npm - @lightdash/common - Versions diffs - 0.1937.0 → 0.1938.0 - Mend

@lightdash/common 0.1937.0 → 0.1938.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/dist/esm/authorization/scopes.js CHANGED Viewed

@@ -1,37 +1,39 @@
+import { flow } from 'lodash';
 import { ProjectType } from '../types/projects';
 import { ScopeGroup, } from '../types/scopes';
 import { SpaceMemberRole } from '../types/space';
+/** Context can have either/or organizationUuid or projectUuid. Applies the one we have. */
+const addUuidCondition = (context, modifiers) => {
+    const projectOrOrg = context.organizationUuid
+        ? { organizationUuid: context.organizationUuid }
+        : { projectUuid: context.projectUuid };
+    return {
+        ...projectOrOrg,
+        ...modifiers,
+    };
+};
+/** Applies the UUID condition with Space access. */
 const addAccessCondition = (context, role) => ({
-    $elemMatch: {
-        userUuid: context.userUuid || false,
-        ...(role ? { role } : {}),
+    ...addUuidCondition(context),
+    access: {
+        $elemMatch: {
+            userUuid: context.userUuid || false,
+            ...(role ? { role } : {}),
+        },
     },
 });
-const addDefaultOrgIdCondition = (context) => [
-    {
-        organizationUuid: context.organizationUuid,
-    },
-];
+/** Applies the UUID condition as the only condition for a scope. */
+const addDefaultUuidCondition = flow(addUuidCondition, Array.of);
 const scopes = [
     {
         name: 'view:Dashboard',
         description: 'View dashboards',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: (context) => {
-            // Public dashboards
-            const conditions = [
-                {
-                    organizationUuid: context.organizationUuid,
-                    isPrivate: false,
-                },
-            ];
-            conditions.push({
-                organizationUuid: context.organizationUuid,
-                access: addAccessCondition(context),
-            });
-            return conditions;
-        },
+        getConditions: (context) => [
+            addUuidCondition(context, { isPrivate: false }),
+            addAccessCondition(context),
+        ],
     },
     {
         name: 'manage:Dashboard',
@@ -39,19 +41,12 @@ const scopes = [
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
         getConditions: (context) => {
-            const { organizationUuid } = context;
             if (context.scopes.has('manage:Organization')) {
-                return [{ organizationUuid }];
+                return addDefaultUuidCondition(context);
             }
             return [
-                {
-                    organizationUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.EDITOR),
-                },
-                {
-                    organizationUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.ADMIN),
-                },
+                addAccessCondition(context, SpaceMemberRole.EDITOR),
+                addAccessCondition(context, SpaceMemberRole.ADMIN),
             ];
         },
     },
@@ -60,23 +55,10 @@ const scopes = [
         description: 'View saved charts',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: (context) => {
-            // Public saved charts
-            const conditions = [
-                {
-                    organizationUuid: context.organizationUuid,
-                    projectUuid: context.projectUuid,
-                    isPrivate: false,
-                },
-            ];
-            // User's accessible saved charts via space access
-            conditions.push({
-                organizationUuid: context.organizationUuid,
-                projectUuid: context.projectUuid,
-                access: addAccessCondition(context),
-            });
-            return conditions;
-        },
+        getConditions: (context) => [
+            addUuidCondition(context, { isPrivate: false }),
+            addAccessCondition(context),
+        ],
     },
     {
         name: 'manage:SavedChart',
@@ -84,19 +66,12 @@ const scopes = [
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
         getConditions: (context) => {
-            const { organizationUuid } = context;
             if (context.scopes.has('manage:Organization')) {
-                return [{ organizationUuid }];
+                return addDefaultUuidCondition(context);
             }
             return [
-                {
-                    organizationUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.EDITOR),
-                },
-                {
-                    organizationUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.ADMIN),
-                },
+                addAccessCondition(context, SpaceMemberRole.EDITOR),
+                addAccessCondition(context, SpaceMemberRole.ADMIN),
             ];
         },
     },
@@ -105,110 +80,91 @@ const scopes = [
         description: 'View spaces',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: (context) => {
-            // Public spaces
-            const conditions = [
-                {
-                    organizationUuid: context.organizationUuid,
-                    projectUuid: context.projectUuid,
-                    isPrivate: false,
-                },
-            ];
-            // User's accessible spaces
-            conditions.push({
-                organizationUuid: context.organizationUuid,
-                projectUuid: context.projectUuid,
-                access: addAccessCondition(context),
-            });
-            return conditions;
-        },
+        getConditions: (context) => [
+            addUuidCondition(context, { isPrivate: false }),
+            addAccessCondition(context),
+        ],
     },
     {
         name: 'create:Space',
         description: 'Create new spaces',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:Space',
-        description: 'Edit and delete spaces',
+        description: 'Create, edit, and delete all spaces',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: (context) => {
-            const { organizationUuid } = context;
-            // Manage all spaces where user is admin of the organization
-            if (context.scopes.has('manage:Organization')) {
-                return [{ organizationUuid }];
-            }
-            const conditions = [
-                {
