScopesForRole(role)
+        : getNonEnterpriseScopesForRole(role);
+    const scopeBuilderParams = {
+        userUuid,
+        scopes,
+        isEnterprise,
+        organizationRole: 'editor',
+        permissionsConfig: {
+            pat: {
+                enabled: false,
+                allowedOrgRoles: [],
+            },
+        },
+    };
+    return {
+        role,
+        scopes,
+        projectMember: {
+            role,
+            projectUuid,
+            userUuid,
+        },
+        scopeOrgBuilderParams: {
+            ...scopeBuilderParams,
+            organizationUuid,
+        },
+        scopeProjectBuilderParams: {
+            ...scopeBuilderParams,
+            projectUuid,
+        },
+    };
+};
+/**
+ * Compares role-based and scope-based abilities for a specific set of test cases
+ * Returns detailed results showing which permissions match or differ
+ */
+export const compareRoleAndScopeAbilities = (role, testCases, options = {}) => {
+    const { isEnterprise = false } = options;
+    const testParams = createRoleTestParams(role, { isEnterprise });
+    // Build role-based ability
+    const roleBuilder = new AbilityBuilder(Ability);
+    projectMemberAbilities[role](testParams.projectMember, roleBuilder);
+    const roleAbility = roleBuilder.build();
+    // Build Project-based scope-based ability
+    const scopeBuilder = new AbilityBuilder(Ability);
+    buildAbilityFromScopes(testParams.scopeProjectBuilderParams, scopeBuilder);
+    const scopeAbility = scopeBuilder.build();
+    const results = testCases.map((testCase) => {
+        const subjectWithResource = subject(testCase.subject, testCase.resource);
+        const roleResult = roleAbility.can(testCase.action, subjectWithResource);
+        const scopeResult = scopeAbility.can(testCase.action, subjectWithResource);
+        return {
+            ...testCase,
+            roleResult,
+            scopeResult,
+            match: roleResult === scopeResult,
+        };
+    });
+    const summary = {
+        total: results.length,
+        matches: results.filter((r) => r.match).length,
+        mismatches: results.filter((r) => !r.match),
+        allMatch: results.every((r) => r.match),
+    };
+    return {
+        role,
+        scopes: testParams.scopes,
+        results,
+        summary,
+    };
+};
+/**
+ * Runs a comprehensive comparison of all roles against standard test cases
+ */
+export const validateAllRoleMappings = (options = {}) => {
+    const roles = [
+        ProjectMemberRole.VIEWER,
+        ProjectMemberRole.INTERACTIVE_VIEWER,
+        ProjectMemberRole.EDITOR,
+        ProjectMemberRole.DEVELOPER,
+        ProjectMemberRole.ADMIN,
+    ];
+    const testCases = createStandardTestCases();
+    const results = roles.map((role) => compareRoleAndScopeAbilities(role, testCases, options));
+    const overallSummary = {
+        rolesValidated: results.length,
+        successfulRoles: results
+            .filter((r) => r.summary.allMatch)
+            .map((r) => r.role),
+        failedRoles: results
+            .filter((r) => !r.summary.allMatch)
+            .map((r) => ({
+            role: r.role,
+            mismatches: r.summary.mismatches.length,
+        })),
+        totalTestCases: results.reduce((sum, r) => sum + r.summary.total, 0),
+        totalMatches: results.reduce((sum, r) => sum + r.summary.matches, 0),
+    };
+    return {
+        roleResults: results,
+        overallSummary,
+        allRolesValid: overallSummary.failedRoles.length === 0,
+    };
+};
+/**
+ * Debug utility to show what scopes are missing or extra for a specific role
+ */
+export const debugRoleScopeMapping = (role) => {
+    const testCases = createStandardTestCases();
+    const comparison = compareRoleAndScopeAbilities(role, testCases);
+    const mismatches = comparison.results.filter((r) => !r.match);
+    console.debug(`\n=== Debug: ${role} Role Scope Mapping ===`);
+    console.debug(`Scopes assigned: ${comparison.scopes.length}`);
+    console.debug(`Test cases: ${comparison.summary.total}`);
+    console.debug(`Matches: ${comparison.summary.matches}`);
+    console.debug(`Mismatches: ${mismatches.length}`);
+    if (mismatches.length > 0) {
+        console.debug('\n--- Mismatched Permissions ---');
+        mismatches.forEach((mismatch) => {
+            console.debug(`${mismatch.action}:${mismatch.subject}`);
+            console.debug(`  Role-based: ${mismatch.roleResult}`);
+            console.debug(`  Scope-based: ${mismatch.scopeResult}`);
+            console.debug(`  Resource:`, mismatch.resource);
+            console.debug('');
+        });
+    }
+    console.debug(`\nAssigned Scopes:`);
+    comparison.scopes.forEach((scope) => console.debug(`  - ${scope}`));
+    return comparison;
+};
+//# sourceMappingURL=roleToScopeMapping.testUtils.js.map

package/dist/esm/authorization/roleToScopeMapping.testUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roleToScopeMapping.testUtils.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.testUtils.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EACH,6BAA6B,EAC7B,gBAAgB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAG/D;;;GAGG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAGrC,EAAE;IACA,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG;QACd,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,kBAAkB;QACpC,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,SAAS;QAC3B,iBAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEtC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7D,MAAM,cAAc,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAEtD,8DAA8D;QAC9D,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACjC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CACP,QAAQ,WAAW,gCAAgC,KAAK,SAAS,YAAY,EAAE,CAClF,CAAC;YACN,CAAC;QACL,CAAC;IACL,CAAC;IAED,OAAO;QACH,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;KACT,CAAC;AACN,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAClC,IAAuB,EAUzB,EAAE;IACA,MAAM,OAAO,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG;QACf,IAAI;QACJ,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,gBAAgB;KAC7B,CAAC;IAEF,gDAAgD;IAChD,sBAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhC,iCAAiC;IACjC,OAAO;QACH,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,EAAE,IAAI,CAAC,MAAgB;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAiB;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC,CAAC;QACH,UAAU,EAAE,OAAO;KACtB,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,EAAE,CAAC;IACzC,mBAAmB;IACnB;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,YAAqB;QAC9B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,qBAAqB;IACrB;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;SACnC;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,mBAA4B;QACrC,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,qBAA8B;QACvC,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,4CAA4C;IAC5C;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,KAAc;QACvB,QAAQ,EAAE,EAAE;KACf;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,aAAsB;QAC/B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;SACnC;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,6CAA6C;IAC7C;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,YAAqB;QAC9B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,aAAsB;QAC/B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,yBAAyB;IACzB;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;CACJ,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAChC,IAAuB,EACvB,UAKI,EAAE,EACR,EAAE;IACA,MAAM,EACF,YAAY,GAAG,KAAK,EACpB,WAAW,GAAG,mBAAmB,EACjC,QAAQ,GAAG,gBAAgB,EAC3B,gBAAgB,GAAG,eAAe,GACrC,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,YAAY;QACvB,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC;QACxB,CAAC,CAAC,6BAA6B,CAAC,IAAI,CAAC,CAAC;IAE1C,MAAM,kBAAkB,GAAG;QACvB,QAAQ;QACR,MAAM;QACN,YAAY;QACZ,gBAAgB,EAAE,QAAiB;QACnC,iBAAiB,EAAE;YACf,GAAG,EAAE;gBACD,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,EAAE;aACtB;SACJ;KACJ,CAAC;IAEF,OAAO;QACH,IAAI;QACJ,MAAM;QACN,aAAa,EAAE;YACX,IAAI;YACJ,WAAW;YACX,QAAQ;SACX;QACD,qBAAqB,EAAE;YACnB,GAAG,kBAAkB;YACrB,gBAAgB;SACnB;QACD,yBAAyB,EAAE;YACvB,GAAG,kBAAkB;YACrB,WAAW;SACd;KACJ,CAAC;AACN,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CACxC,IAAuB,EACvB,SAAqD,EACrD,UAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,EAAE,YAAY,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,UAAU,GAAG,oBAAoB,CAAC,IAAI,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;IAEhE,2BAA2B;IAC3B,MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC/D,sBAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC;IAExC,0CAA0C;IAC1C,MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAChE,sBAAsB,CAAC,UAAU,CAAC,yBAAyB,EAAE,YAAY,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;IAE1C,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QACvC,MAAM,mBAAmB,GAAG,OAAO,CAC/B,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,QAAQ,CACpB,CAAC;QACF,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAC9B,QAAQ,CAAC,MAAM,EACf,mBAAmB,CACtB,CAAC;QACF,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAChC,QAAQ,CAAC,MAAM,EACf,mBAAmB,CACtB,CAAC;QAEF,OAAO;YACH,GAAG,QAAQ;YACX,UAAU;YACV,WAAW;YACX,KAAK,EAAE,UAAU,KAAK,WAAW;SACpC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG;QACZ,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM;QAC9C,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC3C,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;KAC1C,CAAC;IAEF,OAAO;QACH,IAAI;QACJ,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO;QACP,OAAO;KACV,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACnC,UAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,KAAK,GAAG;QACV,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,kBAAkB;QACpC,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,SAAS;QAC3B,iBAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC/B,4BAA4B,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CACzD,CAAC;IAEF,MAAM,cAAc,GAAG;QACnB,cAAc,EAAE,OAAO,CAAC,MAAM;QAC9B,eAAe,EAAE,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvB,WAAW,EAAE,OAAO;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACT,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM;SAC1C,CAAC,CAAC;QACP,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACpE,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;KACvE,CAAC;IAEF,OAAO;QACH,WAAW,EAAE,OAAO;QACpB,cAAc;QACd,aAAa,EAAE,cAAc,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;KACzD,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAuB,EAAE,EAAE;IAC7D,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,4BAA4B,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAEjE,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE9D,OAAO,CAAC,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAC,CAAC;IAC7D,OAAO,CAAC,KAAK,CAAC,oBAAoB,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,KAAK,CAAC,YAAY,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAElD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClD,UAAU,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;YAC5B,OAAO,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,KAAK,CAAC,iBAAiB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,kBAAkB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACpC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpE,OAAO,UAAU,CAAC;AACtB,CAAC,CAAC"}