-                    organizationUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.ADMIN),
-                },
-            ];
-            if (context.scopes.has('manage:Project')) {
-                // Manage public spaces where user is admin of the project
-                conditions.push({
-                    organizationUuid: context.organizationUuid,
-                    isPrivate: false,
-                });
-            }
-            return conditions;
-        },
+        getConditions: addDefaultUuidCondition,
+    },
+    {
+        name: 'manage:Space@public',
+        description: 'Create, edit, and delete public spaces',
+        isEnterprise: false,
+        group: ScopeGroup.CONTENT,
+        getConditions: (context) => [
+            addUuidCondition(context, { isPrivate: false }),
+        ],
+    },
+    {
+        name: 'manage:Space@assigned',
+        description: 'Create, edit, and delete spaces owned by the user',
+        isEnterprise: false,
+        group: ScopeGroup.CONTENT,
+        getConditions: (context) => [
+            addAccessCondition(context, SpaceMemberRole.ADMIN),
+        ],
     },
     {
         name: 'view:DashboardComments',
         description: 'View dashboard comments',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'create:DashboardComments',
         description: 'Create dashboard comments',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:DashboardComments',
         description: 'Edit and delete dashboard comments',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:Tags',
         description: 'View tags',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: (context) => [
-            {
-                organizationUuid: context.organizationUuid,
-            },
-        ],
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:Tags',
         description: 'Create, edit, and delete tags',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:PinnedItems',
         description: 'View pinned items',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:PinnedItems',
         description: 'Pin and unpin items',
         isEnterprise: false,
         group: ScopeGroup.CONTENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'promote:SavedChart',
@@ -217,19 +173,9 @@ const scopes = [
         group: ScopeGroup.CONTENT,
         getConditions: (context) => {
             if (context.scopes.has('manage:Organization')) {
-                return [
-                    {
-                        organizationUuid: context.organizationUuid,
-                    },
-                ];
+                return addDefaultUuidCondition(context);
             }
-            return [
-                {
-                    organizationUuid: context.organizationUuid,
-                    projectUuid: context.projectUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.EDITOR),
-                },
-            ];
+            return [addAccessCondition(context, SpaceMemberRole.EDITOR)];
         },
     },
     {
@@ -239,19 +185,9 @@ const scopes = [
         group: ScopeGroup.CONTENT,
         getConditions: (context) => {
             if (context.scopes.has('manage:Organization')) {
-                return [
-                    {
-                        organizationUuid: context.organizationUuid,
-                    },
-                ];
+                return addDefaultUuidCondition(context);
             }
-            return [
-                {
-                    organizationUuid: context.organizationUuid,
-                    projectUuid: context.projectUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.EDITOR),
-                },
-            ];
+            return [addAccessCondition(context, SpaceMemberRole.EDITOR)];
         },
     },
     // Project Management Scopes
@@ -260,7 +196,7 @@ const scopes = [
         description: 'View project details',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'create:Project',
@@ -271,7 +207,7 @@ const scopes = [
         // Allow creating preview projects by default
         [
             {
-                organizationUuid: context.organizationUuid,
+                ...addUuidCondition(context),
                 type: ProjectType.PREVIEW,
             },
         ],
@@ -281,7 +217,7 @@ const scopes = [
         description: 'Update project settings',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'delete:Project',
@@ -290,69 +226,77 @@ const scopes = [
         group: ScopeGroup.PROJECT_MANAGEMENT,
         getConditions: (context) => {
             if (context.projectUuid) {
-                return [
-                    {
-                        projectUuid: context.projectUuid,
-                    },
-                ];
+                return [{}];
             }
             // Can delete preview projects in organization
             return [
                 {
-                    organizationUuid: context.organizationUuid,
+                    ...addUuidCondition(context),
                     type: ProjectType.PREVIEW,
                 },
             ];
         },
     },
+    {
+        name: 'delete:Project@self',
+        description: 'Delete projects created by the user',
+        isEnterprise: false,
+        group: ScopeGroup.PROJECT_MANAGEMENT,
+        getConditions: (context) => [
+            {
+                createdByUserUuid: context.userUuid || false,
+                type: ProjectType.PREVIEW,
+            },
+        ],
+    },
     {
         name: 'manage:Project',
         description: 'Full project management permissions',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:CompileProject',
         description: 'Compile and refresh dbt projects',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:Validation',
         description: 'Manage data validation rules',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'create:ScheduledDeliveries',
         description: 'Create scheduled deliveries',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:ScheduledDeliveries',
         description: 'Manage scheduled deliveries',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:GoogleSheets',
         description: 'Manage google sheets',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:Analytics',
         description: 'View usage analytics',
         isEnterprise: false,
         group: ScopeGroup.PROJECT_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'create:Job',