package/dist/esm/authorization/scopeAbilityBuilder.d.ts

@@ -1,23 +1,29 @@
+import { type AbilityBuilder } from '@casl/ability';
 import { type MemberAbility } from './types';
-type BuilderOptions = {
+type OptionalIdContext = {
     organizationUuid: string;
+    projectUuid?: never;
+} | {
     projectUuid: string;
-    userUuid?: string;
+    organizationUuid?: never;
+};
+type BuilderOptions = {
+    userUuid: string;
     scopes: string[];
-    isEnterprise: boolean;
-    organizationRole: string;
+    isEnterprise: boolean | undefined;
+    organizationRole?: string;
     permissionsConfig?: {
         pat: {
             enabled: boolean;
             allowedOrgRoles: string[];
         };
     };
-};
+} & OptionalIdContext;
 /**
- * Build a complete CASL ability from scope names and context
+ * Apply CASL abilities from scopes to a builder
  * @param context - Context containing organization, project, user, and space access information
- * @returns CASL Ability with applied permissions
+ * @param builder - CASL ability builder to add permissions to
  */
-export declare const buildAbilityFromScopes: (context: BuilderOptions) => MemberAbility;
+export declare const buildAbilityFromScopes: (context: BuilderOptions, builder: AbilityBuilder<MemberAbility>) => void;
 export {};
 //# sourceMappingURL=scopeAbilityBuilder.d.ts.map

package/dist/esm/authorization/scopeAbilityBuilder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAoD7C,KAAK,cAAc,GAAG;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,KACxB,aAcF,CAAC"}
+{"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAqD7C,KAAK,iBAAiB,GAChB;IACI,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC;CACvB,GACD;IACI,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,KAAK,CAAC;CAC5B,CAAC;AAER,KAAK,cAAc,GAAG;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,GAAG,SAAS,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,GAAG,iBAAiB,CAAC;AAEtB;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,WACd,cAAc,CAAC,aAAa,CAAC,KACvC,IAaF,CAAC"}

package/dist/esm/authorization/scopeAbilityBuilder.js

@@ -1,4 +1,3 @@
-import { Ability, AbilityBuilder } from '@casl/ability';
 import { parseScope, parseScopes } from './parseScopes';
 import { getAllScopeMap } from './scopes';
 const handlePatConfigApplication = (context, builder) => {
@@ -6,6 +5,7 @@ const handlePatConfigApplication = (context, builder) => {
     const hasPatRule = builder.rules.find((rule) => rule.action === 'manage' && rule.subject === 'PersonalAccessToken');
     if (!hasPatRule &&
         pat?.enabled &&
+        context.organizationRole &&
         pat?.allowedOrgRoles?.includes(context.organizationRole)) {
         builder.can('manage', 'PersonalAccessToken');
     }
@@ -34,21 +34,21 @@ const applyScopeAbilities = (context, builder) => {
     handlePatConfigApplication(context, builder);
 };
 /**
- * Build a complete CASL ability from scope names and context
+ * Apply CASL abilities from scopes to a builder
  * @param context - Context containing organization, project, user, and space access information
- * @returns CASL Ability with applied permissions
+ * @param builder - CASL ability builder to add permissions to
  */
-export const buildAbilityFromScopes = (context) => {
-    const builder = new AbilityBuilder(Ability);
+export const buildAbilityFromScopes = (context, builder) => {
+    const isEnterprise = context.isEnterprise ?? false;
     const scopes = parseScopes({
         scopes: context.scopes,
-        isEnterprise: context.isEnterprise,
+        isEnterprise,
     });
     const parsedContext = {
         ...context,
         scopes,
+        isEnterprise,
     };
     applyScopeAbilities(parsedContext, builder);
-    return builder.build();
 };
 //# sourceMappingURL=scopeAbilityBuilder.js.map

package/dist/esm/authorization/scopeAbilityBuilder.js.map

@@ -1 +1 @@
-{"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,cAAc,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAiBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACV,EAAE;IACf,MAAM,OAAO,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,WAAW,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY,EAAE,OAAO,CAAC,YAAY;KACrC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;KACT,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAC5C,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC,CAAC"}
+{"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,OAAO,CAAC,gBAAgB;QACxB,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,cAAc,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAyBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACvB,OAAsC,EAClC,EAAE;IACN,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;IACnD,MAAM,MAAM,GAAG,WAAW,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY;KACf,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;QACN,YAAY;KACf,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC,CAAC"}