@@ -382,7 +326,7 @@ const scopes = [
         group: ScopeGroup.PROJECT_MANAGEMENT,
         getConditions: (context) => {
             if (context.scopes.has('manage:Organization')) {
-                return addDefaultOrgIdCondition(context);
+                return addDefaultUuidCondition(context);
             }
             return [
                 {
@@ -391,62 +335,69 @@ const scopes = [
             ];
         },
     },
+    {
+        name: 'manage:Validation',
+        description: 'Manage data validation rules',
+        isEnterprise: false,
+        group: ScopeGroup.PROJECT_MANAGEMENT,
+        getConditions: addDefaultUuidCondition,
+    },
     // Organization Management Scopes
     {
         name: 'view:Organization',
         description: 'View organization details',
         isEnterprise: false,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:Organization',
         description: 'Manage organization settings',
         isEnterprise: false,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:OrganizationMemberProfile',
         description: 'View organization member profiles',
         isEnterprise: false,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:OrganizationMemberProfile',
         description: 'Manage organization member profiles and roles',
         isEnterprise: false,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:InviteLink',
         description: 'Create and manage invite links',
         isEnterprise: false,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:Group',
         description: 'Manage user groups',
         isEnterprise: false,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:ContentAsCode',
         description: 'Manage content as code features',
         isEnterprise: true,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:PersonalAccessToken',
         description: 'Create and manage personal access tokens',
         isEnterprise: true,
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     // Data Scopes
     {
@@ -454,14 +405,14 @@ const scopes = [
         description: 'View underlying data in charts',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:SemanticViewer',
         description: 'View data in semantic viewer',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:SemanticViewer',
@@ -470,14 +421,9 @@ const scopes = [
         group: ScopeGroup.DATA,
         getConditions: (context) => {
             if (context.scopes.has('manage:Organization')) {
-                return addDefaultOrgIdCondition(context);
+                return addDefaultUuidCondition(context);
             }
-            return [
-                {
-                    organizationUuid: context.organizationUuid,
-                    access: addAccessCondition(context, SpaceMemberRole.EDITOR),
-                },
-            ];
+            return [addAccessCondition(context, SpaceMemberRole.EDITOR)];
         },
     },
     {
@@ -485,56 +431,56 @@ const scopes = [
         description: 'Explore and query data',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:SqlRunner',
         description: 'Run SQL queries directly',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:CustomSql',
         description: 'Create custom SQL queries',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'create:VirtualView',
         description: 'Create virtual views',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'delete:VirtualView',
         description: 'Delete virtual views',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:VirtualView',
         description: 'Create and manage virtual views',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:ExportCsv',
         description: 'Export data to CSV',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:ChangeCsvResults',
         description: 'Modify CSV export results',
         isEnterprise: false,
         group: ScopeGroup.DATA,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     // Sharing Scopes
     {
@@ -564,14 +510,14 @@ const scopes = [
         description: 'View AI agent features',
         isEnterprise: true,
         group: ScopeGroup.AI,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:AiAgent',
         description: 'Configure AI agent settings',
         isEnterprise: true,
         group: ScopeGroup.AI,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:AiAgentThread',
@@ -582,9 +528,8 @@ const scopes = [
         // View user's own AI agent threads
         [
             {
-                organizationUuid: context.organizationUuid,
-                projectUuid: context.projectUuid,
-                ...(context.userUuid && { userUuid: context.userUuid }),
+                ...addUuidCondition(context),
+                userUuid: context.userUuid || false,
             },
         ],
     },
@@ -593,7 +538,7 @@ const scopes = [
         description: 'Start new AI agent conversations',
         isEnterprise: true,
         group: ScopeGroup.AI,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:AiAgentThread',
@@ -602,7 +547,7 @@ const scopes = [
         group: ScopeGroup.AI,
         getConditions: (context) => {
             if (context.scopes.has('manage:Organization')) {
-                return addDefaultOrgIdCondition(context);
+                return addDefaultUuidCondition(context);
             }
             // Manage user's own AI agent threads
             return [{ userUuid: context.userUuid || false }];
@@ -614,28 +559,28 @@ const scopes = [
         description: 'Configure spotlight table settings',
         isEnterprise: true,
         group: ScopeGroup.SPOTLIGHT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:SpotlightTableConfig',
         description: 'View spotlight table configuration',
         isEnterprise: true,
         group: ScopeGroup.SPOTLIGHT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'view:MetricsTree',
         description: 'View metrics tree',
         isEnterprise: true,
         group: ScopeGroup.SPOTLIGHT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
     {
         name: 'manage:MetricsTree',
         description: 'Manage metrics tree configuration',
         isEnterprise: true,
         group: ScopeGroup.SPOTLIGHT,
-        getConditions: addDefaultOrgIdCondition,
+        getConditions: addDefaultUuidCondition,
     },
 ];
 const getNonEnterpriseScopes = () => scopes.filter((scope) => !scope.isEnterprise);